936 files changed, 40377 insertions, 42172 deletions

diff --git a/pki/base/common/src/com/netscape/certsrv/acls/ACL.java b/pki/base/common/src/com/netscape/certsrv/acls/ACL.java
index 4200b94a..c98135ea 100644
--- a/pki/base/common/src/com/netscape/certsrv/acls/ACL.java
+++ b/pki/base/common/src/com/netscape/certsrv/acls/ACL.java
@@ -17,22 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.acls;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
-
 /**
  * A class represents an access control list (ACL). An ACL
- * is associated with an protected resources. The policy 
+ * is associated with an protected resources. The policy
  * enforcer can verify the ACLs with the current
- * context to see if the corresponding resource is accessible.  
+ * context to see if the corresponding resource is accessible.
  * <P>
- * An <code>ACL</code> may contain one or more <code>ACLEntry</code>.
- * However, in case of multiple <code>ACLEntry</code>, a subject must
- * pass ALL of the <code>ACLEntry</code> evaluation for permission
- * to be granted
+ * An <code>ACL</code> may contain one or more <code>ACLEntry</code>. However, in case of multiple <code>ACLEntry</code>, a subject must pass ALL of the <code>ACLEntry</code> evaluation for permission to be granted
  * <P>
+ * 
  * @version $Revision$, $Date$
  */
 public class ACL implements IACL, java.io.Serializable {
@@ -58,14 +54,15 @@ public class ACL implements IACL, java.io.Serializable {
      * Class constructor.
      * Constructs an access control list associated
      * with a resource name
+     * 
      * @param name resource name
      * @param rights applicable rights defined for this resource
      * @param resourceACLs the entire ACL specification. For example:
-     *                     "certServer.log.configuration:read,modify:
-     *                     allow (read,modify)
-     *                     group=\"Administrators\":
-     *                     Allow administrators to read and modify log 
-     *                     configuration"
+     *            "certServer.log.configuration:read,modify:
+     *            allow (read,modify)
+     *            group=\"Administrators\":
+     *            Allow administrators to read and modify log
+     *            configuration"
      */
     public ACL(String name, Vector<String> rights, String resourceACLs) {
         setName(name);
@@ -79,17 +76,19 @@ public class ACL implements IACL, java.io.Serializable {
     }
 
     /**
-     * Sets the name of the resource governed by this 
+     * Sets the name of the resource governed by this
      * access control.
+     * 
      * @param name name of the resource
      */
     public void setName(String name) {
         mName = name;
     }
-	
+
     /**
-     * Retrieves the name of the resource governed by 
+     * Retrieves the name of the resource governed by
      * this access control.
+     * 
      * @return name of the resource
      */
     public String getName() {
@@ -98,6 +97,7 @@ public class ACL implements IACL, java.io.Serializable {
 
     /**
      * Retrieves the exact string of the resourceACLs
+     * 
      * @return resource's acl
      */
     public String getResourceACLs() {
@@ -105,17 +105,19 @@ public class ACL implements IACL, java.io.Serializable {
     }
 
     /**
-     * Sets the description of the resource governed by this 
+     * Sets the description of the resource governed by this
      * access control.
+     * 
      * @param description Description of the protected resource
      */
     public void setDescription(String description) {
         mDescription = description;
     }
-	
+
     /**
-     * Retrieves the description of the resource governed by 
+     * Retrieves the description of the resource governed by
      * this access control.
+     * 
      * @return Description of the protected resource
      */
     public String getDescription() {
@@ -124,6 +126,7 @@ public class ACL implements IACL, java.io.Serializable {
 
     /**
      * Adds an ACL entry to this list.
+     * 
      * @param entry the <code>ACLEntry</code> to be added to this resource
      */
     public void addEntry(ACLEntry entry) {
@@ -132,6 +135,7 @@ public class ACL implements IACL, java.io.Serializable {
 
     /**
      * Returns ACL entries.
+     * 
      * @return enumeration for the <code>ACLEntry</code> vector
      */
     public Enumeration<ACLEntry> entries() {
@@ -140,8 +144,9 @@ public class ACL implements IACL, java.io.Serializable {
 
     /**
      * Returns the string reprsentation.
+     * 
      * @return the string representation of the ACL entries in the
-     *	       following format:
+     *         following format:
      *         <resource name>[<ACLEntry1>,<ACLEntry 2>,...<ACLEntry N>]
      */
     public String toString() {
@@ -160,6 +165,7 @@ public class ACL implements IACL, java.io.Serializable {
 
     /**
      * Adds an rights entry to this list.
+     * 
      * @param right The right to be added for this ACL
      */
     public void addRight(String right) {
@@ -168,6 +174,7 @@ public class ACL implements IACL, java.io.Serializable {
 
     /**
      * Tells if the permission is one of the defined "rights"
+     * 
      * @param permission permission to be checked
      * @return true if it's one of the "rights"; false otherwise
      */
@@ -177,6 +184,7 @@ public class ACL implements IACL, java.io.Serializable {
 
     /**
      * Returns rights entries.
+     * 
      * @return enumeration of rights defined for this ACL
      */
     public Enumeration<String> rights() {
diff --git a/pki/base/common/src/com/netscape/certsrv/acls/ACLEntry.java b/pki/base/common/src/com/netscape/certsrv/acls/ACLEntry.java
index d689493b..448b851e 100644
--- a/pki/base/common/src/com/netscape/certsrv/acls/ACLEntry.java
+++ b/pki/base/common/src/com/netscape/certsrv/acls/ACLEntry.java
@@ -17,15 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.acls;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.StringTokenizer;
 
-
 /**
  * A class represents an ACI entry of an access control list.
  * <P>
+ * 
  * @version $Revision$, $Date$
  */
 public class ACLEntry implements IACLEntry, java.io.Serializable {
@@ -47,6 +46,7 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
 
     /**
      * Checks if this ACL entry is set to negative.
+     * 
      * @return true if this ACL entry expression is for "deny";
      *         false if this ACL entry expression is for "allow"
      */
@@ -63,8 +63,10 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
 
     /**
      * Sets the ACL entry string
+     * 
      * @param s string in the following format:
-     * <PRE>
+     * 
+     *            <PRE>
      *   allow|deny (right[,right...]) attribute_expression
      * </PRE>
      */
@@ -72,10 +74,12 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
         mACLEntryString = s;
     }
 
-    /** 
+    /**
      * Gets the ACL Entry String
+     * 
      * @return ACL Entry string in the following format:
-     * <PRE>
+     * 
+     *         <PRE>
      *   allow|deny (right[,right...]) attribute_expression
      * </PRE>
      */
@@ -86,9 +90,10 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
     /**
      * Adds permission to this entry. Permission must be one of the
      * "rights" defined for each protected resource in its ACL
+     * 
      * @param acl the acl instance that this aclEntry is associated with
      * @param permission one of the "rights" defined for each
-     *              	 protected resource in its ACL
+     *            protected resource in its ACL
      */
     public void addPermission(IACL acl, String permission) {
         if (acl.checkRight(permission) == true) {
@@ -101,6 +106,7 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
     /**
      * Returns a list of permissions associated with
      * this entry.
+     * 
      * @return a list of permissions for this ACL entry
      */
     public Enumeration<String> permissions() {
@@ -109,8 +115,9 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
 
     /**
      * Sets the expression associated with this entry.
+     * 
      * @param expressions the evaluator expressions. For example,
-     *                    group="Administrators"
+     *            group="Administrators"
      */
     public void setAttributeExpressions(String expressions) {
         mExpressions = expressions;
@@ -118,8 +125,9 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
 
     /**
      * Retrieves the expression associated with this entry.
-     * @return the evaluator expressions.  For example,
-     *                group="Administrators"
+     * 
+     * @return the evaluator expressions. For example,
+     *         group="Administrators"
      */
     public String getAttributeExpressions() {
         return mExpressions;
@@ -128,10 +136,11 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
     /**
      * Checks to see if this <code>ACLEntry</code> contains a
      * particular permission
+     * 
      * @param permission one of the "rights" defined for each
-     *              	 protected resource in its ACL
+     *            protected resource in its ACL
      * @return true if permission contained in the permission list
-     *              for this <code>ACLEntry</code>; false otherwise.
+     *         for this <code>ACLEntry</code>; false otherwise.
      */
     public boolean containPermission(String permission) {
         return (mPerms.get(permission) != null);
@@ -139,11 +148,12 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
 
     /**
      * Checks if this entry has the given permission.
+     * 
      * @param permission one of the "rights" defined for each
-     *              	 protected resource in its ACL
+     *            protected resource in its ACL
      * @return true if the permission is allowed; false if the
-     *           	 permission is denied.  If a permission is not
-     *          	 recognized by this ACL, it is considered denied
+     *         permission is denied. If a permission is not
+     *         recognized by this ACL, it is considered denied
      */
     public boolean checkPermission(String permission) {
         // default - if we dont know about the requested permission,
@@ -159,10 +169,13 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
 
     /**
      * Parse string in the following format:
+     * 
      * <PRE>
      *   allow|deny (right[,right...]) attribute_expression
      * </PRE>
+     * 
      * into an instance of the <code>ACLEntry</code> class
+     * 
      * @param acl the acl instance associated with this aclentry
      * @param aclEntryString aclEntryString in the specified format
      * @return an instance of the <code>ACLEntry</code> class
@@ -175,7 +188,7 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
         String te = aclEntryString.trim();
 
         // locate first space
-        int i = te.indexOf(' '); 
+        int i = te.indexOf(' ');
         // prefix should be "allowed" or "deny"
         String prefix = te.substring(0, i);
         String suffix = te.substring(i + 1).trim();
@@ -189,7 +202,7 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
             return null;
         }
         // locate the second space
-        i = suffix.indexOf(' '); 
+        i = suffix.indexOf(' ');
         // this prefix should be rights list, delimited by ","
         prefix = suffix.substring(1, i - 1);
         // the suffix is the rest, which is the "expressions"
@@ -206,6 +219,7 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
 
     /**
      * Returns the string representation of this ACLEntry
+     * 
      * @return string representation of this ACLEntry
      */
     public String toString() {
diff --git a/pki/base/common/src/com/netscape/certsrv/acls/ACLsResources.java b/pki/base/common/src/com/netscape/certsrv/acls/ACLsResources.java
index 878fe163..bf3ea4a2 100644
--- a/pki/base/common/src/com/netscape/certsrv/acls/ACLsResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/acls/ACLsResources.java
@@ -23,7 +23,7 @@ import java.util.ListResourceBundle;
  * A class represents a resource bundle for the entire ACL component.
  * system.
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -31,13 +31,14 @@ public class ACLsResources extends ListResourceBundle {
 
     /**
      * Returns the content of this resource.
+     * 
      * @return the content of this resource.
      */
     public Object[][] getContents() {
         return contents;
     }
 
-    /** 
+    /**
      * A set of constants for localized error messages.
      */
     static final Object[][] contents = {};
diff --git a/pki/base/common/src/com/netscape/certsrv/acls/EACLsException.java b/pki/base/common/src/com/netscape/certsrv/acls/EACLsException.java
index e79bd724..8d204091 100644
--- a/pki/base/common/src/com/netscape/certsrv/acls/EACLsException.java
+++ b/pki/base/common/src/com/netscape/certsrv/acls/EACLsException.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.acls;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.MessageFormatter;
 
-
 /**
  * A class represents an acls exception. Note that this is
  * an Runtime exception so that methods used AccessManager
@@ -31,7 +29,7 @@ import com.netscape.certsrv.base.MessageFormatter;
  * allows AccessManager to be easily integrated into any
  * existing code.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EACLsException extends EBaseException {
@@ -44,10 +42,11 @@ public class EACLsException extends EBaseException {
      * resource class name
      */
     private static final String ACL_RESOURCES = ACLsResources.class.getName();
- 
+
     /**
      * Constructs an acls exception.
      * <P>
+     * 
      * @param msgFormat exception details
      */
     public EACLsException(String msgFormat) {
@@ -57,11 +56,12 @@ public class EACLsException extends EBaseException {
 
     /**
      * Constructs a base exception with a parameter. For example,
+     * 
      * <PRE>
-     * 		new EACLsException("failed to load {0}", fileName);
+     * new EACLsException(&quot;failed to load {0}&quot;, fileName);
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param param message string parameter
      */
@@ -75,6 +75,7 @@ public class EACLsException extends EBaseException {
      * Constructs a base exception. It can be used to carry
      * a system exception that may contain information about
      * the context. For example,
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -83,7 +84,7 @@ public class EACLsException extends EBaseException {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param param system exception
      */
@@ -97,7 +98,7 @@ public class EACLsException extends EBaseException {
      * Constructs a base exception with a list of parameters
      * that will be substituted into the message format.
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param params list of message format parameters
      */
@@ -109,7 +110,7 @@ public class EACLsException extends EBaseException {
     /**
      * Returns a list of parameters.
      * <P>
-     *
+     * 
      * @return list of message format parameters
      */
     public Object[] getParameters() {
@@ -118,6 +119,7 @@ public class EACLsException extends EBaseException {
 
     /**
      * String representation for the corresponding exception.
+     * 
      * @return String representation for the corresponding exception.
      */
     public String toString() {
@@ -126,6 +128,7 @@ public class EACLsException extends EBaseException {
 
     /**
      * Returns string representation for the corresponding exception.
+     * 
      * @param locale client specified locale for string representation.
      * @return String representation for the corresponding exception.
      */
@@ -136,6 +139,7 @@ public class EACLsException extends EBaseException {
 
     /**
      * Return the class name of the resource bundle.
+     * 
      * @return class name of the resource bundle.
      */
     protected String getBundleName() {
diff --git a/pki/base/common/src/com/netscape/certsrv/acls/IACL.java b/pki/base/common/src/com/netscape/certsrv/acls/IACL.java
index d336fc26..aad73372 100644
--- a/pki/base/common/src/com/netscape/certsrv/acls/IACL.java
+++ b/pki/base/common/src/com/netscape/certsrv/acls/IACL.java
@@ -17,47 +17,50 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.acls;
 
-
 import java.util.Enumeration;
 
-
 /**
  * A class represents an access control list (ACL). An ACL
- * is associated with a protected resource. The policy 
+ * is associated with a protected resource. The policy
  * enforcer can verify the ACLs with the current
- * context to see if the corresponding resource is accessible.  
+ * context to see if the corresponding resource is accessible.
  * <P>
  * 
  * @version $Revision$, $Date$
  */
-public interface IACL { 
+public interface IACL {
 
     /**
      * Returns the name of the current ACL.
+     * 
      * @return the name of the current ACL.
      */
     public String getName();
 
     /**
      * Returns the description of the current ACL.
+     * 
      * @return the description of the current ACL.
      */
-    public String getDescription(); 
+    public String getDescription();
 
     /**
      * Returns a list of access rights of the current ACL.
+     * 
      * @return a list of access rights
      */
-    public Enumeration<String> rights(); 
+    public Enumeration<String> rights();
 
     /**
      * Returns a list of entries of the current ACL.
+     * 
      * @return a list of entries
      */
     public Enumeration<ACLEntry> entries();
 
     /**
      * Verifies if permission is granted.
+     * 
      * @param permission one of the applicable rights
      * @return true if the given permission is one of the applicable rights; false otherwise.
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/acls/IACLEntry.java b/pki/base/common/src/com/netscape/certsrv/acls/IACLEntry.java
index f91ef38b..ff806f15 100644
--- a/pki/base/common/src/com/netscape/certsrv/acls/IACLEntry.java
+++ b/pki/base/common/src/com/netscape/certsrv/acls/IACLEntry.java
@@ -17,19 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.acls;
 
-
-
-
 /**
  * A class represents an entry of access control list.
  * <P>
  * 
  * @version $Revision$, $Date$
  */
-public interface IACLEntry { 
+public interface IACLEntry {
 
     /**
      * Returns the ACL entry string of the entry.
+     * 
      * @return the ACL entry string of the entry.
      */
     public String getACLEntryString();
diff --git a/pki/base/common/src/com/netscape/certsrv/apps/CMS.java b/pki/base/common/src/com/netscape/certsrv/apps/CMS.java
index f093bb74..01820376 100644
--- a/pki/base/common/src/com/netscape/certsrv/apps/CMS.java
+++ b/pki/base/common/src/com/netscape/certsrv/apps/CMS.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.apps;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.PrintStream;
 import java.math.BigInteger;
@@ -98,18 +97,17 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.cmsutil.net.ISocketFactory;
 import com.netscape.cmsutil.password.IPasswordStore;
 
-
 /**
  * This represents the CMS server. Plugins can access other
- * public objects such as subsystems via this inteface. 
+ * public objects such as subsystems via this inteface.
  * This object also include a set of utility functions.
- *
+ * 
  * This object does not include the actual implementation.
  * It acts as a public interface for plugins, and the
- * actual implementation is in the CMS engine 
- * (com.netscape.cmscore.apps.CMSEngine) that implements 
+ * actual implementation is in the CMS engine
+ * (com.netscape.cmscore.apps.CMSEngine) that implements
  * ICMSEngine interface.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public final class CMS {
@@ -129,7 +127,7 @@ public final class CMS {
     public static final String SUBSYSTEM_KRA = IKeyRecoveryAuthority.ID;
     public static final String SUBSYSTEM_OCSP = IOCSPAuthority.ID;
     public static final String SUBSYSTEM_TKS = ITKSAuthority.ID;
-   public static final String SUBSYSTEM_UG = IUGSubsystem.ID;
+    public static final String SUBSYSTEM_UG = IUGSubsystem.ID;
     public static final String SUBSYSTEM_AUTH = IAuthSubsystem.ID;
     public static final String SUBSYSTEM_AUTHZ = IAuthzSubsystem.ID;
     public static final String SUBSYSTEM_REGISTRY = IPluginRegistry.ID;
@@ -141,7 +139,7 @@ public final class CMS {
 
     /**
      * Private constructor.
-     *
+     * 
      * @param engine CMS engine implementation
      */
     private CMS(ICMSEngine engine) {
@@ -149,8 +147,9 @@ public final class CMS {
     }
 
     /**
-     * This method is used for unit tests.  It allows the underlying _engine
+     * This method is used for unit tests. It allows the underlying _engine
      * to be stubbed out.
+     * 
      * @param engine The stub engine to set, for testing.
      */
     public static void setCMSEngine(ICMSEngine engine) {
@@ -159,7 +158,7 @@ public final class CMS {
 
     /**
      * Gets this ID .
-     *
+     * 
      * @return CMS engine identifier
      */
     public static String getId() {
@@ -167,9 +166,9 @@ public final class CMS {
     }
 
     /**
-     * Sets the identifier of this subsystem. Should never be called. 
-     * Returns error. 
-     *
+     * Sets the identifier of this subsystem. Should never be called.
+     * Returns error.
+     * 
      * @param id CMS engine identifier
      */
     public static void setId(String id) throws EBaseException {
@@ -178,14 +177,14 @@ public final class CMS {
 
     /**
      * Initialize all static, dynamic and final static subsystems.
-     *
+     * 
      * @param owner null
      * @param config main config store.
-     * @exception EBaseException if any error occur in subsystems during 
-     * initialization.
+     * @exception EBaseException if any error occur in subsystems during
+     *                initialization.
      */
-    public static void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public static void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         _engine.init(owner, config);
     }
 
@@ -195,7 +194,7 @@ public final class CMS {
 
     /**
      * Starts up all subsystems. subsystems must be initialized.
-     *
+     * 
      * @exception EBaseException if any subsystem fails to startup.
      */
     public static void startup() throws EBaseException {
@@ -220,7 +219,7 @@ public final class CMS {
      * Checks to ensure that all new incoming requests have been blocked.
      * This method is used for reentrancy protection.
      * <P>
-     *
+     * 
      * @return true or false
      */
     public static boolean areRequestsDisabled() {
@@ -228,7 +227,7 @@ public final class CMS {
     }
 
     /**
-     * Shuts down subsystems in backwards order 
+     * Shuts down subsystems in backwards order
      * exceptions are ignored. process exists at end to force exit.
      */
     public static void shutdown() {
@@ -240,22 +239,22 @@ public final class CMS {
      * exceptions are ignored. process exists at end to force exit.
      */
 
-     public static void forceShutdown() {
+    public static void forceShutdown() {
 
-         _engine.forceShutdown();
-     }
+        _engine.forceShutdown();
+    }
 
-     /**
-      * mode = 0 (pre-operational)
-      * mode = 1 (running)
-      */
-     public static void setCSState(int mode) {
-         _engine.setCSState(mode);
-     }
+    /**
+     * mode = 0 (pre-operational)
+     * mode = 1 (running)
+     */
+    public static void setCSState(int mode) {
+        _engine.setCSState(mode);
+    }
 
-     public static int getCSState() {
-         return _engine.getCSState();
-     }
+    public static int getCSState() {
+        return _engine.getCSState();
+    }
 
     public static boolean isPreOpMode() {
         return _engine.isPreOpMode();
@@ -268,7 +267,7 @@ public final class CMS {
     /**
      * Is the server in running state. After server startup, the
      * server will be initialization state first. After the
-     * initialization state, the server will be in the running 
+     * initialization state, the server will be in the running
      * state.
      * 
      * @return true if the server is in the running state
@@ -281,7 +280,7 @@ public final class CMS {
      * Returns the logger of the current server. The logger can
      * be used to log critical informational or critical error
      * messages.
-     *
+     * 
      * @return logger
      */
     public static ILogger getLogger() {
@@ -292,7 +291,7 @@ public final class CMS {
      * Returns the signed audit logger of the current server. This logger can
      * be used to log critical informational or critical error
      * messages.
-     *
+     * 
      * @return signed audit logger
      */
     public static ILogger getSignedAuditLogger() {
@@ -301,7 +300,7 @@ public final class CMS {
 
     /**
      * Creates a repository record in the internal database.
-     *
+     * 
      * @return repository record
      */
     public static IRepositoryRecord createRepositoryRecord() {
@@ -310,8 +309,10 @@ public final class CMS {
 
     /**
      * Parse ACL resource attributes
+     * 
      * @param resACLs same format as the resourceACLs attribute:
-     * <PRE>
+     * 
+     *            <PRE>
      *     <resource name>:<permission1,permission2,...permissionn>:
      *     <allow|deny> (<subset of the permission set>) <evaluator expression>
      * </PRE>
@@ -324,7 +325,7 @@ public final class CMS {
 
     /**
      * Creates an issuing poing record.
-     *
+     * 
      * @return issuing record
      */
     public static ICRLIssuingPointRecord createCRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate) {
@@ -333,7 +334,7 @@ public final class CMS {
 
     /**
      * Retrieves the default CRL issuing point record name.
-     *
+     * 
      * @return CRL issuing point record name
      */
     public static String getCRLIssuingPointRecordName() {
@@ -342,7 +343,7 @@ public final class CMS {
 
     /**
      * Retrieves the process id of this server.
-     *
+     * 
      * @return process id of the server
      */
     public static int getpid() {
@@ -351,7 +352,7 @@ public final class CMS {
 
     /**
      * Retrieves the instance roort path of this server.
-     *
+     * 
      * @return instance directory path name
      */
     public static String getInstanceDir() {
@@ -361,7 +362,7 @@ public final class CMS {
     /**
      * Returns a server wide system time. Plugins should call
      * this method to retrieve system time.
-     *
+     * 
      * @return current time
      */
     public static Date getCurrentDate() {
@@ -372,7 +373,7 @@ public final class CMS {
 
     /**
      * Puts data of an byte array into the debug file.
-     *
+     * 
      * @param data byte array to be recorded in the debug file
      */
     public static void debug(byte data[]) {
@@ -382,7 +383,7 @@ public final class CMS {
 
     /**
      * Puts a message into the debug file.
-     *
+     * 
      * @param msg debugging message
      */
     public static void debug(String msg) {
@@ -392,7 +393,7 @@ public final class CMS {
 
     /**
      * Puts a message into the debug file.
-     *
+     * 
      * @param level 0-10 (0 is less detail, 10 is more detail)
      * @param msg debugging message
      */
@@ -403,7 +404,7 @@ public final class CMS {
 
     /**
      * Puts an exception into the debug file.
-     *
+     * 
      * @param e exception
      */
     public static void debug(Throwable e) {
@@ -413,7 +414,7 @@ public final class CMS {
 
     /**
      * Checks if the debug mode is on or not.
-     *
+     * 
      * @return true if debug mode is on
      */
     public static boolean debugOn() {
@@ -430,42 +431,43 @@ public final class CMS {
             _engine.debugStackTrace();
     }
 
-	/*
-	 * If debugging for the particular realm is enabled, output name/value
-	 * pair info to the debug file. This is useful to dump out what hidden
-	 * config variables the server is looking at, or what HTTP variables it
-	 * is expecting to find, or what database attributes it is looking for.
-	 * @param type indicates what the source of key/val is. For example,
+    /*
+     * If debugging for the particular realm is enabled, output name/value
+     * pair info to the debug file. This is useful to dump out what hidden
+     * config variables the server is looking at, or what HTTP variables it
+     * is expecting to find, or what database attributes it is looking for.
+     * @param type indicates what the source of key/val is. For example,
      *     this could be 'CS.cfg', or something else. In the debug
-	 *     subsystem, there is a mechanism to filter this so only the types 
+     *     subsystem, there is a mechanism to filter this so only the types 
      *     you care about are listed
-	 * @param key  the 'key' of the hashtable which is being accessed.
-	 *     This could be the name of the config parameter, or the http param
-	 *     name.
-	 * @param val  the value of the parameter
+     * @param key  the 'key' of the hashtable which is being accessed.
+     *     This could be the name of the config parameter, or the http param
+     *     name.
+     * @param val  the value of the parameter
      * @param default the default value if the param is not found
-	 */
+     */
 
     public static void traceHashKey(String type, String key) {
         if (_engine != null) {
-			_engine.traceHashKey(type, key);
-		}
-	}
+            _engine.traceHashKey(type, key);
+        }
+    }
+
     public static void traceHashKey(String type, String key, String val) {
         if (_engine != null) {
-			_engine.traceHashKey(type, key, val);
-		}
-	}
+            _engine.traceHashKey(type, key, val);
+        }
+    }
+
     public static void traceHashKey(String type, String key, String val, String def) {
         if (_engine != null) {
-			_engine.traceHashKey(type, key, val, def);
-		}
-	}
-
+            _engine.traceHashKey(type, key, val, def);
+        }
+    }
 
     /**
      * Returns the names of all the registered subsystems.
-     *
+     * 
      * @return a list of string-based subsystem names
      */
     public static Enumeration<String> getSubsystemNames() {
@@ -478,7 +480,7 @@ public final class CMS {
 
     /**
      * Returns all the registered subsystems.
-     *
+     * 
      * @return a list of ISubsystem-based subsystems
      */
     public static Enumeration<ISubsystem> getSubsystems() {
@@ -487,7 +489,7 @@ public final class CMS {
 
     /**
      * Retrieves the registered subsytem with the given name.
-     *
+     * 
      * @param name subsystem name
      * @return subsystem of the given name
      */
@@ -497,7 +499,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param msgID message id defined in UserMessages.properties
      * @return localized user message
      */
@@ -509,7 +511,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @return localized user message
@@ -522,7 +524,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
      * @return localized user message
@@ -535,7 +537,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
@@ -549,7 +551,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -563,7 +565,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
@@ -578,7 +580,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -593,15 +595,14 @@ public final class CMS {
 
     public static LDAPConnection getBoundConnection(String host, int port,
                int version, LDAPSSLSocketFactoryExt fac, String bindDN,
-               String bindPW) throws LDAPException
-    {
-         return _engine.getBoundConnection(host, port, version, fac,
+               String bindPW) throws LDAPException {
+        return _engine.getBoundConnection(host, port, version, fac,
                          bindDN, bindPW);
     }
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
@@ -617,7 +618,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param msgID message id defined in UserMessages.properties
      * @param p an array of parameters
      * @return localized user message
@@ -630,7 +631,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @param p an array of parameters
@@ -644,7 +645,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @return localized log message
      */
@@ -654,7 +655,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p an array of parameters
      * @return localized log message
@@ -665,7 +666,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @return localized log message
@@ -676,7 +677,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -688,7 +689,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -701,7 +702,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -715,7 +716,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -730,7 +731,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -746,7 +747,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -763,7 +764,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -781,7 +782,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -800,7 +801,7 @@ public final class CMS {
 
     /**
      * Returns the main config store. It is a handle to CMS.cfg.
-     *
+     * 
      * @return configuration store
      */
     public static IConfigStore getConfigStore() {
@@ -809,7 +810,7 @@ public final class CMS {
 
     /**
      * Retrieves time server started up.
-     *
+     * 
      * @return last startup time
      */
     public static long getStartupTime() {
@@ -818,41 +819,41 @@ public final class CMS {
 
     /**
      * Retrieves the HTTP Connection for use with connector.
-     *
+     * 
      * @param authority remote authority
      * @param factory socket factory
      * @return http connection to the remote authority
      */
-    public static IHttpConnection getHttpConnection(IRemoteAuthority authority, 
-        ISocketFactory factory) {
+    public static IHttpConnection getHttpConnection(IRemoteAuthority authority,
+            ISocketFactory factory) {
         return _engine.getHttpConnection(authority, factory);
     }
 
     /**
      * Retrieves the HTTP Connection for use with connector.
-     *
+     * 
      * @param authority remote authority
      * @param factory socket factory
      * @param timeout return error if connection cannot be established within
-     *       the timeout period
+     *            the timeout period
      * @return http connection to the remote authority
      */
-    public static IHttpConnection getHttpConnection(IRemoteAuthority authority, 
-        ISocketFactory factory, int timeout) {
+    public static IHttpConnection getHttpConnection(IRemoteAuthority authority,
+            ISocketFactory factory, int timeout) {
         return _engine.getHttpConnection(authority, factory, timeout);
     }
 
     /**
      * Retrieves the request sender for use with connector.
-     *
+     * 
      * @param authority local authority
      * @param nickname nickname of the client certificate
      * @param remote remote authority
      * @param interval timeout interval
      * @return resender
      */
-    public static IResender getResender(IAuthority authority, String nickname, 
-        IRemoteAuthority remote, int interval) {
+    public static IResender getResender(IAuthority authority, String nickname,
+            IRemoteAuthority remote, int interval) {
         return _engine.getResender(authority, nickname, remote, interval);
     }
 
@@ -867,7 +868,7 @@ public final class CMS {
 
     /**
      * Sets the nickname of the server's server certificate.
-     *
+     * 
      * @param tokenName name of token where the certificate is located
      * @param nickName name of server certificate
      */
@@ -877,7 +878,7 @@ public final class CMS {
 
     /**
      * Sets the nickname of the server's server certificate.
-     *
+     * 
      * @param newName new nickname of server certificate
      */
     public static void setServerCertNickname(String newName) {
@@ -886,7 +887,7 @@ public final class CMS {
 
     /**
      * Retrieves the host name of the server's secure end entity service.
-     *
+     * 
      * @return host name of end-entity service
      */
     public static String getEEHost() {
@@ -895,7 +896,7 @@ public final class CMS {
 
     /**
      * Retrieves the host name of the server's non-secure end entity service.
-     *
+     * 
      * @return host name of end-entity non-secure service
      */
     public static String getEENonSSLHost() {
@@ -904,7 +905,7 @@ public final class CMS {
 
     /**
      * Retrieves the IP address of the server's non-secure end entity service.
-     *
+     * 
      * @return ip address of end-entity non-secure service
      */
     public static String getEENonSSLIP() {
@@ -913,7 +914,7 @@ public final class CMS {
 
     /**
      * Retrieves the port number of the server's non-secure end entity service.
-     *
+     * 
      * @return port of end-entity non-secure service
      */
     public static String getEENonSSLPort() {
@@ -922,7 +923,7 @@ public final class CMS {
 
     /**
      * Retrieves the host name of the server's secure end entity service.
-     *
+     * 
      * @return port of end-entity secure service
      */
     public static String getEESSLHost() {
@@ -931,7 +932,7 @@ public final class CMS {
 
     /**
      * Retrieves the host name of the server's secure end entity service.
-     *
+     * 
      * @return port of end-entity secure service
      */
     public static String getEEClientAuthSSLPort() {
@@ -940,7 +941,7 @@ public final class CMS {
 
     /**
      * Retrieves the IP address of the server's secure end entity service.
-     *
+     * 
      * @return ip address of end-entity secure service
      */
     public static String getEESSLIP() {
@@ -949,7 +950,7 @@ public final class CMS {
 
     /**
      * Retrieves the port number of the server's secure end entity service.
-     *
+     * 
      * @return port of end-entity secure service
      */
     public static String getEESSLPort() {
@@ -958,7 +959,7 @@ public final class CMS {
 
     /**
      * Retrieves the host name of the server's agent service.
-     *
+     * 
      * @return host name of agent service
      */
     public static String getAgentHost() {
@@ -967,7 +968,7 @@ public final class CMS {
 
     /**
      * Retrieves the IP address of the server's agent service.
-     *
+     * 
      * @return ip address of agent service
      */
     public static String getAgentIP() {
@@ -976,7 +977,7 @@ public final class CMS {
 
     /**
      * Retrieves the port number of the server's agent service.
-     *
+     * 
      * @return port of agent service
      */
     public static String getAgentPort() {
@@ -985,7 +986,7 @@ public final class CMS {
 
     /**
      * Retrieves the host name of the server's administration service.
-     *
+     * 
      * @return host name of administration service
      */
     public static String getAdminHost() {
@@ -994,7 +995,7 @@ public final class CMS {
 
     /**
      * Retrieves the IP address of the server's administration service.
-     *
+     * 
      * @return ip address of administration service
      */
     public static String getAdminIP() {
@@ -1003,7 +1004,7 @@ public final class CMS {
 
     /**
      * Retrieves the port number of the server's administration service.
-     *
+     * 
      * @return port of administration service
      */
     public static String getAdminPort() {
@@ -1012,7 +1013,7 @@ public final class CMS {
 
     /**
      * Creates a general name constraints.
-     *
+     * 
      * @param generalNameChoice type of general name
      * @param value general name string
      * @return general name object
@@ -1024,14 +1025,14 @@ public final class CMS {
 
     /**
      * Creates a general name.
-     *
+     * 
      * @param generalNameChoice type of general name
      * @param value general name string
      * @return general name object
      * @exception EBaseException failed to create general name
      */
     public static GeneralName form_GeneralName(String generalNameChoice,
-        String value) throws EBaseException {
+            String value) throws EBaseException {
         return _engine.form_GeneralName(generalNameChoice, value);
     }
 
@@ -1041,25 +1042,25 @@ public final class CMS {
      * @param name configuration name
      * @param params configuration parameters
      */
-    public static void getSubjAltNameConfigDefaultParams(String name, 
-        Vector<String> params) {
+    public static void getSubjAltNameConfigDefaultParams(String name,
+            Vector<String> params) {
         _engine.getSubjAltNameConfigDefaultParams(name, params);
     }
 
     /**
      * Get extended plugin info for subject alt name configuration.
-     *
+     * 
      * @param name configuration name
      * @param params configuration parameters
      */
-    public static void getSubjAltNameConfigExtendedPluginInfo(String name, 
-        Vector<String> params) {
+    public static void getSubjAltNameConfigExtendedPluginInfo(String name,
+            Vector<String> params) {
         _engine.getSubjAltNameConfigExtendedPluginInfo(name, params);
     }
 
     /**
      * Creates subject alt name configuration.
-     *
+     * 
      * @param name configuration name
      * @param config configuration store
      * @param isValueConfigured true if value is configured
@@ -1072,162 +1073,162 @@ public final class CMS {
 
     /**
      * Retrieves default general name configuration.
-     *
+     * 
      * @param name configuration name
      * @param isValueConfigured true if value is configured
      * @param params configuration parameters
      * @exception EBaseException failed to create subject alt name configuration
      */
     public static void getGeneralNameConfigDefaultParams(String name,
-        boolean isValueConfigured, Vector<String> params) {
+            boolean isValueConfigured, Vector<String> params) {
         _engine.getGeneralNameConfigDefaultParams(name,
-            isValueConfigured, params);
+                isValueConfigured, params);
     }
 
     /**
      * Retrieves default general names configuration.
-     *
+     * 
      * @param name configuration name
      * @param isValueConfigured true if value is configured
      * @param params configuration parameters
      * @exception EBaseException failed to create subject alt name configuration
      */
     public static void getGeneralNamesConfigDefaultParams(String name,
-        boolean isValueConfigured, Vector<String> params) {
+            boolean isValueConfigured, Vector<String> params) {
         _engine.getGeneralNamesConfigDefaultParams(name,
-            isValueConfigured, params);
+                isValueConfigured, params);
     }
 
     /**
      * Retrieves extended plugin info for general name configuration.
-     *
+     * 
      * @param name configuration name
      * @param isValueConfigured true if value is configured
      * @param info configuration parameters
      * @exception EBaseException failed to create subject alt name configuration
      */
     public static void getGeneralNameConfigExtendedPluginInfo(String name,
-        boolean isValueConfigured, Vector<String> info) {
+            boolean isValueConfigured, Vector<String> info) {
         _engine.getGeneralNameConfigExtendedPluginInfo(name,
-            isValueConfigured, info);
+                isValueConfigured, info);
     }
 
     /**
      * Retrieves extended plugin info for general name configuration.
-     *
+     * 
      * @param name configuration name
      * @param isValueConfigured true if value is configured
      * @param info configuration parameters
      * @exception EBaseException failed to create subject alt name configuration
      */
     public static void getGeneralNamesConfigExtendedPluginInfo(String name,
-        boolean isValueConfigured, Vector<String> info) {
+            boolean isValueConfigured, Vector<String> info) {
         _engine.getGeneralNamesConfigExtendedPluginInfo(name,
-            isValueConfigured, info);
+                isValueConfigured, info);
     }
 
     /**
      * Created general names configuration.
-     *
+     * 
      * @param name configuration name
      * @param config configuration store
      * @param isValueConfigured true if value is configured
      * @param isPolicyEnabled true if policy is enabled
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public static IGeneralNamesConfig createGeneralNamesConfig(String name, 
-        IConfigStore config, boolean isValueConfigured, 
-        boolean isPolicyEnabled) throws EBaseException {
+    public static IGeneralNamesConfig createGeneralNamesConfig(String name,
+            IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException {
         return _engine.createGeneralNamesConfig(name, config, isValueConfigured,
                 isPolicyEnabled);
     }
 
     /**
      * Created general name constraints configuration.
-     *
+     * 
      * @param name configuration name
      * @param config configuration store
      * @param isValueConfigured true if value is configured
      * @param isPolicyEnabled true if policy is enabled
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public static IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, 
-        boolean isPolicyEnabled) throws EBaseException {
+    public static IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException {
         return _engine.createGeneralNameAsConstraintsConfig(
                 name, config, isValueConfigured, isPolicyEnabled);
     }
 
     /**
      * Created general name constraints configuration.
-     *
+     * 
      * @param name configuration name
      * @param config configuration store
      * @param isValueConfigured true if value is configured
      * @param isPolicyEnabled true if policy is enabled
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public static IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, 
-        boolean isPolicyEnabled) throws EBaseException {
+    public static IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException {
         return _engine.createGeneralNamesAsConstraintsConfig(
                 name, config, isValueConfigured, isPolicyEnabled);
     }
 
     /**
      * Returns the finger print of the given certificate.
-     *
-     * @param cert certificate 
+     * 
+     * @param cert certificate
      * @return finger print of certificate
      */
     public static String getFingerPrint(Certificate cert)
-        throws CertificateEncodingException, NoSuchAlgorithmException {
+            throws CertificateEncodingException, NoSuchAlgorithmException {
         return _engine.getFingerPrint(cert);
     }
 
     /**
      * Returns the finger print of the given certificate.
-     *
-     * @param certDer DER byte array of the certificate 
+     * 
+     * @param certDer DER byte array of the certificate
      * @return finger print of certificate
      */
     public static String getFingerPrints(byte[] certDer)
-        throws NoSuchAlgorithmException {
+            throws NoSuchAlgorithmException {
         return _engine.getFingerPrints(certDer);
     }
 
     /**
      * Returns the finger print of the given certificate.
-     *
-     * @param cert certificate 
+     * 
+     * @param cert certificate
      * @return finger print of certificate
      */
     public static String getFingerPrints(Certificate cert)
-        throws NoSuchAlgorithmException, CertificateEncodingException {
+            throws NoSuchAlgorithmException, CertificateEncodingException {
         return _engine.getFingerPrints(cert);
     }
 
-    /** 
+    /**
      * Creates a HTTP PKI Message that can be sent to a remote
      * authority.
-     *
+     * 
      * @return a new PKI Message for remote authority
      */
     public static IPKIMessage getHttpPKIMessage() {
         return _engine.getHttpPKIMessage();
     }
 
-    /** 
+    /**
      * Creates a request encoder. A request cannot be sent to
      * the remote authority in its regular format.
-     *
+     * 
      * @return a request encoder
      */
     public static IRequestEncoder getHttpRequestEncoder() {
         return _engine.getHttpRequestEncoder();
     }
 
-    /** 
+    /**
      * Converts a BER-encoded byte array into a MIME-64 encoded string.
-     *
+     * 
      * @param data data in byte array format
      * @return base-64 encoding for the data
      */
@@ -1235,9 +1236,9 @@ public final class CMS {
         return _engine.BtoA(data);
     }
 
-    /** 
+    /**
      * Converts a MIME-64 encoded string into a BER-encoded byte array.
-     *
+     * 
      * @param data base-64 encoding for the data
      * @return data data in byte array format
      */
@@ -1248,40 +1249,40 @@ public final class CMS {
     /**
      * Retrieves the ldap connection information from the configuration
      * store.
-     *
+     * 
      * @param config configuration parameters of ldap connection
      * @return a LDAP connection info
      */
     public static ILdapConnInfo getLdapConnInfo(IConfigStore config)
-        throws EBaseException, ELdapException {
+            throws EBaseException, ELdapException {
         return _engine.getLdapConnInfo(config);
     }
 
     /**
-     * Creates a LDAP SSL socket with the given nickname. The 
+     * Creates a LDAP SSL socket with the given nickname. The
      * certificate associated with the nickname will be used
      * for client authentication.
-     *
+     * 
      * @param certNickname nickname of client certificate
      * @return LDAP SSL socket factory
      */
-    public static  LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory(
-        String certNickname) {
+    public static LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory(
+            String certNickname) {
         return _engine.getLdapJssSSLSocketFactory(certNickname);
     }
 
     /**
      * Creates a LDAP SSL socket.
-     *
+     * 
      * @return LDAP SSL socket factory
      */
-    public static  LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory() {
+    public static LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory() {
         return _engine.getLdapJssSSLSocketFactory();
     }
 
     /**
      * Creates a LDAP Auth Info object.
-     *
+     * 
      * @return LDAP authentication info
      */
     public static ILdapAuthInfo getLdapAuthInfo() {
@@ -1290,27 +1291,27 @@ public final class CMS {
 
     /**
      * Retrieves the LDAP connection factory.
-     *
+     * 
      * @return bound LDAP connection pool
      */
     public static ILdapConnFactory getLdapBoundConnFactory()
-        throws ELdapException {
+            throws ELdapException {
         return _engine.getLdapBoundConnFactory();
     }
 
     /**
      * Retrieves the LDAP connection factory.
-     *
+     * 
      * @return anonymous LDAP connection pool
      */
     public static ILdapConnFactory getLdapAnonConnFactory()
-        throws ELdapException {
+            throws ELdapException {
         return _engine.getLdapAnonConnFactory();
     }
 
     /**
      * Retrieves the default X.509 certificate template.
-     *
+     * 
      * @return default certificate template
      */
     public static X509CertInfo getDefaultX509CertInfo() {
@@ -1320,7 +1321,7 @@ public final class CMS {
     /**
      * Retrieves the certifcate in MIME-64 encoded format
      * with header and footer.
-     *
+     * 
      * @param cert certificate
      * @return base-64 format certificate
      */
@@ -1328,25 +1329,25 @@ public final class CMS {
         return _engine.getEncodedCert(cert);
     }
 
-   /**
-    * Verifies all system certs
-    *  with tags defined in <subsystemtype>.cert.list
-    */
+    /**
+     * Verifies all system certs
+     * with tags defined in <subsystemtype>.cert.list
+     */
     public static boolean verifySystemCerts() {
         return _engine.verifySystemCerts();
     }
 
-   /**
-    * Verify a system cert by tag name
-    *  with tags defined in <subsystemtype>.cert.list
-    */
+    /**
+     * Verify a system cert by tag name
+     * with tags defined in <subsystemtype>.cert.list
+     */
     public static boolean verifySystemCertByTag(String tag) {
         return _engine.verifySystemCertByTag(tag);
     }
 
-   /**
-    * Verify a system cert by certificate nickname
-    */
+    /**
+     * Verify a system cert by certificate nickname
+     */
     public static boolean verifySystemCertByNickname(String nickname, String certificateUsage) {
         return _engine.verifySystemCertByNickname(nickname, certificateUsage);
     }
@@ -1360,7 +1361,7 @@ public final class CMS {
 
     /**
      * Checks if the given certificate is a signing certificate.
-     *
+     * 
      * @param cert certificate
      * @return true if the given certificate is a signing certificate
      */
@@ -1370,7 +1371,7 @@ public final class CMS {
 
     /**
      * Checks if the given certificate is an encryption certificate.
-     *
+     * 
      * @param cert certificate
      * @return true if the given certificate is an encryption certificate
      */
@@ -1380,7 +1381,7 @@ public final class CMS {
 
     /**
      * Retrieves the email form processor.
-     *
+     * 
      * @return email form processor
      */
     public static IEmailFormProcessor getEmailFormProcessor() {
@@ -1389,7 +1390,7 @@ public final class CMS {
 
     /**
      * Retrieves the email form template.
-     *
+     * 
      * @return email template
      */
     public static IEmailTemplate getEmailTemplate(String path) {
@@ -1398,7 +1399,7 @@ public final class CMS {
 
     /**
      * Retrieves the email notification handler.
-     *
+     * 
      * @return email notification
      */
     public static IMailNotification getMailNotification() {
@@ -1407,7 +1408,7 @@ public final class CMS {
 
     /**
      * Retrieves the email key resolver.
-     *
+     * 
      * @return email key resolver
      */
     public static IEmailResolverKeys getEmailResolverKeys() {
@@ -1416,19 +1417,19 @@ public final class CMS {
 
     /**
      * Checks if the given OID is valid.
-     *
+     * 
      * @param attrName attribute name
      * @param value attribute value
      * @return object identifier of the given attrName
      */
-    public static ObjectIdentifier checkOID(String attrName, String value) 
-        throws EBaseException { 
+    public static ObjectIdentifier checkOID(String attrName, String value)
+            throws EBaseException {
         return _engine.checkOID(attrName, value);
     }
 
     /**
      * Retrieves the email resolver that checks for subjectAlternateName.
-     *
+     * 
      * @return email key resolver
      */
     public static IEmailResolver getReqCertSANameEmailResolver() {
@@ -1437,7 +1438,7 @@ public final class CMS {
 
     /**
      * Retrieves the extension pretty print handler.
-     *
+     * 
      * @param e extension
      * @param indent indentation
      * @return extension pretty print handler
@@ -1445,10 +1446,10 @@ public final class CMS {
     public static IExtPrettyPrint getExtPrettyPrint(Extension e, int indent) {
         return _engine.getExtPrettyPrint(e, indent);
     }
-   
+
     /**
      * Retrieves the certificate pretty print handler.
-     *
+     * 
      * @param delimiter delimiter
      * @return certificate pretty print handler
      */
@@ -1458,7 +1459,7 @@ public final class CMS {
 
     /**
      * Retrieves the CRL pretty print handler.
-     *
+     * 
      * @param crl CRL
      * @return CRL pretty print handler
      */
@@ -1468,7 +1469,7 @@ public final class CMS {
 
     /**
      * Retrieves the CRL cache pretty print handler.
-     *
+     * 
      * @param ip CRL issuing point
      * @return CRL pretty print handler
      */
@@ -1478,7 +1479,7 @@ public final class CMS {
 
     /**
      * Retrieves the certificate pretty print handler.
-     *
+     * 
      * @param cert certificate
      * @return certificate pretty print handler
      */
@@ -1496,7 +1497,7 @@ public final class CMS {
 
     /**
      * Retrieves the password check.
-     *
+     * 
      * @return default password checker
      */
     public static IPasswordCheck getPasswordChecker() {
@@ -1505,7 +1506,7 @@ public final class CMS {
 
     /**
      * Puts a password entry into the single-sign on cache.
-     *
+     * 
      * @param tag password tag
      * @param pw password
      */
@@ -1524,7 +1525,7 @@ public final class CMS {
 
     /**
      * Retrieves command queue
-     *
+     * 
      * @return command queue
      */
     public static ICommandQueue getCommandQueue() {
@@ -1533,25 +1534,25 @@ public final class CMS {
 
     /**
      * Loads the configuration file and starts CMS's core implementation.
-     *
+     * 
      * @param path path to configuration file (CMS.cfg)
      * @exception EBaseException failed to start CMS
      */
     public static void start(String path) throws EBaseException {
         //FileConfigStore mainConfig = null;
-/*
-        try {
-            mainConfig = new FileConfigStore(path);
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            System.out.println(
-                "Error: The Server is not fully configured.\n" +
-                "Finish configuring server using Configure Setup Wizard in " +
-                "the Certificate Server Console.");
-            System.out.println(e.toString());
-            System.exit(0);
-        }
-*/
+        /*
+                try {
+                    mainConfig = new FileConfigStore(path);
+                } catch (EBaseException e) {
+                    e.printStackTrace();
+                    System.out.println(
+                        "Error: The Server is not fully configured.\n" +
+                        "Finish configuring server using Configure Setup Wizard in " +
+                        "the Certificate Server Console.");
+                    System.out.println(e.toString());
+                    System.exit(0);
+                }
+        */
 
         String classname = "com.netscape.cmscore.apps.CMSEngine";
 
@@ -1559,7 +1560,7 @@ public final class CMS {
 
         try {
             ICMSEngine engine = (ICMSEngine)
-                Class.forName(classname).newInstance();
+                    Class.forName(classname).newInstance();
 
             cms = new CMS(engine);
             IConfigStore mainConfig = createFileConfigStore(path);
@@ -1568,7 +1569,7 @@ public final class CMS {
 
         } catch (EBaseException e) { // catch everything here purposely
             CMS.debug("CMS:Caught EBaseException");
-			CMS.debug(e);
+            CMS.debug(e);
 
             // Raidzilla Bug #57592:  Always print error message to stdout.
             System.out.println(e.toString());
@@ -1576,8 +1577,8 @@ public final class CMS {
             shutdown();
             throw e;
         } catch (Exception e) { // catch everything here purposely 
-            ByteArrayOutputStream bos = new ByteArrayOutputStream(); 
-            PrintStream ps = new PrintStream(bos); 
+            ByteArrayOutputStream bos = new ByteArrayOutputStream();
+            PrintStream ps = new PrintStream(bos);
 
             e.printStackTrace(ps);
             System.out.println(Constants.SERVER_SHUTDOWN_MESSAGE);
@@ -1609,7 +1610,7 @@ public final class CMS {
     public static void setListOfVerifiedCerts(int size, long interval, long unknownStateInterval) {
         _engine.setListOfVerifiedCerts(size, interval, unknownStateInterval);
     }
- 
+
     public static IPasswordStore getPasswordStore() {
         return _engine.getPasswordStore();
     }
diff --git a/pki/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java b/pki/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java
index 7f5e4605..4a6e6c69 100644
--- a/pki/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java
+++ b/pki/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.apps;
 
-
 import java.math.BigInteger;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.Certificate;
@@ -85,18 +84,16 @@ import com.netscape.cmsutil.password.IPasswordStore;
  * framework contains a set of services that provide
  * the foundation of a security application.
  * <p>
- * The engine implementation is loaded by CMS at startup.
- * It is responsible for starting up all the related
- * subsystems.
+ * The engine implementation is loaded by CMS at startup. It is responsible for starting up all the related subsystems.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICMSEngine extends ISubsystem {
 
     /**
      * Gets this ID .
-     *
+     * 
      * @return CMS engine identifier
      */
     public String getId();
@@ -104,26 +101,31 @@ public interface ICMSEngine extends ISubsystem {
     /**
      * Sets the identifier of this subsystem. Should never be called.
      * Returns error.
-     *
+     * 
      * @param id CMS engine identifier
      */
     public void setId(String id) throws EBaseException;
 
     /**
      * Retrieves the process id of this server.
-     *
+     * 
      * @return process id of the server
      */
     public int getpid();
 
     public void reinit(String id) throws EBaseException;
+
     public int getCSState();
+
     public void setCSState(int mode);
+
     public boolean isPreOpMode();
+
     public boolean isRunningMode();
+
     /**
      * Retrieves the instance roort path of this server.
-     *
+     * 
      * @return instance directory path name
      */
     public String getInstanceDir();
@@ -131,14 +133,14 @@ public interface ICMSEngine extends ISubsystem {
     /**
      * Returns a server wide system time. Plugins should call
      * this method to retrieve system time.
-     *
+     * 
      * @return current time
      */
     public Date getCurrentDate();
 
     /**
      * Retrieves time server started up.
-     *
+     * 
      * @return last startup time
      */
     public long getStartupTime();
@@ -148,28 +150,28 @@ public interface ICMSEngine extends ISubsystem {
      * server will be initialization state first. After the
      * initialization state, the server will be in the running
      * state.
-     *
+     * 
      * @return true if the server is in the running state
      */
     public boolean isInRunningState();
 
     /**
      * Returns the names of all the registered subsystems.
-     *
+     * 
      * @return a list of string-based subsystem names
      */
     public Enumeration<String> getSubsystemNames();
 
     /**
      * Returns all the registered subsystems.
-     *
+     * 
      * @return a list of ISubsystem-based subsystems
      */
     public Enumeration<ISubsystem> getSubsystems();
 
     /**
      * Retrieves the registered subsytem with the given name.
-     *
+     * 
      * @param name subsystem name
      * @return subsystem of the given name
      */
@@ -179,7 +181,7 @@ public interface ICMSEngine extends ISubsystem {
      * Returns the logger of the current server. The logger can
      * be used to log critical informational or critical error
      * messages.
-     *
+     * 
      * @return logger
      */
     public ILogger getLogger();
@@ -188,28 +190,28 @@ public interface ICMSEngine extends ISubsystem {
      * Returns the signed audit logger of the current server. This logger can
      * be used to log critical informational or critical error
      * messages.
-     *
+     * 
      * @return signed audit logger
      */
     public ILogger getSignedAuditLogger();
 
     /**
      * Puts data of an byte array into the debug file.
-     *
+     * 
      * @param data byte array to be recorded in the debug file
      */
     public void debug(byte data[]);
 
     /**
      * Puts a message into the debug file.
-     *
+     * 
      * @param msg debugging message
      */
     public void debug(String msg);
 
     /**
      * Puts a message into the debug file.
-     *
+     * 
      * @param level 0-10
      * @param msg debugging message
      */
@@ -217,14 +219,14 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Puts an exception into the debug file.
-     *
+     * 
      * @param e exception
      */
     public void debug(Throwable e);
 
     /**
      * Checks if the debug mode is on or not.
-     *
+     * 
      * @return true if debug mode is on
      */
     public boolean debugOn();
@@ -234,20 +236,20 @@ public interface ICMSEngine extends ISubsystem {
      */
     public void debugStackTrace();
 
-	
-	/**
-	 * Dump name/value pair debug information to debug file
-	 */
+    /**
+     * Dump name/value pair debug information to debug file
+     */
     public void traceHashKey(String type, String key);
+
     public void traceHashKey(String type, String key, String val);
-    public void traceHashKey(String type, String key, String val, String def);
 
+    public void traceHashKey(String type, String key, String val, String def);
 
     public byte[] getPKCS7(Locale locale, IRequest req);
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @return localized user message
@@ -256,7 +258,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @param p an array of parameters
@@ -266,7 +268,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
@@ -276,7 +278,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
@@ -287,7 +289,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
@@ -299,7 +301,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @return localized log message
      */
@@ -307,7 +309,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p an array of parameters
      * @return localized log message
@@ -316,7 +318,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @return localized log message
@@ -325,7 +327,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -335,7 +337,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -346,7 +348,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -358,7 +360,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -371,7 +373,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -385,7 +387,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -400,7 +402,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -416,7 +418,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -433,8 +435,10 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Parse ACL resource attributes
+     * 
      * @param resACLs same format as the resourceACLs attribute:
-     * <PRE>
+     * 
+     *            <PRE>
      *     <resource name>:<permission1,permission2,...permissionn>:
      *     <allow|deny> (<subset of the permission set>) <evaluator expression>
      * </PRE>
@@ -445,48 +449,48 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Creates an issuing poing record.
-     *
+     * 
      * @return issuing record
      */
     public ICRLIssuingPointRecord createCRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate);
 
     /**
      * Retrieves the default CRL issuing point record name.
-     *
+     * 
      * @return CRL issuing point record name
      */
     public String getCRLIssuingPointRecordName();
 
     /**
      * Returns the finger print of the given certificate.
-     *
+     * 
      * @param cert certificate
      * @return finger print of certificate
      */
     public String getFingerPrint(Certificate cert)
-        throws CertificateEncodingException, NoSuchAlgorithmException;
+            throws CertificateEncodingException, NoSuchAlgorithmException;
 
     /**
      * Returns the finger print of the given certificate.
-     *
+     * 
      * @param cert certificate
      * @return finger print of certificate
      */
     public String getFingerPrints(Certificate cert)
-        throws NoSuchAlgorithmException, CertificateEncodingException;
+            throws NoSuchAlgorithmException, CertificateEncodingException;
 
-	/*
+    /*
      * Returns the finger print of the given certificate.
      *
      * @param certDer DER byte array of certificate
      * @return finger print of certificate
      */
     public String getFingerPrints(byte[] certDer)
-		 throws NoSuchAlgorithmException;
+            throws NoSuchAlgorithmException;
 
     /**
      * Creates a repository record in the internal database.
-     *
+     * 
      * @return repository record
      */
     public IRepositoryRecord createRepositoryRecord();
@@ -494,7 +498,7 @@ public interface ICMSEngine extends ISubsystem {
     /**
      * Creates a HTTP PKI Message that can be sent to a remote
      * authority.
-     *
+     * 
      * @return a new PKI Message for remote authority
      */
     public IPKIMessage getHttpPKIMessage();
@@ -502,14 +506,14 @@ public interface ICMSEngine extends ISubsystem {
     /**
      * Creates a request encoder. A request cannot be sent to
      * the remote authority in its regular format.
-     *
+     * 
      * @return a request encoder
      */
     public IRequestEncoder getHttpRequestEncoder();
 
     /**
      * Converts a BER-encoded byte array into a MIME-64 encoded string.
-     *
+     * 
      * @param data data in byte array format
      * @return base-64 encoding for the data
      */
@@ -517,7 +521,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Converts a MIME-64 encoded string into a BER-encoded byte array.
-     *
+     * 
      * @param data base-64 encoding for the data
      * @return data data in byte array format
      */
@@ -526,7 +530,7 @@ public interface ICMSEngine extends ISubsystem {
     /**
      * Retrieves the certifcate in MIME-64 encoded format
      * with header and footer.
-     *
+     * 
      * @param cert certificate
      * @return base-64 format certificate
      */
@@ -534,7 +538,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the certificate pretty print handler.
-     *
+     * 
      * @param delimiter delimiter
      * @return certificate pretty print handler
      */
@@ -542,7 +546,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the extension pretty print handler.
-     *
+     * 
      * @param e extension
      * @param indent indentation
      * @return extension pretty print handler
@@ -551,7 +555,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the certificate pretty print handler.
-     *
+     * 
      * @param cert certificate
      * @return certificate pretty print handler
      */
@@ -559,7 +563,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the CRL pretty print handler.
-     *
+     * 
      * @param crl CRL
      * @return CRL pretty print handler
      */
@@ -567,7 +571,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the CRL cache pretty print handler.
-     *
+     * 
      * @param ip CRL issuing point
      * @return CRL pretty print handler
      */
@@ -576,41 +580,41 @@ public interface ICMSEngine extends ISubsystem {
     /**
      * Retrieves the ldap connection information from the configuration
      * store.
-     *
+     * 
      * @param config configuration parameters of ldap connection
      * @return a LDAP connection info
      */
-    public  ILdapConnInfo getLdapConnInfo(IConfigStore config)
-        throws EBaseException, ELdapException;
+    public ILdapConnInfo getLdapConnInfo(IConfigStore config)
+            throws EBaseException, ELdapException;
 
     /**
      * Creates a LDAP SSL socket with the given nickname. The
      * certificate associated with the nickname will be used
      * for client authentication.
-     *
+     * 
      * @param certNickname nickname of client certificate
      * @return LDAP SSL socket factory
      */
-    public   LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory(
-        String certNickname);
+    public LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory(
+            String certNickname);
 
     /**
      * Creates a LDAP SSL socket.
-     *
+     * 
      * @return LDAP SSL socket factory
      */
-    public  LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory();
+    public LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory();
 
     /**
      * Creates a LDAP Auth Info object.
-     *
+     * 
      * @return LDAP authentication info
      */
     public ILdapAuthInfo getLdapAuthInfo();
 
     /**
      * Retrieves the LDAP connection factory.
-     *
+     * 
      * @return bound LDAP connection pool
      */
     public ILdapConnFactory getLdapBoundConnFactory() throws ELdapException;
@@ -618,23 +622,24 @@ public interface ICMSEngine extends ISubsystem {
     public LDAPConnection getBoundConnection(String host, int port,
                int version, LDAPSSLSocketFactoryExt fac, String bindDN,
                String bindPW) throws LDAPException;
+
     /**
      * Retrieves the LDAP connection factory.
-     *
+     * 
      * @return anonymous LDAP connection pool
      */
     public ILdapConnFactory getLdapAnonConnFactory() throws ELdapException;
 
     /**
      * Retrieves the password check.
-     *
+     * 
      * @return default password checker
      */
     public IPasswordCheck getPasswordChecker();
 
     /**
      * Puts a password entry into the single-sign on cache.
-     *
+     * 
      * @param tag password tag
      * @param pw password
      */
@@ -642,21 +647,21 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the password callback.
-     *
+     * 
      * @return default password callback
      */
     public PasswordCallback getPasswordCallback();
 
     /**
      * Retrieves the nickname of the server's server certificate.
-     *
+     * 
      * @return nickname of the server certificate
      */
     public String getServerCertNickname();
 
     /**
      * Sets the nickname of the server's server certificate.
-     *
+     * 
      * @param tokenName name of token where the certificate is located
      * @param nickName name of server certificate
      */
@@ -664,137 +669,141 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Sets the nickname of the server's server certificate.
-     *
+     * 
      * @param newName new nickname of server certificate
      */
     public void setServerCertNickname(String newName);
 
     /**
      * Retrieves the host name of the server's secure end entity service.
-     *
+     * 
      * @return host name of end-entity service
      */
     public String getEEHost();
 
     /**
      * Retrieves the host name of the server's non-secure end entity service.
-     *
+     * 
      * @return host name of end-entity non-secure service
      */
     public String getEENonSSLHost();
 
     /**
      * Retrieves the IP address of the server's non-secure end entity service.
-     *
+     * 
      * @return ip address of end-entity non-secure service
      */
     public String getEENonSSLIP();
 
     /**
      * Retrieves the port number of the server's non-secure end entity service.
-     *
+     * 
      * @return port of end-entity non-secure service
      */
     public String getEENonSSLPort();
 
     /**
      * Retrieves the host name of the server's secure end entity service.
-     *
+     * 
      * @return port of end-entity secure service
      */
     public String getEESSLHost();
 
     /**
      * Retrieves the IP address of the server's secure end entity service.
-     *
+     * 
      * @return ip address of end-entity secure service
      */
     public String getEESSLIP();
 
     /**
      * Retrieves the port number of the server's secure end entity service.
-     *
+     * 
      * @return port of end-entity secure service
      */
     public String getEESSLPort();
 
     /**
      * Retrieves the port number of the server's client auth secure end entity service.
-     *
+     * 
      * @return port of end-entity client auth secure service
      */
     public String getEEClientAuthSSLPort();
 
     /**
      * Retrieves the host name of the server's agent service.
-     *
+     * 
      * @return host name of agent service
      */
     public String getAgentHost();
 
     /**
      * Retrieves the IP address of the server's agent service.
-     *
+     * 
      * @return ip address of agent service
      */
     public String getAgentIP();
 
     /**
      * Retrieves the port number of the server's agent service.
-     *
+     * 
      * @return port of agent service
      */
     public String getAgentPort();
 
     /**
      * Retrieves the host name of the server's administration service.
-     *
+     * 
      * @return host name of administration service
      */
     public String getAdminHost();
 
     /**
      * Retrieves the IP address of the server's administration service.
-     *
+     * 
      * @return ip address of administration service
      */
     public String getAdminIP();
 
     /**
      * Retrieves the port number of the server's administration service.
-     *
+     * 
      * @return port of administration service
      */
     public String getAdminPort();
 
     /**
      * Verifies all system certificates
+     * 
      * @return true if all passed, false otherwise
      */
-     public boolean verifySystemCerts();
+    public boolean verifySystemCerts();
 
     /**
      * Verifies a system certificate by its tag name
      * as defined in <subsystemtype>.cert.list
+     * 
      * @return true if passed, false otherwise
      */
     public boolean verifySystemCertByTag(String tag);
 
     /**
      * Verifies a system certificate by its nickname
+     * 
      * @return true if passed, false otherwise
      */
     public boolean verifySystemCertByNickname(String nickname, String certificateUsage);
 
     /**
      * get the CertificateUsage as defined in JSS CryptoManager
+     * 
      * @return CertificateUsage as defined in JSS CryptoManager
      */
     public CertificateUsage getCertificateUsage(String certusage);
 
     /**
      * Checks if the given certificate is a signing certificate.
-     *
+     * 
      * @param cert certificate
      * @return true if the given certificate is a signing certificate
      */
@@ -802,7 +811,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Checks if the given certificate is an encryption certificate.
-     *
+     * 
      * @param cert certificate
      * @return true if the given certificate is an encryption certificate
      */
@@ -810,209 +819,209 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the default X.509 certificate template.
-     *
+     * 
      * @return default certificate template
      */
     public X509CertInfo getDefaultX509CertInfo();
 
     /**
      * Retrieves the email form processor.
-     *
+     * 
      * @return email form processor
      */
     public IEmailFormProcessor getEmailFormProcessor();
 
     /**
      * Retrieves the email form template.
-     *
+     * 
      * @return email template
      */
     public IEmailTemplate getEmailTemplate(String path);
 
     /**
      * Retrieves the email notification handler.
-     *
+     * 
      * @return email notification
      */
     public IMailNotification getMailNotification();
 
     /**
      * Retrieves the email key resolver.
-     *
+     * 
      * @return email key resolver
      */
     public IEmailResolverKeys getEmailResolverKeys();
 
     /**
      * Retrieves the email resolver that checks for subjectAlternateName.
-     *
+     * 
      * @return email key resolver
      */
     public IEmailResolver getReqCertSANameEmailResolver();
 
     /**
      * Checks if the given OID is valid.
-     *
+     * 
      * @param attrName attribute name
      * @param value attribute value
      * @return object identifier of the given attrName
      */
     public ObjectIdentifier checkOID(String attrName, String value)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Creates a general name constraints.
-     *
+     * 
      * @param generalNameChoice type of general name
      * @param value general name string
      * @return general name object
      * @exception EBaseException failed to create general name constraint
      */
-    public  GeneralName form_GeneralNameAsConstraints(String generalNameChoice, String value) throws EBaseException;
+    public GeneralName form_GeneralNameAsConstraints(String generalNameChoice, String value) throws EBaseException;
 
     /**
      * Creates a general name.
-     *
+     * 
      * @param generalNameChoice type of general name
      * @param value general name string
      * @return general name object
      * @exception EBaseException failed to create general name
      */
-    public  GeneralName form_GeneralName(String generalNameChoice,
-        String value) throws EBaseException;
+    public GeneralName form_GeneralName(String generalNameChoice,
+            String value) throws EBaseException;
 
     /**
      * Retrieves default general name configuration.
-     *
+     * 
      * @param name configuration name
      * @param isValueConfigured true if value is configured
      * @param params configuration parameters
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public  void getGeneralNameConfigDefaultParams(String name,
-        boolean isValueConfigured, Vector<String> params);
+    public void getGeneralNameConfigDefaultParams(String name,
+            boolean isValueConfigured, Vector<String> params);
 
     /**
      * Retrieves default general names configuration.
-     *
+     * 
      * @param name configuration name
      * @param isValueConfigured true if value is configured
      * @param params configuration parameters
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public  void getGeneralNamesConfigDefaultParams(String name,
-        boolean isValueConfigured, Vector<String> params);
+    public void getGeneralNamesConfigDefaultParams(String name,
+            boolean isValueConfigured, Vector<String> params);
 
     /**
      * Retrieves extended plugin info for general name configuration.
-     *
+     * 
      * @param name configuration name
      * @param isValueConfigured true if value is configured
      * @param info configuration parameters
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public  void getGeneralNameConfigExtendedPluginInfo(String name,
-        boolean isValueConfigured, Vector<String> info);
+    public void getGeneralNameConfigExtendedPluginInfo(String name,
+            boolean isValueConfigured, Vector<String> info);
 
     /**
      * Retrieves extended plugin info for general name configuration.
-     *
+     * 
      * @param name configuration name
      * @param isValueConfigured true if value is configured
      * @param info configuration parameters
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public  void getGeneralNamesConfigExtendedPluginInfo(String name,
-        boolean isValueConfigured, Vector<String> info);
+    public void getGeneralNamesConfigExtendedPluginInfo(String name,
+            boolean isValueConfigured, Vector<String> info);
 
     /**
      * Created general names configuration.
-     *
+     * 
      * @param name configuration name
      * @param config configuration store
      * @param isValueConfigured true if value is configured
      * @param isPolicyEnabled true if policy is enabled
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public  IGeneralNamesConfig createGeneralNamesConfig(String name,
-        IConfigStore config, boolean isValueConfigured,
-        boolean isPolicyEnabled) throws EBaseException;
+    public IGeneralNamesConfig createGeneralNamesConfig(String name,
+            IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException;
 
     /**
      * Created general name constraints configuration.
-     *
+     * 
      * @param name configuration name
      * @param config configuration store
      * @param isValueConfigured true if value is configured
      * @param isPolicyEnabled true if policy is enabled
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public  IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
-        boolean isPolicyEnabled) throws EBaseException;
+    public IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException;
 
     /**
      * Created general name constraints configuration.
-     *
+     * 
      * @param name configuration name
      * @param config configuration store
      * @param isValueConfigured true if value is configured
      * @param isPolicyEnabled true if policy is enabled
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public  IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
-        boolean isPolicyEnabled) throws EBaseException;
+    public IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException;
 
     /**
      * Get default parameters for subject alt name configuration.
-     *
+     * 
      * @param name configuration name
      * @param params configuration parameters
      */
-    public  void getSubjAltNameConfigDefaultParams(String name, Vector<String> params);
+    public void getSubjAltNameConfigDefaultParams(String name, Vector<String> params);
 
     /**
      * Get extended plugin info for subject alt name configuration.
-     *
+     * 
      * @param name configuration name
      * @param params configuration parameters
      */
-    public  void getSubjAltNameConfigExtendedPluginInfo(String name, Vector<String> params);
+    public void getSubjAltNameConfigExtendedPluginInfo(String name, Vector<String> params);
 
     /**
      * Creates subject alt name configuration.
-     *
+     * 
      * @param name configuration name
      * @param config configuration store
      * @param isValueConfigured true if value is configured
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public  ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) throws EBaseException;
+    public ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) throws EBaseException;
 
     /**
      * Retrieves the HTTP Connection for use with connector.
-     *
+     * 
      * @param authority remote authority
      * @param factory socket factory
      * @return http connection to the remote authority
      */
     public IHttpConnection getHttpConnection(IRemoteAuthority authority,
-        ISocketFactory factory);
+            ISocketFactory factory);
 
     /**
      * Retrieves the HTTP Connection for use with connector.
-     *
+     * 
      * @param authority remote authority
      * @param factory socket factory
      * @param timeout return error if connection cannot be established within
-     *       the timeout period
+     *            the timeout period
      * @return http connection to the remote authority
      */
     public IHttpConnection getHttpConnection(IRemoteAuthority authority,
-        ISocketFactory factory, int timeout);
+            ISocketFactory factory, int timeout);
 
     /**
      * Retrieves the request sender for use with connector.
-     *
+     * 
      * @param authority local authority
      * @param nickname nickname of the client certificate
      * @param remote remote authority
@@ -1020,11 +1029,11 @@ public interface ICMSEngine extends ISubsystem {
      * @return resender
      */
     public IResender getResender(IAuthority authority, String nickname,
-        IRemoteAuthority remote, int interval);
+            IRemoteAuthority remote, int interval);
 
     /**
      * Retrieves command queue
-     *
+     * 
      * @return command queue
      */
     public ICommandQueue getCommandQueue();
@@ -1043,19 +1052,20 @@ public interface ICMSEngine extends ISubsystem {
      * Checks to ensure that all new incoming requests have been blocked.
      * This method is used for reentrancy protection.
      * <P>
-     *
+     * 
      * @return true or false
      */
     public boolean areRequestsDisabled();
 
     /**
      * Create configuration file.
-     *
+     * 
      * @param path configuration path
      * @return configuration store
      * @exception EBaseException failed to create file
      */
     public IConfigStore createFileConfigStore(String path) throws EBaseException;
+
     /**
      * Creates argument block.
      */
@@ -1072,31 +1082,31 @@ public interface ICMSEngine extends ISubsystem {
     public IArgBlock createArgBlock(Hashtable<String, String> httpReq);
 
     /**
-     * Checks against the local certificate repository to see 
+     * Checks against the local certificate repository to see
      * if the certificates are revoked.
-     *
+     * 
      * @param certificates certificates
-     * @return true if certificate is revoked in the local 
-     *        certificate repository
+     * @return true if certificate is revoked in the local
+     *         certificate repository
      */
     public boolean isRevoked(X509Certificate[] certificates);
 
     /**
      * Sets list of verified certificates
-     *
+     * 
      * @param size size of verified certificates list
      * @param interval interval in which certificate is not recheck
-     *        against local certificate repository
+     *            against local certificate repository
      * @param unknownStateInterval interval in which certificate
-     *        may not recheck against local certificate repository
+     *            may not recheck against local certificate repository
      */
     public void setListOfVerifiedCerts(int size, long interval, long unknownStateInterval);
 
     /**
-    * Performs graceful shutdown of CMS.
-    * Subsystems are shutdown in reverse order.
-    * Exceptions are ignored.
-    */
+     * Performs graceful shutdown of CMS.
+     * Subsystems are shutdown in reverse order.
+     * Exceptions are ignored.
+     */
     public void forceShutdown();
 
     public IPasswordStore getPasswordStore();
@@ -1107,4 +1117,3 @@ public interface ICMSEngine extends ISubsystem {
 
     public String getConfigSDSessionId();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/apps/ICommandQueue.java b/pki/base/common/src/com/netscape/certsrv/apps/ICommandQueue.java
index f41b2989..a165ab46 100644
--- a/pki/base/common/src/com/netscape/certsrv/apps/ICommandQueue.java
+++ b/pki/base/common/src/com/netscape/certsrv/apps/ICommandQueue.java
@@ -21,9 +21,6 @@ import javax.servlet.Servlet;
 
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
-
-
 /**
  * This interface represents a command queue for registeration
  * and unregisteration proccess for clean shutdown
@@ -34,17 +31,18 @@ public interface ICommandQueue {
 
     /**
      * Registers a thread into the command queue.
-     *
+     * 
      * @param currentRequest request object
      * @param currentServlet servlet that serves the request object
      */
     public boolean registerProcess(CMSRequest currentRequest, Servlet currentServlet);
+
     /**
      * UnRegisters a thread from the command queue.
-     *
+     * 
      * @param currentRequest request object
      * @param currentServlet servlet that serves the request object
      */
     public void unRegisterProccess(Object currentRequest, Object currentServlet);
-            
+
 } // CommandQueue
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/AuthCredentials.java b/pki/base/common/src/com/netscape/certsrv/authentication/AuthCredentials.java
index de124a38..1475683e 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/AuthCredentials.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/AuthCredentials.java
@@ -23,10 +23,10 @@ import java.util.Hashtable;
 import com.netscape.certsrv.base.IArgBlock;
 
 /**
- * Authentication Credentials as input to the authMgr. It contains all the 
+ * Authentication Credentials as input to the authMgr. It contains all the
  * information required for authentication in the authMgr.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthCredentials implements IAuthCredentials {
@@ -34,7 +34,7 @@ public class AuthCredentials implements IAuthCredentials {
     private static final long serialVersionUID = 5862936214648594328L;
     private Hashtable<String, Object> authCreds = null;
     private IArgBlock argblk = null;
-    
+
     /**
      * Constructor
      */
@@ -44,6 +44,7 @@ public class AuthCredentials implements IAuthCredentials {
 
     /**
      * Sets an authentication credential with credential name and the credential object
+     * 
      * @param name credential name
      * @param cred credential object
      */
@@ -54,7 +55,8 @@ public class AuthCredentials implements IAuthCredentials {
 
     /**
      * Returns the credential to which the specified name is mapped in this
-     *	 credential set
+     * credential set
+     * 
      * @param name credential name
      * @return the authentication credential for the given name
      */
@@ -64,8 +66,9 @@ public class AuthCredentials implements IAuthCredentials {
 
     /**
      * Removes the name and its corresponding credential from this
-     *	 credential set.  This method does nothing if the named
-     *	 credential is not in the credential set.
+     * credential set. This method does nothing if the named
+     * credential is not in the credential set.
+     * 
      * @param name credential name
      */
     public void delete(String name) {
@@ -76,26 +79,27 @@ public class AuthCredentials implements IAuthCredentials {
      * Returns an enumeration of the credentials in this credential
      * set. Use the Enumeration methods on the returned object to
      * fetch the elements sequentially.
+     * 
      * @return an enumeration of the values in this credential set
      */
     public Enumeration<Object> getElements() {
         return (authCreds.elements());
     }
-    
+
     /**
      * Set the given argblock
-i    * @param blk the given argblock.
+     * i * @param blk the given argblock.
      */
     public void setArgBlock(IArgBlock blk) {
         argblk = blk;
-    }        
+    }
 
     /**
      * Returns the argblock.
+     * 
      * @return the argblock.
      */
     public IArgBlock getArgBlock() {
         return argblk;
-    }        
+    }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/AuthManagerProxy.java b/pki/base/common/src/com/netscape/certsrv/authentication/AuthManagerProxy.java
index f98276ec..76161e80 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/AuthManagerProxy.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/AuthManagerProxy.java
@@ -17,10 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authentication;
 
-
 /**
  * A class represents an authentication manager. It contains an
  * authentication manager instance and its state (enable or not).
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthManagerProxy {
@@ -29,9 +29,10 @@ public class AuthManagerProxy {
 
     /**
      * Constructor
+     * 
      * @param enable true if the authMgr is enabled; false otherwise
      * @param mgr authentication manager instance
-    */
+     */
     public AuthManagerProxy(boolean enable, IAuthManager mgr) {
         mEnable = enable;
         mMgr = mgr;
@@ -39,7 +40,8 @@ public class AuthManagerProxy {
 
     /**
      * Returns the state of the authentication manager instance
-     * @return true if the state of the authentication manager instance is 
+     * 
+     * @return true if the state of the authentication manager instance is
      *         enabled; false otherwise.
      */
     public boolean isEnable() {
@@ -48,6 +50,7 @@ public class AuthManagerProxy {
 
     /**
      * Returns an authentication manager instance.
+     * 
      * @return an authentication manager instance
      */
     public IAuthManager getAuthManager() {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/AuthMgrPlugin.java b/pki/base/common/src/com/netscape/certsrv/authentication/AuthMgrPlugin.java
index bdb2fe00..4226fd83 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/AuthMgrPlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/AuthMgrPlugin.java
@@ -17,13 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authentication;
 
-
-
-
 /**
  * This class represents a registered authentication manager plugin.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthMgrPlugin {
@@ -33,6 +30,7 @@ public class AuthMgrPlugin {
 
     /**
      * Constructs a AuthManager plugin.
+     * 
      * @param id auth manager implementation name
      * @param classPath class path
      */
@@ -45,9 +43,10 @@ public class AuthMgrPlugin {
         mId = id;
         mClassPath = classPath;
     }
-		
+
     /**
      * Returns an auth manager implementation name
+     * 
      * @return an auth manager implementation name
      */
     public String getId() {
@@ -56,22 +55,25 @@ public class AuthMgrPlugin {
 
     /**
      * Returns a classpath of a AuthManager plugin
+     * 
      * @return a classpath of a AuthManager plugin
      */
     public String getClassPath() {
         return mClassPath;
     }
 
-    /** 
+    /**
      * Returns a visibility of the plugin
+     * 
      * @return a visibility of the plugin
      */
     public boolean isVisible() {
         return mVisible;
     }
 
-    /** 
+    /**
      * Sets visibility of the plugin
+     * 
      * @param visibility visibility of the plugin
      */
     public void setVisible(boolean visibility) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/AuthResources.java b/pki/base/common/src/com/netscape/certsrv/authentication/AuthResources.java
index 138a07eb..35e81011 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/AuthResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/AuthResources.java
@@ -22,7 +22,7 @@ import java.util.ListResourceBundle;
 /**
  * A class represents a resource bundle for the authentication component.
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -30,6 +30,7 @@ public class AuthResources extends ListResourceBundle {
 
     /**
      * Returns the content of this resource.
+     * 
      * @return the contents of this resource
      */
     public Object[][] getContents() {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/AuthToken.java b/pki/base/common/src/com/netscape/certsrv/authentication/AuthToken.java
index eae282c0..0a2b1f0a 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/AuthToken.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/AuthToken.java
@@ -41,10 +41,11 @@ import com.netscape.certsrv.usrgrp.Certificates;
  * Authentication token returned by Authentication Managers.
  * Upon return, it contains authentication/identification information
  * as well as information retrieved from the database where the
- * authentication was done against.  Each authentication manager has
- * its own list of such information.  See individual authenticaiton
+ * authentication was done against. Each authentication manager has
+ * its own list of such information. See individual authenticaiton
  * manager for more details.
  * <p>
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthToken implements IAuthToken {
@@ -74,7 +75,7 @@ public class AuthToken implements IAuthToken {
     public static final String TOKEN_CERT_TO_REVOKE = "tokenCertToRevoke";
 
     /**
-     * Plugin name of the authentication manager that created the 
+     * Plugin name of the authentication manager that created the
      * AuthToken as a string.
      */
     public static final String TOKEN_AUTHMGR_IMPL_NAME = "authMgrImplName";
@@ -86,31 +87,33 @@ public class AuthToken implements IAuthToken {
     public static final String TOKEN_AUTHMGR_INST_NAME = "authMgrInstName";
 
     /**
-     * Time of authentication as a java.util.Date 
+     * Time of authentication as a java.util.Date
      */
     public static final String TOKEN_AUTHTIME = "authTime";
 
     /**
      * Constructs an instance of a authentication token.
      * The token by default contains the following attributes: <br>
+     * 
      * <pre>
-     *		"authMgrInstName" - The authentication manager instance name.
-     *		"authMgrImplName" - The authentication manager plugin name.
-     *		"authTime" - The - The time of authentication.
+     * 	"authMgrInstName" - The authentication manager instance name.
+     * 	"authMgrImplName" - The authentication manager plugin name.
+     * 	"authTime" - The - The time of authentication.
      * </pre>
+     * 
      * @param authMgr The authentication manager that created this Token.
      */
     public AuthToken(IAuthManager authMgr) {
         mAttrs = new Hashtable<String, Object>();
         if (authMgr != null) {
-          set(TOKEN_AUTHMGR_INST_NAME, authMgr.getName());
-          set(TOKEN_AUTHMGR_IMPL_NAME, authMgr.getImplName());
+            set(TOKEN_AUTHMGR_INST_NAME, authMgr.getName());
+            set(TOKEN_AUTHMGR_IMPL_NAME, authMgr.getImplName());
         }
         set(TOKEN_AUTHTIME, new Date());
     }
 
     public String getInString(String attrName) {
-        return (String)mAttrs.get(attrName);
+        return (String) mAttrs.get(attrName);
     }
 
     public boolean set(String attrName, String value) {
@@ -123,6 +126,7 @@ public class AuthToken implements IAuthToken {
 
     /**
      * Removes an attribute in the AuthToken
+     * 
      * @param attrName The name of the attribute to remove.
      */
     public void delete(String attrName) {
@@ -131,6 +135,7 @@ public class AuthToken implements IAuthToken {
 
     /**
      * Enumerate all attribute names in the AuthToken.
+     * 
      * @return Enumeration of all attribute names in this AuthToken.
      */
     public Enumeration<String> getElements() {
@@ -351,7 +356,7 @@ public class AuthToken implements IAuthToken {
             for (int i = 0; i < certArray.length; i++) {
                 ByteArrayOutputStream byteStream = new ByteArrayOutputStream();
                 try {
-                    X509CertImpl certImpl = (X509CertImpl)certArray[i];
+                    X509CertImpl certImpl = (X509CertImpl) certArray[i];
                     certImpl.encode(byteStream);
                     derValues[i] = new DerValue(byteStream.toByteArray());
                 } catch (CertificateEncodingException e) {
@@ -406,6 +411,7 @@ public class AuthToken implements IAuthToken {
 
     /**
      * Enumerate all attribute values in the AuthToken.
+     * 
      * @return Enumeration of all attribute names in this AuthToken.
      */
     public Enumeration<Object> getVals() {
@@ -413,10 +419,11 @@ public class AuthToken implements IAuthToken {
     }
 
     /**
-     * Gets the name of the authentication manager instance that created 
-     * this token.
-     * @return The name of the authentication manager instance that created 
+     * Gets the name of the authentication manager instance that created
      * this token.
+     * 
+     * @return The name of the authentication manager instance that created
+     *         this token.
      */
     public String getAuthManagerInstName() {
         return ((String) mAttrs.get(TOKEN_AUTHMGR_INST_NAME));
@@ -425,8 +432,9 @@ public class AuthToken implements IAuthToken {
     /**
      * Gets the plugin name of the authentication manager that created this
      * token.
+     * 
      * @return The plugin name of the authentication manager that created this
-     * token.
+     *         token.
      */
     public String getAuthManagerImplName() {
         return ((String) mAttrs.get(TOKEN_AUTHMGR_IMPL_NAME));
@@ -434,10 +442,10 @@ public class AuthToken implements IAuthToken {
 
     /**
      * Gets the time of authentication.
+     * 
      * @return The time of authentication
      */
     public Date getAuthTime() {
         return ((Date) mAttrs.get(TOKEN_AUTHTIME));
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthException.java b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthException.java
index b998ae8b..c79c3e9a 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthException.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthException.java
@@ -22,6 +22,7 @@ import com.netscape.certsrv.base.EBaseException;
 /**
  * This class represents authentication exceptions.
  * <P>
+ * 
  * @version $Revision$, $Date$
  */
 public class EAuthException extends EBaseException {
@@ -38,6 +39,7 @@ public class EAuthException extends EBaseException {
     /**
      * Constructs an authentication exception
      * <P>
+     * 
      * @param msgFormat exception details
      */
     public EAuthException(String msgFormat) {
@@ -45,8 +47,9 @@ public class EAuthException extends EBaseException {
     }
 
     /**
-     * Constructs an authentication exception with a parameter. 
+     * Constructs an authentication exception with a parameter.
      * <p>
+     * 
      * @param msgFormat exception details in message string format
      * @param param message string parameter
      */
@@ -57,6 +60,7 @@ public class EAuthException extends EBaseException {
     /**
      * Constructs a auth exception with a exception parameter.
      * <P>
+     * 
      * @param msgFormat exception details in message string format
      * @param exception system exception
      */
@@ -67,6 +71,7 @@ public class EAuthException extends EBaseException {
     /**
      * Constructs a auth exception with a list of parameters.
      * <P>
+     * 
      * @param msgFormat the message format.
      * @param params list of message format parameters
      */
@@ -76,6 +81,7 @@ public class EAuthException extends EBaseException {
 
     /**
      * Returns the resource bundle name
+     * 
      * @return resource bundle name.
      */
     protected String getBundleName() {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthInternalError.java b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthInternalError.java
index fb4ad04b..52688f92 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthInternalError.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthInternalError.java
@@ -30,6 +30,7 @@ public class EAuthInternalError extends EAuthException {
     /**
      * Constructs an authentication internal error exception
      * with a detailed message.
+     * 
      * @param errorString Detailed error message.
      */
     public EAuthInternalError(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrNotFound.java b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrNotFound.java
index 675fbe59..925aaabf 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrNotFound.java
@@ -29,6 +29,7 @@ public class EAuthMgrNotFound extends EAuthException {
 
     /**
      * Constructs a exception for a missing authentication manager
+     * 
      * @param errorString error string for missing authentication manager
      */
     public EAuthMgrNotFound(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrPluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrPluginNotFound.java
index 2210de2c..2ca90e3c 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrPluginNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrPluginNotFound.java
@@ -29,7 +29,8 @@ public class EAuthMgrPluginNotFound extends EAuthException {
 
     /**
      * Constructs a exception for a missing authentication manager plugin
-     * @param errorString error for a missing authentication manager plugin 
+     * 
+     * @param errorString error for a missing authentication manager plugin
      */
     public EAuthMgrPluginNotFound(String errorString) {
         super(errorString);
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthUserError.java b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthUserError.java
index b3bafd3c..f816c35e 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthUserError.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthUserError.java
@@ -29,6 +29,7 @@ public class EAuthUserError extends EAuthException {
 
     /**
      * Constructs a exception for a Invalid attribute value
+     * 
      * @param errorString Detailed error message.
      */
     public EAuthUserError(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/ECompSyntaxErr.java b/pki/base/common/src/com/netscape/certsrv/authentication/ECompSyntaxErr.java
index edbf13e6..84725bb9 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/ECompSyntaxErr.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/ECompSyntaxErr.java
@@ -29,6 +29,7 @@ public class ECompSyntaxErr extends EAuthException {
 
     /**
      * Constructs an component syntax error
+     * 
      * @param errorString Detailed error message.
      */
     public ECompSyntaxErr(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EFormSubjectDN.java b/pki/base/common/src/com/netscape/certsrv/authentication/EFormSubjectDN.java
index b56a1e0a..95282448 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/EFormSubjectDN.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/EFormSubjectDN.java
@@ -29,6 +29,7 @@ public class EFormSubjectDN extends EAuthException {
 
     /**
      * Constructs an Error on formulating the subject dn.
+     * 
      * @param errorString Detailed error message.
      */
     public EFormSubjectDN(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EInvalidCredentials.java b/pki/base/common/src/com/netscape/certsrv/authentication/EInvalidCredentials.java
index 894a07ca..3e4daaf0 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/EInvalidCredentials.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/EInvalidCredentials.java
@@ -29,6 +29,7 @@ public class EInvalidCredentials extends EAuthException {
 
     /**
      * Constructs an Invalid Credentials exception.
+     * 
      * @param errorString Detailed error message.
      */
     public EInvalidCredentials(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EMissingCredential.java b/pki/base/common/src/com/netscape/certsrv/authentication/EMissingCredential.java
index 695dd15c..5de73aa0 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/EMissingCredential.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/EMissingCredential.java
@@ -29,6 +29,7 @@ public class EMissingCredential extends EAuthException {
 
     /**
      * Constructs a exception for a missing required authentication credential
+     * 
      * @param errorString Detailed error message.
      */
     public EMissingCredential(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthCredentials.java b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthCredentials.java
index eb36f996..cd843443 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthCredentials.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthCredentials.java
@@ -24,19 +24,21 @@ import com.netscape.certsrv.base.IAttrSet;
  * An interface represents authentication credentials:
  * e.g. uid/pwd, uid/pin, certificate, etc.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IAuthCredentials extends IAttrSet {
 
-    /** 
+    /**
      * Set argblock.
+     * 
      * @param blk argblock
      */
     public void setArgBlock(IArgBlock blk);
 
     /**
      * Returns argblock.
+     * 
      * @return Argblock.
      */
     public IArgBlock getArgBlock();
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthManager.java b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthManager.java
index b2f7d69a..1ff46af7 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthManager.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthManager.java
@@ -23,7 +23,7 @@ import com.netscape.certsrv.base.IConfigStore;
 /**
  * Authentication Manager interface.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IAuthManager {
@@ -41,6 +41,7 @@ public interface IAuthManager {
     /**
      * Get the name of this authentication manager instance.
      * <p>
+     * 
      * @return the name of this authentication manager.
      */
     public String getName();
@@ -48,31 +49,34 @@ public interface IAuthManager {
     /**
      * Get name of authentication manager plugin.
      * <p>
+     * 
      * @return the name of the authentication manager plugin.
-     */ 
+     */
     public String getImplName();
 
     /**
      * Authenticate the given credentials.
+     * 
      * @param authCred The authentication credentials
      * @return authentication token
-     * @exception EMissingCredential If a required credential for this 
-     * authentication manager is missing.
+     * @exception EMissingCredential If a required credential for this
+     *                authentication manager is missing.
      * @exception EInvalidCredentials If credentials cannot be authenticated.
      * @exception EBaseException If an internal error occurred.
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException;
+            throws EMissingCredential, EInvalidCredentials, EBaseException;
 
     /**
      * Initialize this authentication manager.
+     * 
      * @param name The name of this authentication manager instance.
      * @param implName The name of the authentication manager plugin.
      * @param config The configuration store for this authentication manager.
      * @exception EBaseException If an initialization error occurred.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Prepare this authentication manager for a shutdown.
@@ -82,24 +86,26 @@ public interface IAuthManager {
 
     /**
      * Gets a list of the required credentials for this authentication manager.
+     * 
      * @return The required credential attributes.
      */
     public String[] getRequiredCreds();
 
     /**
      * Get configuration parameters for this implementation.
-     * The configuration parameters returned is passed to the 
-     * configuration console so configuration for instances of this 
+     * The configuration parameters returned is passed to the
+     * configuration console so configuration for instances of this
      * implementation can be made through the console.
      * 
      * @return a list of configuration parameters.
      * @exception EBaseException If an internal error occurred
      */
     public String[] getConfigParams()
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Get the configuration store for this authentication manager.
+     * 
      * @return The configuration store of this authentication manager.
      */
     public IConfigStore getConfigStore();
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthSubsystem.java b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthSubsystem.java
index 2de8ed26..329b6802 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthSubsystem.java
@@ -26,7 +26,7 @@ import com.netscape.certsrv.base.ISubsystem;
 /**
  * An interface that represents an authentication component
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IAuthSubsystem extends ISubsystem {
@@ -39,17 +39,17 @@ public interface IAuthSubsystem extends ISubsystem {
     /**
      * Constant for class.
      */
-    public static final String PROP_CLASS = "class"; 
+    public static final String PROP_CLASS = "class";
 
     /**
      * Constant for impl
      */
-    public static final String PROP_IMPL = "impl"; 
+    public static final String PROP_IMPL = "impl";
 
     /**
      * Constant for pluginName.
      */
-    public static final String PROP_PLUGIN = "pluginName"; 
+    public static final String PROP_PLUGIN = "pluginName";
 
     /**
      * Constant for instance.
@@ -120,6 +120,7 @@ public interface IAuthSubsystem extends ISubsystem {
 
     /**
      * Authenticate the given credentials using the given manager name.
+     * 
      * @param authCred The authentication credentials
      * @param authMgrName The authentication manager name
      * @return a authentication token.
@@ -128,11 +129,12 @@ public interface IAuthSubsystem extends ISubsystem {
      * @exception EBaseException If an error occurs during authentication.
      */
     public IAuthToken authenticate(IAuthCredentials authCred, String authMgrName)
-        throws EMissingCredential, EInvalidCredentials, EBaseException;
+            throws EMissingCredential, EInvalidCredentials, EBaseException;
 
     /**
      * Gets the required credential attributes for the given authentication
      * manager.
+     * 
      * @param authMgrName The authentication manager name
      * @return a Vector of required credential attribute names.
      * @exception EBaseException If the required credential is missing
@@ -141,6 +143,7 @@ public interface IAuthSubsystem extends ISubsystem {
 
     /**
      * Adds (registers) the given authentication manager.
+     * 
      * @param name The authentication manager name
      * @param authMgr The authentication manager instance.
      */
@@ -148,12 +151,14 @@ public interface IAuthSubsystem extends ISubsystem {
 
     /**
      * Deletes (deregisters) the given authentication manager.
+     * 
      * @param name The authentication manager name to delete.
      */
     public void delete(String name);
 
     /**
      * Gets the Authentication manager instance of the specified name.
+     * 
      * @param name The authentication manager's name.
      * @exception EBaseException when internal error occurs.
      */
@@ -162,18 +167,21 @@ public interface IAuthSubsystem extends ISubsystem {
     /**
      * Gets an enumeration of authentication managers registered to the
      * authentication subsystem.
+     * 
      * @return a list of authentication managers
      */
     public Enumeration<IAuthManager> getAuthManagers();
 
     /**
      * Gets an enumeration of authentication manager plugins.
+     * 
      * @return a list of authentication plugins
      */
     public Enumeration<AuthMgrPlugin> getAuthManagerPlugins();
 
     /**
      * Gets a single authentication manager plugin implementation
+     * 
      * @param name given authentication plugin name
      * @return the given authentication plugin
      */
@@ -181,17 +189,19 @@ public interface IAuthSubsystem extends ISubsystem {
 
     /**
      * Get configuration parameters for a authentication mgr plugin.
+     * 
      * @param implName The plugin name.
      * @return configuration parameters for the given authentication manager plugin
-     * @exception EAuthMgrPluginNotFound If the authentication manager 
-     * plugin is not found.
+     * @exception EAuthMgrPluginNotFound If the authentication manager
+     *                plugin is not found.
      * @exception EBaseException If an internal error occurred.
      */
-    public String[] getConfigParams(String implName) 
-        throws EAuthMgrPluginNotFound, EBaseException;
+    public String[] getConfigParams(String implName)
+            throws EAuthMgrPluginNotFound, EBaseException;
 
     /**
      * Log error message.
+     * 
      * @param level log level
      * @param msg error message
      */
@@ -199,28 +209,31 @@ public interface IAuthSubsystem extends ISubsystem {
 
     /**
      * Get a hashtable containing all authentication plugins.
+     * 
      * @return all authentication plugins.
      */
     public Hashtable<String, AuthMgrPlugin> getPlugins();
 
     /**
      * Get a hashtable containing all authentication instances.
+     * 
      * @return all authentication instances.
      */
     public Hashtable<?, ?> getInstances();
 
     /**
      * Get an authentication manager interface for the given name.
+     * 
      * @param name given authentication manager name.
      * @return an authentication manager for the given manager name.
      */
     public IAuthManager get(String name);
 
     /**
-     * Get an authentication manager plugin impl  for the given name.
+     * Get an authentication manager plugin impl for the given name.
+     * 
      * @param name given authentication manager name.
      * @return an authentication manager plugin
      */
     public AuthMgrPlugin getAuthManagerPluginImpl(String name);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java
index 94279363..f46ee3ca 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java
@@ -32,14 +32,14 @@ import com.netscape.certsrv.usrgrp.Certificates;
  */
 public interface IAuthToken {
 
-  /**
-   * Constant for userid.
-   */
-  public static final String USER_ID = "userid";
+    /**
+     * Constant for userid.
+     */
+    public static final String USER_ID = "userid";
 
     /**
      * Sets an attribute value within this AttrSet.
-     *
+     * 
      * @param name the name of the attribute
      * @param value the attribute object.
      * @return false on an error
@@ -48,7 +48,7 @@ public interface IAuthToken {
 
     /**
      * Gets an attribute value.
-     *
+     * 
      * @param name the name of the attribute to return.
      * @exception EBaseException on attribute handling errors.
      * @return the attribute value
@@ -58,7 +58,7 @@ public interface IAuthToken {
     /**
      * Returns an enumeration of the names of the attributes existing within
      * this AttrSet.
-     *
+     * 
      * @return an enumeration of the attribute names.
      */
     public Enumeration<String> getElements();
@@ -70,139 +70,156 @@ public interface IAuthToken {
      */
 
     /**
-     * Retrieves the byte array value for name.  The value should have been
+     * Retrieves the byte array value for name. The value should have been
      * previously stored as a byte array (it will be CMS.AtoB decoded).
-     * @param name  The attribute name.
-     * @return  The byte array or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The byte array or null on error.
      */
     public byte[] getInByteArray(String name);
 
     /**
      * Stores the byte array with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return false on an error
      */
     public boolean set(String name, byte[] value);
 
     /**
      * Retrieves the Integer value for name.
-     * @param name  The attribute name.
-     * @return  The Integer or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The Integer or null on error.
      */
     public Integer getInInteger(String name);
 
     /**
      * Stores the Integer with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return false on an error
      */
     public boolean set(String name, Integer value);
 
     /**
      * Retrieves the BigInteger array value for name.
-     * @param name  The attribute name.
-     * @return  The value or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The value or null on error.
      */
     public BigInteger[] getInBigIntegerArray(String name);
 
     /**
      * Stores the BigInteger array with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return false on an error
      */
     public boolean set(String name, BigInteger[] value);
 
     /**
      * Retrieves the Date value for name.
-     * @param name  The attribute name.
-     * @return  The value or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The value or null on error.
      */
     public Date getInDate(String name);
 
     /**
      * Stores the Date with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return false on an error
      */
     public boolean set(String name, Date value);
 
     /**
      * Retrieves the String array value for name.
-     * @param name  The attribute name.
-     * @return  The value or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The value or null on error.
      */
     public String[] getInStringArray(String name);
 
     /**
      * Stores the String array with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return False on error.
      */
     public boolean set(String name, String[] value);
 
     /**
      * Retrieves the X509CertImpl value for name.
-     * @param name  The attribute name.
-     * @return  The value or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The value or null on error.
      */
     public X509CertImpl getInCert(String name);
 
     /**
      * Stores the X509CertImpl with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return false on error
      */
     public boolean set(String name, X509CertImpl value);
 
     /**
      * Retrieves the CertificateExtensions value for name.
-     * @param name  The attribute name.
-     * @return  The value or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The value or null on error.
      */
     public CertificateExtensions getInCertExts(String name);
 
     /**
      * Stores the CertificateExtensions with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return false on error
      */
     public boolean set(String name, CertificateExtensions value);
 
     /**
      * Retrieves the Certificates value for name.
-     * @param name  The attribute name.
-     * @return  The value or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The value or null on error.
      */
     public Certificates getInCertificates(String name);
 
     /**
      * Stores the Certificates with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return false on error
      */
     public boolean set(String name, Certificates value);
 
     /**
      * Retrieves the byte[][] value for name.
-     * @param name  The attribute name.
-     * @return  The value or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The value or null on error.
      */
     public byte[][] getInByteArrayArray(String name);
 
     /**
      * Stores the byte[][] with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return false on error
      */
     public boolean set(String name, byte[][] value);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/ISSLClientCertProvider.java b/pki/base/common/src/com/netscape/certsrv/authentication/ISSLClientCertProvider.java
index d4bdf7bb..6932decc 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/ISSLClientCertProvider.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/ISSLClientCertProvider.java
@@ -17,18 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authentication;
 
-
 import java.security.cert.X509Certificate;
 
-
 /**
  * This interface represents an object that captures the
  * SSL client certificate in a SSL session. Normally, this
  * object is a servlet.
  * <p>
- *
- * This interface is used to avoid the internal imeplemtnation
- * to have servlet (protocol handler) dependency.
+ * 
+ * This interface is used to avoid the internal imeplemtnation to have servlet (protocol handler) dependency.
  * <p>
  * 
  * @version $Revision$, $Date$
@@ -37,7 +34,7 @@ public interface ISSLClientCertProvider {
 
     /**
      * Retrieves the SSL client certificate chain.
-     *
+     * 
      * @return certificate chain
      */
     public X509Certificate[] getClientCertificateChain();
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/ISharedToken.java b/pki/base/common/src/com/netscape/certsrv/authentication/ISharedToken.java
index eae65d17..830c8866 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/ISharedToken.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/ISharedToken.java
@@ -26,6 +26,7 @@ import org.mozilla.jss.pkix.cmc.PKIData;
  */
 public interface ISharedToken {
 
-    public String getSharedToken(PKIData cmcData); 
-    public String getSharedToken(BigInteger serialnum); 
+    public String getSharedToken(PKIData cmcData);
+
+    public String getSharedToken(BigInteger serialnum);
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/authority/IAuthority.java b/pki/base/common/src/com/netscape/certsrv/authority/IAuthority.java
index 5916ecd0..2875e4dd 100644
--- a/pki/base/common/src/com/netscape/certsrv/authority/IAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/authority/IAuthority.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authority;
 
-
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.request.IRequestListener;
 import com.netscape.certsrv.request.IRequestQueue;
 
-
 /**
  * Authority interface.
- *
+ * 
  * @version $Revision$ $Date$
  */
 public interface IAuthority extends ISubsystem {
@@ -33,6 +31,7 @@ public interface IAuthority extends ISubsystem {
     /**
      * Retrieves the request queue for the Authority.
      * <P>
+     * 
      * @return the request queue.
      */
     public IRequestQueue getRequestQueue();
diff --git a/pki/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java b/pki/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java
index 94d6df40..c2f2c91e 100644
--- a/pki/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authority;
 
-
 import netscape.security.x509.CertificateChain;
 import netscape.security.x509.X500Name;
 import netscape.security.x509.X509CertImpl;
@@ -27,12 +26,11 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.IPublisherProcessor;
 import com.netscape.certsrv.request.IRequestListener;
 
-
 /**
  * Authority that handles certificates needed by the cert registration
- * servlets. 
+ * servlets.
  * <P>
- *
+ * 
  * @version $Revision$ $Date$
  */
 public interface ICertAuthority extends IAuthority {
@@ -40,7 +38,7 @@ public interface ICertAuthority extends IAuthority {
     /**
      * Retrieves the certificate repository for this authority.
      * <P>
-     *
+     * 
      * @return the certificate repository.
      */
     public ICertificateRepository getCertificateRepository();
@@ -48,6 +46,7 @@ public interface ICertAuthority extends IAuthority {
     /**
      * Returns CA's certificate chain.
      * <P>
+     * 
      * @return the Certificate Chain for the CA.
      */
     public CertificateChain getCACertChain();
@@ -55,18 +54,19 @@ public interface ICertAuthority extends IAuthority {
     /**
      * Returns CA's certificate implementaion.
      * <P>
+     * 
      * @return CA's certificate.
      */
     public X509CertImpl getCACert();
 
     /**
      * Returns signing algorithms supported by the CA.
-     * Dependent on CA's key type and algorithms supported by security lib. 
+     * Dependent on CA's key type and algorithms supported by security lib.
      */
     public String[] getCASigningAlgorithms();
 
     /**
-     * Returns authority's X500 Name. - XXX what's this for ?? 
+     * Returns authority's X500 Name. - XXX what's this for ??
      */
     public X500Name getX500Name();
 
@@ -86,15 +86,15 @@ public interface ICertAuthority extends IAuthority {
     public void registerPendingListener(IRequestListener l);
 
     /**
-     * get authority's  publishing module if any.
+     * get authority's publishing module if any.
      */
     public IPublisherProcessor getPublisherProcessor();
-		
+
     /**
      * Returns the logging interface for this authority.
      * Using this interface both System and Audit events can be
      * logged.
-     *
+     * 
      */
     public ILogger getLogger();
 
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java
index 0960311e..58a5264b 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java
@@ -17,10 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authorization;
 
-
 /**
  * A class represents an authorization manager. It contains an
  * authorization manager instance and its state (enable or not).
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthzManagerProxy {
@@ -29,9 +29,10 @@ public class AuthzManagerProxy {
 
     /**
      * Constructor
+     * 
      * @param enable true if the authzMgr is enabled; false otherwise
      * @param mgr authorization manager instance
-    */
+     */
     public AuthzManagerProxy(boolean enable, IAuthzManager mgr) {
         mEnable = enable;
         mMgr = mgr;
@@ -39,6 +40,7 @@ public class AuthzManagerProxy {
 
     /**
      * Returns the state of the authorization manager instance
+     * 
      * @return true if the state of the authorization manager instance is
      *         enabled; false otherwise.
      */
@@ -48,6 +50,7 @@ public class AuthzManagerProxy {
 
     /**
      * Returns an authorization manager instance.
+     * 
      * @return an authorization manager instance
      */
     public IAuthzManager getAuthzManager() {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java
index aebe9170..e47e5817 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java
@@ -17,13 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authorization;
 
-
-
-
 /**
  * This class represents a registered authorization manager plugin.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthzMgrPlugin {
@@ -33,6 +30,7 @@ public class AuthzMgrPlugin {
 
     /**
      * Constructs a AuthzManager plugin.
+     * 
      * @param id authz manager implementation name
      * @param classPath class path
      */
@@ -40,9 +38,10 @@ public class AuthzMgrPlugin {
         mId = id;
         mClassPath = classPath;
     }
-		
+
     /**
      * Returns an authorization manager implementation name
+     * 
      * @return an authorization manager implementation name
      */
     public String getId() {
@@ -51,6 +50,7 @@ public class AuthzMgrPlugin {
 
     /**
      * Returns a classpath of a AuthzManager plugin
+     * 
      * @return a classpath of a AuthzManager plugin
      */
     public String getClassPath() {
@@ -59,6 +59,7 @@ public class AuthzMgrPlugin {
 
     /**
      * Returns a visibility of the plugin
+     * 
      * @return a visibility of the plugin
      */
     public boolean isVisible() {
@@ -67,6 +68,7 @@ public class AuthzMgrPlugin {
 
     /**
      * Sets visibility of the plugin
+     * 
      * @param visibility visibility of the plugin
      */
     public void setVisible(boolean visibility) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java
index 7cb5240a..13d33c21 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java
@@ -17,13 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authorization;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for the authorization subsystem
  * <P>
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -31,6 +30,7 @@ public class AuthzResources extends ListResourceBundle {
 
     /**
      * Returns the content of this resource.
+     * 
      * @return the content of this resource
      */
     public Object[][] getContents() {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java
index 0b5db00a..b6e2d144 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authorization;
 
-
 import java.util.Date;
 import java.util.Enumeration;
 import java.util.Hashtable;
 
 import com.netscape.certsrv.base.IAttrSet;
 
-
 /**
  * Authorization token returned by Authorization Managers.
  * Upon return, it contains the name of the authorization manager that create
@@ -32,6 +30,7 @@ import com.netscape.certsrv.base.IAttrSet;
  * authorization happened, name of the resource, type of operation performed
  * on the resource.
  * <p>
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthzToken implements IAttrSet {
@@ -39,7 +38,7 @@ public class AuthzToken implements IAttrSet {
     private Hashtable<String, Object> mAttrs = null;
 
     /**
-     * Plugin name of the authorization manager that created the 
+     * Plugin name of the authorization manager that created the
      * AuthzToken as a string.
      */
     public static final String TOKEN_AUTHZMGR_IMPL_NAME = "authzMgrImplName";
@@ -51,7 +50,7 @@ public class AuthzToken implements IAttrSet {
     public static final String TOKEN_AUTHZMGR_INST_NAME = "authzMgrInstName";
 
     /**
-     * Time of authorization as a java.util.Date 
+     * Time of authorization as a java.util.Date
      */
     public static final String TOKEN_AUTHZTIME = "authzTime";
 
@@ -61,7 +60,7 @@ public class AuthzToken implements IAttrSet {
     public static final String TOKEN_AUTHZ_RESOURCE = "authzRes";
 
     /**
-     * name of the operation 
+     * name of the operation
      */
     public static final String TOKEN_AUTHZ_OPERATION = "authzOp";
 
@@ -69,33 +68,36 @@ public class AuthzToken implements IAttrSet {
      * Status of the authorization evaluation
      */
     public static final String TOKEN_AUTHZ_STATUS = "status";
- 
+
     /**
-     * Constant for the success status of the authorization evaluation. 
+     * Constant for the success status of the authorization evaluation.
      */
     public static final String AUTHZ_STATUS_SUCCESS = "statusSuccess";
 
     /**
      * Constructs an instance of a authorization token.
      * The token by default contains the following attributes: <br>
+     * 
      * <pre>
-     *		"authzMgrInstName" - The authorization manager instance name.
-     *		"authzMgrImplName" - The authorization manager plugin name.
-     *		"authzTime" - The - The time of authorization.
+     * 	"authzMgrInstName" - The authorization manager instance name.
+     * 	"authzMgrImplName" - The authorization manager plugin name.
+     * 	"authzTime" - The - The time of authorization.
      * </pre>
+     * 
      * @param authzMgr The authorization manager that created this Token.
      */
     public AuthzToken(IAuthzManager authzMgr) {
         mAttrs = new Hashtable<String, Object>();
-        mAttrs.put(TOKEN_AUTHZMGR_INST_NAME, authzMgr.getName()); 
-        mAttrs.put(TOKEN_AUTHZMGR_IMPL_NAME, authzMgr.getImplName()); 
+        mAttrs.put(TOKEN_AUTHZMGR_INST_NAME, authzMgr.getName());
+        mAttrs.put(TOKEN_AUTHZMGR_IMPL_NAME, authzMgr.getImplName());
         mAttrs.put(TOKEN_AUTHZTIME, new Date());
     }
 
     /**
      * Get the value of an attribute in the AuthzToken
+     * 
      * @param attrName The attribute name
-     * @return The value of attrName if any. 
+     * @return The value of attrName if any.
      */
     public Object get(String attrName) {
         return mAttrs.get(attrName);
@@ -103,7 +105,8 @@ public class AuthzToken implements IAttrSet {
 
     /**
      * Used by an Authorization manager to set an attribute and value
-     *	 in the AuthzToken.
+     * in the AuthzToken.
+     * 
      * @param attrName The name of the attribute
      * @param value The value of the attribute to set.
      */
@@ -113,6 +116,7 @@ public class AuthzToken implements IAttrSet {
 
     /**
      * Removes an attribute in the AuthzToken
+     * 
      * @param attrName The name of the attribute to remove.
      */
     public void delete(String attrName) {
@@ -121,6 +125,7 @@ public class AuthzToken implements IAttrSet {
 
     /**
      * Enumerate all attribute names in the AuthzToken.
+     * 
      * @return Enumeration of all attribute names in this AuthzToken.
      */
     public Enumeration<String> getElements() {
@@ -129,6 +134,7 @@ public class AuthzToken implements IAttrSet {
 
     /**
      * Enumerate all attribute values in the AuthzToken.
+     * 
      * @return Enumeration of all attribute names in this AuthzToken.
      */
     public Enumeration<Object> getVals() {
@@ -136,10 +142,11 @@ public class AuthzToken implements IAttrSet {
     }
 
     /**
-     * Gets the name of the authorization manager instance that created 
-     * this token.
-     * @return The name of the authorization manager instance that created 
+     * Gets the name of the authorization manager instance that created
      * this token.
+     * 
+     * @return The name of the authorization manager instance that created
+     *         this token.
      */
     public String getAuthzManagerInstName() {
         return ((String) mAttrs.get(TOKEN_AUTHZMGR_INST_NAME));
@@ -148,8 +155,9 @@ public class AuthzToken implements IAttrSet {
     /**
      * Gets the plugin name of the authorization manager that created this
      * token.
+     * 
      * @return The plugin name of the authorization manager that created this
-     * token.
+     *         token.
      */
     public String getAuthzManagerImplName() {
         return ((String) mAttrs.get(TOKEN_AUTHZMGR_IMPL_NAME));
@@ -157,10 +165,10 @@ public class AuthzToken implements IAttrSet {
 
     /**
      * Gets the time of authorization.
+     * 
      * @return The time of authorization
      */
     public Date getAuthzTime() {
         return ((Date) mAttrs.get(TOKEN_AUTHZTIME));
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java
index 18429c98..9fc7777c 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java
@@ -29,9 +29,10 @@ public class EAuthzAccessDenied extends EAuthzException {
 
     /**
      * Constructs a exception for access denied by Authz manager
+     * 
      * @param errorString Detailed error message.
      */
     public EAuthzAccessDenied(String errorString) {
-        super(errorString); 
+        super(errorString);
     }
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java
index 869a021c..65d95a57 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java
@@ -17,12 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authorization;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
 /**
  * This class represents authorization exceptions.
  * <P>
+ * 
  * @version $Revision$, $Date$
  */
 public class EAuthzException extends EBaseException {
@@ -39,6 +39,7 @@ public class EAuthzException extends EBaseException {
     /**
      * Constructs a authz exception
      * <P>
+     * 
      * @param msgFormat exception details
      */
     public EAuthzException(String msgFormat) {
@@ -46,8 +47,9 @@ public class EAuthzException extends EBaseException {
     }
 
     /**
-     * Constructs a authz exception with a parameter. 
+     * Constructs a authz exception with a parameter.
      * <p>
+     * 
      * @param msgFormat exception details in message string format
      * @param param message string parameter
      */
@@ -58,6 +60,7 @@ public class EAuthzException extends EBaseException {
     /**
      * Constructs a authz exception with a exception parameter.
      * <P>
+     * 
      * @param msgFormat exception details in message string format
      * @param param system exception
      */
@@ -68,6 +71,7 @@ public class EAuthzException extends EBaseException {
     /**
      * Constructs a authz exception with a list of parameters.
      * <P>
+     * 
      * @param msgFormat the message format.
      * @param params list of message format parameters
      */
@@ -77,6 +81,7 @@ public class EAuthzException extends EBaseException {
 
     /**
      * Returns the resource bundle name
+     * 
      * @return resource bundle name
      */
     protected String getBundleName() {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java
index ff7da13d..2afe2c74 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java
@@ -29,6 +29,7 @@ public class EAuthzInternalError extends EAuthzException {
 
     /**
      * Constructs an authorization internal error exception
+     * 
      * @param errorString error with a detailed message.
      */
     public EAuthzInternalError(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java
index 944b9854..a920d37a 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java
@@ -29,6 +29,7 @@ public class EAuthzMgrNotFound extends EAuthzException {
 
     /**
      * Constructs a exception for a missing required authorization manager
+     * 
      * @param errorString Detailed error message.
      */
     public EAuthzMgrNotFound(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java
index b44e4711..43ae6edc 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java
@@ -29,6 +29,7 @@ public class EAuthzMgrPluginNotFound extends EAuthzException {
 
     /**
      * Constructs a exception for a missing authorization plugin
+     * 
      * @param errorString Detailed error message.
      */
     public EAuthzMgrPluginNotFound(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java
index 025306cb..ce061ddd 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java
@@ -29,6 +29,7 @@ public class EAuthzUnknownOperation extends EAuthzException {
 
     /**
      * Constructs a exception for an operation unknown to the authorization manager
+     * 
      * @param errorString Detailed error message.
      */
     public EAuthzUnknownOperation(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java
index 4d7695a8..5cb2d727 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java
@@ -29,6 +29,7 @@ public class EAuthzUnknownProtectedRes extends EAuthzException {
 
     /**
      * Constructs a exception for a protected resource unknown to the authorization manager
+     * 
      * @param errorString Detailed error message.
      */
     public EAuthzUnknownProtectedRes(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java
index 25a66505..70e4b7c0 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authorization;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 
@@ -29,12 +28,11 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.evaluators.IAccessEvaluator;
 
-
 /**
  * Authorization Manager interface needs to be implemented by all
- * authorization managers.  
+ * authorization managers.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IAuthzManager {
@@ -42,6 +40,7 @@ public interface IAuthzManager {
     /**
      * Get the name of this authorization manager instance.
      * <p>
+     * 
      * @return String the name of this authorization manager.
      */
     public String getName();
@@ -50,29 +49,29 @@ public interface IAuthzManager {
      * Get implementation name of authorization manager plugin.
      * <p>
      * An example of an implementation name will be:
+     * 
      * <PRE>
      * com.netscape.cms.BasicAclAuthz
      * </PRE>
      * <p>
+     * 
      * @return The name of the authorization manager plugin.
-     */ 
+     */
     public String getImplName();
 
     /**
      * <code>accessInit</code> is for servlets who want to initialize their
-     * own authorization information before full operation.  It is supposed
+     * own authorization information before full operation. It is supposed
      * to be called from the authzMgrAccessInit() method of the AuthzSubsystem.
      * <p>
-     * The accessInfo format is determined by each individual
-     *	 authzmgr.  For example, for BasicAclAuthz,
-     *  The accessInfo is the resACLs, whose format should conform
-     * to the following:
+     * The accessInfo format is determined by each individual authzmgr. For example, for BasicAclAuthz, The accessInfo is the resACLs, whose format should conform to the following:
+     * 
      * <pre>
      *    <resource ID>:right-1[,right-n]:[allow,deny](right(s))<evaluatorType>=<value>:<comment for this resource acl
      * </pre>
      * <P>
-     * Example:
-     *    resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties
+     * Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties
+     * 
      * @param accessInfo the access info string in the format specified in the authorization manager
      * @exception EBaseException error parsing the accessInfo
      */
@@ -81,6 +80,7 @@ public interface IAuthzManager {
     /**
      * Check if the user is authorized to perform the given operation on the
      * given resource.
+     * 
      * @param authToken the authToken associated with a user.
      * @param resource - the protected resource name
      * @param operation - the protected resource operation name
@@ -89,20 +89,21 @@ public interface IAuthzManager {
      * @exception EAuthzAccessDenied if access denied
      */
     public AuthzToken authorize(IAuthToken authToken, String resource, String operation)
-        throws EAuthzInternalError, EAuthzAccessDenied;
+            throws EAuthzInternalError, EAuthzAccessDenied;
 
     public AuthzToken authorize(IAuthToken authToken, String expression)
-      throws EAuthzInternalError, EAuthzAccessDenied;
+            throws EAuthzInternalError, EAuthzAccessDenied;
 
     /**
      * Initialize this authorization manager.
+     * 
      * @param name The name of this authorization manager instance.
      * @param implName The name of the authorization manager plugin.
      * @param config The configuration store for this authorization manager.
      * @exception EBaseException If an initialization error occurred.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Prepare this authorization manager for a graceful shutdown.
@@ -112,30 +113,33 @@ public interface IAuthzManager {
 
     /**
      * Get configuration parameters for this implementation.
-     * The configuration parameters returned is passed to the 
-     * console so configuration for instances of this 
+     * The configuration parameters returned is passed to the
+     * console so configuration for instances of this
      * implementation can be made through the console.
      * 
      * @return a list of names for configuration parameters.
      * @exception EBaseException If an internal error occurred
      */
     public String[] getConfigParams()
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Get the configuration store for this authorization manager.
+     * 
      * @return The configuration store of this authorization manager.
      */
     public IConfigStore getConfigStore();
 
     /**
      * Get ACL entries
+     * 
      * @return enumeration of ACL entries.
      */
     public Enumeration<ACL> getACLs();
 
     /**
      * Get individual ACL entry for the given name of entry.
+     * 
      * @param target The name of the ACL entry
      * @return The ACL entry.
      */
@@ -143,23 +147,26 @@ public interface IAuthzManager {
 
     /**
      * Update ACLs in the database
+     * 
      * @param id The name of the ACL entry (ie, resource id)
      * @param rights The allowable rights for this resource
      * @param strACLs The value of the ACL entry
      * @param desc The description for this resource
      * @exception EACLsException when update fails.
      */
-    public void updateACLs(String id, String rights, String strACLs, 
-        String desc) throws EACLsException;
+    public void updateACLs(String id, String rights, String strACLs,
+            String desc) throws EACLsException;
 
     /**
      * Get all registered evaluators.
+     * 
      * @return All registered evaluators.
      */
     public Enumeration<IAccessEvaluator> aclEvaluatorElements();
 
     /**
      * Register new evaluator
+     * 
      * @param type Type of evaluator
      * @param evaluator Value of evaluator
      */
@@ -167,8 +174,8 @@ public interface IAuthzManager {
 
     /**
      * Return a table of evaluators
+     * 
      * @return A table of evaluators
      */
-    public Hashtable<String, IAccessEvaluator>  getAccessEvaluators();
+    public Hashtable<String, IAccessEvaluator> getAccessEvaluators();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
index 281a11a2..d8ccc8a8 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
@@ -27,11 +27,11 @@ import com.netscape.certsrv.base.ISubsystem;
 /**
  * An interface that represents an authorization component
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IAuthzSubsystem extends ISubsystem {
-    
+
     /**
      * Constant for auths.
      */
@@ -40,17 +40,17 @@ public interface IAuthzSubsystem extends ISubsystem {
     /**
      * Constant for class.
      */
-    public static final String PROP_CLASS = "class"; 
+    public static final String PROP_CLASS = "class";
 
     /**
      * Constant for impl
      */
-    public static final String PROP_IMPL = "impl"; 
+    public static final String PROP_IMPL = "impl";
 
     /**
      * Constant for pluginName.
      */
-    public static final String PROP_PLUGIN = "pluginName"; 
+    public static final String PROP_PLUGIN = "pluginName";
 
     /**
      * Constant for instance.
@@ -60,6 +60,7 @@ public interface IAuthzSubsystem extends ISubsystem {
     /**
      * authorize the user associated with the given authToken for a given
      * operation with the given authorization manager name
+     * 
      * @param authzMgrName The authorization manager name
      * @param authToken the authenticaton token associated with a user
      * @param resource the resource protected by the authorization system
@@ -68,14 +69,15 @@ public interface IAuthzSubsystem extends ISubsystem {
      * @exception EBaseException If an error occurs during authorization.
      */
     public AuthzToken authorize(String authzMgrName, IAuthToken authToken,
-        String resource, String operation)
-        throws EBaseException;
+            String resource, String operation)
+            throws EBaseException;
 
     public AuthzToken authorize(String authzMgrName, IAuthToken authToken,
-        String exp) throws EBaseException;
+            String exp) throws EBaseException;
 
     /**
      * Adds (registers) the given authorization manager.
+     * 
      * @param name The authorization manager name
      * @param authzMgr The authorization manager instance.
      */
@@ -83,12 +85,14 @@ public interface IAuthzSubsystem extends ISubsystem {
 
     /**
      * Deletes (deregisters) the given authorization manager.
+     * 
      * @param name The authorization manager name to delete.
      */
     public void delete(String name);
 
     /**
      * Gets the Authorization manager instance of the specified name.
+     * 
      * @param name The authorization manager's name.
      * @return an authorization manager interface
      */
@@ -97,6 +101,7 @@ public interface IAuthzSubsystem extends ISubsystem {
     /**
      * Gets an enumeration of authorization managers registered to the
      * authorization component.
+     * 
      * @return a list of authorization managers
      */
     public Enumeration<IAuthzManager> getAuthzManagers();
@@ -112,12 +117,14 @@ public interface IAuthzSubsystem extends ISubsystem {
 
     /**
      * Gets an enumeration of authorization manager plugins.
+     * 
      * @return list of authorization manager plugins
      */
-    public Enumeration<AuthzMgrPlugin>  getAuthzManagerPlugins();
+    public Enumeration<AuthzMgrPlugin> getAuthzManagerPlugins();
 
     /**
      * Gets a single authorization manager plugin implementation
+     * 
      * @param name given authorization plugin name
      * @return authorization manager plugin
      */
@@ -125,6 +132,7 @@ public interface IAuthzSubsystem extends ISubsystem {
 
     /**
      * Log error message.
+     * 
      * @param level log level
      * @param msg error message
      */
@@ -132,21 +140,23 @@ public interface IAuthzSubsystem extends ISubsystem {
 
     /**
      * Get a hashtable containing all authentication plugins.
+     * 
      * @return all authentication plugins.
      */
     public Hashtable<String, AuthzMgrPlugin> getPlugins();
 
     /**
      * Get a hashtable containing all authentication instances.
+     * 
      * @return all authentication instances.
      */
     public Hashtable<String, AuthzManagerProxy> getInstances();
 
     /**
      * Get an authorization manager interface for the given name.
+     * 
      * @param name given authorization manager name.
      * @return an authorization manager interface
      */
     public IAuthzManager get(String name);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ASubsystem.java b/pki/base/common/src/com/netscape/certsrv/base/ASubsystem.java
index ea334230..2b4c6d15 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ASubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ASubsystem.java
@@ -17,12 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 /**
  * This class represents a basic subsystem. Each basic
- * subsystem is named with an identifier and has a 
+ * subsystem is named with an identifier and has a
  * configuration store.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public abstract class ASubsystem implements ISubsystem {
@@ -33,7 +32,7 @@ public abstract class ASubsystem implements ISubsystem {
 
     /**
      * Initializes this subsystem.
-     *
+     * 
      * @param parent parent subsystem
      * @param cfg configuration store
      */
@@ -44,7 +43,7 @@ public abstract class ASubsystem implements ISubsystem {
 
     /**
      * Retrieves the configuration store.
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -53,7 +52,7 @@ public abstract class ASubsystem implements ISubsystem {
 
     /**
      * Sets the identifier of this subsystem.
-     *
+     * 
      * @param id subsystem identifier
      */
     public void setId(String id) {
@@ -62,7 +61,7 @@ public abstract class ASubsystem implements ISubsystem {
 
     /**
      * Retrieves the subsystem identifier.
-     *
+     * 
      * @return subsystem identifier
      */
     public String getId() {
diff --git a/pki/base/common/src/com/netscape/certsrv/base/AttributeNameHelper.java b/pki/base/common/src/com/netscape/certsrv/base/AttributeNameHelper.java
index 786148a0..5b6db131 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/AttributeNameHelper.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/AttributeNameHelper.java
@@ -17,25 +17,24 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 /**
- * AttributeNameHelper. This Helper class used to decompose 
+ * AttributeNameHelper. This Helper class used to decompose
  * dot-separated attribute name into prefix and suffix.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AttributeNameHelper {
     // Public members
     private static final char SEPARATOR = '.';
-	
+
     // Private data members
     private String prefix = null;
     private String suffix = null;
-	
+
     /**
      * Default constructor for the class. Name is of the form
      * "proofOfPosession.type".
-     *
+     * 
      * @param name the attribute name.
      */
     public AttributeNameHelper(String name) {
@@ -51,20 +50,19 @@ public class AttributeNameHelper {
 
     /**
      * Return the prefix of the name.
-     *
+     * 
      * @return attribute prefix
      */
     public String getPrefix() {
         return (prefix);
     }
-	
+
     /**
      * Return the suffix of the name.
-     *
+     * 
      * @return attribute suffix
      */
     public String getSuffix() {
         return (suffix);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/base/BaseResources.java b/pki/base/common/src/com/netscape/certsrv/base/BaseResources.java
index f54f1377..41159481 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/BaseResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/BaseResources.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for the entire
  * system.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  * @see java.util.ListResourceBundle
  */
diff --git a/pki/base/common/src/com/netscape/certsrv/base/EBaseException.java b/pki/base/common/src/com/netscape/certsrv/base/EBaseException.java
index e58aaca2..26def60f 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/EBaseException.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/EBaseException.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Locale;
 
-
 /**
- * An exception with localizable error messages.  It is the 
- * base class for all exceptions in certificate server. 
+ * An exception with localizable error messages. It is the
+ * base class for all exceptions in certificate server.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  * @see java.text.MessageFormat
  * @see com.netscape.certsrv.base.BaseResources
@@ -50,11 +48,12 @@ public class EBaseException extends Exception {
 
     /**
      * Constructs an instance of this exception with the given resource key.
-     * If resource key is not found in the resource bundle, the resource key 
+     * If resource key is not found in the resource bundle, the resource key
      * specified is used as the error message.
+     * 
      * <pre>
-     *      new EBaseException(BaseResources.PERMISSION_DENIED);
-     *      new EBaseException("An plain error message");
+     * new EBaseException(BaseResources.PERMISSION_DENIED);
+     * new EBaseException(&quot;An plain error message&quot;);
      * <P>
      * @param msgFormat The error message resource key.
      */
@@ -65,11 +64,13 @@ public class EBaseException extends Exception {
 
     /**
      * Constructs an instance of this exception with the given resource key
-     * and a parameter as a string. 
+     * and a parameter as a string.
+     * 
      * <PRE>
-     *      new EBaseException(BaseResource.NO_CONFIG_FILE, fileName);
+     * new EBaseException(BaseResource.NO_CONFIG_FILE, fileName);
      * </PRE>
      * <P>
+     * 
      * @param msgFormat exception details in message string format
      * @param param message string parameter
      */
@@ -80,8 +81,9 @@ public class EBaseException extends Exception {
     }
 
     /**
-     * Constructs an instance of the exception given the resource key and 
-     * a exception parameter. 
+     * Constructs an instance of the exception given the resource key and
+     * a exception parameter.
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -90,6 +92,7 @@ public class EBaseException extends Exception {
      *      }
      * </PRE>
      * <P>
+     * 
      * @param msgFormat The resource key
      * @param param The parameter as an exception
      */
@@ -103,6 +106,7 @@ public class EBaseException extends Exception {
      * Constructs an instance of this exception given the resource key and
      * an array of parameters.
      * <P>
+     * 
      * @param msgFormat The resource key
      * @param params Array of params
      */
@@ -114,7 +118,7 @@ public class EBaseException extends Exception {
     /**
      * Returns the list of parameters.
      * <P>
-     *
+     * 
      * @return List of parameters.
      */
     public Object[] getParameters() {
@@ -124,6 +128,7 @@ public class EBaseException extends Exception {
     /**
      * Returns the exception string in the default locale.
      * <P>
+     * 
      * @return The exception string in the default locale.
      */
     public String toString() {
@@ -133,6 +138,7 @@ public class EBaseException extends Exception {
     /**
      * Returns the exception string in the given locale.
      * <P>
+     * 
      * @param locale The locale
      * @return The exception string in the given locale.
      */
@@ -143,6 +149,7 @@ public class EBaseException extends Exception {
 
     /**
      * Returns the given resource bundle name.
+     * 
      * @return the name of the resource bundle for this class.
      */
     protected String getBundleName() {
diff --git a/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotDefined.java b/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotDefined.java
index 938c9fff..46630658 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotDefined.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotDefined.java
@@ -17,13 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 /**
- * This class represents an exception thrown when a 
+ * This class represents an exception thrown when a
  * property is not defined (empty string) the configuration store.
  * It extends EBaseException and uses the same resource bundle.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  * @see com.netscape.certsrv.base.EBaseException
  */
@@ -38,6 +37,7 @@ public class EPropertyNotDefined extends EBaseException {
      * Constructs an instance of this exception given the name of the
      * property that's not found.
      * <p>
+     * 
      * @param errorString Detailed error message.
      */
     public EPropertyNotDefined(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotFound.java b/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotFound.java
index 833a393a..5a8a9550 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotFound.java
@@ -17,13 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 /**
- * This class represents an exception thrown when a 
+ * This class represents an exception thrown when a
  * property is not found in the configuration store.
  * It extends EBaseException and uses the same resource bundle.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  * @see com.netscape.certsrv.base.EBaseException
  */
@@ -38,6 +37,7 @@ public class EPropertyNotFound extends EBaseException {
      * Constructs an instance of this exception given the name of the
      * property that's not found.
      * <p>
+     * 
      * @param errorString Detailed error message.
      */
     public EPropertyNotFound(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ExtendedPluginInfo.java b/pki/base/common/src/com/netscape/certsrv/base/ExtendedPluginInfo.java
index a0399d34..86f5999d 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ExtendedPluginInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ExtendedPluginInfo.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Locale;
 
-
 /**
  * Plugin which can return extended information to console
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ExtendedPluginInfo implements IExtendedPluginInfo {
@@ -33,7 +31,7 @@ public class ExtendedPluginInfo implements IExtendedPluginInfo {
 
     /**
      * Constructs an extended plugin info object.
-     *
+     * 
      * @param epi plugin info list
      */
     public ExtendedPluginInfo(String epi[]) {
@@ -41,48 +39,48 @@ public class ExtendedPluginInfo implements IExtendedPluginInfo {
     }
 
     /**
-     *  This method returns an array of strings. Each element of the
-     *  array represents a configurable parameter, or some other
-     *  meta-info (such as help-token)
+     * This method returns an array of strings. Each element of the
+     * array represents a configurable parameter, or some other
+     * meta-info (such as help-token)
+     * 
+     * there is an entry indexed on that parameter name
+     * <param-name>;<type_info>[,required];<description>;...
+     * 
+     * Where:
+     * 
+     * type_info is either 'string', 'number', 'boolean', 'password' or
+     * 'choice(ch1,ch2,ch3,...)'
+     * 
+     * If the marker 'required' is included after the type_info,
+     * the parameter will has some visually distinctive marking in
+     * the UI.
+     * 
+     * 'description' is a short sentence describing the parameter
+     * 'choice' is rendered as a drop-down list. The first parameter in the
+     * list will be activated by default
+     * 'boolean' is rendered as a checkbox. The resulting parameter will be
+     * either 'true' or 'false'
+     * 'string' allows any characters
+     * 'number' allows only numbers
+     * 'password' is rendered as a password field (the characters are replaced
+     * with *'s when being types. This parameter is not passed through to
+     * the plugin. It is instead inserted directly into the password cache
+     * keyed on the instance name. The value of the parameter
+     * 'bindPWPrompt' (see example below) is set to the key.
+     * 
+     * In addition to the configurable parameters, the following magic parameters
+     * may be defined:
+     * 
+     * HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin
+     * HELP_TEXT;helptext - a general help string describing the plugin
      * 
-     *  there is an entry indexed on that parameter name
-     *  <param-name>;<type_info>[,required];<description>;...
-     *  
-     *  Where:
-     *
-     *    type_info is either 'string', 'number', 'boolean', 'password' or 
-     *        'choice(ch1,ch2,ch3,...)'
-     *
-     *    If the marker 'required' is included after the type_info,
-     *    the parameter will has some visually distinctive marking in
-     *    the UI.
+     * For example:
+     * "username;string;The username you wish to login as"
+     * "bindPWPrompt;password;Enter password to bind as above user with"
+     * "algorithm;choice(RSA,DSA);Which algorithm do you want to use"
+     * "enable;boolean;Do you want to run this plugin"
+     * "port;number;Which port number do you want to use"
      * 
-     *    'description' is a short sentence describing the parameter
-     *    'choice' is rendered as a drop-down list. The first parameter in the
-     *       list will be activated by default
-     *    'boolean' is rendered as a checkbox. The resulting parameter will be
-     *       either 'true' or 'false'
-     *	  'string' allows any characters
-     *	  'number' allows only numbers
-     *    'password' is rendered as a password field (the characters are replaced
-     *       with *'s when being types. This parameter is not passed through to
-     *       the plugin. It is instead inserted directly into the password cache
-     *       keyed on the instance name. The value of the parameter
-     *       'bindPWPrompt' (see example below) is set to the key.
-     *
-     *  In addition to the configurable parameters, the following magic parameters
-     *  may be defined:
-     *  
-     *    HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin
-     *    HELP_TEXT;helptext   - a general help string describing the plugin
-     *
-     *   For example:
-     *    "username;string;The username you wish to login as"
-     *    "bindPWPrompt;password;Enter password to bind as above user with"
-     *    "algorithm;choice(RSA,DSA);Which algorithm do you want to use"
-     *    "enable;boolean;Do you want to run this plugin"
-     *    "port;number;Which port number do you want to use"
-     *
      */
     public String[] getExtendedPluginInfo(Locale locale) {
         return _epi;
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IArgBlock.java b/pki/base/common/src/com/netscape/certsrv/base/IArgBlock.java
index 65ca140e..adddccba 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IArgBlock.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IArgBlock.java
@@ -23,32 +23,32 @@ import java.util.Enumeration;
 
 import netscape.security.pkcs.PKCS10;
 
-
 /**
  * This interface defines the abstraction for the generic collection
  * of attributes indexed by string names.
  * Set of cooperating implementations of this interface may exploit
  * dot-separated attribute names to provide seamless access to the
- * attributes of attribute value  which also implements AttrSet
+ * attributes of attribute value which also implements AttrSet
  * interface as if it was direct attribute of the container
  * E.g., ((AttrSet)container.get("x")).get("y") is equivalent to
  * container.get("x.y");
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  **/
 public interface IArgBlock extends Serializable {
 
     /**
      * Checks if this argument block contains the given key.
-     *
+     * 
      * @param n key
      * @return true if key is present
      */
     public boolean isValuePresent(String n);
+
     /**
      * Adds string-based value into this argument block.
-     *
+     * 
      * @param n key
      * @param v value
      * @return value
@@ -57,7 +57,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves argument value as string.
-     *
+     * 
      * @param n key
      * @return argument value as string
      * @exception EBaseException failed to retrieve value
@@ -66,7 +66,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves argument value as string.
-     *
+     * 
      * @param n key
      * @param def default value to be returned if key is not present
      * @return argument value as string
@@ -75,16 +75,16 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves argument value as integer.
-     *
+     * 
      * @param n key
      * @return argument value as int
      * @exception EBaseException failed to retrieve value
      */
-    public int getValueAsInt(String n) throws EBaseException;    
+    public int getValueAsInt(String n) throws EBaseException;
 
     /**
      * Retrieves argument value as integer.
-     *
+     * 
      * @param n key
      * @param def default value to be returned if key is not present
      * @return argument value as int
@@ -93,7 +93,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves argument value as big integer.
-     *
+     * 
      * @param n key
      * @return argument value as big integer
      * @exception EBaseException failed to retrieve value
@@ -102,7 +102,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves argument value as big integer.
-     *
+     * 
      * @param n key
      * @param def default value to be returned if key is not present
      * @return argument value as big integer
@@ -111,7 +111,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves argument value as object
-     *
+     * 
      * @param n key
      * @return argument value as object
      * @exception EBaseException failed to retrieve value
@@ -120,7 +120,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves argument value as object
-     *
+     * 
      * @param n key
      * @param def default value to be returned if key is not present
      * @return argument value as object
@@ -129,7 +129,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Gets boolean value. They should be "true" or "false".
-     *
+     * 
      * @param name name of the input type
      * @return boolean type: <code>true</code> or <code>false</code>
      * @exception EBaseException failed to retrieve value
@@ -138,16 +138,16 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Gets boolean value. They should be "true" or "false".
-     *
+     * 
      * @param name name of the input type
-     * @param def  Default value to return.
+     * @param def Default value to return.
      * @return boolean type: <code>true</code> or <code>false</code>
      */
     public boolean getValueAsBoolean(String name, boolean def);
 
     /**
      * Gets KeyGenInfo
-     *
+     * 
      * @param name name of the input type
      * @param def default value to return
      * @exception EBaseException On error.
@@ -158,7 +158,7 @@ public interface IArgBlock extends Serializable {
     /**
      * Gets PKCS10 request. This pkcs10 attribute does not
      * contain header information.
-     *
+     * 
      * @param name name of the input type
      * @return pkcs10 request
      * @exception EBaseException failed to retrieve value
@@ -168,7 +168,7 @@ public interface IArgBlock extends Serializable {
     /**
      * Gets PKCS10 request. This pkcs10 attribute does not
      * contain header information.
-     *
+     * 
      * @param name name of the input type
      * @param def default PKCS10
      * @return pkcs10 request
@@ -178,8 +178,8 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves PKCS10
-     *
-     * @param name name of the  input type
+     * 
+     * @param name name of the input type
      * @param checkheader true if header must be present
      * @return PKCS10 object
      * @exception EBaseException failed to retrieve value
@@ -188,8 +188,8 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves PKCS10
-     *
-     * @param name name of the  input type
+     * 
+     * @param name name of the input type
      * @param checkheader true if header must be present
      * @param def default PKCS10
      * @return PKCS10 object
@@ -199,8 +199,8 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves PKCS10
-     *
-     * @param name name of the  input type
+     * 
+     * @param name name of the input type
      * @param def default PKCS10
      * @return PKCS10 object
      * @exception EBaseException on error
@@ -209,14 +209,14 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves a list of argument keys.
-     *
+     * 
      * @return a list of string-based keys
      */
     public Enumeration<String> elements();
 
     /**
      * Adds long-type arguments to this block.
-     *
+     * 
      * @param n key
      * @param v value
      * @return value
@@ -225,7 +225,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Adds integer-type arguments to this block.
-     *
+     * 
      * @param n key
      * @param v value
      * @return value
@@ -234,7 +234,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Adds boolean-type arguments to this block.
-     *
+     * 
      * @param n key
      * @param v value
      * @return value
@@ -243,7 +243,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Adds integer-type arguments to this block.
-     *
+     * 
      * @param n key
      * @param v value
      * @param radix radix
@@ -253,7 +253,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Sets argument into this block.
-     *
+     * 
      * @param name key
      * @param obj value
      */
@@ -261,7 +261,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves argument.
-     *
+     * 
      * @param name key
      * @return object value
      */
@@ -269,14 +269,14 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Deletes argument by the given key.
-     *
+     * 
      * @param name key
      */
     public void delete(String name);
 
     /**
      * Retrieves a list of argument keys.
-     *
+     * 
      * @return a list of string-based keys
      */
     public Enumeration<String> getElements();
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IAttrSet.java b/pki/base/common/src/com/netscape/certsrv/base/IAttrSet.java
index 28e36da6..f7567292 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IAttrSet.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IAttrSet.java
@@ -17,38 +17,36 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.io.Serializable;
 import java.util.Enumeration;
 
-
 /**
  * This interface defines the abstraction for the generic collection
  * of attributes indexed by string names.
  * Set of cooperating implementations of this interface may exploit
  * dot-separated attribute names to provide seamless access to the
- * attributes of attribute value  which also implements AttrSet
+ * attributes of attribute value which also implements AttrSet
  * interface as if it was direct attribute of the container
  * E.g., ((AttrSet)container.get("x")).get("y") is equivalent to
  * container.get("x.y");
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  **/
 public interface IAttrSet extends Serializable {
 
     /**
      * Sets an attribute value within this AttrSet.
-     *
+     * 
      * @param name the name of the attribute
      * @param obj the attribute object.
      * @exception EBaseException on attribute handling errors.
      */
-    public void set(String name, Object obj)throws EBaseException;
+    public void set(String name, Object obj) throws EBaseException;
 
     /**
      * Gets an attribute value.
-     *
+     * 
      * @param name the name of the attribute to return.
      * @exception EBaseException on attribute handling errors.
      */
@@ -56,7 +54,7 @@ public interface IAttrSet extends Serializable {
 
     /**
      * Deletes an attribute value from this AttrSet.
-     *
+     * 
      * @param name the name of the attribute to delete.
      * @exception EBaseException on attribute handling errors.
      */
@@ -65,7 +63,7 @@ public interface IAttrSet extends Serializable {
     /**
      * Returns an enumeration of the names of the attributes existing within
      * this AttrSet.
-     *
+     * 
      * @return an enumeration of the attribute names.
      */
     public Enumeration<?> getElements();
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IAuthInfo.java b/pki/base/common/src/com/netscape/certsrv/base/IAuthInfo.java
index 91f9f51a..4806a94c 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IAuthInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IAuthInfo.java
@@ -17,9 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
-
-
 /**
  * An interface represents an authentication context. This
  * is an entity that encapsulates the authentication
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ICRLPrettyPrint.java b/pki/base/common/src/com/netscape/certsrv/base/ICRLPrettyPrint.java
index c770121f..d111063a 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ICRLPrettyPrint.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ICRLPrettyPrint.java
@@ -17,21 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Locale;
 
-
 /**
  * This interface represents a CRL pretty print handler.
  * It converts a CRL object into a printable CRL string.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICRLPrettyPrint {
 
     /**
      * Retrieves the printable CRL string.
-     *
+     * 
      * @param clientLocale end user clocale
      * @param crlSize CRL size
      * @param pageStart starting page number
@@ -42,7 +40,7 @@ public interface ICRLPrettyPrint {
 
     /**
      * Retrieves the printable CRL string.
-     *
+     * 
      * @param clientLocale end user clocale
      * @return printable CRL string
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ICertPrettyPrint.java b/pki/base/common/src/com/netscape/certsrv/base/ICertPrettyPrint.java
index fc4e8c29..e991d5a1 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ICertPrettyPrint.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ICertPrettyPrint.java
@@ -17,22 +17,20 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Locale;
 
-
 /**
  * This interface represents a certificate pretty print
  * handler. This handler converts certificate object into
  * a printable certificate string.
  * 
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public interface ICertPrettyPrint {
 
     /**
      * Returns printable certificate string.
-     *
+     * 
      * @param clientLocale end user locale
      * @return printable certificate string
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IConfigStore.java b/pki/base/common/src/com/netscape/certsrv/base/IConfigStore.java
index aef83b1c..d12265e8 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IConfigStore.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IConfigStore.java
@@ -17,16 +17,16 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.math.BigInteger;
 import java.util.Enumeration;
 
-
 /**
- * An interface represents a configuration store. 
- * A configuration store is an abstraction of a hierarchical store 
- * to keep arbitrary data indexed by string names.<p>
- * In the following example: 
+ * An interface represents a configuration store.
+ * A configuration store is an abstraction of a hierarchical store
+ * to keep arbitrary data indexed by string names.
+ * <p>
+ * In the following example:
+ * 
  * <pre>
  *      param1=value1
  *      configStore1.param11=value11
@@ -35,26 +35,27 @@ import java.util.Enumeration;
  *      configStore1.subStore1.param112=value112
  *      configStore2.param21=value21
  * </pre>
- * The top config store has parameters <i>param1</i> and sub-stores 
- * <i>configStore1</i> and <i>configStore2</i>. <br>
+ * 
+ * The top config store has parameters <i>param1</i> and sub-stores <i>configStore1</i> and <i>configStore2</i>. <br>
  * The following illustrates how a config store is used.
+ * 
  * <pre>
- *     // the top config store is passed to the following method. 
- *     public void init(IConfigStore config) throws EBaseException {
- *       IConfigStore store = config;
- *       String valx = config.getString("param1");  
- *       // valx is "value1" <p>
- *
- *       IConfigStore substore1 = config.getSubstore("configStore1");
- *       String valy = substore1.getString("param11"); 
- *       // valy is "value11" <p>
- *	
- *       IConfigStore substore2 = config.getSubstore("configStore2");
- *       String valz = substore2.getString("param21"); 
- *       // valz is "value21" <p>
- *     }
+ * // the top config store is passed to the following method. 
+ * public void init(IConfigStore config) throws EBaseException {
+ *     IConfigStore store = config;
+ *     String valx = config.getString(&quot;param1&quot;);
+ *     // valx is &quot;value1&quot; &lt;p&gt;
+ * 
+ *     IConfigStore substore1 = config.getSubstore(&quot;configStore1&quot;);
+ *     String valy = substore1.getString(&quot;param11&quot;);
+ *     // valy is &quot;value11&quot; &lt;p&gt;
+ * 
+ *     IConfigStore substore2 = config.getSubstore(&quot;configStore2&quot;);
+ *     String valz = substore2.getString(&quot;param21&quot;);
+ *     // valz is &quot;value21&quot; &lt;p&gt;
+ * }
  * </pre>
- *		
+ * 
  * @version $Revision$, $Date$
  */
 public interface IConfigStore extends ISourceConfigStore {
@@ -62,6 +63,7 @@ public interface IConfigStore extends ISourceConfigStore {
     /**
      * Gets the name of this Configuration Store.
      * <P>
+     * 
      * @return The name of this Configuration store
      */
     public String getName();
@@ -69,60 +71,66 @@ public interface IConfigStore extends ISourceConfigStore {
     /**
      * Retrieves the value of the given property as a string.
      * <p>
+     * 
      * @param name The name of the property to get
      * @return The value of the property as a String
      * @exception EPropertyNotFound If the property is not present
      * @exception EBaseException If an internal error occurred
      */
-    public String getString(String name) 
-        throws EPropertyNotFound, EBaseException;
+    public String getString(String name)
+            throws EPropertyNotFound, EBaseException;
 
     /**
-     * Retrieves the value of a given property as a string or the 
+     * Retrieves the value of a given property as a string or the
      * given default value if the property is not present.
      * <P>
+     * 
      * @param name The property to retrive
      * @param defval The default value to return if the property is not present
      * @return The roperty value as a string
      * @exception EBaseException If an internal error occurred
      */
-    public String getString(String name, String defval) 
-        throws EBaseException;
+    public String getString(String name, String defval)
+            throws EBaseException;
 
     /**
-     * Stores a property and its value as a string. 
+     * Stores a property and its value as a string.
      * <p>
+     * 
      * @param name The name of the property
      * @param value The value as a string
-     */ 
+     */
     public void putString(String name, String value);
 
     /**
      * Retrieves the value of a property as a byte array.
      * <P>
+     * 
      * @param name The property name
      * @return The property value as a byte array
      * @exception EPropertyNotFound If the property is not present
      * @exception EBaseException If an internal error occurred
      */
-    public byte[] getByteArray(String name) 
-        throws EPropertyNotFound, EBaseException;
+    public byte[] getByteArray(String name)
+            throws EPropertyNotFound, EBaseException;
 
     /**
-     * Retrieves the value of a property as a byte array, using the 
+     * Retrieves the value of a property as a byte array, using the
      * given default value if property is not present.
      * <P>
+     * 
      * @param name The name of the property
      * @param defval The default value if the property is not present.
      * @return The property value as a byte array.
      * @exception EBaseException If an internal error occurred
      */
-    public byte[] getByteArray(String name, byte defval[]) 
-        throws EBaseException;
+    public byte[] getByteArray(String name, byte defval[])
+            throws EBaseException;
 
     /**
      * Stores the given property and value as a byte array.
      * <p>
+     * 
      * @param name The property name
      * @param value The value as a byte array to store
      */
@@ -131,29 +139,32 @@ public interface IConfigStore extends ISourceConfigStore {
     /**
      * Retrieves the given property as a boolean.
      * <P>
+     * 
      * @param name The name of the property as a string.
      * @return The value of the property as a boolean.
      * @exception EPropertyNotFound If the property is not present
      * @exception EBaseException If an internal error occurred
      */
-    public boolean getBoolean(String name) 
-        throws EPropertyNotFound, EBaseException;
+    public boolean getBoolean(String name)
+            throws EPropertyNotFound, EBaseException;
 
     /**
      * Retrieves the given property as a boolean.
      * <P>
+     * 
      * @param name The name of the property
-     * @param defval The default value to turn as a boolean if 
-     * property is not present
+     * @param defval The default value to turn as a boolean if
+     *            property is not present
      * @return The value of the property as a boolean.
      * @exception EBaseException If an internal error occurred
      */
-    public boolean getBoolean(String name, boolean defval) 
-        throws EBaseException;
+    public boolean getBoolean(String name, boolean defval)
+            throws EBaseException;
 
     /**
      * Stores the given property and its value as a boolean.
      * <P>
+     * 
      * @param name The property name
      * @param value The value as a boolean
      */
@@ -162,28 +173,31 @@ public interface IConfigStore extends ISourceConfigStore {
     /**
      * Retrieves the given property as an integer.
      * <P>
+     * 
      * @param name The property name
      * @return The property value as an integer
      * @exception EPropertyNotFound If property is not found
      * @exception EBaseException If an internal error occurred
      */
-    public int getInteger(String name) 
-        throws EPropertyNotFound, EBaseException;
+    public int getInteger(String name)
+            throws EPropertyNotFound, EBaseException;
 
     /**
      * Retrieves the given property as an integer.
      * <P>
+     * 
      * @param name The property name
      * @return int The default value to return as an integer
-     * @exception EBaseException If the value cannot be converted to a 
-     * integer
+     * @exception EBaseException If the value cannot be converted to a
+     *                integer
      */
-    public int getInteger(String name, int defval) 
-        throws EBaseException;
+    public int getInteger(String name, int defval)
+            throws EBaseException;
 
     /**
      * Sets a property and its value as an integer.
      * <P>
+     * 
      * @param name parameter name
      * @param value integer value
      */
@@ -192,28 +206,31 @@ public interface IConfigStore extends ISourceConfigStore {
     /**
      * Retrieves the given property as a big integer.
      * <P>
+     * 
      * @param name The property name
      * @return The property value as a big integer
      * @exception EPropertyNotFound If property is not found
      * @exception EBaseException If an internal error occurred
      */
-    public BigInteger getBigInteger(String name) 
-        throws EPropertyNotFound, EBaseException;
+    public BigInteger getBigInteger(String name)
+            throws EPropertyNotFound, EBaseException;
 
     /**
      * Retrieves the given property as a big integer.
      * <P>
+     * 
      * @param name The property name
      * @return int The default value to return as a big integer
-     * @exception EBaseException If the value cannot be converted to a 
-     * integer
+     * @exception EBaseException If the value cannot be converted to a
+     *                integer
      */
-    public BigInteger getBigInteger(String name, BigInteger defval) 
-        throws EBaseException;
+    public BigInteger getBigInteger(String name, BigInteger defval)
+            throws EBaseException;
 
     /**
      * Sets a property and its value as an integer.
      * <P>
+     * 
      * @param name parameter name
      * @param value big integer value
      */
@@ -222,23 +239,26 @@ public interface IConfigStore extends ISourceConfigStore {
     /**
      * Creates a nested sub-store with the specified name.
      * <P>
+     * 
      * @param name The name of the sub-store
      * @return The sub-store created
      */
     public IConfigStore makeSubStore(String name);
 
     /**
-     * Retrieves the given sub-store. 
+     * Retrieves the given sub-store.
      * <P>
+     * 
      * @param name The name of the sub-store
      * @return The sub-store
      */
     public IConfigStore getSubStore(String name);
 
     /**
-     * Removes sub-store with the given name. 
+     * Removes sub-store with the given name.
      * (Removes all properties and sub-stores under this sub-store.)
      * <P>
+     * 
      * @param name The name of the sub-store to remove
      */
     public void removeSubStore(String name);
@@ -247,22 +267,24 @@ public interface IConfigStore extends ISourceConfigStore {
 
     /**
      * Retrives and enumeration of all properties in this config-store.
+     * 
      * @return An enumeration of all properties in this config-store
      */
     public Enumeration<String> getPropertyNames();
 
     /**
-     * Returns an enumeration of the names of the substores of 
+     * Returns an enumeration of the names of the substores of
      * this config-store.
      * <P>
-     * @return An enumeration of the names of the sub-stores of this 
-     * config-store
+     * 
+     * @return An enumeration of the names of the sub-stores of this
+     *         config-store
      */
     public Enumeration<String> getSubStoreNames();
 
     /**
      * Commits all the data into file immediately.
-     *
+     * 
      * @param createBackup true if a backup file should be created
      * @exception EBaseException failed to commit
      */
@@ -273,4 +295,3 @@ public interface IConfigStore extends ISourceConfigStore {
      */
     public int size();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IConfigStoreEventListener.java b/pki/base/common/src/com/netscape/certsrv/base/IConfigStoreEventListener.java
index f2b6a03d..376b4e91 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IConfigStoreEventListener.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IConfigStoreEventListener.java
@@ -17,34 +17,32 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Hashtable;
- 
 
 /**
  * ConfigStore Parameters Event Notification.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IConfigStoreEventListener {
 
     /**
      * Called to validate the config store parameters that changed
-     *
+     * 
      * @param action action
      * @param params configuration parameters changed
      * @exception EBaseException failed to validate
      */
-    public void validateConfigParams(String action, 
-        Hashtable params) throws EBaseException;
+    public void validateConfigParams(String action,
+            Hashtable params) throws EBaseException;
 
     /**
      * Validates the config store parameters that changed
-     *
+     * 
      * @param action action
      * @param params configuration parameters changed
      * @exception EBaseException failed to validate
      */
-    public void doConfigParams(String action, 
-        Hashtable params) throws EBaseException;
+    public void doConfigParams(String action,
+            Hashtable params) throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IExtPrettyPrint.java b/pki/base/common/src/com/netscape/certsrv/base/IExtPrettyPrint.java
index 73e95b77..8d95a40c 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IExtPrettyPrint.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IExtPrettyPrint.java
@@ -17,22 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
-
-
 /**
  * This class will display the certificate content in predefined
  * format.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IExtPrettyPrint {
 
     /**
      * Retrieves the printable extension string.
-     *
+     * 
      * @return printable extension string
      */
     public String toString();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IExtendedPluginInfo.java b/pki/base/common/src/com/netscape/certsrv/base/IExtendedPluginInfo.java
index e8060b24..aff3daf4 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IExtendedPluginInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IExtendedPluginInfo.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Locale;
 
-
 /**
  * Plugin which can return extended information to console
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IExtendedPluginInfo {
@@ -33,48 +31,48 @@ public interface IExtendedPluginInfo {
     public static final String HELP_TEXT = "HELP_TEXT";
 
     /**
-     *  This method returns an array of strings. Each element of the
-     *  array represents a configurable parameter, or some other
-     *  meta-info (such as help-token)
+     * This method returns an array of strings. Each element of the
+     * array represents a configurable parameter, or some other
+     * meta-info (such as help-token)
+     * 
+     * there is an entry indexed on that parameter name
+     * <param-name>;<type_info>[,required];<description>;...
+     * 
+     * Where:
+     * 
+     * type_info is either 'string', 'number', 'boolean', 'password' or
+     * 'choice(ch1,ch2,ch3,...)'
+     * 
+     * If the marker 'required' is included after the type_info,
+     * the parameter will has some visually distinctive marking in
+     * the UI.
+     * 
+     * 'description' is a short sentence describing the parameter
+     * 'choice' is rendered as a drop-down list. The first parameter in the
+     * list will be activated by default
+     * 'boolean' is rendered as a checkbox. The resulting parameter will be
+     * either 'true' or 'false'
+     * 'string' allows any characters
+     * 'number' allows only numbers
+     * 'password' is rendered as a password field (the characters are replaced
+     * with *'s when being types. This parameter is not passed through to
+     * the plugin. It is instead inserted directly into the password cache
+     * keyed on the instance name. The value of the parameter
+     * 'bindPWPrompt' (see example below) is set to the key.
+     * 
+     * In addition to the configurable parameters, the following magic parameters
+     * may be defined:
+     * 
+     * HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin
+     * HELP_TEXT;helptext - a general help string describing the plugin
      * 
-     *  there is an entry indexed on that parameter name
-     *  <param-name>;<type_info>[,required];<description>;...
-     *  
-     *  Where:
-     *
-     *    type_info is either 'string', 'number', 'boolean', 'password' or 
-     *        'choice(ch1,ch2,ch3,...)'
-     *
-     *    If the marker 'required' is included after the type_info,
-     *    the parameter will has some visually distinctive marking in
-     *    the UI.
+     * For example:
+     * "username;string;The username you wish to login as"
+     * "bindPWPrompt;password;Enter password to bind as above user with"
+     * "algorithm;choice(RSA,DSA);Which algorithm do you want to use"
+     * "enable;boolean;Do you want to run this plugin"
+     * "port;number;Which port number do you want to use"
      * 
-     *    'description' is a short sentence describing the parameter
-     *    'choice' is rendered as a drop-down list. The first parameter in the
-     *       list will be activated by default
-     *    'boolean' is rendered as a checkbox. The resulting parameter will be
-     *       either 'true' or 'false'
-     *	  'string' allows any characters
-     *	  'number' allows only numbers
-     *    'password' is rendered as a password field (the characters are replaced
-     *       with *'s when being types. This parameter is not passed through to
-     *       the plugin. It is instead inserted directly into the password cache
-     *       keyed on the instance name. The value of the parameter
-     *       'bindPWPrompt' (see example below) is set to the key.
-     *
-     *  In addition to the configurable parameters, the following magic parameters
-     *  may be defined:
-     *  
-     *    HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin
-     *    HELP_TEXT;helptext   - a general help string describing the plugin
-     *
-     *   For example:
-     *    "username;string;The username you wish to login as"
-     *    "bindPWPrompt;password;Enter password to bind as above user with"
-     *    "algorithm;choice(RSA,DSA);Which algorithm do you want to use"
-     *    "enable;boolean;Do you want to run this plugin"
-     *    "port;number;Which port number do you want to use"
-     *
      */
     public String[] getExtendedPluginInfo(Locale locale);
 
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IPluginImpl.java b/pki/base/common/src/com/netscape/certsrv/base/IPluginImpl.java
index 4a55af60..566fef38 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IPluginImpl.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IPluginImpl.java
@@ -17,12 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Vector;
 
 /**
  * This interface represents a plugin instance.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPluginImpl {
@@ -32,6 +31,7 @@ public interface IPluginImpl {
     /**
      * Gets the description for this plugin instance.
      * <P>
+     * 
      * @return The Description for this plugin instance.
      */
     public String getDescription();
@@ -39,7 +39,7 @@ public interface IPluginImpl {
     /**
      * Returns the name of the plugin class.
      * <P>
-     *
+     * 
      * @return The name of the plugin class.
      */
     public String getImplName();
@@ -47,24 +47,24 @@ public interface IPluginImpl {
     /**
      * Returns the name of the plugin instance.
      * <P>
-     *
-     * @return The name of the plugin instance. If none	is set 
-     * the name of the implementation will be returned.xxxx
+     * 
+     * @return The name of the plugin instance. If none is set
+     *         the name of the implementation will be returned.xxxx
      */
     public String getInstanceName();
 
     /**
      * Initializes this plugin instance.
-     *
+     * 
      * @param sys parent subsystem
      * @param instanceName instance name of this plugin
      * @param className class name of this plugin
      * @param config configuration store
      * @exception EBaseException failed to initialize
      */
-    public void init(ISubsystem sys, String instanceName, String className, 
-        IConfigStore config)
-        throws EBaseException;
+    public void init(ISubsystem sys, String instanceName, String className,
+            IConfigStore config)
+            throws EBaseException;
 
     /**
      * Shutdowns this plugin.
@@ -73,33 +73,32 @@ public interface IPluginImpl {
 
     /**
      * Retrieves the configuration store.
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore();
 
     /**
      * Return configured parameters for a plugin instance.
-     *
-     * @return nvPairs A Vector of name/value pairs. Each name/value 
-     *      pair is constructed as a String in name=value format.
+     * 
+     * @return nvPairs A Vector of name/value pairs. Each name/value
+     *         pair is constructed as a String in name=value format.
      */
     public Vector getInstanceParams();
 
     /**
      * Retrieves a list of configuration parameter names.
-     *
+     * 
      * @return a list of parameter names
      */
     public String[] getConfigParams();
 
     /**
      * Return default parameters for a plugin implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs. Each name/value
-     *		  		pair is constructed as a String in name=value.
+     *         pair is constructed as a String in name=value.
      */
     public Vector getDefaultParams();
 
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IPrettyPrintFormat.java b/pki/base/common/src/com/netscape/certsrv/base/IPrettyPrintFormat.java
index 1fba48f1..67c1b01d 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IPrettyPrintFormat.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IPrettyPrintFormat.java
@@ -17,32 +17,29 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
-
-
 /**
  * This class will display the certificate content in predefined
  * format.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPrettyPrintFormat {
 
     /**
      * Retrieves a pretty print string of the given byte array.
-     *
+     * 
      * @param in byte array
      * @param indentSize indentation size
      * @param lineLen length of line
      * @param separator separator string
      * @return pretty print string
      */
-    public String toHexString(byte[] in, int indentSize, 
-        int lineLen, String separator);
+    public String toHexString(byte[] in, int indentSize,
+            int lineLen, String separator);
 
     /**
      * Retrieves a pretty print string of the given byte array.
-     *
+     * 
      * @param in byte array
      * @param indentSize indentation size
      * @param lineLen length of line
@@ -52,7 +49,7 @@ public interface IPrettyPrintFormat {
 
     /**
      * Retrieves a pretty print string of the given byte array.
-     *
+     * 
      * @param in byte array
      * @param indentSize indentation size
      * @return pretty print string
@@ -61,7 +58,7 @@ public interface IPrettyPrintFormat {
 
     /**
      * Retrieves a pretty print string of the given byte array.
-     *
+     * 
      * @param in byte array
      * @return pretty print string
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java
index ced3886c..24c55d08 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java
@@ -19,21 +19,30 @@ package com.netscape.certsrv.base;
 
 import java.util.Enumeration;
 
-
 /**
  * This interface defines the abstraction for the cookie table.
  **/
 public interface ISecurityDomainSessionTable {
-    public static final int SUCCESS =0;
-    public static final int FAILURE =1;
+    public static final int SUCCESS = 0;
+    public static final int FAILURE = 1;
+
     public int addEntry(String cookieId, String ip, String uid, String group);
+
     public int removeEntry(String sessionId);
+
     public boolean isSessionIdExist(String sessionId);
+
     public String getIP(String sessionId);
+
     public String getUID(String sessionId);
+
     public String getGroup(String sessionId);
+
     public long getBeginTime(String sessionId);
+
     public int getSize();
+
     public long getTimeToLive();
+
     public Enumeration<String> getSessionIds();
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ISourceConfigStore.java b/pki/base/common/src/com/netscape/certsrv/base/ISourceConfigStore.java
index 03adb700..eb848c54 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ISourceConfigStore.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ISourceConfigStore.java
@@ -17,20 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.io.Serializable;
 import java.util.Enumeration;
 
-
 /**
  * An interface that represents the source that creates the configuration
  * store tree. Note that the tree can be built based on the information
  * from a text file or ldap entries.
+ * 
  * @see com.netscape.certsrv.base.IConfigStore
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ISourceConfigStore extends Serializable {
@@ -38,7 +37,7 @@ public interface ISourceConfigStore extends Serializable {
     /**
      * Gets a property.
      * <P>
-     *
+     * 
      * @param name The property name
      * @return property value
      */
@@ -47,7 +46,7 @@ public interface ISourceConfigStore extends Serializable {
     /**
      * Retrieves a property.
      * <P>
-     *
+     * 
      * @param name The property name
      * @param value The property value
      */
@@ -56,7 +55,7 @@ public interface ISourceConfigStore extends Serializable {
     /**
      * Returns an enumeration of the config store's keys.
      * <P>
-     *
+     * 
      * @return a list of keys
      * @see java.util.Hashtable#elements
      * @see java.util.Enumeration
@@ -64,16 +63,16 @@ public interface ISourceConfigStore extends Serializable {
     public Enumeration<String> keys();
 
     /**
-     * Reads a config store from an input stream. 
-     *
+     * Reads a config store from an input stream.
+     * 
      * @param in input stream where the properties are located
      * @exception IOException If an IO error occurs while loading from input.
      */
     public void load(InputStream in) throws IOException;
 
     /**
-     * Stores this config store to the specified output stream. 
-     *
+     * Stores this config store to the specified output stream.
+     * 
      * @param out output stream where the properties should be serialized
      * @param header optional header to be serialized
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ISubsystem.java b/pki/base/common/src/com/netscape/certsrv/base/ISubsystem.java
index 77f1708a..7b2a37d7 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ISubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ISubsystem.java
@@ -17,12 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
-
-
 /**
  * An interface represents a CMS subsystem. CMS is made up of a list
- * subsystems. Each subsystem is responsible for a set of 
+ * subsystems. Each subsystem is responsible for a set of
  * speciailized functions.
  * <P>
  * 
@@ -32,14 +29,14 @@ public interface ISubsystem {
 
     /**
      * Retrieves the name of this subsystem.
-     *
+     * 
      * @return subsystem identifier
      */
     public String getId();
 
     /**
      * Sets specific to this subsystem.
-     *
+     * 
      * @param id subsystem identifier
      * @exception EBaseException failed to set id
      */
@@ -49,17 +46,17 @@ public interface ISubsystem {
      * Initializes this subsystem with the given configuration
      * store.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      * @exception EBaseException failed to initialize
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Notifies this subsystem if owner is in running mode.
-     *
+     * 
      * @exception EBaseException failed to start up
      */
     public void startup() throws EBaseException;
@@ -74,7 +71,7 @@ public interface ISubsystem {
     /**
      * Returns the root configuration storage of this system.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore();
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ISubsystemSource.java b/pki/base/common/src/com/netscape/certsrv/base/ISubsystemSource.java
index 23b82179..f6bb6378 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ISubsystemSource.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ISubsystemSource.java
@@ -17,9 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
-
-
 /**
  * An interface represents a subsystem source. A subsystem
  * source is a container that manages multiple subsystems.
@@ -31,7 +28,7 @@ public interface ISubsystemSource {
 
     /**
      * Retrieves subsystem from the source.
-     *
+     * 
      * @param sid subsystem identifier
      * @return subsystem
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ITimeSource.java b/pki/base/common/src/com/netscape/certsrv/base/ITimeSource.java
index f1e3e25e..1e7dd0fb 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ITimeSource.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ITimeSource.java
@@ -17,10 +17,8 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Date;
 
-
 /**
  * This interface represents a time source where
  * current time can be retrieved. CMS is installed
@@ -35,7 +33,7 @@ public interface ITimeSource {
 
     /**
      * Retrieves current time and date.
-     *
+     * 
      * @return current time and date
      */
     public Date getCurrentDate();
diff --git a/pki/base/common/src/com/netscape/certsrv/base/KeyGenInfo.java b/pki/base/common/src/com/netscape/certsrv/base/KeyGenInfo.java
index 17efca77..23cb1957 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/KeyGenInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/KeyGenInfo.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.io.IOException;
 
 import netscape.security.util.DerInputStream;
@@ -25,27 +24,27 @@ import netscape.security.util.DerValue;
 import netscape.security.x509.AlgorithmId;
 import netscape.security.x509.X509Key;
 
-
 /**
- *
+ * 
  * The <code>KeyGenInfo</code> represents the information generated by
  * the KeyGen tag of the HTML forms. It provides the parsing and accessing
- * mechanisms.<p>
- *
+ * mechanisms.
+ * <p>
+ * 
  * <pre>
  * SignedPublicKeyAndChallenge ::= SEQUENCE {
  *      publicKeyAndChallenge PublicKeyAndChallenge,
  *      signatureAlgorithm AlgorithmIdentifier,
  *      signature BIT STRING
  * }
- *
+ * 
  * PublicKeyAndChallenge ::= SEQUENCE {
  *      spki SubjectPublicKeyInfo,
  *      challenge IA5STRING
  * }
- *</pre>
- *
- *
+ * </pre>
+ * 
+ * 
  * @version $Revision$, $Date$
  */
 
@@ -79,11 +78,11 @@ public class KeyGenInfo {
     /**
      * Construct KeyGenInfo using the SignedPublicKeyAndChallenge
      * string representation.
-     *
+     * 
      * @param spkac SignedPublicKeyAndChallenge string representation
      */
     public KeyGenInfo(String spkac)
-        throws IOException {
+            throws IOException {
         decode(spkac);
     }
 
@@ -93,7 +92,7 @@ public class KeyGenInfo {
 
     /**
      * Initialize using the SPKAC string
-     *
+     * 
      * @param spkac SPKAC string from the end user
      */
     public void decode(String spkac) throws IOException {
@@ -104,7 +103,7 @@ public class KeyGenInfo {
 
     /**
      * Der encoded into buffer
-     *
+     * 
      * @return Der encoded buffer
      */
     public byte[] encode() {
@@ -113,7 +112,7 @@ public class KeyGenInfo {
 
     /**
      * Get SPKI in DerValue form
-     *
+     * 
      * @return SPKI in DerValue form
      */
     public DerValue getDerSPKI() {
@@ -122,7 +121,7 @@ public class KeyGenInfo {
 
     /**
      * Get SPKI as X509Key
-     *
+     * 
      * @return SPKI in X509Key form
      */
     public X509Key getSPKI() {
@@ -131,7 +130,7 @@ public class KeyGenInfo {
 
     /**
      * Get Challenge phrase in DerValue form
-     *
+     * 
      * @return Challenge in DerValue form. null if none.
      */
     public DerValue getDerChallenge() {
@@ -140,7 +139,7 @@ public class KeyGenInfo {
 
     /**
      * Get Challenge phrase in string format
-     *
+     * 
      * @return challenge phrase. null if none.
      */
     public String getChallenge() {
@@ -149,6 +148,7 @@ public class KeyGenInfo {
 
     /**
      * Get Signature
+     * 
      * @return signature
      */
     public byte[] getSignature() {
@@ -157,6 +157,7 @@ public class KeyGenInfo {
 
     /**
      * Get Algorithm ID
+     * 
      * @return the algorithm id
      */
     public AlgorithmId getAlgorithmId() {
@@ -165,7 +166,7 @@ public class KeyGenInfo {
 
     /**
      * Validate Signature and Challenge Phrase
-     *
+     * 
      * @param challenge phrase; null if none
      * @return true if validated; otherwise, false
      */
@@ -180,7 +181,7 @@ public class KeyGenInfo {
 
     /**
      * String representation of KenGenInfo
-     *
+     * 
      * @return string representation of KeGenInfo
      */
     public String toString() {
@@ -194,13 +195,13 @@ public class KeyGenInfo {
      *==========================================================*/
 
     private byte[] base64Decode(String spkac)
-        throws  IOException {
+            throws IOException {
 
         return com.netscape.osutil.OSUtil.AtoB(spkac);
     }
 
     private void derDecode(byte spkac[])
-        throws IOException {
+            throws IOException {
         DerInputStream derIn = new DerInputStream(spkac);
 
         /* get SPKAC Algorithm & Signature */
@@ -224,4 +225,3 @@ public class KeyGenInfo {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/base/MessageFormatter.java b/pki/base/common/src/com/netscape/certsrv/base/MessageFormatter.java
index 8e186fc4..903b534e 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/MessageFormatter.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/MessageFormatter.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.lang.reflect.Method;
 import java.text.MessageFormat;
 import java.util.Date;
@@ -25,13 +24,12 @@ import java.util.Locale;
 import java.util.MissingResourceException;
 import java.util.ResourceBundle;
 
-
 /**
- * Factors out common function of formatting internatinalized 
- * messages taking arguments and using  java.util.ResourceBundle 
+ * Factors out common function of formatting internatinalized
+ * messages taking arguments and using java.util.ResourceBundle
  * and java.text.MessageFormat mechanism.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  * @see java.text.MessageFormat
  * @see java.util.ResourceBundle
@@ -42,22 +40,22 @@ public class MessageFormatter {
 
     /**
      * Retrieves the localized string.
-     *
+     * 
      * @param locale end user locale
      * @param resourceBundleBaseName resource bundle class name
      * @param formatString format string
      * @return localized string
      */
     public static String getLocalizedString(
-        Locale locale, String resourceBundleBaseName,
-        String formatString) {
-        return getLocalizedString(locale, resourceBundleBaseName, 
+            Locale locale, String resourceBundleBaseName,
+            String formatString) {
+        return getLocalizedString(locale, resourceBundleBaseName,
                 formatString, null);
     }
 
     /**
      * Retrieves the localized string.
-     *
+     * 
      * @param locale end user locale
      * @param resourceBundleBaseName resource bundle class name
      * @param formatString format string
@@ -65,18 +63,18 @@ public class MessageFormatter {
      * @return localized string
      */
     public static String getLocalizedString(
-        Locale locale, String resourceBundleBaseName,
-        String formatString, Object params) {
+            Locale locale, String resourceBundleBaseName,
+            String formatString, Object params) {
         Object o[] = new Object[1];
 
         o[0] = params;
-        return getLocalizedString(locale, resourceBundleBaseName, 
+        return getLocalizedString(locale, resourceBundleBaseName,
                 formatString, o);
     }
 
     /**
      * Retrieves the localized string.
-     *
+     * 
      * @param locale end user locale
      * @param resourceBundleBaseName resource bundle class name
      * @param formatString format string
@@ -84,8 +82,8 @@ public class MessageFormatter {
      * @return localized string
      */
     public static String getLocalizedString(
-        Locale locale, String resourceBundleBaseName,
-        String formatString, Object[] params) {
+            Locale locale, String resourceBundleBaseName,
+            String formatString, Object[] params) {
 
         String localizedFormat = null;
 
@@ -100,7 +98,7 @@ public class MessageFormatter {
                             resourceBundleBaseName, locale).getString(formatString);
             } catch (MissingResourceException e) {
                 return formatString;
-				
+
             }
             Object[] localizedParams = params;
             Object[] localeArg = null;
@@ -108,8 +106,8 @@ public class MessageFormatter {
             if (params != null) {
                 for (int i = 0; i < params.length; ++i) {
                     if (!(params[i] instanceof String) ||
-                        !(params[i] instanceof Date) ||
-                        !(params[i] instanceof Number)) {
+                            !(params[i] instanceof Date) ||
+                            !(params[i] instanceof Number)) {
                         if (localizedParams == params) {
 
                             // only done once
@@ -121,7 +119,7 @@ public class MessageFormatter {
 
                             localizedParams = new Object[params.length];
                             System.arraycopy(params, 0, localizedParams, 0,
-                                params.length);
+                                    params.length);
                         }
                         try {
                             Method toStringMethod = params[i].getClass().getMethod(
diff --git a/pki/base/common/src/com/netscape/certsrv/base/MetaAttributeDef.java b/pki/base/common/src/com/netscape/certsrv/base/MetaAttributeDef.java
index 93dd2502..9450558c 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/MetaAttributeDef.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/MetaAttributeDef.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 
 import netscape.security.util.ObjectIdentifier;
 
-
 /**
  * A class representing a meta attribute defintion.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class MetaAttributeDef {
@@ -40,66 +38,66 @@ public class MetaAttributeDef {
 
     private MetaAttributeDef() {
     }
-	
+
     /**
      * Constructs a MetaAttribute defintion
      * <P>
-     *
+     * 
      * @param name attribute name
      * @param valueClass attribute value class
      * @param oid attribute object identifier
      */
     private MetaAttributeDef(String name, Class<?> valueClass,
-        ObjectIdentifier oid) {
+            ObjectIdentifier oid) {
         mName = name;
         mValueClass = valueClass;
         mOid = oid;
     }
-    
+
     /**
      * Gets an attribute OID.
      * <P>
-     *
+     * 
      * @return returns attribute OID or null if not defined.
      */
-    public ObjectIdentifier getOID() { 
-        return mOid; 
+    public ObjectIdentifier getOID() {
+        return mOid;
     }
 
     /**
      * Gets an Java class for the attribute values
      * <P>
-     *
+     * 
      * @return returns Java class for the attribute values
      */
     public Class<?> getValueClass() {
-        return mValueClass; 
+        return mValueClass;
     }
 
     /**
      * Gets attribute name
      * <P>
-     *
-     * @return returns  attribute name
+     * 
+     * @return returns attribute name
      */
-    public String getName() { 
-        return mName; 
+    public String getName() {
+        return mName;
     }
-    
+
     /**
      * Registers new MetaAttribute defintion
-     * Attribute is defined by name, Java class for attribute values and 
+     * Attribute is defined by name, Java class for attribute values and
      * optional object identifier
      * <P>
-     *
+     * 
      * @param name attribute name
      * @param valueClass attribute value class
      * @param oid attribute object identifier
      * @exception IllegalArgumentException if name or valueClass are null, or
-     * conflicting attribute definition already exists
+     *                conflicting attribute definition already exists
      */
     public static MetaAttributeDef register(String name, Class<?> valueClass,
-        ObjectIdentifier oid) {
+            ObjectIdentifier oid) {
         if (name == null) {
             throw new IllegalArgumentException(
                     "Attribute name must not be null");
@@ -113,13 +111,13 @@ public class MetaAttributeDef {
         MetaAttributeDef oldDef;
 
         if ((oldDef = (MetaAttributeDef) mNameToAttrDef.get(name)) != null &&
-            !oldDef.equals(newDef)) {
+                !oldDef.equals(newDef)) {
             throw new IllegalArgumentException(
                     "Attribute \'" + name + "\' is already defined");
         }
         if (oid != null &&
-            (oldDef = (MetaAttributeDef) mOidToAttrDef.get(oid)) != null &&
-            !oldDef.equals(newDef)) {
+                (oldDef = (MetaAttributeDef) mOidToAttrDef.get(oid)) != null &&
+                !oldDef.equals(newDef)) {
             throw new IllegalArgumentException(
                     "OID \'" + oid + "\' is already in use");
         }
@@ -128,37 +126,37 @@ public class MetaAttributeDef {
             mOidToAttrDef.put(oid, newDef);
         }
         return newDef;
-    }    
-    
+    }
+
     /**
      * Compares this attribute definition with another, for equality.
      * <P>
-     *
-     * @return true iff names, valueClasses and object identifiers 
-     * are identical.
+     * 
+     * @return true iff names, valueClasses and object identifiers
+     *         are identical.
      */
     public boolean equals(Object other) {
         if (other == this)
             return true;
-	  
+
         if (other instanceof MetaAttributeDef) {
             MetaAttributeDef otherDef = (MetaAttributeDef) other;
 
-            if ((mOid != null && otherDef.mOid != null && 
-                    !mOid.equals(otherDef.mOid)) || 
-                (mOid == null && otherDef.mOid != null) ||
-                !mName.equals(otherDef.mName) ||  
-                !mValueClass.equals(otherDef.mValueClass)) {
+            if ((mOid != null && otherDef.mOid != null &&
+                    !mOid.equals(otherDef.mOid)) ||
+                    (mOid == null && otherDef.mOid != null) ||
+                    !mName.equals(otherDef.mName) ||
+                    !mValueClass.equals(otherDef.mValueClass)) {
                 return false;
             }
         }
         return false;
     }
-	
+
     /**
      * Retrieves attribute definition by name
      * <P>
-     *
+     * 
      * @param name attribute name
      * @return attribute definition or null if not found
      */
@@ -169,7 +167,7 @@ public class MetaAttributeDef {
     /**
      * Retrieves attribute definition by object identifier
      * <P>
-     *
+     * 
      * @param oid attribute object identifier
      * @return attribute definition or null if not found
      */
@@ -180,7 +178,7 @@ public class MetaAttributeDef {
     /**
      * Returns enumeration of the registered attribute names
      * <P>
-     *
+     * 
      * @return returns enumeration of the registered attribute names
      */
     public static Enumeration<String> getAttributeNames() {
@@ -190,7 +188,7 @@ public class MetaAttributeDef {
     /**
      * Returns enumeration of the registered attribute object identifiers
      * <P>
-     *
+     * 
      * @return returns enumeration of the attribute object identifiers
      */
     public static Enumeration<ObjectIdentifier> getAttributeNameOids() {
diff --git a/pki/base/common/src/com/netscape/certsrv/base/MetaInfo.java b/pki/base/common/src/com/netscape/certsrv/base/MetaInfo.java
index 65e40174..8aed6b84 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/MetaInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/MetaInfo.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 
-
 /**
  * A class represents meta information. A meta information
  * object is just a generic hashtable that is embedded into
  * a request object.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class MetaInfo implements IAttrSet {
@@ -41,7 +39,7 @@ public class MetaInfo implements IAttrSet {
 
     private Hashtable<String, Object> content = new Hashtable<String, Object>();
 
-    /**	
+    /**
      * Constructs a meta information.
      * <P>
      */
@@ -51,7 +49,7 @@ public class MetaInfo implements IAttrSet {
     /**
      * Returns a short string describing this certificate attribute.
      * <P>
-     *
+     * 
      * @return information about this certificate attribute.
      */
     public String toString() {
@@ -69,11 +67,11 @@ public class MetaInfo implements IAttrSet {
         sb.append("]\n");
         return sb.toString();
     }
-    
+
     /**
      * Gets an attribute value.
      * <P>
-     *
+     * 
      * @param name the name of the attribute to return.
      * @exception EBaseException on attribute handling errors.
      */
@@ -83,8 +81,8 @@ public class MetaInfo implements IAttrSet {
 
     /**
      * Sets an attribute value.
-     *
-     * @param name the name of the attribute 
+     * 
+     * @param name the name of the attribute
      * @param obj the attribute object.
      * 
      * @exception EBaseException on attribute handling errors.
@@ -92,18 +90,18 @@ public class MetaInfo implements IAttrSet {
     public void set(String name, Object obj) throws EBaseException {
         content.put(name, obj);
     }
-	
+
     /**
      * Deletes an attribute value from this CertAttrSet.
      * <P>
-     *
+     * 
      * @param name the name of the attribute to delete.
      * @exception EBaseException on attribute handling errors.
      */
     public void delete(String name) throws EBaseException {
         content.remove(name);
     }
-	
+
     /**
      * Returns an enumeration of the names of the attributes existing within
      * this attribute.
diff --git a/pki/base/common/src/com/netscape/certsrv/base/Nonces.java b/pki/base/common/src/com/netscape/certsrv/base/Nonces.java
index fde20933..cc0231ac 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/Nonces.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/Nonces.java
@@ -21,14 +21,13 @@ import java.security.cert.X509Certificate;
 import java.util.Hashtable;
 import java.util.Vector;
 
-
 /**
  * This class manages nonces sometimes used to control request state flow.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class Nonces  {
+public class Nonces {
 
     private Hashtable<Long, X509Certificate> mNonces = new Hashtable<Long, X509Certificate>();
     private Vector<Long> mNonceList = new Vector<Long>();
@@ -49,17 +48,17 @@ public class Nonces  {
         long i;
         long k = 0;
         long n = nonce;
-        long m = (long)((mNonceLimit / 2) + 1);
+        long m = (long) ((mNonceLimit / 2) + 1);
 
         for (i = 0; i < m; i++) {
             k = n + i;
             // avoid collisions
-            if (!mNonceList.contains((Object)k)) {
+            if (!mNonceList.contains((Object) k)) {
                 break;
             }
             k = n - i;
             // avoid collisions
-            if (!mNonceList.contains((Object)k)) {
+            if (!mNonceList.contains((Object) k)) {
                 break;
             }
         }
@@ -67,9 +66,9 @@ public class Nonces  {
             mNonceList.add(k);
             mNonces.put(k, cert);
             if (mNonceList.size() > mNonceLimit) {
-                n = ((Long)(mNonceList.firstElement())).longValue();
+                n = ((Long) (mNonceList.firstElement())).longValue();
                 mNonceList.remove(0);
-                mNonces.remove((Object)n);
+                mNonces.remove((Object) n);
             }
         } else {
             // failed to resolved collision
@@ -79,15 +78,15 @@ public class Nonces  {
     }
 
     public X509Certificate getCertificate(long nonce) {
-        X509Certificate cert = (X509Certificate)mNonces.get(nonce);
+        X509Certificate cert = (X509Certificate) mNonces.get(nonce);
         return cert;
     }
 
     public X509Certificate getCertificate(int index) {
         X509Certificate cert = null;
         if (index >= 0 && index < mNonceList.size()) {
-            long nonce = ((Long)(mNonceList.elementAt(index))).longValue();
-            cert = (X509Certificate)mNonces.get(nonce);
+            long nonce = ((Long) (mNonceList.elementAt(index))).longValue();
+            cert = (X509Certificate) mNonces.get(nonce);
         }
         return cert;
     }
@@ -95,17 +94,16 @@ public class Nonces  {
     public long getNonce(int index) {
         long nonce = 0;
         if (index >= 0 && index < mNonceList.size()) {
-            nonce = ((Long)(mNonceList.elementAt(index))).longValue();
+            nonce = ((Long) (mNonceList.elementAt(index))).longValue();
         }
         return nonce;
     }
 
     public void removeNonce(long nonce) {
-        mNonceList.remove((Object)nonce);
-        mNonces.remove((Object)nonce);
+        mNonceList.remove((Object) nonce);
+        mNonces.remove((Object) nonce);
     }
 
-
     public int size() {
         return mNonceList.size();
     }
diff --git a/pki/base/common/src/com/netscape/certsrv/base/PasswordResources.java b/pki/base/common/src/com/netscape/certsrv/base/PasswordResources.java
index 287ce795..c3309c5f 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/PasswordResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/PasswordResources.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for the password checker.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  * @see java.util.ListResourceBundle
  */
@@ -42,4 +40,3 @@ public class PasswordResources extends ListResourceBundle {
      */
     static final Object[][] contents = {};
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/base/Plugin.java b/pki/base/common/src/com/netscape/certsrv/base/Plugin.java
index e7001ce5..79fae88a 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/Plugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/Plugin.java
@@ -17,9 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
-
-
 /**
  * This represents a generici CMS plugin.
  * <p>
@@ -41,10 +38,10 @@ public class Plugin {
         mId = id;
         mClassPath = classPath;
     }
-		
+
     /**
      * Returns the plugin identifier.
-     *
+     * 
      * @return plugin id
      */
     public String getId() {
@@ -53,7 +50,7 @@ public class Plugin {
 
     /**
      * Returns the plugin classpath.
-     *
+     * 
      * @return plugin classpath
      */
     public String getClassPath() {
diff --git a/pki/base/common/src/com/netscape/certsrv/base/SessionContext.java b/pki/base/common/src/com/netscape/certsrv/base/SessionContext.java
index 151c2420..b4ecd124 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/SessionContext.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/SessionContext.java
@@ -17,22 +17,20 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Hashtable;
 
-
 /**
  * This class specifies the context object that includes
  * authentication environment and connection information.
  * This object is later used in access control evaluation.
- * This is a global object that can be accessible 
- * throughout the server. It is useful for passing 
+ * This is a global object that can be accessible
+ * throughout the server. It is useful for passing
  * global and per-thread infomration in methods.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class SessionContext extends Hashtable<Object,Object> {
+public class SessionContext extends Hashtable<Object, Object> {
 
     /**
      *
@@ -107,12 +105,12 @@ public class SessionContext extends Hashtable<Object,Object> {
     }
 
     /**
-     * Sets the current context. This allows the 
-     * caller to associate a specific session context 
+     * Sets the current context. This allows the
+     * caller to associate a specific session context
      * with the current thread.
      * This methods makes custom session context
      * possible.
-     *
+     * 
      * @param sc session context
      */
     public static void setContext(SessionContext sc) {
@@ -120,10 +118,10 @@ public class SessionContext extends Hashtable<Object,Object> {
     }
 
     /**
-     * Retrieves the session context associated with 
+     * Retrieves the session context associated with
      * the current thread. If no context is associated,
      * a context is created.
-     *
+     * 
      * @return sesssion context
      */
     public static SessionContext getContext() {
@@ -137,15 +135,15 @@ public class SessionContext extends Hashtable<Object,Object> {
     }
 
     /**
-     * Retrieves the session context associated with 
+     * Retrieves the session context associated with
      * the current thread. If no context is associated,
      * null is returned.
-     *
+     * 
      * @return sesssion context
      */
     public static SessionContext getExistingContext() {
         SessionContext sc = (SessionContext)
-            mContexts.get(Thread.currentThread());
+                mContexts.get(Thread.currentThread());
 
         if (sc == null) {
             return null;
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java b/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java
index 4510c46b..dfb72d57 100644
--- a/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ca;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for CA subsystem.
  * <P>
- *
+ * 
  * @version $Revision$ $Date$
  */
 public class CAResources extends ListResourceBundle {
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java b/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java
index 59d8847c..a530b08a 100644
--- a/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java
+++ b/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ca;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class represents a CA exception.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ECAException extends EBaseException {
@@ -36,11 +34,12 @@ public class ECAException extends EBaseException {
     /**
      * CA resource class name.
      */
-    private static final String CA_RESOURCES = CAResources.class.getName();		
+    private static final String CA_RESOURCES = CAResources.class.getName();
 
     /**
      * Constructs a CA exception.
      * <P>
+     * 
      * @param msgFormat constant from CAResources.
      */
     public ECAException(String msgFormat) {
@@ -50,6 +49,7 @@ public class ECAException extends EBaseException {
     /**
      * Constructs a CA exception.
      * <P>
+     * 
      * @param msgFormat constant from CAResources.
      * @param param additional parameters to the message.
      */
@@ -60,6 +60,7 @@ public class ECAException extends EBaseException {
     /**
      * Constructs a CA exception.
      * <P>
+     * 
      * @param msgFormat constant from CAResources.
      * @param e embedded exception.
      */
@@ -70,6 +71,7 @@ public class ECAException extends EBaseException {
     /**
      * Constructs a CA exception.
      * <P>
+     * 
      * @param msgFormat constant from CAResources.
      * @param params additional parameters to the message.
      */
@@ -80,6 +82,7 @@ public class ECAException extends EBaseException {
     /**
      * Returns the bundle file name.
      * <P>
+     * 
      * @return name of bundle class associated with this exception.
      */
     protected String getBundleName() {
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java b/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java
index 0e271c21..b4c10a0c 100644
--- a/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java
+++ b/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java
@@ -17,11 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ca;
 
-
 /**
  * A class represents a CA exception associated with publishing error.
  * <P>
- *
+ * 
  * @version $Revision$ $Date$
  */
 public class EErrorPublishCRL extends ECAException {
@@ -34,9 +33,10 @@ public class EErrorPublishCRL extends ECAException {
     /**
      * Constructs a CA exception caused by publishing error.
      * <P>
+     * 
      * @param errorString Detailed error message.
      */
     public EErrorPublishCRL(String errorString) {
-        super(errorString); 
+        super(errorString);
     }
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java b/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java
index cac6fc75..1edebcc8 100644
--- a/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java
+++ b/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ca;
 
-
 import netscape.security.x509.RevokedCertImpl;
 import netscape.security.x509.X509CertImpl;
 import netscape.security.x509.X509CertInfo;
@@ -27,11 +26,10 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.connector.IConnector;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * An interface representing a CA request services.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICAService {
@@ -39,54 +37,54 @@ public interface ICAService {
     /**
      * Marks certificate record as revoked by adding revocation information.
      * Updates CRL cache.
-     *
+     * 
      * @param crlentry revocation information obtained from revocation request
      * @exception EBaseException failed to mark certificate record as revoked
      */
     public void revokeCert(RevokedCertImpl crlentry)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Marks certificate record as revoked by adding revocation information.
      * Updates CRL cache.
-     *
+     * 
      * @param crlentry revocation information obtained from revocation request
      * @param requestId revocation request id
      * @exception EBaseException failed to mark certificate record as revoked
      */
     public void revokeCert(RevokedCertImpl crlentry, String requestId)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Issues certificate base on enrollment information,
      * creates certificate record, and stores all necessary data.
-     *
+     * 
      * @param certi information obtain from revocation request
      * @exception EBaseException failed to issue certificate or create certificate record
      */
     public X509CertImpl issueX509Cert(X509CertInfo certi)
-        throws EBaseException;
+            throws EBaseException;
 
     public X509CertImpl issueX509Cert(X509CertInfo certi, String profileId, String rid)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Services profile request.
-     *
+     * 
      * @param request profile enrollment request information
      * @exception EBaseException failed to service profile enrollment request
      */
     public void serviceProfileRequest(IRequest request)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Returns KRA-CA connector.
-     *
+     * 
      * @return KRA-CA connector
      */
     public IConnector getKRAConnector();
 
     public void setKRAConnector(IConnector c);
 
-    public IConnector getConnector(IConfigStore cs)  throws EBaseException;
+    public IConnector getConnector(IConfigStore cs) throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java
index edaea59c..b3e94d02 100644
--- a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java
+++ b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java
@@ -17,24 +17,22 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ca;
 
-
 import netscape.security.x509.Extension;
 
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.common.NameValuePairs;
 
-
 /**
  * An interface representing a CRL extension plugin.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICMSCRLExtension {
 
     /**
      * Returns CRL extension OID string.
-     *
+     * 
      * @return OID of CRL extension
      */
     public String getCRLExtOID();
@@ -42,33 +40,33 @@ public interface ICMSCRLExtension {
     /**
      * Sets extension criticality and returns extension
      * with new criticality.
-     *
+     * 
      * @param ext CRL extension that will change criticality
      * @param critical new criticality to be assigned to CRL extension
      * @return extension with new criticality
      */
     Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical);
+            boolean critical);
 
     /**
      * Builds new CRL extension based on configuration data,
      * issuing point information, and criticality.
-     *
+     * 
      * @param config configuration store
      * @param crlIssuingPoint CRL issuing point
      * @param critical criticality to be assigned to CRL extension
      * @return extension new CRL extension
      */
     Extension getCRLExtension(IConfigStore config,
-        Object crlIssuingPoint,
-        boolean critical);
+            Object crlIssuingPoint,
+            boolean critical);
 
     /**
      * Reads configuration data and converts them to name value pairs.
-     *
+     * 
      * @param config configuration store
-     * @param nvp name value pairs obtained from configuration data 
+     * @param nvp name value pairs obtained from configuration data
      */
     public void getConfigParams(IConfigStore config,
-        NameValuePairs nvp);
-} 
+            NameValuePairs nvp);
+}
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java
index f6df2226..6fa520fb 100644
--- a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java
+++ b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ca;
 
-
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.common.NameValuePairs;
 
-
 /**
  * An interface representing a list of CRL extensions.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICMSCRLExtensions {
@@ -33,7 +31,7 @@ public interface ICMSCRLExtensions {
     /**
      * Updates configuration store for extension identified by id
      * with data delivered in name value pairs.
-     *
+     * 
      * @param id extension id
      * @param nvp name value pairs with new configuration data
      * @param config configuration store
@@ -42,7 +40,7 @@ public interface ICMSCRLExtensions {
 
     /**
      * Reads configuration data and returns them as name value pairs.
-     *
+     * 
      * @param id extension id
      * @return name value pairs with configuration data
      */
@@ -50,10 +48,9 @@ public interface ICMSCRLExtensions {
 
     /**
      * Returns class name with its path.
-     *
+     * 
      * @param name extension id
      * @return class name with its path
      */
     public String getClassPath(String name);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java b/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java
index dab45fdb..f317db9b 100644
--- a/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java
+++ b/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ca;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 import java.util.Set;
@@ -34,19 +33,18 @@ import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.dbs.IElementProcessor;
 
-
 /**
- * This class encapsulates CRL issuing mechanism. CertificateAuthority 
- * contains a map of CRLIssuingPoint indexed by string ids. Each issuing 
- * point contains information about CRL issuing and publishing parameters 
- * as well as state information which includes last issued CRL, next CRL 
- * serial number, time of the next update etc. 
- * If autoUpdateInterval is set to non-zero value then worker thread 
- * is created that will perform CRL update at scheduled intervals. Update 
- * can also be triggered by invoking updateCRL method directly. Another 
+ * This class encapsulates CRL issuing mechanism. CertificateAuthority
+ * contains a map of CRLIssuingPoint indexed by string ids. Each issuing
+ * point contains information about CRL issuing and publishing parameters
+ * as well as state information which includes last issued CRL, next CRL
+ * serial number, time of the next update etc.
+ * If autoUpdateInterval is set to non-zero value then worker thread
+ * is created that will perform CRL update at scheduled intervals. Update
+ * can also be triggered by invoking updateCRL method directly. Another
  * parameter minUpdateInterval can be used to prevent CRL
  * from being updated too often
- *
+ * 
  * @version $Revision$, $Date$
  */
 
@@ -75,105 +73,105 @@ public interface ICRLIssuingPoint {
 
     /**
      * Returns true if CRL issuing point is enabled.
-     *
+     * 
      * @return true if CRL issuing point is enabled
      */
     public boolean isCRLIssuingPointEnabled();
 
     /**
      * Returns true if CRL generation is enabled.
-     *
+     * 
      * @return true if CRL generation is enabled
      */
     public boolean isCRLGenerationEnabled();
 
     /**
      * Enables or disables CRL issuing point according to parameter.
-     *
+     * 
      * @param enable if true enables CRL issuing point
      */
     public void enableCRLIssuingPoint(boolean enable);
 
     /**
      * Returns CRL update status.
-     *
+     * 
      * @return CRL update status
      */
     public String getCrlUpdateStatusStr();
 
     /**
      * Returns CRL update error.
-     *
+     * 
      * @return CRL update error
      */
     public String getCrlUpdateErrorStr();
 
     /**
      * Returns CRL publishing status.
-     *
+     * 
      * @return CRL publishing status
      */
     public String getCrlPublishStatusStr();
 
     /**
      * Returns CRL publishing error.
-     *
+     * 
      * @return CRL publishing error
      */
     public String getCrlPublishErrorStr();
 
     /**
      * Returns CRL issuing point initialization status.
-     *
+     * 
      * @return status of CRL issuing point initialization
      */
     public int isCRLIssuingPointInitialized();
 
     /**
      * Checks if manual update is set.
-     *
+     * 
      * @return true if manual update is set
      */
     public boolean isManualUpdateSet();
 
     /**
      * Checks if expired certificates are included in CRL.
-     *
+     * 
      * @return true if expired certificates are included in CRL
      */
     public boolean areExpiredCertsIncluded();
 
     /**
      * Checks if CRL includes CA certificates only.
-     *
+     * 
      * @return true if CRL includes CA certificates only
      */
     public boolean isCACertsOnly();
 
     /**
      * Checks if CRL includes profile certificates only.
-     *
+     * 
      * @return true if CRL includes profile certificates only
      */
     public boolean isProfileCertsOnly();
 
     /**
      * Checks if CRL issuing point includes this profile.
-     *
+     * 
      * @return true if CRL issuing point includes this profile
      */
     public boolean checkCurrentProfile(String id);
 
     /**
      * Initializes CRL issuing point.
-     *
-     * @param ca certificate authority that holds CRL issuing point 
+     * 
+     * @param ca certificate authority that holds CRL issuing point
      * @param id CRL issuing point id
      * @param config configuration sub-store for CRL issuing point
      * @exception EBaseException thrown if initialization failed
      */
-    public void init(ISubsystem ca, String id, IConfigStore config) 
-        throws EBaseException;
+    public void init(ISubsystem ca, String id, IConfigStore config)
+            throws EBaseException;
 
     /**
      * This method is called during shutdown.
@@ -183,21 +181,21 @@ public interface ICRLIssuingPoint {
 
     /**
      * Returns internal id of this CRL issuing point.
-     *
+     * 
      * @return internal id of this CRL issuing point
      */
     public String getId();
 
     /**
      * Returns internal description of this CRL issuing point.
-     *
+     * 
      * @return internal description of this CRL issuing point
      */
     public String getDescription();
 
     /**
      * Sets internal description of this CRL issuing point.
-     *
+     * 
      * @param description description for this CRL issuing point.
      */
     public void setDescription(String description);
@@ -205,21 +203,21 @@ public interface ICRLIssuingPoint {
     /**
      * Returns DN of the directory entry where CRLs from this issuing point
      * are published.
-     *
+     * 
      * @return DN of the directory entry where CRLs are published.
      */
     public String getPublishDN();
 
     /**
      * Returns signing algorithm.
-     *
+     * 
      * @return signing algorithm
      */
     public String getSigningAlgorithm();
 
     /**
      * Returns signing algorithm used in last signing operation..
-     *
+     * 
      * @return last signing algorithm
      */
     public String getLastSigningAlgorithm();
@@ -227,14 +225,14 @@ public interface ICRLIssuingPoint {
     /**
      * Returns current CRL generation schema for this CRL issuing point.
      * <P>
-     *
+     * 
      * @return current CRL generation schema for this CRL issuing point
      */
     public int getCRLSchema();
 
     /**
      * Returns current CRL number of this CRL issuing point.
-     *
+     * 
      * @return current CRL number of this CRL issuing point
      */
     public BigInteger getCRLNumber();
@@ -242,56 +240,56 @@ public interface ICRLIssuingPoint {
     /**
      * Returns current delta CRL number of this CRL issuing point.
      * <P>
-     *
+     * 
      * @return current delta CRL number of this CRL issuing point
      */
     public BigInteger getDeltaCRLNumber();
 
     /**
      * Returns next CRL number of this CRL issuing point.
-     *
+     * 
      * @return next CRL number of this CRL issuing point
      */
     public BigInteger getNextCRLNumber();
 
     /**
      * Returns number of entries in the current CRL.
-     *
+     * 
      * @return number of entries in the current CRL
      */
     public long getCRLSize();
 
     /**
      * Returns number of entries in delta CRL
-     *
+     * 
      * @return number of entries in delta CRL
      */
     public long getDeltaCRLSize();
 
     /**
      * Returns time of the last update.
-     *
+     * 
      * @return last CRL update time
      */
     public Date getLastUpdate();
 
     /**
      * Returns time of the next update.
-     *
+     * 
      * @return next CRL update time
      */
     public Date getNextUpdate();
 
     /**
      * Returns time of the next delta CRL update.
-     *
+     * 
      * @return next delta CRL update time
      */
     public Date getNextDeltaUpdate();
 
     /**
      * Returns all the revoked certificates from the CRL cache.
-     *
+     * 
      * @param start first requested CRL entry
      * @param end next after last requested CRL entry
      * @return set of all the revoked certificates or null if there are none.
@@ -300,7 +298,7 @@ public interface ICRLIssuingPoint {
 
     /**
      * Returns certificate authority.
-     *
+     * 
      * @return certificate authority
      */
     public ISubsystem getCertificateAuthority();
@@ -308,14 +306,14 @@ public interface ICRLIssuingPoint {
     /**
      * Schedules immediate CRL manual-update
      * and sets signature algorithm to be used for signing.
-     *
+     * 
      * @param signatureAlgorithm signature algorithm to be used for signing
      */
-    public  void setManualUpdate(String signatureAlgorithm);
+    public void setManualUpdate(String signatureAlgorithm);
 
     /**
      * Returns auto update interval in milliseconds.
-     *
+     * 
      * @return auto update interval in milliseconds
      */
     public long getAutoUpdateInterval();
@@ -323,14 +321,14 @@ public interface ICRLIssuingPoint {
     /**
      * Returns true if CRL is updated for every change
      * of revocation status of any certificate.
-     *
+     * 
      * @return true if CRL update is always triggered by revocation operation
      */
     public boolean getAlwaysUpdate();
 
     /**
      * Returns next update grace period in minutes.
-     *
+     * 
      * @return next update grace period in minutes
      */
     public long getNextUpdateGracePeriod();
@@ -338,7 +336,7 @@ public interface ICRLIssuingPoint {
     /**
      * Returns filter used to build CRL based on information stored
      * in local directory.
-     *
+     * 
      * @return filter used to search local directory
      */
     public String getFilter();
@@ -348,30 +346,31 @@ public interface ICRLIssuingPoint {
      * Calls certificate record processor to get necessary data
      * from certificate records.
      * This also regenerates CRL cache.
-     *
+     * 
      * @param cp certificate record processor
      * @exception EBaseException if an error occurred in the database.
      */
     public void processRevokedCerts(IElementProcessor cp)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Returns date of revoked certificate or null
      * if certificated is not listed as revoked.
-     *
+     * 
      * @param serialNumber serial number of certificate to be checked
      * @param checkDeltaCache true if delta CRL cache suppose to be
-     *        included in checking process
+     *            included in checking process
      * @param includeExpiredCerts true if delta CRL cache with expired
-     *        certificates suppose to be included in checking process
+     *            certificates suppose to be included in checking process
      * @return date of revoked certificate or null
      */
     public Date getRevocationDateFromCache(BigInteger serialNumber,
                                            boolean checkDeltaCache,
                                            boolean includeExpiredCerts);
+
     /**
      * Returns split times from CRL generation.
-     *
+     * 
      * @return split times from CRL generation in milliseconds
      */
     public Vector<Long> getSplitTimes();
@@ -379,13 +378,13 @@ public interface ICRLIssuingPoint {
     /**
      * Generates CRL now based on cache or local directory if cache
      * is not available. It also publishes CRL if it is required.
-     *
+     * 
      * @param signingAlgorithm signing algorithm to be used for CRL signing
      * @exception EBaseException if an error occurred during
-     *            CRL generation or publishing
+     *                CRL generation or publishing
      */
-    public  void updateCRLNow(String signingAlgorithm)
-        throws EBaseException;
+    public void updateCRLNow(String signingAlgorithm)
+            throws EBaseException;
 
     /**
      * Clears CRL cache
@@ -399,21 +398,21 @@ public interface ICRLIssuingPoint {
 
     /**
      * Returns number of recently revoked certificates.
-     *
+     * 
      * @return number of recently revoked certificates
      */
     public int getNumberOfRecentlyRevokedCerts();
 
     /**
      * Returns number of recently unrevoked certificates.
-     *
+     * 
      * @return number of recently unrevoked certificates
      */
     public int getNumberOfRecentlyUnrevokedCerts();
 
     /**
      * Returns number of recently expired and revoked certificates.
-     *
+     * 
      * @return number of recently expired and revoked certificates
      */
     public int getNumberOfRecentlyExpiredCerts();
@@ -421,7 +420,7 @@ public interface ICRLIssuingPoint {
     /**
      * Converts list of extensions supplied by revocation request
      * to list of extensions required to be placed in CRL.
-     *
+     * 
      * @param exts list of extensions supplied by revocation request
      * @return list of extensions required to be placed in CRL
      */
@@ -429,7 +428,7 @@ public interface ICRLIssuingPoint {
 
     /**
      * Adds revoked certificate to delta-CRL cache.
-     *
+     * 
      * @param serialNumber serial number of revoked certificate
      * @param revokedCert revocation information supplied by revocation request
      */
@@ -437,7 +436,7 @@ public interface ICRLIssuingPoint {
 
     /**
      * Adds revoked certificate to delta-CRL cache.
-     *
+     * 
      * @param serialNumber serial number of revoked certificate
      * @param revokedCert revocation information supplied by revocation request
      * @param requestId revocation request id
@@ -447,14 +446,14 @@ public interface ICRLIssuingPoint {
 
     /**
      * Adds unrevoked certificate to delta-CRL cache.
-     *
+     * 
      * @param serialNumber serial number of unrevoked certificate
      */
     public void addUnrevokedCert(BigInteger serialNumber);
 
     /**
      * Adds unrevoked certificate to delta-CRL cache.
-     *
+     * 
      * @param serialNumber serial number of unrevoked certificate
      * @param requestId unrevocation request id
      */
@@ -462,7 +461,7 @@ public interface ICRLIssuingPoint {
 
     /**
      * Adds expired and revoked certificate to delta-CRL cache.
-     *
+     * 
      * @param serialNumber serial number of expired and revoked certificate
      */
     public void addExpiredCert(BigInteger serialNumber);
@@ -475,7 +474,7 @@ public interface ICRLIssuingPoint {
     /**
      * Updates issuing point configuration according to supplied data
      * in name value pairs.
-     *
+     * 
      * @param params name value pairs defining new issuing point configuration
      * @return true if configuration is updated successfully
      */
@@ -483,35 +482,35 @@ public interface ICRLIssuingPoint {
 
     /**
      * Returns true if delta-CRL is enabled.
-     *
+     * 
      * @return true if delta-CRL is enabled
      */
     public boolean isDeltaCRLEnabled();
 
     /**
      * Returns true if CRL cache is enabled.
-     *
+     * 
      * @return true if CRL cache is enabled
      */
     public boolean isCRLCacheEnabled();
 
     /**
      * Returns true if CRL cache is empty.
-     *
+     * 
      * @return true if CRL cache is empty
      */
     public boolean isCRLCacheEmpty();
 
     /**
      * Returns true if CRL cache testing is enabled.
-     *
+     * 
      * @return true if CRL cache testing is enabled
      */
     public boolean isCRLCacheTestingEnabled();
 
     /**
      * Returns true if supplied delta-CRL is matching current delta-CRL.
-     *
+     * 
      * @param deltaCRL delta-CRL to verify against current delta-CRL
      * @return true if supplied delta-CRL is matching current delta-CRL
      */
@@ -519,7 +518,7 @@ public interface ICRLIssuingPoint {
 
     /**
      * Returns status of CRL generation.
-     *
+     * 
      * @return one of the following according to CRL generation status:
      *         CRL_UPDATE_DONE, CRL_UPDATE_STARTED, and CRL_PUBLISHING_STARTED
      */
@@ -528,18 +527,17 @@ public interface ICRLIssuingPoint {
     /**
      * Generates CRL now based on cache or local directory if cache
      * is not available. It also publishes CRL if it is required.
-     * CRL is signed by default signing algorithm. 
-     *
+     * CRL is signed by default signing algorithm.
+     * 
      * @exception EBaseException if an error occurred during
-     *            CRL generation or publishing
+     *                CRL generation or publishing
      */
-    public  void updateCRLNow() throws EBaseException;
+    public void updateCRLNow() throws EBaseException;
 
     /**
      * Returns list of CRL extensions.
-     *
+     * 
      * @return list of CRL extensions
      */
     public ICMSCRLExtensions getCRLExtensions();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
index d86a37dd..a49653c1 100644
--- a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ca;
 
-
 import java.util.Enumeration;
 
 import netscape.security.x509.CertificateChain;
@@ -29,7 +28,6 @@ import netscape.security.x509.X509CertInfo;
 
 import org.mozilla.jss.crypto.SignatureAlgorithm;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
@@ -45,12 +43,11 @@ import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.certsrv.request.IService;
 import com.netscape.certsrv.security.ISigningUnit;
 
-
 /**
  * An interface represents a Certificate Authority that is
  * responsible for certificate specific operations.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICertificateAuthority extends ISubsystem {
@@ -78,7 +75,7 @@ public interface ICertificateAuthority extends ISubsystem {
     public final static String PROP_DEF_VALIDITY = "DefaultIssueValidity";
     public final static String PROP_FAST_SIGNING = "fastSigning";
     public static final String PROP_ENABLE_ADMIN_ENROLL =
-        "enableAdminEnroll";
+            "enableAdminEnroll";
 
     public final static String PROP_CRL_SUBSTORE = "crl";
     // make this public so agent gateway can access for now.
@@ -86,9 +83,9 @@ public interface ICertificateAuthority extends ISubsystem {
     public final static String PROP_MASTER_CRL = "MasterCRL";
     public final static String PROP_CRLEXT_SUBSTORE = "extension";
     public final static String PROP_ISSUING_CLASS =
-        "com.netscape.cmscore.ca.CRLIssuingPoint";
+            "com.netscape.cmscore.ca.CRLIssuingPoint";
     public final static String PROP_EXPIREDCERTS_CLASS =
-        "com.netscape.cmscore.ca.CRLWithExpiredCerts";
+            "com.netscape.cmscore.ca.CRLWithExpiredCerts";
 
     public final static String PROP_NOTIFY_SUBSTORE = "notification";
     public final static String PROP_CERT_ISSUED_SUBSTORE = "certIssued";
@@ -109,67 +106,68 @@ public interface ICertificateAuthority extends ISubsystem {
     public final static String PROP_ID = "id";
 
     public final static String PROP_CERTDB_TRANS_MAXRECORDS = "transitMaxRecords";
-    public final static String PROP_CERTDB_TRANS_PAGESIZE   =  "transitRecordPageSize"; 
+    public final static String PROP_CERTDB_TRANS_PAGESIZE = "transitRecordPageSize";
 
     /**
      * Retrieves the certificate repository where all the locally
      * issued certificates are kept.
-     *
+     * 
      * @return CA's certificate repository
      */
     public ICertificateRepository getCertificateRepository();
 
     /**
      * Retrieves the request queue of this certificate authority.
-     *
+     * 
      * @return CA's request queue
      */
     public IRequestQueue getRequestQueue();
 
     /**
      * Retrieves the policy processor of this certificate authority.
-     *
+     * 
      * @return CA's policy processor
      */
     public IPolicyProcessor getPolicyProcessor();
 
     public boolean noncesEnabled();
-    public Nonces  getNonces();
+
+    public Nonces getNonces();
 
     /**
      * Retrieves the publishing processor of this certificate authority.
-     *
+     * 
      * @return CA's publishing processor
      */
     public IPublisherProcessor getPublisherProcessor();
 
     /**
      * Retrieves the next available serial number.
-     *
+     * 
      * @return next available serial number
      */
     public String getStartSerial();
 
     /**
      * Sets the next available serial number.
-     *
+     * 
      * @param serial next available serial number
      * @exception EBaseException failed to set next available serial number
      */
     public void setStartSerial(String serial) throws EBaseException;
 
     /**
-     * Retrieves the last serial number that can be used for 
+     * Retrieves the last serial number that can be used for
      * certificate issuance in this certificate authority.
-     *
+     * 
      * @return the last serial number
      */
     public String getMaxSerial();
 
     /**
-     * Sets the last serial number that can be used for 
+     * Sets the last serial number that can be used for
      * certificate issuance in this certificate authority.
-     *
+     * 
      * @param serial the last serial number
      * @exception EBaseException failed to set the last serial number
      */
@@ -177,21 +175,21 @@ public interface ICertificateAuthority extends ISubsystem {
 
     /**
      * Retrieves the default signature algorithm of this certificate authority.
-     *
+     * 
      * @return the default signature algorithm of this CA
      */
     public SignatureAlgorithm getDefaultSignatureAlgorithm();
 
     /**
      * Retrieves the default signing algorithm of this certificate authority.
-     *
+     * 
      * @return the default signing algorithm of this CA
      */
     public String getDefaultAlgorithm();
 
     /**
      * Sets the default signing algorithm of this certificate authority.
-     *
+     * 
      * @param algorithm new default signing algorithm
      * @exception EBaseException failed to set the default signing algorithm
      */
@@ -199,7 +197,7 @@ public interface ICertificateAuthority extends ISubsystem {
 
     /**
      * Retrieves the supported signing algorithms of this certificate authority.
-     *
+     * 
      * @return the supported signing algorithms of this CA
      */
     public String[] getCASigningAlgorithms();
@@ -207,30 +205,30 @@ public interface ICertificateAuthority extends ISubsystem {
     /**
      * Allows certificates to have validities that are longer
      * than this certificate authority's.
-     *
+     * 
      * @param enableCAPast if equals "true", it allows certificates
-     * to have validity longer than CA's certificate validity
+     *            to have validity longer than CA's certificate validity
      * @exception EBaseException failed to set above option
      */
-    public void setValidity(String enableCAPast) throws EBaseException; 
+    public void setValidity(String enableCAPast) throws EBaseException;
 
     /**
      * Retrieves the default validity period.
-     *
+     * 
      * @return the default validity length in days
      */
     public long getDefaultValidity();
 
     /**
      * Retrieves all the CRL issuing points.
-     *
+     * 
      * @return enumeration of all the CRL issuing points
      */
     public Enumeration<ICRLIssuingPoint> getCRLIssuingPoints();
 
     /**
      * Retrieves CRL issuing point with the given identifier.
-     *
+     * 
      * @param id CRL issuing point id
      * @return CRL issuing point with given id
      */
@@ -238,7 +236,7 @@ public interface ICertificateAuthority extends ISubsystem {
 
     /**
      * Adds CRL issuing point with the given identifier and description.
-     *
+     * 
      * @param crlSubStore sub-store with all CRL issuing points
      * @param id CRL issuing point id
      * @param description CRL issuing point description
@@ -249,7 +247,7 @@ public interface ICertificateAuthority extends ISubsystem {
 
     /**
      * Deletes CRL issuing point with the given identifier.
-     *
+     * 
      * @param crlSubStore sub-store with all CRL issuing points
      * @param id CRL issuing point id
      */
@@ -257,77 +255,77 @@ public interface ICertificateAuthority extends ISubsystem {
 
     /**
      * Retrieves the CRL repository.
-     *
+     * 
      * @return CA's CRL repository
      */
     public ICRLRepository getCRLRepository();
 
     /**
      * Retrieves the Replica ID repository.
-     *
+     * 
      * @return CA's Replica ID repository
      */
     public IReplicaIDRepository getReplicaRepository();
 
     /**
      * Retrieves the request in queue listener.
-     *
+     * 
      * @return the request in queue listener
      */
     public IRequestListener getRequestInQListener();
 
     /**
      * Retrieves all request listeners.
-     *
+     * 
      * @return name enumeration of all request listeners
      */
-    public Enumeration<String>  getRequestListenerNames();
+    public Enumeration<String> getRequestListenerNames();
 
     /**
      * Retrieves the request listener for issued certificates.
-     *
+     * 
      * @return the request listener for issued certificates
      */
     public IRequestListener getCertIssuedListener();
 
     /**
      * Retrieves the request listener for revoked certificates.
-     *
+     * 
      * @return the request listener for revoked certificates
      */
     public IRequestListener getCertRevokedListener();
 
     /**
      * Retrieves the CA certificate chain.
-     *
+     * 
      * @return the CA certificate chain
      */
-    public CertificateChain getCACertChain(); 
+    public CertificateChain getCACertChain();
 
     /**
      * Retrieves the CA certificate.
-     *
+     * 
      * @return the CA certificate
      */
     public org.mozilla.jss.crypto.X509Certificate getCaX509Cert();
 
     /**
      * Retrieves the CA certificate.
-     *
+     * 
      * @return the CA certificate
      */
     public X509CertImpl getCACert();
 
     /**
      * Updates the CRL immediately for MasterCRL issuing point if it exists.
-     *
+     * 
      * @exception EBaseException failed to create or publish CRL
      */
     public void updateCRLNow() throws EBaseException;
 
     /**
      * Publishes the CRL immediately for MasterCRL issuing point if it exists.
-     *
+     * 
      * @exception EBaseException failed to publish CRL
      */
     public void publishCRLNow() throws EBaseException;
@@ -335,7 +333,7 @@ public interface ICertificateAuthority extends ISubsystem {
     /**
      * Retrieves the signing unit that manages the CA signing key for
      * signing certificates.
-     *
+     * 
      * @return the CA signing unit for certificates
      */
     public ISigningUnit getSigningUnit();
@@ -343,7 +341,7 @@ public interface ICertificateAuthority extends ISubsystem {
     /**
      * Retrieves the signing unit that manages the CA signing key for
      * signing CRL.
-     *
+     * 
      * @return the CA signing unit for CRLs
      */
     public ISigningUnit getCRLSigningUnit();
@@ -351,28 +349,28 @@ public interface ICertificateAuthority extends ISubsystem {
     /**
      * Retrieves the signing unit that manages the CA signing key for
      * signing OCSP response.
-     *
+     * 
      * @return the CA signing unit for OCSP responses
      */
     public ISigningUnit getOCSPSigningUnit();
 
     /**
      * Sets the maximium path length in the basic constraint extension.
-     *
+     * 
      * @param num the maximium path length
      */
     public void setBasicConstraintMaxLen(int num);
 
     /**
      * Is this a clone CA?
-     *
+     * 
      * @return true if this is a clone CA
      */
     public boolean isClone();
 
     /**
      * Retrieves the request listener by name.
-     *
+     * 
      * @param name request listener name
      * @return the request listener
      */
@@ -382,17 +380,17 @@ public interface ICertificateAuthority extends ISubsystem {
      * get request notifier
      */
     public IRequestNotifier getRequestNotifier();
-   
+
     /**
      * Registers a request listener.
-     *
+     * 
      * @param listener request listener to be registered
      */
     public void registerRequestListener(IRequestListener listener);
 
     /**
      * Registers a request listener.
-     *
+     * 
      * @param name under request listener is going to be registered
      * @param listener request listener to be registered
      */
@@ -400,32 +398,32 @@ public interface ICertificateAuthority extends ISubsystem {
 
     /**
      * Retrieves the issuer name of this certificate authority.
-     *
+     * 
      * @return the issuer name of this certificate authority
      */
     public X500Name getX500Name();
 
     /**
      * Retrieves the issuer name of this certificate authority issuing point.
-     *
+     * 
      * @return the issuer name of this certificate authority issuing point
      */
-    public X500Name getCRLX500Name(); 
+    public X500Name getCRLX500Name();
 
     /**
      * Signs the given CRL with the specific algorithm.
-     *
+     * 
      * @param crl CRL to be signed
      * @param algname algorithm used for signing
      * @return signed CRL
      * @exception EBaseException failed to sign CRL
      */
     public X509CRLImpl sign(X509CRLImpl crl, String algname)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Logs a message to this certificate authority.
-     *
+     * 
      * @param level logging level
      * @param msg logged message
      */
@@ -433,25 +431,25 @@ public interface ICertificateAuthority extends ISubsystem {
 
     /**
      * Returns the nickname for the CA signing certificate.
-     *
+     * 
      * @return the nickname for the CA signing certificate
      */
     public String getNickname();
 
     /**
      * Signs a X.509 certificate template.
-     *
+     * 
      * @param certInfo X.509 certificate template
      * @param algname algorithm used for signing
      * @return signed certificate
      * @exception EBaseException failed to sign certificate
      */
     public X509CertImpl sign(X509CertInfo certInfo, String algname)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves the default certificate version.
-     *
+     * 
      * @return the default version certificate
      */
     public CertificateVersion getDefaultCertVersion();
@@ -459,7 +457,7 @@ public interface ICertificateAuthority extends ISubsystem {
     /**
      * Is this CA allowed to issue certificate that has longer
      * validty than the CA's.
-     *
+     * 
      * @return true if allows certificates to have validity longer than CA's
      */
     public boolean isEnablePastCATime();
@@ -467,30 +465,30 @@ public interface ICertificateAuthority extends ISubsystem {
     /**
      * Retrieves the CA service object that is responsible for
      * processing requests.
-     *
+     * 
      * @return CA service object
      */
     public IService getCAService();
 
     /**
      * Returns the in-memory count of the processed OCSP requests.
-     *
+     * 
      * @return number of processed OCSP requests in memory
      */
     public long getNumOCSPRequest();
 
     /**
-     * Returns the in-memory time (in mini-second) of 
+     * Returns the in-memory time (in mini-second) of
      * the processed time for OCSP requests.
-     *
+     * 
      * @return processed times for OCSP requests
      */
     public long getOCSPRequestTotalTime();
 
     /**
-     * Returns the in-memory time (in mini-second) of 
+     * Returns the in-memory time (in mini-second) of
      * the signing time for OCSP requests.
-     *
+     * 
      * @return processed times for OCSP requests
      */
     public long getOCSPTotalSignTime();
@@ -498,7 +496,7 @@ public interface ICertificateAuthority extends ISubsystem {
     /**
      * Returns the total data signed
      * for OCSP requests.
-     *
+     * 
      * @return processed times for OCSP requests
      */
     public long getOCSPTotalData();
diff --git a/pki/base/common/src/com/netscape/certsrv/cert/ICrossCertPairSubsystem.java b/pki/base/common/src/com/netscape/certsrv/cert/ICrossCertPairSubsystem.java
index 653c684f..c79479dc 100644
--- a/pki/base/common/src/com/netscape/certsrv/cert/ICrossCertPairSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/cert/ICrossCertPairSubsystem.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.cert;
 
-
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
  * Interface for handling cross certs
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICrossCertPairSubsystem extends ISubsystem {
@@ -35,27 +33,30 @@ public interface ICrossCertPairSubsystem extends ISubsystem {
     /**
      * "import" the CA cert cross-signed by another CA (potentially a
      * bridge CA) into internal ldap db.
-     * If publishing is turned on, and 
+     * If publishing is turned on, and
      * if matches up a pair, then publish to publishing directory
-     * otherwise, leave in internal ldap db and wait for it's matching 
+     * otherwise, leave in internal ldap db and wait for it's matching
      * pair
+     * 
      * @param certBytes binary byte array of the cert
-	 * @exception EBaseException when certBytes conversion to X509
-	 * certificate fails
+     * @exception EBaseException when certBytes conversion to X509
+     *                certificate fails
      */
     public void importCert(byte[] certBytes) throws EBaseException;
 
     /**
      * publish all cert pairs, if publisher is on
-	 * @exception EBaseException when publishing fails
+     * 
+     * @exception EBaseException when publishing fails
      */
     public void publishCertPairs() throws EBaseException;
 
-	/**
-	 * convert byte array to X509Certificate
-	 * @return X509Certificate the X509Certificate class
-	 * representation of the certificate byte array
-	 * @exception CertificateException when conversion fails
-	 */
+    /**
+     * convert byte array to X509Certificate
+     * 
+     * @return X509Certificate the X509Certificate class
+     *         representation of the certificate byte array
+     * @exception CertificateException when conversion fails
+     */
     public X509Certificate byteArray2X509Cert(byte[] certBytes) throws CertificateException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/client/IDataProcessor.java b/pki/base/common/src/com/netscape/certsrv/client/IDataProcessor.java
index 3bce367d..b6784b6d 100644
--- a/pki/base/common/src/com/netscape/certsrv/client/IDataProcessor.java
+++ b/pki/base/common/src/com/netscape/certsrv/client/IDataProcessor.java
@@ -17,11 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.client;
 
-
 /**
  * this class represents the callback interface between
  * the client package and the data storage object (data model)
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IDataProcessor {
@@ -29,6 +28,7 @@ public interface IDataProcessor {
     /**
      * This method will be callby the client package each time
      * data object arrived from the server side.
+     * 
      * @param data data object expected by the interface implementor
      */
     public void processData(Object data);
diff --git a/pki/base/common/src/com/netscape/certsrv/client/connection/IAuthenticator.java b/pki/base/common/src/com/netscape/certsrv/client/connection/IAuthenticator.java
index ff83cadd..0a96ee69 100644
--- a/pki/base/common/src/com/netscape/certsrv/client/connection/IAuthenticator.java
+++ b/pki/base/common/src/com/netscape/certsrv/client/connection/IAuthenticator.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.client.connection;
 
-
 /**
  * An interface represents authentiator.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IAuthenticator {
diff --git a/pki/base/common/src/com/netscape/certsrv/client/connection/IConnection.java b/pki/base/common/src/com/netscape/certsrv/client/connection/IConnection.java
index 18bd3518..4a8166b0 100644
--- a/pki/base/common/src/com/netscape/certsrv/client/connection/IConnection.java
+++ b/pki/base/common/src/com/netscape/certsrv/client/connection/IConnection.java
@@ -22,13 +22,13 @@ import java.net.SocketException;
 
 /**
  * Interface for all connection objects.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IConnection {
 
     /**
-     *  Send request to the server using this connection
+     * Send request to the server using this connection
      */
     public int sendRequest(String req) throws IOException;
 
@@ -41,11 +41,10 @@ public interface IConnection {
      * Close the connection
      */
     public void disconnect();
-    
+
     /**
      * SetTimeout
      */
     public void setSoTimeout(int timeout) throws SocketException;
- 
- 
+
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/client/connection/IConnectionFactory.java b/pki/base/common/src/com/netscape/certsrv/client/connection/IConnectionFactory.java
index 1542d5fa..4506abbf 100644
--- a/pki/base/common/src/com/netscape/certsrv/client/connection/IConnectionFactory.java
+++ b/pki/base/common/src/com/netscape/certsrv/client/connection/IConnectionFactory.java
@@ -23,21 +23,21 @@ import java.net.UnknownHostException;
 /**
  * Interface for all connection factory. Primarily act as
  * the abstraction layer for different kind of connection factory.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IConnectionFactory {
 
     /**
      * Creates connection using the host and port
-     * @param host  The host to connect to
-     * @param port  The port to connect to
-     * @return  The created connection
-     * @throws IOException   On an IO Error
-     * @throws UnknownHostException  If the host can't be resolved
+     * 
+     * @param host The host to connect to
+     * @param port The port to connect to
+     * @return The created connection
+     * @throws IOException On an IO Error
+     * @throws UnknownHostException If the host can't be resolved
      */
     public IConnection create(String host, int port)
-        throws IOException, UnknownHostException;
+            throws IOException, UnknownHostException;
 
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/common/ConfigConstants.java b/pki/base/common/src/com/netscape/certsrv/common/ConfigConstants.java
index 9f892cd2..2ea7b746 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/ConfigConstants.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/ConfigConstants.java
@@ -17,12 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
 /**
- * This interface contains constants that are used 
- * in the protocol between the configuration daemon 
+ * This interface contains constants that are used
+ * in the protocol between the configuration daemon
  * and UI configuration wizard.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ConfigConstants {
@@ -30,8 +29,8 @@ public interface ConfigConstants {
     public static final String TRUE = "true";
     public static final String FALSE = "false";
     public static final String OPTYPE = "opType";
-    public static final String TASKID = "taskID";  
- 
+    public static final String TASKID = "taskID";
+
     // Stages
     public static final String STAGES = "stages";
     public static final String STAGE_INTERNAL_DB = "stageInternalDB";
@@ -135,7 +134,7 @@ public interface ConfigConstants {
     public static final String PR_EE_SECURE_PORT = "eeGateway.https.port";
     public static final String PR_AGENT_PORT = "agentGateway.https.port";
     public static final String PR_RADM_PORT = "radm.https.port";
-    public static final String PR_RADM_PORT_SETUP="radm.port";
+    public static final String PR_RADM_PORT_SETUP = "radm.port";
     public static final String PR_EE_PORT_ENABLE = "eeGateway.http.enable";
     public static final String PR_EE_PORTS_ENABLE = "eePortsEnable";
 
@@ -173,27 +172,27 @@ public interface ConfigConstants {
     public static final String PR_ADD_LDIF_PATH = "addLdifPath";
     public static final String PR_MOD_LDIF_PATH = "modLdifPath";
     public static final String PR_SIGNING_KEY_MIGRATION_TOKEN =
-        "signingKeyMigrationToken";
+            "signingKeyMigrationToken";
     public static final String PR_SSL_KEY_MIGRATION_TOKEN =
-        "sslKeyMigrationToken";
+            "sslKeyMigrationToken";
     public static final String PR_SIGNING_KEY_MIGRATION_TOKEN_PASSWD =
-        "signingKeyMigrationTokenPasswd";
+            "signingKeyMigrationTokenPasswd";
     public static final String PR_SIGNING_KEY_MIGRATION_TOKEN_SOPPASSWD =
-        "signingKeyMigrationTokenSOPPasswd";
+            "signingKeyMigrationTokenSOPPasswd";
     public static final String PR_SSL_KEY_MIGRATION_TOKEN_PASSWD =
-        "sslKeyMigrationTokenPasswd";
+            "sslKeyMigrationTokenPasswd";
     public static final String PR_SSL_KEY_MIGRATION_TOKEN_SOPPASSWD =
-        "sslKeyMigrationTokenSOPPasswd";
+            "sslKeyMigrationTokenSOPPasswd";
     public static final String PR_NUM_MIGRATION_WARNINGS =
-        "numMigrationWarnings";
+            "numMigrationWarnings";
     public static final String PR_MIGRATION_WARNING = "migrationWarning";
     public static final String PR_CA_KEY_TYPE = "caKeyType";
     public static final String PR_LDAP_PASSWORD = "ldapPassword";
     public static final String PR_MIGRATION_PASSWORD = "migrationPassword";
 
     // Key and Cert
-    public static final String PR_HARDWARE_SPLIT = "hardwareSplit";    
-    public static final String PR_TOKEN_LIST = "tokenList";    
+    public static final String PR_HARDWARE_SPLIT = "hardwareSplit";
+    public static final String PR_TOKEN_LIST = "tokenList";
     public static final String PR_TOKEN_NAME = "tokenName";
     public static final String PR_SUBJECT_NAME = "subjectName";
     public static final String PR_CA_SUBJECT_NAME = "caSubjectName";
@@ -293,8 +292,8 @@ public interface ConfigConstants {
     // CA serial number
     public static final String PR_CA_SERIAL_NUMBER = "caSerialNumber";
     public static final String PR_CA_ENDSERIAL_NUMBER = "caEndSerialNumber";
-    
-	// KRA number
+
+    // KRA number
     public static final String PR_REQUEST_NUMBER = "requestNumber";
     public static final String PR_ENDREQUEST_NUMBER = "endRequestNumber";
     public static final String PR_SERIAL_REQUEST_NUMBER = "serialRequestNumber";
@@ -331,4 +330,3 @@ public interface ConfigConstants {
     public static final String PR_AGREEMENT_NAME_2 = "agreementName2";
     public static final String PR_REPLICATION_MANAGER_PASSWD_2 = "replicationManagerPwd2";
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/common/Constants.java b/pki/base/common/src/com/netscape/certsrv/common/Constants.java
index c8503491..be9d33b4 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/Constants.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/Constants.java
@@ -17,11 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
 /**
- * This interface contains constants that are shared 
+ * This interface contains constants that are shared
  * by certificate server and its client SDK.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface Constants {
@@ -48,24 +47,24 @@ public interface Constants {
 
     //STATIC UI TYPE
     public final static String TYPE_PASSWORD = "password";
-    
+
     /**********************************************************
      * PROPERTY NAME LISTED BELOW
      **********************************************************/
-    
+
     /*========================================================
      * General
-     *========================================================*/     
+     *========================================================*/
     public final static String PR_PORT = "port";
     public final static String PR_SSLPORT = "sslPort";
-     
+
     /*========================================================
      * Tasks
      *========================================================*/
     public final static String PR_SERVER_START = "start";
     public final static String PR_SERVER_STOP = "stop";
     public final static String PR_SERVER_RESTART = "restart";
-    
+
     /*========================================================
      * Networks
      *========================================================*/
@@ -79,15 +78,15 @@ public interface Constants {
     public final static String PR_GATEWAY_S_BACKLOG = "gateway.https.backlog";
     public final static String PR_GATEWAY_BACKLOG = "gateway.http.backlog";
     public final static String PR_GATEWAY_PORT_ENABLED =
-        "gateway.http.enable";
+            "gateway.http.enable";
     public final static String PR_MASTER_AGENT_PORT = "master.ca.agent.port";
     public final static String PR_MASTER_AGENT_HOST = "master.ca.agent.host";
-    
+
     /*========================================================
      * SMTP
      *========================================================*/
     public final static String PR_SERVER_NAME = "server";
-    
+
     /*========================================================
      * SNMP
      *========================================================*/
@@ -109,7 +108,7 @@ public interface Constants {
     /*========================================================
      * Users and Groups
      *========================================================*/
-    
+
     //group properties
     public final static String PR_GROUP_DESC = "desc";
     public final static String PR_GROUP_USER = "user";
@@ -149,7 +148,7 @@ public interface Constants {
      *========================================================*/
     public final static String PR_NOTIFICATION_FORM_NAME = "emailTemplate";
     public final static String PR_NOTIFICATION_SUBJECT =
-        "emailSubject";
+            "emailSubject";
     public final static String PR_NOTIFICATION_SENDER = "senderEmail";
     public final static String PR_NOTIFICATION_RECEIVER = "recipientEmail";
 
@@ -194,7 +193,7 @@ public interface Constants {
     /*========================================================
      * LDAP Publishing
      *========================================================*/
-     
+
     // publishing properties
     public final static String PR_BASIC_AUTH = "BasicAuth";
     public final static String PR_SSL_AUTH = "SslClientAuth";
@@ -253,7 +252,7 @@ public interface Constants {
     public final static String PR_BASE_DN = "baseDN";
     public final static String PR_DNCOMPS = "dnComps";
     public final static String PR_FILTERCOMPS = "filterComps";
-    
+
     // ldap connection test
     public final static String PR_CONN_INITED = "connInited";
     public final static String PR_CONN_INIT_FAIL = "connInitFail";
@@ -323,10 +322,10 @@ public interface Constants {
     public final static String PR_RENEWAL_ENABLED = "renewal.enabled";
     public final static String PR_RENEWAL_VALIDITY = "renewal.validity";
     public final static String PR_RENEWAL_EMAIL = "renewal.email";
-    public final static String PR_RENEWAL_EXPIREDNOTIFIEDENABLED = 
-        "renewal.expired.notification.enabled";
-    public final static String PR_RENEWAL_NUMNOTIFICATION = 
-        "renewal.numNotification";
+    public final static String PR_RENEWAL_EXPIREDNOTIFIEDENABLED =
+            "renewal.expired.notification.enabled";
+    public final static String PR_RENEWAL_NUMNOTIFICATION =
+            "renewal.numNotification";
     public final static String PR_RENEWAL_INTERVAL = "renewal.interval";
     public final static String PR_SERVLET_CLASS = "class";
     public final static String PR_SERVLET_URI = "uri";
@@ -354,7 +353,7 @@ public interface Constants {
     public final static String PR_ACL_CLASS = "class";
     public final static String PR_ACL_DESC = "desc";
     public final static String PR_ACL_RIGHTS = "rights";
-    
+
     /*========================================================
      * Key Recovery
      *========================================================*/
@@ -386,7 +385,7 @@ public interface Constants {
     public final static String PR_RA_INSTANCE = "ra";
     public final static String PR_KRA_INSTANCE = "kra";
     public final static String PR_TKS_INSTANCE = "tks";
-   
+
     /*
      * Certificate info
      */
@@ -467,7 +466,7 @@ public interface Constants {
     /*========================================================
      * Security
      *========================================================*/
-     
+
     //functionality 
     public final static String PR_CERT_SERVER = "SERVER";
     public final static String PR_CERT_ADMIN = "ADMIN";
@@ -477,7 +476,7 @@ public interface Constants {
     public final static String PR_CERT_RA = "RA";
     public final static String PR_CERT_POA = "POA";
     public final static String PR_CERT_TRANS = "TRANS";
-    
+
     // key and certificate management
     public final static String PR_OPERATION_TYPE = "operationtype";
     public final static String PR_INSTALL_TYPE = "install";
@@ -485,9 +484,9 @@ public interface Constants {
     //public final static String PR_CA_SIGNING_CERT = "cacert";
     //public final static String PR_SERVER_CERT = "servercert";
     public final static String PR_CLIENT_CERT = "clientcert";
-    public final static String PR_FULL_INTERNAL_TOKEN_NAME="Internal Key Storage Token";
-    public final static String PR_INTERNAL_TOKEN_NAME = 
-        "internal";
+    public final static String PR_FULL_INTERNAL_TOKEN_NAME = "Internal Key Storage Token";
+    public final static String PR_INTERNAL_TOKEN_NAME =
+            "internal";
     public final static String PR_TOKEN_NAME = "tokenName";
     public final static String PR_TOKEN_PASSWD = "tokenPwd";
     public final static String PR_KEY_LENGTH = "keyLength";
@@ -503,15 +502,15 @@ public interface Constants {
     public final static String PR_CSR = "csr";
 
     //encryption
-    
+
     /* Cipher Version: domestic or export */
     public final static String PR_CIPHER_VERSION = "cipherversion";
     public final static String PR_CIPHER_VERSION_DOMESTIC = "cipherdomestic";
     public final static String PR_CIPHER_VERSION_EXPORT = "cipherexport";
-    
+
     /* Cipher Fortezza: true, false */
     public final static String PR_CIPHER_FORTEZZA = "cipherfortezza";
-    
+
     /* Token and Certificates */
     public final static String PR_TOKEN_LIST = "tokenlist";
     public final static String PR_TOKEN_PREFIX = "token_";
@@ -525,42 +524,24 @@ public interface Constants {
     public final static String PR_ECTYPE = "ectype";
 
     /* values for SSL cipher preferences */
-    public final static String 
-        PR_SSL2_RC4_128_WITH_MD5 = "rc4";
-    public final static String 
-        PR_SSL2_RC4_128_EXPORT40_WITH_MD5 = "rc4export";
-    public final static String 
-        PR_SSL2_RC2_128_CBC_WITH_MD5 = "rc2";
-    public final static String 
-        PR_SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 = "rc2export";
-    public final static String 
-        PR_SSL2_DES_64_CBC_WITH_MD5 = "des";
-    public final static String 
-        PR_SSL2_DES_192_EDE3_CBC_WITH_MD5 = "desede3";
-    public final static String 
-        PR_SSL3_RSA_WITH_NULL_MD5 = "rsa_null_md5";
-    public final static String 
-        PR_SSL3_RSA_EXPORT_WITH_RC4_40_MD5 = "rsa_rc4_40_md5";
-    public final static String 
-        PR_SSL3_RSA_WITH_RC4_128_MD5 = "rsa_rc4_128_md5"; 
-    public final static String 
-        PR_SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = "rsa_rc2_40_md5";
-    public final static String 
-        PR_SSL3_RSA_WITH_DES_CBC_SHA = "rsa_des_sha";
-    public final static String 
-        PR_SSL3_RSA_WITH_3DES_EDE_CBC_SHA = "rsa_3des_sha";
-    public final static String 
-        PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA = "fortezza";
-    public final static String 
-        PR_SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA = "fortezza_rc4_128_sha";
-    public final static String 
-        PR_SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = "rsa_fips_3des_sha";
-    public final static String 
-        PR_SSL_RSA_FIPS_WITH_DES_CBC_SHA = "rsa_fips_des_sha";
-    public final static String 
-        PR_TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = "tls_rsa_rc4_56_sha";
-    public final static String 
-        PR_TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = "tls_rsa_des_sha";
+    public final static String PR_SSL2_RC4_128_WITH_MD5 = "rc4";
+    public final static String PR_SSL2_RC4_128_EXPORT40_WITH_MD5 = "rc4export";
+    public final static String PR_SSL2_RC2_128_CBC_WITH_MD5 = "rc2";
+    public final static String PR_SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 = "rc2export";
+    public final static String PR_SSL2_DES_64_CBC_WITH_MD5 = "des";
+    public final static String PR_SSL2_DES_192_EDE3_CBC_WITH_MD5 = "desede3";
+    public final static String PR_SSL3_RSA_WITH_NULL_MD5 = "rsa_null_md5";
+    public final static String PR_SSL3_RSA_EXPORT_WITH_RC4_40_MD5 = "rsa_rc4_40_md5";
+    public final static String PR_SSL3_RSA_WITH_RC4_128_MD5 = "rsa_rc4_128_md5";
+    public final static String PR_SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = "rsa_rc2_40_md5";
+    public final static String PR_SSL3_RSA_WITH_DES_CBC_SHA = "rsa_des_sha";
+    public final static String PR_SSL3_RSA_WITH_3DES_EDE_CBC_SHA = "rsa_3des_sha";
+    public final static String PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA = "fortezza";
+    public final static String PR_SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA = "fortezza_rc4_128_sha";
+    public final static String PR_SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = "rsa_fips_3des_sha";
+    public final static String PR_SSL_RSA_FIPS_WITH_DES_CBC_SHA = "rsa_fips_des_sha";
+    public final static String PR_TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = "tls_rsa_rc4_56_sha";
+    public final static String PR_TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = "tls_rsa_des_sha";
 
     /*========================================================
      * Watchdog and Server State Messages 
@@ -599,9 +580,9 @@ public interface Constants {
     public final static String PT_DN = "dn";
 
     public final static String PV_SYSTEM_ADMINISTRATORS =
-        "SystemAdministrators";
+            "SystemAdministrators";
     public final static String PV_CERTIFICATE_ADMINISTRATORS =
-        "CertificateAdministrators";
+            "CertificateAdministrators";
 
     public final static String OP_AUTHENTICATE = "authenticate";
     public final static String OP_RESTART = "restart";
@@ -636,9 +617,9 @@ public interface Constants {
     // certificate authority operations
     public final static String PT_PUBLISH_DN = "ldappublish.ldap.admin-dn";
     public final static String PT_PUBLISH_PWD =
-        "ldappublish.ldap.admin-password";
+            "ldappublish.ldap.admin-password";
     public final static String PT_PUBLISH_FREQ =
-        "crl.crl0.autoUpdateInterval";
+            "crl.crl0.autoUpdateInterval";
     public final static String PT_SERIALNO = "serialno";
     public final static String PT_NAMES = "names";
     public final static String PT_CERTIFICATES = "certificates";
diff --git a/pki/base/common/src/com/netscape/certsrv/common/DestDef.java b/pki/base/common/src/com/netscape/certsrv/common/DestDef.java
index 1d3eaff1..273e6af0 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/DestDef.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/DestDef.java
@@ -17,12 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
 /**
  * This interface defines all the operation destination
  * used in the administration protocol between the
  * console and the server.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface DestDef {
diff --git a/pki/base/common/src/com/netscape/certsrv/common/NameValuePair.java b/pki/base/common/src/com/netscape/certsrv/common/NameValuePair.java
index 44d55e32..ed1d0614 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/NameValuePair.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/NameValuePair.java
@@ -17,13 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
-
-
 /**
  * A class represents a name value pair. A name value
  * pair consists of a name and a value.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class NameValuePair {
@@ -33,7 +30,7 @@ public class NameValuePair {
 
     /**
      * Constructs value pair object.
-     *
+     * 
      * @param name name
      * @param value value
      */
@@ -44,7 +41,7 @@ public class NameValuePair {
 
     /**
      * Retrieves the name.
-     *
+     * 
      * @return name
      */
     public String getName() {
@@ -53,19 +50,19 @@ public class NameValuePair {
 
     /**
      * Retrieves the value.
-     *
+     * 
      * @return value
      */
     public String getValue() {
         return mValue;
     }
-	
+
     /**
      * Sets the value
-     *
+     * 
      * @param value value
      */
     public void setValue(String value) {
         mValue = value;
     }
-}    
+}
diff --git a/pki/base/common/src/com/netscape/certsrv/common/NameValuePairs.java b/pki/base/common/src/com/netscape/certsrv/common/NameValuePairs.java
index 651de782..61d3cad6 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/NameValuePairs.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/NameValuePairs.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.StringTokenizer;
 import java.util.Vector;
 
-
 /**
- * A class represents an ordered list of name 
+ * A class represents an ordered list of name
  * value pairs.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class NameValuePairs {
@@ -40,7 +38,7 @@ public class NameValuePairs {
 
     /**
      * Constructs name value pairs.
-     */	 
+     */
     public NameValuePairs() {
     }
 
@@ -48,7 +46,7 @@ public class NameValuePairs {
      * Adds a name value pair into this set.
      * if the name already exist, the value will
      * be replaced.
-     *
+     * 
      * @param name name
      * @param value value
      */
@@ -66,7 +64,7 @@ public class NameValuePairs {
 
     /**
      * Retrieves name value pair from this set.
-     *
+     * 
      * @param name name
      * @return name value pair
      */
@@ -76,7 +74,7 @@ public class NameValuePairs {
 
     /**
      * Returns number of pairs in this set.
-     *
+     * 
      * @return size
      */
     public int size() {
@@ -85,7 +83,7 @@ public class NameValuePairs {
 
     /**
      * Retrieves name value pairs in specific position.
-     *
+     * 
      * @param pos position of the value
      * @return name value pair
      */
@@ -104,7 +102,7 @@ public class NameValuePairs {
     /**
      * Retrieves value of the name value pairs that matches
      * the given name.
-     *
+     * 
      * @param name name
      * @return value
      */
@@ -119,14 +117,14 @@ public class NameValuePairs {
 
     /**
      * Retrieves a list of names.
-     *
+     * 
      * @return a list of names
      */
     public Enumeration<String> getNames() {
         Vector<String> v = new Vector<String>();
-        int size = mPairs.size(); 
+        int size = mPairs.size();
 
-        for (int i = 0; i < size; i++) { 
+        for (int i = 0; i < size; i++) {
             NameValuePair p = (NameValuePair) mPairs.elementAt(i);
 
             v.addElement(p.getName());
@@ -134,11 +132,11 @@ public class NameValuePairs {
         //System.out.println("getNames: "+v.size());
         return v.elements();
     }
-	
+
     /**
      * Show the content of this name value container as
      * string representation.
-     *
+     * 
      * @return string representation
      */
     public String toString() {
@@ -155,7 +153,7 @@ public class NameValuePairs {
 
     /**
      * Parses a string into name value pairs.
-     *
+     * 
      * @param s string
      * @param nvp name value pairs
      * @return true if successful
@@ -174,16 +172,16 @@ public class NameValuePairs {
             String v = t.substring(i + 1);
 
             nvp.add(n, v);
-        }	
+        }
         return true;
     }
 
     /**
      * Returns a list of name value pair object.
-     *
+     * 
      * @return name value objects
      */
     public Enumeration<NameValuePair> elements() {
         return mPairs.elements();
     }
-}    
+}
diff --git a/pki/base/common/src/com/netscape/certsrv/common/OpDef.java b/pki/base/common/src/com/netscape/certsrv/common/OpDef.java
index 9cfcab4a..22a974e1 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/OpDef.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/OpDef.java
@@ -17,12 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
 /**
  * This interface defines all the administration operations
  * used in the administration protocol between the console
  * and the server.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface OpDef {
diff --git a/pki/base/common/src/com/netscape/certsrv/common/PrefixDef.java b/pki/base/common/src/com/netscape/certsrv/common/PrefixDef.java
index 11a58c5d..833847d0 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/PrefixDef.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/PrefixDef.java
@@ -17,12 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
 /**
  * This interface defines all the prefix tags
  * used in the administration protocol between
  * the console and the server.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface PrefixDef {
@@ -34,8 +33,8 @@ public interface PrefixDef {
     public final static String PX_SYS = "SYS_";
     public final static String PX_DEF = "DEF_";
     public final static String PX_PP = "CERT_PP";
-    
+
     //log content
     public final static String PX_LOG = "log";
-    
+
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/common/ScopeDef.java b/pki/base/common/src/com/netscape/certsrv/common/ScopeDef.java
index 0be3fdf0..f29067f5 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/ScopeDef.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/ScopeDef.java
@@ -17,12 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
 /**
  * This interface defines all the operation scope
  * used in the administration protocol between the
  * console and the server.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ScopeDef {
@@ -31,7 +30,7 @@ public interface ScopeDef {
     public final static String SC_GROUPS = "groups";
     public final static String SC_USERS = "users";
     public final static String SC_USER_CERTS = "certs";
-    
+
     public final static String SC_SNMP = "snmp";
     public final static String SC_SMTP = "smtp";
     public final static String SC_SUBSYSTEM = "subsystem";
@@ -39,12 +38,12 @@ public interface ScopeDef {
     public final static String SC_GATEWAY = "gateway";
     public final static String SC_ADMIN = "admin";
     public final static String SC_NETWORK = "network";
-    
+
     // profile
     public final static String SC_PROFILE_IMPLS = "profile";
     public final static String SC_PROFILE_RULES = "rules";
     public final static String SC_PROFILE_DEFAULT_POLICY = "defaultPolicy";
-    public final static String SC_PROFILE_CONSTRAINT_POLICY = "constraintPolicy"; 
+    public final static String SC_PROFILE_CONSTRAINT_POLICY = "constraintPolicy";
     public final static String SC_PROFILE_POLICIES = "policies";
     public final static String SC_PROFILE_POLICY_CONFIG = "config";
     public final static String SC_PROFILE_INPUT = "profileInput";
@@ -83,7 +82,7 @@ public interface ScopeDef {
     public final static String SC_LOG_CONTENT = "log_content";
     public final static String SC_AUDITLOG_CONTENT = "transactionsLog_content";
     public final static String SC_ERRORLOG_CONTENT = "errorLog_content";
-    public final static String SC_SYSTEMLOG_CONTENT = "systemLog_content";    
+    public final static String SC_SYSTEMLOG_CONTENT = "systemLog_content";
 
     //LDAP publishing
     public final static String SC_LDAP = "ldap";
@@ -109,9 +108,9 @@ public interface ScopeDef {
     public final static String SC_RECOVERY = "recovery";
     public final static String SC_AGENT_PWD = "agentPwd";
     public final static String SC_MNSCHEME = "mnScheme";
-    
+
     //stat
-    public final static String  SC_STAT = "stat";
+    public final static String SC_STAT = "stat";
 
     // RA
     public final static String SC_GENERAL = "general";
@@ -119,10 +118,10 @@ public interface ScopeDef {
     public final static String SC_PKIGW = "pkigw";
     public final static String SC_SERVLET = "servlet";
     public final static String SC_CONNECTOR = "connector";
-    
+
     //tasks
     public final static String SC_TASKS = "tasks";
-    
+
     //authentication
     public final static String SC_AUTH = "auths";
     public final static String SC_AUTHTYPE = "authType";
@@ -139,7 +138,7 @@ public interface ScopeDef {
     public final static String SC_NOTIFICATION_REQ_COMP = "notificationREQC";
     public final static String SC_NOTIFICATION_REV_COMP = "notificationREVC";
     public final static String SC_NOTIFICATION_RIQ = "notificationRIQ";
-    
+
     // acl
     public final static String SC_ACL_IMPLS = "impl";
     public final static String SC_ACL = "acls";
@@ -181,7 +180,7 @@ public interface ScopeDef {
     public final static String SC_PLATFORM = "platform";
 
     public final static String SC_GET_NICKNAMES = "getNicknames";
- 
+
     // Profile
     public final static String SC_SUPPORTED_CONSTRAINTPOLICIES = "supportedConstraintPolicies";
 
diff --git a/pki/base/common/src/com/netscape/certsrv/common/TaskId.java b/pki/base/common/src/com/netscape/certsrv/common/TaskId.java
index 458822ff..01a97b2a 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/TaskId.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/TaskId.java
@@ -17,13 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
 /**
  * This interface defines all the tasks used in
  * the configuration protocol between the
  * configuration wizard and the configuration
  * daemon.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface TaskId {
@@ -66,7 +65,7 @@ public interface TaskId {
 
     // get information about all cryptotokens
     public final static String TASK_TOKEN_INFO = "tokenInfo";
-    
+
     // server get master or clone setting
     public final static String TASK_MASTER_OR_CLONE = "SetMasterOrClone";
     // single signon
@@ -100,10 +99,10 @@ public interface TaskId {
     // set CA starting serial number
     public final static String TASK_SET_CA_SERIAL = "setCASerial";
 
-     // set CA starting serial number
+    // set CA starting serial number
     public final static String TASK_SET_KRA_NUMBER = "setKRANumber";
 
-   // check key length
+    // check key length
     public final static String TASK_CHECK_KEYLENGTH = "checkKeyLength";
 
     // check certificate extension
diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IConnector.java b/pki/base/common/src/com/netscape/certsrv/connector/IConnector.java
index 6dcca9d2..202fb079 100644
--- a/pki/base/common/src/com/netscape/certsrv/connector/IConnector.java
+++ b/pki/base/common/src/com/netscape/certsrv/connector/IConnector.java
@@ -17,20 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.connector;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This interface represents a connector that forwards
  * CMS requests to a remote authority.
- *
+ * 
  * To register a connector, one can add the following
  * to the CMS.cfg:
- *
+ * 
  * <pre>
- *
+ * 
  *  Example for KRA type connector.
  * ca.connector.KRA.enable=true
  * ca.connector.KRA.host=thehost.netscape.com        #Remote host.
@@ -39,21 +37,22 @@ import com.netscape.certsrv.request.IRequest;
  * ca.connector.KRA.uri="/kra/connector"             #Uri of the KRA server.
  * ca.connector.KRA.id="kra"
  * ca.connector.KRA.minHttpConns=1                   #Min connection pool connections. 
- * ca.connector.KRA.maxHttpConns=10                  #Max connection pool connections. 
+ * ca.connector.KRA.maxHttpConns=10                  #Max connection pool connections.
  * </pre>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IConnector {
 
     /**
      * Sends the request to a remote authority.
+     * 
      * @param req Request to be forwarded to remote authority.
      * @return true for success, otherwise false.
-     * @exception EBaseException Failure to send request to remote authority. 
+     * @exception EBaseException Failure to send request to remote authority.
      */
     public boolean send(IRequest req)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Starts this connector.
diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnFactory.java b/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnFactory.java
index c53c6f09..27a94a57 100644
--- a/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnFactory.java
+++ b/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnFactory.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.connector;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
 /**
@@ -26,26 +25,27 @@ import com.netscape.certsrv.base.EBaseException;
  * Multiple threads use this interface to utilize and release
  * the Ldap connection resources. This factory will maintain a
  * list of Http type connections to the remote host.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IHttpConnFactory {
 
-
     /**
      * Request access to a Ldap connection from the pool.
+     * 
      * @exception EBaseException if any error occurs, such as a
      * @return Ldap connection object.
-     * connection is not available
+     *         connection is not available
      */
     public IHttpConnection getConn()
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Return connection to the factory. mandatory after a getConn().
+     * 
      * @param conn Ldap connection object to be returned to the free list of the pool.
      * @exception EBaseException On any failure to return the connection.
      */
     public void returnConn(IHttpConnection conn)
-        throws EBaseException;
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnection.java b/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnection.java
index 6ee57059..d1652dc9 100644
--- a/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnection.java
+++ b/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnection.java
@@ -17,26 +17,25 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.connector;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * This represents a HTTP connection to a remote authority.
  * Http connection is used by the connector to send
  * PKI messages to a remote authority. The remote authority
  * will reply with a PKI message as well. An example would
  * be the communication between a CA and a KRA.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IHttpConnection {
 
     /**
      * Sends the PKI message to the remote authority.
+     * 
      * @param tomsg Message to forward to authority.
      * @exception EBaseException Failed to send message.
      */
-    public IPKIMessage send(IPKIMessage tomsg) 
-        throws EBaseException;
+    public IPKIMessage send(IPKIMessage tomsg)
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IHttpPKIMessage.java b/pki/base/common/src/com/netscape/certsrv/connector/IHttpPKIMessage.java
index 5cb53e25..efa49126 100644
--- a/pki/base/common/src/com/netscape/certsrv/connector/IHttpPKIMessage.java
+++ b/pki/base/common/src/com/netscape/certsrv/connector/IHttpPKIMessage.java
@@ -17,39 +17,41 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.connector;
 
-
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This represents a  Http PKI message. It contains 
- * simple name/value pair values.  Also maintains information
+ * This represents a Http PKI message. It contains
+ * simple name/value pair values. Also maintains information
  * about the status and type of the message.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IHttpPKIMessage extends IPKIMessage {
 
     /**
      * Retrieves the request type.
+     * 
      * @return String with the type of request.
      */
     public String getReqType();
 
     /**
      * Retrieves the request identifier.
+     * 
      * @return String of name of request.
      */
     public String getReqId();
 
     /**
      * Copies contents of request to make a simple name/value message.
+     * 
      * @param r Instance of IRequest to be copied from.
      */
     public void fromRequest(IRequest r);
 
     /**
      * Copies contents to request.
+     * 
      * @param r Instance of IRequest to be copied to.
      */
     public void toRequest(IRequest r);
diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IPKIMessage.java b/pki/base/common/src/com/netscape/certsrv/connector/IPKIMessage.java
index 57ce9700..787dd838 100644
--- a/pki/base/common/src/com/netscape/certsrv/connector/IPKIMessage.java
+++ b/pki/base/common/src/com/netscape/certsrv/connector/IPKIMessage.java
@@ -17,37 +17,37 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.connector;
 
-
 import java.io.Serializable;
 
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * Messages that are serialized and go over the wire.
  * It must be serializable, and
- * later will be inherited by CRMF message. 
- *
+ * later will be inherited by CRMF message.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPKIMessage extends Serializable {
 
     /**
-    *
-    * Returns status of request.
-    * @return String of request status.
-    */
+     * 
+     * Returns status of request.
+     * 
+     * @return String of request status.
+     */
     public String getReqStatus();
 
     /**
      * Retrieves the request type.
+     * 
      * @return String of type of request.
      */
     public String getReqType();
 
-   
     /**
      * Retrieves the request identifer.
+     * 
      * @return String of name of request.
      */
     public String getReqId();
@@ -55,6 +55,7 @@ public interface IPKIMessage extends Serializable {
     /**
      * Makes a PKIMessage from a request
      * PKIMessage will be sent to wire.
+     * 
      * @param r Request to copy from.
      */
     public void fromRequest(IRequest r);
@@ -62,8 +63,9 @@ public interface IPKIMessage extends Serializable {
     /**
      * Copies contents of PKIMessage to the request
      * PKIMessage is from the wire.
+     * 
      * @param r Request to copy to.
      */
     public void toRequest(IRequest r);
-	
+
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IRemoteAuthority.java b/pki/base/common/src/com/netscape/certsrv/connector/IRemoteAuthority.java
index a97936aa..50a3aea5 100644
--- a/pki/base/common/src/com/netscape/certsrv/connector/IRemoteAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/connector/IRemoteAuthority.java
@@ -17,38 +17,39 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.connector;
 
-
-
-
 /**
  * This represents a remote authority that can be
  * a certificate manager, or key recovery manager or
  * some other manager.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRemoteAuthority {
 
     /**
      * Retrieves the host name of the remote Authority.
+     * 
      * @return String with the name of host of remote Authority.
      */
     public String getHost();
 
     /**
      * Retrieves the port number of the remote Authority.
+     * 
      * @return Int with port number of remote Authority.
      */
     public int getPort();
 
     /**
      * Retrieves the URI of the remote Authority.
+     * 
      * @return String with URI of remote Authority.
      */
     public String getURI();
 
     /**
      * Retrieves the timeout value for the connection to the remote Authority.
+     * 
      * @return In with remote Authority timeout value.
      */
     public int getTimeout();
diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IRequestEncoder.java b/pki/base/common/src/com/netscape/certsrv/connector/IRequestEncoder.java
index 7838aa5e..478af417 100644
--- a/pki/base/common/src/com/netscape/certsrv/connector/IRequestEncoder.java
+++ b/pki/base/common/src/com/netscape/certsrv/connector/IRequestEncoder.java
@@ -17,34 +17,33 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.connector;
 
-
 import java.io.IOException;
 
-
 /**
  * This represents a rquest encoder that serializes and
  * deserializes a request to a Remote Authority so that it can be sent through
  * the connector.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRequestEncoder {
 
     /**
      * Encodes a request object.
+     * 
      * @param r Object to serve as the source of the message.
      * @return String containing encoded message.
      * @exception IOException Failure of the encoding operation due to IO error.
      */
     String encode(Object r)
-        throws IOException;
+            throws IOException;
 
     /**
-     * Dncodes a String into an  object.
+     * Dncodes a String into an object.
+     * 
      * @return Object which is the result of the decoded message.
      * @exception IOException Failure of the decoding operation due to IO error.
      */
     Object decode(String s)
-        throws IOException;
+            throws IOException;
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IResender.java b/pki/base/common/src/com/netscape/certsrv/connector/IResender.java
index 3574c3a5..85d3e364 100644
--- a/pki/base/common/src/com/netscape/certsrv/connector/IResender.java
+++ b/pki/base/common/src/com/netscape/certsrv/connector/IResender.java
@@ -17,25 +17,23 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.connector;
 
-
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * Resend requests at intervals to the server to ensure completion of requests. 
- * Default interval is 5 minutes.  The need to resend a message could arise
+ * Resend requests at intervals to the server to ensure completion of requests.
+ * Default interval is 5 minutes. The need to resend a message could arise
  * due to an error or the fact that the message could not be serviced
  * immediately.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IResender extends Runnable {
 
     /**
      * Adds the request to the resend queue.
+     * 
      * @param r Request to be placed on the resend queue.
      */
     public void addRequest(IRequest r);
-	
-}
 
+}
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/DBResources.java b/pki/base/common/src/com/netscape/certsrv/dbs/DBResources.java
index 4bfb14fb..a2201b8e 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/DBResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/DBResources.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for DBS subsystem.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DBResources extends ListResourceBundle {
@@ -38,4 +36,3 @@ public class DBResources extends ListResourceBundle {
 
     static final Object[][] contents = {};
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/EDBException.java b/pki/base/common/src/com/netscape/certsrv/dbs/EDBException.java
index 14f653d6..77508dca 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/EDBException.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/EDBException.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class represents a database exception.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EDBException extends EBaseException {
@@ -36,12 +34,12 @@ public class EDBException extends EBaseException {
     /**
      * Resource class name.
      */
-    private static final String DB_RESOURCES = DBResources.class.getName();		
+    private static final String DB_RESOURCES = DBResources.class.getName();
 
     /**
      * Constructs a database exception.
      * <P>
-     *
+     * 
      * @param msgFormat message format
      */
     public EDBException(String msgFormat) {
@@ -51,7 +49,7 @@ public class EDBException extends EBaseException {
     /**
      * Constructs a database exception.
      * <P>
-     *
+     * 
      * @param msgFormat message format
      * @param param parameter
      */
@@ -62,7 +60,7 @@ public class EDBException extends EBaseException {
     /**
      * Constructs a database exception.
      * <P>
-     *
+     * 
      * @param msgFormat message format
      * @param e exception as parameter
      */
@@ -73,7 +71,7 @@ public class EDBException extends EBaseException {
     /**
      * Constructs a database exception.
      * <P>
-     *
+     * 
      * @param msgFormat message format
      * @param params list of parameters
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/EDBNotAvailException.java b/pki/base/common/src/com/netscape/certsrv/dbs/EDBNotAvailException.java
index 170a8ee8..6afb2dcc 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/EDBNotAvailException.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/EDBNotAvailException.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 /**
  * Indicates internal db is down.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EDBNotAvailException extends EDBException {
@@ -32,7 +31,7 @@ public class EDBNotAvailException extends EDBException {
 
     /**
      * Constructs a ldap server down exception with host & port info.
-     *
+     * 
      * @param errorString Detailed error message.
      */
     public EDBNotAvailException(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java b/pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java
index 1640fc78..dd3880c1 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 /**
  * Indicates internal db is down.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EDBRecordNotFoundException extends EDBException {
@@ -32,7 +31,7 @@ public class EDBRecordNotFoundException extends EDBException {
 
     /**
      * Constructs a ldap server down exception with host & port info.
-     *
+     * 
      * @param errorString Detailed error message.
      */
     public EDBRecordNotFoundException(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBAttrMapper.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBAttrMapper.java
index 173537d6..27e15bd7 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBAttrMapper.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBAttrMapper.java
@@ -17,21 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import java.util.Enumeration;
 
 import netscape.ldap.LDAPAttributeSet;
 
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * An interface represents an attribute mapper. A mapper
  * has knowledge on how to convert a db attribute into
  * zero or more LDAP attribute, and vice versa.
  * <P>
- *
- * @version $Revision$, $Date$ 
+ * 
+ * @version $Revision$, $Date$
  */
 public interface IDBAttrMapper {
 
@@ -39,44 +37,44 @@ public interface IDBAttrMapper {
      * Retrieves a list of LDAP attributes that are used
      * in the mapper. By having this, the framework can
      * provide search on selective attributes.
-     *
+     * 
      * @return a list of supported attribute names
      */
     public Enumeration<String> getSupportedLDAPAttributeNames();
 
     /**
      * Maps object attribute into LDAP attributes.
-     *
+     * 
      * @param parent parent object where the object comes from
      * @param name name of db attribute
      * @param obj object itself
      * @param attrs LDAP attribute set where the result should be stored
      * @exception EBaseException failed to map object
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException;
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException;
 
     /**
-     * Maps LDAP attributes into object, and puts the object 
+     * Maps LDAP attributes into object, and puts the object
      * into 'parent'.
-     *
+     * 
      * @param attrs LDAP attribute set
      * @param name name of db attribute to be processed
      * @param parent parent object where the object should be added
      * @exception EBaseException failed to map object
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException;
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException;
 
     /**
      * Maps search filters into LDAP search filter.
-     *
+     * 
      * @param name name of db attribute
      * @param op filte operation (i.e. "=", ">=")
      * @param value attribute value
      * @exception EBaseException failed to map filter
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException;
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBDynAttrMapper.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBDynAttrMapper.java
index c1c8c3b3..5684dd4d 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBDynAttrMapper.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBDynAttrMapper.java
@@ -6,7 +6,7 @@ package com.netscape.certsrv.dbs;
  * assigned db attribute into zero or more dynamically assigned LDAP
  * attributes, and vice versa.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IDBDynAttrMapper extends IDBAttrMapper {
@@ -14,7 +14,7 @@ public interface IDBDynAttrMapper extends IDBAttrMapper {
     /**
      * Returns true if the LDAP attribute can be mapped by this
      * dynamic mapper.
-     *
+     * 
      * @param attrName LDAP attribute name to check
      * @return a list of supported attribute names
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBObj.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBObj.java
index ab1ce0a4..5c634bee 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBObj.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBObj.java
@@ -17,26 +17,24 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.base.IAttrSet;
 
-
 /**
  * An interface represents a database object
  * that is serializable.
- *
- * @version $Revision$, $Date$ 
+ * 
+ * @version $Revision$, $Date$
  */
 public interface IDBObj extends IAttrSet {
 
     /**
-     * Returns a list of serializable attribute 
+     * Returns a list of serializable attribute
      * names. This method should return the
      * attribute name even if there is no attribute
      * value for the attribute.
-     *
+     * 
      * @return a list of serializable attribute names
      */
     public Enumeration<String> getSerializableAttrNames();
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBRegistry.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBRegistry.java
index 4270c9ce..241f3af9 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBRegistry.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBRegistry.java
@@ -17,42 +17,40 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import netscape.ldap.LDAPAttributeSet;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.ISubsystem;
- 
 
 /**
  * A class represents a registry where all the
- * schema (object classes and attribute) information 
+ * schema (object classes and attribute) information
  * is stored.
- *
+ * 
  * Attribute mappers can be registered with this
  * registry.
- *
+ * 
  * Given the schema information stored, this registry
  * has knowledge to convert a Java object into a
  * LDAPAttributeSet or vice versa.
- *
- * @version $Revision$, $Date$ 
+ * 
+ * @version $Revision$, $Date$
  */
 public interface IDBRegistry extends ISubsystem {
 
     /**
      * Registers object class.
-     *
+     * 
      * @param className java class to create for the object classes
      * @param ldapNames a list of LDAP object classes
      * @exception EDBException failed to register
      */
     public void registerObjectClass(String className, String ldapNames[])
-        throws EDBException;
+            throws EDBException;
 
     /**
      * See if an object class is registered.
-     *
+     * 
      * @param className java class to create
      * @return true if object class is registered already
      */
@@ -60,17 +58,17 @@ public interface IDBRegistry extends ISubsystem {
 
     /**
      * Registers attribute mapper.
-     *
+     * 
      * @param ufName LDAP attribute name
      * @param mapper mapper to invoke for the attribute
      * @exception EDBException failed to register
      */
-    public void registerAttribute(String ufName, IDBAttrMapper mapper) 
-        throws EDBException;
+    public void registerAttribute(String ufName, IDBAttrMapper mapper)
+            throws EDBException;
 
     /**
      * See if an attribute is registered.
-     *
+     * 
      * @param ufName attribute name
      * @return true if attribute is registered already
      */
@@ -78,6 +76,7 @@ public interface IDBRegistry extends ISubsystem {
 
     /**
      * Registers a dynamic attribute mapper.
+     * 
      * @param mapper The dynamic mapper to register
      */
     public void registerDynamicMapper(IDBDynAttrMapper mapper);
@@ -86,6 +85,7 @@ public interface IDBRegistry extends ISubsystem {
      * Creates LDAP-based search filters with help of
      * registered mappers.
      * Parses filter from filter string specified in RFC1558.
+     * 
      * <pre>
      * <filter> ::= '(' <filtercomp> ')'
      * <filtercomp> ::= <and> | <or> | <not> | <item>
@@ -107,7 +107,7 @@ public interface IDBRegistry extends ISubsystem {
      * <starval> ::= NULL | <value> '*' <starval>
      * <final> ::= NULL | <value>
      * </pre>
-     *
+     * 
      * @param filter CMS-based filter
      * @return LDAP-based filter string
      * @exception EBaseException failed to convert filter
@@ -117,55 +117,55 @@ public interface IDBRegistry extends ISubsystem {
     /**
      * Creates LDAP-based search filters with help of
      * registered mappers.
-     *
+     * 
      * @param filter CMS-based filter
      * @param c filter converter
      * @return LDAP-based filter string
      * @exception EBaseException failed to convert filter
      */
-    public String getFilter(String filter, IFilterConverter c) 
-        throws EBaseException;
+    public String getFilter(String filter, IFilterConverter c)
+            throws EBaseException;
 
     /**
      * Maps object into LDAP attribute set.
-     *
+     * 
      * @param parent object's parent
      * @param name name of the object
      * @param obj object to be mapped
      * @param attrs LDAP attribute set
      * @exception EBaseException failed to map object
      */
-    public void mapObject(IDBObj parent, String name, Object obj, 
-        LDAPAttributeSet attrs) throws EBaseException;
+    public void mapObject(IDBObj parent, String name, Object obj,
+            LDAPAttributeSet attrs) throws EBaseException;
 
     /**
      * Retrieves a list of LDAP attributes that are associated
      * with the given attributes.
-     *
+     * 
      * @param attrs attributes
      * @return LDAP-based attributes
      * @exception EBaseException failed to map attributes
      */
-    public String[] getLDAPAttributes(String attrs[]) 
-        throws EBaseException;
+    public String[] getLDAPAttributes(String attrs[])
+            throws EBaseException;
 
     /**
      * Creates attribute set from object.
-     *
+     * 
      * @param obj database object
      * @return LDAP attribute set
      * @exception EBaseException failed to create set
      */
-    public LDAPAttributeSet createLDAPAttributeSet(IDBObj obj) 
-        throws EBaseException;
+    public LDAPAttributeSet createLDAPAttributeSet(IDBObj obj)
+            throws EBaseException;
 
     /**
      * Creates object from attribute set.
-     *
+     * 
      * @param attrs LDAP attribute set
      * @return database object
      * @exception EBaseException failed to create object
      */
     public IDBObj createObject(LDAPAttributeSet attrs)
-        throws EBaseException;
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSSession.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSSession.java
index 7f4e4f8c..ec019423 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSSession.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSSession.java
@@ -17,45 +17,44 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import netscape.ldap.LDAPSearchResults;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
  * An interface represents the database session. Operations
  * can be performed with a session.
- *
- * Transaction and Caching support can be integrated 
+ * 
+ * Transaction and Caching support can be integrated
  * into session.
- *
- * @version $Revision$, $Date$ 
+ * 
+ * @version $Revision$, $Date$
  */
 public interface IDBSSession {
 
     /**
      * Returns database subsystem.
-     *
+     * 
      * @return subsystem
      */
     public ISubsystem getDBSubsystem();
 
     /**
      * Closes this session.
-     *
+     * 
      * @exception EDBException failed to close session
      */
     public void close() throws EDBException;
 
     /**
      * Adds object to backend database. For example,
+     * 
      * <PRE>
-     *    session.add("cn=123459,o=certificate repository,o=airius.com", 
-     * 			certRec);
+     * session.add(&quot;cn=123459,o=certificate repository,o=airius.com&quot;,
+     *             certRec);
      * </PRE>
-     *
+     * 
      * @param name name of the object
      * @param obj object to be added
      * @exception EDBException failed to add object
@@ -64,7 +63,7 @@ public interface IDBSSession {
 
     /**
      * Reads an object from the database.
-     *
+     * 
      * @param name name of the object that is to be read
      * @return database object
      * @exception EBaseException failed to read object
@@ -74,18 +73,18 @@ public interface IDBSSession {
     /**
      * Reads an object from the database, and only populates
      * the selected attributes.
-     *
+     * 
      * @param name name of the object that is to be read
      * @param attrs selected attributes
      * @return database object
      * @exception EBaseException failed to read object
      */
-    public IDBObj read(String name, String attrs[]) 
-        throws EBaseException;
+    public IDBObj read(String name, String attrs[])
+            throws EBaseException;
 
     /**
      * Deletes object from database.
-     *
+     * 
      * @param name name of the object that is to be deleted
      * @exception EBaseException failed to delete object
      */
@@ -93,43 +92,43 @@ public interface IDBSSession {
 
     /**
      * Modify an object in the database.
-     *
+     * 
      * @param name name of the object that is to be modified
      * @param mods modifications
      * @exception EBaseException failed to modify
      */
-    public void modify(String name, ModificationSet mods) 
-        throws EBaseException;
+    public void modify(String name, ModificationSet mods)
+            throws EBaseException;
 
     /**
-     * Searchs for a list of objects that match the 
+     * Searchs for a list of objects that match the
      * filter.
-     *
+     * 
      * @param base starting point of the search
      * @param filter search filter
      * @return search results
      * @exception EBaseException failed to search
      */
-    public IDBSearchResults search(String base, String filter) 
-        throws EBaseException;
+    public IDBSearchResults search(String base, String filter)
+            throws EBaseException;
 
     /**
-     * Searchs for a list of objects that match the 
+     * Searchs for a list of objects that match the
      * filter.
-     *
+     * 
      * @param base starting point of the search
      * @param filter search filter
      * @param maxSize max number of entries
      * @return search results
      * @exception EBaseException failed to search
      */
-    public IDBSearchResults search(String base, String filter, int maxSize) 
-        throws EBaseException;
+    public IDBSearchResults search(String base, String filter, int maxSize)
+            throws EBaseException;
 
     /**
-     * Searchs for a list of objects that match the 
+     * Searchs for a list of objects that match the
      * filter.
-     *
+     * 
      * @param base starting point of the search
      * @param filter search filter
      * @param maxSize max number of entries
@@ -137,25 +136,25 @@ public interface IDBSSession {
      * @return search results
      * @exception EBaseException failed to search
      */
-    public IDBSearchResults search(String base, String filter, int maxSize, 
-        int timeLimit) throws EBaseException;
+    public IDBSearchResults search(String base, String filter, int maxSize,
+            int timeLimit) throws EBaseException;
 
     /**
-     * Retrieves a list of object that satifies the given 
+     * Retrieves a list of object that satifies the given
      * filter.
-     *
+     * 
      * @param base starting point of the search
      * @param filter search filter
      * @param attrs selected attributes
      * @return search results
      * @exception EBaseException failed to search
      */
-    public IDBSearchResults search(String base, String filter, 
-        String attrs[]) throws EBaseException;
+    public IDBSearchResults search(String base, String filter,
+            String attrs[]) throws EBaseException;
 
     /**
      * Retrieves a list of objects.
-     *
+     * 
      * @param base starting point of the search
      * @param filter search filter
      * @param attrs selected attributes
@@ -163,12 +162,12 @@ public interface IDBSSession {
      * @exception EBaseException failed to search
      */
     public <T> IDBVirtualList<T> createVirtualList(String base, String filter,
-        String attrs[]) throws EBaseException;
+            String attrs[]) throws EBaseException;
 
     /**
      * Sets persistent search to retrieve modified
      * certificate records.
-     *
+     * 
      * @param base starting point of the search
      * @param filter search filter
      * @param attrs selected attributes
@@ -176,11 +175,11 @@ public interface IDBSSession {
      * @exception EBaseException failed to search
      */
     public LDAPSearchResults persistentSearch(String base, String filter,
-        String attrs[]) throws EBaseException;
+            String attrs[]) throws EBaseException;
 
     /**
      * Retrieves a list of objects.
-     *
+     * 
      * @param base starting point of the search
      * @param filter search filter
      * @param attrs selected attributes
@@ -190,12 +189,12 @@ public interface IDBSSession {
      * @exception EBaseException failed to search
      */
     public <T> IDBVirtualList<T> createVirtualList(String base, String filter,
-        String attrs[], String sortKey, int pageSize) 
-        throws EBaseException;
+            String attrs[], String sortKey, int pageSize)
+            throws EBaseException;
 
     /**
      * Retrieves a list of objects.
-     *
+     * 
      * @param base starting point of the search
      * @param filter search filter
      * @param attrs selected attributes
@@ -206,7 +205,7 @@ public interface IDBSSession {
      * @exception EBaseException failed to search
      */
     public <T> IDBVirtualList<T> createVirtualList(String base, String filter,
-        String attrs[], String startFrom, 
-        String sortKey, int pageSize) 
-        throws EBaseException;
+            String attrs[], String startFrom,
+            String sortKey, int pageSize)
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSearchResults.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSearchResults.java
index 9f15b808..04736cf3 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSearchResults.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSearchResults.java
@@ -17,29 +17,27 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import java.util.Enumeration;
- 
 
 /**
  * A class represents the search results. A search
  * results object contain a enumeration of
  * Java objects that are just read from the database.
- *
- * @version $Revision$, $Date$ 
+ * 
+ * @version $Revision$, $Date$
  */
 public interface IDBSearchResults extends Enumeration<Object> {
 
     /**
      * Checks if any element is available.
-     *
+     * 
      * @return true if there is more elements
      */
     public boolean hasMoreElements();
 
     /**
      * Retrieves next element.
-     *
+     * 
      * @return next element
      */
     public Object nextElement();
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java
index 350a29c4..fec6e6af 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import java.math.BigInteger;
 
 import netscape.ldap.LDAPConnection;
@@ -25,22 +24,19 @@ import netscape.ldap.LDAPConnection;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
  * An interface represents certificate server
  * backend database.
  * <P>
- * This interface separate the database subsystem
- * functionalities from internal implementation.
+ * This interface separate the database subsystem functionalities from internal implementation.
  * <P>
- *
- * @version $Revision$, $Date$ 
+ * 
+ * @version $Revision$, $Date$
  */
 public interface IDBSubsystem extends ISubsystem {
 
     public static final String SUB_ID = "dbs";
 
-
     // values for repos
     public static final int CERTS = 0;
     public static final int REQUESTS = 1;
@@ -49,21 +45,21 @@ public interface IDBSubsystem extends ISubsystem {
 
     /**
      * Retrieves the base DN.
-     *
+     * 
      * @return base DN of the subsystem
      */
     public String getBaseDN();
 
     /**
      * Retrieves the registry.
-     *
+     * 
      * @return registry
      */
     public IDBRegistry getRegistry();
 
     /**
      * Creates a database session.
-     *
+     * 
      * @return database session
      * @exception EDBException failed to create session
      */
@@ -71,145 +67,145 @@ public interface IDBSubsystem extends ISubsystem {
 
     /**
      * Avoids losing serial number.
-     *
+     * 
      * @return true if serial number recovery option is enabled
      */
     public boolean enableSerialNumberRecovery();
 
     /**
      * Records next serial number in config file
-     *
+     * 
      * @param serial next serial number
-     * @exception EBaseException failed to set 
+     * @exception EBaseException failed to set
      */
     public void setNextSerialConfig(BigInteger serial) throws EBaseException;
 
     /**
      * Gets the next serial number in config file
-     *
+     * 
      * @return next serial number
      */
     public BigInteger getNextSerialConfig();
 
     /**
      * Records maximum serial number limit in config file
-     *
+     * 
      * @param serial max serial number
-     * @param repo   repo identifier 
-     * @exception EBaseException failed to set 
+     * @param repo repo identifier
+     * @exception EBaseException failed to set
      */
     public void setMaxSerialConfig(int repo, String serial) throws EBaseException;
 
     /**
      * Records minimum serial number limit in config file
-     *
+     * 
      * @param serial min serial number
-     * @param repo   repo identifier 
-     * @exception EBaseException failed to set 
+     * @param repo repo identifier
+     * @exception EBaseException failed to set
      */
     public void setMinSerialConfig(int repo, String serial) throws EBaseException;
 
     /**
      * Records maximum serial number limit for the next range in config file
-     *
+     * 
      * @param serial max serial number
-     * @param repo   repo identifier 
-     * @exception EBaseException failed to set 
+     * @param repo repo identifier
+     * @exception EBaseException failed to set
      */
     public void setNextMaxSerialConfig(int repo, String serial) throws EBaseException;
 
     /**
      * Records minimum serial number limit for the next range in config file
-     *
+     * 
      * @param serial min serial number
-     * @param repo   repo identifier 
-     * @exception EBaseException failed to set 
+     * @param repo repo identifier
+     * @exception EBaseException failed to set
      */
     public void setNextMinSerialConfig(int repo, String serial) throws EBaseException;
 
     /**
      * Gets minimum serial number limit in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return min serial number
      */
     public String getMinSerialConfig(int repo);
 
     /**
      * Gets the maximum serial number limit in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return max serial number
      */
     public String getMaxSerialConfig(int repo);
 
     /**
      * Gets the maximum serial number limit for next range in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return max serial number
      */
     public String getNextMaxSerialConfig(int repo);
 
     /**
      * Gets minimum serial number limit for next range in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return min serial number
      */
     public String getNextMinSerialConfig(int repo);
-    
+
     /**
      * Gets low water mark limit in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return low water mark
      */
     public String getLowWaterMarkConfig(int repo);
- 
+
     /**
      * Gets range increment limit for next range in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return range increment
      */
     public String getIncrementConfig(int repo);
-  
+
     /**
      * Gets number corresponding to start of next range from database
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return start of next range
      */
     public String getNextRange(int repo);
 
     /**
      * Determines if a range conflict has been observed in database
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return true if range conflict, false otherwise
      */
     public boolean hasRangeConflict(int repo);
 
     /**
      * Determines if serial number management has been enabled
-     *
+     * 
      * @return true if enabled, false otherwise
      */
     public boolean getEnableSerialMgmt();
 
-   /**
+    /**
      * Sets whether serial number management is enabled for certs
-     * and requests. 
-     *
-     * @param value   true/false 
-     * @exception EBaseException failed to set 
+     * and requests.
+     * 
+     * @param value true/false
+     * @exception EBaseException failed to set
      */
     public void setEnableSerialMgmt(boolean value) throws EBaseException;
 
     /**
      * Returns LDAP connection to connection pool.
-     *
+     * 
      * @param conn connection to be returned
      */
     public void returnConn(LDAPConnection conn);
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBVirtualList.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBVirtualList.java
index 7d175c45..919a82ef 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBVirtualList.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBVirtualList.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A interface represents a virtual list of search results.
  * Note that this class must be used with DS4.0.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public interface IDBVirtualList<E>  {
+public interface IDBVirtualList<E> {
 
     /**
      * Sets the paging size of this virtual list.
@@ -42,7 +40,7 @@ public interface IDBVirtualList<E>  {
 
     /**
      * Sets the sort key
-     *
+     * 
      * @param sortKey the attribute to sort by
      * @exception EBaseException failed to set
      */
@@ -50,7 +48,7 @@ public interface IDBVirtualList<E>  {
 
     /**
      * Sets the sort key
-     *
+     * 
      * @param sortKeys the attributes to sort by
      * @exception EBaseException failed to set
      */
@@ -58,60 +56,61 @@ public interface IDBVirtualList<E>  {
 
     /**
      * Retrieves the size of this virtual list.
-     * Recommend to call getSize() before getElementAt() or getElements() 
+     * Recommend to call getSize() before getElementAt() or getElements()
      * since you'd better check if the index is out of bound first.
-     *
+     * 
      * @return current size in list
      */
     public int getSize();
 
     /**
      * Returns current index.
-     *
+     * 
      * @return current index
      */
 
     public int getSizeBeforeJumpTo();
+
     public int getSizeAfterJumpTo();
 
     public int getCurrentIndex();
 
-    /** 
+    /**
      * Get a page starting at "first" (although we may also fetch
      * some preceding entries)
-     * Recommend to call getSize() before getElementAt() or getElements() 
+     * Recommend to call getSize() before getElementAt() or getElements()
      * since you'd better check if the index is out of bound first.
-     *
+     * 
      * @param first the index of the first entry of the page you want to fetch
      */
     public boolean getPage(int first);
 
-    /** 
+    /**
      * Called by application to scroll the list with initial letters.
      * Consider text to be an initial substring of the attribute of the
      * primary sorting key(the first one specified in the sort key array)
      * of an entry.
      * If no entries match, the one just before(or after, if none before)
      * will be returned as mSelectedIndex
-     *
+     * 
      * @param text the prefix of the first entry of the page you want to fetch
      */
     public boolean getPage(String text);
 
-    /** 
+    /**
      * Fetchs data of a single list item
-     * Recommend to call getSize() before getElementAt() or getElements() 
+     * Recommend to call getSize() before getElementAt() or getElements()
      * since you'd better check if the index is out of bound first.
-     * If the index is out of range of the virtual list, an exception 
+     * If the index is out of range of the virtual list, an exception
      * will be thrown and return null
-     *
+     * 
      * @param index the index of the element to fetch
      */
     public E getElementAt(int index);
 
     /**
      * Retrieves and jumps to element in the given position.
-     *
+     * 
      * @param i position
      * @return object
      */
@@ -119,26 +118,26 @@ public interface IDBVirtualList<E>  {
 
     /**
      * Processes elements as soon as it arrives. It is
-     * more memory-efficient. 
-     *
+     * more memory-efficient.
+     * 
      * @param startidx starting index
      * @param endidx ending index
      * @param ep object to call
      * @exception EBaseException failed to process elements
      */
     public void processElements(int startidx, int endidx, IElementProcessor ep)
-        throws EBaseException;
+            throws EBaseException;
 
-    /** 
+    /**
      * Gets the virutal selected index
-     *
+     * 
      * @return selected index
      */
     public int getSelectedIndex();
 
-    /** 
+    /**
      * Gets the top of the buffer
-     *
+     * 
      * @return first index
      */
     public int getFirstIndex();
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IElementProcessor.java b/pki/base/common/src/com/netscape/certsrv/dbs/IElementProcessor.java
index 75702199..648a13ae 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IElementProcessor.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IElementProcessor.java
@@ -17,20 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * Processor handles object read from the session.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IElementProcessor {
 
     /**
      * Handles object
-     *
+     * 
      * @param o object to be processed
      * @exception EBaseException failed to process object
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IFilterConverter.java b/pki/base/common/src/com/netscape/certsrv/dbs/IFilterConverter.java
index 1a078365..2c0ccb89 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IFilterConverter.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IFilterConverter.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
-
-
 /**
  * An interface represents a filter converter
  * that understands how to convert a attribute
  * type from one defintion to another.
- * For example, 
+ * For example,
+ * 
  * <PRE>
  * (1) database layer need to convert
  *     registered attribute type to ldap attribute
@@ -34,13 +32,13 @@ package com.netscape.certsrv.dbs;
  *     attribute type.
  * </PRE>
  * 
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public interface IFilterConverter {
 
     /**
      * Converts attribute into LDAP attribute.
-     *
+     * 
      * @param attr attribute name
      * @param op attribute operation
      * @param value attribute value
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/Modification.java b/pki/base/common/src/com/netscape/certsrv/dbs/Modification.java
index 9be75f0b..6c61bdb1 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/Modification.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/Modification.java
@@ -17,14 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
-
-
 /**
  * A class represents a modification. This is used by the
  * database (dbs) framework for modification operations.
  * It specifices the modification type and values.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class Modification {
@@ -50,7 +47,7 @@ public class Modification {
 
     /**
      * Constructs a role modification.
-     *
+     * 
      * @param name attribute name
      * @param op attribute operation (i.e. MOD_ADD, MOD_DELETE, or MOD_REPLACE)
      * @param value attribute value
@@ -63,7 +60,7 @@ public class Modification {
 
     /**
      * Retrieves attribute name.
-     *
+     * 
      * @return attribute name
      */
     public String getName() {
@@ -72,7 +69,7 @@ public class Modification {
 
     /**
      * Retrieves modification operation type.
-     *
+     * 
      * @return modification type
      */
     public int getOp() {
@@ -81,7 +78,7 @@ public class Modification {
 
     /**
      * Retrieves attribute value.
-     *
+     * 
      * @return attribute value
      */
     public Object getValue() {
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/ModificationSet.java b/pki/base/common/src/com/netscape/certsrv/dbs/ModificationSet.java
index b737f861..70e9b377 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/ModificationSet.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/ModificationSet.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
-
 /**
  * A class represents a modification set. A modification
  * set contains zero or more modifications.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ModificationSet {
@@ -43,7 +41,7 @@ public class ModificationSet {
 
     /**
      * Adds modification to this set.
-     *
+     * 
      * @param name attribute name
      * @param op modification operation
      * @param value attribute value
@@ -54,7 +52,7 @@ public class ModificationSet {
 
     /**
      * Retrieves a list of modifications.
-     *
+     * 
      * @return a list of Modifications
      */
     public Enumeration<Modification> getModifications() {
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java
index 681e586b..d05c9ed5 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.certdb;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 
@@ -26,10 +25,9 @@ import netscape.security.x509.X509CertImpl;
 import com.netscape.certsrv.base.MetaInfo;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
  * An interface contains constants for certificate record.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICertRecord extends IDBObj {
@@ -71,108 +69,108 @@ public interface ICertRecord extends IDBObj {
     public final static String X509CERT_DURATION = "duration";
     public final static String X509CERT_EXTENSION = "extension";
     public final static String X509CERT_SUBJECT = "subject";
-    public final static String X509CERT_PUBLIC_KEY_DATA ="publicKeyData";
+    public final static String X509CERT_PUBLIC_KEY_DATA = "publicKeyData";
     public final static String X509CERT_VERSION = "version";
     public final static String X509CERT_ALGORITHM = "algorithm";
     public final static String X509CERT_SIGNING_ALGORITHM = "signingAlgorithm";
     public final static String X509CERT_SERIAL_NUMBER = "serialNumber";
 
     /* attribute type used the following with search filter */
-    public final static String ATTR_X509CERT_NOT_BEFORE = 
-        ATTR_X509CERT + "." + X509CERT_NOT_BEFORE;
-    public final static String ATTR_X509CERT_NOT_AFTER = 
-        ATTR_X509CERT + "." + X509CERT_NOT_AFTER;
-    public final static String ATTR_X509CERT_DURATION = 
-        ATTR_X509CERT + "." + X509CERT_DURATION;
-    public final static String ATTR_X509CERT_EXTENSION = 
-        ATTR_X509CERT + "." + X509CERT_EXTENSION;
-    public final static String ATTR_X509CERT_SUBJECT = 
-        ATTR_X509CERT + "." + X509CERT_SUBJECT;
-    public final static String ATTR_X509CERT_VERSION = 
-        ATTR_X509CERT + "." + X509CERT_VERSION;
-    public final static String ATTR_X509CERT_ALGORITHM = 
-        ATTR_X509CERT + "." + X509CERT_ALGORITHM;
-    public final static String ATTR_X509CERT_SIGNING_ALGORITHM = 
-        ATTR_X509CERT + "." + X509CERT_SIGNING_ALGORITHM;
-    public final static String ATTR_X509CERT_SERIAL_NUMBER = 
-        ATTR_X509CERT + "." + X509CERT_SERIAL_NUMBER;
-    public final static String ATTR_X509CERT_PUBLIC_KEY_DATA = 
-        ATTR_X509CERT + "." + X509CERT_PUBLIC_KEY_DATA;
+    public final static String ATTR_X509CERT_NOT_BEFORE =
+            ATTR_X509CERT + "." + X509CERT_NOT_BEFORE;
+    public final static String ATTR_X509CERT_NOT_AFTER =
+            ATTR_X509CERT + "." + X509CERT_NOT_AFTER;
+    public final static String ATTR_X509CERT_DURATION =
+            ATTR_X509CERT + "." + X509CERT_DURATION;
+    public final static String ATTR_X509CERT_EXTENSION =
+            ATTR_X509CERT + "." + X509CERT_EXTENSION;
+    public final static String ATTR_X509CERT_SUBJECT =
+            ATTR_X509CERT + "." + X509CERT_SUBJECT;
+    public final static String ATTR_X509CERT_VERSION =
+            ATTR_X509CERT + "." + X509CERT_VERSION;
+    public final static String ATTR_X509CERT_ALGORITHM =
+            ATTR_X509CERT + "." + X509CERT_ALGORITHM;
+    public final static String ATTR_X509CERT_SIGNING_ALGORITHM =
+            ATTR_X509CERT + "." + X509CERT_SIGNING_ALGORITHM;
+    public final static String ATTR_X509CERT_SERIAL_NUMBER =
+            ATTR_X509CERT + "." + X509CERT_SERIAL_NUMBER;
+    public final static String ATTR_X509CERT_PUBLIC_KEY_DATA =
+            ATTR_X509CERT + "." + X509CERT_PUBLIC_KEY_DATA;
 
     /**
      * Retrieves serial number from stored certificate.
-     *
+     * 
      * @return certificate serial number
      */
     public BigInteger getCertificateSerialNumber();
 
     /**
      * Retrieves serial number from certificate record.
-     *
+     * 
      * @return certificate serial number
      */
     public BigInteger getSerialNumber();
 
     /**
      * Retrieves certificate from certificate record.
-     *
+     * 
      * @return certificate
      */
     public X509CertImpl getCertificate();
 
     /**
      * Retrieves name of who issued this certificate.
-     *
+     * 
      * @return name of who issued this certificate
      */
     public String getIssuedBy();
 
     /**
      * Retrieves name of who revoked this certificate.
-     *
+     * 
      * @return name of who revoked this certificate
      */
     public String getRevokedBy();
 
     /**
      * Retrieves date when this certificate was revoked.
-     *
+     * 
      * @return date when this certificate was revoked
      */
     public Date getRevokedOn();
 
     /**
      * Retrieves meta info.
-     *
+     * 
      * @return meta info
      */
     public MetaInfo getMetaInfo();
 
     /**
      * Retrieves certificate status.
-     *
+     * 
      * @return certificate status
      */
     public String getStatus();
 
     /**
      * Retrieves time of creation of this certificate record.
-     *
+     * 
      * @return time of creation of this certificate record
      */
     public Date getCreateTime();
 
     /**
      * Retrieves time of modification of this certificate record.
-     *
+     * 
      * @return time of modification of this certificate record
      */
     public Date getModifyTime();
 
     /**
      * Retrieves revocation info.
-     *
+     * 
      * @return revocation info
      */
     public IRevocationInfo getRevocationInfo();
-}    
+}
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecordList.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecordList.java
index 616bd5db..5db7e473 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecordList.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecordList.java
@@ -17,74 +17,72 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.certdb;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IElementProcessor;
 
-
 /**
  * A class represents a list of certificate records.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICertRecordList {
 
     /**
      * Gets the current index.
-     *
+     * 
      * @return current index
      */
     public int getCurrentIndex();
 
     /**
      * Retrieves the size of request list.
-     *
+     * 
      * @return size
      */
     public int getSize();
 
     /**
      * Gets size before jump to index.
-     *
+     * 
      * @return size
      */
     public int getSizeBeforeJumpTo();
 
     /**
      * Gets size after jump to index.
-     *
+     * 
      * @return size
      */
     public int getSizeAfterJumpTo();
 
     /**
      * Process certificate record as soon as it is returned.
-     *
+     * 
      * @param startidx starting index
      * @param endidx ending index
      * @param ep element processor
      * @exception EBaseException failed to process cert records
      */
     public void processCertRecords(int startidx, int endidx,
-        IElementProcessor ep) throws EBaseException;
+            IElementProcessor ep) throws EBaseException;
 
     /**
      * Retrieves requests.
      * It's no good to call this if you didnt check
      * if the startidx, endidx are valid.
-     *
+     * 
      * @param startidx starting index
      * @param endidx ending index
      * @exception EBaseException failed to retrieve
      */
     public Enumeration getCertRecords(int startidx, int endidx)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Gets one single record at a time similar to 
+     * Gets one single record at a time similar to
      * processCertRecords but no extra class needed.
      * 
      * @param index position of the record to be retrieved
@@ -92,5 +90,5 @@ public interface ICertRecordList {
      * @exception EBaseException failed to retrieve
      */
     public ICertRecord getCertRecord(int index)
-        throws EBaseException;
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java
index b913a18c..e354970b 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.certdb;
 
-
 import java.math.BigInteger;
 import java.security.cert.Certificate;
 import java.util.Date;
@@ -32,12 +31,11 @@ import com.netscape.certsrv.base.MetaInfo;
 import com.netscape.certsrv.dbs.ModificationSet;
 import com.netscape.certsrv.dbs.repository.IRepository;
 
-
 /**
- * An interface represents a CMS certificate repository. 
+ * An interface represents a CMS certificate repository.
  * It stores all the issued certificate.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICertificateRepository extends IRepository {
@@ -47,142 +45,143 @@ public interface ICertificateRepository extends IRepository {
      * record contains four parts: certificate, meta-attributes,
      * issue information and reovcation information.
      * <P>
-     *
+     * 
      * @param record X.509 certificate
      * @exception EBaseException failed to add new certificate to
-     * 		the repository
+     *                the repository
      */
     public void addCertificateRecord(ICertRecord record)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Reads the certificate identified by the given serial no.
-     *
+     * 
      * @param serialNo serial number of certificate
      * @return certificate
      * @exception EBaseException failed to retrieve certificate
      */
     public X509CertImpl getX509Certificate(BigInteger serialNo)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Reads certificate from repository.
-     *
+     * 
      * @param serialNo serial number of certificate
      * @return certificate record
      * @exception EBaseException failed to retrieve certificate
      */
     public ICertRecord readCertificateRecord(BigInteger serialNo)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Sets certificate status update internal
-     *
+     * 
      * @param requestRepo request repository
      * @param interval update interval
      * @param listenToCloneModifications enable listening to clone modifications
      */
-    public void setCertStatusUpdateInterval(IRepository requestRepo, 
-        int interval,
-        boolean listenToCloneModifications);
+    public void setCertStatusUpdateInterval(IRepository requestRepo,
+            int interval,
+            boolean listenToCloneModifications);
 
     /**
      * Updates certificate status now. This is a blocking method.
-     *
+     * 
      * @exception EBaseException failed to update
      */
     public void updateCertStatus() throws EBaseException;
 
     /**
      * Modifies certificate record.
-     *
+     * 
      * @param serialNo serial number of record
      * @param mods modifications
      * @exception EBaseException failed to modify
      */
     public void modifyCertificateRecord(BigInteger serialNo,
-        ModificationSet mods) throws EBaseException;
+            ModificationSet mods) throws EBaseException;
 
     /**
      * Checks if the certificate exists in this repository.
-     *
+     * 
      * @param serialNo serial number of certificate
      * @return true if it exists
      * @exception EBaseException failed to check
      */
     public boolean containsCertificate(BigInteger serialNo)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Deletes certificate from this repository.
-     *
+     * 
      * @param serialNo serial number of certificate
      * @exception EBaseException failed to delete
      */
     public void deleteCertificateRecord(BigInteger serialNo)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Marks certificate as revoked.
-     *
+     * 
      * @param id serial number
      * @param info revocation information
      * @exception EBaseException failed to mark
      */
     public void markAsRevoked(BigInteger id, IRevocationInfo info)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Updates certificate status.
-     *
+     * 
      * @param id serial number
      * @param status certificate status
      * @exception EBaseException failed to update status
      */
     public void updateStatus(BigInteger id, String status)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Marks certificate as renewable.
-     *
+     * 
      * @param record certificate record to modify
      * @exception EBaseException failed to update
      */
     public void markCertificateAsRenewable(ICertRecord record)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Marks certificate as not renewable.
-     *
+     * 
      * @param record certificate record to modify
      * @exception EBaseException failed to update
      */
     public void markCertificateAsNotRenewable(ICertRecord record)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Marks certificate as renewed.
-     *
+     * 
      * @param serialNo certificate record to modify
      * @exception EBaseException failed to update
      */
     public void markCertificateAsRenewed(String serialNo)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Marks certificate as renewed and notified.
-     *
+     * 
      * @param serialNo certificate record to modify
      * @exception EBaseException failed to update
      */
     public void markCertificateAsRenewalNotified(String serialNo)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Finds a list of certificate records that satisifies
      * the filter.
      * Here is a list of filter
      * attribute can be used:
+     * 
      * <pre>
      *   certRecordId
      *   certMetaInfo
@@ -193,37 +192,39 @@ public interface ICertificateRepository extends IRepository {
      *   x509Cert.notAfter
      *   x509Cert.subject
      * </pre>
+     * 
      * The filter should follow RFC1558 LDAP filter syntax.
      * For example,
+     * 
      * <pre>
      *   (&(certRecordId=5)(x509Cert.notBefore=934398398))
      * </pre>
-     *
+     * 
      * @param filter search filter
      * @param maxSize max size to return
      * @return a list of certificates
      * @exception EBaseException failed to search
      */
     public Enumeration searchCertificates(String filter, int maxSize)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Finds a list of certificate records that satisifies
      * the filter.
-     *
+     * 
      * @param filter search filter
      * @param maxSize max size to return
      * @param timeLimit timeout value
      * @return a list of certificates
      * @exception EBaseException failed to search
      */
-    public Enumeration searchCertificates(String filter, int maxSize, 
-        int timeLimit) throws EBaseException;
+    public Enumeration searchCertificates(String filter, int maxSize,
+            int timeLimit) throws EBaseException;
 
     /**
      * Finds a list of certificate records that satisifies
      * the filter.
-     *
+     * 
      * @param filter search filter
      * @param attrs selected attribute
      * @param pageSize page size
@@ -231,12 +232,12 @@ public interface ICertificateRepository extends IRepository {
      * @exception EBaseException failed to search
      */
     public ICertRecordList findCertRecordsInList(String filter,
-        String attrs[], int pageSize) throws EBaseException;
+            String attrs[], int pageSize) throws EBaseException;
 
     /**
      * Finds a list of certificate records that satisifies
      * the filter.
-     *
+     * 
      * @param filter search filter
      * @param attrs selected attribute
      * @param sortKey key to use for sorting the returned elements
@@ -245,13 +246,13 @@ public interface ICertificateRepository extends IRepository {
      * @exception EBaseException failed to search
      */
     public ICertRecordList findCertRecordsInList(String filter,
-        String attrs[], String sortKey, int pageSize) 	
-        throws EBaseException;
+            String attrs[], String sortKey, int pageSize)
+            throws EBaseException;
 
     /**
      * Finds a list of certificate records that satisifies
      * the filter.
-     *
+     * 
      * @param filter search filter
      * @param attrs selected attribute
      * @param jumpTo jump to index
@@ -261,17 +262,17 @@ public interface ICertificateRepository extends IRepository {
      * @exception EBaseException failed to search
      */
     public ICertRecordList findCertRecordsInList(String filter,
-        String attrs[], String jumpTo, String sortKey, int pageSize) 	
-        throws EBaseException;
+            String attrs[], String jumpTo, String sortKey, int pageSize)
+            throws EBaseException;
 
     public ICertRecordList findCertRecordsInList(String filter,
-        String attrs[], String jumpTo, boolean hardJumpTo, String sortKey, int pageSize) 	
-        throws EBaseException;
+            String attrs[], String jumpTo, boolean hardJumpTo, String sortKey, int pageSize)
+            throws EBaseException;
 
     /**
      * Finds a list of certificate records that satisifies
      * the filter.
-     *
+     * 
      * @param filter search filter
      * @param attrs selected attribute
      * @param jumpTo jump to index
@@ -281,8 +282,8 @@ public interface ICertificateRepository extends IRepository {
      * @exception EBaseException failed to search
      */
     public ICertRecordList findCertRecordsInListRawJumpto(String filter,
-        String attrs[], String jumpTo, String sortKey, int pageSize)
-        throws EBaseException;
+            String attrs[], String jumpTo, String sortKey, int pageSize)
+            throws EBaseException;
 
     public static final int ALL_CERTS = 0;
     public static final int ALL_VALID_CERTS = 1;
@@ -291,110 +292,110 @@ public interface ICertificateRepository extends IRepository {
     /**
      * Gets all valid and unexpired certificates pertaining
      * to a subject DN.
-     *
-     * @param subjectDN	The distinguished name of the subject.
-     * @param validityType	The type of certificatese to retrieve.
+     * 
+     * @param subjectDN The distinguished name of the subject.
+     * @param validityType The type of certificatese to retrieve.
      * @return An array of certificates.
      * @throws EBaseException on error.
      */
     public X509CertImpl[] getX509Certificates(String subjectDN,
-        int validityType) throws EBaseException;
+            int validityType) throws EBaseException;
 
     /**
      * Retrieves all the revoked certificates that have not expired.
-     *
+     * 
      * @param asOfDate as of date
      * @return a list of revoked certificates
      * @exception EBaseException failed to retrieve
      */
     public Enumeration getRevokedCertificates(Date asOfDate)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves all revoked certificates including ones that have expired
      * or that are not yet valid.
-     *
+     * 
      * @return a list of revoked certificates
      * @exception EBaseException failed to search
      */
     public Enumeration getAllRevokedCertificates()
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves all revoked but not expired certificates.
-     *
+     * 
      * @return a list of revoked certificates
      * @exception EBaseException failed to search
      */
     public Enumeration getAllRevokedNonExpiredCertificates()
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Finds all certificates given a filter. 
-     *
+     * Finds all certificates given a filter.
+     * 
      * @param filter search filter
      * @return a list of certificates
      * @exception EBaseException failed to search
      */
     public Enumeration findCertificates(String filter)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Finds all certificate records given a filter.
-     *
+     * 
      * @param filter search filter
      * @return a list of certificates
      * @exception EBaseException failed to search
      */
     public Enumeration findCertRecords(String filter)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Gets Revoked certs orderes by noAfter date, jumps to records 
+     * Gets Revoked certs orderes by noAfter date, jumps to records
      * where notAfter date is greater than current.
-     *
+     * 
      * @param date reference date
      * @param pageSize page size
      * @return a list of certificate records
      * @exception EBaseException failed to retrieve
      */
-    public ICertRecordList getRevokedCertsByNotAfterDate(Date date, 
-        int pageSize) throws EBaseException;	
+    public ICertRecordList getRevokedCertsByNotAfterDate(Date date,
+            int pageSize) throws EBaseException;
 
     /**
-     * Gets Invalid certs orderes by noAfter date, jumps to records 
+     * Gets Invalid certs orderes by noAfter date, jumps to records
      * where notAfter date is greater than current.
-     *
+     * 
      * @param date reference date
      * @param pageSize page size
      * @return a list of certificate records
      * @exception EBaseException failed to retrieve
      */
-    public ICertRecordList getInvalidCertsByNotBeforeDate(Date date,   
-        int pageSize) throws EBaseException;
+    public ICertRecordList getInvalidCertsByNotBeforeDate(Date date,
+            int pageSize) throws EBaseException;
 
     /**
-     * Gets valid certs orderes by noAfter date, jumps to records 
+     * Gets valid certs orderes by noAfter date, jumps to records
      * where notAfter date is greater than current.
-     *
+     * 
      * @param date reference date
      * @param pageSize page size
      * @return a list of certificate records
      * @exception EBaseException failed to retrieve
      */
-    public ICertRecordList getValidCertsByNotAfterDate(Date date, 
-        int pageSize) throws EBaseException;
+    public ICertRecordList getValidCertsByNotAfterDate(Date date,
+            int pageSize) throws EBaseException;
 
     /**
      * Creates certificate record.
-     *
+     * 
      * @param id serial number
      * @param cert certificate
      * @param meta meta information
      * @return certificate record
      */
-    public ICertRecord createCertRecord(BigInteger id, 
-        Certificate cert, MetaInfo meta);
+    public ICertRecord createCertRecord(BigInteger id,
+            Certificate cert, MetaInfo meta);
 
     /**
      * Finds certificate records.
@@ -404,21 +405,21 @@ public interface ICertificateRepository extends IRepository {
      * @exception EBaseException failed to retrieve cert records
      */
     public Enumeration findCertRecs(String filter)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves renewable certificates.
-     *
+     * 
      * @param renewalTime renewal time
      * @return certificates
      * @exception EBaseException failed to retrieve
      */
     public Hashtable getRenewableCertificates(String renewalTime)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Unmark a revoked certificates.
-     *
+     * 
      * @param id serial number
      * @param info revocation information
      * @param revokedOn revocation date
@@ -426,85 +427,85 @@ public interface ICertificateRepository extends IRepository {
      * @exception EBaseException failed to unmark
      */
     public void unmarkRevoked(BigInteger id, IRevocationInfo info,
-        Date revokedOn, String revokedBy)
-        throws EBaseException;
+            Date revokedOn, String revokedBy)
+            throws EBaseException;
 
     /**
      * Retrieves valid and not published certificates.
-     *
+     * 
      * @param from starting serial number
      * @param to ending serial number
      * @return a list of certificates
      * @exception EBaseException failed to retrieve
      */
     public Enumeration getValidNotPublishedCertificates(String from, String to)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves expired and published certificates.
-     *
+     * 
      * @param from starting serial number
      * @param to ending serial number
      * @return a list of certificates
      * @exception EBaseException failed to retrieve
      */
     public Enumeration getExpiredPublishedCertificates(String from, String to)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves revoked and published certificates.
-     *
+     * 
      * @param from starting serial number
      * @param to ending serial number
      * @return a list of certificates
      * @exception EBaseException failed to retrieve
      */
     public Enumeration getRevokedPublishedCertificates(String from, String to)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves valid certificates.
-     *
+     * 
      * @param from starting serial number
      * @param to ending serial number
      * @return a list of certificates
      * @exception EBaseException failed to retrieve
      */
     public Enumeration getValidCertificates(String from, String to)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves expired certificates.
-     *
+     * 
      * @param from starting serial number
      * @param to ending serial number
      * @return a list of certificates
      * @exception EBaseException failed to retrieve
      */
     public Enumeration getExpiredCertificates(String from, String to)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves revoked certificates.
-     *
+     * 
      * @param from starting serial number
      * @param to ending serial number
      * @return a list of certificates
      * @exception EBaseException failed to retrieve
      */
     public Enumeration getRevokedCertificates(String from, String to)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves modified certificate records.
-     *
+     * 
      * @param entry LDAPEntry with modified data
      */
-     public void getModifications(LDAPEntry entry);
+    public void getModifications(LDAPEntry entry);
 
     /**
      * Removes certificate records with this repository.
-     *
+     * 
      * @param beginS BigInteger with radix 16
      * @param endS BigInteger with radix 16
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/IRevocationInfo.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/IRevocationInfo.java
index 2086cacb..fb773576 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/IRevocationInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/IRevocationInfo.java
@@ -17,32 +17,30 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.certdb;
 
-
 import java.util.Date;
 
 import netscape.security.x509.CRLExtensions;
 
-
 /**
  * A class represents a certificate revocation info. This
- * object is written as an attribute of certificate record 
+ * object is written as an attribute of certificate record
  * which essentially signifies a revocation act.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRevocationInfo {
 
     /**
      * Retrieves revocation date.
-     *
+     * 
      * @return revocation date
      */
     public Date getRevocationDate();
 
     /**
      * Retrieves CRL entry extensions.
-     *
+     * 
      * @return CRL entry extensions
      */
     public CRLExtensions getCRLEntryExtensions();
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLIssuingPointRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLIssuingPointRecord.java
index 78acced0..b990bbf5 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLIssuingPointRecord.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLIssuingPointRecord.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.crldb;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 import java.util.Hashtable;
@@ -26,11 +25,10 @@ import netscape.security.x509.RevokedCertificate;
 
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
  * An interface that defines abilities of
  * a CRL issuing point record.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICRLIssuingPointRecord extends IDBObj {
@@ -52,111 +50,112 @@ public interface ICRLIssuingPointRecord extends IDBObj {
     public static final String ATTR_DELTA_CRL = "deltaRevocationList";
 
     public static final String CLEAN_CACHE = "-1";
-    public static final String NEW_CACHE   = "-2";
+    public static final String NEW_CACHE = "-2";
 
     /**
      * Retrieve unique CRL identifier.
-     *
+     * 
      * @return unique CRL identifier
      */
     public String getId();
 
     /**
      * Retrieves current CRL number out of CRL issuing point record.
-     *
+     * 
      * @return current CRL number
      */
     public BigInteger getCRLNumber();
 
     /**
      * Retrieves CRL size measured by the number of entries.
-     *
+     * 
      * @return CRL size
      */
     public Long getCRLSize();
 
     /**
      * Retrieves this update time.
-     *
+     * 
      * @return time of this update
      */
     public Date getThisUpdate();
 
     /**
      * Retrieves next update time.
-     *
+     * 
      * @return time of next update
      */
     public Date getNextUpdate();
 
     /**
      * Retrieves current delta CRL number out of CRL issuing point record.
-     *
+     * 
      * @return current delta CRL number
      */
     public BigInteger getDeltaCRLNumber();
 
     /**
      * Retrieves delta CRL size measured by the number of entries.
-     *
+     * 
      * @return delta CRL size
      */
     public Long getDeltaCRLSize();
 
     /**
      * Retrieve Retrieve reference to the first unsaved data.
-     *
+     * 
      * @return reference to the first unsaved data
      */
     public String getFirstUnsaved();
 
     /**
      * Retrieves encoded CRL.
-     *
+     * 
      * @return encoded CRL
      */
     public byte[] getCRL();
 
     /**
      * Retrieves encoded delta CRL.
-     *
+     * 
      * @return encoded delta CRL
      */
     public byte[] getDeltaCRL();
 
     /**
      * Retrieves encoded CA certificate.
-     *
+     * 
      * @return encoded CA certificate
      */
     public byte[] getCACert();
 
     /**
      * Retrieves cache information about CRL.
-     *
+     * 
      * @return list of recently revoked certificates
      */
-    public Hashtable<BigInteger,RevokedCertificate> getCRLCacheNoClone();
-    public Hashtable<BigInteger,RevokedCertificate> getCRLCache();
+    public Hashtable<BigInteger, RevokedCertificate> getCRLCacheNoClone();
+
+    public Hashtable<BigInteger, RevokedCertificate> getCRLCache();
 
     /**
      * Retrieves cache information about revoked certificates.
-     *
+     * 
      * @return list of recently revoked certificates
      */
-    public Hashtable<BigInteger,RevokedCertificate> getRevokedCerts();
+    public Hashtable<BigInteger, RevokedCertificate> getRevokedCerts();
 
     /**
      * Retrieves cache information about certificates released from hold.
-     *
+     * 
      * @return list of certificates recently released from hold
      */
-    public Hashtable<BigInteger,RevokedCertificate> getUnrevokedCerts();
+    public Hashtable<BigInteger, RevokedCertificate> getUnrevokedCerts();
 
     /**
      * Retrieves cache information about expired certificates.
-     *
+     * 
      * @return list of recently expired certificates
      */
-    public Hashtable<BigInteger,RevokedCertificate> getExpiredCerts();
+    public Hashtable<BigInteger, RevokedCertificate> getExpiredCerts();
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLRepository.java
index ba245bcf..b58a6e38 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLRepository.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLRepository.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.crldb;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 import java.util.Hashtable;
@@ -26,27 +25,26 @@ import java.util.Vector;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.ModificationSet;
 
-
 /**
- * An interface represents a CMS CRL repository. It stores 
+ * An interface represents a CMS CRL repository. It stores
  * all the CRL issuing points.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICRLRepository {
 
     /**
      * Adds CRL issuing point record.
-     *
+     * 
      * @param rec issuing point record
      * @exception EBaseException failed to add new issuing point record
      */
     public void addCRLIssuingPointRecord(ICRLIssuingPointRecord rec)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves all the issuing points' names.
-     *
+     * 
      * @return A list of issuing points' names.
      * @exception EBaseException failed to retrieve all the issuing points' names.
      */
@@ -54,35 +52,35 @@ public interface ICRLRepository {
 
     /**
      * Reads issuing point record.
-     *
+     * 
      * @return issuing point record
      * @exception EBaseException failed to read issuing point record
      */
     public ICRLIssuingPointRecord readCRLIssuingPointRecord(String id)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Deletes issuing point record.
-     *
+     * 
      * @param id issuing point record id
      * @exception EBaseException failed to delete issuing point record
      */
     public void deleteCRLIssuingPointRecord(String id)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Modifies issuing point record.
-     *
+     * 
      * @param id issuing point record id
      * @param mods set of modifications
      * @exception EBaseException failed to modify issuing point record
      */
     public void modifyCRLIssuingPointRecord(String id, ModificationSet mods)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Updates CRL issuing point record.
-     *
+     * 
      * @param id issuing point record id
      * @param newCRL encoded binary CRL
      * @param thisUpdate time of this update
@@ -92,12 +90,12 @@ public interface ICRLRepository {
      * @exception EBaseException failed to update issuing point record
      */
     public void updateCRLIssuingPointRecord(String id, byte[] newCRL,
-        Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize)
-        throws EBaseException;
+            Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize)
+            throws EBaseException;
 
     /**
      * Updates CRL issuing point record.
-     *
+     * 
      * @param id issuing point record id
      * @param newCRL encoded binary CRL
      * @param thisUpdate time of this update
@@ -110,34 +108,34 @@ public interface ICRLRepository {
      * @exception EBaseException failed to update issuing point record
      */
     public void updateCRLIssuingPointRecord(String id, byte[] newCRL,
-        Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize,
-        Hashtable revokedCerts, Hashtable unrevokedCerts, Hashtable expiredCerts)
-        throws EBaseException;
+            Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize,
+            Hashtable revokedCerts, Hashtable unrevokedCerts, Hashtable expiredCerts)
+            throws EBaseException;
 
     /**
      * Updates CRL issuing point record.
-     *
+     * 
      * @param id issuing point record id
      * @param revokedCerts list of revoked certificates
      * @param unrevokedCerts list of released from hold certificates
      * @exception EBaseException failed to update issuing point record
      */
     public void updateRevokedCerts(String id, Hashtable revokedCerts, Hashtable unrevokedCerts)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Updates CRL issuing point record.
-     *
+     * 
      * @param id issuing point record id
      * @param expiredCerts list of expired certificates
      * @exception EBaseException failed to update issuing point record
      */
     public void updateExpiredCerts(String id, Hashtable expiredCerts)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Updates CRL issuing point record.
-     *
+     * 
      * @param id issuing point record id
      * @param crlSize CRL size
      * @param revokedCerts list of revoked certificates
@@ -146,14 +144,14 @@ public interface ICRLRepository {
      * @exception EBaseException failed to update issuing point record
      */
     public void updateCRLCache(String id, Long crlSize,
-        Hashtable revokedCerts,
-        Hashtable unrevokedCerts,
-        Hashtable expiredCerts)
-        throws EBaseException;
+            Hashtable revokedCerts,
+            Hashtable unrevokedCerts,
+            Hashtable expiredCerts)
+            throws EBaseException;
 
     /**
      * Updates CRL issuing point record with delta-CRL.
-     *
+     * 
      * @param id issuing point record id
      * @param deltaCRLNumber delta CRL number
      * @param deltaCRLSize delta CRL size
@@ -164,16 +162,16 @@ public interface ICRLRepository {
     public void updateDeltaCRL(String id, BigInteger deltaCRLNumber,
                                Long deltaCRLSize, Date nextUpdate,
                                byte[] deltaCRL)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Updates CRL issuing point record with reference to the first
      * unsaved data.
-     *
+     * 
      * @param id issuing point record id
      * @param firstUnsaved reference to the first unsaved data
      * @exception EBaseException failed to update issuing point record
      */
     public void updateFirstUnsaved(String id, String firstUnsaved)
-        throws EBaseException;
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java
index 0edcc187..010661d8 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.keydb;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * An interface contains constants for key record.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IKeyRecord {
@@ -42,15 +40,15 @@ public interface IKeyRecord {
     public static final String ATTR_MODIFY_TIME = "keyModifyTime";
     public static final String ATTR_META_INFO = "keyMetaInfo";
     public static final String ATTR_ARCHIVED_BY = "keyArchivedBy";
-    
+
     // key state
     public static final String STATUS_ANY = "ANY";
     public static final String STATUS_VALID = "VALID";
     public static final String STATUS_INVALID = "INVALID";
-    
+
     /**
      * Retrieves the state of the key.
-     *
+     * 
      * @return key state
      * @exception EBaseException failed to retrieve state of the key
      */
@@ -58,15 +56,15 @@ public interface IKeyRecord {
 
     /**
      * Retrieves key identifier.
-     *
+     * 
      * @return key id
      * @exception EBaseException failed to retrieve key id
      */
-    public BigInteger getSerialNumber() throws EBaseException; 
+    public BigInteger getSerialNumber() throws EBaseException;
 
     /**
      * Retrieves key owner name.
-     *
+     * 
      * @return key owner name
      * @exception EBaseException failed to retrieve key owner name
      */
@@ -74,53 +72,53 @@ public interface IKeyRecord {
 
     /**
      * Retrieves key algorithm.
-     *
+     * 
      * @return key algorithm
      */
-    public String getAlgorithm(); 
+    public String getAlgorithm();
 
     /**
      * Retrieves key length.
-     *
+     * 
      * @return key length
      * @exception EBaseException failed to retrieve key length
      */
-    public Integer getKeySize() throws EBaseException; 
+    public Integer getKeySize() throws EBaseException;
 
     /**
      * Retrieves archiver identifier.
-     *
+     * 
      * @return archiver uid
      */
-    public String getArchivedBy(); 
+    public String getArchivedBy();
 
     /**
      * Retrieves creation time.
-     *
+     * 
      * @return creation time
      */
-    public Date getCreateTime(); 
+    public Date getCreateTime();
 
     /**
      * Retrieves last modification time.
-     *
+     * 
      * @return modification time
      */
-    public Date getModifyTime(); 
+    public Date getModifyTime();
 
     /**
      * Retrieves dates of recovery.
-     *
+     * 
      * @return recovery history
      * @exception EBaseException failed to retrieve recovery history
      */
-    public Date[] getDateOfRevocation() throws EBaseException; 
+    public Date[] getDateOfRevocation() throws EBaseException;
 
     /**
      * Retrieves public key data.
-     *
+     * 
      * @return public key data
      * @exception EBaseException failed to retrieve public key data
      */
     public byte[] getPublicKeyData() throws EBaseException;
-}    
+}
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecordList.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecordList.java
index 5da23945..75f83389 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecordList.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecordList.java
@@ -17,35 +17,33 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.keydb;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class represents a list of key records.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IKeyRecordList {
 
     /**
-     * Retrieves the size of key list. 
-     *
+     * Retrieves the size of key list.
+     * 
      * @return size of key list
      */
     public int getSize();
 
     /**
      * Retrieves key records.
-     *
+     * 
      * @param startidx start index
      * @param endidx end index
      * @return key records
      * @exception EBaseException failed to retrieve key records
      */
     public Enumeration<IKeyRecord> getKeyRecords(int startidx, int endidx)
-        throws EBaseException;
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRepository.java
index 093bea25..ca1e2c8a 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRepository.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRepository.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.keydb;
 
-
 import java.math.BigInteger;
 import java.security.PublicKey;
 import java.util.Enumeration;
@@ -28,12 +27,11 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.ModificationSet;
 import com.netscape.certsrv.dbs.repository.IRepository;
 
-
 /**
- * An interface represents a Key repository. This is the 
+ * An interface represents a Key repository. This is the
  * container of archived keys.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IKeyRepository extends IRepository {
@@ -41,7 +39,7 @@ public interface IKeyRepository extends IRepository {
     /**
      * Archives a key to the repository.
      * <P>
-     *
+     * 
      * @param record key record
      * @exception EBaseException failed to archive key
      */
@@ -50,61 +48,61 @@ public interface IKeyRepository extends IRepository {
     /**
      * Reads an archived key by serial number.
      * <P>
-     *
+     * 
      * @param serialNo serial number
      * @return key record
      * @exception EBaseException failed to recover key
      */
     public IKeyRecord readKeyRecord(BigInteger serialNo)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Reads an archived key by b64 encoded cert.
      * <P>
-     *
+     * 
      * @param cert b64 encoded cert
      * @return key record
      * @exception EBaseException failed to recover key
      */
     public IKeyRecord readKeyRecord(String cert)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Reads an archived key by owner name.
      * <P>
-     *
+     * 
      * @param ownerName owner name
      * @return key record
      * @exception EBaseException failed to recover key
      */
     public IKeyRecord readKeyRecord(X500Name ownerName)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Reads archived key using public key.
-     *
-     * @param publicKey public key that is corresponding 
-     *     to the private key
+     * 
+     * @param publicKey public key that is corresponding
+     *            to the private key
      * @return key record
      * @exception EBaseException failed to read key
      */
     public IKeyRecord readKeyRecord(PublicKey publicKey)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Searches for private keys.
-     *
+     * 
      * @param filter LDAP filter for the search
      * @param maxSize maximium number of entries to be returned
      * @return a list of private key records
      * @exception EBaseException failed to search keys
      */
     public Enumeration searchKeys(String filter, int maxSize)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Searches for private keys.
-     *
+     * 
      * @param filter LDAP filter for the search
      * @param maxSize maximium number of entries to be returned
      * @param timeLimt timeout value
@@ -112,30 +110,31 @@ public interface IKeyRepository extends IRepository {
      * @exception EBaseException failed to search keys
      */
     public Enumeration searchKeys(String filter, int maxSize, int timeLimt)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Deletes a key record.
-     *
+     * 
      * @param serialno key identifier
      * @exception EBaseException failed to delete key record
      */
     public void deleteKeyRecord(BigInteger serialno)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Modifies key record in this repository.
-     *
+     * 
      * @param serialNo key identifier
      * @param mods modification of key records
      * @exception EBaseException failed to modify key record
      */
     public void modifyKeyRecord(BigInteger serialNo,
-        ModificationSet mods) throws EBaseException;
+            ModificationSet mods) throws EBaseException;
 
     /**
      * Searchs for a list of key records.
      * Here is a list of supported filter attributes:
+     * 
      * <pre>
      *   keySerialNumber
      *   keyState
@@ -149,7 +148,7 @@ public interface IKeyRepository extends IRepository {
      *   keyModifyTime
      *   keyMetaInfo
      * </pre>
-     *
+     * 
      * @param filter search filter
      * @param attrs list of attributes to be returned
      * @param pageSize virtual list page size
@@ -157,11 +156,11 @@ public interface IKeyRepository extends IRepository {
      * @exception EBaseException failed to search key records
      */
     public IKeyRecordList findKeyRecordsInList(String filter,
-        String attrs[], int pageSize) throws EBaseException;
+            String attrs[], int pageSize) throws EBaseException;
 
     /**
      * Searchs for a list of key records.
-     *
+     * 
      * @param filter search filter
      * @param attrs list of attributes to be returned
      * @param sortKey name of attribute that the list should be sorted by
@@ -170,6 +169,6 @@ public interface IKeyRepository extends IRepository {
      * @exception EBaseException failed to search key records
      */
     public IKeyRecordList findKeyRecordsInList(String filter,
-        String attrs[], String sortKey, int pageSize) 
-        throws EBaseException;
+            String attrs[], String sortKey, int pageSize)
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/KeyState.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/KeyState.java
index e4baf91e..fa8a0d76 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/KeyState.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/KeyState.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.keydb;
 
-
 import java.io.Serializable;
 
-
 /**
  * A class represents key state. This object is to
  * encapsulate the life cycle of a key.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public final class KeyState implements Serializable {
@@ -42,62 +40,67 @@ public final class KeyState implements Serializable {
     private KeyState(int code) {
         mStateCode = code;
     }
-	
+
     /**
      * Request state.
      */
-    public final static KeyState ANY = new  KeyState(-1);
+    public final static KeyState ANY = new KeyState(-1);
     public final static KeyState VALID = new KeyState(0);
     public final static KeyState INVALID = new KeyState(1);
-		
+
     /**
      * Checks if the given object equals to this object.
-     *
+     * 
      * @param other object to be compared
      * @return true if both objects are the same
      */
     public boolean equals(Object other) {
-        if (this == other) 
+        if (this == other)
             return true;
         else if (other instanceof KeyState)
             return ((KeyState) other).mStateCode == mStateCode;
-        else 
+        else
             return false;
     }
 
     /**
      * Returns the hash code.
-     *
+     * 
      * @return hash code
      */
     public int hashCode() {
         return mStateCode;
     }
-	
+
     /**
      * Return the string-representation of this object.
-     *
+     * 
      * @return string value
      */
     public String toString() {
-        if (mStateCode == -1) return "ANY";
-        if (mStateCode == 0) return "VALID";
-        if (mStateCode == 1) return "INVAILD";
+        if (mStateCode == -1)
+            return "ANY";
+        if (mStateCode == 0)
+            return "VALID";
+        if (mStateCode == 1)
+            return "INVAILD";
         return "[UNDEFINED]";
-		
+
     }
 
     /**
      * Converts a string into a key state object.
-     *
+     * 
      * @param state state in string-representation
      * @return key state object
      */
     public static KeyState toKeyState(String state) {
-        if (state.equalsIgnoreCase("ANY")) return ANY; 
-        if (state.equalsIgnoreCase("VALID")) return VALID; 
-        if (state.equalsIgnoreCase("INVALID")) return INVALID; 
+        if (state.equalsIgnoreCase("ANY"))
+            return ANY;
+        if (state.equalsIgnoreCase("VALID"))
+            return VALID;
+        if (state.equalsIgnoreCase("INVALID"))
+            return INVALID;
         return null;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java
index 660b6e9e..574adfae 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java
@@ -19,12 +19,11 @@ package com.netscape.certsrv.dbs.replicadb;
 
 import com.netscape.certsrv.dbs.repository.IRepository;
 
-
 /**
- * An interface represents a ReplicaID Repository. 
+ * An interface represents a ReplicaID Repository.
  * It provides unique managed replica IDs.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IReplicaIDRepository extends IRepository {
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java
index 5ff90241..943d4a68 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java
@@ -22,10 +22,10 @@ import java.math.BigInteger;
 import com.netscape.certsrv.base.EBaseException;
 
 /**
- * An interface represents a generic repository. It maintains unique 
+ * An interface represents a generic repository. It maintains unique
  * serial number within repository.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRepository {
@@ -33,7 +33,7 @@ public interface IRepository {
     /**
      * Retrieves the next serial number, and also increase the
      * serial number by one.
-     *
+     * 
      * @return serial number
      * @exception EBaseException failed to retrieve next serial number
      */
@@ -58,8 +58,8 @@ public interface IRepository {
      * @param serial maximum number
      * @exception EBaseException failed to set maximum serial number
      */
-    public void setMaxSerial (String serial) throws EBaseException;
-   
+    public void setMaxSerial(String serial) throws EBaseException;
+
     /**
      * Set the maximum serial number in next range.
      * 
@@ -69,19 +69,19 @@ public interface IRepository {
     public void setNextMaxSerial(String serial) throws EBaseException;
 
     /**
-     * Checks to see if a new range is needed, or if we have reached the end of the 
+     * Checks to see if a new range is needed, or if we have reached the end of the
      * current range, or if a range conflict has occurred.
      * 
      * @exception EBaseException failed to check next range for conflicts
      */
     public void checkRanges() throws EBaseException;
 
-     /**
+    /**
      * Sets whether serial number management is enabled for certs
-     * and requests. 
-     *
-     * @param value   true/false 
-     * @exception EBaseException failed to set 
+     * and requests.
+     * 
+     * @param value true/false
+     * @exception EBaseException failed to set
      */
     public void setEnableSerialMgmt(boolean value) throws EBaseException;
 
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java
index 326ea466..c46e8419 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java
@@ -22,23 +22,23 @@ import java.math.BigInteger;
 import com.netscape.certsrv.dbs.IDBObj;
 
 /**
- * An interface represents a generic repository record. 
+ * An interface represents a generic repository record.
  * It maintains unique serial number within repository.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRepositoryRecord extends IDBObj {
 
-	public final static String ATTR_SERIALNO = "serialNo";
-	public final static String ATTR_PUB_STATUS = "publishingStatus";
+    public final static String ATTR_SERIALNO = "serialNo";
+    public final static String ATTR_PUB_STATUS = "publishingStatus";
 
-	/**
-	 * Retrieves serial number.
-	 *
-	 * @return serial number
-	 */
-	public BigInteger getSerialNumber();
+    /**
+     * Retrieves serial number.
+     * 
+     * @return serial number
+     */
+    public BigInteger getSerialNumber();
 
-	public String getPublishingStatus();
+    public String getPublishingStatus();
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/evaluators/IAccessEvaluator.java b/pki/base/common/src/com/netscape/certsrv/evaluators/IAccessEvaluator.java
index 8c291447..31f8b8c2 100644
--- a/pki/base/common/src/com/netscape/certsrv/evaluators/IAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/certsrv/evaluators/IAccessEvaluator.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.evaluators;
 
-
 import com.netscape.certsrv.authentication.IAuthToken;
 
-
 /**
- * A class represents an evaluator.  An evaluator is used to
- * evaluate an expression.  For example, one can write an evaluator to 
- * evaluate if a user belongs to a certain group.  An evaluator is
+ * A class represents an evaluator. An evaluator is used to
+ * evaluate an expression. For example, one can write an evaluator to
+ * evaluate if a user belongs to a certain group. An evaluator is
  * generally used for access control expression evaluation, however, it
  * can be used for other evaluation-related operations.
  * <P>
@@ -39,14 +37,16 @@ public interface IAccessEvaluator {
     public void init();
 
     /**
-     * Gets the type of the evaluator.  Type is defined by each
-     * evaluator plugin.  Each evaluator plugin should have a unique type.
+     * Gets the type of the evaluator. Type is defined by each
+     * evaluator plugin. Each evaluator plugin should have a unique type.
+     * 
      * @return type of the evaluator
      */
     public String getType();
 
     /**
      * Gets the description of the evaluator
+     * 
      * @return a text description for this evaluator
      */
     public String getDescription();
@@ -54,12 +54,13 @@ public interface IAccessEvaluator {
     /**
      * Evaluates if the given value satisfies the access
      * control in current context.
+     * 
      * @param type Type of the evaluator, eg, user, group etc
      * @param op Operator of the evaluator, eg, =, !=
      * @param value Part of the expression that can be used to
-     * evaluate, e.g, value can be the name of the group if the
-     * purpose of the evaluator is to evaluate if the user is a member 
-     * of the group.
+     *            evaluate, e.g, value can be the name of the group if the
+     *            purpose of the evaluator is to evaluate if the user is a member
+     *            of the group.
      * @return true if the evaluation expression is matched; false otherwise.
      */
     public boolean evaluate(String type, String op, String value);
@@ -67,19 +68,21 @@ public interface IAccessEvaluator {
     /**
      * Evaluates if the given value satisfies the access
      * control in authToken obtained from Authentication.
+     * 
      * @param authToken Authentication token
      * @param type Type of the evaluator, eg, user, group etc
      * @param op Operator of the evaluator, eg, =, !=
      * @param value Part of the expression that can be used to
-     * evaluate, e.g, value can be the name of the group if the
-     * purpose of the evaluator is to evaluate if the user is a member 
-     * of the group.
+     *            evaluate, e.g, value can be the name of the group if the
+     *            purpose of the evaluator is to evaluate if the user is a member
+     *            of the group.
      * @return true if the evaluation expression is matched; false otherwise.
      */
     public boolean evaluate(IAuthToken authToken, String type, String op, String value);
 
     /**
      * Get the supported operators for this evaluator
+     * 
      * @return Supported operators in string array
      */
     public String[] getSupportedOperators();
diff --git a/pki/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java b/pki/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java
index df4c1444..40fe80f9 100644
--- a/pki/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java
+++ b/pki/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.extensions;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * This represents the extensions exception.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EExtensionsException extends EBaseException {
@@ -36,7 +34,7 @@ public class EExtensionsException extends EBaseException {
      * Resource class name.
      */
     private static final String EXTENSIONS_RESOURCES =
-        ExtensionsResources.class.getName();
+            ExtensionsResources.class.getName();
 
     public EExtensionsException(String msgFormat) {
         super(msgFormat);
diff --git a/pki/base/common/src/com/netscape/certsrv/extensions/ExtensionsResources.java b/pki/base/common/src/com/netscape/certsrv/extensions/ExtensionsResources.java
index 4d7ee06c..ca1e4545 100644
--- a/pki/base/common/src/com/netscape/certsrv/extensions/ExtensionsResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/extensions/ExtensionsResources.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.extensions;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * This represents the resources for extensions.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ExtensionsResources extends ListResourceBundle {
diff --git a/pki/base/common/src/com/netscape/certsrv/extensions/ICMSExtension.java b/pki/base/common/src/com/netscape/certsrv/extensions/ICMSExtension.java
index fb4bb1f7..04086adc 100644
--- a/pki/base/common/src/com/netscape/certsrv/extensions/ICMSExtension.java
+++ b/pki/base/common/src/com/netscape/certsrv/extensions/ICMSExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.extensions;
 
-
 import netscape.security.util.ObjectIdentifier;
 import netscape.security.x509.Extension;
 
@@ -26,11 +25,10 @@ import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * CMS extension interface, for creating extensions from http input and 
- * displaying extensions to html forms. 
- *
+ * CMS extension interface, for creating extensions from http input and
+ * displaying extensions to html forms.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICMSExtension {
@@ -42,11 +40,12 @@ public interface ICMSExtension {
      * initialize from configuration file
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException; 
+            throws EBaseException;
 
     /**
-     * Get name of this extension. 
-     * @return the name of this CMS extension, for 
+     * Get name of this extension.
+     * 
+     * @return the name of this CMS extension, for
      */
     public String getName();
 
@@ -54,21 +53,22 @@ public interface ICMSExtension {
      * Get object identifier associated with this extension.
      */
     public ObjectIdentifier getOID();
-	
+
     /**
      * Get an instance of the extension given http input.
+     * 
      * @return an instance of the extension.
      */
-    public Extension getExtension(IArgBlock argblock) 
-        throws EBaseException;
+    public Extension getExtension(IArgBlock argblock)
+            throws EBaseException;
 
     /**
-     * Get Javascript name value pairs to put into the request processing 
+     * Get Javascript name value pairs to put into the request processing
      * template.
-     * @return name value pairs 
+     * 
+     * @return name value pairs
      */
     public IArgBlock getFormParams(Extension extension)
-        throws EBaseException;
+            throws EBaseException;
 
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/EJobsException.java b/pki/base/common/src/com/netscape/certsrv/jobs/EJobsException.java
index 154cb4e4..cc0923ae 100644
--- a/pki/base/common/src/com/netscape/certsrv/jobs/EJobsException.java
+++ b/pki/base/common/src/com/netscape/certsrv/jobs/EJobsException.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.jobs;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class represents a jobs exception.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EJobsException extends EBaseException {
diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/IJob.java b/pki/base/common/src/com/netscape/certsrv/jobs/IJob.java
index 1c3842bf..3683b1f0 100644
--- a/pki/base/common/src/com/netscape/certsrv/jobs/IJob.java
+++ b/pki/base/common/src/com/netscape/certsrv/jobs/IJob.java
@@ -17,72 +17,77 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.jobs;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
  * An interface to be implemented from for a job to be scheduled by
  * the Jobs Scheduler.
- *
- * @version $Revision$, $Date$ 
+ * 
+ * @version $Revision$, $Date$
  */
 public interface IJob {
 
     /**
      * Initialize from the configuration file.
+     * 
      * @param id String name of this instance
      * @param implName string name of this implementation
      * @param config configuration store for this instance
      * @exception EBaseException any initilization failure
      */
     public void init(ISubsystem owner, String id, String implName,
-        IConfigStore config) throws EBaseException;
+            IConfigStore config) throws EBaseException;
 
     /**
      * tells if the job is enabled
+     * 
      * @return a boolean value indicating whether the job is enabled
-     * or not
+     *         or not
      */
     public boolean isEnabled();
 
     /**
      * set instance id.
+     * 
      * @param id String id of the instance
      */
     public void setId(String id);
 
     /**
      * get instance id.
+     * 
      * @return a String identifier
      */
     public String getId();
 
     /**
      * get cron string associated with this job
+     * 
      * @return a JobCron object that represents the schedule of this job
      */
     public IJobCron getJobCron();
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
+     * Returns a list of configuration parameter names.
+     * The list is passed to the configuration console so instances of
      * this implementation can be configured through the console.
-     *
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams();
 
     /**
      * gets the plugin name of this job.
+     * 
      * @return a String that is the name of this implementation
      */
     public String getImplName();
 
     /**
      * Gets the configuration substore used by this job
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore();
diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/IJobCron.java b/pki/base/common/src/com/netscape/certsrv/jobs/IJobCron.java
index 1e238f60..e0fb0ba4 100644
--- a/pki/base/common/src/com/netscape/certsrv/jobs/IJobCron.java
+++ b/pki/base/common/src/com/netscape/certsrv/jobs/IJobCron.java
@@ -17,32 +17,20 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.jobs;
 
-
-
-
 /**
  * class representing one Job cron information
- * <p>here, an "item" refers to one of the 5 fields in a cron string;
- * "element" refers to any comma-deliminated element in an
- * "item"...which includes both numbers and '-' separated ranges.
- * A cron string in the configuration takes the following format:
- * <i>minute (0-59),
- * hour (0-23),
- * day of the month (1-31),
- * month of the year (1-12),
- * day of the week (0-6 with 0=Sunday)</i>
  * <p>
- * e.g. jobsScheduler.job.rnJob1.cron=30 11,23 * * 1-5
- * In this example, the job "rnJob1" will be executed from Monday
- * through Friday, at 11:30am and 11:30pm.
+ * here, an "item" refers to one of the 5 fields in a cron string; "element" refers to any comma-deliminated element in an "item"...which includes both numbers and '-' separated ranges. A cron string in the configuration takes the following format: <i>minute (0-59), hour (0-23), day of the month (1-31), month of the year (1-12), day of the week (0-6 with 0=Sunday)</i>
+ * <p>
+ * e.g. jobsScheduler.job.rnJob1.cron=30 11,23 * * 1-5 In this example, the job "rnJob1" will be executed from Monday through Friday, at 11:30am and 11:30pm.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IJobCron {
     /**
      * constant that represents the configuration parameter
-     * "cron" for the job that this JobCron is associated with.  The
+     * "cron" for the job that this JobCron is associated with. The
      * value of which should conform to the cron format specified above.
      */
     public static final String PROP_CRON = "cron";
diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/IJobsScheduler.java b/pki/base/common/src/com/netscape/certsrv/jobs/IJobsScheduler.java
index 844250de..e4daffbe 100644
--- a/pki/base/common/src/com/netscape/certsrv/jobs/IJobsScheduler.java
+++ b/pki/base/common/src/com/netscape/certsrv/jobs/IJobsScheduler.java
@@ -17,32 +17,22 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.jobs;
 
-
 import java.util.Hashtable;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * An interface that represents the job scheduler component.  A JobScheduler
+ * An interface that represents the job scheduler component. A JobScheduler
  * is a daemon thread that handles scheduled jobs like cron would
- * do with different jobs.  This daemon wakes up at a pre-configured
+ * do with different jobs. This daemon wakes up at a pre-configured
  * interval to see
  * if there is any job to be done, if so, a thread is created to execute
  * the job(s).
  * <p>
- * The interval <b>jobsScheduler.interval</b> in the configuration is
- * specified as number of minutes.  If not set, the default is 1 minute.
- * Note that the cron specification for each job CAN NOT be finer than
- * the granularity of the Scheduler daemon interval.  For example, if
- * the daemon interval is set to 5 minute, a job cron for every minute
- * at 7am on each Tuesday (e.g. * 7 * * 2) will result in the
- * execution of the job thread only once every 5 minutes during that
- * hour.  <b>The inteval value is recommended at 1 minute, setting it
- * otherwise has the potential of forever missing the beat</b>. Use
- * with caution.
- *
+ * The interval <b>jobsScheduler.interval</b> in the configuration is specified as number of minutes. If not set, the default is 1 minute. Note that the cron specification for each job CAN NOT be finer than the granularity of the Scheduler daemon interval. For example, if the daemon interval is set to 5 minute, a job cron for every minute at 7am on each Tuesday (e.g. * 7 * * 2) will result in the execution of the job thread only once every 5 minutes during that hour. <b>The inteval value is
+ * recommended at 1 minute, setting it otherwise has the potential of forever missing the beat</b>. Use with caution.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IJobsScheduler extends ISubsystem {
@@ -53,14 +43,14 @@ public interface IJobsScheduler extends ISubsystem {
 
     /**
      * constant that represents the configuration parameter
-     * "enabled" for this component in CMS.cfg.  The value of which
+     * "enabled" for this component in CMS.cfg. The value of which
      * tells CMS whether the JobsScheduler is enabled or not
      */
     public static final String PROP_ENABLED = "enabled";
 
     /**
      * constant that represents the configuration parameter
-     * "interval" for this component in CMS.cfg.  The value of which
+     * "interval" for this component in CMS.cfg. The value of which
      * tells CMS the interval that the JobsScheduler thread should
      * wake up and look for jobs to execute
      */
@@ -68,14 +58,14 @@ public interface IJobsScheduler extends ISubsystem {
 
     /**
      * constant that represents the configuration parameter
-     * "class" for this component in CMS.cfg.  The values of which are 
+     * "class" for this component in CMS.cfg. The values of which are
      * the actual implementation classes
      */
     public static final String PROP_CLASS = "class";
 
     /**
      * constant that represents the configuration parameter
-     * "job" for this component in CMS.cfg.  The values of which gives 
+     * "job" for this component in CMS.cfg. The values of which gives
      * configuration information specific to one single job instance.
      * There may be multiple jobs served by the jobsScheduler
      */
@@ -83,80 +73,86 @@ public interface IJobsScheduler extends ISubsystem {
 
     /**
      * constant that represents the configuration parameter
-     * "impl" for this component in CMS.cfg.  The values of which are
+     * "impl" for this component in CMS.cfg. The values of which are
      * actual plugin implementation(s)
      */
     public static final String PROP_IMPL = "impl";
 
     /**
      * constant that represents the configuration parameter
-     * "pluginName" for this component in CMS.cfg.  The value of which 
+     * "pluginName" for this component in CMS.cfg. The value of which
      * gives the pluginName for the job it associates with
      */
     public static final String PROP_PLUGIN = "pluginName";
 
     /**
      * Retrieves all the job implementations.
+     * 
      * @return a Hashtable of available job plugin implementations
      */
     public Hashtable<String, JobPlugin> getPlugins();
 
     /**
      * Retrieves all the job instances.
+     * 
      * @return a Hashtable of job instances
      */
-    public Hashtable<String, IJob>  getInstances();
+    public Hashtable<String, IJob> getInstances();
 
     /**
      * Retrieves the configuration parameters of the given
-     * implementation.  It is used to return to the Console for
+     * implementation. It is used to return to the Console for
      * configuration
+     * 
      * @param implName the pulubin implementation name
      * @return a String array of required configuration parameters of
-     * the given implementation.
+     *         the given implementation.
      * @exception EJobsException when job plugin implementation can
-     * not be found, instantiation is impossible, permission problem
-     * with the class.
+     *                not be found, instantiation is impossible, permission problem
+     *                with the class.
      */
-    public String[] getConfigParams(String implName) 
-        throws EJobsException;
+    public String[] getConfigParams(String implName)
+            throws EJobsException;
 
     /**
      * Writes a message to the system log.
+     * 
      * @param level an integer representing the log message level.
-     * Depending on the configuration set by the administrator, this
-     * value is a determining factor for whether this message will be
-     * actually logged or not.  The lower the level, the higher the
-     * priority, and the higher chance it will be logged.
-     * @param msg the message to be written.  Ideally should call
-     * CMS.getLogMessage() to get the localizable message 
-     * from the log properties file.
+     *            Depending on the configuration set by the administrator, this
+     *            value is a determining factor for whether this message will be
+     *            actually logged or not. The lower the level, the higher the
+     *            priority, and the higher chance it will be logged.
+     * @param msg the message to be written. Ideally should call
+     *            CMS.getLogMessage() to get the localizable message
+     *            from the log properties file.
      */
-    public void log(int level, String msg); 
+    public void log(int level, String msg);
 
     /**
      * Sets daemon's wakeup interval.
+     * 
      * @param minutes time in minutes that is to be the frequency of
-     * JobsScheduler wakeup call.
+     *            JobsScheduler wakeup call.
      */
-    public void setInterval(int minutes); 
+    public void setInterval(int minutes);
 
     /**
-     * Starts up the JobsScheduler daemon.  Usually called from the
+     * Starts up the JobsScheduler daemon. Usually called from the
      * initialization method when it's successfully initialized.
      */
     public void startDaemon();
 
     /**
-     * Creates a job cron.  Each job is associated with a "cron" which 
+     * Creates a job cron. Each job is associated with a "cron" which
      * specifies the rule of frequency that this job should be
-     * executed (e.g. every Sunday at midnight).  This method is
+     * executed (e.g. every Sunday at midnight). This method is
      * called by each job at initialization time.
-     * @param cs the string that represents the cron.  See IJobCron
-     * for detail of the format.
+     * 
+     * @param cs the string that represents the cron. See IJobCron
+     *            for detail of the format.
      * @return IJobCron an IJobCron
      * @exception EBaseException when the cron string, cs, can not be
-     * parsed correctly
+     *                parsed correctly
      */
     public IJobCron createJobCron(String cs) throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/JobPlugin.java b/pki/base/common/src/com/netscape/certsrv/jobs/JobPlugin.java
index 33b7e7f2..46a1b6d7 100644
--- a/pki/base/common/src/com/netscape/certsrv/jobs/JobPlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/jobs/JobPlugin.java
@@ -17,15 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.jobs;
 
-
-
-
 /**
  * This class represents a job plugin registered with the
- * JobScheduler.  A Job plugin can be instantiated into a Job instance 
+ * JobScheduler. A Job plugin can be instantiated into a Job instance
  * and scheduled by the JobScheduler to run at a scheduled interval
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class JobPlugin {
@@ -46,6 +43,7 @@ public class JobPlugin {
 
     /**
      * Constructor for a Job plugin.
+     * 
      * @param id job plugin name
      * @param classPath the Java class name of this job plugin
      */
@@ -56,6 +54,7 @@ public class JobPlugin {
 
     /**
      * get the job plugin name
+     * 
      * @return the name of this job plugin
      */
     public String getId() {
@@ -64,6 +63,7 @@ public class JobPlugin {
 
     /**
      * get the Java class name
+     * 
      * @return the Java class name of this plugin
      */
     public String getClassPath() {
diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/JobsResources.java b/pki/base/common/src/com/netscape/certsrv/jobs/JobsResources.java
index 9bc82826..ec33137c 100644
--- a/pki/base/common/src/com/netscape/certsrv/jobs/JobsResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/jobs/JobsResources.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.jobs;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
- * A class represents a resource bundle for the 
+ * A class represents a resource bundle for the
  * Jobs package
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class JobsResources extends ListResourceBundle {
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/EKRAException.java b/pki/base/common/src/com/netscape/certsrv/kra/EKRAException.java
index 9ab4a238..3f23bfe7 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/EKRAException.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/EKRAException.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.kra;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class represents a KRA exception. This is the base
  * exception for all the KRA specific exceptions. It is
  * associated with <CODE>KRAResources</CODE>.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EKRAException extends EBaseException {
@@ -39,11 +37,12 @@ public class EKRAException extends EBaseException {
      * KRA resource class name.
      * <P>
      */
-    private static final String KRA_RESOURCES = KRAResources.class.getName();		
+    private static final String KRA_RESOURCES = KRAResources.class.getName();
 
     /**
      * Constructs a KRA exception.
      * <P>
+     * 
      * @param msgFormat constant from KRAResources.
      */
     public EKRAException(String msgFormat) {
@@ -53,6 +52,7 @@ public class EKRAException extends EBaseException {
     /**
      * Constructs a KRA exception.
      * <P>
+     * 
      * @param msgFormat constant from KRAResources.
      * @param param additional parameters to the message.
      */
@@ -63,6 +63,7 @@ public class EKRAException extends EBaseException {
     /**
      * Constructs a KRA exception.
      * <P>
+     * 
      * @param msgFormat constant from KRAResources.
      * @param e embedded exception.
      */
@@ -73,6 +74,7 @@ public class EKRAException extends EBaseException {
     /**
      * Constructs a KRA exception.
      * <P>
+     * 
      * @param msgFormat constant from KRAResources.
      * @param params additional parameters to the message.
      */
@@ -83,6 +85,7 @@ public class EKRAException extends EBaseException {
     /**
      * Returns the bundle file name.
      * <P>
+     * 
      * @return name of bundle class associated with this exception.
      */
     protected String getBundleName() {
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IJoinShares.java b/pki/base/common/src/com/netscape/certsrv/kra/IJoinShares.java
index e130b95c..e9a5ecae 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/IJoinShares.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/IJoinShares.java
@@ -20,14 +20,17 @@ package com.netscape.certsrv.kra;
 /**
  * Use Java's reflection API to leverage CMS's
  * old Share and JoinShares implementations.
- *
+ * 
  * @deprecated
  * @version $Revision$ $Date$
  */
 public interface IJoinShares {
 
     public void initialize(int threshold) throws Exception;
+
     public void addShare(int shareNum, byte[] share);
+
     public int getShareCount();
+
     public byte[] recoverSecret();
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java b/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java
index 7be3f165..0171115e 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.kra;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -38,13 +37,12 @@ import com.netscape.certsrv.security.Credential;
 import com.netscape.certsrv.security.IStorageKeyUnit;
 import com.netscape.certsrv.security.ITransportKeyUnit;
 
-
 /**
  * An interface represents key recovery authority. The
  * key recovery authority is responsibile for archiving
  * and recovering user encryption private keys.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IKeyRecoveryAuthority extends ISubsystem {
@@ -71,7 +69,7 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
     /**
      * Returns the name of this subsystem.
      * <P>
-     *
+     * 
      * @return KRA name
      */
     public X500Name getX500Name();
@@ -79,13 +77,13 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
     /**
      * Retrieves KRA request repository.
      * <P>
-     *
+     * 
      * @return request repository
      */
     public IRequestQueue getRequestQueue();
 
     /**
-     * Retrieves the key repository. The key repository 
+     * Retrieves the key repository. The key repository
      * stores archived keys.
      * <P>
      */
@@ -93,13 +91,13 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
 
     /**
      * Retrieves the Replica ID repository.
-     *
+     * 
      * @return KRA's Replica ID repository
      */
     public IReplicaIDRepository getReplicaRepository();
 
     /**
-     * Enables the auto recovery state. Once KRA is in the auto 
+     * Enables the auto recovery state. Once KRA is in the auto
      * recovery state, no recovery agents need to be present for
      * providing credentials. This feature is for enabling
      * user-based recovery operation.
@@ -113,7 +111,7 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
 
     /**
      * Returns the current auto recovery state.
-     *
+     * 
      * @return true if auto recvoery state is on
      */
     public boolean getAutoRecoveryState();
@@ -123,7 +121,7 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
      * In distributed recovery mode, recovery agent login to the
      * agent interface and submit its credential for a particular
      * recovery operation.
-     *
+     * 
      * @param id authorization identifier
      * @param creds list of credentials
      */
@@ -131,7 +129,7 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
 
     /**
      * Removes a particular auto recovery operation.
-     *
+     * 
      * @param id authorization identifier
      */
     public void removeAutoRecovery(String id);
@@ -140,28 +138,28 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
      * Returns the number of required agents. In M-out-of-N
      * recovery schema, only M agents are required even there
      * are N agents. This method returns M.
-     *
+     * 
      * @return number of required agents
      */
     public int getNoOfRequiredAgents() throws EBaseException;
 
     /**
      * Sets the number of required recovery agents
-     *
+     * 
      * @param number number of agents
      */
     public void setNoOfRequiredAgents(int number) throws EBaseException;
 
     /**
      * Returns the current recovery identifier.
-     *
+     * 
      * @return recovery identifier
      */
     public String getRecoveryID();
 
     /**
      * Returns a list of recovery identifiers.
-     *
+     * 
      * @return list of auto recovery identifiers
      */
     public Enumeration<String> getAutoRecoveryIDs();
@@ -169,7 +167,7 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
     /**
      * Returns the storage key unit that manages the
      * stoarge key.
-     *
+     * 
      * @return storage key unit
      */
     public IStorageKeyUnit getStorageKeyUnit();
@@ -177,30 +175,30 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
     /**
      * Returns the transport key unit that manages the
      * transport key.
-     *
+     * 
      * @return transport key unit
      */
     public ITransportKeyUnit getTransportKeyUnit();
 
     /**
      * Returns the token that generates user key pairs for supporting server-side keygen
-     *
+     * 
      * @return keygen token
      */
     public CryptoToken getKeygenToken();
 
     /**
      * Adds entropy to the token used for supporting server-side keygen
-	 * Parameters are set in the config file
+     * Parameters are set in the config file
+     * 
      * @param logflag create log messages at info level to report entropy shortage
      */
-	public void addEntropy(boolean logflag);
-
+    public void addEntropy(boolean logflag);
 
     /**
      * Returns the request listener that listens on
      * the request completion event.
-     *
+     * 
      * @return request listener
      */
     public IRequestListener getRequestInQListener();
@@ -208,42 +206,42 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
     /**
      * Returns policy processor of the key recovery
      * authority.
-     *
+     * 
      * @return policy processor
      */
     public IPolicyProcessor getPolicyProcessor();
 
     /**
      * Returns the nickname of the transport certificate.
-     *
+     * 
      * @return transport certificate nickname.
      */
     public String getNickname();
 
     /**
      * Sets the nickname of the transport certificate.
-     *
+     * 
      * @param str nickname
      */
     public void setNickname(String str);
 
     /**
      * Returns the new nickname of the transport certifiate.
-     *
+     * 
      * @return new nickname
      */
     public String getNewNickName() throws EBaseException;
 
     /**
      * Sets the new nickname of the transport certifiate.
-     *
+     * 
      * @param name new nickname
      */
     public void setNewNickName(String name);
 
     /**
      * Logs event into key recovery authority logging.
-     *
+     * 
      * @param level log level
      * @param msg log message
      */
@@ -255,7 +253,7 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
      * framework will try to serialize all the attribute into
      * persistent storage. Things like passwords are not
      * desirable to be stored.
-     *
+     * 
      * @param id request id
      * @return volatile requests
      */
@@ -263,7 +261,7 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
 
     /**
      * Retrieves the request object.
-     *
+     * 
      * @param id request id
      * @return volatile requests
      */
@@ -271,32 +269,32 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
 
     /**
      * Destroys the request object.
-     *
+     * 
      * @param id request id
      */
     public void destroyVolatileRequest(RequestId id);
 
     public Vector<Credential> getAppAgents(
-        String recoveryID) throws EBaseException;
+            String recoveryID) throws EBaseException;
 
     /**
      * Creates error for a specific recovery operation.
-     *
+     * 
      * @param recoveryID recovery id
      * @param error error
      * @exception EBaseException failed to create error
      */
     public void createError(String recoveryID, String error)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves error by recovery identifier.
-     *
+     * 
      * @param recoveryID recovery id
      * @return error message
      */
     public String getError(String recoveryID)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves PKCS12 package by recovery identifier.
@@ -305,16 +303,16 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
      * @return pkcs12 package in bytes
      */
     public byte[] getPk12(String recoveryID)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Creates PKCS12 package in memory.
-     *
+     * 
      * @param recoveryID recovery id
      * @param pk12 package in bytes
-     */ 
+     */
     public void createPk12(String recoveryID, byte[] pk12)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves the transport certificate.
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java b/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java
index 5ed17453..b8973792 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.kra;
 
-
 import java.math.BigInteger;
 import java.util.Hashtable;
 
@@ -26,11 +25,10 @@ import netscape.security.x509.X509CertImpl;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.security.Credential;
 
-
 /**
  * An interface representing a recovery service.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IKeyService {
@@ -44,45 +42,49 @@ public interface IKeyService {
      */
     public int getNoOfRequiredAgents() throws EBaseException;
 
-   /**
-    * is async recovery request status APPROVED -
-    *   i.e. all required # of recovery agents approved
-    * @param reqID request id
-    * @return true if  # of recovery required agents approved; false otherwise
-    */
+    /**
+     * is async recovery request status APPROVED -
+     * i.e. all required # of recovery agents approved
+     * 
+     * @param reqID request id
+     * @return true if # of recovery required agents approved; false otherwise
+     */
     public boolean isApprovedAsyncKeyRecovery(String reqID)
-        throws EBaseException;
+            throws EBaseException;
 
-   /**
-    * get async recovery request initiating agent
-    * @param reqID request id
-    * @return agentUID
-    */
+    /**
+     * get async recovery request initiating agent
+     * 
+     * @param reqID request id
+     * @return agentUID
+     */
     public String getInitAgentAsyncKeyRecovery(String reqID)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Initiate asynchronous key recovery
+     * 
      * @param kid key identifier
      * @param cert certificate embedded in PKCS12
      * @return requestId
      * @exception EBaseException failed to initiate async recovery
      */
     public String initAsyncKeyRecovery(BigInteger kid, X509CertImpl cert, String agent)
-         throws EBaseException;
+            throws EBaseException;
 
     /**
      * add approving agent in asynchronous key recovery
+     * 
      * @param reqID request id
      * @param agentID agent id
      * @exception EBaseException failed to initiate async recovery
      */
     public void addAgentAsyncKeyRecovery(String reqID, String agentID)
-         throws EBaseException;
+            throws EBaseException;
 
     /**
      * Performs administrator-initiated key recovery.
-     *
+     * 
      * @param kid key identifier
      * @param creds list of credentials (id and password)
      * @param pwd password to protect PKCS12
@@ -92,87 +94,84 @@ public interface IKeyService {
      * @exception EBaseException failed to perform recovery
      */
     public byte[] doKeyRecovery(BigInteger kid,
-        Credential creds[], String pwd, X509CertImpl cert,
-        String delivery, String nickname, String agent) throws EBaseException;
+            Credential creds[], String pwd, X509CertImpl cert,
+            String delivery, String nickname, String agent) throws EBaseException;
 
-     /**
+    /**
      * Async Recovers key for administrators. This method is
      * invoked by the agent operation of the key recovery servlet.
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever
-     * a user private key recovery request is made (this is when the DRM
-     * receives the request)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used whenever
-     * a user private key recovery request is processed (this is when the DRM
-     * processes the request)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever a user private key recovery request is made (this is when the DRM receives the request)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used whenever a user private key recovery request is processed (this is when the DRM processes the request)
      * </ul>
-     * @param reqID  request id
+     * 
+     * @param reqID request id
      * @param password password of the PKCS12 package
-     * subsystem
+     *            subsystem
      * @exception EBaseException failed to recover key
      * @return a byte array containing the key
      */
     public byte[] doKeyRecovery(
-        String reqID,
-        String password)
-        throws EBaseException;
+            String reqID,
+            String password)
+            throws EBaseException;
 
     /**
      * Retrieves recovery identifier.
-     *
+     * 
      * @return recovery id
      */
     public String getRecoveryID();
 
     /**
      * Creates recovery parameters for the given recovery operation.
-     *
+     * 
      * @param recoveryID recovery id
      * @return recovery parameters
      * @exception EBaseException failed to create
      */
     public Hashtable<String, Object> createRecoveryParams(String recoveryID)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Destroys recovery parameters for the given recovery operation.
-     *
+     * 
      * @param recoveryID recovery id
      * @exception EBaseException failed to destroy
      */
-    public void destroyRecoveryParams(String recoveryID) 
-        throws EBaseException;
+    public void destroyRecoveryParams(String recoveryID)
+            throws EBaseException;
 
     /**
      * Retrieves recovery parameters for the given recovery operation.
-     *
+     * 
      * @param recoveryID recovery id
      * @return recovery parameters
      * @exception EBaseException failed to retrieve
      */
     public Hashtable<String, Object> getRecoveryParams(String recoveryID)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Adds password in the distributed recovery operation.
-     *
+     * 
      * @param recoveryID recovery id
      * @param uid agent uid
      * @param pwd agent password
      * @exception EBaseException failed to add
      */
-    public void addDistributedCredential(String recoveryID, 
-        String uid, String pwd) throws EBaseException;
+    public void addDistributedCredential(String recoveryID,
+            String uid, String pwd) throws EBaseException;
 
     /**
      * Retrieves credentials in the distributed recovery operation.
-     *
+     * 
      * @param recoveryID recovery id
      * @return agent's credentials
      * @exception EBaseException failed to retrieve
      */
-    public Credential[] getDistributedCredentials(String recoveryID) 
-        throws EBaseException;
+    public Credential[] getDistributedCredentials(String recoveryID)
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IProofOfArchival.java b/pki/base/common/src/com/netscape/certsrv/kra/IProofOfArchival.java
index 1b484b66..20ac336e 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/IProofOfArchival.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/IProofOfArchival.java
@@ -17,15 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.kra;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 
-
 /**
  * An interface represents a proof of archival.
  * <P>
  * Here is the ASN1 definition of a proof of escrow:
+ * 
  * <PRE>
  * ProofOfArchival ::= SIGNED {
  *   SEQUENCE {
@@ -46,35 +45,35 @@ public interface IProofOfArchival {
 
     /**
      * Retrieves version of this proof.
-     *
+     * 
      * @return version
      */
     public BigInteger getVersion();
 
     /**
      * Retrieves the serial number.
-     *
+     * 
      * @return serial number
      */
     public BigInteger getSerialNumber();
 
     /**
      * Retrieves the subject name.
-     *
+     * 
      * @return subject name
      */
     public String getSubjectName();
 
     /**
      * Retrieves the issuer name.
-     *
+     * 
      * @return issuer name
      */
     public String getIssuerName();
 
     /**
      * Returns the beginning of the escrowed perioid.
-     *
+     * 
      * @return date of archival
      */
     public Date getDateOfArchival();
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IShare.java b/pki/base/common/src/com/netscape/certsrv/kra/IShare.java
index c4d58f0a..19e7d7ce 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/IShare.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/IShare.java
@@ -20,13 +20,14 @@ package com.netscape.certsrv.kra;
 /**
  * Use Java's reflection API to leverage CMS's
  * old Share and JoinShares implementations.
- *
+ * 
  * @deprecated
  * @version $Revision$ $Date$
  */
 public interface IShare {
 
     public void initialize(byte[] secret, int threshold) throws Exception;
+
     public byte[] createShare(int sharenumber);
 
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/KRAResources.java b/pki/base/common/src/com/netscape/certsrv/kra/KRAResources.java
index 40e0ee17..14b686e6 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/KRAResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/KRAResources.java
@@ -17,10 +17,8 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.kra;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for KRA subsystem.
  * <P>
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java b/pki/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java
index ca575396..9d17cbbb 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.kra;
 
-
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.Serializable;
@@ -42,17 +41,17 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
  * A class represents a proof of escrow. It indicates a key
- * pairs have been escrowed by appropriate authority. The 
- * structure of this object is very similar (if not exact) to 
- * X.509 certificate. A proof of escrow is signed by an escrow 
+ * pairs have been escrowed by appropriate authority. The
+ * structure of this object is very similar (if not exact) to
+ * X.509 certificate. A proof of escrow is signed by an escrow
  * authority. It is possible to have a CMS policy to reject
  * the certificate issuance request if proof of escrow is not
  * presented.
  * <P>
  * Here is the ASN1 definition of a proof of escrow:
+ * 
  * <PRE>
  * ProofOfEscrow ::= SIGNED {
  *   SEQUENCE {
@@ -106,13 +105,14 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     /**
      * Constructs a proof of escrow.
      * <P>
+     * 
      * @param serialNo serial number of proof
      * @param subject subject name
      * @param issuer issuer name
      * @param dateOfArchival date of archival
      */
     public ProofOfArchival(BigInteger serialNo, String subject,
-        String issuer, Date dateOfArchival) {
+            String issuer, Date dateOfArchival) {
         mVersion = DEFAULT_VERSION;
         mSerialNo = serialNo;
         mSubject = subject;
@@ -123,6 +123,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     /**
      * Constructs proof of escrow from input stream.
      * <P>
+     * 
      * @param in encoding source
      * @exception EBaseException failed to decode
      */
@@ -133,6 +134,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     /**
      * Sets an attribute value.
      * <P>
+     * 
      * @param name attribute name
      * @param obj attribute value
      * @exception EBaseException failed to set attribute
@@ -157,6 +159,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     /**
      * Retrieves the value of an named attribute.
      * <P>
+     * 
      * @param name attribute name
      * @return attribute value
      * @exception EBaseException failed to get attribute
@@ -177,10 +180,11 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
                     CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", name));
         }
     }
-	
+
     /**
      * Deletes an attribute.
      * <P>
+     * 
      * @param name attribute name
      * @exception EBaseException failed to get attribute
      */
@@ -188,11 +192,11 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
         throw new EBaseException(
                 CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", name));
     }
-	
+
     /**
      * Retrieves a list of possible attribute names.
      * <P>
-     *
+     * 
      * @return a list of names
      */
     public Enumeration<String> getElements() {
@@ -207,11 +211,12 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     public Enumeration<String> getSerializableAttrNames() {
         return mNames.elements();
     }
-	
+
     /**
      * Retrieves version of this proof.
      * <P>
-     * @return version 
+     * 
+     * @return version
      */
     public BigInteger getVersion() {
         return mVersion;
@@ -220,7 +225,8 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     /**
      * Retrieves the serial number.
      * <P>
-     * @return serial number 
+     * 
+     * @return serial number
      */
     public BigInteger getSerialNumber() {
         return mSerialNo;
@@ -229,6 +235,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     /**
      * Retrieves the subject name.
      * <P>
+     * 
      * @return subject name
      */
     public String getSubjectName() {
@@ -238,6 +245,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     /**
      * Retrieves the issuer name.
      * <P>
+     * 
      * @return issuer name
      */
     public String getIssuerName() {
@@ -247,6 +255,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     /**
      * Returns the beginning of the escrowed perioid.
      * <P>
+     * 
      * @return date of archival
      */
     public Date getDateOfArchival() {
@@ -254,7 +263,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     }
 
     /**
-     * Encodes this proof of escrow into the given 
+     * Encodes this proof of escrow into the given
      * output stream.
      * <P>
      */
@@ -268,10 +277,10 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
 
                 version.putInteger(new BigInt(mVersion));
                 seq.write(DerValue.createTag(
-                        DerValue.TAG_CONTEXT, true, (byte) 0), 
-                    version);
+                        DerValue.TAG_CONTEXT, true, (byte) 0),
+                        version);
             }
-	
+
             // serial number
             DerOutputStream serialno = new DerOutputStream();
 
@@ -289,7 +298,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
 
             // issue date
             seq.putUTCTime(mDateOfArchival);
-            out.write(DerValue.tag_Sequence, seq);	
+            out.write(DerValue.tag_Sequence, seq);
 
         } catch (IOException e) {
             throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED", e.toString()));
@@ -300,9 +309,9 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
      * Encodes and signs this proof of escrow.
      * <P>
      */
-    public void encodeAndSign(PrivateKey key, String algorithm, 
-        String provider, DerOutputStream out) 
-        throws EBaseException {
+    public void encodeAndSign(PrivateKey key, String algorithm,
+            String provider, DerOutputStream out)
+            throws EBaseException {
 
         try {
             Signature sigEngine = null;
@@ -310,7 +319,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
             if (provider == null) {
                 sigEngine = Signature.getInstance(algorithm);
             } else {
-                sigEngine = Signature.getInstance(algorithm, 
+                sigEngine = Signature.getInstance(algorithm,
                             provider);
             }
 
@@ -357,7 +366,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
 
             DerValue val = new DerValue(in);
 
-            DerValue seq[] = new DerValue[3]; 
+            DerValue seq[] = new DerValue[3];
 
             seq[0] = val.data.getDerValue();
             if (seq[0].tag == DerValue.tag_Sequence) {
@@ -365,12 +374,12 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
                 seq[1] = val.data.getDerValue();
                 seq[2] = val.data.getDerValue();
                 if (seq[1].data.available() != 0) {
-                    throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1", 
+                    throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1",
                                 "no algorithm found"));
                 }
 
                 if (seq[2].data.available() != 0) {
-                    throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1", 
+                    throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1",
                                 "no signature found"));
                 }
 
@@ -391,14 +400,14 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
      * Decodes proof of escrow.
      * <P>
      */
-    private void decodePOA(DerValue val, DerValue preprocessed) 
-        throws EBaseException {
+    private void decodePOA(DerValue val, DerValue preprocessed)
+            throws EBaseException {
         try {
             DerValue tmp = null;
 
             if (preprocessed == null) {
                 if (val.tag != DerValue.tag_Sequence) {
-                    throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1", 
+                    throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1",
                                 "not start with sequence"));
                 }
                 tmp = val.data.getDerValue();
@@ -429,7 +438,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
 
             // mSubject = new X500Name(subject); // doesnt work
             mSubject = new String(subject.toByteArray());
-		
+
             // issuer
             DerValue issuer = val.data.getDerValue();
 
@@ -443,15 +452,15 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     }
 
     /**
-     * Retrieves the string reprensetation of this 
+     * Retrieves the string reprensetation of this
      * proof of archival.
      */
     public String toString() {
         return "Version: " + mVersion.toString() + "\n" +
-            "SerialNo: " + mSerialNo.toString() + "\n" +
-            "Subject: " + mSubject + "\n" +
-            "Issuer: " + mIssuer + "\n" +
-            "DateOfArchival: " + mDateOfArchival.toString();
+                "SerialNo: " + mSerialNo.toString() + "\n" +
+                "Subject: " + mSubject + "\n" +
+                "Issuer: " + mIssuer + "\n" +
+                "DateOfArchival: " + mDateOfArchival.toString();
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ELdapException.java b/pki/base/common/src/com/netscape/certsrv/ldap/ELdapException.java
index ab2d361b..8c1d2d4a 100644
--- a/pki/base/common/src/com/netscape/certsrv/ldap/ELdapException.java
+++ b/pki/base/common/src/com/netscape/certsrv/ldap/ELdapException.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ldap;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class that represents a Ldap exception. Various
  * errors can occur when interacting with a Ldap directory server.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ELdapException extends EBaseException {
@@ -37,23 +35,25 @@ public class ELdapException extends EBaseException {
     /**
      * Ldap resource class name.
      */
-    private static final String LDAP_RESOURCES = LdapResources.class.getName();		
+    private static final String LDAP_RESOURCES = LdapResources.class.getName();
 
     /**
-     * Constructs a Ldap  exception.
+     * Constructs a Ldap exception.
+     * 
      * @param msgFormat Resource Key, if key not present, serves as the message.
-     * <P>
+     *            <P>
      */
     public ELdapException(String msgFormat) {
         super(msgFormat);
     }
 
     /**
-     * Constructs a Ldap  exception.
+     * Constructs a Ldap exception.
+     * 
      * @param msgFormat Resource Key, if key not present, serves as the message.
-     * Include a message string parameter for variable content.
+     *            Include a message string parameter for variable content.
      * @param param Message string parameter.
-     * <P>
+     *            <P>
      */
     public ELdapException(String msgFormat, String param) {
         super(msgFormat, param);
@@ -61,19 +61,21 @@ public class ELdapException extends EBaseException {
 
     /**
      * Constructs a Ldap exception.
+     * 
      * @param msgFormat Resource Key, if key not present, serves as the message.
-     * @param e  Common exception.
-     * <P>
+     * @param e Common exception.
+     *            <P>
      */
     public ELdapException(String msgFormat, Exception e) {
         super(msgFormat, e);
     }
 
     /**
-     * Constructs a Ldap  exception.
+     * Constructs a Ldap exception.
+     * 
      * @param msgFormat Resource Key, if key not present, serves as the message.
      * @param params Array of Message string parameters.
-     * <P>
+     *            <P>
      */
     public ELdapException(String msgFormat, Object params[]) {
         super(msgFormat, params);
@@ -81,8 +83,9 @@ public class ELdapException extends EBaseException {
 
     /**
      * Gets the resource bundle name
+     * 
      * @return Name of the Ldap Exception resource bundle name.
-     * <p>
+     *         <p>
      */
     protected String getBundleName() {
         return LDAP_RESOURCES;
diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ELdapServerDownException.java b/pki/base/common/src/com/netscape/certsrv/ldap/ELdapServerDownException.java
index ead1a020..f347b171 100644
--- a/pki/base/common/src/com/netscape/certsrv/ldap/ELdapServerDownException.java
+++ b/pki/base/common/src/com/netscape/certsrv/ldap/ELdapServerDownException.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ldap;
 
-
 /**
  * This represents exception which indicates Ldap server is down.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ELdapServerDownException extends ELdapException {
@@ -32,6 +31,7 @@ public class ELdapServerDownException extends ELdapException {
 
     /**
      * Constructs a ldap server down exception with host & port info.
+     * 
      * @param errorString Detailed error message.
      */
     public ELdapServerDownException(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapAuthInfo.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapAuthInfo.java
index 46082c73..4325f077 100644
--- a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapAuthInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapAuthInfo.java
@@ -17,11 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ldap;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
-
 /**
  * Class for obtaining ldap authentication info from the configuration store.
  * Two types of authentication is basic and SSL client authentication.
@@ -39,28 +37,30 @@ public interface ILdapAuthInfo {
     static public final String LDAP_BASICAUTH_STR = "BasicAuth";
     static public final String LDAP_SSLCLIENTAUTH_STR = "SslClientAuth";
 
-    static public final int LDAP_AUTHTYPE_NONE = 0;  // illegal
+    static public final int LDAP_AUTHTYPE_NONE = 0; // illegal
     static public final int LDAP_AUTHTYPE_BASICAUTH = 1;
     static public final int LDAP_AUTHTYPE_SSLCLIENTAUTH = 2;
 
     /**
      * Initialize this class from the config store.
+     * 
      * @param config The config store from which to initialize.
      * @exception EBaseException Due to failure of the initialization process.
-     *
+     * 
      */
     public void init(IConfigStore config) throws EBaseException;
 
     /**
-     * Initialize this class from the config store. 
+     * Initialize this class from the config store.
      * Based on host, port, and secure boolean info.
      * which allows an actual attempt on the server to verify credentials.
+     * 
      * @param config The config store from which to initialize.
      * @exception EBaseException Due to failure of the initialization process.
-     *
+     * 
      */
     public void init(IConfigStore config, String host, int port, boolean secure)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Reset the connection to the host
@@ -68,28 +68,32 @@ public interface ILdapAuthInfo {
     public void reset();
 
     /**
-     * Get authentication type. 
+     * Get authentication type.
+     * 
      * @return one of: <br>
-     *		LdapAuthInfo.LDAP_AUTHTYPE_BASICAUTH or 
-     *		LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH
+     *         LdapAuthInfo.LDAP_AUTHTYPE_BASICAUTH or
+     *         LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH
      */
     public int getAuthType();
 
     /**
      * Get params for authentication.
+     * 
      * @return array of parameters for this authentication as an array of Strings.
      */
     public String[] getParms();
 
     /**
      * Add password to private password data structure.
+     * 
      * @param prompt Password prompt.
-     * @param pw     Password itself.
+     * @param pw Password itself.
      */
     public void addPassword(String prompt, String pw);
 
     /**
      * Remove password from private password data structure.
+     * 
      * @param prompt Identify password to remove with prompt.
      */
     public void removePassword(String prompt);
diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapBoundConnFactory.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapBoundConnFactory.java
index ef3e1742..846f5174 100644
--- a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapBoundConnFactory.java
+++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapBoundConnFactory.java
@@ -17,9 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ldap;
 
-
-
-
 /**
  * Maintains a pool of connections to the LDAP server.
  * CMS requests are processed on a multi threaded basis.
@@ -28,7 +25,7 @@ package com.netscape.certsrv.ldap;
  * max size of this connection pool should be configurable. Once
  * the maximum limit of connections is exceeded, the factory
  * should provide proper synchronization to resolve contention issues.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILdapBoundConnFactory extends ILdapConnFactory {
diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnFactory.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnFactory.java
index f706c2ec..738f5832 100644
--- a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnFactory.java
+++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnFactory.java
@@ -17,76 +17,81 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ldap;
 
-
 import netscape.ldap.LDAPConnection;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
-
 /**
  * Maintains a pool of connections to the LDAP server.
  * Multiple threads use this interface to utilize and release
  * the Ldap connection resources.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILdapConnFactory {
 
-    /** 
+    /**
      * Initialize the poll from the config store.
+     * 
      * @param config The configuration substore.
      * @exception EBaseException On configuration error.
-     * @exception ELdapException On all other errors. 
+     * @exception ELdapException On all other errors.
      */
-    public void init(IConfigStore config) 
-        throws EBaseException, ELdapException;
+    public void init(IConfigStore config)
+            throws EBaseException, ELdapException;
 
     /**
-     *
-     * Used for disconnecting all connections. 
+     * 
+     * Used for disconnecting all connections.
      * Used just before a subsystem
      * shutdown or process exit.
+     * 
      * @exception EldapException on Ldap failure when closing connections.
      */
-    public void reset() 
-        throws ELdapException;
+    public void reset()
+            throws ELdapException;
 
     /**
      * Returns the number of free connections available from this pool.
-     * @return Integer number of free connections. 
-     */ 
+     * 
+     * @return Integer number of free connections.
+     */
 
     public int freeConn();
 
     /**
      * Returns the number of total connections available from this pool.
      * Includes sum of free and in use connections.
+     * 
      * @return Integer number of total connections.
      */
     public int totalConn();
 
     /**
      * Returns the maximum number of connections available from this pool.
+     * 
      * @return Integer maximum number of connections.
      */
     public int maxConn();
 
-    /** 
-     * Request access to a Ldap connection from the pool. 
-     * @exception ELdapException if any error occurs, such as a 
+    /**
+     * Request access to a Ldap connection from the pool.
+     * 
+     * @exception ELdapException if any error occurs, such as a
      * @return Ldap connection object.
-     * connection is not available 
+     *         connection is not available
      */
-    public LDAPConnection getConn() 
-        throws ELdapException;
+    public LDAPConnection getConn()
+            throws ELdapException;
 
     /**
      * Return connection to the factory. mandatory after a getConn().
+     * 
      * @param conn Ldap connection object to be returned to the free list of the pool.
      * @exception ELdapException On any failure to return the connection.
      */
-    public void returnConn(LDAPConnection conn) 
-        throws ELdapException;
+    public void returnConn(LDAPConnection conn)
+            throws ELdapException;
 
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnInfo.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnInfo.java
index 4cffbe45..aa5b388a 100644
--- a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnInfo.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ldap;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
-
 /**
  * Class for reading ldap connection information from the config store.
  * Ldap connection info: host name, port number,whether of not it is a secure connection.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILdapConnInfo {
@@ -42,23 +40,23 @@ public interface ILdapConnInfo {
 
     /**
      * Initializes an instance from a config store.
+     * 
      * @param config Configuration store.
      * @exception ELdapException Ldap related error found.
-     * @exception EBaseException Other errors and errors with params included in the config store. 
+     * @exception EBaseException Other errors and errors with params included in the config store.
      */
     public void init(IConfigStore config) throws EBaseException, ELdapException;
 
     /**
-     *  Return the name of the Host.
-     *
+     * Return the name of the Host.
+     * 
      */
 
-    
     public String getHost();
 
     /**
      * Return the port number of the host.
-     *
+     * 
      */
     public int getPort();
 
diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnModule.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnModule.java
index 8d912fc5..efa1c271 100644
--- a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnModule.java
+++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnModule.java
@@ -17,31 +17,30 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ldap;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
  * Class on behalf of the Publishing system that controls an instance of an ILdapConnFactory.
  * Allows a factory to be intialized and grants access
  * to the factory to other interested parties.
- *
+ * 
  * @version $Revision$, $Date$
  */
- 
+
 public interface ILdapConnModule {
 
     /**
      * Initialize ldap publishing module with config store.
+     * 
      * @param owner Entity that is interested in this instance of Publishing.
      * @param config Config store containing the info needed to set up Publishing.
      * @exception ELdapException Due to Ldap error.
      * @exception EBaseException Due to config value errors and all other errors.
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException, ELdapException;
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException, ELdapException;
 
     /**
      * Returns the internal ldap connection factory.
@@ -52,10 +51,9 @@ public interface ILdapConnModule {
      * Use ILdapConnFactory.getConn() to get a Ldap connection to the ldap
      * publishing directory.
      * Use ILdapConnFactory.returnConn() to return the connection.
-     *
+     * 
      * @return Instance of ILdapConnFactory.
      */
 
     public ILdapConnFactory getLdapConnFactory();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/LdapResources.java b/pki/base/common/src/com/netscape/certsrv/ldap/LdapResources.java
index 26149738..332fcadd 100644
--- a/pki/base/common/src/com/netscape/certsrv/ldap/LdapResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/ldap/LdapResources.java
@@ -17,10 +17,8 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ldap;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A resource bundle for ldap subsystem.
  * 
@@ -36,7 +34,7 @@ public class LdapResources extends ListResourceBundle {
     }
 
     /**
-     * Constants. The suffix represents the number of 
+     * Constants. The suffix represents the number of
      * possible parameters.
      */
 
diff --git a/pki/base/common/src/com/netscape/certsrv/listeners/EListenersException.java b/pki/base/common/src/com/netscape/certsrv/listeners/EListenersException.java
index c498ca3d..6aee21ff 100644
--- a/pki/base/common/src/com/netscape/certsrv/listeners/EListenersException.java
+++ b/pki/base/common/src/com/netscape/certsrv/listeners/EListenersException.java
@@ -17,13 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.listeners;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class represents a listener exception.
  * <P>
+ * 
  * @version $Revision$, $Date$
  */
 public class EListenersException extends EBaseException {
@@ -40,8 +39,9 @@ public class EListenersException extends EBaseException {
     /**
      * Constructs a listeners exception.
      * <P>
+     * 
      * @param msgFormat The error message resource key.
-    */
+     */
     public EListenersException(String msgFormat) {
         super(msgFormat);
     }
@@ -49,6 +49,7 @@ public class EListenersException extends EBaseException {
     /**
      * Constructs a listeners exception.
      * <P>
+     * 
      * @param msgFormat exception details in message string format.
      * @param param message string parameter.
      */
@@ -59,27 +60,31 @@ public class EListenersException extends EBaseException {
     /**
      * Constructs a Listeners exception.
      * <P>
+     * 
      * @param msgFormat The resource key.
      * @param e The parameter as an exception.
      */
     public EListenersException(String msgFormat, Exception e) {
         super(msgFormat, e);
     }
-    
+
     /**
      * Constructs a Listeners exception.
      * <P>
+     * 
      * @param msgFormat The resource key.
      * @param params Array of params.
      */
     public EListenersException(String msgFormat, Object params[]) {
         super(msgFormat, params);
     }
+
     /**
      * get the listener resource class name.
      * <P>
+     * 
      * @return the class name of the resource.
-    */
+     */
     protected String getBundleName() {
         return LISTENERS_RESOURCES;
     }
diff --git a/pki/base/common/src/com/netscape/certsrv/listeners/IRequestListenerPlugin.java b/pki/base/common/src/com/netscape/certsrv/listeners/IRequestListenerPlugin.java
index b0cb173c..c615586d 100644
--- a/pki/base/common/src/com/netscape/certsrv/listeners/IRequestListenerPlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/listeners/IRequestListenerPlugin.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.listeners;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
@@ -25,54 +24,63 @@ import com.netscape.certsrv.base.IConfigStore;
  * This interface represents a plug-in listener. Implement this class to
  * add the listener to an ARequestNotifier of a subsystem.
  * <P>
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRequestListenerPlugin {
-    
+
     /**
      * get the registered class name set in the init() method.
      * <P>
-     *  @return the Name.
+     * 
+     * @return the Name.
      */
     public String getName();
-    
+
     /**
      * get the plugin implementaion name set in the init() method.
      * <P>
+     * 
      * @return the plugin implementation name.
      */
     public String getImplName();
-    
+
     /**
      * the subsystem call this method to initialize the plug-in.
      * <P>
+     * 
      * @param name the registered class name of the plug-in.
      * @param implName the implemetnation name of the plug-in.
      * @param config the configuration store where the.
-     * properties of the plug-in are stored.
+     *            properties of the plug-in are stored.
      * @exception EBaseException throws base exception in the certificate server.
      */
-    public void   init(String name, String implName, IConfigStore config)
-    throws EBaseException;
+    public void init(String name, String implName, IConfigStore config)
+            throws EBaseException;
+
     /**
      * shutdown the plugin.
      */
     public void shutdown();
+
     /**
      * get the configuration parameters of the plug-in.
      * <P>
+     * 
      * @return the configuration parameters.
      * @exception EBaseException throws base exception in the certificate server.
      */
     public String[] getConfigParams()
-    throws EBaseException;
+            throws EBaseException;
+
     /**
      * get the configuration store of the plugin where the
      * configuration parameters of the plug-in are stored.
      * <P>
+     * 
      * @return the configuration store.
      */
-    
+
     public IConfigStore getConfigStore();
-    
+
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/listeners/ListenersResources.java b/pki/base/common/src/com/netscape/certsrv/listeners/ListenersResources.java
index 199941be..9eaf4137 100644
--- a/pki/base/common/src/com/netscape/certsrv/listeners/ListenersResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/listeners/ListenersResources.java
@@ -17,13 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.listeners;
 
-
 import java.util.ListResourceBundle;
 
 /**
- * A class represents a resource bundle for the 
+ * A class represents a resource bundle for the
  * listeners package.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ListenersResources extends ListResourceBundle {
@@ -31,11 +30,13 @@ public class ListenersResources extends ListResourceBundle {
     /**
      * get the content of the resource.
      * <P>
+     * 
      * @return the content of this resource is a value pairs array of keys and values.
      */
     public Object[][] getContents() {
         return contents;
     }
+
     static final Object[][] contents = {
         };
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/AuditEvent.java b/pki/base/common/src/com/netscape/certsrv/logging/AuditEvent.java
index 4f7e64f2..aa0077b0 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/AuditEvent.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/AuditEvent.java
@@ -17,20 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.text.MessageFormat;
 import java.util.Locale;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.MessageFormatter;
 
-
 /**
  * The log event object that carries message detail of a log event
- * that goes into the Transaction log.  Note that the name of this
- * class "AuditEvent" is legacy and  has nothing to do with the signed 
+ * that goes into the Transaction log. Note that the name of this
+ * class "AuditEvent" is legacy and has nothing to do with the signed
  * audit log events, whcih are represented by SignedAuditEvent.
- *
+ * 
  * @version $Revision$, $Date$
  * @see java.text.MessageFormat
  * @see com.netscape.certsrv.logging.LogResources
@@ -56,12 +54,12 @@ public class AuditEvent implements IBundleLogEvent {
      * The bundle name for this event.
      */
     private String mBundleName = LogResources.class.getName();
-    private static final String INVALID_LOG_LEVEL="log level: {0} is invalid, should be 0-6";
+    private static final String INVALID_LOG_LEVEL = "log level: {0} is invalid, should be 0-6";
 
     /**
      * Constructs a message event
      * <P>
-     *
+     * 
      * @param msgFormat the message string
      */
     public AuditEvent(String msgFormat) {
@@ -71,11 +69,12 @@ public class AuditEvent implements IBundleLogEvent {
 
     /**
      * Constructs a message with a parameter. For example,
+     * 
      * <PRE>
-     *         new AuditEvent("failed to load {0}", fileName);
+     * new AuditEvent(&quot;failed to load {0}&quot;, fileName);
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat details in message string format
      * @param param message string parameter
      */
@@ -89,6 +88,7 @@ public class AuditEvent implements IBundleLogEvent {
      * Constructs a message from an exception. It can be used to carry
      * a system exception that may contain information about
      * the context. For example,
+     * 
      * <PRE>
      *         try {
      *          ...
@@ -97,7 +97,7 @@ public class AuditEvent implements IBundleLogEvent {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param exception system exception
      */
@@ -110,6 +110,7 @@ public class AuditEvent implements IBundleLogEvent {
     /**
      * Constructs a message from a base exception. This will use the msgFormat
      * from the exception itself.
+     * 
      * <PRE>
      *         try {
      *          ...
@@ -118,7 +119,7 @@ public class AuditEvent implements IBundleLogEvent {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param e CMS exception
      */
     public AuditEvent(Exception e) {
@@ -135,7 +136,7 @@ public class AuditEvent implements IBundleLogEvent {
      * Constructs a message event with a list of parameters
      * that will be substituted into the message format.
      * <P>
-     *
+     * 
      * @param msgFormat message string format
      * @param params list of message format parameters
      */
@@ -147,7 +148,7 @@ public class AuditEvent implements IBundleLogEvent {
     /**
      * Returns the current message format string.
      * <P>
-     *
+     * 
      * @return details message
      */
     public String getMessage() {
@@ -157,7 +158,7 @@ public class AuditEvent implements IBundleLogEvent {
     /**
      * Returns a list of parameters.
      * <P>
-     *
+     * 
      * @return list of message format parameters
      */
     public Object[] getParameters() {
@@ -168,7 +169,7 @@ public class AuditEvent implements IBundleLogEvent {
      * Returns localized message string. This method should
      * only be called if a localized string is necessary.
      * <P>
-     *
+     * 
      * @return details message
      */
     public String toContent() {
@@ -178,7 +179,7 @@ public class AuditEvent implements IBundleLogEvent {
     /**
      * Returns the string based on the given locale.
      * <P>
-     *
+     * 
      * @param locale locale
      * @return details message
      */
@@ -189,8 +190,9 @@ public class AuditEvent implements IBundleLogEvent {
     }
 
     /**
-     * Gets the resource bundle name for this class instance.  This should
+     * Gets the resource bundle name for this class instance. This should
      * be overridden by subclasses who have their own resource bundles.
+     * 
      * @param bundle String that represents the resource bundle name to be set
      */
     public void setBundleName(String bundle) {
@@ -199,6 +201,7 @@ public class AuditEvent implements IBundleLogEvent {
 
     /**
      * Retrieves bundle name.
+     * 
      * @return a String that represents the resource bundle name
      */
     protected String getBundleName() {
@@ -207,8 +210,9 @@ public class AuditEvent implements IBundleLogEvent {
 
     /**
      * Retrieves log source.
+     * 
      * @return an integer that indicates the component source
-     * where this message event was triggered
+     *         where this message event was triggered
      */
     public int getSource() {
         return mSource;
@@ -216,18 +220,19 @@ public class AuditEvent implements IBundleLogEvent {
 
     /**
      * Sets log source.
+     * 
      * @param source an integer that represents the component source
-     * where this message event was triggered
+     *            where this message event was triggered
      */
     public void setSource(int source) {
         mSource = source;
     }
 
-    
     /**
      * Retrieves log level.
      * The log level of an event represents its relative importance
      * or severity within CMS.
+     * 
      * @return Integer log level value.
      */
     public int getLevel() {
@@ -236,6 +241,7 @@ public class AuditEvent implements IBundleLogEvent {
 
     /**
      * Retrieves NT specific log event type.
+     * 
      * @return Integer NTEventType value.
      */
     public int getNTEventType() {
@@ -246,6 +252,7 @@ public class AuditEvent implements IBundleLogEvent {
      * Sets log level, NT log event type.
      * For certain log levels the NT log event type gets
      * set as well.
+     * 
      * @param level Integer log level value.
      */
     public void setLevel(int level) {
@@ -273,12 +280,13 @@ public class AuditEvent implements IBundleLogEvent {
             break;
         }
     }
-   
+
     /**
      * Retrieves log multiline attribute.
+     * 
      * @return Boolean whether or not this event is multiline.
-     * A multiline message simply consists of more than one line.
-     */ 
+     *         A multiline message simply consists of more than one line.
+     */
     public boolean getMultiline() {
         return mMultiline;
     }
@@ -286,6 +294,7 @@ public class AuditEvent implements IBundleLogEvent {
     /**
      * Sets log multiline attribute. A multiline message consists of
      * more than one line.
+     * 
      * @param multiline Boolean multiline value.
      */
     public void setMultiline(boolean multiline) {
@@ -294,26 +303,27 @@ public class AuditEvent implements IBundleLogEvent {
 
     /**
      * Retrieves event time stamp.
+     * 
      * @return Long integer of the time the event was created.
      */
     public long getTimeStamp() {
         return mTimeStamp;
     }
 
-    
     /**
      * Retrieves log event type. Each type of event
      * has an associated String type value.
+     * 
      * @return String containing the type of event.
      */
     public String getEventType() {
         return mEventType;
     }
 
-    
     /**
      * Sets log event type. Each type of event
      * has an associated String type value.
+     * 
      * @param eventType String containing the type of event.
      */
     public void setEventType(String eventType) {
@@ -321,9 +331,10 @@ public class AuditEvent implements IBundleLogEvent {
     }
 
     /**
-    * Return string representation of log message.
-    * @return String containing log message.
-    */
+     * Return string representation of log message.
+     * 
+     * @return String containing log message.
+     */
     public String toString() {
         if (getBundleName() == null) {
             MessageFormat detailMessage = new MessageFormat(mMessage);
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/AuditFormat.java b/pki/base/common/src/com/netscape/certsrv/logging/AuditFormat.java
index 8d870ad9..81253ff5 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/AuditFormat.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/AuditFormat.java
@@ -17,12 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 /**
  * Define audit log message format. Note that the name of this
- * class "AuditFormat" is legacy and  has nothing to do with the signed 
+ * class "AuditFormat" is legacy and has nothing to do with the signed
  * audit log events format
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AuditFormat {
@@ -40,18 +39,18 @@ public class AuditFormat {
     /**
      * initiative: the event is from agent
      */
-    public static final String FROMAGENT = "fromAgent";        
+    public static final String FROMAGENT = "fromAgent";
 
     /**
      * initiative: the event is from router
      */
-    public static final String FROMROUTER = "fromRouter";  
+    public static final String FROMROUTER = "fromRouter";
 
     /**
      * initiative: the event is from remote authority
      */
     public static final String FROMRA = "fromRemoteAuthority";
-      
+
     /**
      * authentication module: no Authentication manager
      */
@@ -59,54 +58,54 @@ public class AuditFormat {
 
     // for ProcessCertReq.java ,kra
     /**
-     0: request type
-     1: request ID
-     2: initiative
-     3: auth module
-     4: status
-     5: cert dn
-     6: other info. eg cert serial number, violation policies
+     * 0: request type
+     * 1: request ID
+     * 2: initiative
+     * 3: auth module
+     * 4: status
+     * 5: cert dn
+     * 6: other info. eg cert serial number, violation policies
      */
-    public static final String FORMAT = 
-        "{0} reqID {1} {2} authenticated by {3} is {4} DN requested: {5} {6}";
-    public static final  String NODNFORMAT = 
-        "{0} reqID {1} {2} authenticated by {3} is {4}";
+    public static final String FORMAT =
+            "{0} reqID {1} {2} authenticated by {3} is {4} DN requested: {5} {6}";
+    public static final String NODNFORMAT =
+            "{0} reqID {1} {2} authenticated by {3} is {4}";
 
-    public static final String ENROLLMENTFORMAT = 
-        "Enrollment request reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} {5}";
-    public static final String RENEWALFORMAT = 
-        "Renewal request reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} old serial number: 0x{5} {6}";
-    public static final String REVOCATIONFORMAT = 
-        "Revocation request reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} serial number: 0x{5} revocation reason: {6} {7}";
+    public static final String ENROLLMENTFORMAT =
+            "Enrollment request reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} {5}";
+    public static final String RENEWALFORMAT =
+            "Renewal request reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} old serial number: 0x{5} {6}";
+    public static final String REVOCATIONFORMAT =
+            "Revocation request reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} serial number: 0x{5} revocation reason: {6} {7}";
 
     // 1: fromAgent AgentID: xxx authenticated by xxx
-    public static final String DOREVOKEFORMAT = 
-        "Revocation request reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4} revocation reason: {5}";
+    public static final String DOREVOKEFORMAT =
+            "Revocation request reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4} revocation reason: {5}";
     // 1: fromAgent AgentID: xxx authenticated by xxx
-    public static final String DOUNREVOKEFORMAT = 
-        "Unrevocation request reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4}";
+    public static final String DOUNREVOKEFORMAT =
+            "Unrevocation request reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4}";
 
     // 0:initiative
-    public static final String CRLUPDATEFORMAT = 
-        "CRLUpdate request {0} authenticated by {1} is {2}. Id: {3}\ncrl Number: {4} last update time: {5} next update time: {6} number of entries in the CRL: {7}";
+    public static final String CRLUPDATEFORMAT =
+            "CRLUpdate request {0} authenticated by {1} is {2}. Id: {3}\ncrl Number: {4} last update time: {5} next update time: {6} number of entries in the CRL: {7}";
 
     // audit user/group
     public static final String ADDUSERFORMAT =
-        "Admin UID: {0} added User UID: {1}";
+            "Admin UID: {0} added User UID: {1}";
     public static final String REMOVEUSERFORMAT =
-        "Admin UID: {0} removed User UID: {1} ";
+            "Admin UID: {0} removed User UID: {1} ";
     public static final String MODIFYUSERFORMAT =
-        "Admin UID: {0} modified User UID: {1}";
+            "Admin UID: {0} modified User UID: {1}";
     public static final String ADDUSERCERTFORMAT =
-        "Admin UID: {0} added cert for User UID: {1}. cert DN: {2} serial number: 0x{3}";
+            "Admin UID: {0} added cert for User UID: {1}. cert DN: {2} serial number: 0x{3}";
     public static final String REMOVEUSERCERTFORMAT =
-        "Admin UID: {0} removed cert of User UID: {1}. cert DN: {2} serial number: 0x{3}";
+            "Admin UID: {0} removed cert of User UID: {1}. cert DN: {2} serial number: 0x{3}";
     public static final String ADDUSERGROUPFORMAT =
-        "Admin UID: {0} added User UID: {1} to group: {2}";
+            "Admin UID: {0} added User UID: {1} to group: {2}";
     public static final String REMOVEUSERGROUPFORMAT =
-        "Admin UID: {0} removed User UID: {1} from group: {2}";
+            "Admin UID: {0} removed User UID: {1} from group: {2}";
 
     // LDAP publishing
-    public static final String LDAP_PUBLISHED_FORMAT = 
-        "{0} successfully published serial number: 0x{1} with DN: {2}";
+    public static final String LDAP_PUBLISHED_FORMAT =
+            "{0} successfully published serial number: 0x{1} with DN: {2}";
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ConsoleError.java b/pki/base/common/src/com/netscape/certsrv/logging/ConsoleError.java
index 146824ac..13e0f3d4 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ConsoleError.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ConsoleError.java
@@ -17,12 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
-
-
 /**
  * A static class to log error messages to the Console
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ConsoleError {
@@ -30,8 +27,8 @@ public class ConsoleError {
 
     /**
      * Send the given event to the Console.
-     *
-     * @param	ev	log event to be sent to the console
+     * 
+     * @param ev log event to be sent to the console
      */
     public static void send(ILogEvent ev) {
         console.log(ev);
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ConsoleLog.java b/pki/base/common/src/com/netscape/certsrv/logging/ConsoleLog.java
index 8dee67ef..2e87fc92 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ConsoleLog.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ConsoleLog.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.io.IOException;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -29,49 +28,49 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.common.NameValuePairs;
 
-
 /**
  * A log event listener which sends all log events to the system console/tty
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ConsoleLog implements ILogEventListener {
 
     /**
-     * Log the given event.  Usually called from a log manager.
-     *
-     * @param	ev	log event
+     * Log the given event. Usually called from a log manager.
+     * 
+     * @param ev log event
      */
     public void log(ILogEvent ev) {
         System.err.println(Thread.currentThread().getName() + ": " + ev);
     }
 
     /**
-     * Flush the system output stream. 
-     *
+     * Flush the system output stream.
+     * 
      */
     public void flush() {
         System.err.flush();
     }
 
-	/**
-	 * All operations need to be cleaned up for shutdown are done here
-	 */
+    /**
+     * All operations need to be cleaned up for shutdown are done here
+     */
     public void shutdown() {
     }
 
-	/**
-	 * get the configuration store that is associated with this
-	 * log listener
-	 * @return the configuration store that is associated with this
-	 * log listener
-	 */
+    /**
+     * get the configuration store that is associated with this
+     * log listener
+     * 
+     * @return the configuration store that is associated with this
+     *         log listener
+     */
     public IConfigStore getConfigStore() {
         return null;
     }
 
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
     }
 
     public void startup() throws EBaseException {
@@ -79,14 +78,15 @@ public class ConsoleLog implements ILogEventListener {
 
     /**
      * Retrieve last "maxLine" number of system log with log lever >"level"
-     * and from  source "source". If the parameter is omitted. All entries
+     * and from source "source". If the parameter is omitted. All entries
      * are sent back.
-	 * @param req a Hashtable containing the required information such as
-	 * log entry, log level, log source, and log name
-	 * @return the content of the log that match the criteria in req
-	 * @exception servletException
-	 * @exception IOException
-	 * @exception EBaseException
+     * 
+     * @param req a Hashtable containing the required information such as
+     *            log entry, log level, log source, and log name
+     * @return the content of the log that match the criteria in req
+     * @exception servletException
+     * @exception IOException
+     * @exception EBaseException
      */
     public synchronized NameValuePairs retrieveLogContent(Hashtable<String, String> req) throws ServletException,
             IOException, EBaseException {
@@ -94,8 +94,8 @@ public class ConsoleLog implements ILogEventListener {
     }
 
     /**
-     * Retrieve log file list.
-	 * <br> unimplemented
+     * Retrieve log file list. <br>
+     * unimplemented
      */
     public synchronized NameValuePairs retrieveLogList(Hashtable<String, String> req) throws ServletException,
             IOException, EBaseException {
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ELogException.java b/pki/base/common/src/com/netscape/certsrv/logging/ELogException.java
index 90a74ba4..717dbdfe 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ELogException.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ELogException.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.MessageFormatter;
 
-
 /**
  * This class implements a Log exception. LogExceptions
  * should be caught by LogSubsystem managers.
@@ -39,14 +37,14 @@ public class ELogException extends EBaseException {
      */
     private static final long serialVersionUID = -8903703675126348145L;
     /**
-    * Resource bundle class name.
-    */
+     * Resource bundle class name.
+     */
     private static final String LOG_RESOURCES = LogResources.class.getName();
 
     /**
      * Constructs a log exception.
      * <P>
-     *
+     * 
      * @param msgFormat Exception details.
      */
     public ELogException(String msgFormat) {
@@ -56,11 +54,12 @@ public class ELogException extends EBaseException {
 
     /**
      * Constructs a log exception with a parameter. For example,
+     * 
      * <PRE>
-     * 		new ELogException("failed to load {0}", fileName);
+     * new ELogException(&quot;failed to load {0}&quot;, fileName);
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat Exception details in message string format.
      * @param param Message string parameter.
      */
@@ -74,6 +73,7 @@ public class ELogException extends EBaseException {
      * Constructs a log exception. It can be used to carry
      * a system exception that may contain information about
      * the context. For example,
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -82,7 +82,7 @@ public class ELogException extends EBaseException {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat Exception details in message string format.
      * @param param System exception.
      */
@@ -96,7 +96,7 @@ public class ELogException extends EBaseException {
      * Constructs a log exception with a list of parameters
      * that will be substituted into the message format.
      * <P>
-     *
+     * 
      * @param msgFormat Exception details in message string format.
      * @param params List of message format parameters.
      */
@@ -108,7 +108,7 @@ public class ELogException extends EBaseException {
     /**
      * Returns a list of parameters.
      * <P>
-     *
+     * 
      * @return list of message format parameters.
      */
     public Object[] getParameters() {
@@ -119,7 +119,7 @@ public class ELogException extends EBaseException {
      * Returns localized exception string. This method should
      * only be called if a localized string is necessary.
      * <P>
-     *
+     * 
      * @return Details message.
      */
     public String toString() {
@@ -129,7 +129,7 @@ public class ELogException extends EBaseException {
     /**
      * Returns the string based on the given locale.
      * <P>
-     *
+     * 
      * @param locale Locale.
      * @return Details message.
      */
@@ -141,11 +141,12 @@ public class ELogException extends EBaseException {
     /**
      * Retrieves resource bundle name.
      * Subclasses should override this as necessary
+     * 
      * @return String containing name of resource bundle.
      */
 
     protected String getBundleName() {
         return LOG_RESOURCES;
     }
-	
+
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ELogNotFound.java b/pki/base/common/src/com/netscape/certsrv/logging/ELogNotFound.java
index 2dad7aec..7de84733 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ELogNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ELogNotFound.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 /**
  * Exception for log not found.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ELogNotFound extends ELogException {
@@ -32,6 +31,7 @@ public class ELogNotFound extends ELogException {
 
     /**
      * Constructs a exception for a missing required log.
+     * 
      * @param errorString Detailed error message.
      */
     public ELogNotFound(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ELogPluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/logging/ELogPluginNotFound.java
index efac65a2..6c434aff 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ELogPluginNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ELogPluginNotFound.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 /**
  * Exception for log plugin not found.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ELogPluginNotFound extends ELogException {
@@ -32,10 +31,10 @@ public class ELogPluginNotFound extends ELogException {
 
     /**
      * Constructs a exception for a missing log plugin.
+     * 
      * @param errorString Detailed error message.
      */
     public ELogPluginNotFound(String errorString) {
         super(errorString);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/IBundleLogEvent.java b/pki/base/common/src/com/netscape/certsrv/logging/IBundleLogEvent.java
index 44a4283b..9dd8595c 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/IBundleLogEvent.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/IBundleLogEvent.java
@@ -17,23 +17,21 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
-
-
 /**
  * An interface which all loggable events must implement.
  * See ILogEvent class.
  * This class maintains a resource bundle name for given
  * event type.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IBundleLogEvent extends ILogEvent {
 
     /**
-    * Sets the name of the resource bundle to be associated
-    * with this event type.
-    * @param bundle name of resource bundle.
-    */
+     * Sets the name of the resource bundle to be associated
+     * with this event type.
+     * 
+     * @param bundle name of resource bundle.
+     */
     public void setBundleName(String bundle);
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogEvent.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogEvent.java
index d0caca71..42391898 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ILogEvent.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogEvent.java
@@ -17,25 +17,24 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.io.Serializable;
 import java.util.Locale;
 
-
 /**
  * An interface which all loggable events must implement. CMS comes
- * with a limited set of ILogEvent types to implement: audit, system, and 
- * signed audit.  This is the base class of all the subsequent implemented types.
+ * with a limited set of ILogEvent types to implement: audit, system, and
+ * signed audit. This is the base class of all the subsequent implemented types.
  * A log event represents a certain kind of log message designed for a specific purpose.
  * For instance, an audit type event represents messages having to do with auditable CMS
- * actions.  The resulting message will ultimately appear into a specific log file.
- *
+ * actions. The resulting message will ultimately appear into a specific log file.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILogEvent extends Serializable {
 
     /**
      * Retrieves event time stamp.
+     * 
      * @return Long integer of the time the event was created.
      */
     public long getTimeStamp();
@@ -44,36 +43,39 @@ public interface ILogEvent extends Serializable {
      * Retrieves log source.
      * This is an id of the subsystem responsible
      * for creating the log event.
+     * 
      * @return Integer source id.
      */
     public int getSource();
 
-    
     /**
      * Retrieves log level.
      * The log level of an event represents its relative importance
      * or severity within CMS.
+     * 
      * @return Integer log level value.
      */
     public int getLevel();
 
     /**
      * Retrieves NT specific log event type.
+     * 
      * @return Integer NTEventType value.
      */
     public int getNTEventType();
 
     /**
-    *  Retrieves multiline attribute.
-    *  Does this message consiste of more than one line.
-    *  @return Boolean of multiline status.
-    */
+     * Retrieves multiline attribute.
+     * Does this message consiste of more than one line.
+     * 
+     * @return Boolean of multiline status.
+     */
     public boolean getMultiline();
 
-
     /**
      * Retrieves log event type. Each type of event
      * has an associated String type value.
+     * 
      * @return String containing the type of event.
      */
     public String getEventType();
@@ -81,16 +83,16 @@ public interface ILogEvent extends Serializable {
     /**
      * Sets log event type. Each type of event
      * has an associated String type value.
+     * 
      * @param eventType String containing the type of event.
      */
     public void setEventType(String eventType);
 
-
     /**
      * Returns localized message string. This method should
      * only be called if a localized string is necessary.
      * <P>
-     *
+     * 
      * @return Details message.
      */
     public String toContent();
@@ -98,7 +100,7 @@ public interface ILogEvent extends Serializable {
     /**
      * Returns the string based on the given locale.
      * <P>
-     *
+     * 
      * @param locale locale
      * @return Details message.
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogEventFactory.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogEventFactory.java
index f94f20a9..bfd5be93 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ILogEventFactory.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogEventFactory.java
@@ -17,22 +17,20 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.util.Properties;
 
-
 /**
  * An interface represents a log event factory. This
  * factory will be responsible for creating and returning ILogEvent objects
  * on demand.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILogEventFactory {
 
     /**
      * Creates an event of a particular event type/class.
-     *
+     * 
      * @param evtClass The event type.
      * @param prop The resource bundle.
      * @param source The subsystem ID who creates the log event.
@@ -43,11 +41,11 @@ public interface ILogEventFactory {
      * @return The created ILogEvent object.
      */
     public ILogEvent create(int evtClass, Properties prop, int source,
-        int level, boolean multiline, String msg, Object params[]);
+            int level, boolean multiline, String msg, Object params[]);
 
     /**
      * Releases previously created event.
-     *
+     * 
      * @param event The log event.
      */
     public void release(ILogEvent event);
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogEventListener.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogEventListener.java
index 80953ead..15ff08ad 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ILogEventListener.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogEventListener.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.io.IOException;
 import java.util.EventListener;
 import java.util.Hashtable;
@@ -30,102 +29,107 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.common.NameValuePairs;
 
-
-
 /**
  * An interface represents a log event listener.
- * A ILogEventListener is registered to  a specific
+ * A ILogEventListener is registered to a specific
  * ILogQueue to be notified of created ILogEvents.
  * the log queue will notify all its registered listeners
  * of the logged event. The listener will then proceed to
  * process the event accordingly which will result in a log
  * message existing in some file.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILogEventListener extends EventListener {
 
     /**
-     *  The event notification method: Logs event.
-     *
+     * The event notification method: Logs event.
+     * 
      * @param event The log event to be processed.
      */
     public void log(ILogEvent event) throws ELogException;
 
     /**
-     *  Flushes the log buffers (if any). Will result in the messages
-     *  being actually written to their destination.
+     * Flushes the log buffers (if any). Will result in the messages
+     * being actually written to their destination.
      */
     public void flush();
 
     /**
-     *  Closes the log file and destroys any associated threads.
+     * Closes the log file and destroys any associated threads.
      */
     public void shutdown();
 
     /**
      * Get the configuration store for the log event listener.
+     * 
      * @return The configuration store of this log event listener.
      */
     public IConfigStore getConfigStore();
 
     /**
      * Initialize this log listener
-	 * @param owner The subsystem.
-	 * @param config Configuration store for this log listener.
-	 * @exception initialization error.
+     * 
+     * @param owner The subsystem.
+     * @param config Configuration store for this log listener.
+     * @exception initialization error.
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException;
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException;
 
     /**
      * Startup the instance.
      */
     public void startup()
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieve last "maxLine" number of system logs with log level >"level"
-     * and from  source "source". If the parameter is omitted. All entries
+     * and from source "source". If the parameter is omitted. All entries
      * are sent back.
-         * @param req a Hashtable containing the required information such as
-         * log entry, log level, log source, and log name.
-         * @return NameValue pair list of log messages.
-         * @exception ServletException For Servelet errros.
-         * @exception IOException For input/output problems.
-         * @exception EBaseException For other problems.
+     * 
+     * @param req a Hashtable containing the required information such as
+     *            log entry, log level, log source, and log name.
+     * @return NameValue pair list of log messages.
+     * @exception ServletException For Servelet errros.
+     * @exception IOException For input/output problems.
+     * @exception EBaseException For other problems.
      */
     public NameValuePairs retrieveLogContent(Hashtable<String, String> req) throws ServletException,
             IOException, EBaseException;
 
     /**
-    * Retrieve list of log files.
-    *
-    */
+     * Retrieve list of log files.
+     * 
+     */
     public NameValuePairs retrieveLogList(Hashtable<String, String> req) throws ServletException,
             IOException, EBaseException;
 
     /**
      * Returns implementation name.
+     * 
      * @return String name of event listener implementation.
      */
     public String getImplName();
 
     /**
      * Returns the description of this log event listener.
+     * 
      * @return String with listener description.
      */
     public String getDescription();
 
     /**
-    * Return list of default config parameters for this log event listener.
-    * @return Vector of default parameters.
-    */
+     * Return list of default config parameters for this log event listener.
+     * 
+     * @return Vector of default parameters.
+     */
     public Vector<String> getDefaultParams();
 
     /**
-    * Return list of instance config parameters for this log event listener.
-    * @return Vector of instance parameters.
-    */
+     * Return list of instance config parameters for this log event listener.
+     * 
+     * @return Vector of instance parameters.
+     */
     public Vector<String> getInstanceParams();
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogQueue.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogQueue.java
index 878b9ba1..bca7a93d 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ILogQueue.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogQueue.java
@@ -17,21 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
-
-
 /**
  * An interface represents a log queue. A log queue
  * is a queue of pending log events to be dispatched
  * to a set of registered ILogEventListeners.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILogQueue {
 
     /**
      * Dispatch the log event to all registered log event listeners.
-     *
+     * 
      * @param evt the log event
      */
     public void log(ILogEvent evt);
@@ -44,13 +41,13 @@ public interface ILogQueue {
 
     /**
      * Registers an event listener.
-     *
+     * 
      * @param listener The log event listener to be registered
-     * to this queue.
+     *            to this queue.
      */
     public void addLogEventListener(ILogEventListener listener);
 
-    /** 
+    /**
      * Removes an event listener.
      * 
      * @param listener The log event listener to be removed from this queue.
@@ -60,7 +57,7 @@ public interface ILogQueue {
     /**
      * Initializes the log queue.
      * <P>
-     *
+     * 
      */
     public void init();
 
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogSubsystem.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogSubsystem.java
index 2bdba0ab..ce317a5b 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ILogSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogSubsystem.java
@@ -17,21 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.util.Hashtable;
 import java.util.Vector;
 
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * An interface that represents a logging component.  The logging
+ * An interface that represents a logging component. The logging
  * component is a framework that handles different types of log types,
- * each represented by an ILogEventListener, and each implements a log 
- * plugin.  CMS  comes
+ * each represented by an ILogEventListener, and each implements a log
+ * plugin. CMS comes
  * with three standard log types: "signedAudit", "system", and
- * "transaction".  Each log plugin can be instantiated into log
- * instances.  Each log instance can be individually configured and is 
+ * "transaction". Each log plugin can be instantiated into log
+ * instances. Each log instance can be individually configured and is
  * associated with its own configuration entries in the configuration file.
  * <P>
  * 
@@ -46,14 +44,16 @@ public interface ILogSubsystem extends ISubsystem {
 
     /**
      * Retrieve plugin name (implementation name) of the log event
-     * listener.  If no plug name found, an empty string is returned
+     * listener. If no plug name found, an empty string is returned
+     * 
      * @param log the log event listener
      * @return the log event listener's plugin name
-     */ 
+     */
     public String getLogPluginName(ILogEventListener log);
 
     /**
      * Retrieve the log event listener by instance name
+     * 
      * @param insName the log instance name in String
      * @return the log instance in ILogEventListener
      */
@@ -61,44 +61,48 @@ public interface ILogSubsystem extends ISubsystem {
 
     /**
      * get the list of log plugins that are available
-     * @return log plugins in a Hashtable.  Each entry in the
-     * Hashtable contains the name/value pair of pluginName/LogPlugin
+     * 
+     * @return log plugins in a Hashtable. Each entry in the
+     *         Hashtable contains the name/value pair of pluginName/LogPlugin
      * @see LogPlugin
      */
-    public Hashtable<String, LogPlugin>  getLogPlugins();
+    public Hashtable<String, LogPlugin> getLogPlugins();
 
     /**
      * get the list of log instances that are available
-     * @return log instances in a Hashtable.  Each entry in the
-     * Hashtable contains the name/value pair of instName/ILogEventListener
+     * 
+     * @return log instances in a Hashtable. Each entry in the
+     *         Hashtable contains the name/value pair of instName/ILogEventListener
      * @see LogPlugin
      */
     public Hashtable<String, ILogEventListener> getLogInsts();
 
     /**
-     * Get the default configuration parameter names associated with a 
-     * plugin.  It is used by
+     * Get the default configuration parameter names associated with a
+     * plugin. It is used by
      * administration servlet to handle log configuration when a new
      * log instance is added.
+     * 
      * @param implName The implementation name for which the
-     * configuration parameters are to be configured
+     *            configuration parameters are to be configured
      * @return a Vector of default configuration paramter names
-     * associated with this log plugin
+     *         associated with this log plugin
      * @exception ELogException when instantiation of the plugin
-     * implementation fails.
+     *                implementation fails.
      */
     public Vector<String> getLogDefaultParams(String implName) throws
             ELogException;
 
     /**
-     * Get the default configuration parameter names associated with a 
-     * log instance.  It is used by administration servlet to handle
+     * Get the default configuration parameter names associated with a
+     * log instance. It is used by administration servlet to handle
      * log instance configuration.
+     * 
      * @param insName The instance name for which the configuration
-     * parameters are to be configured
+     *            parameters are to be configured
      * @return a Vector of default configuration paramter names
-     * associated with this log instance.
+     *         associated with this log instance.
      */
     public Vector<String> getLogInstanceParams(String insName)
-        throws ELogException;
+            throws ELogException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogger.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogger.java
index 01fbc6b9..4cdb4b80 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ILogger.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogger.java
@@ -17,22 +17,20 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.util.Properties;
 
-
 /**
  * An interface represents a logger for certificate server. This object is used to
- * issue log messages for the various types of logging event types.  A log message results
- * in a  ILogEvent being created.  This event is then placed on a ILogQueue to be ultimately
- * written to the destination log file.  This object also maintains a collection of ILogFactory objects
+ * issue log messages for the various types of logging event types. A log message results
+ * in a ILogEvent being created. This event is then placed on a ILogQueue to be ultimately
+ * written to the destination log file. This object also maintains a collection of ILogFactory objects
  * which are used to create the supported types of ILogEvents. CMS comes out of the box with three event
- * types:  "signedAudit", "system", and "audit".
- *
+ * types: "signedAudit", "system", and "audit".
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILogger {
-    
+
     //List of defined log classes.
     /**
      * log class: audit event.
@@ -41,20 +39,20 @@ public interface ILogger {
     public static final String PROP_AUDIT = "transaction";
 
     /**
-     * log class: system event. 
+     * log class: system event.
      * System event with log level >= LL_FAILURE will also be logged in error log
      */
     public static final int EV_SYSTEM = 1;
     public static final String PROP_SYSTEM = "system";
 
     /**
-     * log class: SignedAudit event. 
+     * log class: SignedAudit event.
      */
     public static final int EV_SIGNED_AUDIT = 2;
     public static final String PROP_SIGNED_AUDIT = "signedAudit";
 
     //List of defined log sources.
-	
+
     /**
      * log source: used by servlet to retrieve all logs
      */
@@ -136,14 +134,13 @@ public interface ILogger {
      */
 
     public static final int S_TKS = 16;
-    
+
     /**
      * log source: identify the log entry is from other subsystem
      * eg. policy, security, connector,registration
      */
     public static final int S_OTHER = 20;
 
-
     // List of defined log levels.
     /**
      * log level: used by servlet to retrieve all level logs
@@ -154,12 +151,12 @@ public interface ILogger {
     /**
      * log level: indicate this log entry is debug info
      */
-    
+
     /**
      * Debug level is depreciated since CMS6.1. Please use
      * CMS.debug() to output messages to debugging file.
      */
-    public static final int LL_DEBUG = 0;  // depreciated
+    public static final int LL_DEBUG = 0; // depreciated
     public static final String LL_DEBUG_STRING = "Debug";
 
     /**
@@ -221,7 +218,7 @@ public interface ILogger {
      */
     public static final String SUCCESS = "Success";
     public static final String FAILURE = "Failure";
-    
+
     /**
      * A constant string value used to denote a "non-applicable"
      * data value in signed audit log messages
@@ -258,7 +255,7 @@ public interface ILogger {
      * NT event type: correspont to log level LL_FAILURE and above
      */
     public static final int NT_ERROR = 1;
-    
+
     // List of defined log multiline attribute.
     /**
      * indicate the log message has more than one line
@@ -272,7 +269,7 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
      * @param source The source of the log event.
      * @param msg The detail message to be logged.
@@ -281,7 +278,7 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
      * @param props The resource bundle used for the detailed message.
      * @param source The source of the log event.
@@ -291,7 +288,7 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
      * @param source The source of the log event.
      * @param level The level of the log event.
@@ -301,7 +298,7 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
      * @param props The resource bundle used for the detailed message.
      * @param source The source of the log event.
@@ -312,7 +309,7 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
      * @param source The source of the log event.
      * @param level The level of the log event.
@@ -323,7 +320,7 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
      * @param source The source of the log event.
      * @param level The level of the log event.
@@ -334,7 +331,7 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
      * @param props The resource bundle used for the detailed message.
      * @param source The source of the log event.
@@ -345,7 +342,7 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
      * @param props The resource bundle used for the detailed message.
      * @param source The source of the log event.
@@ -354,11 +351,11 @@ public interface ILogger {
      * @param param The parameter in the detail message.
      */
     public void log(int evtClass, Properties props, int source, int level, String msg,
-        Object param);
+            Object param);
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
      * @param prop The resource bundle used for the detailed message.
      * @param source The source of the log event.
@@ -367,13 +364,13 @@ public interface ILogger {
      * @param params The parameters in the detail message.
      */
     public void log(int evtClass, Properties prop, int source, int level, String msg,
-        Object params[]);
+            Object params[]);
 
     //multiline log
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
      * @param source The source of the log event.
      * @param msg The detail message to be logged.
@@ -383,7 +380,7 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
      * @param props The resource bundle used for the detailed message.
      * @param source The source of the log event.
@@ -394,7 +391,7 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
      * @param source The source of the log event.
      * @param level The level of the log event.
@@ -405,7 +402,7 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
      * @param props The resource bundle used for the detailed message.
      * @param source The source of the log event.
@@ -417,7 +414,7 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
      * @param source The source of the log event.
      * @param level The level of the log event.
@@ -429,7 +426,7 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
      * @param props The resource bundle used for the detailed message.
      * @param source TTTTsource of the log event.
@@ -441,7 +438,7 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
      * @param props The resource bundle used for the detailed message.
      * @param source The source of the log event.
@@ -451,11 +448,11 @@ public interface ILogger {
      * @param multiline True if the message has more than one line, otherwise false.
      */
     public void log(int evtClass, Properties props, int source, int level, String msg,
-        Object param, boolean multiline);
+            Object param, boolean multiline);
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
      * @param prop The resource bundle used for the detailed message.
      * @param source The source of the log event.
@@ -465,7 +462,7 @@ public interface ILogger {
      * @param multiline True if the message has more than one line, otherwise false.
      */
     public void log(int evtClass, Properties prop, int source, int level, String msg,
-        Object params[], boolean multiline);
+            Object params[], boolean multiline);
 
     /*
      * Generates an ILogEvent
@@ -479,7 +476,7 @@ public interface ILogger {
      * @return ILogEvent, a log event.
      */
     public ILogEvent create(int evtClass, Properties prop, int source, int level,
-        String msg, Object params[], boolean multiline);
+            String msg, Object params[], boolean multiline);
 
     /**
      * Register a log event factory. Which will create the desired ILogEvents.
@@ -487,7 +484,7 @@ public interface ILogger {
     public void register(int evtClass, ILogEventFactory f);
 
     /**
-     * Retrieves the associated log queue.  The log queue is where issued log events
+     * Retrieves the associated log queue. The log queue is where issued log events
      * are collected for later processing.
      */
     public ILogQueue getLogQueue();
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/LogPlugin.java b/pki/base/common/src/com/netscape/certsrv/logging/LogPlugin.java
index b8195eec..9d7a5cc4 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/LogPlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/LogPlugin.java
@@ -17,18 +17,16 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import com.netscape.certsrv.base.Plugin;
 
-
 /**
  * This class represents a registered logger plugin.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class LogPlugin extends Plugin {
-    public LogPlugin (String id, String path) {
+    public LogPlugin(String id, String path) {
         super(id, path);
     }
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/LogResources.java b/pki/base/common/src/com/netscape/certsrv/logging/LogResources.java
index 6a7472ff..899bf189 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/LogResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/LogResources.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.util.ListResourceBundle;
 import java.util.ResourceBundle;
 
 import com.netscape.certsrv.base.BaseResources;
 
-
 /**
  * This is the fallback resource bundle for all log events.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  * @see java.util.ListResourceBundle
  */
@@ -37,7 +35,7 @@ public class LogResources extends ListResourceBundle {
     /**
      * Contructs a log resource bundle and sets it's parent to the base
      * resource bundle.
-     *
+     * 
      * @see com.netscape.certsrv.base.BaseResources
      */
     public LogResources() {
@@ -47,6 +45,7 @@ public class LogResources extends ListResourceBundle {
 
     /**
      * Returns the content of this resource.
+     * 
      * @return Array of objects making up the contents of this resource.
      */
     public Object[][] getContents() {
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/SignedAuditEvent.java b/pki/base/common/src/com/netscape/certsrv/logging/SignedAuditEvent.java
index ab86a4ce..8541eda3 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/SignedAuditEvent.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/SignedAuditEvent.java
@@ -17,20 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.text.MessageFormat;
 import java.util.Locale;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.MessageFormatter;
 
-
 /**
  * The log event object that carries message detail of a log event
- * that goes into the  Signed Audit Event log.  This log has the
+ * that goes into the Signed Audit Event log. This log has the
  * property of being digitally signed for security considerations.
- *
- *
+ * 
+ * 
  * @version $Revision$, $Date$
  * @see java.text.MessageFormat
  * @see com.netscape.certsrv.logging.LogResources
@@ -52,7 +50,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
     private boolean mMultiline = false;
     private long mTimeStamp = System.currentTimeMillis();
 
-    private static final String INVALID_LOG_LEVEL="log level: {0} is invalid, should be 0-6";
+    private static final String INVALID_LOG_LEVEL = "log level: {0} is invalid, should be 0-6";
 
     /**
      * The bundle name for this event.
@@ -63,7 +61,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
     /**
      * Constructs a SignedAuditEvent message event.
      * <P>
-     *
+     * 
      * @param msgFormat The message string.
      */
     public SignedAuditEvent(String msgFormat) {
@@ -73,11 +71,12 @@ public class SignedAuditEvent implements IBundleLogEvent {
 
     /**
      * Constructs a message with a parameter. For example,
+     * 
      * <PRE>
-     * 		new SignedAuditEvent("failed to load {0}", fileName);
+     * new SignedAuditEvent(&quot;failed to load {0}&quot;, fileName);
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat Details in message string format.
      * @param param Message string parameter.
      */
@@ -91,6 +90,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
      * Constructs a message from an exception. It can be used to carry
      * a signed audit exception that may contain information about
      * the context. For example,
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -99,7 +99,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat Exception details in message string format.
      * @param exception System exception.
      */
@@ -112,6 +112,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
     /**
      * Constructs a message from a base exception. This will use the msgFormat
      * from the exception itself.
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -120,7 +121,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param e CMS exception.
      */
     public SignedAuditEvent(Exception e) {
@@ -137,7 +138,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
      * Constructs a message event with a list of parameters
      * that will be substituted into the message format.
      * <P>
-     *
+     * 
      * @param msgFormat Message string format.
      * @param params List of message format parameters.
      */
@@ -149,7 +150,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
     /**
      * Returns the current message format string.
      * <P>
-     *
+     * 
      * @return Details message.
      */
     public String getMessage() {
@@ -160,7 +161,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
      * Returns a list of parameters. These parameters can be
      * used to assist in formatting the message.
      * <P>
-     *
+     * 
      * @return List of message format parameters.
      */
     public Object[] getParameters() {
@@ -171,7 +172,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
      * Returns localized message string. This method should
      * only be called if a localized string is necessary.
      * <P>
-     *
+     * 
      * @return Details message.
      */
     public String toContent() {
@@ -181,7 +182,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
     /**
      * Returns the string based on the given locale.
      * <P>
-     *
+     * 
      * @param locale Locale.
      * @return Details message.
      */
@@ -192,8 +193,9 @@ public class SignedAuditEvent implements IBundleLogEvent {
     }
 
     /**
-     * Sets the resource bundle name for this class instance.  This should
+     * Sets the resource bundle name for this class instance. This should
      * be overridden by subclasses who have their own resource bundles.
+     * 
      * @param bundle String with name of resource bundle.
      */
     public void setBundleName(String bundle) {
@@ -202,6 +204,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
 
     /**
      * Retrieves bundle name.
+     * 
      * @return String with name of resource bundle.
      */
     protected String getBundleName() {
@@ -212,6 +215,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
      * Retrieves log source.
      * This is an id of the subsystem responsible
      * for creating the log event.
+     * 
      * @return Integer source id.
      */
     public int getSource() {
@@ -220,6 +224,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
 
     /**
      * Sets log source.
+     * 
      * @param source Integer id of log source.
      */
     public void setSource(int source) {
@@ -230,15 +235,16 @@ public class SignedAuditEvent implements IBundleLogEvent {
      * Retrieves log level.
      * The log level of an event represents its relative importance
      * or severity within CMS.
+     * 
      * @return Integer log level value.
      */
     public int getLevel() {
         return mLevel;
     }
 
-    
     /**
      * Retrieves NT specific log event type.
+     * 
      * @return Integer NTEventType value.
      */
     public int getNTEventType() {
@@ -249,6 +255,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
      * Sets log level, NT log event type.
      * For certain log levels the NT log event type gets
      * set as well.
+     * 
      * @param level Integer log level value.
      */
     public void setLevel(int level) {
@@ -279,8 +286,9 @@ public class SignedAuditEvent implements IBundleLogEvent {
 
     /**
      * Retrieves log multiline attribute.
+     * 
      * @return Boolean whether or not this event is multiline.
-     * A multiline message simply consists of more than one line.
+     *         A multiline message simply consists of more than one line.
      */
     public boolean getMultiline() {
         return mMultiline;
@@ -289,35 +297,36 @@ public class SignedAuditEvent implements IBundleLogEvent {
     /**
      * Sets log multiline attribute. A multiline message consists of
      * more than one line.
+     * 
      * @param multiline Boolean multiline value.
      */
     public void setMultiline(boolean multiline) {
         mMultiline = multiline;
     }
 
-    
     /**
      * Retrieves event time stamp.
+     * 
      * @return Long integer of the time the event was created.
      */
     public long getTimeStamp() {
         return mTimeStamp;
     }
 
-    
     /**
      * Retrieves log event type. Each type of event
      * has an associated String type value.
+     * 
      * @return String containing the type of event.
      */
     public String getEventType() {
         return mEventType;
     }
 
-    
     /**
      * Sets log event type. Each type of event
      * has an associated String type value.
+     * 
      * @param eventType String containing the type of event.
      */
     public void setEventType(String eventType) {
@@ -325,9 +334,10 @@ public class SignedAuditEvent implements IBundleLogEvent {
     }
 
     /**
-    * Return string representation of log message.
-    * @return String containing log message.
-    */
+     * Return string representation of log message.
+     * 
+     * @return String containing log message.
+     */
     public String toString() {
         if (getBundleName() == null) {
             MessageFormat detailMessage = new MessageFormat(mMessage);
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/SystemEvent.java b/pki/base/common/src/com/netscape/certsrv/logging/SystemEvent.java
index 83026323..9f625cdf 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/SystemEvent.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/SystemEvent.java
@@ -17,19 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.text.MessageFormat;
 import java.util.Locale;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.MessageFormatter;
 
-
 /**
  * The log event object that carries a log message.
  * This class represents System events which are CMS events
- * which need to be logged to a log file. 
- *
+ * which need to be logged to a log file.
+ * 
  * @version $Revision$, $Date$
  * @see java.text.MessageFormat
  * @see com.netscape.certsrv.logging.LogResources
@@ -56,12 +54,12 @@ public class SystemEvent implements IBundleLogEvent {
      */
     private String mBundleName = LogResources.class.getName();
 
-    private static final String INVALID_LOG_LEVEL="log level: {0} is invalid, should be 0-6";
+    private static final String INVALID_LOG_LEVEL = "log level: {0} is invalid, should be 0-6";
 
     /**
      * Constructs a SystemEvent message event.
      * <P>
-     *
+     * 
      * @param msgFormat The message string.
      */
     public SystemEvent(String msgFormat) {
@@ -71,11 +69,12 @@ public class SystemEvent implements IBundleLogEvent {
 
     /**
      * Constructs a SystemEvent message with a parameter. For example,
+     * 
      * <PRE>
-     * 		new SystemEvent("failed to load {0}", fileName);
+     * new SystemEvent(&quot;failed to load {0}&quot;, fileName);
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat Details in message string format.
      * @param param Message string parameter.
      */
@@ -89,6 +88,7 @@ public class SystemEvent implements IBundleLogEvent {
      * Constructs a SystemEvent message from an exception. It can be used to carry
      * a system exception that may contain information about
      * the context. For example,
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -97,7 +97,7 @@ public class SystemEvent implements IBundleLogEvent {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat Exception details in message string format.
      * @param exception System exception.
      */
@@ -110,6 +110,7 @@ public class SystemEvent implements IBundleLogEvent {
     /**
      * Constructs a SystemEvent message from a base exception. This will use the msgFormat
      * from the exception itself.
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -118,7 +119,7 @@ public class SystemEvent implements IBundleLogEvent {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param e CMS exception.
      */
     public SystemEvent(Exception e) {
@@ -135,7 +136,7 @@ public class SystemEvent implements IBundleLogEvent {
      * Constructs a SystemEvent message event with a list of parameters
      * that will be substituted into the message format.
      * <P>
-     *
+     * 
      * @param msgFormat Message string format.
      * @param params List of message format parameters.
      */
@@ -147,7 +148,7 @@ public class SystemEvent implements IBundleLogEvent {
     /**
      * Returns the current message format string.
      * <P>
-     *
+     * 
      * @return Details message.
      */
     public String getMessage() {
@@ -158,7 +159,7 @@ public class SystemEvent implements IBundleLogEvent {
      * Returns a list of parameters. These parameters can be
      * used to assist in formatting the message.
      * <P>
-     *
+     * 
      * @return List of message format parameters.
      */
     public Object[] getParameters() {
@@ -169,7 +170,7 @@ public class SystemEvent implements IBundleLogEvent {
      * Returns localized message string. This method should
      * only be called if a localized string is necessary.
      * <P>
-     *
+     * 
      * @return Details message.
      */
     public String toContent() {
@@ -179,7 +180,7 @@ public class SystemEvent implements IBundleLogEvent {
     /**
      * Returns the string based on the given locale.
      * <P>
-     *
+     * 
      * @param locale Locale.
      * @return Details message.
      */
@@ -190,8 +191,9 @@ public class SystemEvent implements IBundleLogEvent {
     }
 
     /**
-     * Sets the resource bundle name for this class instance.  This should
+     * Sets the resource bundle name for this class instance. This should
      * be overridden by subclasses who have their own resource bundles.
+     * 
      * @param bundle String with the name of resource bundle.
      */
     public void setBundleName(String bundle) {
@@ -200,6 +202,7 @@ public class SystemEvent implements IBundleLogEvent {
 
     /**
      * Retrieves bundle name.
+     * 
      * @return String with name of resource bundle.
      */
     protected String getBundleName() {
@@ -210,6 +213,7 @@ public class SystemEvent implements IBundleLogEvent {
      * Retrieves log source.
      * This is an id of the subsystem responsible
      * for creating the log event.
+     * 
      * @return Integer source id.
      */
     public int getSource() {
@@ -219,6 +223,7 @@ public class SystemEvent implements IBundleLogEvent {
     /**
      * Sets log source.
      * Sets the id of the subsystem issuing the event.
+     * 
      * @param source Integer source id.
      */
     public void setSource(int source) {
@@ -229,6 +234,7 @@ public class SystemEvent implements IBundleLogEvent {
      * Retrieves log level.
      * The log level of an event represents its relative importance
      * or severity within CMS.
+     * 
      * @return Integer log level value.
      */
     public int getLevel() {
@@ -237,6 +243,7 @@ public class SystemEvent implements IBundleLogEvent {
 
     /**
      * Retrieves NT specific log event type.
+     * 
      * @return Integer NTEventType value.
      */
     public int getNTEventType() {
@@ -246,7 +253,8 @@ public class SystemEvent implements IBundleLogEvent {
     /**
      * Sets log level, NT log event type.
      * For certain log levels the NT log event type gets
-     * set as well.  
+     * set as well.
+     * 
      * @param level Integer log level value.
      */
     public void setLevel(int level) {
@@ -277,8 +285,9 @@ public class SystemEvent implements IBundleLogEvent {
 
     /**
      * Retrieves log multiline attribute.
+     * 
      * @return Boolean whether or not this event is multiline.
-     * A multiline message simply consists of more than one line.
+     *         A multiline message simply consists of more than one line.
      */
     public boolean getMultiline() {
         return mMultiline;
@@ -287,6 +296,7 @@ public class SystemEvent implements IBundleLogEvent {
     /**
      * Sets log multiline attribute. A multiline message consists of
      * more than one line.
+     * 
      * @param multiline Boolean multiline value.
      */
     public void setMultiline(boolean multiline) {
@@ -295,6 +305,7 @@ public class SystemEvent implements IBundleLogEvent {
 
     /**
      * Retrieves event time stamp.
+     * 
      * @return Long integer of the time the event was created.
      */
     public long getTimeStamp() {
@@ -304,16 +315,17 @@ public class SystemEvent implements IBundleLogEvent {
     /**
      * Retrieves log event type. Each type of event
      * has an associated String type value.
+     * 
      * @return String containing the type of event.
      */
     public String getEventType() {
         return mEventType;
     }
 
-    
     /**
      * Sets log event type. Each type of event
      * has an associated String type value.
+     * 
      * @param eventType String containing the type of event.
      */
     public void setEventType(String eventType) {
@@ -321,9 +333,10 @@ public class SystemEvent implements IBundleLogEvent {
     }
 
     /**
-    * Return string representation of log message.
-    * @return String containing log message.
-    */
+     * Return string representation of log message.
+     * 
+     * @return String containing log message.
+     */
     public String toString() {
         if (getBundleName() == null) {
             MessageFormat detailMessage = new MessageFormat(mMessage);
diff --git a/pki/base/common/src/com/netscape/certsrv/notification/ENotificationException.java b/pki/base/common/src/com/netscape/certsrv/notification/ENotificationException.java
index 4e34ded3..fffc8ede 100644
--- a/pki/base/common/src/com/netscape/certsrv/notification/ENotificationException.java
+++ b/pki/base/common/src/com/netscape/certsrv/notification/ENotificationException.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.notification;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class represents a notification exception.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ENotificationException extends EBaseException {
diff --git a/pki/base/common/src/com/netscape/certsrv/notification/IEmailFormProcessor.java b/pki/base/common/src/com/netscape/certsrv/notification/IEmailFormProcessor.java
index ace09a8c..40114bd1 100644
--- a/pki/base/common/src/com/netscape/certsrv/notification/IEmailFormProcessor.java
+++ b/pki/base/common/src/com/netscape/certsrv/notification/IEmailFormProcessor.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.notification;
 
-
 import java.util.Hashtable;
 import java.util.Vector;
 
-
 /**
- * formulates the final email.  Escape character '\' is understood.
- * '$' is used preceeding a token name.  A token name should not be a
+ * formulates the final email. Escape character '\' is understood.
+ * '$' is used preceeding a token name. A token name should not be a
  * substring of any other token name
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IEmailFormProcessor {
@@ -67,7 +65,7 @@ public interface IEmailFormProcessor {
      * @return mail content
      */
     public String getEmailContent(String form,
-        Hashtable<String, Object> tok2vals);
+            Hashtable<String, Object> tok2vals);
 
     /**
      * takes a vector of strings and concatenate them
@@ -79,4 +77,3 @@ public interface IEmailFormProcessor {
      */
     public void log(int level, String msg);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolver.java b/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolver.java
index 49d0851e..39e5bed3 100644
--- a/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolver.java
+++ b/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolver.java
@@ -17,25 +17,24 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.notification;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * An email resolver that first checks the request email, if none,
  * then follows by checking the subjectDN of the certificate
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IEmailResolver {
 
     /**
-     * returns an email address by using the resolver keys.  The
-     *	 return value can possibly be null
+     * returns an email address by using the resolver keys. The
+     * return value can possibly be null
+     * 
      * @param keys list of keys used for resolving the email address
      */
-    public String getEmail(IEmailResolverKeys keys) 
-        throws EBaseException, ENotificationException;
+    public String getEmail(IEmailResolverKeys keys)
+            throws EBaseException, ENotificationException;
 
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolverKeys.java b/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolverKeys.java
index d1a6889c..1363a9e0 100644
--- a/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolverKeys.java
+++ b/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolverKeys.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.notification;
 
-
 import com.netscape.certsrv.base.IAttrSet;
 
-
 /**
  * An interface represents email resolver (ordered) keys for resolving
- * emails 
+ * emails
  * e.g. request/cert, cert/request, request, request/cert/subjectalternatename etc.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IEmailResolverKeys extends IAttrSet {
diff --git a/pki/base/common/src/com/netscape/certsrv/notification/IEmailTemplate.java b/pki/base/common/src/com/netscape/certsrv/notification/IEmailTemplate.java
index bcda466d..cbdea843 100644
--- a/pki/base/common/src/com/netscape/certsrv/notification/IEmailTemplate.java
+++ b/pki/base/common/src/com/netscape/certsrv/notification/IEmailTemplate.java
@@ -17,13 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.notification;
 
-
-
-
 /**
  * Files to be processed and returned to the requested parties. It
  * is a template with $tokens to be used by the form/template processor.
- *
+ * 
  * @version $Revision$, $Date$
  */
 
@@ -36,7 +33,7 @@ public interface IEmailTemplate {
      */
     public String getTemplateName();
 
-    /** 
+    /**
      * @return true if template is an html file, false otherwise
      */
     public boolean isHTML();
diff --git a/pki/base/common/src/com/netscape/certsrv/notification/IMailNotification.java b/pki/base/common/src/com/netscape/certsrv/notification/IMailNotification.java
index b537fbbd..356a6bba 100644
--- a/pki/base/common/src/com/netscape/certsrv/notification/IMailNotification.java
+++ b/pki/base/common/src/com/netscape/certsrv/notification/IMailNotification.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.notification;
 
-
 import java.io.IOException;
 import java.util.Vector;
 
-
 /**
  * This class handles mail notification via SMTP.
  * This class uses <b>smtp.host</b> in the configuration for smtp
- * host.  The port default (25) is used.  If no smtp specified, local
+ * host. The port default (25) is used. If no smtp specified, local
  * host is used
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IMailNotification {
@@ -39,36 +37,42 @@ public interface IMailNotification {
 
     /**
      * sets the "From" field
+     * 
      * @param from email address of the sender
      */
     public void setFrom(String from);
 
     /**
      * sets the "Subject" field
+     * 
      * @param subject subject of the email
      */
     public void setSubject(String subject);
 
     /**
      * sets the "Content-Type" field
+     * 
      * @param contentType content type of the email
      */
     public void setContentType(String contentType);
 
     /**
      * sets the content of the email
+     * 
      * @param content the message content
      */
     public void setContent(String content);
 
     /**
      * sets the recipients' email addresses
+     * 
      * @param addresses a list of email addresses of the recipients
      */
     public void setTo(Vector<String> addresses);
 
     /**
      * sets the recipient's email address
+     * 
      * @param to address of the recipient email address
      */
     public void setTo(String to);
diff --git a/pki/base/common/src/com/netscape/certsrv/notification/NotificationResources.java b/pki/base/common/src/com/netscape/certsrv/notification/NotificationResources.java
index 40d9e80e..b8144399 100644
--- a/pki/base/common/src/com/netscape/certsrv/notification/NotificationResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/notification/NotificationResources.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.notification;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
- * A class represents a resource bundle for the 
+ * A class represents a resource bundle for the
  * Mail Notification package
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class NotificationResources extends ListResourceBundle {
diff --git a/pki/base/common/src/com/netscape/certsrv/ocsp/IDefStore.java b/pki/base/common/src/com/netscape/certsrv/ocsp/IDefStore.java
index 82c5821b..d971a712 100644
--- a/pki/base/common/src/com/netscape/certsrv/ocsp/IDefStore.java
+++ b/pki/base/common/src/com/netscape/certsrv/ocsp/IDefStore.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ocsp;
 
-
 import java.math.BigInteger;
 import java.security.cert.X509CRL;
 import java.util.Date;
@@ -27,28 +26,26 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
 import com.netscape.certsrv.dbs.repository.IRepositoryRecord;
 
-
 /**
  * This class defines an Online Certificate Status Protocol (OCSP) store which
  * has been extended to provide information from the internal database.
- * <P> 
- *
+ * <P>
+ * 
  * @version $Revision$, $Date$
  */
-public interface IDefStore extends IOCSPStore
-{
+public interface IDefStore extends IOCSPStore {
     /**
      * This method retrieves the number of CRL updates since startup.
      * <P>
-     *
+     * 
      * @return count the number of OCSP default stores
      */
-    public int getStateCount(); 
+    public int getStateCount();
 
     /**
      * This method retrieves the number of OCSP requests since startup.
      * <P>
-     *
+     * 
      * @param id a string associated with an OCSP request
      * @return count the number of this type of OCSP requests
      */
@@ -57,30 +54,30 @@ public interface IDefStore extends IOCSPStore
     /**
      * This method creates a an OCSP default store repository record.
      * <P>
-     *
+     * 
      * @return IRepositoryRecord an instance of the repository record object
      */
-    public IRepositoryRecord createRepositoryRecord(); 
+    public IRepositoryRecord createRepositoryRecord();
 
     /**
      * This method adds a request to the default OCSP store repository.
      * <P>
-     *
+     * 
      * @param name a string representing the name of this request
      * @param thisUpdate the current request
      * @param rec an instance of the repository record object
      * @exception EBaseException occurs when there is an error attempting to
-     *    add this request to the repository
+     *                add this request to the repository
      */
     public void addRepository(String name, String thisUpdate,
-        IRepositoryRecord rec)
-        throws EBaseException;
+            IRepositoryRecord rec)
+            throws EBaseException;
 
     /**
      * This method specifies whether or not to wait for the Certificate
      * Revocation List (CRL) to be updated.
      * <P>
-     *
+     * 
      * @return boolean true or false
      */
     public boolean waitOnCRLUpdate();
@@ -88,7 +85,7 @@ public interface IDefStore extends IOCSPStore
     /**
      * This method updates the specified CRL.
      * <P>
-     *
+     * 
      * @param crl the CRL to be updated
      * @exception EBaseException occurs when the CRL cannot be updated
      */
@@ -97,44 +94,44 @@ public interface IDefStore extends IOCSPStore
     /**
      * This method attempts to read the CRL issuing point.
      * <P>
-     *
+     * 
      * @param name the name of the CRL to be read
      * @return ICRLIssuingPointRecord the CRL issuing point
      * @exception EBaseException occurs when the specified CRL cannot be located
      */
     public ICRLIssuingPointRecord readCRLIssuingPoint(String name)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * This method searches all CRL issuing points.
      * <P>
-     *
+     * 
      * @param maxSize specifies the largest number of hits from the search
      * @return Enumeration a list of the CRL issuing points
      * @exception EBaseException occurs when no CRL issuing point exists
      */
     public Enumeration searchAllCRLIssuingPointRecord(
-        int maxSize)
-        throws EBaseException;
+            int maxSize)
+            throws EBaseException;
 
     /**
      * This method searches all CRL issuing points constrained by the specified
      * filtering mechanism.
      * <P>
-     *
+     * 
      * @param filter a string which constrains the search
      * @param maxSize specifies the largest number of hits from the search
      * @return Enumeration a list of the CRL issuing points
      * @exception EBaseException occurs when no CRL issuing point exists
      */
     public Enumeration searchCRLIssuingPointRecord(String filter,
-        int maxSize)
-        throws EBaseException;
+            int maxSize)
+            throws EBaseException;
 
     /**
      * This method creates a CRL issuing point record.
      * <P>
-     *
+     * 
      * @param name a string representation of this CRL issuing point record
      * @param crlNumber the number of this CRL issuing point record
      * @param crlSize the size of this CRL issuing point record
@@ -143,39 +140,38 @@ public interface IDefStore extends IOCSPStore
      * @return ICRLIssuingPointRecord this CRL issuing point record
      */
     public ICRLIssuingPointRecord createCRLIssuingPointRecord(
-        String name, BigInteger crlNumber, 
-        Long crlSize, Date thisUpdate, Date nextUpdate);
+            String name, BigInteger crlNumber,
+            Long crlSize, Date thisUpdate, Date nextUpdate);
 
     /**
      * This method adds a CRL issuing point
      * <P>
-     *
+     * 
      * @param name a string representation of this CRL issuing point record
      * @param rec this CRL issuing point record
      * @exception EBaseException occurs when the specified CRL issuing point
-     *     record cannot be added
+     *                record cannot be added
      */
     public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * This method deletes a CRL issuing point record
      * <P>
-     *
+     * 
      * @param id a string representation of this CRL issuing point record
      * @exception EBaseException occurs when the specified CRL issuing point
-     *     record cannot be deleted 
+     *                record cannot be deleted
      */
     public void deleteCRLIssuingPointRecord(String id)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * This method checks to see if the OCSP response should return good
      * when the certificate is not found.
      * <P>
-     *
+     * 
      * @return boolean true or false
      */
     public boolean isNotFoundGood();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java
index b99f6241..0219d357 100644
--- a/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ocsp;
 
-
 import netscape.security.x509.X500Name;
 
 import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
@@ -30,16 +29,14 @@ import com.netscape.cmsutil.ocsp.BasicOCSPResponse;
 import com.netscape.cmsutil.ocsp.ResponderID;
 import com.netscape.cmsutil.ocsp.ResponseData;
 
-
 /**
  * This class represents the primary interface for the Online Certificate
  * Status Protocol (OCSP) server.
- * <P> 
- *
+ * <P>
+ * 
  * @version $Revision$, $Date$
  */
-public interface IOCSPAuthority extends ISubsystem
-{
+public interface IOCSPAuthority extends ISubsystem {
     public static final String ID = "ocsp";
 
     public final static OBJECT_IDENTIFIER OCSP_NONCE = new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1.2");
@@ -53,16 +50,16 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method retrieves the OCSP store given its name.
      * <P>
-     *
+     * 
      * @param id the string representation of an OCSP store
      * @return IOCSPStore an instance of an OCSP store object
      */
-    public IOCSPStore getOCSPStore(String id); 
+    public IOCSPStore getOCSPStore(String id);
 
     /**
      * This method retrieves the signing unit.
      * <P>
-     *
+     * 
      * @return ISigningUnit an instance of a signing unit object
      */
     public ISigningUnit getSigningUnit();
@@ -70,7 +67,7 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method retrieves the responder ID by its name.
      * <P>
-     *
+     * 
      * @return ResponderID an instance of a responder ID
      */
     public ResponderID getResponderIDByName();
@@ -78,7 +75,7 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method retrieves the responder ID by its hash.
      * <P>
-     *
+     * 
      * @return ResponderID an instance of a responder ID
      */
     public ResponderID getResponderIDByHash();
@@ -87,7 +84,7 @@ public interface IOCSPAuthority extends ISubsystem
      * This method retrieves the default OCSP store
      * (i. e. - information from the internal database).
      * <P>
-     *
+     * 
      * @return IDefStore an instance of the default OCSP store
      */
     public IDefStore getDefaultStore();
@@ -95,17 +92,17 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method sets the supplied algorithm as the default signing algorithm.
      * <P>
-     *
+     * 
      * @param algorithm a string representing the requested algorithm
      * @exception EBaseException if the algorithm is unknown or disallowed
      */
     public void setDefaultAlgorithm(String algorithm)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * This method retrieves the default signing algorithm.
      * <P>
-     *
+     * 
      * @return String the name of the default signing algorithm
      */
     public String getDefaultAlgorithm();
@@ -113,7 +110,7 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method retrieves all potential OCSP signing algorithms.
      * <P>
-     *
+     * 
      * @return String[] the names of all potential OCSP signing algorithms
      */
     public String[] getOCSPSigningAlgorithms();
@@ -121,7 +118,7 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method logs the specified message at the specified level.
      * <P>
-     *
+     * 
      * @param level the log level
      * @param msg the log message
      */
@@ -131,7 +128,7 @@ public interface IOCSPAuthority extends ISubsystem
      * This method logs the specified message at the specified level given
      * the specified event.
      * <P>
-     *
+     * 
      * @param event the log event
      * @param level the log message
      * @param msg the log message
@@ -141,7 +138,7 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method retrieves the X500Name of an OCSP server instance.
      * <P>
-     *
+     * 
      * @return X500Name an instance of the X500 name object
      */
     public X500Name getName();
@@ -149,7 +146,7 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method retrieves an OCSP server instance digest name as a string.
      * <P>
-     *
+     * 
      * @param alg the signing algorithm
      * @return String the digest name of the related OCSP server
      */
@@ -158,19 +155,19 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method signs the basic OCSP response data provided as a parameter.
      * <P>
-     *
+     * 
      * @param rd response data
      * @return BasicOCSPResponse signed response data
      * @exception EBaseException error associated with an inability to sign
-     *     the specified response data
+     *                the specified response data
      */
     public BasicOCSPResponse sign(ResponseData rd)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * This method compares two byte arrays to see if they are equivalent.
      * <P>
-     *
+     * 
      * @param bytes the first byte array
      * @param ints the second byte array
      * @return boolean true or false
@@ -178,8 +175,10 @@ public interface IOCSPAuthority extends ISubsystem
     public boolean arraysEqual(byte[] bytes, byte[] ints);
 
     public void incTotalTime(long inc);
+
     public void incSignTime(long inc);
+
     public void incLookupTime(long inc);
+
     public void incNumOCSPRequest(long inc);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPService.java b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPService.java
index 8ca8b2f0..574289c2 100644
--- a/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPService.java
+++ b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPService.java
@@ -17,37 +17,34 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ocsp;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.cmsutil.ocsp.OCSPRequest;
 import com.netscape.cmsutil.ocsp.OCSPResponse;
 
-
 /**
  * This class represents the servlet that serves the Online Certificate
  * Status Protocol (OCSP) requests.
- *
+ * 
  * @version $Revision$ $Date$
  */
-public interface IOCSPService
-{
+public interface IOCSPService {
     /**
      * This method validates the information associated with the specified
      * OCSP request and returns an OCSP response.
      * <P>
-     *
+     * 
      * @param r an OCSP request
      * @return OCSPResponse the OCSP response associated with the specified
-     *     OCSP request
+     *         OCSP request
      * @exception EBaseException an error associated with the inability to
-     *     process the supplied OCSP request
+     *                process the supplied OCSP request
      */
-    public OCSPResponse validate(OCSPRequest r) 
-        throws EBaseException;
+    public OCSPResponse validate(OCSPRequest r)
+            throws EBaseException;
 
     /**
      * Returns the in-memory count of the processed OCSP requests.
-     *
+     * 
      * @return number of processed OCSP requests in memory
      */
     public long getNumOCSPRequest();
@@ -55,7 +52,7 @@ public interface IOCSPService
     /**
      * Returns the in-memory time (in mini-second) of
      * the processed time for OCSP requests.
-     *
+     * 
      * @return processed times for OCSP requests
      */
     public long getOCSPRequestTotalTime();
@@ -63,7 +60,7 @@ public interface IOCSPService
     /**
      * Returns the in-memory time (in mini-second) of
      * the signing time for OCSP requests.
-     *
+     * 
      * @return processed times for OCSP requests
      */
     public long getOCSPTotalSignTime();
@@ -73,9 +70,8 @@ public interface IOCSPService
     /**
      * Returns the total data signed
      * for OCSP requests.
-     *
+     * 
      * @return processed times for OCSP requests
      */
     public long getOCSPTotalData();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPStore.java b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPStore.java
index ee60105c..67612210 100644
--- a/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPStore.java
+++ b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPStore.java
@@ -17,46 +17,43 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ocsp;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.cmsutil.ocsp.OCSPRequest;
 import com.netscape.cmsutil.ocsp.OCSPResponse;
 
-
 /**
  * This class represents the generic interface for an Online Certificate
- * Status Protocol (OCSP) store.  Users can plugin different OCSP stores
- * by extending this class.  For example, imagine that if a user wants to
+ * Status Protocol (OCSP) store. Users can plugin different OCSP stores
+ * by extending this class. For example, imagine that if a user wants to
  * use the corporate LDAP server for revocation checking, then the user
  * would merely create a new class that extends this class (e. g. -
  * "public interface ICorporateLDAPStore extends IOCSPStore").
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public interface IOCSPStore extends ISubsystem
-{
+public interface IOCSPStore extends ISubsystem {
     /**
      * This method validates the information associated with the specified
      * OCSP request and returns an OCSP response.
      * <P>
-     *
+     * 
      * @param req an OCSP request
      * @return OCSPResponse the OCSP response associated with the specified
-     *     OCSP request
+     *         OCSP request
      * @exception EBaseException an error associated with the inability to
-     *     process the supplied OCSP request
+     *                process the supplied OCSP request
      */
-    public OCSPResponse validate(OCSPRequest req) 
-        throws EBaseException;
+    public OCSPResponse validate(OCSPRequest req)
+            throws EBaseException;
 
     /**
      * This method retrieves the configuration parameters associated with this
      * OCSP store.
      * <P>
-     *
+     * 
      * @return NameValuePairs all configuration items
      */
     public NameValuePairs getConfigParameters();
@@ -65,11 +62,10 @@ public interface IOCSPStore extends ISubsystem
      * This method stores the configuration parameters specified by the
      * passed-in Name Value pairs object.
      * <P>
-     *
+     * 
      * @param pairs a name-value pair object
      * @exception EBaseException an illegal name-value pair
      */
-    public void setConfigParameters(NameValuePairs pairs) 
-        throws EBaseException;
+    public void setConfigParameters(NameValuePairs pairs)
+            throws EBaseException;
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java b/pki/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java
index a99fd764..3dc028ff 100644
--- a/pki/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java
+++ b/pki/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java
@@ -23,7 +23,7 @@ import com.netscape.certsrv.base.PasswordResources;
 /**
  * A class represents a password checker exception.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EPasswordCheckException extends EBaseException {
@@ -40,6 +40,7 @@ public class EPasswordCheckException extends EBaseException {
     /**
      * Constructs a password checker exception
      * <P>
+     * 
      * @param msgFormat exception details
      */
     public EPasswordCheckException(String msgFormat) {
@@ -49,6 +50,7 @@ public class EPasswordCheckException extends EBaseException {
     /**
      * Constructs a password checker exception.
      * <P>
+     * 
      * @param msgFormat exception details in message string format
      * @param param message string parameter
      */
@@ -59,6 +61,7 @@ public class EPasswordCheckException extends EBaseException {
     /**
      * Constructs a password checker exception.
      * <P>
+     * 
      * @param msgFormat exception details in message string format
      * @param exception system exception
      */
@@ -69,6 +72,7 @@ public class EPasswordCheckException extends EBaseException {
     /**
      * Constructs a password checker exception.
      * <P>
+     * 
      * @param msgFormat the message format.
      * @param params list of message format parameters
      */
@@ -78,6 +82,7 @@ public class EPasswordCheckException extends EBaseException {
 
     /**
      * Retrieves bundle name.
+     * 
      * @return resource bundle name.
      */
     protected String getBundleName() {
diff --git a/pki/base/common/src/com/netscape/certsrv/password/IConfigPasswordCheck.java b/pki/base/common/src/com/netscape/certsrv/password/IConfigPasswordCheck.java
index ddf4325c..8b23fa51 100644
--- a/pki/base/common/src/com/netscape/certsrv/password/IConfigPasswordCheck.java
+++ b/pki/base/common/src/com/netscape/certsrv/password/IConfigPasswordCheck.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.password;
 
-
 /**
  * Configuration Wizard Password quality checker interface.
  * <P>
@@ -28,6 +27,7 @@ public interface IConfigPasswordCheck {
 
     /**
      * Check if the password meets the quality requirement
+     * 
      * @param pwd the given password
      * @return true if the password meets the quality requirement; otherwise false
      */
@@ -35,9 +35,9 @@ public interface IConfigPasswordCheck {
 
     /**
      * Returns a reason if the password doesnt meet the quality requirement.
+     * 
      * @param pwd the given password
      * @return a reason if the password quality requirement is not met.
      */
     public String getConfigReason(String pwd);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/password/IPasswordCheck.java b/pki/base/common/src/com/netscape/certsrv/password/IPasswordCheck.java
index bb84a72f..d885d3fc 100644
--- a/pki/base/common/src/com/netscape/certsrv/password/IPasswordCheck.java
+++ b/pki/base/common/src/com/netscape/certsrv/password/IPasswordCheck.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.password;
 
-
 /**
  * Password quality checker interface.
  * <P>
@@ -28,6 +27,7 @@ public interface IPasswordCheck {
 
     /**
      * Check if the password meets the quality requirement
+     * 
      * @param pwd the given password
      * @return true if the password meets the quality requirement; otherwise false
      */
@@ -35,9 +35,9 @@ public interface IPasswordCheck {
 
     /**
      * Returns a reason if the password doesnt meet the quality requirement.
+     * 
      * @param pwd the given password
      * @return a reason if the password quality requirement is not met.
      */
     public String getReason(String pwd);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/pattern/AttrSetCollection.java b/pki/base/common/src/com/netscape/certsrv/pattern/AttrSetCollection.java
index 22cfc232..5f73fc25 100644
--- a/pki/base/common/src/com/netscape/certsrv/pattern/AttrSetCollection.java
+++ b/pki/base/common/src/com/netscape/certsrv/pattern/AttrSetCollection.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.pattern;
 
-
 import java.util.Hashtable;
 
 import com.netscape.certsrv.base.IAttrSet;
@@ -25,7 +24,7 @@ import com.netscape.certsrv.base.IAttrSet;
 /**
  * This class represents a collection of attribute
  * sets.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AttrSetCollection extends Hashtable<String, IAttrSet> {
@@ -44,7 +43,7 @@ public class AttrSetCollection extends Hashtable<String, IAttrSet> {
 
     /**
      * Retrieves a attribute set from this collection.
-     *
+     * 
      * @param name name of the attribute set
      * @return attribute set
      */
@@ -54,7 +53,7 @@ public class AttrSetCollection extends Hashtable<String, IAttrSet> {
 
     /**
      * Sets attribute set in this collection.
-     *
+     * 
      * @param name set of the attribute set
      * @param set attribute set
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/pattern/Pattern.java b/pki/base/common/src/com/netscape/certsrv/pattern/Pattern.java
index 36cc7cb3..bce3a426 100644
--- a/pki/base/common/src/com/netscape/certsrv/pattern/Pattern.java
+++ b/pki/base/common/src/com/netscape/certsrv/pattern/Pattern.java
@@ -17,34 +17,31 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.pattern;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IAttrSet;
 
-
 /**
  * This is a generic pattern subtitution engine. The
  * pattern format should be:
  * <p>
- *   $[attribute set key].[attribute name]$
+ * $[attribute set key].[attribute name]$
  * <p>
  * For example,
  * <p>
- *   $request.requestor_email$
- *   $ctx.user_id$
+ * $request.requestor_email$ $ctx.user_id$
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class Pattern {
 
     private String mS = null;
-   
+
     /**
      * Constructs a pattern object with the given string.
-     *
+     * 
      * @param s string with pattern (i.e. $request.requestor_email$)
      */
     public Pattern(String s) {
@@ -53,7 +50,7 @@ public class Pattern {
 
     /**
      * Subtitutes this pattern with the given attribute set.
-     *
+     * 
      * @param key key name of the given attribute set
      * @param attrSet attribute set
      * @return substituted string
@@ -64,7 +61,7 @@ public class Pattern {
 
     /**
      * Subtitutes this pattern with the given attribute set.
-     *
+     * 
      * @param attrSetCollection attribute set collection
      * @return substituted string
      */
@@ -76,24 +73,24 @@ public class Pattern {
             String key = (String) keys.nextElement();
             Pattern p = new Pattern(temp);
 
-            temp = p.substitute(key, 
+            temp = p.substitute(key,
                         attrSetCollection.getAttrSet(key));
-			
+
         }
         return temp;
     }
 
     /**
      * Subtitutes this pattern with the given attribute set.
-     *
-	 * This is an extended version of the substitute() method.
-	 * It takes a more flexible pattern format that could have
-	 * non-token ($...$) format.  e.g.
-	 *    $request.screenname$@redhat.com
-	 * where "@redhat.com" is not in token pattern format, and will be
-	 * literally put in place. e.g.
-	 *    TomRiddle@redhat.com
-	 *
+     * 
+     * This is an extended version of the substitute() method.
+     * It takes a more flexible pattern format that could have
+     * non-token ($...$) format. e.g.
+     * $request.screenname$@redhat.com
+     * where "@redhat.com" is not in token pattern format, and will be
+     * literally put in place. e.g.
+     * TomRiddle@redhat.com
+     * 
      * @param key key name of the given attribute set
      * @param attrSet attribute set
      * @return substituted string
@@ -105,39 +102,39 @@ public class Pattern {
         int lastPos;
 
         do {
-			// from startPos to right before '$' or end of string
-			// need to be copied over
-			
+            // from startPos to right before '$' or end of string
+            // need to be copied over
+
             lastPos = mS.indexOf('$', startPos);
 
-			// if no '$', return the entire string
+            // if no '$', return the entire string
             if (lastPos == -1 && startPos == 0)
-              return mS;
+                return mS;
 
-			// no more '$' found, copy the rest of chars, done
+            // no more '$' found, copy the rest of chars, done
             if (lastPos == -1) {
-				sb.append(mS.substring(startPos)); //
-				return sb.toString(); //
-				//                continue;
-			}
+                sb.append(mS.substring(startPos)); //
+                return sb.toString(); //
+                //                continue;
+            }
 
-			// found '$'
+            // found '$'
             if (startPos < lastPos) {
-                sb.append(mS.substring(startPos, lastPos));	
+                sb.append(mS.substring(startPos, lastPos));
             }
 
-			// look for the ending '$'
+            // look for the ending '$'
             int endPos = mS.indexOf('$', lastPos + 1);
             String token = mS.substring(lastPos + 1, endPos);
             int dotPos = token.indexOf('.');
 
-			// it's assuming there's always a '.'
+            // it's assuming there's always a '.'
             String attrKey = token.substring(0, dotPos);
             String attrName = token.substring(dotPos + 1);
 
             if (!key.equals(attrKey)) {
                 startPos = endPos + 1;
-                sb.append("$" + attrKey + "." + attrName + "$");	
+                sb.append("$" + attrKey + "." + attrName + "$");
                 continue;
             }
 
@@ -145,20 +142,19 @@ public class Pattern {
                 Object o = attrSet.get(attrName);
 
                 if (!(o instanceof String)) {
-                    startPos = endPos + 1;	
-					// if no such attrName, copy the token pattern over
-                    sb.append("$" + attrKey + "." + attrName + "$");	
+                    startPos = endPos + 1;
+                    // if no such attrName, copy the token pattern over
+                    sb.append("$" + attrKey + "." + attrName + "$");
                     continue;
                 }
                 String val = (String) o;
 
-                sb.append(val);	
+                sb.append(val);
             } catch (EBaseException e) {
-                sb.append("$" + attrKey + "." + attrName + "$");	
+                sb.append("$" + attrKey + "." + attrName + "$");
             }
-            startPos = endPos + 1;	
-        }
-        while (lastPos != -1);
+            startPos = endPos + 1;
+        } while (lastPos != -1);
 
         return sb.toString();
     }
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/EPolicyException.java b/pki/base/common/src/com/netscape/certsrv/policy/EPolicyException.java
index c8431fcf..f32f4f64 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/EPolicyException.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/EPolicyException.java
@@ -17,25 +17,24 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.MessageFormatter;
 
-
 /**
  * This class represents Exceptions used by the policy package.
  * The policies themselves do not raise exceptions but use them
  * to format error messages.
- *
+ * 
  * Adapted from EBasException
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  * @see java.text.MessageFormat
@@ -54,7 +53,7 @@ public class EPolicyException extends EBaseException {
     /**
      * Constructs a base exception.
      * <P>
-     *
+     * 
      * @param msgFormat exception details
      */
     public EPolicyException(String msgFormat) {
@@ -64,11 +63,12 @@ public class EPolicyException extends EBaseException {
 
     /**
      * Constructs a base exception with a parameter. For example,
+     * 
      * <PRE>
-     * 		new EPolicyException("failed to load {0}", fileName);
+     * new EPolicyException(&quot;failed to load {0}&quot;, fileName);
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param param message string parameter
      */
@@ -81,7 +81,7 @@ public class EPolicyException extends EBaseException {
     /**
      * Constructs a base exception with two String parameters. For example,
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param param1 message string parameter
      * @param param2 message string parameter
@@ -97,6 +97,7 @@ public class EPolicyException extends EBaseException {
      * Constructs a base exception. It can be used to carry
      * a system exception that may contain information about
      * the context. For example,
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -105,7 +106,7 @@ public class EPolicyException extends EBaseException {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param param system exception
      */
@@ -119,7 +120,7 @@ public class EPolicyException extends EBaseException {
      * Constructs a base exception with a list of parameters
      * that will be substituted into the message format.
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param params list of message format parameters
      */
@@ -131,7 +132,7 @@ public class EPolicyException extends EBaseException {
     /**
      * Returns a list of parameters.
      * <P>
-     *
+     * 
      * @return list of message format parameters
      */
     public Object[] getParameters() {
@@ -142,7 +143,7 @@ public class EPolicyException extends EBaseException {
      * Returns localized exception string. This method should
      * only be called if a localized string is necessary.
      * <P>
-     *
+     * 
      * @return details message
      */
     public String toString() {
@@ -152,7 +153,7 @@ public class EPolicyException extends EBaseException {
     /**
      * Returns the string based on the given locale.
      * <P>
-     *
+     * 
      * @param locale locale
      * @return details message
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IEnrollmentPolicy.java b/pki/base/common/src/com/netscape/certsrv/policy/IEnrollmentPolicy.java
index bfd0e7c2..7c789932 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IEnrollmentPolicy.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IEnrollmentPolicy.java
@@ -17,20 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 /**
  * Interface for an enrollment policy rule. This provides general
  * typing for rules so that a policy processor can group rules
  * based on a particular type.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public interface IEnrollmentPolicy extends IPolicyRule {
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IExpression.java b/pki/base/common/src/com/netscape/certsrv/policy/IExpression.java
index 6bed58c5..4075e868 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IExpression.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IExpression.java
@@ -17,18 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * Interface for a policy expression.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -48,12 +47,12 @@ public interface IExpression {
 
     /**
      * Evaluate the Expression.
-     *
-     * @param req	The PKIRequest on which we are applying the condition.
-     * @return 		The return value.
+     * 
+     * @param req The PKIRequest on which we are applying the condition.
+     * @return The return value.
      */
     boolean evaluate(IRequest req)
-        throws EPolicyException;
+            throws EPolicyException;
 
     /**
      * Convert to a string.
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameAsConstraintsConfig.java b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameAsConstraintsConfig.java
index 757780d3..78ec3119 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameAsConstraintsConfig.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameAsConstraintsConfig.java
@@ -17,21 +17,20 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.Vector;
 
 import netscape.security.x509.GeneralName;
 
-
-/** 
- * Class that can be used to form general names from configuration file. 
- * Used by policies and extension commands.  
+/**
+ * Class that can be used to form general names from configuration file.
+ * Used by policies and extension commands.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -39,14 +38,14 @@ public interface IGeneralNameAsConstraintsConfig {
 
     /**
      * Retrieves instance parameters.
-     *
+     * 
      * @param params parameters
      */
     public void getInstanceParams(Vector<String> params);
 
     /**
      * Retrieves the general name.
-     *
+     * 
      * @return general name
      */
     public GeneralName getGeneralName();
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameConfig.java b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameConfig.java
index 953bb41e..193269bb 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameConfig.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameConfig.java
@@ -17,23 +17,22 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.Vector;
 
 import netscape.security.x509.GeneralName;
 
 import com.netscape.certsrv.base.EBaseException;
 
-
-/** 
- * Class that can be used to form general names from configuration file. 
- * Used by policies and extension commands.  
+/**
+ * Class that can be used to form general names from configuration file.
+ * Used by policies and extension commands.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -41,27 +40,27 @@ public interface IGeneralNameConfig {
 
     /**
      * Forms a general name from string.
-     *
+     * 
      * @param value general name in string
      * @return general name object
      * @exception EBaseException failed to form general name
      */
-    public GeneralName formGeneralName(String value) 
-        throws EBaseException;
+    public GeneralName formGeneralName(String value)
+            throws EBaseException;
 
     /**
      * Forms general names from the given value.
-     *
+     * 
      * @param value general name in string
      * @return a vector of general names
      * @exception EBaseException failed to form general name
      */
     public Vector<GeneralName> formGeneralNames(Object value)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves the instance parameters.
-     *
+     * 
      * @param params parameters
      */
     public void getInstanceParams(Vector<String> params);
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameUtil.java b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameUtil.java
index c1526284..26bd8aeb 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameUtil.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameUtil.java
@@ -17,16 +17,16 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
-/** 
- * Class that can be used to form general names from configuration file. 
+/**
+ * Class that can be used to form general names from configuration file.
  * Used by policies and extension commands.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -51,30 +51,26 @@ public interface IGeneralNameUtil {
      */
     public static final int DEF_NUM_GENERALNAMES = 8;
 
-    /** 
+    /**
      * Default extended plugin info.
      */
-    public static String 
-        NUM_GENERALNAMES_INFO = "number;The total number of alternative names or identities permitted in the extension.";
-    public static String GENNAME_CHOICE_INFO = 
-        "choice(" +
-        IGeneralNameUtil.GENNAME_CHOICE_RFC822NAME + "," +
-        IGeneralNameUtil.GENNAME_CHOICE_DIRECTORYNAME + "," +
-        IGeneralNameUtil.GENNAME_CHOICE_DNSNAME + "," +
-        IGeneralNameUtil.GENNAME_CHOICE_EDIPARTYNAME + "," +
-        IGeneralNameUtil.GENNAME_CHOICE_URL + "," +
-        IGeneralNameUtil.GENNAME_CHOICE_IPADDRESS + "," +
-        IGeneralNameUtil.GENNAME_CHOICE_REGISTEREDID + "," +
-        IGeneralNameUtil.GENNAME_CHOICE_OTHERNAME + ");" +
-        "GeneralName choice. See RFC 2459 appendix B2 on GeneralName.";
-    public static String GENNAME_VALUE_INFO = 
-        "string;Value according to the GeneralName choice.";
+    public static String NUM_GENERALNAMES_INFO = "number;The total number of alternative names or identities permitted in the extension.";
+    public static String GENNAME_CHOICE_INFO =
+            "choice(" +
+                    IGeneralNameUtil.GENNAME_CHOICE_RFC822NAME + "," +
+                    IGeneralNameUtil.GENNAME_CHOICE_DIRECTORYNAME + "," +
+                    IGeneralNameUtil.GENNAME_CHOICE_DNSNAME + "," +
+                    IGeneralNameUtil.GENNAME_CHOICE_EDIPARTYNAME + "," +
+                    IGeneralNameUtil.GENNAME_CHOICE_URL + "," +
+                    IGeneralNameUtil.GENNAME_CHOICE_IPADDRESS + "," +
+                    IGeneralNameUtil.GENNAME_CHOICE_REGISTEREDID + "," +
+                    IGeneralNameUtil.GENNAME_CHOICE_OTHERNAME + ");" +
+                    "GeneralName choice. See RFC 2459 appendix B2 on GeneralName.";
+    public static String GENNAME_VALUE_INFO =
+            "string;Value according to the GeneralName choice.";
 
-    public static String 
-        PROP_NUM_GENERALNAMES_INFO = PROP_NUM_GENERALNAMES + ";" + NUM_GENERALNAMES_INFO;
-    public static String 
-        PROP_GENNAME_CHOICE_INFO = PROP_GENNAME_CHOICE + ";" + GENNAME_CHOICE_INFO;
-    public static String 
-        PROP_GENNAME_VALUE_INFO = PROP_GENNAME_VALUE + ";" + GENNAME_VALUE_INFO;
+    public static String PROP_NUM_GENERALNAMES_INFO = PROP_NUM_GENERALNAMES + ";" + NUM_GENERALNAMES_INFO;
+    public static String PROP_GENNAME_CHOICE_INFO = PROP_GENNAME_CHOICE + ";" + GENNAME_CHOICE_INFO;
+    public static String PROP_GENNAME_VALUE_INFO = PROP_GENNAME_VALUE + ";" + GENNAME_VALUE_INFO;
 
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesAsConstraintsConfig.java b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesAsConstraintsConfig.java
index c461efd3..aeb7867e 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesAsConstraintsConfig.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesAsConstraintsConfig.java
@@ -17,21 +17,20 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.Vector;
 
 import netscape.security.x509.GeneralNames;
 
-
-/** 
- * Class that can be used to form general names from configuration file. 
+/**
+ * Class that can be used to form general names from configuration file.
  * Used by policies and extension commands.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -39,14 +38,14 @@ public interface IGeneralNamesAsConstraintsConfig {
 
     /**
      * Retrieves a list of configured general names.
-     *
+     * 
      * @return a list of general names
      */
     public GeneralNames getGeneralNames();
 
     /**
      * Retrieves instance parameters.
-     *
+     * 
      * @param params instance parameters
      */
     public void getInstanceParams(Vector<String> params);
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesConfig.java b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesConfig.java
index 4c2330df..2074b9d1 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesConfig.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesConfig.java
@@ -17,21 +17,20 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.Vector;
 
 import netscape.security.x509.GeneralNames;
 
-
-/** 
- * Class that can be used to form general names from configuration file. 
+/**
+ * Class that can be used to form general names from configuration file.
  * Used by policies and extension commands.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -39,14 +38,14 @@ public interface IGeneralNamesConfig {
 
     /**
      * Retrieves a list of configured general names.
-     *
+     * 
      * @return general names
      */
     public GeneralNames getGeneralNames();
 
     /**
      * Retrieves the instance parameters.
-     *
+     * 
      * @param params instance parameters
      */
     public void getInstanceParams(Vector<String> params);
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IKeyArchivalPolicy.java b/pki/base/common/src/com/netscape/certsrv/policy/IKeyArchivalPolicy.java
index 13ba5f61..14a29256 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IKeyArchivalPolicy.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IKeyArchivalPolicy.java
@@ -17,18 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 /**
  * Interface for a key recovery policy rule.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public interface IKeyArchivalPolicy extends IPolicyRule {
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IKeyRecoveryPolicy.java b/pki/base/common/src/com/netscape/certsrv/policy/IKeyRecoveryPolicy.java
index 1d173f28..6de61567 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IKeyRecoveryPolicy.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IKeyRecoveryPolicy.java
@@ -17,18 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 /**
  * Interface for a key recovery policy rule.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public interface IKeyRecoveryPolicy extends IPolicyRule {
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IPolicyPredicateParser.java b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyPredicateParser.java
index 7b5f4465..0992beae 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IPolicyPredicateParser.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyPredicateParser.java
@@ -17,15 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 /**
  * Interface for policy predicate parsers.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -33,11 +33,11 @@ public interface IPolicyPredicateParser {
 
     /**
      * Parse the predicate expression and return a vector of expressions.
-     *
-     * @param predicateExpression	The predicate expression as read from the
-     *		config file.
-     * @return expVector	The vector of expressions.
+     * 
+     * @param predicateExpression The predicate expression as read from the
+     *            config file.
+     * @return expVector The vector of expressions.
      */
     IExpression parse(String predicateExpression)
-        throws EPolicyException;
+            throws EPolicyException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IPolicyProcessor.java b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyProcessor.java
index 09f2415a..11927a03 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IPolicyProcessor.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -25,22 +24,22 @@ import java.util.Vector;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
  * A generic interface for a policy processor. By making a processor
  * extend the policy interface, we make even the processor a rule -
  * which makes sense because a processor may be based on some rule
  * such as evaluate all policies before returning the final result or
  * return as soon as one of the policies return a failure and so on.
- *
+ * 
  * By making both processor and policy rules implement a common
  * interface, one can write rules that are processors as well.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -61,42 +60,42 @@ public interface IPolicyProcessor extends ISubsystem,
 
     /**
      * Returns the policy substore id.
-     *
-     * @return storeID	The policy store id used by this processor.
+     * 
+     * @return storeID The policy store id used by this processor.
      */
     String getPolicySubstoreId();
 
     /**
      * Returns information on Policy impls.
-     *
+     * 
      * @return An enumeration of strings describing the information
-     * 		   about policy implementations. Currently only the
-     *		   the implementation id is expected.
+     *         about policy implementations. Currently only the
+     *         the implementation id is expected.
      */
     Enumeration<String> getPolicyImplsInfo();
 
     /**
      * Returns the rule implementations registered with this processor.
-     *
-     * @return An Enumeration of uninitialized IPolicyRule 
-     *					objects.
+     * 
+     * @return An Enumeration of uninitialized IPolicyRule
+     *         objects.
      */
     Enumeration<IPolicyRule> getPolicyImpls();
 
     /**
      * Returns an implementation identified by a given id.
-     *
-     * @param id		The implementation id.
+     * 
+     * @param id The implementation id.
      * @return The uninitialized instance of the policy rule.
      */
     IPolicyRule getPolicyImpl(String id);
 
     /**
-     * Returns configuration for an implmentation. 
-     *
-     * @param id		The implementation id.
+     * Returns configuration for an implmentation.
+     * 
+     * @param id The implementation id.
      * @return A vector of name/value pairs in the form of
-     *	name=value.
+     *         name=value.
      */
     Vector<String> getPolicyImplConfig(String id);
 
@@ -104,53 +103,53 @@ public interface IPolicyProcessor extends ISubsystem,
      * Deletes a policy implementation identified by an impl id.
      * 
      * 
-     * @param id	The impl id of the policy to be deleted.
-     *				There shouldn't be any active instance for this 
-     *				implementation.
+     * @param id The impl id of the policy to be deleted.
+     *            There shouldn't be any active instance for this
+     *            implementation.
      * @exception EBaseException is thrown if an error occurs in deletion.
      */
     void deletePolicyImpl(String id)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Adds a policy implementation identified by an impl id.
      * 
-     * @param id			The impl id of the policy to be added.
-     *						The id should be unique.
-     * @param classPath 	The fully qualified path for the implementation. 
+     * @param id The impl id of the policy to be added.
+     *            The id should be unique.
+     * @param classPath The fully qualified path for the implementation.
      * @exception EBaseException is thrown if an error occurs in addition.
      */
     void addPolicyImpl(String id, String classPath)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Returns information on Policy instances.
-     *
-     * @return An Enumeration of Strings describing the information 
-     *			about policy rule instances.
+     * 
+     * @return An Enumeration of Strings describing the information
+     *         about policy rule instances.
      */
     Enumeration<String> getPolicyInstancesInfo();
 
     /**
      * Returns policy instances registered with this processor.
-     *
+     * 
      * @return An Enumeration of policy instances.
      */
-    Enumeration<IPolicyRule>  getPolicyInstances();
+    Enumeration<IPolicyRule> getPolicyInstances();
 
     /**
      * Returns instance configuration for a given instance id.
-     *
-     * @param id		The rule id.
+     * 
+     * @param id The rule id.
      * @return A vector of name/value pairs in the form of
-     *	name=value.
+     *         name=value.
      */
-    Vector<String>  getPolicyInstanceConfig(String id);
+    Vector<String> getPolicyInstanceConfig(String id);
 
     /**
      * Returns instance configuration for a given instance id.
-     *
-     * @param id		The rule id.
+     * 
+     * @param id The rule id.
      * @return the policy instance identified by the id.
      */
     IPolicyRule getPolicyInstance(String id);
@@ -158,41 +157,40 @@ public interface IPolicyProcessor extends ISubsystem,
     /**
      * Deletes a policy instance identified by an instance id.
      * 
-     * @param id	The instance id of the policy to be deleted.
+     * @param id The instance id of the policy to be deleted.
      * @exception EBaseException is thrown if an error occurs in deletion.
      */
     void deletePolicyInstance(String id)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Adds a policy instance 
+     * Adds a policy instance
      * 
-     * @param id			The impl id of the policy to be added.
-     *						The id should be unique.
+     * @param id The impl id of the policy to be added.
+     *            The id should be unique.
      * @param ht a Hashtable of config params.
      * @exception EBaseException is thrown if an error occurs in addition.
      */
     void addPolicyInstance(String id, Hashtable<String, String> ht)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Modifies a policy instance 
+     * Modifies a policy instance
      * 
-     * @param id			The impl id of the policy to be modified.
-     *						The policy instance with this id should be present.
+     * @param id The impl id of the policy to be modified.
+     *            The policy instance with this id should be present.
      * @param ht a Hashtable of config params.
      * @exception EBaseException is thrown if an error occurs in addition.
      */
     void modifyPolicyInstance(String id, Hashtable<String, String> ht)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Modifies policy ordering.
-     *
+     * 
      * @param policyOrderStr The comma separated list of instance ids.
-     *
+     * 
      */
     void changePolicyInstanceOrdering(String policyOrderStr)
-        throws EBaseException;
+            throws EBaseException;
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IPolicyRule.java b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyRule.java
index 0babd48a..7f7f888f 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IPolicyRule.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyRule.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.Vector;
 
 import com.netscape.certsrv.base.EBaseException;
@@ -26,20 +25,20 @@ import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 
-
 /**
  * Interface for a policy rule.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public interface IPolicyRule
-    extends com.netscape.certsrv.request.IPolicy {
+        extends com.netscape.certsrv.request.IPolicy {
     public static final String PROP_ENABLE = "enable";
     public static final String PROP_PREDICATE = "predicate";
     public static final String PROP_IMPLNAME = "implName";
@@ -47,15 +46,16 @@ public interface IPolicyRule
     /**
      * Initializes the policy rule.
      * <P>
-     *
+     * 
      * @param config The config store reference
      */
     void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Gets the description for this policy rule.
      * <P>
+     * 
      * @return The Description for this rule.
      */
     String getDescription();
@@ -63,7 +63,7 @@ public interface IPolicyRule
     /**
      * Returns the name of the policy rule class.
      * <P>
-     *
+     * 
      * @return The name of the policy class.
      */
     String getName();
@@ -71,25 +71,25 @@ public interface IPolicyRule
     /**
      * Returns the name of the policy rule instance.
      * <P>
-     *
+     * 
      * @return The name of the policy rule instance. If none
-     * 	is set the name of the implementation will be returned.
-     * 	
+     *         is set the name of the implementation will be returned.
+     * 
      */
     String getInstanceName();
 
     /**
      * Sets a predicate expression for rule matching.
      * <P>
-     *
-     * @param exp	The predicate expression for the rule.
+     * 
+     * @param exp The predicate expression for the rule.
      */
     void setPredicate(IExpression exp);
 
     /**
      * Returns the predicate expression for the rule.
      * <P>
-     *
+     * 
      * @return The predicate expression for the rule.
      */
     IExpression getPredicate();
@@ -98,27 +98,27 @@ public interface IPolicyRule
      * Applies the policy on the given Request. This may modify
      * the request appropriately.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The PolicyResult object.
      */
     PolicyResult apply(IRequest req);
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs. Each name/value
-     *				pair is constructed as a String in name=value format.
+     *         pair is constructed as a String in name=value format.
      */
     public Vector<String> getInstanceParams();
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs. Each name/value
-     *		  		pair is constructed as a String in name=value.
+     *         pair is constructed as a String in name=value.
      */
-    public Vector<String>  getDefaultParams();
+    public Vector<String> getDefaultParams();
 
     public void setError(IRequest req, String format, Object[] params);
 
@@ -126,4 +126,3 @@ public interface IPolicyRule
 
     public void setPolicyException(IRequest req, EBaseException ex);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IPolicySet.java b/pki/base/common/src/com/netscape/certsrv/policy/IPolicySet.java
index dd5a36bc..a9fb6a2d 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IPolicySet.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IPolicySet.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 
-
 /**
  * Represents a set of policy rules. Policy rules are ordered from
  * lowest priority to highest priority. The priority assignment for rules
@@ -34,11 +32,12 @@ import com.netscape.certsrv.request.PolicyResult;
  * them in increasing order of priority and presenting an ordered vector of rules
  * via the IPolicySet interface.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -47,7 +46,7 @@ public interface IPolicySet {
     /**
      * Returns the name of the rule set.
      * <P>
-     *
+     * 
      * @return The name of the rule set.
      */
     String getName();
@@ -55,6 +54,7 @@ public interface IPolicySet {
     /**
      * Returns the no of rules in a set.
      * <P>
+     * 
      * @return the no of rules.
      */
     int count();
@@ -62,24 +62,24 @@ public interface IPolicySet {
     /**
      * Add a policy rule.
      * <P>
-     *
+     * 
      * @param ruleName The name of the rule to be added.
-     * @param rule  The rule to be added.
+     * @param rule The rule to be added.
      */
     void addRule(String ruleName, IPolicyRule rule);
 
     /**
      * Removes a policy rule identified by the given name.
-     *
-     * @param ruleName  The name of the rule to be removed.
+     * 
+     * @param ruleName The name of the rule to be removed.
      */
     void removeRule(String ruleName);
 
     /**
      * Returns the rule identified by a given name.
      * <P>
-     *
-     * @param ruleName  The name of the rule to be return.
+     * 
+     * @param ruleName The name of the rule to be return.
      * @return The rule identified by the given name or null if none exists.
      */
     IPolicyRule getRule(String ruleName);
@@ -87,7 +87,7 @@ public interface IPolicySet {
     /**
      * Returns an enumeration of rules.
      * <P>
-     *
+     * 
      * @return An enumeration of rules.
      */
     Enumeration<IPolicyRule> getRules();
@@ -95,12 +95,11 @@ public interface IPolicySet {
     /**
      * Apply policy rules on a request. This call may modify
      * the request content.
-     *
-     * @param req   The request to apply policies on.
-     *
-     * <P>
+     * 
+     * @param req The request to apply policies on.
+     * 
+     *            <P>
      * @return The policy result.
      */
     PolicyResult apply(IRequest req);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IRenewalPolicy.java b/pki/base/common/src/com/netscape/certsrv/policy/IRenewalPolicy.java
index 7bf2026e..28f56fe7 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IRenewalPolicy.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IRenewalPolicy.java
@@ -17,18 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 /**
  * Interface for a renewal policy rule.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public interface IRenewalPolicy extends IPolicyRule {
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IRevocationPolicy.java b/pki/base/common/src/com/netscape/certsrv/policy/IRevocationPolicy.java
index e0ecfb16..7e6084c7 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IRevocationPolicy.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IRevocationPolicy.java
@@ -17,18 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 /**
  * Interface for a revocation policy rule.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public interface IRevocationPolicy extends IPolicyRule {
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/ISubjAltNameConfig.java b/pki/base/common/src/com/netscape/certsrv/policy/ISubjAltNameConfig.java
index 75df22de..0fee01be 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/ISubjAltNameConfig.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/ISubjAltNameConfig.java
@@ -17,18 +17,16 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
-
-
-/** 
- * Class that can be used to form general names from configuration file. 
+/**
+ * Class that can be used to form general names from configuration file.
  * Used by policies and extension commands.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -36,14 +34,14 @@ public interface ISubjAltNameConfig extends IGeneralNameConfig {
 
     /**
      * Retrieves configuration prefix.
-     *
+     * 
      * @return prefix
      */
     public String getPfx();
 
     /**
      * Retrieves configuration attribute.
-     *
+     * 
      * @return attribute
      */
     public String getAttr();
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/PolicyResources.java b/pki/base/common/src/com/netscape/certsrv/policy/PolicyResources.java
index c8bcec2c..d330b719 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/PolicyResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/PolicyResources.java
@@ -17,18 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * Error messages for Policies.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  * @see java.util.ListResourceBundle
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java b/pki/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java
index 75f134c2..5c192e9c 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java
@@ -26,8 +26,7 @@ import netscape.security.x509.X509CertInfo;
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.IConfigStore;
 
-public class CertInfoProfile 
-{
+public class CertInfoProfile {
     private Vector<ICertInfoPolicyDefault> mDefaults = new Vector<ICertInfoPolicyDefault>();
     private String mName = null;
     private String mID = null;
@@ -35,8 +34,7 @@ public class CertInfoProfile
     private String mProfileIDMapping = null;
     private String mProfileSetIDMapping = null;
 
-    public CertInfoProfile(String cfg) throws Exception
-    {
+    public CertInfoProfile(String cfg) throws Exception {
         IConfigStore config = CMS.createFileConfigStore(cfg);
         mID = config.getString("id");
         mName = config.getString("name");
@@ -45,67 +43,60 @@ public class CertInfoProfile
         mProfileSetIDMapping = config.getString("profileSetIDMapping");
         StringTokenizer st = new StringTokenizer(config.getString("list"), ",");
         while (st.hasMoreTokens()) {
-            String id = (String)st.nextToken();
+            String id = (String) st.nextToken();
             String c = config.getString(id + ".default.class");
             try {
-              /* load defaults */
-              ICertInfoPolicyDefault def = (ICertInfoPolicyDefault)
-                 Class.forName(c).newInstance();
-              init(config.getSubStore(id + ".default"), def);
-              mDefaults.addElement(def);
+                /* load defaults */
+                ICertInfoPolicyDefault def = (ICertInfoPolicyDefault)
+                        Class.forName(c).newInstance();
+                init(config.getSubStore(id + ".default"), def);
+                mDefaults.addElement(def);
             } catch (Exception e) {
-              CMS.debug("CertInfoProfile: " + e.toString());
+                CMS.debug("CertInfoProfile: " + e.toString());
             }
         }
     }
 
     private void init(IConfigStore config, ICertInfoPolicyDefault def)
-           throws Exception
-    {
-      try {
-        def.init(null, config);
-      } catch (Exception e) {
-        CMS.debug("CertInfoProfile.init: " + e.toString());
-      }
+            throws Exception {
+        try {
+            def.init(null, config);
+        } catch (Exception e) {
+            CMS.debug("CertInfoProfile.init: " + e.toString());
+        }
     }
 
-    public String getID()
-    {
+    public String getID() {
         return mID;
     }
 
-    public String getName()
-    {
+    public String getName() {
         return mName;
     }
 
-    public String getDescription()
-    {
+    public String getDescription() {
         return mDescription;
     }
 
-    public String getProfileIDMapping()
-    {
+    public String getProfileIDMapping() {
         return mProfileIDMapping;
     }
 
-    public String getProfileSetIDMapping()
-    {
+    public String getProfileSetIDMapping() {
         return mProfileSetIDMapping;
     }
 
-    public void populate(X509CertInfo info)
-    {
+    public void populate(X509CertInfo info) {
         Enumeration<ICertInfoPolicyDefault> e1 = mDefaults.elements();
         while (e1.hasMoreElements()) {
-          ICertInfoPolicyDefault def = 
-               (ICertInfoPolicyDefault)e1.nextElement();
-          try {
-            def.populate(null /* request */, info);
-          } catch (Exception e) {
-            CMS.debug(e);
-            CMS.debug("CertInfoProfile.populate: " + e.toString());
-          }
+            ICertInfoPolicyDefault def =
+                    (ICertInfoPolicyDefault) e1.nextElement();
+            try {
+                def.populate(null /* request */, info);
+            } catch (Exception e) {
+                CMS.debug(e);
+                CMS.debug("CertInfoProfile.populate: " + e.toString());
+            }
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/EDeferException.java b/pki/base/common/src/com/netscape/certsrv/profile/EDeferException.java
index f4af86b2..c92630b9 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/EDeferException.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/EDeferException.java
@@ -17,17 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.profile;
 
-
 /**
- * This represents a profile specific exception. The 
- * framework raises this exception when a request is 
- * deferred. 
+ * This represents a profile specific exception. The
+ * framework raises this exception when a request is
+ * deferred.
  * <p>
- * A deferred request will not be processed
- * immediately. Manual approval is required for
- * processing the request again.
+ * A deferred request will not be processed immediately. Manual approval is required for processing the request again.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EDeferException extends EProfileException {
@@ -39,10 +36,10 @@ public class EDeferException extends EProfileException {
 
     /**
      * Creates a defer exception.
-     *
-     * @param msg localized message that will be 
-     *            displayed to end user. This message 
-     *            should indicate the reason why a request 
+     * 
+     * @param msg localized message that will be
+     *            displayed to end user. This message
+     *            should indicate the reason why a request
      *            is deferred.
      */
     public EDeferException(String msg) {
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/EProfileException.java b/pki/base/common/src/com/netscape/certsrv/profile/EProfileException.java
index d21d6edb..37f968a6 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/EProfileException.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/EProfileException.java
@@ -22,10 +22,9 @@ import com.netscape.certsrv.base.EBaseException;
 /**
  * This represents a generic profile exception.
  * <p>
- * This is the base class for all profile-specific
- * exception.
+ * This is the base class for all profile-specific exception.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EProfileException extends EBaseException {
@@ -37,7 +36,7 @@ public class EProfileException extends EBaseException {
 
     /**
      * Creates a profile exception.
-     *
+     * 
      * @param msg additional message for the handler
      *            of the exception. The message may
      *            or may not be localized.
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/ERejectException.java b/pki/base/common/src/com/netscape/certsrv/profile/ERejectException.java
index ceea57f2..59b35bcd 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/ERejectException.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/ERejectException.java
@@ -17,16 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.profile;
 
-
 /**
  * This represents a profile specific exception. This
  * exception is raised when a request is rejected.
  * <p>
- * A rejected request cannot be reprocessed. Rejected
- * request is considered as a request in its terminal
- * state.
+ * A rejected request cannot be reprocessed. Rejected request is considered as a request in its terminal state.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ERejectException extends EProfileException {
@@ -37,10 +34,10 @@ public class ERejectException extends EProfileException {
     private static final long serialVersionUID = -542393641391361342L;
 
     /**
-     * Creates a rejection exception. 
-     *
+     * Creates a rejection exception.
+     * 
      * @param msg localized message that indicates
-     *            the reason why a request is 
+     *            the reason why a request is
      *            rejected.
      */
     public ERejectException(String msg) {
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/ICertInfoPolicyDefault.java b/pki/base/common/src/com/netscape/certsrv/profile/ICertInfoPolicyDefault.java
index bfd9bdc9..69879129 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/ICertInfoPolicyDefault.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/ICertInfoPolicyDefault.java
@@ -27,6 +27,6 @@ public interface ICertInfoPolicyDefault extends IPolicyDefault {
     /**
      * Populates certificate info directly.
      */
-    public void populate(IRequest request, X509CertInfo info) 
+    public void populate(IRequest request, X509CertInfo info)
               throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java b/pki/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java
index fb92d53e..7d3d7ff7 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java
@@ -22,27 +22,23 @@ import com.netscape.certsrv.request.IRequest;
 /**
  * This interface represents an enrollment profile.
  * <p>
- * An enrollment profile contains a list of enrollment
- * specific input plugins, default policies, constriant
- * policies and output plugins.
+ * An enrollment profile contains a list of enrollment specific input plugins, default policies, constriant policies and output plugins.
  * <p>
- * This interface also defines a set of enrollment specific
- * attribute names that can be used to retrieve values
- * from an enrollment request.
+ * This interface also defines a set of enrollment specific attribute names that can be used to retrieve values from an enrollment request.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IEnrollProfile extends IProfile {
 
     /**
-     * Name of request attribute that stores the User 
+     * Name of request attribute that stores the User
      * Supplied Certificate Request Type.
      */
     public static final String CTX_CERT_REQUEST_TYPE = "cert_request_type";
 
     /**
-     * Name of request attribute that stores the User 
+     * Name of request attribute that stores the User
      * Supplied Certificate Request.
      */
     public static final String CTX_CERT_REQUEST = "cert_request";
@@ -56,7 +52,7 @@ public interface IEnrollProfile extends IProfile {
     public static final String REQ_TYPE_KEYGEN = "keygen";
 
     /**
-     * Name of request attribute that stores the End-User Locale. 
+     * Name of request attribute that stores the End-User Locale.
      * <p>
      * The value is of type java.util.Locale.
      */
@@ -151,6 +147,7 @@ public interface IEnrollProfile extends IProfile {
 
     /**
      * Set Default X509CertInfo in the request.
+     * 
      * @param request profile-based certificate request.
      * @exception EProfileException failed to set the X509CertInfo.
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IPolicyConstraint.java b/pki/base/common/src/com/netscape/certsrv/profile/IPolicyConstraint.java
index 1af3ef19..bf237465 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IPolicyConstraint.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IPolicyConstraint.java
@@ -17,38 +17,36 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.profile;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.property.IConfigTemplate;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This represents a constraint policy. A constraint policy
  * validates if the given request conforms to the set
  * rules.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPolicyConstraint extends IConfigTemplate {
 
     /**
      * Initializes this constraint policy.
-     *
+     * 
      * @param profile owner of this policy
      * @param config configuration store for this constraint
      * @exception EProfileException failed to initialize
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Returns the corresponding configuration store
      * of this constraint policy.
-     *
+     * 
      * @return config store of this constraint
      */
     public IConfigStore getConfigStore();
@@ -56,16 +54,16 @@ public interface IPolicyConstraint extends IConfigTemplate {
     /**
      * Validates the request. The request is not modified
      * during the validation.
-     *
+     * 
      * @param request request to be validated
      * @exception ERejectException reject the given request
      */
     public void validate(IRequest request)
-        throws ERejectException;
+            throws ERejectException;
 
     /**
      * Returns localized description of this constraint.
-     *
+     * 
      * @param locale locale of the end-user
      * @return localized description of this constraint
      */
@@ -73,7 +71,7 @@ public interface IPolicyConstraint extends IConfigTemplate {
 
     /**
      * Returns localized name of this constraint.
-     *
+     * 
      * @param locale locale of the end-user
      * @return localized name of this constraint
      */
@@ -82,10 +80,10 @@ public interface IPolicyConstraint extends IConfigTemplate {
     /**
      * Checks if this constraint is applicable to the
      * given default policy.
-     *
+     * 
      * @param def default policy to be checked
      * @return true if this constraint can be applied to
-     *              the given default policy
+     *         the given default policy
      */
     public boolean isApplicable(IPolicyDefault def);
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java b/pki/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java
index 092b10fd..bf1aefcf 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.profile;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 
@@ -27,36 +26,20 @@ import com.netscape.certsrv.property.IConfigTemplate;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This represents a default policy that populates
  * the request with additional values.
  * <p>
- *
- * During request submission process, a default 
- * policy is invoked to populate the default values
- * in the request. The default values will later
- * on be used for execution. The default values
- * are like the parameters for the request.
+ * 
+ * During request submission process, a default policy is invoked to populate the default values in the request. The default values will later on be used for execution. The default values are like the parameters for the request.
  * <p>
- *
- * This policy is called in 2 places. For
- * automated enrollment request, this policy
- * is invoked to populate the HTTP parameters
- * into the request. For request that cannot
- * be executed immediately, this policy will be
- * invoked again right after the agent's
- * approval.
+ * 
+ * This policy is called in 2 places. For automated enrollment request, this policy is invoked to populate the HTTP parameters into the request. For request that cannot be executed immediately, this policy will be invoked again right after the agent's approval.
  * <p>
- *
- * Each default policy may contain zero or more
- * properties that describe the default value.
- * For example, a X509 Key can be described by
- * its key type, key length, and key data. The
- * properties help to describe the default value
- * into human readable values.
+ * 
+ * Each default policy may contain zero or more properties that describe the default value. For example, a X509 Key can be described by its key type, key length, and key data. The properties help to describe the default value into human readable values.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPolicyDefault extends IConfigTemplate {
@@ -69,27 +52,27 @@ public interface IPolicyDefault extends IConfigTemplate {
      * @exception EProfileException failed to initialize
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves the configuration store of this default.
-     *
+     * 
      * @return configuration store of this default policy
      */
     public IConfigStore getConfigStore();
 
     /**
      * Populates the request with this policy default.
-     *
+     * 
      * @param request request to be populated
      * @exception EProfileException failed to populate
      */
     public void populate(IRequest request)
-        throws EProfileException;
- 
+            throws EProfileException;
+
     /**
      * Retrieves the localizable name of this policy.
-     *
+     * 
      * @param locale locale of the end user
      * @return localized name of this default policy
      */
@@ -105,17 +88,17 @@ public interface IPolicyDefault extends IConfigTemplate {
 
     /**
      * Retrieves a list of names of the property.
-     *
+     * 
      * @return a list of property names. The values are
      *         of type java.lang.String
      */
     public Enumeration<String> getValueNames();
 
     /**
-     * Retrieves the descriptor of the given property 
-     * by name. The descriptor contains syntax 
+     * Retrieves the descriptor of the given property
+     * by name. The descriptor contains syntax
      * information.
-     *
+     * 
      * @param locale locale of the end user
      * @param name name of property
      * @return descriptor of the property
@@ -124,25 +107,25 @@ public interface IPolicyDefault extends IConfigTemplate {
 
     /**
      * Sets the value of the given value property by name.
-     *
+     * 
      * @param name name of property
      * @param locale locale of the end user
      * @param request request
      * @param value value to be set in the given request
      * @exception EPropertyException failed to set property
      */
-    public void setValue(String name, Locale locale, IRequest request, 
-        String value) throws EPropertyException;
+    public void setValue(String name, Locale locale, IRequest request,
+            String value) throws EPropertyException;
 
     /**
-     * Retrieves the value of the given value 
+     * Retrieves the value of the given value
      * property by name.
-     *
+     * 
      * @param name name of property
      * @param locale locale of the end user
      * @param request request
      * @exception EPropertyException failed to get property
      */
     public String getValue(String name, Locale locale, IRequest request)
-        throws EPropertyException;
+            throws EPropertyException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfile.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfile.java
index cc6975cd..779bf6a8 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfile.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfile.java
@@ -29,63 +29,59 @@ import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.cms.profile.common.ProfilePolicy;
 
 /**
- * This interface represents a profile. A profile contains 
- * a list of input policies, default policies, constraint 
+ * This interface represents a profile. A profile contains
+ * a list of input policies, default policies, constraint
  * policies and output policies.
  * <p>
- *
+ * 
  * The input policy is for building the enrollment page.
  * <p>
- *
- * The default policy is for populating user-supplied and
- * system-supplied values into the request.
+ * 
+ * The default policy is for populating user-supplied and system-supplied values into the request.
  * <p>
- *
- * The constraint policy is for validating the request before
- * processing.
+ * 
+ * The constraint policy is for validating the request before processing.
  * <p>
- *
+ * 
  * The output policy is for building the result page.
  * <p>
- *
- * Each profile can have multiple policy set. Each set
- * is composed of zero or more default policies and zero
- * or more constraint policies.
+ * 
+ * Each profile can have multiple policy set. Each set is composed of zero or more default policies and zero or more constraint policies.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IProfile {
 
     /**
      * Initializes this profile.
-     *
+     * 
      * @param owner profile subsystem
      * @param config configuration store for this profile
      * @exception EBaseException failed to initialize
      */
     public void init(IProfileSubsystem owner, IConfigStore config)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves the request queue that is associated with
      * this profile. The request queue is for creating
      * new requests.
-     *
+     * 
      * @return request queue
      */
     public IRequestQueue getRequestQueue();
 
     /**
      * Sets id of this profile.
-     *
+     * 
      * @param id profile identifier
      */
     public void setId(String id);
- 
+
     /**
      * Returns the identifier of this profile.
-     *
+     * 
      * @return profile id
      */
     public String getId();
@@ -94,7 +90,7 @@ public interface IProfile {
      * Retrieves a localized string that represents
      * requestor's distinguished name. This string
      * displayed in the request listing user interface.
-     *
+     * 
      * @param request request
      * @return distringuished name of the request owner
      */
@@ -102,14 +98,14 @@ public interface IProfile {
 
     /**
      * Retrieves the configuration store of this profile.
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore();
 
     /**
      * Retrieves the instance id of the authenticator for this profile.
-     *
+     * 
      * @return authenticator instance id
      */
     public String getAuthenticatorId();
@@ -118,31 +114,31 @@ public interface IProfile {
 
     /**
      * Sets the instance id of the authenticator for this profile.
-     *
+     * 
      * @param id authenticator instance id
      */
     public void setAuthenticatorId(String id);
 
     /**
      * Retrieves the associated authenticator instance.
-     *
-     * @return profile authenticator instance. 
-     *                 if no associated authenticator, null is returned
+     * 
+     * @return profile authenticator instance.
+     *         if no associated authenticator, null is returned
      * @exception EProfileException failed to retrieve
      */
-    public IProfileAuthenticator getAuthenticator() 
-        throws EProfileException;
+    public IProfileAuthenticator getAuthenticator()
+            throws EProfileException;
 
     /**
      * Retrieves a list of input policy IDs.
-     *
+     * 
      * @return input policy id list
      */
     public Enumeration<String> getProfileInputIds();
 
     /**
      * Retrieves input policy by id.
-     *
+     * 
      * @param id input policy id
      * @return input policy instance
      */
@@ -150,14 +146,14 @@ public interface IProfile {
 
     /**
      * Retrieves a list of output policy IDs.
-     *
+     * 
      * @return output policy id list
      */
     public Enumeration<String> getProfileOutputIds();
 
     /**
      * Retrieves output policy by id.
-     *
+     * 
      * @param id output policy id
      * @return output policy instance
      */
@@ -168,22 +164,22 @@ public interface IProfile {
      * End-user profile will be displayed to the end user.
      * Non end-user profile mainly is for registration
      * manager.
-     *
+     * 
      * @return end-user profile or not
      */
-    public boolean isVisible(); 
+    public boolean isVisible();
 
     /**
      * Sets this profile end-user profile or not.
-     *
+     * 
      * @param v end-user profile or not
      */
-    public void setVisible(boolean v); 
+    public void setVisible(boolean v);
 
     /**
      * Retrieves the user id of the person who
      * approves this profile.
-     *
+     * 
      * @return user id of the approver of this profile
      */
     public String getApprovedBy();
@@ -200,7 +196,7 @@ public interface IProfile {
 
     /**
      * Returns the profile name.
-     *
+     * 
      * @param locale end-user locale
      * @param name profile name
      */
@@ -208,7 +204,7 @@ public interface IProfile {
 
     /**
      * Retrieves the profile name.
-     *
+     * 
      * @param locale end-user locale
      * @return localized profile name
      */
@@ -216,7 +212,7 @@ public interface IProfile {
 
     /**
      * Returns the profile description.
-     *
+     * 
      * @param locale end-user locale
      * @param desc profile description
      */
@@ -224,7 +220,7 @@ public interface IProfile {
 
     /**
      * Retrieves the profile description.
-     *
+     * 
      * @param locale end-user locale
      * @return localized profile description
      */
@@ -234,21 +230,21 @@ public interface IProfile {
      * Retrieves profile context. The context stores
      * information about the requestor before the
      * actual request is created.
-     *
+     * 
      * @return profile context.
      */
     public IProfileContext createContext();
 
     /**
      * Returns the profile policy set identifiers.
-     *
+     * 
      * @return a list of policy set id
      */
     public Enumeration<String> getProfilePolicySetIds();
 
     /**
      * Creates a profile policy.
-     *
+     * 
      * @param setId id of the policy set that owns this policy
      * @param id policy id
      * @param defaultClassId id of the registered default implementation
@@ -256,73 +252,73 @@ public interface IProfile {
      * @exception EProfileException failed to create policy
      * @return profile policy instance
      */
-    public IProfilePolicy createProfilePolicy(String setId, String id, 
-        String defaultClassId, String constraintClassId)
-        throws EProfileException;
+    public IProfilePolicy createProfilePolicy(String setId, String id,
+            String defaultClassId, String constraintClassId)
+            throws EProfileException;
 
     /**
      * Deletes input policy by id.
-     *
+     * 
      * @param inputId id of the input policy
-     * @exception EProfileException failed to  delete
+     * @exception EProfileException failed to delete
      */
     public void deleteProfileInput(String inputId) throws EProfileException;
 
     /**
      * Deletes output policy by id.
-     *
+     * 
      * @param outputId id of the output policy
-     * @exception EProfileException failed to  delete
+     * @exception EProfileException failed to delete
      */
     public void deleteProfileOutput(String outputId) throws EProfileException;
 
     /**
      * Creates a input policy.
-     *
+     * 
      * @param id input policy id
      * @param inputClassId id of the registered input implementation
      * @param nvp default parameters
      * @return input policy
      * @exception EProfileException failed to create
      */
-    public IProfileInput createProfileInput(String id, String inputClassId, 
-        NameValuePairs nvp)
-        throws EProfileException;
+    public IProfileInput createProfileInput(String id, String inputClassId,
+            NameValuePairs nvp)
+            throws EProfileException;
 
     /**
      * Creates a output policy.
-     *
+     * 
      * @param id output policy id
      * @param outputClassId id of the registered output implementation
      * @param nvp default parameters
      * @return output policy
      * @exception EProfileException failed to create
      */
-    public IProfileOutput createProfileOutput(String id, String outputClassId, 
-        NameValuePairs nvp) throws EProfileException;
+    public IProfileOutput createProfileOutput(String id, String outputClassId,
+            NameValuePairs nvp) throws EProfileException;
 
     /**
      * Deletes a policy.
-     *
+     * 
      * @param setId id of the policy set
      * @param policyId id of policy to delete
      * @exception EProfileException failed to delete
      */
-    public void deleteProfilePolicy(String setId, String policyId) 
-        throws EProfileException;
+    public void deleteProfilePolicy(String setId, String policyId)
+            throws EProfileException;
 
     /**
      * Retrieves a policy.
-     *
+     * 
      * @param setId set id
      * @param id policy id
      * @return profile policy
      */
-    public IProfilePolicy getProfilePolicy(String setId, String id); 
+    public IProfilePolicy getProfilePolicy(String setId, String id);
 
     /**
      * Retrieves all the policy id within a set.
-     *
+     * 
      * @param setId set id
      * @return a list of policy id
      */
@@ -332,7 +328,7 @@ public interface IProfile {
      * Retrieves a default set id for the given request.
      * It is the profile's responsibility to return
      * an appropriate set id for the request.
-     *
+     * 
      * @param req request
      * @return policy set id
      */
@@ -340,7 +336,7 @@ public interface IProfile {
 
     /**
      * Returns a list of profile policies.
-     *
+     * 
      * @param setId set id
      * @return a list of policies
      */
@@ -350,62 +346,62 @@ public interface IProfile {
      * Creates one or more requests. Normally, only one request will
      * be created. In case of CRMF request, multiple requests may be
      * created for one submission.
-     *
+     * 
      * @param ctx profile context
      * @param locale user locale
      * @return a list of requests
      * @exception EProfileException failed to create requests
      */
-    public IRequest[] createRequests(IProfileContext ctx, Locale locale) 
-        throws EProfileException;
+    public IRequest[] createRequests(IProfileContext ctx, Locale locale)
+            throws EProfileException;
 
     /**
      * Populates user-supplied input values into the requests.
-     *
+     * 
      * @param ctx profile context
      * @param request request
      * @exception EProfileException failed to populate
      */
-    public void populateInput(IProfileContext ctx, IRequest request) 
-        throws EProfileException;
+    public void populateInput(IProfileContext ctx, IRequest request)
+            throws EProfileException;
 
     /**
      * Passes the request to the set of default policies that
      * populate the profile information against the profile.
-     *
+     * 
      * @param request request
      * @exception EProfileException failed to populate default values
-     */ 
-    public void populate(IRequest request) 
-        throws EProfileException;
+     */
+    public void populate(IRequest request)
+            throws EProfileException;
 
     /**
-     * Passes the request to the set of constraint policies 
+     * Passes the request to the set of constraint policies
      * that validate the request against the profile.
-     *
+     * 
      * @param request request
      * @exception ERejectException validation violation
-     */ 
-    public void validate(IRequest request) 
-        throws ERejectException;
+     */
+    public void validate(IRequest request)
+            throws ERejectException;
 
     /**
      * Process a request after validation.
-     *
+     * 
      * @param request request to be processed
      * @exception EProfileException failed to process
      */
-    public void execute(IRequest request) 
-        throws EProfileException;
+    public void execute(IRequest request)
+            throws EProfileException;
 
     /**
      * Handles end-user request submission.
-     *
+     * 
      * @param token authentication token
      * @param request request to be processed
      * @exception EDeferException defer request
      * @exception EProfileException failed to submit
      */
     public void submit(IAuthToken token, IRequest request)
-        throws EDeferException, EProfileException;
+            throws EDeferException, EProfileException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileAuthenticator.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileAuthenticator.java
index 476002e2..98546c60 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfileAuthenticator.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileAuthenticator.java
@@ -26,14 +26,13 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This interface represents an authenticator for profile.
  * An authenticator is responsibile for authenting
  * the end-user. If authentication is successful, request
  * can be processed immediately. Otherwise, the request will
  * be defered and manual approval is then required.
- *  
+ * 
  * @version $Revision$, $Date$
  */
 public interface IProfileAuthenticator extends IAuthManager {
@@ -42,17 +41,17 @@ public interface IProfileAuthenticator extends IAuthManager {
 
     /**
      * Initializes this default policy.
-     *
+     * 
      * @param profile owner of this authenticator
      * @param config configuration store
      * @exception EProfileException failed to initialize
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves the configuration store.
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore();
@@ -60,17 +59,17 @@ public interface IProfileAuthenticator extends IAuthManager {
     /**
      * Populates authentication specific information into the
      * request for auditing purposes.
-     *
+     * 
      * @param token authentication token
      * @param request request
      * @exception EProfileException failed to populate
      */
     public void populate(IAuthToken token, IRequest request)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves the localizable name of this policy.
-     *
+     * 
      * @param locale end user locale
      * @return localized authenticator name
      */
@@ -78,7 +77,7 @@ public interface IProfileAuthenticator extends IAuthManager {
 
     /**
      * Retrieves the localizable description of this policy.
-     *
+     * 
      * @param locale end user locale
      * @return localized authenticator description
      */
@@ -86,7 +85,7 @@ public interface IProfileAuthenticator extends IAuthManager {
 
     /**
      * Retrieves a list of names of the property.
-     *
+     * 
      * @return a list of property names
      */
     public Enumeration<String> getValueNames();
@@ -96,16 +95,16 @@ public interface IProfileAuthenticator extends IAuthManager {
      * serializable into the request. Passsword or other
      * security-related value may not be desirable for
      * storage.
-     *
+     * 
      * @param name property name
      * @return true if the property is not security related
      */
     public boolean isValueWriteable(String name);
 
     /**
-     * Retrieves the descriptor of the given value 
+     * Retrieves the descriptor of the given value
      * property by name.
-     *
+     * 
      * @param locale user locale
      * @param name property name
      * @return descriptor of the requested property
@@ -114,7 +113,7 @@ public interface IProfileAuthenticator extends IAuthManager {
 
     /**
      * Checks if this authenticator requires SSL client authentication.
-     *
+     * 
      * @return client authentication required or not
      */
     public boolean isSSLClientRequired();
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileContext.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileContext.java
index 906c4816..b3c27d04 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfileContext.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileContext.java
@@ -17,19 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.profile;
 
-
 /**
  * This interface represents a profile context which
  * stores system-wide and user-provided information for
  * assisting request creation.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IProfileContext {
 
     /**
      * Sets a value into the context.
-     *
+     * 
      * @param name property name
      * @param value property value
      */
@@ -37,7 +36,7 @@ public interface IProfileContext {
 
     /**
      * Retrieves a value from the context.
-     *
+     * 
      * @param name property name
      * @return property value
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileEx.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileEx.java
index 8ce3262e..79e4f417 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfileEx.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileEx.java
@@ -23,7 +23,7 @@ import com.netscape.certsrv.base.EBaseException;
  * This interface represents the extension version of
  * profile.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IProfileEx extends IProfile {
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileInput.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileInput.java
index 35453e7d..4ef59869 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfileInput.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileInput.java
@@ -37,34 +37,34 @@ public interface IProfileInput extends IConfigTemplate {
 
     /**
      * Initializes this default policy.
-     *
+     * 
      * @param profile owner of this input
      * @param config configuration store
      * @exception EProfileException failed to initialize
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Returns configuration store.
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore();
 
     /**
      * Populates the request with this policy default.
-     *
+     * 
      * @param ctx profile context
      * @param request request
      * @exception EProfileException failed to populate
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves the localizable name of this policy.
-     *
+     * 
      * @param locale user locale
      * @return localized input name
      */
@@ -72,7 +72,7 @@ public interface IProfileInput extends IConfigTemplate {
 
     /**
      * Retrieves the localizable description of this policy.
-     *
+     * 
      * @param locale user locale
      * @return localized input description
      */
@@ -80,15 +80,15 @@ public interface IProfileInput extends IConfigTemplate {
 
     /**
      * Retrieves a list of names of the property.
-     *
+     * 
      * @return a list of property names
      */
     public Enumeration<String> getValueNames();
 
     /**
-     * Retrieves the descriptor of the given value 
+     * Retrieves the descriptor of the given value
      * property by name.
-     *
+     * 
      * @param locale user locale
      * @param name property name
      * @return descriptor of the property
@@ -97,24 +97,24 @@ public interface IProfileInput extends IConfigTemplate {
 
     /**
      * Retrieves value from the request.
-     *
+     * 
      * @param name property name
      * @param locale user locale
      * @param request request
      * @exception EProfileException failed to get value
      */
     public String getValue(String name, Locale locale, IRequest request)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Sets the value of the given property by name.
-     *
+     * 
      * @param name property name
      * @param locale user locale
      * @param request request
      * @param value value
      * @exception EProfileException failed to get value
      */
-    public void setValue(String name, Locale locale, IRequest request, 
-        String value) throws EPropertyException;
+    public void setValue(String name, Locale locale, IRequest request,
+            String value) throws EPropertyException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileOutput.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileOutput.java
index 6dbfea51..b60e4475 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfileOutput.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileOutput.java
@@ -37,34 +37,34 @@ public interface IProfileOutput extends IConfigTemplate {
 
     /**
      * Initializes this default policy.
-     *
+     * 
      * @param profile owner of this policy
      * @param config configuration store
      * @exception EProfileException failed to initialize
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves configuration store.
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore();
 
     /**
      * Populates the request with this policy default.
-     *
+     * 
      * @param ctx profile context
      * @param request request
      * @exception EProfileException failed to populate
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves the localizable name of this policy.
-     *
+     * 
      * @param locale user locale
      * @return output policy name
      */
@@ -72,7 +72,7 @@ public interface IProfileOutput extends IConfigTemplate {
 
     /**
      * Retrieves the localizable description of this policy.
-     *
+     * 
      * @param locale user locale
      * @return output policy description
      */
@@ -80,15 +80,15 @@ public interface IProfileOutput extends IConfigTemplate {
 
     /**
      * Retrieves a list of names of the value parameter.
-     *
+     * 
      * @return a list of property names
      */
     public Enumeration<String> getValueNames();
 
     /**
-     * Retrieves the descriptor of the given value 
+     * Retrieves the descriptor of the given value
      * parameter by name.
-     *
+     * 
      * @param locale user locale
      * @param name property name
      * @return property descriptor
@@ -97,7 +97,7 @@ public interface IProfileOutput extends IConfigTemplate {
 
     /**
      * Retrieves the value of the given value parameter by name.
-     *
+     * 
      * @param name property name
      * @param locale user locale
      * @param request request
@@ -105,17 +105,17 @@ public interface IProfileOutput extends IConfigTemplate {
      * @exception EProfileException failed to retrieve value
      */
     public String getValue(String name, Locale locale, IRequest request)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Sets the value of the given value parameter by name.
-     *
+     * 
      * @param name property name
      * @param locale user locale
      * @param request request
      * @param value property value
      * @exception EProfileException failed to retrieve value
      */
-    public void setValue(String name, Locale locale, IRequest request, 
-        String value) throws EPropertyException;
+    public void setValue(String name, Locale locale, IRequest request,
+            String value) throws EPropertyException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfilePolicy.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfilePolicy.java
index 9577cb08..d231f8d5 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfilePolicy.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfilePolicy.java
@@ -21,28 +21,28 @@ package com.netscape.certsrv.profile;
  * This interface represents a profile policy
  * which consists a default policy and a
  * constraint policy.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IProfilePolicy {
 
     /**
-     * Retrieves the policy id 
-     *
+     * Retrieves the policy id
+     * 
      * @return policy id
      */
     public String getId();
 
     /**
      * Retrieves the default policy.
-     *
+     * 
      * @return default policy
      */
     public IPolicyDefault getDefault();
 
     /**
      * Retrieves the constraint policy.
-     *
+     * 
      * @return constraint policy
      */
     public IPolicyConstraint getConstraint();
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileSubsystem.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileSubsystem.java
index 6f2fef37..b7a68445 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfileSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileSubsystem.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.profile;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * This represents the profile subsystem that manages 
+ * This represents the profile subsystem that manages
  * a list of profiles.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IProfileSubsystem extends ISubsystem {
@@ -34,16 +32,16 @@ public interface IProfileSubsystem extends ISubsystem {
 
     /**
      * Retrieves a profile by id.
-     *
+     * 
      * @return profile
      * @exception EProfileException failed to retrieve
      */
     public IProfile getProfile(String id)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Checks if a profile is approved by an agent or not.
-     *
+     * 
      * @param id profile id
      * @return true if profile is approved
      */
@@ -51,7 +49,7 @@ public interface IProfileSubsystem extends ISubsystem {
 
     /**
      * Retrieves the approver of the given profile.
-     *
+     * 
      * @param id profile id
      * @return user id of the agent who has approved the profile
      */
@@ -59,60 +57,60 @@ public interface IProfileSubsystem extends ISubsystem {
 
     /**
      * Creates new profile.
-     *
+     * 
      * @param id profile id
      * @param classid implementation id
      * @param className class Name
      * @param configFile configuration file
      * @exception EProfileException failed to create profile
      */
-    public IProfile createProfile(String id, String classid, 
-        String className, String configFile) 
-        throws EProfileException;
+    public IProfile createProfile(String id, String classid,
+            String className, String configFile)
+            throws EProfileException;
 
     /**
      * Deletes profile.
-     *
+     * 
      * @param id profile id
      * @param configFile configuration file
      * @exception EProfileException failed to delete profile
      */
-    public void deleteProfile(String id, String configFile) 
-        throws EProfileException;
+    public void deleteProfile(String id, String configFile)
+            throws EProfileException;
 
     /**
      * Creates a new profile configuration file.
-     *
+     * 
      * @param id profile id
      * @param classId implementation id
      * @param configPath location to create the configuration file
      * @exception failed to create profile
      */
     public void createProfileConfig(String id, String classId,
-        String configPath) throws EProfileException;
+            String configPath) throws EProfileException;
 
     /**
      * Enables a profile.
-     *
+     * 
      * @param id profile id
      * @param enableBy agent's user id
      * @exception EProfileException failed to enable profile
      */
     public void enableProfile(String id, String enableBy)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Disables a profile.
-     *
+     * 
      * @param id profile id
      * @exception EProfileException failed to disable
      */
     public void disableProfile(String id)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves the id of the implementation of the given profile.
-     *
+     * 
      * @param id profile id
      * @return implementation id managed by the registry
      */
@@ -121,14 +119,14 @@ public interface IProfileSubsystem extends ISubsystem {
     /**
      * Retrieves a list of profile ids. The return
      * list is of type String.
-     *
+     * 
      * @return a list of profile ids
      */
-    public Enumeration<String>  getProfileIds();
+    public Enumeration<String> getProfileIds();
 
     /**
      * Checks if owner id should be enforced during profile approval.
-     *
+     * 
      * @return true if approval should be checked
      */
     public boolean checkOwner();
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileUpdater.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileUpdater.java
index a36ee196..3749cd1d 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfileUpdater.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileUpdater.java
@@ -34,34 +34,34 @@ public interface IProfileUpdater extends IConfigTemplate {
 
     /**
      * Initializes this default policy.
-     *
+     * 
      * @param profile owner of this policy
      * @param config configuration store
      * @exception EProfileException failed to initialize
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves configuration store.
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore();
 
     /**
      * Notifies of state change.
-     *
+     * 
      * @param req request
      * @param status The status to check for.
      * @exception EProfileException failed to populate
      */
-    public void update(IRequest req, RequestStatus status) 
-         throws EProfileException;
+    public void update(IRequest req, RequestStatus status)
+            throws EProfileException;
 
     /**
      * Retrieves the localizable name of this policy.
-     *
+     * 
      * @param locale user locale
      * @return output policy name
      */
@@ -69,7 +69,7 @@ public interface IProfileUpdater extends IConfigTemplate {
 
     /**
      * Retrieves the localizable description of this policy.
-     *
+     * 
      * @param locale user locale
      * @return output policy description
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/property/Descriptor.java b/pki/base/common/src/com/netscape/certsrv/property/Descriptor.java
index 92aeff18..bd2b5634 100644
--- a/pki/base/common/src/com/netscape/certsrv/property/Descriptor.java
+++ b/pki/base/common/src/com/netscape/certsrv/property/Descriptor.java
@@ -19,7 +19,6 @@ package com.netscape.certsrv.property;
 
 import java.util.Locale;
 
-
 /**
  * This interface represents a property descriptor. A descriptor
  * includes information that describe a property.
@@ -35,7 +34,7 @@ public class Descriptor implements IDescriptor {
 
     /**
      * Constructs a descriptor.
-     *
+     * 
      * @param syntax syntax
      * @param constraint constraint
      * @param defValue default value
@@ -50,16 +49,16 @@ public class Descriptor implements IDescriptor {
 
     /**
      * Returns the syntax of the property.
-     *
+     * 
      * @return syntax
      */
     public String getSyntax() {
         return mSyntax;
     }
- 
+
     /**
      * Returns the default value of the property.
-     *
+     * 
      * @return default value
      */
     public String getDefaultValue() {
@@ -69,14 +68,13 @@ public class Descriptor implements IDescriptor {
     /**
      * Constraint for the given syntax. For example,
      * <p>
-     *   - number(1-5): 1-5 is the constraint, and it indicates
-     *     that the number must be in the range of 1 to 5.
+     * - number(1-5): 1-5 is the constraint, and it indicates that the number must be in the range of 1 to 5.
      * <p>
-     *   - choice(cert,crl): cert,crl is the constraint
-     *     for choice
+     * - choice(cert,crl): cert,crl is the constraint for choice
      * <p>
      * If null, no constraint shall be enforced.
      * <p>
+     * 
      * @return constraint
      */
     public String getConstraint() {
@@ -85,6 +83,7 @@ public class Descriptor implements IDescriptor {
 
     /**
      * Retrieves the description of the property.
+     * 
      * @param locale user locale
      * @return description
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/property/EPropertyException.java b/pki/base/common/src/com/netscape/certsrv/property/EPropertyException.java
index a5847cb2..23f59a25 100644
--- a/pki/base/common/src/com/netscape/certsrv/property/EPropertyException.java
+++ b/pki/base/common/src/com/netscape/certsrv/property/EPropertyException.java
@@ -17,12 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.property;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
 /**
  * This is the base exception for property handling.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EPropertyException extends EBaseException {
@@ -34,7 +33,7 @@ public class EPropertyException extends EBaseException {
 
     /**
      * Constructs property exception
-     *
+     * 
      * @param msg exception message
      */
     public EPropertyException(String msg) {
diff --git a/pki/base/common/src/com/netscape/certsrv/property/IConfigTemplate.java b/pki/base/common/src/com/netscape/certsrv/property/IConfigTemplate.java
index e40c98fa..431c90de 100644
--- a/pki/base/common/src/com/netscape/certsrv/property/IConfigTemplate.java
+++ b/pki/base/common/src/com/netscape/certsrv/property/IConfigTemplate.java
@@ -17,21 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.property;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 
-
 /**
  * This interface provides a standard way to describe
  * a set of configuration parameters and its associated syntax.
- * It provides programmatic methods for querying 
+ * It provides programmatic methods for querying
  * template description.
  * <p>
- * A plugin, for example, can be described as a
- * property template. 
+ * A plugin, for example, can be described as a property template.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IConfigTemplate {
@@ -45,7 +42,7 @@ public interface IConfigTemplate {
 
     /**
      * Returns the descriptors of configuration parameter.
-     *
+     * 
      * @param locale user locale
      * @param name configuration parameter name
      * @return descriptor
@@ -54,17 +51,17 @@ public interface IConfigTemplate {
 
     /**
      * Sets configuration parameter.
-     *
+     * 
      * @param name parameter name
      * @param value parameter value
      * @exception EPropertyException failed to set parameter
      */
     public void setConfig(String name, String value)
-        throws EPropertyException;
+            throws EPropertyException;
 
     /**
      * Retrieves configuration parameter by name.
-     *
+     * 
      * @return parameter
      */
     public String getConfig(String name);
diff --git a/pki/base/common/src/com/netscape/certsrv/property/IDescriptor.java b/pki/base/common/src/com/netscape/certsrv/property/IDescriptor.java
index 271c1808..b44d1269 100644
--- a/pki/base/common/src/com/netscape/certsrv/property/IDescriptor.java
+++ b/pki/base/common/src/com/netscape/certsrv/property/IDescriptor.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.property;
 
-
 import java.util.Locale;
 
-
 /**
  * This interface represents a property descriptor.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IDescriptor {
@@ -54,26 +52,26 @@ public interface IDescriptor {
 
     /**
      * Returns the syntax of the property.
-     *
+     * 
      * @return syntax
      */
     public String getSyntax();
 
     /**
      * Constraint for the given syntax. For example,
-     *   - number(1-5): 1-5 is the constraint, and it indicates
-     *     that the number must be in the range of 1 to 5.
-     *   - choice(cert,crl): cert,crl is the constraint
-     *     for choice
+     * - number(1-5): 1-5 is the constraint, and it indicates
+     * that the number must be in the range of 1 to 5.
+     * - choice(cert,crl): cert,crl is the constraint
+     * for choice
      * If null, no constraint shall be enforced.
-     *
+     * 
      * @return constraint
      */
     public String getConstraint();
 
     /**
      * Retrieves the description of the property.
-     *
+     * 
      * @param locale user locale
      * @return localized description
      */
@@ -81,7 +79,7 @@ public interface IDescriptor {
 
     /**
      * Retrieves the default value of the property.
-     *
+     * 
      * @return default value
      */
     public String getDefaultValue();
diff --git a/pki/base/common/src/com/netscape/certsrv/property/PropertySet.java b/pki/base/common/src/com/netscape/certsrv/property/PropertySet.java
index f308a3e7..dc839deb 100644
--- a/pki/base/common/src/com/netscape/certsrv/property/PropertySet.java
+++ b/pki/base/common/src/com/netscape/certsrv/property/PropertySet.java
@@ -20,40 +20,33 @@ package com.netscape.certsrv.property;
 import java.util.Enumeration;
 import java.util.Hashtable;
 
-
 /**
  * A set of properties.
  */
 public class PropertySet {
 
-  private Hashtable<String, IDescriptor> mProperties = new Hashtable<String, IDescriptor>();
+    private Hashtable<String, IDescriptor> mProperties = new Hashtable<String, IDescriptor>();
 
-  public PropertySet()
-  {
-  }
+    public PropertySet() {
+    }
 
-  public void add(String name, IDescriptor desc)
-  {
-     mProperties.put(name, desc);
-  }
+    public void add(String name, IDescriptor desc) {
+        mProperties.put(name, desc);
+    }
 
-  public Enumeration<String> getNames()
-  {
-    return mProperties.keys();
-  }
+    public Enumeration<String> getNames() {
+        return mProperties.keys();
+    }
 
-  public IDescriptor getDescriptor(String name)
-  {
-    return (IDescriptor)mProperties.get(name);
-  }
+    public IDescriptor getDescriptor(String name) {
+        return (IDescriptor) mProperties.get(name);
+    }
 
-  public void remove(String name)
-  {
-    mProperties.remove(name);
-  }
+    public void remove(String name) {
+        mProperties.remove(name);
+    }
 
-  public int size()
-  {
-    return mProperties.size();
-  }
+    public int size() {
+        return mProperties.size();
+    }
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java b/pki/base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java
index 147bdd20..a3a10990 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
- *  This type of exception is thrown in cases where an parsing
- *  error is found while evaluating a PKI component.  An example
+ * This type of exception is thrown in cases where an parsing
+ * error is found while evaluating a PKI component. An example
  * would be in trying to evaluate a PKI authentication message and
  * the parsing operation fails due to a missing token.
- *  
+ * 
  * @version $Revision$ $Date$
  */
 public class ECompSyntaxErr extends ELdapException {
@@ -37,8 +35,9 @@ public class ECompSyntaxErr extends ELdapException {
     private static final long serialVersionUID = -2224290038321971845L;
 
     /**
-     *   Construct a ECompSyntaxErr
-     *   @param errorString The descriptive error condition.
+     * Construct a ECompSyntaxErr
+     * 
+     * @param errorString The descriptive error condition.
      */
 
     public ECompSyntaxErr(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java
index 8c482a4e..fdf4a1b9 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
- * Exception for Publish  Mapper not found.
- *
+ * Exception for Publish Mapper not found.
+ * 
  * @version $Revision$ $Date$
  */
 public class EMapperNotFound extends ELdapException {
@@ -35,6 +33,7 @@ public class EMapperNotFound extends ELdapException {
 
     /**
      * Constructs a exception for a missing required mapper
+     * 
      * @param errorString Detailed error message.
      */
     public EMapperNotFound(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java
index d487488b..f8f18c5f 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
  * Exception for Mapper Plugin not found.
- *
+ * 
  * @version $Revision$ $Date$
  */
 public class EMapperPluginNotFound extends ELdapException {
@@ -35,10 +33,10 @@ public class EMapperPluginNotFound extends ELdapException {
 
     /**
      * Constructs a exception for a missing mapper plugin
+     * 
      * @param errorString Detailed error message.
      */
     public EMapperPluginNotFound(String errorString) {
         super(errorString);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java
index 12054dd1..176001e9 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
  * Exception for Publisher not found. Required for successful publishing.
- *
+ * 
  * @version $Revision$ $Date$
  */
 public class EPublisherNotFound extends ELdapException {
@@ -35,6 +33,7 @@ public class EPublisherNotFound extends ELdapException {
 
     /**
      * Constructs a exception for a missing required publisher.
+     * 
      * @param errorString Detailed error message.
      */
     public EPublisherNotFound(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java
index 0a7fa1ca..56076863 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
- * Exception for Publisher Plugin not found.  Plugin implementation is required to actually publish.
- *
+ * Exception for Publisher Plugin not found. Plugin implementation is required to actually publish.
+ * 
  * @version $Revision$ $Date$
  */
 public class EPublisherPluginNotFound extends ELdapException {
@@ -35,10 +33,10 @@ public class EPublisherPluginNotFound extends ELdapException {
 
     /**
      * Constructs a exception for a missing publisher plugin.
+     * 
      * @param errorString Detailed error message.
      */
     public EPublisherPluginNotFound(String errorString) {
         super(errorString);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java
index 2094967d..01c9897e 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
  * Exception for Ldap Publishing Rule not found.
- *
+ * 
  * @version $Revision$ $Date$
  */
 public class ERuleNotFound extends ELdapException {
@@ -35,6 +33,7 @@ public class ERuleNotFound extends ELdapException {
 
     /**
      * Constructs a exception for a missing required rule, which links a publisher and mapper.
+     * 
      * @param errorString Detailed error message.
      */
     public ERuleNotFound(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java
index 24ffa11a..f619e7f4 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
- * Exception for Publisher Rule plugin not found.  Plugin required to implement Ldap Rule.
- *
+ * Exception for Publisher Rule plugin not found. Plugin required to implement Ldap Rule.
+ * 
  * @version $Revision$ $Date$
  */
 public class ERulePluginNotFound extends ELdapException {
@@ -35,10 +33,10 @@ public class ERulePluginNotFound extends ELdapException {
 
     /**
      * Constructs a exception for a missing rule plugin.
+     * 
      * @param errorString Detailed error message.
      */
     public ERulePluginNotFound(String errorString) {
         super(errorString);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java b/pki/base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java
index cae75d2f..cd5763cd 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java
@@ -17,50 +17,48 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import netscape.security.x509.X509CRLImpl;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
  * This interface represents a CRL publisher that is
  * invoked when CRL publishing is requested by CMS.
- * Note that CMS, by default, shipped with a LDAP-based 
- * CRL publisher that can be configured via 
+ * Note that CMS, by default, shipped with a LDAP-based
+ * CRL publisher that can be configured via
  * Certificiate Manager/LDAP Publishing panel. This
- * interface provides administrator additional capability 
+ * interface provides administrator additional capability
  * of publishing CRL to different destinations.
- *
+ * 
  * The CRL publishing frequency is configured via
- * Netscape Certificate Server Console's 
+ * Netscape Certificate Server Console's
  * Certificate Manager/Revocation List panel.
- * The CRL publishing may occur either everytime a 
+ * The CRL publishing may occur either everytime a
  * certificate is revoked or at a pre-defined interval.
  * 
  * To try out this new CRL publisher mechanism, do
  * the following:
  * (1) Write a sample CRL publisher class that implements
- *     ICRLPublisher interface. For example,
+ * ICRLPublisher interface. For example,
  * 
  * <code>
  * public class CRLPublisher implements ICRLPublisher
  * {
  * 	public void init(ISubsystem owner, IConfigStore config) 
- *		throws EBaseException
+ * 		throws EBaseException
  * 	{
- *		log(ILogger.LL_DEBUG, "CRLPublisher: Initialized");
+ * 		log(ILogger.LL_DEBUG, "CRLPublisher: Initialized");
  * 	}
- *
- *	public void publish(String issuingPointId, X509CRLImpl crl) 
+ * 
+ * 	public void publish(String issuingPointId, X509CRLImpl crl) 
  * 		throws EBaseException 
  *      {
  * 		log(ILogger.LL_DEBUG, "CRLPublisher: " + issuingPointId + 
  *                " crl=" + crl);
  * 	}
- *
+ * 
  *      public void log(int level, String msg)
  *      {
  *              Logger.getLogger().log(ILogger.EV_SYSTEM, 
@@ -69,14 +67,14 @@ import com.netscape.certsrv.base.ISubsystem;
  *      }
  * }
  * </code>
- *
- * (2) Compile the class and place the class into 
- *     <server-root>\bin\cert\classes directory. 
+ * 
+ * (2) Compile the class and place the class into
+ * <server-root>\bin\cert\classes directory.
  * (3) Add the following parameter to CMS.cfg
- *       ca.crlPublisher.class=<implementation class>
- *     For example,
- *       ca.crlPublisher.class=myCRLPublisher
- *
+ * ca.crlPublisher.class=<implementation class>
+ * For example,
+ * ca.crlPublisher.class=myCRLPublisher
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICRLPublisher {
@@ -84,26 +82,26 @@ public interface ICRLPublisher {
     /**
      * Initializes this CRL publisher.
      * 
-     * @param owner parent of the publisher. An object of type 
-     *        CertificateAuthority.
+     * @param owner parent of the publisher. An object of type
+     *            CertificateAuthority.
      * @param config config store for this publisher. If this
-     *        publisher requires configuration parameters for
-     *        initialization, the parameters should be placed
-     *        in CMS.cfg as ca.crlPublisher.<paramType>=<paramValue>
+     *            publisher requires configuration parameters for
+     *            initialization, the parameters should be placed
+     *            in CMS.cfg as ca.crlPublisher.<paramType>=<paramValue>
      * @exception EBaseException failed to initialize this publisher
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException;
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException;
 
     /**
      * Publishes CRL. This method is invoked by CMS based
      * on the configured CRL publishing frequency.
-     *
-     * @param issuingPointId CRL issuing point identifier 
-     *          (i.e. MasterCRL)
+     * 
+     * @param issuingPointId CRL issuing point identifier
+     *            (i.e. MasterCRL)
      * @param crl CRL that is publishing
      * @exception EBaseException failed to publish
      */
-    public void publish(String issuingPointId, X509CRLImpl crl) 
-        throws EBaseException;
-} 
+    public void publish(String issuingPointId, X509CRLImpl crl)
+            throws EBaseException;
+}
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java
index cd4012a4..7e2e1116 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import java.security.cert.X509Certificate;
 import java.util.Vector;
 
@@ -25,10 +24,9 @@ import netscape.ldap.LDAPConnection;
 
 import com.netscape.certsrv.ldap.ELdapException;
 
-
-/** 
- * Interface for mapping a X509 certificate to a LDAP entry. 
- *
+/**
+ * Interface for mapping a X509 certificate to a LDAP entry.
+ * 
  * @version $Revision$ $Date$
  */
 public interface ILdapCertMapper extends ILdapPlugin {
@@ -56,16 +54,17 @@ public interface ILdapCertMapper extends ILdapPlugin {
     /**
      * maps a certificate to a LDAP entry.
      * returns dn of the mapped LDAP entry.
+     * 
      * @param conn the LDAP connection
      * @param cert the certificate to map
      * @param checkForCert whether to check for the presence of the cert
-     * @exception ELdapException  Failed to map.
+     * @exception ELdapException Failed to map.
      * @return LdapCertMapResult indicates whether a mapping was successful
-     * and whether a certificate was found if checkForCert was true.
-     * If checkForCert was not set the hasCert method in LdapCertMapResult
-     * should be ignored.
+     *         and whether a certificate was found if checkForCert was true.
+     *         If checkForCert was not set the hasCert method in LdapCertMapResult
+     *         should be ignored.
      */
-    public LdapCertMapResult map(LDAPConnection conn, 
-        X509Certificate cert, boolean checkForCert)
-        throws ELdapException;
+    public LdapCertMapResult map(LDAPConnection conn,
+            X509Certificate cert, boolean checkForCert)
+            throws ELdapException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java
index a15ea0ab..252a09ec 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import netscape.ldap.LDAPConnection;
 import netscape.security.x509.X509CRLImpl;
 
@@ -25,10 +24,9 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.ldap.ELdapException;
 
-
-/** 
- * Interface for mapping a CRL to a LDAP entry. 
- *
+/**
+ * Interface for mapping a CRL to a LDAP entry.
+ * 
  * @version $Revision$ $Date$
  */
 public interface ILdapCrlMapper {
@@ -36,25 +34,27 @@ public interface ILdapCrlMapper {
     /**
      * maps a crl to a LDAP entry.
      * returns dn of the mapped LDAP entry.
+     * 
      * @param conn the LDAP connection
      * @param crl the CRL to map
      * @param checkForCrl whether to check for the presence of the CRL
-     * @exception ELdapException  Failed to map CRL to entry.
+     * @exception ELdapException Failed to map CRL to entry.
      * @return LdapCertMapResult indicates whether a mapping was successful
-     * and whether a certificate was found if checkForCert was true.
-     * If checkForCert was not set the hasCert method in LdapCertMapResult
-     * should be ignored.
+     *         and whether a certificate was found if checkForCert was true.
+     *         If checkForCert was not set the hasCert method in LdapCertMapResult
+     *         should be ignored.
      */
-    public LdapCertMapResult 
-    map(LDAPConnection conn, X509CRLImpl crl, boolean checkForCrl)
-        throws ELdapException;
+    public LdapCertMapResult
+            map(LDAPConnection conn, X509CRLImpl crl, boolean checkForCrl)
+                    throws ELdapException;
 
     /**
      * initialize from config store.
+     * 
      * @param config the configuration store to initialize from.
      * @exception ELdapException Initialization failed due to Ldap error.
      * @exception EBaseException Initialization failed.
      */
     public void init(IConfigStore config)
-        throws ELdapException, EBaseException;
+            throws ELdapException, EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapExpression.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapExpression.java
index 26360fe8..4537636c 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapExpression.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapExpression.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.base.SessionContext;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * Interface for a Ldap predicate expression.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILdapExpression {
@@ -44,28 +42,28 @@ public interface ILdapExpression {
 
     /**
      * Evaluate the Expression.
-     *
-     * @param   sc       The SessionContext on which we are applying the condition.
-     * @return          The return value.
-     * @exception          ELdapExeption  Failed to evaluate expression.
+     * 
+     * @param sc The SessionContext on which we are applying the condition.
+     * @return The return value.
+     * @exception ELdapExeption Failed to evaluate expression.
      */
     boolean evaluate(SessionContext sc)
-        throws ELdapException;
+            throws ELdapException;
 
     /**
      * Evaluate the Expression.
-     *
-     * @param    req	The PKIRequest on which we are applying the condition.
-     * @return 		The return value.
-     * @exception          ELdapExeption  Failed to evaluate expression.
+     * 
+     * @param req The PKIRequest on which we are applying the condition.
+     * @return The return value.
+     * @exception ELdapExeption Failed to evaluate expression.
      */
     boolean evaluate(IRequest req)
-        throws ELdapException;
+            throws ELdapException;
 
     /**
      * Convert to a string.
+     * 
      * @return String representation of expression.
      */
     public String toString();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapMapper.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapMapper.java
index c4afd039..09238421 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapMapper.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import java.util.Vector;
 
 import netscape.ldap.LDAPConnection;
@@ -25,10 +24,9 @@ import netscape.ldap.LDAPConnection;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.request.IRequest;
 
-
-/** 
- * Interface for mapping a X509 certificate to a LDAP entry. 
- *
+/**
+ * Interface for mapping a X509 certificate to a LDAP entry.
+ * 
  * @version $Revision$ $Date$
  */
 public interface ILdapMapper extends ILdapPlugin {
@@ -56,26 +54,27 @@ public interface ILdapMapper extends ILdapPlugin {
     /**
      * maps a certificate to a LDAP entry.
      * returns dn of the mapped LDAP entry.
+     * 
      * @param conn the LDAP connection
      * @param obj the object to map
      * @return dn indicates whether a mapping was successful
      * @exception ELdapException Map operation failed.
      */
-    public String 
-    map(LDAPConnection conn, Object obj)
-        throws ELdapException;
+    public String
+            map(LDAPConnection conn, Object obj)
+                    throws ELdapException;
 
     /**
      * maps a certificate to a LDAP entry.
      * returns dn of the mapped LDAP entry.
+     * 
      * @param conn the LDAP connection
-     * @param r    the request to map
-     * @param obj  the object to map
+     * @param r the request to map
+     * @param obj the object to map
      * @return dn indicates whether a mapping was successful
      * @exception ELdapException Map operation failed.
      */
-    public String 
-    map(LDAPConnection conn, IRequest r, Object obj)
-        throws ELdapException;
+    public String
+            map(LDAPConnection conn, IRequest r, Object obj)
+                    throws ELdapException;
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java
index b73b5ae2..b0a9fe73 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java
@@ -17,27 +17,26 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.ldap.ELdapException;
 
-
-/** 
+/**
  * Interface for any Ldap plugin.
- *
+ * 
  * @version $Revision$ $Date$
  */
 public interface ILdapPlugin {
 
     /**
      * Initialize from config store.
+     * 
      * @param config the configuration store to initialize from.
      * @exception ELdapException initialization failed due to Ldap error.
      * @exception EBaseException initialization failed.
      */
     public void init(IConfigStore config)
-        throws EBaseException, ELdapException;
+            throws EBaseException, ELdapException;
 
     /**
      * Return config store.
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java
index e84b62fc..db52a910 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java
@@ -17,37 +17,37 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.IPluginImpl;
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.ldap.ELdapException;
 
-
-/** 
+/**
  * Interface for any ldap plugin. Plugin implementation is defined here.
- *
+ * 
  * @version $Revision$ $Date$
  */
 public interface ILdapPluginImpl extends IPluginImpl {
 
     /**
      * initialize from config store.
+     * 
      * @param config the configuration store to initialize from.
      * @exception ELdapException initializtion failed due to Ldap error.
      * @exception EBaseException initialization failed.
      */
     public void init(ISubsystem sys, IConfigStore config)
-        throws EBaseException, ELdapException;
+            throws EBaseException, ELdapException;
 
     /**
      * initialize from config store and Isubsystem.
+     * 
      * @param config the configuration store to initialize from.
      * @exception ELdapException initializtion failed due to Ldap error.
      * @exception EBaseException initialization failed.
      */
     public void init(IConfigStore config)
-        throws EBaseException, ELdapException;
+            throws EBaseException, ELdapException;
 
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java
index 001d472b..81e5be95 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestListener;
 
-
-/**  
- * Handles requests to  perform Ldap publishing.
- *
+/**
+ * Handles requests to perform Ldap publishing.
+ * 
  * @version $Revision$ $Date$
  */
 public interface ILdapPublishModule extends IRequestListener {
@@ -36,10 +34,10 @@ public interface ILdapPublishModule extends IRequestListener {
     //		throws EBaseException, ELdapException;
 
     /**
-     * Accepts completed requests from an authority and 
+     * Accepts completed requests from an authority and
      * performs ldap publishing.
-     * @param request The publishing request. 
+     * 
+     * @param request The publishing request.
      */
     public void accept(IRequest request);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java
index 5a1197dc..398d8645 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import java.util.Vector;
 
 import netscape.ldap.LDAPConnection;
 
 import com.netscape.certsrv.ldap.ELdapException;
 
-
-/** 
- * Interface for publishing certificate or crl to database store. 
- *
+/**
+ * Interface for publishing certificate or crl to database store.
+ * 
  * @version $Revision$ $Date$
  */
 public interface ILdapPublisher extends ILdapPlugin {
@@ -58,30 +56,29 @@ public interface ILdapPublisher extends ILdapPlugin {
     /**
      * Publish an object.
      * 
-     * @param conn a Ldap connection 
-     *        (null for non-LDAP publishing)
+     * @param conn a Ldap connection
+     *            (null for non-LDAP publishing)
      * @param dn dn of the ldap entry to publish cert
-     *        (null for non-LDAP publishing)
+     *            (null for non-LDAP publishing)
      * @param object object to publish
-     *        (java.security.cert.X509Certificate or,
-     *         java.security.cert.X509CRL)
+     *            (java.security.cert.X509Certificate or,
+     *            java.security.cert.X509CRL)
      * @exception ELdapException publish failed.
      */
     public void publish(LDAPConnection conn, String dn, Object object)
-        throws ELdapException;
+            throws ELdapException;
 
     /**
      * Unpublish an object.
-     *
+     * 
      * @param conn the Ldap connection
-     *        (null for non-LDAP publishing)
+     *            (null for non-LDAP publishing)
      * @param dn dn of the ldap entry to unpublish cert
-     *        (null for non-LDAP publishing)
-     * @param object object to unpublish 
-     *        (java.security.cert.X509Certificate)
+     *            (null for non-LDAP publishing)
+     * @param object object to unpublish
+     *            (java.security.cert.X509Certificate)
      * @exception ELdapException unpublish failed.
      */
     public void unpublish(LDAPConnection conn, String dn, Object object)
-        throws ELdapException;
+            throws ELdapException;
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapRule.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapRule.java
index 4c5699b1..7bf19b07 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapRule.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapRule.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import java.util.Vector;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
-
-/** 
+/**
  * Interface for publishing rule which associates a Publisher with a Mapper.
- *
+ * 
  * @version $Revision$ $Date$
  */
 public interface ILdapRule extends ILdapPlugin {
@@ -36,10 +34,11 @@ public interface ILdapRule extends ILdapPlugin {
 
     /**
      * Initialize the plugin.
+     * 
      * @exception EBaseException Initialization failed.
      */
     public void init(IPublisherProcessor processor, IConfigStore
-        config) throws EBaseException;
+            config) throws EBaseException;
 
     /**
      * Returns the implementation name.
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java b/pki/base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java
index 6ff997a1..c1af492b 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import java.util.Enumeration;
 
 import netscape.ldap.LDAPConnection;
@@ -28,22 +27,21 @@ import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * Represents a set of publishing rules. Publishing rules are ordered from
- * lowest priority to highest priority. The priority assignment for publishing 
+ * lowest priority to highest priority. The priority assignment for publishing
  * rules is not enforced by this interface. Various implementation may
  * use different mechanisms such as a linear ordering of publishing rules
  * in a configuration file or explicit assignment of priority levels ..etc.
- * The publishing rule initialization needs to deal with reading the 
- * publishing rules, sorting them in increasing order of priority and 
- * presenting an ordered vector of publishing rules via the IPublishRuleSet 
+ * The publishing rule initialization needs to deal with reading the
+ * publishing rules, sorting them in increasing order of priority and
+ * presenting an ordered vector of publishing rules via the IPublishRuleSet
  * interface.
- * When a request comes, the predicates of the publishing rules will be 
- * checked in the order to find the first matched publishing rule as the 
+ * When a request comes, the predicates of the publishing rules will be
+ * checked in the order to find the first matched publishing rule as the
  * mapping rule to (un)publish the object.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPublishRuleSet {
@@ -52,7 +50,7 @@ public interface IPublishRuleSet {
     /**
      * Returns the name of the publishing rule set.
      * <P>
-     *
+     * 
      * @return The name of the publishing rule set.
      */
     String getName();
@@ -60,6 +58,7 @@ public interface IPublishRuleSet {
     /**
      * Returns the no of publishing rules in a set.
      * <P>
+     * 
      * @return the no of publishing rules.
      */
     int count();
@@ -67,24 +66,24 @@ public interface IPublishRuleSet {
     /**
      * Add a publishing rule
      * <P>
-     *
-     * @param aliasName  The name of the publishing rule to be added.
-     * @param rule rule  The publishing rule to be added.
+     * 
+     * @param aliasName The name of the publishing rule to be added.
+     * @param rule rule The publishing rule to be added.
      */
     void addRule(String aliasName, ILdapRule rule);
 
     /**
      * Removes a publishing rule identified by the given name.
-     *
-     * @param ruleName  The name of the publishing rule to be removed.
+     * 
+     * @param ruleName The name of the publishing rule to be removed.
      */
     void removeRule(String ruleName);
 
     /**
      * Get the publishing rule identified by a given name.
      * <P>
-     *
-     * @param ruleName  The name of the publishing rule to be return.
+     * 
+     * @param ruleName The name of the publishing rule to be return.
      * @return The publishing rule identified by the given name or null if none exists.
      */
     ILdapRule getRule(String ruleName);
@@ -92,8 +91,8 @@ public interface IPublishRuleSet {
     /**
      * Get the publishing rule identified by a corresponding request.
      * <P>
-     *
-     * @param req  The request from which rule will be identified.
+     * 
+     * @param req The request from which rule will be identified.
      * @return The publishing rule or null if none exists.
      */
     ILdapRule getRule(IRequest req);
@@ -101,24 +100,23 @@ public interface IPublishRuleSet {
     /**
      * Get an enumeration of publishing rules.
      * <P>
-     *
+     * 
      * @return An enumeration of publishing rules.
      */
     Enumeration getRules();
 
     /**
-     * Apply publishing rules on a request. 
-     * The predicates of the publishing rules will be checked in the order 
-     * to find the first matched publishing rule. 
-     * Use the mapper to find the dn of the LDAP entry and use the publisher 
+     * Apply publishing rules on a request.
+     * The predicates of the publishing rules will be checked in the order
+     * to find the first matched publishing rule.
+     * Use the mapper to find the dn of the LDAP entry and use the publisher
      * to publish the object in the request.
      * <P>
-     *
-     * @param conn    The Ldap connection
-     * @param req   The request to apply policies on.
-     * @exception  ELdapException publish failed due to Ldap error.
+     * 
+     * @param conn The Ldap connection
+     * @param req The request to apply policies on.
+     * @exception ELdapException publish failed due to Ldap error.
      */
     public void publish(LDAPConnection conn, IRequest req)
-        throws ELdapException;
+            throws ELdapException;
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java b/pki/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java
index 1da2f346..3ed98540 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import java.math.BigInteger;
 import java.security.cert.X509CRL;
 import java.security.cert.X509Certificate;
@@ -32,11 +31,10 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.ldap.ILdapConnModule;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- *  Controls the publishing process from the top level.  Maintains
- *  a collection of Publishers , Mappers, and Publish Rules.
- *
+ * Controls the publishing process from the top level. Maintains
+ * a collection of Publishers , Mappers, and Publish Rules.
+ * 
  * @version $Revision$ $Date$
  */
 
@@ -64,63 +62,66 @@ public interface IPublisherProcessor extends ISubsystem {
     public static final String PROP_TYPE = "type";
 
     /**
-     *
+     * 
      * Returns Hashtable of rule plugins.
      */
 
     public Hashtable<String, RulePlugin> getRulePlugins();
 
     /**
-     *
-     * Returns Hashtable of rule  instances.
+     * 
+     * Returns Hashtable of rule instances.
      */
 
     public Hashtable<String, ILdapRule> getRuleInsts();
 
     /**
-     *
+     * 
      * Returns Hashtable of mapper plugins.
      */
 
     public Hashtable<String, MapperPlugin> getMapperPlugins();
 
     /**
-     *
+     * 
      * Returns Hashtable of publisher plugins.
      */
     public Hashtable<String, PublisherPlugin> getPublisherPlugins();
 
     /**
-     *
+     * 
      * Returns Hashtable of rule mapper instances.
      */
     public Hashtable<String, MapperProxy> getMapperInsts();
 
     /**
-     *
+     * 
      * Returns Hashtable of rule publisher instances.
      */
     public Hashtable<String, PublisherProxy> getPublisherInsts();
 
     /**
-     *
+     * 
      * Returns list of rules based on publishing type.
+     * 
      * @param publishingType Type for which to retrieve rule list.
      */
 
     public Enumeration<ILdapRule> getRules(String publishingType);
 
     /**
-     *
+     * 
      * Returns list of rules based on publishing type and publishing request.
+     * 
      * @param publishingType Type for which to retrieve rule list.
-     * @param req  Corresponding publish request.
+     * @param req Corresponding publish request.
      */
     public Enumeration<ILdapRule> getRules(String publishingType, IRequest req);
 
     /**
-     *
+     * 
      * Returns mapper initial default parameters.
+     * 
      * @param implName name of MapperPlugin.
      */
 
@@ -128,8 +129,9 @@ public interface IPublisherProcessor extends ISubsystem {
             ELdapException;
 
     /**
-     *
-     * Returns mapper current instance  parameters.
+     * 
+     * Returns mapper current instance parameters.
+     * 
      * @param insName name of MapperProxy.
      * @exception ELdapException failed due to Ldap error.
      */
@@ -138,8 +140,9 @@ public interface IPublisherProcessor extends ISubsystem {
             ELdapException;
 
     /**
-     *
+     * 
      * Returns publisher initial default parameters.
+     * 
      * @param implName name of PublisherPlugin.
      * @exception ELdapException failed due to Ldap error.
      */
@@ -147,8 +150,9 @@ public interface IPublisherProcessor extends ISubsystem {
             ELdapException;
 
     /**
-     *
+     * 
      * Returns true if MapperInstance is enabled.
+     * 
      * @param insName name of MapperProxy.
      * @return true if enabled. false if disabled.
      */
@@ -156,48 +160,54 @@ public interface IPublisherProcessor extends ISubsystem {
     public boolean isMapperInstanceEnable(String insName);
 
     /**
-     *
+     * 
      * Returns ILdapMapper instance that is currently active.
+     * 
      * @param insName name of MapperProxy.
      * @return instance of ILdapMapper.
-     */ 
+     */
     public ILdapMapper getActiveMapperInstance(String insName);
 
     /**
-     *
+     * 
      * Returns ILdapMapper instance based on name of MapperProxy.
+     * 
      * @param insName name of MapperProxy.
      * @return instance of ILdapMapper.
      */
     public ILdapMapper getMapperInstance(String insName);
 
     /**
-     *
+     * 
      * Returns true publisher instance is currently enabled.
+     * 
      * @param insName name of PublisherProxy.
      * @return true if enabled.
      */
     public boolean isPublisherInstanceEnable(String insName);
 
     /**
-     *
+     * 
      * Returns ILdapPublisher instance that is currently active.
+     * 
      * @param insName name of PublisherProxy.
      * @return instance of ILdapPublisher.
      */
     public ILdapPublisher getActivePublisherInstance(String insName);
 
     /**
-     *
+     * 
      * Returns ILdapPublisher instance.
+     * 
      * @param insName name of PublisherProxy.
      * @return instance of ILdapPublisher.
      */
     public ILdapPublisher getPublisherInstance(String insName);
 
     /**
-     *
+     * 
      * Returns Vector of PublisherIntance's current instance parameters.
+     * 
      * @param insName name of PublisherProxy.
      * @return Vector of current instance parameters.
      */
@@ -205,8 +215,9 @@ public interface IPublisherProcessor extends ISubsystem {
             ELdapException;
 
     /**
-     *
+     * 
      * Returns Vector of RulePlugin's initial default parameters.
+     * 
      * @param implName name of RulePlugin.
      * @return Vector of initial default parameters.
      * @exception ELdapException failed due to Ldap error.
@@ -215,8 +226,9 @@ public interface IPublisherProcessor extends ISubsystem {
             ELdapException;
 
     /**
-     *
+     * 
      * Returns Vector of RulePlugin's current instance parameters.
+     * 
      * @param implName name of RulePlugin.
      * @return Vector of current instance parameters.
      * @exception ELdapException failed due to Ldap error.
@@ -225,8 +237,9 @@ public interface IPublisherProcessor extends ISubsystem {
             ELdapException;
 
     /**
-     * Set published flag - true when published, false when unpublished. 
-     * Not exist means not published. 
+     * Set published flag - true when published, false when unpublished.
+     * Not exist means not published.
+     * 
      * @param serialNo serial number of publishable object.
      * @param published true for published, false for not.
      */
@@ -234,102 +247,113 @@ public interface IPublisherProcessor extends ISubsystem {
 
     /**
      * Publish ca cert, UpdateDir.java, jobs, request listeners
+     * 
      * @param cert X509 certificate to be published.
      * @exception ELdapException publish failed due to Ldap error.
      */
     public void publishCACert(X509Certificate cert)
-        throws ELdapException;
+            throws ELdapException;
 
     /**
      * This function is never called. CMS does not unpublish
      * CA certificate.
      */
     public void unpublishCACert(X509Certificate cert)
-        throws ELdapException;
+            throws ELdapException;
 
     /**
      * Publishs regular user certificate based on the criteria
      * set in the request.
+     * 
      * @param cert X509 certificate to be published.
-     * @param req  request which provides the criteria
+     * @param req request which provides the criteria
      * @exception ELdapException publish failed due to Ldap error.
      */
     public void publishCert(X509Certificate cert, IRequest req)
-        throws ELdapException;
+            throws ELdapException;
 
     /**
-     * Unpublish user certificate. This is used by 
+     * Unpublish user certificate. This is used by
      * UnpublishExpiredJob.
+     * 
      * @param cert X509 certificate to be unpublished.
-     * @param req  request which provides the criteria
+     * @param req request which provides the criteria
      * @exception ELdapException unpublish failed due to Ldap error.
      */
     public void unpublishCert(X509Certificate cert, IRequest req)
-        throws ELdapException;
+            throws ELdapException;
 
     /**
      * publishes a crl by mapping the issuer name in the crl to an entry
      * and publishing it there. entry must be a certificate authority.
      * Note that this is used by cmsgateway/cert/UpdateDir.java
+     * 
      * @param crl Certificate Revocation List
      * @param crlIssuingPointId name of the issuing point.
-    * @exception ELdapException publish failed due to Ldap error.
+     * @exception ELdapException publish failed due to Ldap error.
      */
-    public void publishCRL(X509CRLImpl crl,String crlIssuingPointId) 
-        throws ELdapException;
+    public void publishCRL(X509CRLImpl crl, String crlIssuingPointId)
+            throws ELdapException;
 
     /**
      * publishes a crl by mapping the issuer name in the crl to an entry
      * and publishing it there. entry must be a certificate authority.
-     * @param dn  Distinguished name to publish.
+     * 
+     * @param dn Distinguished name to publish.
      * @param crl Certificate Revocation List
      * @exception ELdapException publish failed due to Ldap error.
      */
-    public void publishCRL(String dn, X509CRL crl) 
-        throws ELdapException;
+    public void publishCRL(String dn, X509CRL crl)
+            throws ELdapException;
 
     /**
-     *
+     * 
      * Return true if Ldap is enabled.
+     * 
      * @return true if Ldap is enabled,otherwise false.
      */
 
     public boolean ldapEnabled();
 
     /**
-     *
+     * 
      * Return true of PublisherProcessor is enabled.
+     * 
      * @return true if is enabled, otherwise false.
-     *
+     * 
      */
     public boolean enabled();
 
     /**
-     *
-     *  Return Authority for which this Processor operates.
+     * 
+     * Return Authority for which this Processor operates.
+     * 
      * @return Authority.
      */
 
     public ISubsystem getAuthority();
 
     /**
-     *
+     * 
      * Perform logging function for this Processor.
-     * @param level  Log level to be used for this message
-     * @param msg    Message to be logged.
+     * 
+     * @param level Log level to be used for this message
+     * @param msg Message to be logged.
      */
 
     public void log(int level, String msg);
 
     /**
-     *
+     * 
      * Returns LdapConnModule belonging to this Processor.
+     * 
      * @return LdapConnModule.
      */
     public ILdapConnModule getLdapConnModule();
 
     /**
      * Sets the LdapConnModule belonging to this Processor.
+     * 
      * @param m ILdapConnModule.
      */
     public void setLdapConnModule(ILdapConnModule m);
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java b/pki/base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java
index ce72ed8a..b70a0626 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java
@@ -17,23 +17,22 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
  * Interface for a publisher that has the capability of publishing
  * cross certs
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IXcertPublisherProcessor extends IPublisherProcessor {
 
     /**
      * Publish crossCertificatePair.
+     * 
      * @param pair Byte array representing cert pair.
      * @exception EldapException publish failed due to Ldap error.
      */
     public void publishXCertPair(byte[] pair)
-        throws ELdapException;
+            throws ELdapException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java b/pki/base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java
index 559cd8c0..84a86609 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java
@@ -17,14 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
-
-
-/** 
+/**
  * Class that represents the result of a Ldap Mapping operation.
- *  certificate map result: 
- *  Represented by a mapped entry as a DN and whether entry has the certificate.
- *
+ * certificate map result:
+ * Represented by a mapped entry as a DN and whether entry has the certificate.
+ * 
  * @version $Revision$ $Date$
  */
 public class LdapCertMapResult {
@@ -38,9 +35,10 @@ public class LdapCertMapResult {
         mDn = dn;
         mHasCert = hasCert;
     }
-	
+
     /**
      * Gets DN from the result.
+     * 
      * @return Distinguished Name.
      */
     public String getDn() {
@@ -49,6 +47,7 @@ public class LdapCertMapResult {
 
     /**
      * Gets whether the ldap entry had a certificate from result.
+     * 
      * @return true if cert is present, false otherwise.
      */
     public boolean hasCert() {
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/MapperPlugin.java b/pki/base/common/src/com/netscape/certsrv/publish/MapperPlugin.java
index 282db3cd..b193e1b5 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/MapperPlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/MapperPlugin.java
@@ -17,25 +17,23 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.base.Plugin;
 
-
 /**
  * This class represents a registered mapper plugin.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class MapperPlugin extends Plugin {
 
     /**
      * Constructs a MapperPlugin based on a name and a path.
+     * 
      * @param id Name of plugin.
      * @param path Classpath of plugin.
      */
-    public MapperPlugin (String id, String path) {
+    public MapperPlugin(String id, String path) {
         super(id, path);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/MapperProxy.java b/pki/base/common/src/com/netscape/certsrv/publish/MapperProxy.java
index bd8ea741..95dc98d9 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/MapperProxy.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/MapperProxy.java
@@ -17,13 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
-
-
 /**
- *
- *  Class representing a LdapMapper.
- *
+ * 
+ * Class representing a LdapMapper.
+ * 
  * @version $Revision$ $Date$
  */
 
@@ -32,8 +29,9 @@ public class MapperProxy {
     private ILdapMapper mMapper;
 
     /**
-     *
+     * 
      * Contructs MapperProxy .
+     * 
      * @param enable Enabled or not.
      * @param mapper Corresponding ILdapMapper object.
      */
@@ -43,8 +41,9 @@ public class MapperProxy {
     }
 
     /**
-     *
+     * 
      * Returns if enabled.
+     * 
      * @return true if enabled, otherwise false.
      */
     public boolean isEnable() {
@@ -52,8 +51,9 @@ public class MapperProxy {
     }
 
     /**
-     *
+     * 
      * Returns ILdapMapper object.
+     * 
      * @return Intance of ILdapMapper object.
      */
     public ILdapMapper getMapper() {
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java b/pki/base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java
index d6864326..5a163b80 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java
@@ -17,26 +17,24 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.base.Plugin;
 
-
 /**
  * This class represents a registered publisher plugin.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PublisherPlugin extends Plugin {
 
     /**
-     *
-     *  Constructs a PublisherPlugin based on name and classpath.
-     *  @param id name of plugin.
-     *  @param path Classpath of plugin.
+     * 
+     * Constructs a PublisherPlugin based on name and classpath.
+     * 
+     * @param id name of plugin.
+     * @param path Classpath of plugin.
      */
-    public PublisherPlugin (String id, String path) {
+    public PublisherPlugin(String id, String path) {
         super(id, path);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/PublisherProxy.java b/pki/base/common/src/com/netscape/certsrv/publish/PublisherProxy.java
index 06e08c31..eb71f3e5 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/PublisherProxy.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/PublisherProxy.java
@@ -17,24 +17,21 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
-
-
 /**
- *
+ * 
  * Class representing a proxy for a ILdapPublisher.
- *
+ * 
  * @version $Revision$ $Date$
  */
 
-
 public class PublisherProxy {
     private boolean mEnable;
     private ILdapPublisher mPublisher;
 
     /**
-     *
+     * 
      * Constructs a PublisherProxy based on a ILdapPublisher object and enabled boolean.
+     * 
      * @param enable Proxy is enabled or not.
      * @param publisher Corresponding ILdapPublisher object.
      */
@@ -45,6 +42,7 @@ public class PublisherProxy {
 
     /**
      * Return if enabled or not.
+     * 
      * @return true if enabled, otherwise false.
      */
     public boolean isEnable() {
@@ -53,6 +51,7 @@ public class PublisherProxy {
 
     /**
      * Return ILdapPublisher object.
+     * 
      * @return Instance of ILdapPublisher.
      */
     public ILdapPublisher getPublisher() {
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/RulePlugin.java b/pki/base/common/src/com/netscape/certsrv/publish/RulePlugin.java
index 8e515726..b37a24d5 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/RulePlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/RulePlugin.java
@@ -17,25 +17,24 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.base.Plugin;
 
-
 /**
  * This class represents a registered Publishing Rule plugin.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class RulePlugin extends Plugin {
 
     /**
-     *
+     * 
      * Constructs a RulePlugin based on name and classpath.
+     * 
      * @param id name of RulePlugin.
      * @param path Classpath of RulePlugin.
      */
-    public RulePlugin (String id, String path) {
+    public RulePlugin(String id, String path) {
         super(id, path);
     }
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/ra/IRAService.java b/pki/base/common/src/com/netscape/certsrv/ra/IRAService.java
index 92ccd558..4bab4745 100644
--- a/pki/base/common/src/com/netscape/certsrv/ra/IRAService.java
+++ b/pki/base/common/src/com/netscape/certsrv/ra/IRAService.java
@@ -17,47 +17,45 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ra;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.connector.IConnector;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IService;
 
-
 /**
  * An interface representing a RA request services.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public interface IRAService extends IService { 
+public interface IRAService extends IService {
 
     /**
      * Services request.
-     *
+     * 
      * @param req request data
      */
     public boolean serviceRequest(IRequest req);
 
     /**
      * Services profile request.
-     *
+     * 
      * @param request profile enrollment request information
      * @exception EBaseException failed to service profile enrollment request
      */
     public void serviceProfileRequest(IRequest request)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Returns CA connector.
-     *
+     * 
      * @return CA connector
      */
     public IConnector getCAConnector();
 
     /**
      * Returns KRA connector.
-     *
+     * 
      * @return KRA connector
      */
     public IConnector getKRAConnector();
diff --git a/pki/base/common/src/com/netscape/certsrv/ra/IRegistrationAuthority.java b/pki/base/common/src/com/netscape/certsrv/ra/IRegistrationAuthority.java
index 3ab3a084..193a6d9b 100644
--- a/pki/base/common/src/com/netscape/certsrv/ra/IRegistrationAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/ra/IRegistrationAuthority.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ra;
 
-
 import java.util.Enumeration;
 
 import netscape.security.x509.X500Name;
@@ -29,12 +28,11 @@ import com.netscape.certsrv.publish.IPublisherProcessor;
 import com.netscape.certsrv.request.IRequestListener;
 import com.netscape.certsrv.request.IRequestQueue;
 
-
 /**
  * An interface represents a Registration Authority that is
  * responsible for certificate enrollment operations.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRegistrationAuthority extends ISubsystem {
@@ -57,63 +55,63 @@ public interface IRegistrationAuthority extends ISubsystem {
 
     /**
      * Retrieves the request queue of this registration authority.
-     *
+     * 
      * @return RA's request queue
      */
     public IRequestQueue getRequestQueue();
 
     /**
      * Retrieves the publishing processor of this registration authority.
-     *
+     * 
      * @return RA's publishing processor
      */
     public IPublisherProcessor getPublisherProcessor();
 
     /**
      * Retrieves the policy processor of this registration authority.
-     *
+     * 
      * @return RA's policy processor
      */
     public IPolicyProcessor getPolicyProcessor();
 
     /**
      * Retrieves the RA certificate.
-     *
+     * 
      * @return the RA certificate
      */
     public org.mozilla.jss.crypto.X509Certificate getRACert();
 
     /**
      * Retrieves the request in queue listener.
-     *
+     * 
      * @return the request in queue listener
      */
     public IRequestListener getRequestInQListener();
 
     /**
      * Retrieves the request listener for issued certificates.
-     *
+     * 
      * @return the request listener for issued certificates
      */
     public IRequestListener getCertIssuedListener();
 
     /**
      * Retrieves the request listener for revoked certificates.
-     *
+     * 
      * @return the request listener for revoked certificates
      */
     public IRequestListener getCertRevokedListener();
 
     /**
      * Returns the nickname of the RA certificate.
-     *
+     * 
      * @return the nickname of the RA certificate
      */
     public String getNickname();
 
     /**
      * Retrieves the nickname of the RA certificate from configuration store.
-     *
+     * 
      * @return the nickname of the RA certificate
      * @exception EBaseException failed to get nickname
      */
@@ -121,28 +119,28 @@ public interface IRegistrationAuthority extends ISubsystem {
 
     /**
      * Sets the new nickname of the RA certifiate.
-     *
+     * 
      * @param name new nickname
      */
     public void setNewNickName(String name);
 
     /**
      * Sets the nickname of the RA certifiate.
-     *
+     * 
      * @param str nickname
      */
     public void setNickname(String str);
 
     /**
      * Retrieves the default validity period.
-     *
+     * 
      * @return the default validity length in days
      */
     public long getDefaultValidity();
 
     /**
      * Retrieves the issuer name of this registration authority.
-     *
+     * 
      * @return the issuer name of this registration authority
      */
     public X500Name getX500Name();
@@ -150,22 +148,22 @@ public interface IRegistrationAuthority extends ISubsystem {
     /**
      * Retrieves the RA service object that is responsible for
      * processing requests.
-     *
+     * 
      * @return RA service object
      */
-    public IRAService getRAService(); 
+    public IRAService getRAService();
 
     /**
      * Retrieves the request listener by name.
-     *
+     * 
      * @param name request listener name
      * @return the request listener
      */
-    public IRequestListener getRequestListener(String name); 
+    public IRequestListener getRequestListener(String name);
 
     /**
      * Retrieves all request listeners.
-     *
+     * 
      * @return name enumeration of all request listeners
      */
     public Enumeration<String> getRequestListenerNames();
diff --git a/pki/base/common/src/com/netscape/certsrv/registry/ERegistryException.java b/pki/base/common/src/com/netscape/certsrv/registry/ERegistryException.java
index a4574981..5d2e2c91 100644
--- a/pki/base/common/src/com/netscape/certsrv/registry/ERegistryException.java
+++ b/pki/base/common/src/com/netscape/certsrv/registry/ERegistryException.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.registry;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * This represents a registry exception.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ERegistryException extends EBaseException {
@@ -35,7 +33,7 @@ public class ERegistryException extends EBaseException {
 
     /**
      * Constructs a registry exception.
-     *
+     * 
      * @param msg message carried along with the exception
      */
     public ERegistryException(String msg) {
diff --git a/pki/base/common/src/com/netscape/certsrv/registry/IPluginInfo.java b/pki/base/common/src/com/netscape/certsrv/registry/IPluginInfo.java
index 774b3f9b..8e6a8736 100644
--- a/pki/base/common/src/com/netscape/certsrv/registry/IPluginInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/registry/IPluginInfo.java
@@ -17,28 +17,25 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.registry;
 
-
 import java.util.Locale;
 
-
 /**
- * The plugin information includes name, 
+ * The plugin information includes name,
  * class name, and description. The localizable
  * name and description are information
  * for end-users.
  * <p>
- *
- * The class name can be used to create
- * an instance of the plugin.
+ * 
+ * The class name can be used to create an instance of the plugin.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPluginInfo {
 
     /**
      * Retrieves the localized plugin name.
-     *
+     * 
      * @param locale end-user locale
      * @return plugin name
      */
@@ -46,7 +43,7 @@ public interface IPluginInfo {
 
     /**
      * Retrieves the localized plugin description.
-     *
+     * 
      * @param locale end-user locale
      * @return plugin description
      */
@@ -57,7 +54,7 @@ public interface IPluginInfo {
      * Instance of plugin can be created with
      * <p>
      * Class.forName(info.getClassName());
-     *
+     * 
      * @return java class name
      */
     public String getClassName();
diff --git a/pki/base/common/src/com/netscape/certsrv/registry/IPluginRegistry.java b/pki/base/common/src/com/netscape/certsrv/registry/IPluginRegistry.java
index 7631f3ea..1c85aeba 100644
--- a/pki/base/common/src/com/netscape/certsrv/registry/IPluginRegistry.java
+++ b/pki/base/common/src/com/netscape/certsrv/registry/IPluginRegistry.java
@@ -17,20 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.registry;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * This represents the registry subsystem that manages 
+ * This represents the registry subsystem that manages
  * mulitple types of plugin information.
- *
- * The plugin information includes id, name, 
+ * 
+ * The plugin information includes id, name,
  * classname, and description.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPluginRegistry extends ISubsystem {
@@ -39,21 +37,21 @@ public interface IPluginRegistry extends ISubsystem {
 
     /**
      * Returns handle to the registry configuration file.
-     *
+     * 
      * @return configuration store of registry subsystem
      */
     public IConfigStore getFileConfigStore();
 
     /**
      * Returns all type names.
-     *
+     * 
      * @return a list of String-based names
      */
     public Enumeration<String> getTypeNames();
 
     /**
      * Returns a list of plugin identifiers of the given type.
-     *
+     * 
      * @param type plugin type
      * @return a list of plugin IDs
      */
@@ -61,7 +59,7 @@ public interface IPluginRegistry extends ISubsystem {
 
     /**
      * Retrieves the plugin information.
-     *
+     * 
      * @param type plugin type
      * @param id plugin id
      * @return plugin info
@@ -70,24 +68,24 @@ public interface IPluginRegistry extends ISubsystem {
 
     /**
      * Adds plugin info.
-     *
+     * 
      * @param type plugin type
      * @param id plugin id
      * @param info plugin info
      * @exception ERegistryException failed to add plugin
      */
     public void addPluginInfo(String type, String id, IPluginInfo info)
-        throws ERegistryException;
+            throws ERegistryException;
 
     /**
      * Removes plugin info.
      */
     public void removePluginInfo(String type, String id)
-     throws ERegistryException;
+            throws ERegistryException;
 
     /**
      * Creates a pluginInfo
      */
-    public IPluginInfo createPluginInfo(String name, String desc, 
-       String classPath);
+    public IPluginInfo createPluginInfo(String name, String desc,
+            String classPath);
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java b/pki/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java
index 65ddeac9..47f54a6d 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import java.math.BigInteger;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -33,7 +32,7 @@ import com.netscape.certsrv.publish.IPublisherProcessor;
 /**
  * The ARequestNotifier class implements the IRequestNotifier interface,
  * which notifies all registered request listeners.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ARequestNotifier implements IRequestNotifier {
@@ -52,25 +51,25 @@ public class ARequestNotifier implements IRequestNotifier {
     private int mSavePublishingStatus = 0;
     private int mSavePublishingCounter = 0;
 
-
     public ARequestNotifier() {
         mPublishingQueuePriority = Thread.currentThread().getPriority();
     }
 
-    public ARequestNotifier (ICertificateAuthority ca) {
+    public ARequestNotifier(ICertificateAuthority ca) {
         mCA = ca;
-        if (mCA != null) mRequestQueue = mCA.getRequestQueue();
+        if (mCA != null)
+            mRequestQueue = mCA.getRequestQueue();
     }
 
-    public void setPublishingQueue (boolean isPublishingQueueEnabled,
+    public void setPublishingQueue(boolean isPublishingQueueEnabled,
                                     int publishingQueuePriorityLevel,
                                     int maxNumberOfPublishingThreads,
                                     int publishingQueuePageSize,
                                     int savePublishingStatus) {
-        CMS.debug("setPublishingQueue:  Publishing Queue Enabled: " + isPublishingQueueEnabled+
-                  "  Priority Level: " + publishingQueuePriorityLevel+
-                  "  Maximum Number of Threads: " + maxNumberOfPublishingThreads+
-                  "  Page Size: "+ publishingQueuePageSize);
+        CMS.debug("setPublishingQueue:  Publishing Queue Enabled: " + isPublishingQueueEnabled +
+                  "  Priority Level: " + publishingQueuePriorityLevel +
+                  "  Maximum Number of Threads: " + maxNumberOfPublishingThreads +
+                  "  Page Size: " + publishingQueuePageSize);
         mIsPublishingQueueEnabled = isPublishingQueueEnabled;
         mMaxThreads = maxNumberOfPublishingThreads;
         mMaxRequests = publishingQueuePageSize;
@@ -89,7 +88,8 @@ public class ARequestNotifier implements IRequestNotifier {
             mPublishingQueuePriority = Thread.currentThread().getPriority();
         }
 
-        if (mCA != null && mRequestQueue == null) mRequestQueue = mCA.getRequestQueue();
+        if (mCA != null && mRequestQueue == null)
+            mRequestQueue = mCA.getRequestQueue();
         if (mIsPublishingQueueEnabled && mSavePublishingStatus > 0 && mRequestQueue != null) {
             mPublishingStatus = mRequestQueue.getPublishingStatus();
             BigInteger status = new BigInteger("-2");
@@ -101,12 +101,12 @@ public class ARequestNotifier implements IRequestNotifier {
             } catch (Exception e) {
             }
         }
-        
+
     }
 
     /**
      * Registers a request listener.
-     *
+     * 
      * @param listener listener to be registered
      */
     public void registerListener(IRequestListener listener) {
@@ -117,7 +117,7 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Registers a request listener.
-     *
+     * 
      * @param name listener name
      * @param listener listener to be registered
      */
@@ -127,7 +127,7 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Removes listener from the list of registered listeners.
-     *
+     * 
      * @param listener listener to be removed from the list
      */
     public void removeListener(IRequestListener listener) {
@@ -138,7 +138,7 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Gets list of listener names.
-     *
+     * 
      * @return enumeration of listener names
      */
     public Enumeration<String> getListenerNames() {
@@ -147,7 +147,7 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Removes listener from the list of registered listeners.
-     *
+     * 
      * @param name listener name to be removed from the list
      */
     public void removeListener(String name) {
@@ -156,7 +156,7 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Gets listener from the list of registered listeners.
-     *
+     * 
      * @param name listener name
      * @return listener
      */
@@ -166,26 +166,25 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Gets list of listeners.
-     *
+     * 
      * @return enumeration of listeners
      */
     public Enumeration<IRequestListener> getListeners() {
         return mListeners.elements();
     }
 
-
     private Object publishingCounterMonitor = new Object();
 
     public void updatePublishingStatus(String id) {
         if (mRequestQueue != null) {
             synchronized (publishingCounterMonitor) {
                 if (mSavePublishingCounter == 0) {
-                    CMS.debug("updatePublishingStatus  requestId: "+id);
+                    CMS.debug("updatePublishingStatus  requestId: " + id);
                     mRequestQueue.setPublishingStatus(id);
                 }
                 mSavePublishingCounter++;
-                CMS.debug("updatePublishingStatus  mSavePublishingCounter: "+mSavePublishingCounter+
-                          " mSavePublishingStatus: "+mSavePublishingStatus);
+                CMS.debug("updatePublishingStatus  mSavePublishingCounter: " + mSavePublishingCounter +
+                          " mSavePublishingStatus: " + mSavePublishingStatus);
                 if (mSavePublishingCounter >= mSavePublishingStatus) {
                     mSavePublishingCounter = 0;
                 }
@@ -197,24 +196,25 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Gets request from publishing queue.
-     *
+     * 
      * @return request
      */
     public synchronized IRequest getRequest() {
-       IRequest r = null;
-       String id = null;
+        IRequest r = null;
+        String id = null;
 
         CMS.debug("getRequest  mRequests=" + mRequests.size() + "  mSearchForRequests=" + mSearchForRequests);
         if (mSearchForRequests && mRequests.size() == 1) {
-            id = (String)mRequests.elementAt(0);
-            if (mCA != null && mRequestQueue == null) mRequestQueue = mCA.getRequestQueue();
+            id = (String) mRequests.elementAt(0);
+            if (mCA != null && mRequestQueue == null)
+                mRequestQueue = mCA.getRequestQueue();
             if (id != null && mRequestQueue != null) {
                 CMS.debug("getRequest  request id=" + id);
                 IRequestVirtualList list = mRequestQueue.getPagedRequestsByFilter(
                                                new RequestId(id),
                                                "(requeststate=complete)", mMaxRequests, "requestId");
                 int s = list.getSize() - list.getCurrentIndex();
-                CMS.debug("getRequest  list size: "+s);
+                CMS.debug("getRequest  list size: " + s);
                 for (int i = 0; i < s; i++) {
                     r = null;
                     try {
@@ -230,10 +230,9 @@ public class ARequestNotifier implements IRequestNotifier {
                         continue;
                     }
                     if (!(requestType.equals(IRequest.ENROLLMENT_REQUEST) ||
-                          requestType.equals(IRequest.RENEWAL_REQUEST) ||
-                          requestType.equals(IRequest.REVOCATION_REQUEST) ||
-                          requestType.equals(IRequest.CMCREVOKE_REQUEST) ||
-                          requestType.equals(IRequest.UNREVOCATION_REQUEST))) {
+                            requestType.equals(IRequest.RENEWAL_REQUEST) ||
+                            requestType.equals(IRequest.REVOCATION_REQUEST) ||
+                            requestType.equals(IRequest.CMCREVOKE_REQUEST) || requestType.equals(IRequest.UNREVOCATION_REQUEST))) {
                         continue;
                     }
                     if (i == 0 && id.equals(r.getRequestId().toString())) {
@@ -245,8 +244,8 @@ public class ARequestNotifier implements IRequestNotifier {
                     }
                     if (mRequests.size() < mMaxRequests) {
                         mRequests.addElement(r.getRequestId().toString());
-                        CMS.debug("getRequest  added "+r.getRequestType()+" request "+r.getRequestId().toString()+
-                                  " to mRequests: " + mRequests.size()+" ("+mMaxRequests+")");
+                        CMS.debug("getRequest  added " + r.getRequestType() + " request " + r.getRequestId().toString() +
+                                  " to mRequests: " + mRequests.size() + " (" + mMaxRequests + ")");
                     } else {
                         break;
                     }
@@ -257,15 +256,16 @@ public class ARequestNotifier implements IRequestNotifier {
             }
         }
         if (mRequests.size() > 0) {
-            id = (String)mRequests.elementAt(0);
+            id = (String) mRequests.elementAt(0);
             if (id != null) {
                 CMS.debug("getRequest  getting request: " + id);
-                if (mCA != null && mRequestQueue == null) mRequestQueue = mCA.getRequestQueue();
+                if (mCA != null && mRequestQueue == null)
+                    mRequestQueue = mCA.getRequestQueue();
                 if (mRequestQueue != null) {
                     try {
                         r = mRequestQueue.findRequest(new RequestId(id));
                         mRequests.remove(0);
-                        CMS.debug("getRequest  request "+ id + ((r != null)?" found":" not found"));
+                        CMS.debug("getRequest  request " + id + ((r != null) ? " found" : " not found"));
                         //updatePublishingStatus(id);
                     } catch (EBaseException e) {
                         CMS.debug("getRequest  EBaseException " + e.toString());
@@ -285,7 +285,7 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Gets number of requests in publishing queue.
-     *
+     * 
      * @return number of requests in publishing queue
      */
     public int getNumberOfRequests() {
@@ -294,7 +294,7 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Checks if publishing queue is enabled.
-     *
+     * 
      * @return true if publishing queue is enabled, false otherwise
      */
     public boolean isPublishingQueueEnabled() {
@@ -303,7 +303,7 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Removes a notifier thread from the pool of publishing queue threads.
-     *
+     * 
      * @param notifierThread Thread
      */
     public void removeNotifierThread(Thread notifierThread) {
@@ -318,12 +318,12 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Notifies all registered listeners about request.
-     *
+     * 
      * @param r request
      */
     public void notify(IRequest r) {
-        CMS.debug("ARequestNotifier  notify mIsPublishingQueueEnabled="+mIsPublishingQueueEnabled+
-                  " mMaxThreads="+mMaxThreads);
+        CMS.debug("ARequestNotifier  notify mIsPublishingQueueEnabled=" + mIsPublishingQueueEnabled +
+                  " mMaxThreads=" + mMaxThreads);
         if (mIsPublishingQueueEnabled) {
             addToNotify(r);
         } else if (mMaxThreads == 0) {
@@ -341,26 +341,27 @@ public class ARequestNotifier implements IRequestNotifier {
                 new Thread(new RunListeners(r, mListeners.elements())).start();
             } catch (Throwable e) {
 
-            /*
-             CMS.getLogger().log(
-             ILogger.EV_SYSTEM, ILogger.S_REQQUEUE, ILogger.LL_FAILURE, 
-             "Could not run listeners for request " + r.getRequestId() +
-             ". Error " + e + ";" + e.getMessage());
-             */
+                /*
+                 CMS.getLogger().log(
+                 ILogger.EV_SYSTEM, ILogger.S_REQQUEUE, ILogger.LL_FAILURE, 
+                 "Could not run listeners for request " + r.getRequestId() +
+                 ". Error " + e + ";" + e.getMessage());
+                 */
             }
         }
     }
 
     /**
      * Checks for available publishing connections
-     *
+     * 
      * @return true if there are available publishing connections, false otherwise
      */
     private boolean checkAvailablePublishingConnections() {
         boolean availableConnections = false;
 
         IPublisherProcessor pp = null;
-        if (mCA != null) pp = mCA.getPublisherProcessor();
+        if (mCA != null)
+            pp = mCA.getPublisherProcessor();
         if (pp != null && pp.enabled()) {
             ILdapConnModule ldapConnModule = pp.getLdapConnModule();
             if (ldapConnModule != null) {
@@ -378,8 +379,8 @@ public class ARequestNotifier implements IRequestNotifier {
                 CMS.debug("checkAvailablePublishingConnections  ldapConnModule is not accessible");
             }
         } else {
-            CMS.debug("checkAvailablePublishingConnections  PublisherProcessor is not " + 
-                      ((pp != null)?"enabled":"accessible"));
+            CMS.debug("checkAvailablePublishingConnections  PublisherProcessor is not " +
+                      ((pp != null) ? "enabled" : "accessible"));
         }
 
         return availableConnections;
@@ -387,7 +388,7 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Checks if more publishing threads can be added.
-     *
+     * 
      * @return true if more publishing threads can be added, false otherwise
      */
     private boolean morePublishingThreads() {
@@ -396,9 +397,9 @@ public class ARequestNotifier implements IRequestNotifier {
         if (mNotifierThreads.size() == 0) {
             moreThreads = true;
         } else if (mNotifierThreads.size() < mMaxThreads) {
-            CMS.debug("morePublishingThreads  ("+mRequests.size()+">"+
-                      ((mMaxRequests * mNotifierThreads.size()) / mMaxThreads)+
-                      " "+"("+mMaxRequests+"*"+mNotifierThreads.size()+"):"+mMaxThreads);
+            CMS.debug("morePublishingThreads  (" + mRequests.size() + ">" +
+                      ((mMaxRequests * mNotifierThreads.size()) / mMaxThreads) +
+                      " " + "(" + mMaxRequests + "*" + mNotifierThreads.size() + "):" + mMaxThreads);
             // gradually add new publishing threads
             if (mRequests.size() > ((mMaxRequests * mNotifierThreads.size()) / mMaxThreads)) {
                 // check for available publishing connections
@@ -412,21 +413,20 @@ public class ARequestNotifier implements IRequestNotifier {
         return moreThreads;
     }
 
-
     /**
      * Notifies all registered listeners about request.
-     *
+     * 
      * @param r request
      */
     public synchronized void addToNotify(IRequest r) {
         if (!mSearchForRequests) {
             if (mRequests.size() < mMaxRequests) {
                 mRequests.addElement(r.getRequestId().toString());
-                CMS.debug("addToNotify  extended buffer to "+mRequests.size()+"("+mMaxRequests+")"+
-                          " requests by adding request "+r.getRequestId().toString());
+                CMS.debug("addToNotify  extended buffer to " + mRequests.size() + "(" + mMaxRequests + ")" +
+                          " requests by adding request " + r.getRequestId().toString());
                 if (morePublishingThreads()) {
                     try {
-                        Thread notifierThread = new Thread(new RunListeners((IRequestNotifier)this));
+                        Thread notifierThread = new Thread(new RunListeners((IRequestNotifier) this));
                         if (notifierThread != null) {
                             mNotifierThreads.addElement(notifierThread);
                             CMS.debug("Number of publishing threads: " + mNotifierThreads.size());
@@ -445,23 +445,22 @@ public class ARequestNotifier implements IRequestNotifier {
         }
     }
 
-
     /**
      * Recovers publishing queue.
-     *
+     * 
      * @param id request request
      */
     public void recoverPublishingQueue(String id) {
-        CMS.debug("recoverPublishingQueue  mRequests.size()="+mRequests.size()+"("+mMaxRequests+")"+
-                      " requests by adding request "+id);
+        CMS.debug("recoverPublishingQueue  mRequests.size()=" + mRequests.size() + "(" + mMaxRequests + ")" +
+                      " requests by adding request " + id);
         if (mRequests.size() == 0) {
             mRequests.addElement(id);
-            CMS.debug("recoverPublishingQueue  extended buffer to "+mRequests.size()+"("+mMaxRequests+")"+
-                      " requests by adding request "+id);
+            CMS.debug("recoverPublishingQueue  extended buffer to " + mRequests.size() + "(" + mMaxRequests + ")" +
+                      " requests by adding request " + id);
             if (morePublishingThreads()) {
                 mSearchForRequests = true;
                 try {
-                    Thread notifierThread = new Thread(new RunListeners((IRequestNotifier)this));
+                    Thread notifierThread = new Thread(new RunListeners((IRequestNotifier) this));
                     if (notifierThread != null) {
                         mNotifierThreads.addElement(notifierThread);
                         CMS.debug("Number of publishing threads: " + mNotifierThreads.size());
@@ -478,7 +477,6 @@ public class ARequestNotifier implements IRequestNotifier {
     }
 }
 
-
 /**
  * The RunListeners class implements Runnable interface.
  * This class executes notification of registered listeners.
@@ -490,7 +488,7 @@ class RunListeners implements Runnable {
 
     /**
      * RunListeners class constructor.
-     *
+     * 
      * @param r request
      * @param listeners list of listeners
      */
@@ -501,7 +499,7 @@ class RunListeners implements Runnable {
 
     /**
      * RunListeners class constructor.
-     *
+     * 
      * @param r request
      * @param listeners list of listeners
      */
@@ -514,10 +512,11 @@ class RunListeners implements Runnable {
      * RunListeners thread implementation.
      */
     public void run() {
-        CMS.debug("RunListeners::"+((mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0)?" Queue: "+mRequestNotifier.getNumberOfRequests():" noQueue")+
-                  " "+((mRequest != null)?" SingleRequest":" noSingleRequest"));
+        CMS.debug("RunListeners::" + ((mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0) ? " Queue: " + mRequestNotifier.getNumberOfRequests() : " noQueue") +
+                  " " + ((mRequest != null) ? " SingleRequest" : " noSingleRequest"));
         do {
-            if (mRequestNotifier != null) mRequest = (IRequest)mRequestNotifier.getRequest();
+            if (mRequestNotifier != null)
+                mRequest = (IRequest) mRequestNotifier.getRequest();
             if (mListeners != null && mRequest != null) {
                 while (mListeners.hasMoreElements()) {
                     IRequestListener l = (IRequestListener) mListeners.nextElement();
@@ -529,11 +528,13 @@ class RunListeners implements Runnable {
                     mRequestNotifier.updatePublishingStatus(mRequest.getRequestId().toString());
                 }
             }
-            CMS.debug("RunListeners: "+((mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0)?" Queue: "+mRequestNotifier.getNumberOfRequests():" noQueue")+
-                      " "+((mRequest != null)?" SingleRequest":" noSingleRequest"));
-            if (mRequestNotifier != null) mListeners = mRequestNotifier.getListeners();
+            CMS.debug("RunListeners: " + ((mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0) ? " Queue: " + mRequestNotifier.getNumberOfRequests() : " noQueue") +
+                      " " + ((mRequest != null) ? " SingleRequest" : " noSingleRequest"));
+            if (mRequestNotifier != null)
+                mListeners = mRequestNotifier.getListeners();
         } while (mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0);
 
-        if (mRequestNotifier != null) mRequestNotifier.removeNotifierThread(Thread.currentThread());
+        if (mRequestNotifier != null)
+            mRequestNotifier.removeNotifierThread(Thread.currentThread());
     }
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/request/AgentApproval.java b/pki/base/common/src/com/netscape/certsrv/request/AgentApproval.java
index c884ebbf..eb3ca06a 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/AgentApproval.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/AgentApproval.java
@@ -17,27 +17,26 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import java.io.Serializable;
 import java.util.Date;
 
-
 /**
  * The AgentApproval class contains the record of a
  * single agent approval.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AgentApproval
-    implements Serializable {
+        implements Serializable {
 
     /**
      *
      */
     private static final long serialVersionUID = -3444654917454805225L;
+
     /**
      * Returns the approving agent's user name.
-     *
+     * 
      * @return an identifier for the agent
      */
     public String getUserName() {
@@ -46,7 +45,7 @@ public class AgentApproval
 
     /**
      * Returns the date of the approval
-     *
+     * 
      * @return date and time of the approval
      */
     public Date getDate() {
@@ -55,7 +54,7 @@ public class AgentApproval
 
     /**
      * AgentApproval class constructor
-     *
+     * 
      * @param userName user name of the approving agent
      */
     AgentApproval(String userName) {
diff --git a/pki/base/common/src/com/netscape/certsrv/request/AgentApprovals.java b/pki/base/common/src/com/netscape/certsrv/request/AgentApprovals.java
index 410e3b2c..ddb1dae2 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/AgentApprovals.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/AgentApprovals.java
@@ -17,21 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import java.io.Serializable;
 import java.util.Date;
 import java.util.Enumeration;
 import java.util.Vector;
 
-
 /**
- * A collection of AgentApproval objects. 
+ * A collection of AgentApproval objects.
  * <single-threaded>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AgentApprovals
-    implements Serializable {
+        implements Serializable {
 
     /**
      *
@@ -41,15 +39,13 @@ public class AgentApprovals
     /**
      * Adds an approval to approval's list.
      * <p>
-     * If an approval is already present for this user,
-     * it is updated with a new date.  Otherwise a new
-     * value is  inserted.
-     *
+     * If an approval is already present for this user, it is updated with a new date. Otherwise a new value is inserted.
+     * 
      * @param userName user name of the approving agent
      */
     public void addApproval(String userName) {
         AgentApproval a = findApproval(userName);
-   
+
         // update existing approval
         if (a != null) {
             a.mDate = new Date(); /* CMS.getCurrentDate(); */
@@ -63,9 +59,8 @@ public class AgentApprovals
     /**
      * Removes an approval from approval's list.
      * <p>
-     * If there is no approval for this userName, this
-     * call does nothing.
-     *
+     * If there is no approval for this userName, this call does nothing.
+     * 
      * @param userName user name of the approving agent
      */
     public void removeApproval(String userName) {
@@ -77,7 +72,7 @@ public class AgentApprovals
 
     /**
      * Finds an existing AgentApproval for the named user.
-     *
+     * 
      * @param userName user name of the approving agent
      * @return an AgentApproval object
      */
@@ -88,7 +83,8 @@ public class AgentApprovals
         for (int i = 0; i < mVector.size(); i++) {
             a = (AgentApproval) mVector.elementAt(i);
 
-            if (a.mUserName.equals(userName)) break;
+            if (a.mUserName.equals(userName))
+                break;
         }
 
         return a;
@@ -96,7 +92,7 @@ public class AgentApprovals
 
     /**
      * Returns an enumeration of the agent approvals
-     *
+     * 
      * @return an enumeration of the agent approvals
      */
     public Enumeration elements() {
@@ -106,10 +102,11 @@ public class AgentApprovals
     /**
      * Returns the AgentApprovals as a Vector of strings.
      * Each entry in the vector is of the format:
-     *     epoch;username
+     * epoch;username
      * where epoch is the date.getTime()
      * <p>
      * This is used for serialization in Request.setExtData().
+     * 
      * @return The string vector.
      */
     public Vector toStringVector() {
@@ -125,6 +122,7 @@ public class AgentApprovals
     /**
      * Recreates an AgentApprovals instance from a Vector of strings that
      * was created by toStringVector().
+     * 
      * @param stringVector The vector of strings to translate
      * @return the AgentApprovals instance or null if it can't be translated.
      */
@@ -135,7 +133,7 @@ public class AgentApprovals
         AgentApprovals approvals = new AgentApprovals();
         for (int i = 0; i < stringVector.size(); i++) {
             try {
-                String approvalString = (String)stringVector.get(i);
+                String approvalString = (String) stringVector.get(i);
                 String[] parts = approvalString.split(";", 2);
                 if (parts.length != 2) {
                     return null;
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IEnrollmentRequest.java b/pki/base/common/src/com/netscape/certsrv/request/IEnrollmentRequest.java
index e7036d1e..32c3f53a 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IEnrollmentRequest.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IEnrollmentRequest.java
@@ -17,15 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 /**
  * An example of a more specialized request interface.
  * This version (currently) doesn't supply any additional
  * data, but is implementated only for testing and
  * demonstration purposes.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IEnrollmentRequest
-    extends IRequest {
+        extends IRequest {
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/request/INotify.java b/pki/base/common/src/com/netscape/certsrv/request/INotify.java
index d4ff15b7..938cd855 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/INotify.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/INotify.java
@@ -17,14 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 /**
  * The INotify interface defines operations that are invoked
- * when a request is completely processed.  A class implementing
+ * when a request is completely processed. A class implementing
  * this interface may be registered with a IRequestQueue.
  * The interface will be invoked when a request is completely
  * serviced by the IService object.
- *
+ * 
  * @version $Revision$ $Date$
  */
 public interface INotify {
@@ -34,7 +33,7 @@ public interface INotify {
      * The implementation may use values stored in the IRequest
      * object, and may implement any type publishing (such as email
      * or writing values into a directory)
-     *
+     * 
      * @param request the request that is completed.
      */
     public void notify(IRequest request);
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IPolicy.java b/pki/base/common/src/com/netscape/certsrv/request/IPolicy.java
index d74a32a4..4d23c903 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IPolicy.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IPolicy.java
@@ -17,37 +17,36 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 /**
- * Interface to a policy.  The policy evaluates the request for
- * correctness and completeness.  It may change or add to values
- * stored in the request.  The policy object also decides
+ * Interface to a policy. The policy evaluates the request for
+ * correctness and completeness. It may change or add to values
+ * stored in the request. The policy object also decides
  * whether a request should be queue to await approval by
  * an agent.
- * FUTURE:   In this case, the policy should set the
+ * FUTURE: In this case, the policy should set the
  * 'agentGroup' entry in the request to indicate the group
- * of agents allowed to perform further processing.  If none
+ * of agents allowed to perform further processing. If none
  * is set, a default value ("defaultAgentGroup") will be
  * set instead.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPolicy {
 
     /**
-     * Applies the policy check to the request.  The policy should
+     * Applies the policy check to the request. The policy should
      * determine whether the request can be processed immediately,
      * or should be held pending manual approval.
      * <p>
-     * The policy can update fields in the request, to add additional values
-     * or to restrict the values to pre-determined ranges.
+     * The policy can update fields in the request, to add additional values or to restrict the values to pre-determined ranges.
      * <p>
+     * 
      * @param request
-     *   the request to check
+     *            the request to check
      * @return
-     *   a result code indicating the result of the evaluation.  The
-     *   processor will determine the next request processing step based
-     *   on this value
+     *         a result code indicating the result of the evaluation. The
+     *         processor will determine the next request processing step based
+     *         on this value
      */
     PolicyResult apply(IRequest request);
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequest.java b/pki/base/common/src/com/netscape/certsrv/request/IRequest.java
index 1174778a..60c332c9 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequest.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequest.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 //import java.io.Serializable;
 
 import java.math.BigInteger;
@@ -36,10 +35,9 @@ import netscape.security.x509.X509CertInfo;
 import com.netscape.certsrv.authentication.IAuthToken;
 import com.netscape.certsrv.base.IAttrSet;
 
-
 /**
  * An interface that defines abilities of request objects,
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRequest {
@@ -84,11 +82,11 @@ public interface IRequest {
     // Params added by agents on agent approval page
     public static final String AGENT_PARAMS = "AGENT_PARAMS";
     // server attributes: attributes generated by server modules.
-    public static final String SERVER_ATTRS = "SERVER_ATTRS"; 
+    public static final String SERVER_ATTRS = "SERVER_ATTRS";
 
-    public static final String  RESULT = "Result";  // service result.
-    public static final Integer RES_SUCCESS = Integer.valueOf(1);  // result value
-    public static final Integer RES_ERROR = Integer.valueOf(2);	// result value
+    public static final String RESULT = "Result"; // service result.
+    public static final Integer RES_SUCCESS = Integer.valueOf(1); // result value
+    public static final Integer RES_ERROR = Integer.valueOf(2); // result value
     public static final String REMOTE_SERVICE_AUTHORITY = "RemServiceAuthority";
     public static final String SVCERRORS = "serviceErrors";
     public static final String REMOTE_STATUS = "remoteStatus";
@@ -110,10 +108,9 @@ public interface IRequest {
     // also used for renewal
     public static final String CERT_INFO = "CERT_INFO";
     public static final String ISSUED_CERTS = "issuedCerts";
-    public static final String 
-        REQUEST_TRUSTEDMGR_PRIVILEGE = "requestTrustedManagerPrivilege";
+    public static final String REQUEST_TRUSTEDMGR_PRIVILEGE = "requestTrustedManagerPrivilege";
     public static final String FINGERPRINTS = "fingerprints";
-						
+
     // enrollment request values 
     public static final String SERVER_CERT = "server";
     public static final String CLIENT_CERT = "client";
@@ -124,7 +121,7 @@ public interface IRequest {
     public static final String OTHER_CERT = "other";
     public static final String ROUTER_CERT = "router"; // deprecated
     public static final String CEP_CERT = "CEP-Request";
-	
+
     // renewal request attributes. (internally set)
     // also used for revocation
     public static final String OLD_CERTS = "OLD_CERTS";
@@ -143,13 +140,13 @@ public interface IRequest {
     public final static String CRL_PUBLISH_ERROR = "crlPublishError";
     public static final String REQUESTOR_TYPE = "requestorType";
 
-	// Netkey request attributes
+    // Netkey request attributes
     public final static String NETKEY_ATTR_CUID = "CUID";
     public final static String NETKEY_ATTR_USERID = "USERID";
     public final static String NETKEY_ATTR_DRMTRANS_DES_KEY = "drm_trans_desKey";
-    public final static String NETKEY_ATTR_ARCHIVE_FLAG ="archive";
-    public final static String NETKEY_ATTR_SERVERSIDE_MUSCLE_FLAG ="serverSideMuscle";
-    public final static String NETKEY_ATTR_ENC_PRIVKEY_FLAG ="encryptPrivKey";
+    public final static String NETKEY_ATTR_ARCHIVE_FLAG = "archive";
+    public final static String NETKEY_ATTR_SERVERSIDE_MUSCLE_FLAG = "serverSideMuscle";
+    public final static String NETKEY_ATTR_ENC_PRIVKEY_FLAG = "encryptPrivKey";
     public final static String NETKEY_ATTR_USER_CERT = "cert";
     public final static String NETKEY_ATTR_KEY_SIZE = "keysize";
 
@@ -174,90 +171,89 @@ public interface IRequest {
 
     /**
      * Gets the primary identifier for this request.
-     *
+     * 
      * @return request id
      */
     RequestId getRequestId();
 
     /**
      * Gets the current state of this request.
-     *
+     * 
      * @return request status
      */
     RequestStatus getRequestStatus();
 
     /**
-     * Gets the "sourceId" for the request.  The sourceId is
+     * Gets the "sourceId" for the request. The sourceId is
      * assigned by the originator of the request (for example,
      * the EE servlet or the RA servlet.
      * <p>
-     * The sourceId should be unique so that it can be used
-     * to retrieve request later without knowing the locally
-     * assigned primary id (RequestID)
+     * The sourceId should be unique so that it can be used to retrieve request later without knowing the locally assigned primary id (RequestID)
      * <p>
+     * 
      * @return
-     *    the sourceId value (or null if none has been set)
+     *         the sourceId value (or null if none has been set)
      */
     public String getSourceId();
 
     /**
-     * Sets the "sourceId" for this request.  The request must be updated
-     * in the database for this change to take effect.  This can be done
+     * Sets the "sourceId" for this request. The request must be updated
+     * in the database for this change to take effect. This can be done
      * by calling IRequestQueue.update() or by performing one of the
      * other operations like processRequest or approveRequest.
-     *
+     * 
      * @param id source id for this request
      */
     public void setSourceId(String id);
 
     /**
      * Gets the current owner of this request.
-     *
+     * 
      * @return request owner
      */
     public String getRequestOwner();
 
     /**
      * Sets the current owner of this request.
-     *
+     * 
      * @param owner
-     *    The new owner of this request. If this value is set to null
-     *    there will be no current owner
+     *            The new owner of this request. If this value is set to null
+     *            there will be no current owner
      */
     public void setRequestOwner(String owner);
 
     /**
      * Gets the type of this request.
-     *
+     * 
      * @return request type
      */
     public String getRequestType();
 
     /**
      * Sets the type or this request.
-     *
+     * 
      * @param type request type
      */
     public void setRequestType(String type);
 
     /**
      * Gets the version of this request.
-     *
+     * 
      * @return request version
      */
     public String getRequestVersion();
 
     /**
      * Gets the time this request was created.
-     *
+     * 
      * @return request creation time
      */
     Date getCreationTime();
 
     /**
      * Gets the time this request was last modified (defined
-	 * as updated in the queue)  (See IRequestQueue.update)
-     *
+     * as updated in the queue) (See IRequestQueue.update)
+     * 
      * @return request last modification time
      */
     Date getModificationTime();
@@ -278,61 +274,60 @@ public interface IRequest {
     public static final String ERROR = "Error";
 
     /**
-     * Copies meta attributes (excluding request Id, etc.) of another request 
+     * Copies meta attributes (excluding request Id, etc.) of another request
      * to this request.
-	 *
+     * 
      * @param req another request
      */
     public void copyContents(IRequest req);
 
     /**
      * Gets context of this request.
-	 *
+     * 
      * @return request context
      */
     public String getContext();
 
     /**
      * Sets context of this request.
-	 *
+     * 
      * @param ctx request context
      */
     public void setContext(String ctx);
 
     /**
      * Sets status of this request.
-	 *
+     * 
      * @param s request status
      */
     public void setRequestStatus(RequestStatus s);
 
     /**
      * Gets status of connector transfer.
-	 *
+     * 
      * @return status of connector transfer
      */
     public boolean isSuccess();
 
     /**
      * Gets localized error message from connector transfer.
-	 *
+     * 
      * @param locale request locale
      * @return error message from connector transfer
      */
     public String getError(Locale locale);
 
-
     /**************************************************************
      * ExtData data methods:
-     *
+     * 
      * These methods should be used in place of the mAttrData methods
      * deprecated above.
-     *
-     * These methods all store Strings in LDAP.  This means they can no longer
-     * be used as a garbage dump for all sorts of objects.  A limited number
+     * 
+     * These methods all store Strings in LDAP. This means they can no longer
+     * be used as a garbage dump for all sorts of objects. A limited number
      * of helper methods are provided for Vectors/Arrays/Hashtables but the
      * keys and values for all of these should be Strings.
-     *
+     * 
      * The keys are used in the LDAP attribute names, and so much obey LDAP
      * key syntax rules: A-Za-z0-9 and hyphen.
      */
@@ -340,8 +335,8 @@ public interface IRequest {
     /**
      * Sets an Extended Data string-key string-value pair.
      * All keys are lower cased because LDAP does not preserve case.
-     *
-     * @param key  The extended data key
+     * 
+     * @param key The extended data key
      * @param value The extended data value
      * @return false if key is invalid.
      */
@@ -351,10 +346,10 @@ public interface IRequest {
      * Sets an Extended Data string-key string-value pair.
      * The key and hashtable keys are all lowercased because LDAP does not
      * preserve case.
-     *
-     * @param key  The extended data key
+     * 
+     * @param key The extended data key
      * @param value The extended data value
-     * the Hashtable contains an illegal key.
+     *            the Hashtable contains an illegal key.
      * @return false if the key or hashtable keys are invalid
      */
     public boolean setExtData(String key, Hashtable<String, ?> value);
@@ -362,40 +357,42 @@ public interface IRequest {
     /**
      * Checks whether the key is storing a simple String value, or a complex
      * (Vector/hashtable) structure.
-     * @param key  The key to check for.
-     * @return True if the key maps to a string.  False if it maps to a
+     * 
+     * @param key The key to check for.
+     * @return True if the key maps to a string. False if it maps to a
      *         hashtable.
      */
     public boolean isSimpleExtDataValue(String key);
 
     /**
-     * Returns the String value stored for the String key.  Returns null
-     * if not found.  Throws exception if key stores a complex data structure
+     * Returns the String value stored for the String key. Returns null
+     * if not found. Throws exception if key stores a complex data structure
      * (Vector/Hashtable).
-     * @param key  The key to lookup (case-insensitive)
-     * @return  The value associated with the key. null if not found or if the
-     *          key is associated with a non-string value.
+     * 
+     * @param key The key to lookup (case-insensitive)
+     * @return The value associated with the key. null if not found or if the
+     *         key is associated with a non-string value.
      */
     public String getExtDataInString(String key);
 
     /**
-     * Returns the Hashtable value for the String key.  Returns null if not
-     * found.  Throws exception if the key stores a String value.
-     *
+     * Returns the Hashtable value for the String key. Returns null if not
+     * found. Throws exception if the key stores a String value.
+     * 
      * The Hashtable returned is actually a subclass of Hashtable that
-     * lowercases all keys used to access the hashtable.  Its purpose is to
+     * lowercases all keys used to access the hashtable. Its purpose is to
      * to make lookups seemless, but be aware it is not a normal hashtable and
      * might behave strangely in some cases (e.g., iterating keys)
-     *
-     * @param key  The key to lookup (case-insensitive)
-     * @return The hashtable value associated with the key.  null if not found
+     * 
+     * @param key The key to lookup (case-insensitive)
+     * @return The hashtable value associated with the key. null if not found
      *         or if the key is associated with a string-value.
      */
     public <V> Hashtable<String, V> getExtDataInHashtable(String key);
 
-
     /**
      * Returns all the keys stored in ExtData
+     * 
      * @return Enumeration of all the keys.
      */
     public Enumeration<String> getExtDataKeys();
@@ -403,24 +400,26 @@ public interface IRequest {
     /**
      * Stores an array of Strings in ExtData.
      * The indices of the array are used as subkeys.
-     * @param key    the ExtData key
-     * @param values  the array of string values to store
+     * 
+     * @param key the ExtData key
+     * @param values the array of string values to store
      * @return False if the key is invalid
      */
     public boolean setExtData(String key, String[] values);
 
     /**
      * Retrieves an array of Strings stored with the key.
-     * This only works if the data was stored as an array.  If the data
+     * This only works if the data was stored as an array. If the data
      * is not correct, this method will return null.
-     * @param key  The ExtData key
-     * @return  The value.  Null if not found or the data isn't an array.
+     * 
+     * @param key The ExtData key
+     * @return The value. Null if not found or the data isn't an array.
      */
     public String[] getExtDataInStringArray(String key);
 
     /**
      * Removes the value of an extdata attribute.
-     *
+     * 
      * @param type key to delete
      */
     void deleteExtData(String type);
@@ -431,90 +430,95 @@ public interface IRequest {
 
     /**
      * Helper method to add subkey/value pair to a ExtData hashtable.
-     * If the hashtable it exists, the subkey/value are added to it.  Otherwise
+     * If the hashtable it exists, the subkey/value are added to it. Otherwise
      * a new hashtable is created.
-     *
+     * 
      * The key and subkey are lowercased because LDAP does not preserve case.
-     *
-     * @param key    The top level key
+     * 
+     * @param key The top level key
      * @param subkey The hashtable data key
-     * @param value  The hashtable value
+     * @param value The hashtable value
      * @return False if the key or subkey are invalid
      */
     public boolean setExtData(String key, String subkey, String value);
 
     /**
      * Helper method to retrieve an individual value from a Hashtable value.
-     * @param key     the ExtData key
-     * @param subkey  the key in the Hashtable value (case insensitive)
+     * 
+     * @param key the ExtData key
+     * @param subkey the key in the Hashtable value (case insensitive)
      * @return the value corresponding to the key/subkey
      */
     public String getExtDataInString(String key, String subkey);
 
     /**
-     * Helper method to store an Integer value.  It converts the integer value
+     * Helper method to store an Integer value. It converts the integer value
      * to a String and stores it.
-     *
-     * @param key  the ExtData key
-     * @param value  the Integer to store (as a String)
+     * 
+     * @param key the ExtData key
+     * @param value the Integer to store (as a String)
      * @return False if the key or value are invalid
      */
     public boolean setExtData(String key, Integer value);
 
     /**
-     * Retrieves an integer value.  Returns null if not found or
+     * Retrieves an integer value. Returns null if not found or
      * the value can't be represented as an Integer.
-     *
-     * @param key  The ExtData key to lookup
-     * @return  The integer value or null if not possible.
+     * 
+     * @param key The ExtData key to lookup
+     * @return The integer value or null if not possible.
      */
     public Integer getExtDataInInteger(String key);
 
     /**
      * Stores an array of Integers
-     * @param key    The extdata key
-     * @param values  The array of Integers to store
-     * @return  false if the key is invalid
+     * 
+     * @param key The extdata key
+     * @param values The array of Integers to store
+     * @return false if the key is invalid
      */
     public boolean setExtData(String key, Integer[] values);
 
     /**
      * Retrieves an array of Integers
-     * @param key  The extdata key
+     * 
+     * @param key The extdata key
      * @return The array of Integers or null on error.
      */
     public Integer[] getExtDataInIntegerArray(String key);
 
     /**
-     * Helper method to store a BigInteger value.  It converts the integer value
+     * Helper method to store a BigInteger value. It converts the integer value
      * to a String and stores it.
-     *
-     * @param key  the ExtData key
-     * @param value  the BigInteger to store (as a String)
+     * 
+     * @param key the ExtData key
+     * @param value the BigInteger to store (as a String)
      * @return False if the key or value are invalid
      */
     public boolean setExtData(String key, BigInteger value);
 
     /**
-     * Retrieves a BigInteger value.  Returns null if not found or
+     * Retrieves a BigInteger value. Returns null if not found or
      * the value can't be represented as a BigInteger.
-     *
-     * @param key  The ExtData key to lookup
-     * @return  The integer value or null if not possible.
+     * 
+     * @param key The ExtData key to lookup
+     * @return The integer value or null if not possible.
      */
     public BigInteger getExtDataInBigInteger(String key);
 
     /**
      * Stores an array of BigIntegers
-     * @param key    The extdata key
-     * @param values  The array of BigIntegers to store
-     * @return  false if the key is invalid
+     * 
+     * @param key The extdata key
+     * @param values The array of BigIntegers to store
+     * @return false if the key is invalid
      */
     public boolean setExtData(String key, BigInteger[] values);
 
     /**
      * Retrieves an array of BigIntegers
-     * @param key  The extdata key
+     * 
+     * @param key The extdata key
      * @return The array of BigIntegers or null on error.
      */
     public BigInteger[] getExtDataInBigIntegerArray(String key);
@@ -522,102 +526,114 @@ public interface IRequest {
     /**
      * Helper method to store an exception.
      * It actually stores the e.toString() value.
-     *
-     * @param key  The ExtData key to store under
-     * @param e    The throwable to store
-     * @return  False if the key is invalid.
+     * 
+     * @param key The ExtData key to store under
+     * @param e The throwable to store
+     * @return False if the key is invalid.
      */
     public boolean setExtData(String key, Throwable e);
 
     /**
      * Stores a byte array as base64 encoded text
-     * @param key  The ExtData key
-     * @param data  The byte array to store
-     * @return  False if the key is invalid.
+     * 
+     * @param key The ExtData key
+     * @param data The byte array to store
+     * @return False if the key is invalid.
      */
     public boolean setExtData(String key, byte[] data);
 
     /**
      * Retrieves the data, which should be base64 encoded as a byte array.
-     * @param key  The ExtData key
-     * @return  The data, or null if an error occurs.
+     * 
+     * @param key The ExtData key
+     * @return The data, or null if an error occurs.
      */
     public byte[] getExtDataInByteArray(String key);
 
     /**
      * Stores a X509CertImpl as base64 encoded text using the getEncode()
      * method.
-     * @param key  The ExtData key
-     * @param data  certificate
-     * @return  False if the key is invalid.
+     * 
+     * @param key The ExtData key
+     * @param data certificate
+     * @return False if the key is invalid.
      */
     public boolean setExtData(String key, X509CertImpl data);
 
     /**
      * Retrieves the data, which should be base64 encoded as a byte array.
-     * @param key  The ExtData key
-     * @return  The data, or null if an error occurs.
+     * 
+     * @param key The ExtData key
+     * @return The data, or null if an error occurs.
      */
     public X509CertImpl getExtDataInCert(String key);
 
     /**
      * Stores an array of X509CertImpls as a base64 encoded text.
+     * 
      * @param key The ExtData key
-     * @param data  The array of certs to store
+     * @param data The array of certs to store
      * @return False if the key or data is invalid.
      */
     public boolean setExtData(String key, X509CertImpl[] data);
 
     /**
      * Retrieves an array of X509CertImpl.
-     * @param key  The ExtData key
-     * @return  Array of certs, or null if not found or invalid data.
+     * 
+     * @param key The ExtData key
+     * @return Array of certs, or null if not found or invalid data.
      */
     public X509CertImpl[] getExtDataInCertArray(String key);
 
     /**
      * Stores a X509CertInfo as base64 encoded text using the getEncodedInfo()
      * method.
-     * @param key  The ExtData key
-     * @param data  certificate
-     * @return  False if the key is invalid.
+     * 
+     * @param key The ExtData key
+     * @param data certificate
+     * @return False if the key is invalid.
      */
     public boolean setExtData(String key, X509CertInfo data);
 
     /**
      * Retrieves the data, which should be base64 encoded as a byte array.
-     * @param key  The ExtData key
-     * @return  The data, or null if an error occurs.
+     * 
+     * @param key The ExtData key
+     * @return The data, or null if an error occurs.
      */
     public X509CertInfo getExtDataInCertInfo(String key);
 
     /**
      * Stores an array of X509CertInfos as a base64 encoded text.
+     * 
      * @param key The ExtData key
-     * @param data  The array of cert infos to store
+     * @param data The array of cert infos to store
      * @return False if the key or data is invalid.
      */
     public boolean setExtData(String key, X509CertInfo[] data);
 
     /**
      * Retrieves an array of X509CertInfo.
-     * @param key  The ExtData key
-     * @return  Array of cert infos, or null if not found or invalid data.
+     * 
+     * @param key The ExtData key
+     * @return Array of cert infos, or null if not found or invalid data.
      */
     public X509CertInfo[] getExtDataInCertInfoArray(String key);
 
     /**
      * Stores an array of RevokedCertImpls as a base64 encoded text.
+     * 
      * @param key The ExtData key
-     * @param data  The array of cert infos to store
+     * @param data The array of cert infos to store
      * @return False if the key or data is invalid.
      */
     public boolean setExtData(String key, RevokedCertImpl[] data);
 
     /**
      * Retrieves an array of RevokedCertImpl.
-     * @param key  The ExtData key
-     * @return  Array of cert infos, or null if not found or invalid data.
+     * 
+     * @param key The ExtData key
+     * @return Array of cert infos, or null if not found or invalid data.
      */
     public RevokedCertImpl[] getExtDataInRevokedCertArray(String key);
 
@@ -625,42 +641,41 @@ public interface IRequest {
      * Stores the contents of the String Vector in ExtData.
      * TODO - as soon as we're allowed to use JDK5 this should be changed
      * to use Vector<String> data.
-     *
+     * 
      * Note that modifications to the Vector are not automatically reflected
-     * after it is stored.  You must call set() again to make the changes.
-     *
-     * @param key  The extdata key to store
+     * after it is stored. You must call set() again to make the changes.
+     * 
+     * @param key The extdata key to store
      * @param data A vector of Strings to store
-     * @return  False on key error or invalid data.
+     * @return False on key error or invalid data.
      */
     public boolean setExtData(String key, Vector<?> data);
 
     /**
      * Returns a vector of strings for the key.
      * Note that the returned vector, if modified, does not make changes
-     * in ExtData.  You must call setExtData() to propogate changes back
+     * in ExtData. You must call setExtData() to propogate changes back
      * into ExtData.
-     *
-     * @param key  The extdata key
-     * @return  A Vector of strings, or null on error.
+     * 
+     * @param key The extdata key
+     * @return A Vector of strings, or null on error.
      */
     public Vector<String> getExtDataInStringVector(String key);
 
     /**
      * Gets boolean value for given type or default value
-	 * if attribute is absent.
-	 *
+     * if attribute is absent.
+     * 
      * @param type attribute type
      * @param defVal default attribute value
      * @return attribute value
      */
     boolean getExtDataInBoolean(String type, boolean defVal);
 
-
     /**
      * Gets extdata boolean value for given type or default value
-	 * if attribute is absent for this request with this prefix.
-	 *
+     * if attribute is absent for this request with this prefix.
+     * 
      * @param prefix request prefix
      * @param type attribute type
      * @param defVal default attribute value
@@ -668,59 +683,64 @@ public interface IRequest {
      */
     public boolean getExtDataInBoolean(String prefix, String type, boolean defVal);
 
-
     /**
      * Stores an AuthToken the same as a Hashtable.
+     * 
      * @param key The ExtData key
-     * @param data  The authtoken to store
+     * @param data The authtoken to store
      * @return False if the key or data is invalid.
      */
     public boolean setExtData(String key, IAuthToken data);
 
     /**
      * Retrieves an authtoken.
-     * @param key  The ExtData key
-     * @return  AuthToken, or null if not found or invalid data.
+     * 
+     * @param key The ExtData key
+     * @return AuthToken, or null if not found or invalid data.
      */
     public IAuthToken getExtDataInAuthToken(String key);
 
     /**
      * Stores a CertificateExtensions in extdata.
+     * 
      * @param key The ExtData key
-     * @param data  The CertificateExtensions to store
+     * @param data The CertificateExtensions to store
      * @return False if the key or data is invalid.
      */
     public boolean setExtData(String key, CertificateExtensions data);
 
     /**
      * Retrieves the CertificateExtensions associated with the key.
-     * @param key  The ExtData key
-     * @return  the object, or null if not found or invalid data.
+     * 
+     * @param key The ExtData key
+     * @return the object, or null if not found or invalid data.
      */
     public CertificateExtensions getExtDataInCertExts(String key);
 
     /**
      * Stores a CertificateSubjectName in extdata.
+     * 
      * @param key The ExtData key
-     * @param data  The CertificateSubjectName to store
+     * @param data The CertificateSubjectName to store
      * @return False if the key or data is invalid.
      */
     public boolean setExtData(String key, CertificateSubjectName data);
 
     /**
      * Retrieves the CertificateSubjectName associated with the key.
-     * @param key  The ExtData key
-     * @return  the object, or null if not found or invalid data.
+     * 
+     * @param key The ExtData key
+     * @return the object, or null if not found or invalid data.
      */
     public CertificateSubjectName getExtDataInCertSubjectName(String key);
 
     /**
      * This method returns an IAttrSet wrapper for the IRequest.
-     * Use of this method is strongly discouraged.  It provides extremely
+     * Use of this method is strongly discouraged. It provides extremely
      * limited functionality, and is only provided for the two places IRequest
-     * is being used as such in the code.  If you are considering using this
+     * is being used as such in the code. If you are considering using this
      * method, please don't.
-     *
+     * 
      * @return IAttrSet wrapper with basic "get" functionality.
      * @deprecated
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestList.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestList.java
index a01ceb8c..e207c001 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestList.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestList.java
@@ -17,41 +17,39 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import java.util.Enumeration;
 
-
 /**
  * An interface providing a list of RequestIds that match
- * some criteria.  It could be a list of all elements in a
+ * some criteria. It could be a list of all elements in a
  * queue, or just some defined sub-set.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRequestList
-    extends Enumeration {
+        extends Enumeration {
 
     /**
-     * Gets the next RequestId from this list.  null is
-	 * returned when there are no more elements in the list.
-	 * <p>
-	 * Callers should be sure there is another element in the
-	 * list by calling hasMoreElements first.
+     * Gets the next RequestId from this list. null is
+     * returned when there are no more elements in the list.
+     * <p>
+     * Callers should be sure there is another element in the list by calling hasMoreElements first.
      * <p>
+     * 
      * @return next request id
      */
     RequestId nextRequestId();
 
     /**
      * Gets next request from the list.
-     *
+     * 
      * @return next request
      */
     public Object nextRequest();
 
     /**
      * Gets next request Object from the list.
-     *
+     * 
      * @return next request
      */
     public IRequest nextRequestObject();
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestListener.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestListener.java
index a98cd747..8dc8a42a 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestListener.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestListener.java
@@ -17,23 +17,21 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
  * An interface that defines abilities of request listener,
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRequestListener {
 
     /**
      * Initializes request listener for the specific subsystem
-	 * and configuration store.
-	 *
+     * and configuration store.
+     * 
      * @param sub subsystem
      * @param config configuration store
      */
@@ -41,14 +39,14 @@ public interface IRequestListener {
 
     /**
      * Accepts request.
-	 *
+     * 
      * @param request request
      */
-    public void accept(IRequest request); 
+    public void accept(IRequest request);
 
     /**
      * Sets attribute.
-	 *
+     * 
      * @param name attribute name
      * @param val attribute value
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestNotifier.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestNotifier.java
index ba06c626..66bd3543 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestNotifier.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestNotifier.java
@@ -17,27 +17,25 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import java.util.Enumeration;
 
-
 /**
  * IRequestNotifier interface defines methods to register listeners,
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRequestNotifier extends INotify {
 
     /**
      * Registers a request listener.
-     *
+     * 
      * @param listener listener to be registered
      */
     public void registerListener(IRequestListener listener);
 
     /**
      * Registers a request listener.
-     *
+     * 
      * @param name listener name
      * @param listener listener to be registered
      */
@@ -45,28 +43,28 @@ public interface IRequestNotifier extends INotify {
 
     /**
      * Removes listener from the list of registered listeners.
-     *
+     * 
      * @param listener listener to be removed from the list
      */
     public void removeListener(IRequestListener listener);
 
     /**
      * Removes listener from the list of registered listeners.
-     *
+     * 
      * @param name listener name to be removed from the list
      */
     public void removeListener(String name);
 
     /**
      * Gets list of listener names.
-     *
+     * 
      * @return enumeration of listener names
      */
-    public Enumeration<String>  getListenerNames();
+    public Enumeration<String> getListenerNames();
 
     /**
      * Gets listener from the list of registered listeners.
-     *
+     * 
      * @param name listener name
      * @return listener
      */
@@ -74,55 +72,55 @@ public interface IRequestNotifier extends INotify {
 
     /**
      * Gets list of listeners.
-     *
+     * 
      * @return enumeration of listeners
      */
-    public Enumeration<IRequestListener>  getListeners();
+    public Enumeration<IRequestListener> getListeners();
 
     /**
      * Gets request from publishing queue.
-     *
+     * 
      * @return request
      */
     public IRequest getRequest();
 
     /**
      * Gets number of requests in publishing queue.
-     *
+     * 
      * @return number of requests in publishing queue
      */
     public int getNumberOfRequests();
 
     /**
      * Checks if publishing queue is enabled.
-     *
+     * 
      * @return true if publishing queue is enabled, false otherwise
      */
     public boolean isPublishingQueueEnabled();
 
     /**
      * Removes a notifier thread from the pool of publishing queue threads.
-     *
+     * 
      * @param notifierThread Thread
      */
     public void removeNotifierThread(Thread notifierThread);
 
     /**
      * Notifies all registered listeners about request.
-     *
+     * 
      * @param r request
      */
     public void addToNotify(IRequest r);
 
     /**
      * Sets publishing queue parameters.
-     *
+     * 
      * @param isPublishingQueueEnabled publishing queue switch
      * @param publishingQueuePriorityLevel publishing queue priority level
      * @param maxNumberOfPublishingThreads maximum number of publishing threads
      * @param publishingQueuePageSize publishing queue page size
      */
-    public void setPublishingQueue (boolean isPublishingQueueEnabled,
+    public void setPublishingQueue(boolean isPublishingQueueEnabled,
                                     int publishingQueuePriorityLevel,
                                     int maxNumberOfPublishingThreads,
                                     int publishingQueuePageSize,
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
index 468336b4..5c5d13a6 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
@@ -22,54 +22,51 @@ import java.math.BigInteger;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.repository.IRepository;
 
-
 /**
  * The IRequestQueue interface defines the operations on
  * a collection of requests within the certificate server.
  * There are may several collections, such as KRA, RA and CA
- * requests.  Each of these request collection has a defined
+ * requests. Each of these request collection has a defined
  * set of policies, a notification service (for request
- * completion) and a service routine.  The request queue
+ * completion) and a service routine. The request queue
  * provides an interface for creating and viewing requests,
  * as well as performing operations on them.
  * <p>
+ * 
  * @version $Revision$ $Date$
  */
 public interface IRequestQueue {
 
     /**
-     * Creates a new request object.  A request id is
+     * Creates a new request object. A request id is
      * assigned to it - see IRequest.getRequestId, and
      * the status is set to RequestStatus.BEGIN
      * <p>
-     * The request is LOCKED.  The caller MUST release the
-     * request object by calling releaseRequest().
+     * The request is LOCKED. The caller MUST release the request object by calling releaseRequest().
      * <p>
-     * TODO: provide other required values (such as type
-     *  and sourceId)
-     *
+     * TODO: provide other required values (such as type and sourceId)
+     * 
      * @param requestType request type
      * @return new request
      * @exception EBaseException failed to create new request
      */
     public IRequest newRequest(String requestType)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Clones a request object. A new request id is assigned 
-     * and all attributes of the request is copied to cloned request, 
-     * except for the sourceID of the original request 
+     * Clones a request object. A new request id is assigned
+     * and all attributes of the request is copied to cloned request,
+     * except for the sourceID of the original request
      * (remote authority's request Id).
      * <p>
-     * The cloned request that is returned is LOCKED. The caller MUST 
-     * release the request object by calling releaseRequest().
-     *
+     * The cloned request that is returned is LOCKED. The caller MUST release the request object by calling releaseRequest().
+     * 
      * @param r request to be cloned
      * @return cloned request
      * @exception EBaseException failed to clone request
      */
-    public IRequest cloneRequest(IRequest r) 
-        throws EBaseException;
+    public IRequest cloneRequest(IRequest r)
+            throws EBaseException;
 
     /**
      * Gets the Request corresponding to id.
@@ -77,163 +74,145 @@ public interface IRequestQueue {
      * to a valid request id.
      * <p>
      * Errors may be generated for other conditions.
-     *
+     * 
      * @param id request id
      * @return found request
      * @exception EBaseException failed to access request queue
      */
     public IRequest findRequest(RequestId id)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Begins processing for this request.  This call
+     * Begins processing for this request. This call
      * is valid only on requests with status BEGIN
      * An error is generated for other cases.
-     *
+     * 
      * @param req request to be processed
      * @exception EBaseException failed to process request
      */
     public void processRequest(IRequest req)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Sets request scheduler.
-     *
+     * 
      * @param scheduler request scheduler
      */
     public void setRequestScheduler(IRequestScheduler scheduler);
 
     /**
      * Gets request scheduler.
-     *
+     * 
      * @return request scheduler
      */
     public IRequestScheduler getRequestScheduler();
 
     /**
-     * Puts a new request into the PENDING state.  This call is
-     * only valid for requests with status BEGIN.  An error is
+     * Puts a new request into the PENDING state. This call is
+     * only valid for requests with status BEGIN. An error is
      * generated for other cases.
      * <p>
-     * This call might be used by agent servlets that want to
-     * copy a previous request, and resubmit it.  By putting it
-     * into PENDING state, the normal agent screens can be used
-     * for further processing.
-     *
+     * This call might be used by agent servlets that want to copy a previous request, and resubmit it. By putting it into PENDING state, the normal agent screens can be used for further processing.
+     * 
      * @param req
-     *    the request to mark PENDING
+     *            the request to mark PENDING
      * @exception EBaseException failed to mark request as pending
      */
     public void markRequestPending(IRequest req)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Clones a request object and mark it pending. A new request id is assigned 
-     * and all attributes of the request is copied to cloned request, 
-     * except for the sourceID of the original request 
+     * Clones a request object and mark it pending. A new request id is assigned
+     * and all attributes of the request is copied to cloned request,
+     * except for the sourceID of the original request
      * (remote authority's request Id).
      * <p>
-     * The cloned request that is returned is LOCKED. The caller MUST 
-     * release the request object by calling releaseRequest().
-     *
+     * The cloned request that is returned is LOCKED. The caller MUST release the request object by calling releaseRequest().
+     * 
      * @param r request to be cloned
      * @return cloned request mark PENDING
      * @exception EBaseException failed to clone or mark request
      */
-    public IRequest cloneAndMarkPending(IRequest r) 
-        throws EBaseException;
+    public IRequest cloneAndMarkPending(IRequest r)
+            throws EBaseException;
 
     /**
-     * Approves a request.  The request must be locked.
+     * Approves a request. The request must be locked.
      * <p>
-     * This call will fail if:
-     *   the request is not in PENDING state
-     *   the policy modules do not accept the request
+     * This call will fail if: the request is not in PENDING state the policy modules do not accept the request
      * <p>
-     * If the policy modules reject the request, then the request
-     * will remain in the PENDING state.  Messages from the policy
-     * module can be display to the agent to indicate the source
-     * of the problem.
+     * If the policy modules reject the request, then the request will remain in the PENDING state. Messages from the policy module can be display to the agent to indicate the source of the problem.
      * <p>
-     * The request processing code adds an AgentApproval to this
-     * request that contains the authentication id of the agent.  This
-     * data is retrieved from the Session object (qv).
-     *
+     * The request processing code adds an AgentApproval to this request that contains the authentication id of the agent. This data is retrieved from the Session object (qv).
+     * 
      * @param request
-     *    the request that is being approved
+     *            the request that is being approved
      * @exception EBaseException failed to approve request
      */
     public void approveRequest(IRequest request)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Rejects a request.  The request must be locked.
+     * Rejects a request. The request must be locked.
      * <p>
-     * This call will fail if:
-     *   the request is not in PENDING state
+     * This call will fail if: the request is not in PENDING state
      * <p>
-     * The agent servlet (or other application) may wish to store
-     * AgentMessage values to indicate the reason for the action
-     *
+     * The agent servlet (or other application) may wish to store AgentMessage values to indicate the reason for the action
+     * 
      * @param request
-     *    the request that is being rejected
+     *            the request that is being rejected
      * @exception EBaseException failed to reject request
      */
     public void rejectRequest(IRequest request)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Cancels a request.  The request must be locked.
+     * Cancels a request. The request must be locked.
      * <p>
-     * This call will fail if:
-     *   the request is not in PENDING state
+     * This call will fail if: the request is not in PENDING state
      * <p>
-     * The agent servlet (or other application) may wish to store
-     * AgentMessage values to indicate the reason for the action
-     *
+     * The agent servlet (or other application) may wish to store AgentMessage values to indicate the reason for the action
+     * 
      * @param request
-     *    the request that is being canceled
+     *            the request that is being canceled
      * @exception EBaseException failed to cancel request
      */
     public void cancelRequest(IRequest request)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Updates the request in the permanent data store.
      * <p>
-     * This call can be made after changing a value like source
-     * id or owner, to force the new value to be written.
+     * This call can be made after changing a value like source id or owner, to force the new value to be written.
      * <p>
      * The request must be locked to make this call.
-	 *
+     * 
      * @param request
-     *    the request that is being updated
+     *            the request that is being updated
      * @exception EBaseException failed to update request
      */
     public void updateRequest(IRequest request)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Returns an enumerator that lists all RequestIds in the
-     * queue.  The caller should use the RequestIds to locate
+     * queue. The caller should use the RequestIds to locate
      * each request by calling findRequest().
      * <p>
-     * NOTE: This interface will not be useful for large databases.
-     * This needs to be replace by a VLV (paged) search object.
-     *
+     * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search object.
+     * 
      * @return request list
      */
     public IRequestList listRequests();
 
     /**
      * Returns an enumerator that lists all RequestIds for requests
-     * that are in the given status.  For example, all the PENDING
+     * that are in the given status. For example, all the PENDING
      * requests could be listed by specifying RequestStatus.PENDING
      * as the <i>status</i> argument
      * <p>
-     * NOTE: This interface will not be useful for large databases.
-     * This needs to be replace by a VLV (paged) search object.
-     *
+     * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search object.
+     * 
      * @param status request status
      * @return request list
      */
@@ -243,9 +222,8 @@ public interface IRequestQueue {
      * Returns an enumerator that lists all RequestIds for requests
      * that match the filter.
      * <p>
-     * NOTE: This interface will not be useful for large databases.
-     * This needs to be replace by a VLV (paged) search object.
-     *
+     * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search object.
+     * 
      * @param filter search filter
      * @return request list
      */
@@ -255,9 +233,8 @@ public interface IRequestQueue {
      * Returns an enumerator that lists all RequestIds for requests
      * that match the filter.
      * <p>
-     * NOTE: This interface will not be useful for large databases.
-     * This needs to be replace by a VLV (paged) search object.
-     *
+     * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search object.
+     * 
      * @param filter search filter
      * @param maxSize max size to return
      * @return request list
@@ -268,9 +245,8 @@ public interface IRequestQueue {
      * Returns an enumerator that lists all RequestIds for requests
      * that match the filter.
      * <p>
-     * NOTE: This interface will not be useful for large databases.
-     * This needs to be replace by a VLV (paged) search object.
-     *
+     * NOTE: This interface will not be useful for large databases. This needs to be replace by a VLV (paged) search object.
+     * 
      * @param filter search filter
      * @param maxSize max size to return
      * @param timeLimit timeout value for the search
@@ -281,31 +257,33 @@ public interface IRequestQueue {
     /**
      * Gets requests that are pending on handling by the service
      * <p>
+     * 
      * @return list of pending requests
      */
     // public IRequestList listServicePendingRequests();
 
     /**
      * Locates a request from the SourceId.
-     *
+     * 
      * @param id
-     *    a unique identifier for the record that is based on the source
-     *    of the request, and possibly an identify assigned by the source.
+     *            a unique identifier for the record that is based on the source
+     *            of the request, and possibly an identify assigned by the source.
      * @return
-     *    The requestid corresponding to this source id.  null is
-     *    returned if the source id does not exist.
+     *         The requestid corresponding to this source id. null is
+     *         returned if the source id does not exist.
      */
     public RequestId findRequestBySourceId(String id);
 
     /**
      * Locates all requests with a particular SourceId.
      * <p>
+     * 
      * @param id
-     *    an identifier for the record that is based on the source
-     *    of the request
+     *            an identifier for the record that is based on the source
+     *            of the request
      * @return
-     *    A list of requests corresponding to this source id.  null is
-     *    returned if the source id does not exist.
+     *         A list of requests corresponding to this source id. null is
+     *         returned if the source id does not exist.
      */
     public IRequestList findRequestsBySourceId(String id);
 
@@ -313,6 +291,7 @@ public interface IRequestQueue {
      * Releases the LOCK on a request obtained from findRequest() or
      * newRequest()
      * <p>
+     * 
      * @param r request
      */
     public void releaseRequest(IRequest r);
@@ -320,19 +299,19 @@ public interface IRequestQueue {
     /**
      * Marks as serviced after destination authority has serviced request.
      * Used by connector.
-     *
+     * 
      * @param r request
      */
     public void markAsServiced(IRequest r);
 
     /**
-     * Resends requests 
+     * Resends requests
      */
     public void recover();
 
     /**
      * Gets a pageable list of IRequest entries in this queue.
-     *
+     * 
      * @param pageSize page size
      * @return request list
      */
@@ -340,18 +319,19 @@ public interface IRequestQueue {
 
     /**
      * Gets a pageable list of IRequest entries in this queue.
-     *
+     * 
      * @param filter search filter
      * @param pageSize page size
      * @param sortKey the attributes to sort by
      * @return request list
      */
     public IRequestVirtualList getPagedRequestsByFilter(String filter,
-	                                                    int pageSize,
-														String sortKey);
+                                                        int pageSize,
+                                                        String sortKey);
+
     /**
      * Gets a pageable list of IRequest entries in this queue.
-     *
+     * 
      * @param fromId request id to start with
      * @param filter search filter
      * @param pageSize page size
@@ -359,14 +339,14 @@ public interface IRequestQueue {
      * @return request list
      */
     public IRequestVirtualList getPagedRequestsByFilter(RequestId fromId,
-	                                                    String filter,
-														int pageSize, 
+                                                        String filter,
+                                                        int pageSize,
                                                         String sortKey);
 
     /**
      * Gets a pageable list of IRequest entries in this queue. This
      * jumps right to the end of the list
-     *
+     * 
      * @param fromId request id to start with
      * @param jumpToEnd jump to end of list (set fromId to null)
      * @param filter search filter
@@ -375,26 +355,24 @@ public interface IRequestQueue {
      * @return request list
      */
     public IRequestVirtualList getPagedRequestsByFilter(RequestId fromId,
-	                               boolean jumpToEnd, String filter,
-	                               int pageSize,
+                                   boolean jumpToEnd, String filter,
+                                   int pageSize,
                                    String sortKey);
 
-
     /**
      * Retrieves the notifier for pending request.
-     *
+     * 
      * @return notifier for pending request
      */
     public INotify getPendingNotify();
 
-
-    public BigInteger getLastRequestIdInRange(BigInteger  reqId_low_bound, BigInteger reqId_upper_bound);
+    public BigInteger getLastRequestIdInRange(BigInteger reqId_low_bound, BigInteger reqId_upper_bound);
 
     /**
      * Resets serial number.
      */
     public void resetSerialNumber(BigInteger serial) throws EBaseException;
-                                                                                
+
     /**
      * Removes all objects with this repository.
      */
@@ -402,7 +380,7 @@ public interface IRequestQueue {
 
     /**
      * Gets request repository.
-     *
+     * 
      * @return request repository
      */
     public IRepository getRequestRepository();
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestRecord.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestRecord.java
index 53a3e37b..53531b13 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestRecord.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestRecord.java
@@ -17,22 +17,21 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
  * A request record is the stored version of a request.
  * It has a set of attributes that are mapped into LDAP
  * attributes for actual directory operations.
  * <p>
+ * 
  * @version $Revision$ $Date$
  */
 public interface IRequestRecord
-    extends IDBObj {
+        extends IDBObj {
     //
     // The names of the attributes stored in this record
     //
@@ -64,21 +63,21 @@ public interface IRequestRecord
 
     /**
      * Gets the request id.
-     *
+     * 
      * @return request id
      */
     public RequestId getRequestId();
 
     /**
      * Gets attribute names of the request.
-     *
+     * 
      * @return list of attribute names
      */
     public Enumeration<String> getAttrNames();
 
     /**
      * Gets the request attribute value by the name.
-     *
+     * 
      * @param name attribute name
      * @return attribute value
      */
@@ -86,7 +85,7 @@ public interface IRequestRecord
 
     /**
      * Sets new attribute for the request.
-     *
+     * 
      * @param name attribute name
      * @param o attribute value
      */
@@ -94,15 +93,15 @@ public interface IRequestRecord
 
     /**
      * Removes attribute from the request.
-     *
+     * 
      * @param name attribute name
      */
     public void delete(String name)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Gets attribute list of the request.
-     *
+     * 
      * @return attribute list
      */
     public Enumeration<String> getElements();
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestScheduler.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestScheduler.java
index 198092fc..5012f5b0 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestScheduler.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestScheduler.java
@@ -17,11 +17,8 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 //import java.io.Serializable;
 
-
-
 /**
  * This is an interface to a request scheduler that prioritizes
  * the threads based on the request processing order.
@@ -34,14 +31,14 @@ public interface IRequestScheduler {
 
     /**
      * Request entered the request queue processing.
-     *
+     * 
      * @param r request
      */
     public void requestIn(IRequest r);
 
     /**
      * Request exited the request queue processing.
-     *
+     * 
      * @param r request
      */
     public void requestOut(IRequest r);
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestSubsystem.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestSubsystem.java
index c32c6698..164e84a3 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestSubsystem.java
@@ -17,14 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * This interface defines storage of request objects
  * in the local database.
  * <p>
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRequestSubsystem {
@@ -32,74 +31,75 @@ public interface IRequestSubsystem {
 
     /**
      * Creates a new request queue.
-	 * (Currently unimplemented.  Just use getRequestQueue to create
-	 * an in-memory queue.)
+     * (Currently unimplemented. Just use getRequestQueue to create
+     * an in-memory queue.)
      * <p>
+     * 
      * @param name The name of the queue object. This name can be used
-     *    in getRequestQueue to retrieve the queue later.
+     *            in getRequestQueue to retrieve the queue later.
      * @exception EBaseException failed to create request queue
      */
     public void createRequestQueue(String name)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Retrieves a request queue.  This operation should only be done
-     * once on each queue.  For example, the RA subsystem should retrieve
+     * Retrieves a request queue. This operation should only be done
+     * once on each queue. For example, the RA subsystem should retrieve
      * its queue, and store it somewhere for use by related services, and
      * servlets.
      * <p>
-     * WARNING: retrieving the same queue twice with result in multi-thread
-     * race conditions.
+     * WARNING: retrieving the same queue twice with result in multi-thread race conditions.
      * <p>
+     * 
      * @param name
-     *    the name of the request queue.  (Ex: "ca" "ra")
+     *            the name of the request queue. (Ex: "ca" "ra")
      * @param p
-     *    A policy enforcement module.  This object is called to make
-     *    adjustments to the request, and decide whether it needs agent
-     *    approval.
+     *            A policy enforcement module. This object is called to make
+     *            adjustments to the request, and decide whether it needs agent
+     *            approval.
      * @param s
-     *    The service object.  This object actually performs the request
-     *    after it is finalized and approved.
+     *            The service object. This object actually performs the request
+     *            after it is finalized and approved.
      * @param n
-     *    A notifier object (optional).  The notify() method of this object
-     *    is invoked when the request is completed (COMPLETE, REJECTED or
-     *    CANCELED states).
+     *            A notifier object (optional). The notify() method of this object
+     *            is invoked when the request is completed (COMPLETE, REJECTED or
+     *            CANCELED states).
      * @exception EBaseException failed to retrieve request queue
      */
     public IRequestQueue
-    getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n)
-        throws EBaseException;
+            getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n)
+                    throws EBaseException;
 
     /**
-     * Retrieves a request queue.  This operation should only be done
-     * once on each queue.  For example, the RA subsystem should retrieve
+     * Retrieves a request queue. This operation should only be done
+     * once on each queue. For example, the RA subsystem should retrieve
      * its queue, and store it somewhere for use by related services, and
      * servlets.
      * <p>
-     * WARNING: retrieving the same queue twice with result in multi-thread
-     * race conditions.
+     * WARNING: retrieving the same queue twice with result in multi-thread race conditions.
      * <p>
+     * 
      * @param name
-     *    the name of the request queue.  (Ex: "ca" "ra")
+     *            the name of the request queue. (Ex: "ca" "ra")
      * @param p
-     *    A policy enforcement module.  This object is called to make
-     *    adjustments to the request, and decide whether it needs agent
-     *    approval.
+     *            A policy enforcement module. This object is called to make
+     *            adjustments to the request, and decide whether it needs agent
+     *            approval.
      * @param s
-     *    The service object.  This object actually performs the request
-     *    after it is finalized and approved.
+     *            The service object. This object actually performs the request
+     *            after it is finalized and approved.
      * @param n
-     *    A notifier object (optional).  The notify() method of this object
-     *    is invoked when the request is completed (COMPLETE, REJECTED or
-     *    CANCELED states).
+     *            A notifier object (optional). The notify() method of this object
+     *            is invoked when the request is completed (COMPLETE, REJECTED or
+     *            CANCELED states).
      * @param pendingNotifier
-     *    A notifier object (optional).  Like the 'n' argument, except the
-     *    notification happens if the request is made PENDING.  May be the
-     *    same as the 'n' argument if desired.
+     *            A notifier object (optional). Like the 'n' argument, except the
+     *            notification happens if the request is made PENDING. May be the
+     *            same as the 'n' argument if desired.
      * @exception EBaseException failed to retrieve request queue
      */
     public IRequestQueue
-    getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n,
-        INotify pendingNotifier)
-        throws EBaseException;
+            getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n,
+                    INotify pendingNotifier)
+                    throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestVirtualList.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestVirtualList.java
index 4d877a77..540ec679 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestVirtualList.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestVirtualList.java
@@ -17,25 +17,25 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 /**
  * This interface defines access to request virtual list.
  * <p>
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRequestVirtualList {
 
     /**
-     * Gets the total size of the result set.  Elements of the
+     * Gets the total size of the result set. Elements of the
      * list are numbered from 0..(size-1)
-	 *
+     * 
      * @return size of the result set
      */
     int getSize();
 
     /**
      * Gets the element at the specified index
-	 *
+     * 
      * @param index index of the element
      * @return specified request
      */
@@ -43,7 +43,7 @@ public interface IRequestVirtualList {
 
     /**
      * Gets the current index
-	 *
+     * 
      * @return current index
      */
     int getCurrentIndex();
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IService.java b/pki/base/common/src/com/netscape/certsrv/request/IService.java
index aeaf757a..adf2c509 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IService.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IService.java
@@ -17,15 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * This interface defines how requests are serviced.
  * This covers certificate generation, revocation, renewals,
  * revocation checking, and much more.
  * <p>
+ * 
  * @version $Revision$, $Date$
  */
 public interface IService {
@@ -34,15 +33,16 @@ public interface IService {
      * Performs the service (such as certificate generation)
      * represented by this request.
      * <p>
+     * 
      * @param request
-     *    The request that needs service.  The service may use
-     *    attributes stored in the request, and may update the
-     *    values, or store new ones.
+     *            The request that needs service. The service may use
+     *            attributes stored in the request, and may update the
+     *            values, or store new ones.
      * @return
-     *    an indication of whether this request is still pending.
-     *    'false' means the request will wait for further notification.
+     *         an indication of whether this request is still pending.
+     *         'false' means the request will wait for further notification.
      * @exception EBaseException indicates major processing failure.
      */
     boolean serviceRequest(IRequest request)
-        throws EBaseException;
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/request/PolicyMessage.java b/pki/base/common/src/com/netscape/certsrv/request/PolicyMessage.java
index 13cec161..c21b8ca4 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/PolicyMessage.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/PolicyMessage.java
@@ -17,18 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A (localizable) message recorded by a policy module that describes
  * the reason for rejecting a request.
  * <p>
+ * 
  * @version $Revision$, $Date$
  */
 public class PolicyMessage
-    extends EBaseException {
+        extends EBaseException {
 
     /**
      *
@@ -38,6 +37,7 @@ public class PolicyMessage
     /**
      * Class constructor that registers policy message.
      * <p>
+     * 
      * @param message message string
      */
     public PolicyMessage(String message) {
diff --git a/pki/base/common/src/com/netscape/certsrv/request/PolicyResult.java b/pki/base/common/src/com/netscape/certsrv/request/PolicyResult.java
index 2750e3d8..c7cad94f 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/PolicyResult.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/PolicyResult.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 /**
  * This class defines results for policy actions.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public final class PolicyResult {
diff --git a/pki/base/common/src/com/netscape/certsrv/request/RequestId.java b/pki/base/common/src/com/netscape/certsrv/request/RequestId.java
index 01bd65d3..31681675 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/RequestId.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/RequestId.java
@@ -17,32 +17,34 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 /**
  * The RequestId class represents the identifier for a particular
- * request within a request queue.  This identifier may be used to
+ * request within a request queue. This identifier may be used to
  * retrieve the request object itself from the request queue.
  * <p>
+ * 
  * @version $Revision$ $Date$
  */
 public final class RequestId {
 
     /**
-     * Creates a new RequestId from its string representation. 
+     * Creates a new RequestId from its string representation.
      * <p>
-     * @param   id
-     *    a string containing the decimal (base 10) value for the identifier.
+     * 
+     * @param id
+     *            a string containing the decimal (base 10) value for the identifier.
      */
     public RequestId(String id) {
         mString = id;
     }
 
     /**
-     * Converts the RequestId into its string representation.  The string
+     * Converts the RequestId into its string representation. The string
      * form can be stored in a database (such as the LDAP directory)
      * <p>
+     * 
      * @return
-     *    a string containing the decimal (base 10) value for the identifier.
+     *         a string containing the decimal (base 10) value for the identifier.
      */
     public String toString() {
         return mString;
@@ -51,6 +53,7 @@ public final class RequestId {
     /**
      * Implements Object.hashCode.
      * <p>
+     * 
      * @return hash code of the object
      */
     public int hashCode() {
@@ -60,7 +63,8 @@ public final class RequestId {
     /**
      * Implements Object.equals.
      * <p>
-     * @param  obj object to compare
+     * 
+     * @param obj object to compare
      * @return true if objects are equal
      */
     public boolean equals(Object obj) {
diff --git a/pki/base/common/src/com/netscape/certsrv/request/RequestStatus.java b/pki/base/common/src/com/netscape/certsrv/request/RequestStatus.java
index ad3b91e7..f58a568d 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/RequestStatus.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/RequestStatus.java
@@ -17,21 +17,20 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 /**
  * The RequestStatus class represents the current state of a request
- * in a request queue.  The state of the request changes as actions
+ * in a request queue. The state of the request changes as actions
  * are performed on it.
- *
+ * 
  * The request is created in the BEGIN state, then general progresses
  * through the PENDING, APPROVED, SVC_PENDING, and COMPLETE states.
  * Some requests may bypass the PENDING state if no agent action is
  * required.
- *
- * Requests may be CANCELED (not implemented) or REJECTED.  These are
+ * 
+ * Requests may be CANCELED (not implemented) or REJECTED. These are
  * error conditions, and usually result because the request was invalid
  * or was not approved by an agent.
- *
+ * 
  * @version $Revision$ $Date$
  */
 public final class RequestStatus {
@@ -46,7 +45,7 @@ public final class RequestStatus {
     /**
      * The initial state of a request. Requests in this state have not
      * been review by policy.
-     *
+     * 
      * While in this state the source of the request (usually the servlet,
      * but it could be some other protocol module, such as email)
      * should populate the request with data need to service it.
@@ -57,7 +56,7 @@ public final class RequestStatus {
      * The state of a request that is waiting for action by an agent.
      * When the agent approves or rejects the request, process will
      * continue as appropriate.
-     *
+     * 
      * In this state there may be PolicyMessages present that indicate
      * the reason for the pending status.
      */
@@ -67,7 +66,7 @@ public final class RequestStatus {
      * The state of a request that has been approved by an agent, or
      * automatically by the policy engine, but have not been successfully
      * transmitted to the service module.
-     *
+     * 
      * These requests are resent to the service during the recovery
      * process that runs at server startup.
      */
@@ -75,24 +74,24 @@ public final class RequestStatus {
 
     /**
      * The state of a request that has been sent to the service, but
-     * has not been fully processed.  The service will invoke the
+     * has not been fully processed. The service will invoke the
      * serviceComplete() method to cause processing to continue.
      */
     public static RequestStatus SVC_PENDING =
-        new RequestStatus(SVC_PENDING_STRING);
+            new RequestStatus(SVC_PENDING_STRING);
 
     /**
-     * Not implemented.  This is intended to be a final state that is
+     * Not implemented. This is intended to be a final state that is
      * reached when a request is removed from the processing queue without
-     * normal notification occurring.  (see REJECTED)
+     * normal notification occurring. (see REJECTED)
      */
     public static RequestStatus CANCELED = new RequestStatus(CANCELED_STRING);
 
     /**
-     * The state of a request after it is rejected.  When a request is
+     * The state of a request after it is rejected. When a request is
      * rejected, the notifier is called prior to making the finl status
      * change.
-     *
+     * 
      * Rejected requests may have PolicyMessages indicating the reason for
      * the rejection, or AgentMessages, which allow the agent to give
      * reasons for the action.
@@ -100,8 +99,8 @@ public final class RequestStatus {
     public static RequestStatus REJECTED = new RequestStatus(REJECTED_STRING);
 
     /**
-     * The normal final state of a request.  The completion status attribute
-     * gives other information about the request.  The request is not
+     * The normal final state of a request. The completion status attribute
+     * gives other information about the request. The request is not
      * necessarily successful, but may indicated that service processing
      * did not succeed.
      */
@@ -111,19 +110,27 @@ public final class RequestStatus {
      * Converts a string name for a request status into the
      * request status enum object.
      * <p>
+     * 
      * @param s
-     *    The string representation of the state.
+     *            The string representation of the state.
      * @return
-     *    request status
+     *         request status
      */
     public static RequestStatus fromString(String s) {
-        if (s.equals(BEGIN_STRING)) return BEGIN;
-        if (s.equals(PENDING_STRING)) return PENDING;
-        if (s.equals(APPROVED_STRING)) return APPROVED;
-        if (s.equals(SVC_PENDING_STRING)) return SVC_PENDING;
-        if (s.equals(CANCELED_STRING)) return CANCELED;
-        if (s.equals(REJECTED_STRING)) return REJECTED;
-        if (s.equals(COMPLETE_STRING)) return COMPLETE;
+        if (s.equals(BEGIN_STRING))
+            return BEGIN;
+        if (s.equals(PENDING_STRING))
+            return PENDING;
+        if (s.equals(APPROVED_STRING))
+            return APPROVED;
+        if (s.equals(SVC_PENDING_STRING))
+            return SVC_PENDING;
+        if (s.equals(CANCELED_STRING))
+            return CANCELED;
+        if (s.equals(REJECTED_STRING))
+            return REJECTED;
+        if (s.equals(COMPLETE_STRING))
+            return COMPLETE;
 
         return null;
     }
@@ -131,16 +138,16 @@ public final class RequestStatus {
     /**
      * Returns the string form of the RequestStatus, which may be used
      * to record the status in a database.
-	 *
+     * 
      * @return request status
      */
     public String toString() {
         return mString;
     }
- 
+
     /**
      * Class constructor. Creates request status from the string.
-	 *
+     * 
      * @param string string describing request status
      */
     private RequestStatus(String string) {
@@ -151,21 +158,25 @@ public final class RequestStatus {
 
     /**
      * Compares request status with specified string.
-	 *
+     * 
      * @param string string describing request status
      */
     public boolean equals(String string) {
-        if (string.equals(mString)) return true;
-        else return false;
+        if (string.equals(mString))
+            return true;
+        else
+            return false;
     }
-  
+
     /**
      * Compares current request status with request status.
-	 *
+     * 
      * @param rs request status
      */
     public boolean equals(RequestStatus rs) {
-        if (mString.equals(rs.mString)) return true;
-        else return false;
+        if (mString.equals(rs.mString))
+            return true;
+        else
+            return false;
     }
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/request/ldap/IRequestMod.java b/pki/base/common/src/com/netscape/certsrv/request/ldap/IRequestMod.java
index 1fc0657f..c1e153a8 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/ldap/IRequestMod.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/ldap/IRequestMod.java
@@ -25,31 +25,31 @@ import com.netscape.certsrv.request.RequestStatus;
 /**
  * This interface defines how to update request record.
  * <p>
+ * 
  * @version $Revision$, $Date$
  */
-public interface IRequestMod
-{
-	/**
+public interface IRequestMod {
+    /**
      * Modifies request status.
-	 *
+     * 
      * @param r request
      * @param s request status
      */
-	void modRequestStatus(IRequest r, RequestStatus s);
+    void modRequestStatus(IRequest r, RequestStatus s);
 
-	/**
+    /**
      * Modifies request creation time.
-	 *
+     * 
      * @param r request
      * @param d date
      */
-	void modCreationTime(IRequest r, Date d);
+    void modCreationTime(IRequest r, Date d);
 
-	/**
+    /**
      * Modifies request modification time.
-	 *
+     * 
      * @param r request
      * @param d date
      */
-	void modModificationTime(IRequest r, Date d);
+    void modModificationTime(IRequest r, Date d);
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/security/Credential.java b/pki/base/common/src/com/netscape/certsrv/security/Credential.java
index 9aff49ad..48038a40 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/Credential.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/Credential.java
@@ -17,12 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.security;
 
-
 /**
  * A class represents a credential. A credential contains
  * information that identifies a user. In this case,
  * identifier and password are used.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class Credential implements java.io.Serializable {
@@ -36,7 +35,7 @@ public class Credential implements java.io.Serializable {
 
     /**
      * Constructs credential object.
-     *
+     * 
      * @param id user id
      * @param password user password
      */
@@ -44,10 +43,10 @@ public class Credential implements java.io.Serializable {
         mId = id;
         mPassword = password;
     }
-	
+
     /**
      * Retrieves identifier.
-     *
+     * 
      * @return user id
      */
     public String getIdentifier() {
@@ -56,7 +55,7 @@ public class Credential implements java.io.Serializable {
 
     /**
      * Retrieves password.
-     *
+     * 
      * @return user password
      */
     public String getPassword() {
diff --git a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java
index ab910b37..50a0e1a1 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.security;
 
-
 import java.io.IOException;
 import java.security.KeyPair;
 import java.security.cert.CertificateException;
@@ -37,11 +36,10 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.common.NameValuePairs;
 
-
 /**
  * This interface represents the cryptographics subsystem
  * that provides all the security related functions.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICryptoSubsystem extends ISubsystem {
@@ -51,7 +49,7 @@ public interface ICryptoSubsystem extends ISubsystem {
     /**
      * Retrieves a list of nicknames of certificates that are
      * in the installed tokens.
-     *
+     * 
      * @return a list of comma-separated nicknames
      * @exception EBaseException failed to retrieve nicknames
      */
@@ -59,7 +57,7 @@ public interface ICryptoSubsystem extends ISubsystem {
 
     /**
      * Retrieves certificate in pretty-print format by the nickname.
-     *
+     * 
      * @param nickname nickname of certificate
      * @param date not after of the returned certificate must be date
      * @param locale user locale
@@ -67,50 +65,53 @@ public interface ICryptoSubsystem extends ISubsystem {
      * @exception EBaseException failed to retrieve certificate
      */
     public String getCertPrettyPrint(String nickname, String date,
-        Locale locale) throws EBaseException;
+            Locale locale) throws EBaseException;
+
     public String getRootCertTrustBit(String nickname, String serialno,
-      String issuerName) throws EBaseException;
-    public String getCertPrettyPrint(String nickname, String serialno, 
-      String issuername, Locale locale) throws EBaseException;
-    public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, 
-      String issuername, Locale locale) throws EBaseException;
+            String issuerName) throws EBaseException;
+
+    public String getCertPrettyPrint(String nickname, String serialno,
+            String issuername, Locale locale) throws EBaseException;
+
+    public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno,
+            String issuername, Locale locale) throws EBaseException;
 
     /**
      * Retrieves the certificate in the pretty print format.
-     *
+     * 
      * @param b64E certificate in mime-64 encoded format
      * @param locale end user locale
      * @return certificate in pretty-print format
      * @exception EBaseException failed to retrieve certificate
      */
-    public String getCertPrettyPrint(String b64E, Locale locale) 
-        throws EBaseException;
+    public String getCertPrettyPrint(String b64E, Locale locale)
+            throws EBaseException;
 
     /**
      * Imports certificate into the server.
-     *
+     * 
      * @param b64E certificate in mime-64 encoded format
      * @param nickname nickname for the importing certificate
      * @param certType certificate type
      * @exception EBaseException failed to import certificate
      */
     public void importCert(String b64E, String nickname, String certType)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Imports certificate into the server.
-     *
+     * 
      * @param signedCert certificate
      * @param nickname nickname for the importing certificate
      * @param certType certificate type
      * @exception EBaseException failed to import certificate
      */
     public void importCert(X509CertImpl signedCert, String nickname,
-        String certType) throws EBaseException;
+            String certType) throws EBaseException;
 
     /**
      * Generates a key pair based on the given parameters.
-     *
+     * 
      * @param properties key parameters
      * @return key pair
      * @exception EBaseException failed to generate key pair
@@ -119,7 +120,7 @@ public interface ICryptoSubsystem extends ISubsystem {
 
     /**
      * Retrieves the key pair based on the given nickname.
-     *
+     * 
      * @param nickname nickname of the public key
      * @exception EBaseException failed to retrieve key pair
      */
@@ -127,7 +128,7 @@ public interface ICryptoSubsystem extends ISubsystem {
 
     /**
      * Generates a key pair based on the given parameters.
-     *
+     * 
      * @param tokenName name of token where key is generated
      * @param alg key algorithm
      * @param keySize key size
@@ -135,11 +136,11 @@ public interface ICryptoSubsystem extends ISubsystem {
      * @exception EBaseException failed to generate key pair
      */
     public KeyPair getKeyPair(String tokenName, String alg,
-        int keySize) throws EBaseException;
+            int keySize) throws EBaseException;
 
     /**
      * Generates a key pair based on the given parameters.
-     *
+     * 
      * @param tokenName name of token where key is generated
      * @param alg key algorithm
      * @param keySize key size
@@ -148,11 +149,11 @@ public interface ICryptoSubsystem extends ISubsystem {
      * @exception EBaseException failed to generate key pair
      */
     public KeyPair getKeyPair(String tokenName, String alg,
-        int keySize, PQGParams pqg) throws EBaseException;
+            int keySize, PQGParams pqg) throws EBaseException;
 
     /**
      * Generates an ECC key pair based on the given parameters.
-     *
+     * 
      * @param properties key parameters
      * @return key pair
      * @exception EBaseException failed to generate key pair
@@ -161,7 +162,7 @@ public interface ICryptoSubsystem extends ISubsystem {
 
     /**
      * Generates an ECC key pair based on the given parameters.
-     *
+     * 
      * @param token token name
      * @param curveName curve name
      * @param certType type of cert(sslserver etc..)
@@ -173,16 +174,16 @@ public interface ICryptoSubsystem extends ISubsystem {
     /**
      * Retrieves the signature algorithm of the certificate named
      * by the given nickname.
-     *
+     * 
      * @param nickname nickname of the certificate
      * @return signature algorithm
-     * @exception EBaseException failed to retrieve signature 
+     * @exception EBaseException failed to retrieve signature
      */
     public String getSignatureAlgorithm(String nickname) throws EBaseException;
 
     /**
      * Checks if the given dn is a valid distinguished name.
-     *
+     * 
      * @param dn distinguished name
      * @exception EBaseException failed to check
      */
@@ -192,7 +193,7 @@ public interface ICryptoSubsystem extends ISubsystem {
      * Retrieves CA's signing algorithm id. If it is DSA algorithm,
      * algorithm is constructed by reading the parameters
      * ca.dsaP, ca.dsaQ, ca.dsaG.
-     *
+     * 
      * @param algname DSA or RSA
      * @param store configuration store.
      * @return algorithm id
@@ -203,57 +204,57 @@ public interface ICryptoSubsystem extends ISubsystem {
     /**
      * Retrieves subject name of the certificate that is identified by
      * the given nickname.
-     *
+     * 
      * @param tokenname name of token where the nickname is valid
      * @param nickname nickname of the certificate
      * @return subject name
      * @exception EBaseException failed to get subject name
      */
     public String getCertSubjectName(String tokenname, String nickname)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves extensions of the certificate that is identified by
      * the given nickname.
-     *
+     * 
      * @param tokenname name of token where the nickname is valid
      * @param nickname nickname of the certificate
      * @return certificate extensions
      * @exception EBaseException failed to get extensions
      */
     public CertificateExtensions getExtensions(String tokenname, String nickname
-    )
-        throws EBaseException;
+            )
+                    throws EBaseException;
 
     /**
      * Deletes certificate of the given nickname.
-     *
+     * 
      * @param nickname nickname of the certificate
      * @param pathname path where a copy of the deleted certificate is stored
      * @exception EBaseException failed to delete certificate
      */
-    public void deleteTokenCertificate(String nickname, String pathname) 
-        throws EBaseException;
+    public void deleteTokenCertificate(String nickname, String pathname)
+            throws EBaseException;
 
     /**
      * Delete certificate of the given nickname.
-     *
+     * 
      * @param nickname nickname of the certificate
-     * @param notAfterTime The notAfter of the certificate. It 
-     *        is possible to ge t multiple certificates under 
-     *        the same nickname. If one of the certificates match 
-     *        the notAfterTime, then the certificate will get 
-     *        deleted. The format of the notAfterTime has to be 
-     *        in "MMMMM dd, yyyy HH:mm:ss" format.
+     * @param notAfterTime The notAfter of the certificate. It
+     *            is possible to ge t multiple certificates under
+     *            the same nickname. If one of the certificates match
+     *            the notAfterTime, then the certificate will get
+     *            deleted. The format of the notAfterTime has to be
+     *            in "MMMMM dd, yyyy HH:mm:ss" format.
      * @exception EBaseException failed to delete certificate
      */
-    public void deleteCert(String nickname, String notAfterTime) 
-        throws EBaseException;
+    public void deleteCert(String nickname, String notAfterTime)
+            throws EBaseException;
 
     /**
      * Retrieves the subject DN of the certificate identified by
      * the nickname.
-     *
+     * 
      * @param nickname nickname of the certificate
      * @return subject distinguished name
      * @exception EBaseException failed to retrieve subject DN
@@ -262,19 +263,19 @@ public interface ICryptoSubsystem extends ISubsystem {
 
     /**
      * Trusts a certificate for all available purposes.
-     *
+     * 
      * @param nickname nickname of the certificate
      * @param date certificate's not before
      * @param trust "Trust" or other
      * @exception EBaseException failed to trust certificate
      */
-    public void trustCert(String nickname, String date, String trust) 
-        throws EBaseException;
+    public void trustCert(String nickname, String date, String trust)
+            throws EBaseException;
 
     /**
      * Checks if the given base-64 encoded string contains an extension
      * or a sequence of extensions.
-     *
+     * 
      * @param ext extension or sequence of extension encoded in base-64
      * @exception EBaseException failed to check encoding
      */
@@ -282,16 +283,17 @@ public interface ICryptoSubsystem extends ISubsystem {
 
     /**
      * Gets all certificates on all tokens for Certificate Database Management.
-     *
+     * 
      * @return all certificates
      * @exception EBaseException failed to retrieve certificates
      */
     public NameValuePairs getAllCertsManage() throws EBaseException;
+
     public NameValuePairs getUserCerts() throws EBaseException;
 
     /**
      * Gets all CA certificates on all tokens.
-     *
+     * 
      * @return all CA certificates
      * @exception EBaseException failed to retrieve certificates
      */
@@ -300,17 +302,17 @@ public interface ICryptoSubsystem extends ISubsystem {
     public NameValuePairs getRootCerts() throws EBaseException;
 
     public void setRootCertTrust(String nickname, String serialno,
-      String issuername, String trust) throws EBaseException;
+            String issuername, String trust) throws EBaseException;
 
     public void deleteRootCert(String nickname, String serialno,
-      String issuername) throws EBaseException;
+            String issuername) throws EBaseException;
 
     public void deleteUserCert(String nickname, String serialno,
-      String issuername) throws EBaseException;
+            String issuername) throws EBaseException;
 
     /**
      * Retrieves PQG parameters based on key size.
-     *
+     * 
      * @param keysize key size
      * @return pqg parameters
      */
@@ -318,91 +320,91 @@ public interface ICryptoSubsystem extends ISubsystem {
 
     /**
      * Retrieves PQG parameters based on key size.
-     *
+     * 
      * @param keysize key size
      * @param store configuration store
      * @return pqg parameters
      */
     public PQGParams getCAPQG(int keysize, IConfigStore store)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves extensions of the certificate that is identified by
      * the given nickname.
-     *
+     * 
      * @param tokenname token name
      * @param nickname nickname
      * @return certificate extensions
      */
     public CertificateExtensions getCertExtensions(String tokenname, String nickname
-    )
-        throws NotInitializedException, TokenException, ObjectNotFoundException,
+            )
+                    throws NotInitializedException, TokenException, ObjectNotFoundException,
 
-            IOException, CertificateException;
+                    IOException, CertificateException;
 
     /**
      * Checks if the given token is logged in.
-     *
+     * 
      * @param name token name
      * @return true if token is logged in
-     * @exception EBaseException failed to login 
+     * @exception EBaseException failed to login
      */
     public boolean isTokenLoggedIn(String name) throws EBaseException;
 
     /**
      * Logs into token.
-     *
+     * 
      * @param tokenName name of the token
      * @param pwd token password
      * @exception EBaseException failed to login
      */
-    public void loggedInToken(String tokenName, String pwd) 
-        throws EBaseException;
+    public void loggedInToken(String tokenName, String pwd)
+            throws EBaseException;
 
     /**
      * Generates certificate request from the given key pair.
-     *
+     * 
      * @param subjectName subject name to use in the request
      * @param kp key pair that contains public key material
      * @return certificate request in base-64 encoded format
      * @exception EBaseException failed to generate request
      */
     public String getCertRequest(String subjectName, KeyPair kp)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Checks if fortezza is enabled.
-     *
+     * 
      * @return "true" if fortezza is enabled
      */
     public String isCipherFortezza() throws EBaseException;
 
     /**
      * Retrieves the SSL cipher version.
-     *
+     * 
      * @return cipher version (i.e. "cipherdomestic")
      */
     public String getCipherVersion() throws EBaseException;
 
     /**
      * Retrieves the cipher preferences.
-     *
+     * 
      * @return cipher preferences (i.e. "rc4export,rc2export,...")
      */
     public String getCipherPreferences() throws EBaseException;
 
     /**
      * Sets the current SSL cipher preferences.
-     *
+     * 
      * @param cipherPrefs cipher preferences (i.e. "rc4export,rc2export,...")
      * @exception EBaseException failed to set cipher preferences
      */
     public void setCipherPreferences(String cipherPrefs)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves a list of currently registered token names.
-     *
+     * 
      * @return list of token names
      * @exception EBaseException failed to retrieve token list
      */
@@ -411,7 +413,7 @@ public interface ICryptoSubsystem extends ISubsystem {
     /**
      * Retrieves all certificates. The result list will not
      * contain the token tag.
-     *
+     * 
      * @param name token name
      * @return list of certificates without token tag
      * @exception EBaseException failed to retrieve
@@ -420,7 +422,7 @@ public interface ICryptoSubsystem extends ISubsystem {
 
     /**
      * Retrieves the token name of the internal (software) token.
-     *
+     * 
      * @return the token name
      * @exception EBaseException failed to retrieve token name
      */
@@ -429,7 +431,7 @@ public interface ICryptoSubsystem extends ISubsystem {
     /**
      * Checks to see if the certificate of the given nickname is a
      * CA certificate.
-     *
+     * 
      * @param fullNickname nickname of the certificate to check
      * @return true if it is a CA certificate
      * @exception EBaseException failed to check
@@ -438,27 +440,27 @@ public interface ICryptoSubsystem extends ISubsystem {
 
     /**
      * Adds the specified number of bits of entropy from the system
-	 * entropy generator to the RNG of the default PKCS#11 RNG token.
+     * entropy generator to the RNG of the default PKCS#11 RNG token.
      * The default token is set using the modutil command.
-	 * Note that the system entropy generator (usually /dev/random)
-	 * will block until sufficient entropy is collected.
-     *
+     * Note that the system entropy generator (usually /dev/random)
+     * will block until sufficient entropy is collected.
+     * 
      * @param bits number of bits of entropy
      * @exception org.mozilla.jss.util.NotImplementedException If the Crypto device does not support
-     *             adding entropy
-	 * @exception TokenException If there was some other problem with the Crypto device
-	 * @exception IOException If there was a problem reading from the /dev/random
+     *                adding entropy
+     * @exception TokenException If there was some other problem with the Crypto device
+     * @exception IOException If there was a problem reading from the /dev/random
      */
 
     public void addEntropy(int bits)
-    throws org.mozilla.jss.util.NotImplementedException,
+            throws org.mozilla.jss.util.NotImplementedException,
             IOException,
             TokenException;
 
     /**
      * Signs the certificate template into the given data and returns
      * a signed certificate.
-     *
+     * 
      * @param data data that contains certificate template
      * @param certType certificate type
      * @param priKey CA signing key
diff --git a/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java b/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
index 984425a5..e318188a 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
@@ -17,24 +17,22 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.security;
 
-
 import java.security.PublicKey;
 
 import org.mozilla.jss.crypto.PrivateKey;
 
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * An interface represents a encryption unit.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IEncryptionUnit extends IToken {
 
     /**
      * Retrieves the public key in this unit.
-     *
+     * 
      * @return public key
      */
     public PublicKey getPublicKey();
@@ -42,16 +40,16 @@ public interface IEncryptionUnit extends IToken {
     /**
      * Wraps data. The given key will be wrapped by the
      * private key in this unit.
-     *
+     * 
      * @param priKey private key to be wrapped
-     * @return wrapped data 
+     * @return wrapped data
      * @exception EBaseException failed to wrap
      */
     public byte[] wrap(PrivateKey priKey) throws EBaseException;
 
     /**
-     * Verifies the given key pair. 
-     *  
+     * Verifies the given key pair.
+     * 
      * @param publicKey public key
      * @param privateKey private key
      */
@@ -61,9 +59,9 @@ public interface IEncryptionUnit extends IToken {
     /**
      * Unwraps data. This method rebuilds the private key by
      * unwrapping the private key data.
-     *
+     * 
      * @param sessionKey session key that unwrap the private key
-     * @param symmAlgOID symmetric algorithm 
+     * @param symmAlgOID symmetric algorithm
      * @param symmAlgParams symmetric algorithm parameters
      * @param privateKey private key data
      * @param pubKey public key
@@ -71,56 +69,56 @@ public interface IEncryptionUnit extends IToken {
      * @exception EBaseException failed to unwrap
      */
     public PrivateKey unwrap(byte sessionKey[], String symmAlgOID,
-        byte symmAlgParams[], byte privateKey[], 
-        PublicKey pubKey)
-        throws EBaseException;
+            byte symmAlgParams[], byte privateKey[],
+            PublicKey pubKey)
+            throws EBaseException;
 
     /**
      * Unwraps data. This method rebuilds the private key by
      * unwrapping the private key data.
-     *
+     * 
      * @param privateKey private key data
      * @param pubKey public key object
      * @return private key object
      * @exception EBaseException failed to unwrap
      */
     public PrivateKey unwrap(byte privateKey[], PublicKey pubKey)
-        throws EBaseException;
-	
+            throws EBaseException;
+
     /**
      * Encrypts the internal private key (private key to the KRA's
      * internal storage).
-     *
+     * 
      * @param rawPrivate user's private key (key to be archived)
      * @return encrypted data
      * @exception EBaseException failed to encrypt
      */
     public byte[] encryptInternalPrivate(byte rawPrivate[])
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Decrypts the internal private key (private key from the KRA's
      * internal storage).
-     *
+     * 
      * @param wrappedPrivateData unwrapped private key data (key to be recovered)
      * @return raw private key
      * @exception EBaseException failed to decrypt
      */
     public byte[] decryptInternalPrivate(byte wrappedPrivateData[])
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Decrypts the external private key (private key from the end-user).
-     *
+     * 
      * @param sessionKey session key that protects the user private
-     * @param symmAlgOID symmetric algorithm 
+     * @param symmAlgOID symmetric algorithm
      * @param symmAlgParams symmetric algorithm parameters
      * @param privateKey private key data
      * @return private key data
      * @exception EBaseException failed to decrypt
      */
-    public byte[] decryptExternalPrivate(byte sessionKey[], 
-        String symmAlgOID,
-        byte symmAlgParams[], byte privateKey[])
-        throws EBaseException;
+    public byte[] decryptExternalPrivate(byte sessionKey[],
+            String symmAlgOID,
+            byte symmAlgParams[], byte privateKey[])
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java b/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java
index 664d5c1f..7fbed0b6 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.security;
 
-
 import java.security.PublicKey;
 
 import netscape.security.x509.X509CertImpl;
@@ -30,7 +29,7 @@ import com.netscape.certsrv.base.EBaseException;
 /**
  * A class represents the signing unit which is
  * capable of signing data.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ISigningUnit {
@@ -46,11 +45,11 @@ public interface ISigningUnit {
     /**
      * Retrieves the nickname of the signing certificate.
      */
-    public String getNickname(); 
+    public String getNickname();
 
     /**
      * Retrieves the new nickname in the renewal process.
-     *
+     * 
      * @return new nickname
      * @exception EBaseException failed to get new nickname
      */
@@ -58,39 +57,39 @@ public interface ISigningUnit {
 
     /**
      * Sets new nickname of the signing certificate.
-     *
+     * 
      * @param name nickname
      */
     public void setNewNickName(String name);
 
     /**
      * Retrieves the signing certificate.
-     *
+     * 
      * @return signing certificate
      */
     public X509Certificate getCert();
 
     /**
      * Retrieves the signing certificate.
-     *
+     * 
      * @return signing certificate
      */
     public X509CertImpl getCertImpl();
 
     /**
      * Signs the given data in specific algorithm.
-     *
+     * 
      * @param data data to be signed
      * @param algname signing algorithm to be used
      * @return signed data
      * @exception EBaseException failed to sign
      */
     public byte[] sign(byte[] data, String algname)
-        throws EBaseException;
-	
+            throws EBaseException;
+
     /**
      * Verifies the signed data.
-     *
+     * 
      * @param data signed data
      * @param signature signature
      * @param algname signing algorithm
@@ -98,18 +97,18 @@ public interface ISigningUnit {
      * @exception EBaseException failed to verify
      */
     public boolean verify(byte[] data, byte[] signature, String algname)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves the default algorithm.
-     *
+     * 
      * @return default signing algorithm
      */
     public SignatureAlgorithm getDefaultSignatureAlgorithm();
 
     /**
      * Retrieves the default algorithm name.
-     *
+     * 
      * @return default signing algorithm name
      */
     public String getDefaultAlgorithm();
@@ -124,15 +123,15 @@ public interface ISigningUnit {
 
     /**
      * Retrieves all supported signing algorithm of this unit.
-     *
+     * 
      * @return a list of signing algorithms
      * @exception EBaseException failed to list
-     */ 
+     */
     public String[] getAllAlgorithms() throws EBaseException;
 
     /**
      * Retrieves the token name of this unit.
-     *
+     * 
      * @return token name
      * @exception EBaseException failed to retrieve name
      */
@@ -140,7 +139,7 @@ public interface ISigningUnit {
 
     /**
      * Updates new nickname and tokename in the configuration file.
-     *
+     * 
      * @param nickname new nickname
      * @param tokenname new tokenname
      */
@@ -148,19 +147,18 @@ public interface ISigningUnit {
 
     /**
      * Checks if the given algorithm name is supported.
-     *
+     * 
      * @param algname algorithm name
      * @return signing algorithm
      * @exception EBaseException failed to check signing algorithm
      */
     public SignatureAlgorithm checkSigningAlgorithmFromName(String algname)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves the public key associated in this unit.
-     *
+     * 
      * @return public key
      */
     public PublicKey getPublicKey();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java b/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java
index 02ebc616..336bf57a 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java
@@ -17,26 +17,24 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.security;
 
-
 import java.util.Enumeration;
 
 import org.mozilla.jss.crypto.CryptoToken;
 
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * An interface represents a storage key unit. This storage
  * unit contains a storage key pair that is used for
  * encrypting the user private key for long term storage.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IStorageKeyUnit extends IEncryptionUnit {
 
     /**
      * Retrieves total number of recovery agents.
-     *
+     * 
      * @return total number of recovery agents
      */
     public int getNoOfAgents() throws EBaseException;
@@ -51,33 +49,33 @@ public interface IStorageKeyUnit extends IEncryptionUnit {
 
     /**
      * Sets the numer of required recovery agents
-     *
+     * 
      * @param number number of required agents
      */
     public void setNoOfRequiredAgents(int number);
 
     /**
      * Retrieves a list of agents in this unit.
-     *
+     * 
      * @return a list of string-based agent identifiers
      */
     public Enumeration getAgentIdentifiers();
 
     /**
      * Changes agent password.
-     *
+     * 
      * @param id agent id
      * @param oldpwd old password
      * @param newpwd new password
      * @return true if operation successful
      * @exception EBaseException failed to change password
      */
-    public boolean changeAgentPassword(String id, String oldpwd, 
-        String newpwd) throws EBaseException;
+    public boolean changeAgentPassword(String id, String oldpwd,
+            String newpwd) throws EBaseException;
 
     /**
      * Changes M-N recovery scheme.
-     *
+     * 
      * @param n total number of agents
      * @param m required number of agents for recovery operation
      * @param oldcreds all old credentials
@@ -86,11 +84,11 @@ public interface IStorageKeyUnit extends IEncryptionUnit {
      * @exception EBaseException failed to change schema
      */
     public boolean changeAgentMN(int n, int m, Credential oldcreds[],
-        Credential newcreds[]) throws EBaseException;
-	
+            Credential newcreds[]) throws EBaseException;
+
     /**
      * Logins to this unit.
-     *
+     * 
      * @param ac agent's credentials
      * @exception EBaseException failed to login
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/security/IToken.java b/pki/base/common/src/com/netscape/certsrv/security/IToken.java
index 0b79cfcf..05aff64f 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/IToken.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/IToken.java
@@ -17,20 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.security;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * An interface represents a generic token unit.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IToken {
 
     /**
      * Logins to the token unit.
-     *
+     * 
      * @param pin password to access the token
      * @exception EBaseException failed to login to this token
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java
index 2edfa12a..0a012e8a 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.security;
 
-
 import java.security.PublicKey;
 
 import org.mozilla.jss.crypto.CryptoToken;
@@ -26,27 +25,32 @@ import org.mozilla.jss.crypto.SymmetricKey;
 
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
- * An interface represents the transport key pair. 
- * This key pair is used to protected EE's private 
+ * An interface represents the transport key pair.
+ * This key pair is used to protected EE's private
  * key in transit.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ITransportKeyUnit extends IEncryptionUnit {
 
     /**
      * Retrieves public key.
-     *
+     * 
      * @return certificate
      */
     public org.mozilla.jss.crypto.X509Certificate getCertificate();
+
     public SymmetricKey unwrap_sym(byte encSymmKey[]);
+
     public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[]);
+
     public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey
-	  pubKey) throws EBaseException;
+            pubKey) throws EBaseException;
+
     public CryptoToken getToken();
-    public String getSigningAlgorithm() throws EBaseException; 
-    public void setSigningAlgorithm(String str) throws EBaseException; 
+
+    public String getSigningAlgorithm() throws EBaseException;
+
+    public void setSigningAlgorithm(String str) throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java b/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java
index 484e5e73..dbcc0118 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.security;
 
-
 import java.math.BigInteger;
 import java.security.KeyPair;
 import java.util.Properties;
@@ -53,7 +52,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves the key pair from this container.
-     *
+     * 
      * @return key pair
      */
     public KeyPair getKeyPair() {
@@ -62,7 +61,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets key pair into this container.
-     *
+     * 
      * @param keypair key pair
      */
     public void setKeyPair(KeyPair keypair) {
@@ -71,7 +70,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves the issuer name from this container.
-     *
+     * 
      * @return issuer name
      */
     public String getIssuerName() {
@@ -80,7 +79,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets the issuer name in this container.
-     *
+     * 
      * @param name issuer name
      */
     public void setIssuerName(String name) {
@@ -89,7 +88,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves certificate server instance name.
-     *
+     * 
      * @return instance name
      */
     public String getCertInstanceName() {
@@ -98,7 +97,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets certificate server instance name.
-     *
+     * 
      * @param name instance name
      */
     public void setCertInstanceName(String name) {
@@ -107,16 +106,16 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves certificate nickname.
-     *
+     * 
      * @return certificate nickname
      */
     public String getCertNickname() {
         return (String) get(Constants.PR_NICKNAME);
     }
-    
+
     /**
      * Sets certificate nickname.
-     *
+     * 
      * @param nickname certificate nickname
      */
     public void setCertNickname(String nickname) {
@@ -125,7 +124,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves key length.
-     *
+     * 
      * @return key length
      */
     public String getKeyLength() {
@@ -134,7 +133,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets key length.
-     *
+     * 
      * @param len key length
      */
     public void setKeyLength(String len) {
@@ -143,7 +142,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves key type.
-     *
+     * 
      * @return key type
      */
     public String getKeyType() {
@@ -152,7 +151,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets key type.
-     *
+     * 
      * @param type key type
      */
     public void setKeyType(String type) {
@@ -161,7 +160,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves key curve name.
-     *
+     * 
      * @return key curve name
      */
     public String getKeyCurveName() {
@@ -170,7 +169,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets key curvename.
-     *
+     * 
      * @param len key curvename
      */
     public void setKeyCurveName(String len) {
@@ -179,7 +178,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves signature algorithm.
-     *
+     * 
      * @return signature algorithm
      */
     public SignatureAlgorithm getSignatureAlgorithm() {
@@ -188,7 +187,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets signature algorithm
-     *
+     * 
      * @param alg signature algorithm
      */
     public void setSignatureAlgorithm(SignatureAlgorithm alg) {
@@ -197,7 +196,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves algorithm used to sign the root CA Cert.
-     *
+     * 
      * @return signature algorithm
      */
     public String getSignedBy() {
@@ -206,7 +205,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets signature algorithm used to sign root CA cert
-     *
+     * 
      * @param alg signature algorithm
      */
     public void setSignedBy(String alg) {
@@ -215,7 +214,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves signature algorithm.
-     *
+     * 
      * @return signature algorithm
      */
     public AlgorithmId getAlgorithmId() {
@@ -224,7 +223,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets algorithm identifier
-     *
+     * 
      * @param id signature algorithm
      */
     public void setAlgorithmId(AlgorithmId id) {
@@ -233,7 +232,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves serial number.
-     *
+     * 
      * @return serial number
      */
     public BigInteger getSerialNumber() {
@@ -242,7 +241,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets serial number.
-     *
+     * 
      * @param num serial number
      */
     public void setSerialNumber(BigInteger num) {
@@ -251,16 +250,16 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves configuration file.
-     *
+     * 
      * @return configuration file
      */
     public IConfigStore getConfigFile() {
-        return (IConfigStore)(get("cmsFile"));
+        return (IConfigStore) (get("cmsFile"));
     }
 
     /**
      * Sets configuration file.
-     *
+     * 
      * @param file configuration file
      */
     public void setConfigFile(IConfigStore file) {
@@ -269,7 +268,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves begining year of validity.
-     *
+     * 
      * @return begining year
      */
     public String getBeginYear() {
@@ -278,7 +277,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets begining year of validity.
-     *
+     * 
      * @param year begining year
      */
     public void setBeginYear(String year) {
@@ -287,7 +286,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves ending year of validity.
-     *
+     * 
      * @return ending year
      */
     public String getAfterYear() {
@@ -296,7 +295,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets ending year of validity.
-     *
+     * 
      * @param year ending year
      */
     public void setAfterYear(String year) {
@@ -305,7 +304,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves begining month of validity.
-     *
+     * 
      * @return begining month
      */
     public String getBeginMonth() {
@@ -314,7 +313,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets begining month of validity.
-     *
+     * 
      * @param month begining month
      */
     public void setBeginMonth(String month) {
@@ -323,7 +322,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves ending month of validity.
-     *
+     * 
      * @return ending month
      */
     public String getAfterMonth() {
@@ -332,7 +331,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets ending month of validity.
-     *
+     * 
      * @param month ending month
      */
     public void setAfterMonth(String month) {
@@ -341,7 +340,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves begining date of validity.
-     *
+     * 
      * @return begining date
      */
     public String getBeginDate() {
@@ -350,7 +349,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets begining date of validity.
-     *
+     * 
      * @param date begining date
      */
     public void setBeginDate(String date) {
@@ -359,7 +358,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves ending date of validity.
-     *
+     * 
      * @return ending date
      */
     public String getAfterDate() {
@@ -368,7 +367,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets ending date of validity.
-     *
+     * 
      * @param date ending date
      */
     public void setAfterDate(String date) {
@@ -377,7 +376,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves starting hour of validity.
-     *
+     * 
      * @return starting hour
      */
     public String getBeginHour() {
@@ -386,7 +385,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets starting hour of validity.
-     *
+     * 
      * @param hour starting hour
      */
     public void setBeginHour(String hour) {
@@ -395,7 +394,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves ending hour of validity.
-     *
+     * 
      * @return ending hour
      */
     public String getAfterHour() {
@@ -404,7 +403,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets ending hour of validity.
-     *
+     * 
      * @param hour ending hour
      */
     public void setAfterHour(String hour) {
@@ -413,16 +412,16 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves starting minute of validity.
-     *
+     * 
      * @return starting minute
      */
     public String getBeginMin() {
         return (String) get(Constants.PR_BEGIN_MIN);
     }
-  
+
     /**
      * Sets starting minute of validity.
-     *
+     * 
      * @param min starting minute
      */
     public void setBeginMin(String min) {
@@ -431,7 +430,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves ending minute of validity.
-     *
+     * 
      * @return ending minute
      */
     public String getAfterMin() {
@@ -440,7 +439,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets ending minute of validity.
-     *
+     * 
      * @param min ending minute
      */
     public void setAfterMin(String min) {
@@ -449,7 +448,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves starting second of validity.
-     *
+     * 
      * @return starting second
      */
     public String getBeginSec() {
@@ -458,7 +457,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets starting second of validity.
-     *
+     * 
      * @param sec starting second
      */
     public void setBeginSec(String sec) {
@@ -467,7 +466,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves ending second of validity.
-     *
+     * 
      * @return ending second
      */
     public String getAfterSec() {
@@ -476,7 +475,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets ending second of validity.
-     *
+     * 
      * @param sec ending second
      */
     public void setAfterSec(String sec) {
@@ -485,7 +484,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves CA key pair
-     *
+     * 
      * @return CA key pair
      */
     public KeyPair getCAKeyPair() {
@@ -494,7 +493,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets CA key pair
-     *
+     * 
      * @param keypair key pair
      */
     public void setCAKeyPair(KeyPair keypair) {
@@ -503,7 +502,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves extensions
-     *
+     * 
      * @return extensions
      */
     public String getDerExtension() {
@@ -512,7 +511,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets extensions
-     *
+     * 
      * @param ext extensions
      */
     public void setDerExtension(String ext) {
@@ -521,7 +520,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves isCA
-     *
+     * 
      * @return "true" if it is CA
      */
     public String isCA() {
@@ -530,7 +529,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets isCA
-     *
+     * 
      * @param ext "true" if it is CA
      */
     public void setCA(String ext) {
@@ -539,7 +538,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves key length
-     *
+     * 
      * @return certificate's key length
      */
     public String getCertLen() {
@@ -548,7 +547,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets key length
-     *
+     * 
      * @param len certificate's key length
      */
     public void setCertLen(String len) {
@@ -557,7 +556,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves SSL Client bit
-     *
+     * 
      * @return SSL Client bit
      */
     public String getSSLClientBit() {
@@ -566,7 +565,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets SSL Client bit
-     *
+     * 
      * @param sslClientBit SSL Client bit
      */
     public void setSSLClientBit(String sslClientBit) {
@@ -575,7 +574,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves SSL Server bit
-     *
+     * 
      * @return SSL Server bit
      */
     public String getSSLServerBit() {
@@ -584,7 +583,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets SSL Server bit
-     *
+     * 
      * @param sslServerBit SSL Server bit
      */
     public void setSSLServerBit(String sslServerBit) {
@@ -593,7 +592,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves SSL Mail bit
-     *
+     * 
      * @return SSL Mail bit
      */
     public String getSSLMailBit() {
@@ -602,7 +601,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets SSL Mail bit
-     *
+     * 
      * @param sslMailBit SSL Mail bit
      */
     public void setSSLMailBit(String sslMailBit) {
@@ -611,7 +610,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves SSL CA bit
-     *
+     * 
      * @return SSL CA bit
      */
     public String getSSLCABit() {
@@ -620,7 +619,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets SSL CA bit
-     *
+     * 
      * @param cabit SSL CA bit
      */
     public void setSSLCABit(String cabit) {
@@ -629,16 +628,16 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves SSL Signing bit
-     *
+     * 
      * @return SSL Signing bit
      */
     public String getObjectSigningBit() {
         return (String) get(Constants.PR_OBJECT_SIGNING_BIT);
     }
 
-    /** 
+    /**
      * Retrieves Time Stamping bit
-     *
+     * 
      * @return Time Stamping bit
      */
     public String getTimeStampingBit() {
@@ -647,7 +646,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets SSL Signing bit
-     *
+     * 
      * @param objectSigningBit SSL Signing bit
      */
     public void setObjectSigningBit(String objectSigningBit) {
@@ -656,7 +655,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves SSL Mail CA bit
-     *
+     * 
      * @return SSL Mail CA bit
      */
     public String getMailCABit() {
@@ -665,7 +664,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets SSL Mail CA bit
-     *
+     * 
      * @param mailCABit SSL Mail CA bit
      */
     public void setMailCABit(String mailCABit) {
@@ -674,7 +673,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves SSL Object Signing bit
-     *
+     * 
      * @return SSL Object Signing bit
      */
     public String getObjectSigningCABit() {
@@ -683,7 +682,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets SSL Object Signing bit
-     *
+     * 
      * @param bit SSL Object Signing bit
      */
     public void setObjectSigningCABit(String bit) {
@@ -692,7 +691,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves OCSP Signing flag
-     *
+     * 
      * @return OCSP Signing flag
      */
     public String getOCSPSigning() {
@@ -701,7 +700,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets OCSP Signing flag
-     *
+     * 
      * @param aki OCSP Signing flag
      */
     public void setOCSPSigning(String aki) {
@@ -710,7 +709,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves OCSP No Check flag
-     *
+     * 
      * @return OCSP No Check flag
      */
     public String getOCSPNoCheck() {
@@ -719,7 +718,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets OCSP No Check flag
-     *
+     * 
      * @param noCheck OCSP No Check flag
      */
     public void setOCSPNoCheck(String noCheck) {
@@ -728,7 +727,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves Authority Information Access flag
-     *
+     * 
      * @return Authority Information Access flag
      */
     public String getAIA() {
@@ -737,7 +736,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets Authority Information Access flag
-     *
+     * 
      * @param aia Authority Information Access flag
      */
     public void setAIA(String aia) {
@@ -746,7 +745,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves Authority Key Identifier flag
-     *
+     * 
      * @return Authority Key Identifier flag
      */
     public String getAKI() {
@@ -755,7 +754,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets Authority Key Identifier flag
-     *
+     * 
      * @param aki Authority Key Identifier flag
      */
     public void setAKI(String aki) {
@@ -764,7 +763,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves Subject Key Identifier flag
-     *
+     * 
      * @return Subject Key Identifier flag
      */
     public String getSKI() {
@@ -773,7 +772,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets Subject Key Identifier flag
-     *
+     * 
      * @param ski Subject Key Identifier flag
      */
     public void setSKI(String ski) {
@@ -782,7 +781,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves key usage extension
-     *
+     * 
      * @return true if key usage extension set
      */
     public boolean getKeyUsageExtension() {
@@ -795,7 +794,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets CA extensions
-     *
+     * 
      * @param ext CA extensions
      */
     public void setCAExtensions(CertificateExtensions ext) {
@@ -804,7 +803,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves CA extensions
-     *
+     * 
      * @return CA extensions
      */
     public CertificateExtensions getCAExtensions() {
@@ -813,11 +812,10 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves hash type
-     *
+     * 
      * @return hash type
      */
     public String getHashType() {
         return (String) get(ConfigConstants.PR_HASH_TYPE);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/EDuplicateSelfTestException.java b/pki/base/common/src/com/netscape/certsrv/selftests/EDuplicateSelfTestException.java
index d0f6b4c3..958919e1 100644
--- a/pki/base/common/src/com/netscape/certsrv/selftests/EDuplicateSelfTestException.java
+++ b/pki/base/common/src/com/netscape/certsrv/selftests/EDuplicateSelfTestException.java
@@ -20,13 +20,10 @@
 
 package com.netscape.certsrv.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -35,20 +32,18 @@ package com.netscape.certsrv.selftests;
  * This class implements a duplicate self test exception.
  * EDuplicateSelfTestExceptions are derived from ESelfTestExceptions
  * in order to allow users to easily do self tests without try-catch clauses.
- *
+ * 
  * EDuplicateSelfTestExceptions should be caught by SelfTestSubsystem managers.
  * <P>
  * 
  * @version $Revision$, $Date$
  */
 public class EDuplicateSelfTestException
-    extends ESelfTestException {
+        extends ESelfTestException {
     ////////////////////////
     // default parameters //
     ////////////////////////
 
-
-
     ///////////////////////
     // helper parameters //
     ///////////////////////
@@ -66,14 +61,10 @@ public class EDuplicateSelfTestException
     // EDuplicateSelfTestException parameters //
     ////////////////////////////////////////////
 
-
-
     ///////////////////////////////////////////////
     // ESelfTestException parameters (inherited) //
     ///////////////////////////////////////////////
 
-
-
     /////////////////////
     // default methods //
     /////////////////////
@@ -81,13 +72,13 @@ public class EDuplicateSelfTestException
     /**
      * Constructs a "duplicate" self test exception.
      * <P>
-     *
+     * 
      * @param instanceName duplicate "instanceName" exception details
      */
     public EDuplicateSelfTestException(String instanceName) {
         super("The self test plugin property named "
-            + instanceName
-            + " already exists.");
+                + instanceName
+                + " already exists.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -103,17 +94,17 @@ public class EDuplicateSelfTestException
      * Constructs a "duplicate" self test exception where the value is always
      * a duplicate from a name/value pair
      * <P>
-     *
+     * 
      * @param instanceName duplicate "instanceName" exception details
      * @param instanceValue duplicate "instanceValue" exception details
      */
     public EDuplicateSelfTestException(String instanceName,
-        String instanceValue) {
+            String instanceValue) {
         super("The self test plugin property named "
-            + instanceName
-            + " contains a value of "
-            + instanceValue
-            + " which already exists.");
+                + instanceName
+                + " contains a value of "
+                + instanceValue
+                + " which already exists.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -134,18 +125,18 @@ public class EDuplicateSelfTestException
      * duplicate from a substore.parameter/value pair; (the value passed in may
      * be null).
      * <P>
-     *
+     * 
      * @param instanceStore duplicate "instanceStore" exception details
      * @param instanceParameter duplicate "instanceParameter" exception details
      * @param instanceValue duplicate "instanceValue" exception details
-     * (may be null)
+     *            (may be null)
      */
     public EDuplicateSelfTestException(String instanceStore,
-        String instanceParameter,
-        String instanceValue) {
+            String instanceParameter,
+            String instanceValue) {
         super("The self test plugin property named "
-            + instanceStore + "." + instanceParameter
-            + " is a duplicate.");
+                + instanceStore + "." + instanceParameter
+                + " is a duplicate.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -172,7 +163,7 @@ public class EDuplicateSelfTestException
     /**
      * Returns the instance name associated with this self test.
      * <P>
-     *
+     * 
      * @return name portion of the name/value pair
      */
     public String getInstanceName() {
@@ -182,7 +173,7 @@ public class EDuplicateSelfTestException
     /**
      * Returns the store associated with this self test.
      * <P>
-     *
+     * 
      * @return substore portion of the substore.parameter/value pair
      */
     public String getInstanceStore() {
@@ -192,7 +183,7 @@ public class EDuplicateSelfTestException
     /**
      * Returns the parameter associated with this self test.
      * <P>
-     *
+     * 
      * @return parameter portion of the substore.parameter/value pair
      */
     public String getInstanceParameter() {
@@ -202,7 +193,7 @@ public class EDuplicateSelfTestException
     /**
      * Returns the value associated with this self test.
      * <P>
-     *
+     * 
      * @return value portion of the name/value pair
      */
     public String getInstanceValue() {
@@ -213,8 +204,6 @@ public class EDuplicateSelfTestException
     // EDuplicateSelfTestException methods //
     /////////////////////////////////////////
 
-
-
     ////////////////////////////////////////////
     // ESelfTestException methods (inherited) //
     ////////////////////////////////////////////
@@ -225,4 +214,3 @@ public class EDuplicateSelfTestException
      * public ESelfTestException( String msg );
      */
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/EInvalidSelfTestException.java b/pki/base/common/src/com/netscape/certsrv/selftests/EInvalidSelfTestException.java
index 11907695..58592b89 100644
--- a/pki/base/common/src/com/netscape/certsrv/selftests/EInvalidSelfTestException.java
+++ b/pki/base/common/src/com/netscape/certsrv/selftests/EInvalidSelfTestException.java
@@ -20,13 +20,10 @@
 
 package com.netscape.certsrv.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -35,20 +32,18 @@ package com.netscape.certsrv.selftests;
  * This class implements an invalid self test exception.
  * EInvalidSelfTestExceptions are derived from ESelfTestExceptions
  * in order to allow users to easily do self tests without try-catch clauses.
- *
+ * 
  * EInvalidSelfTestExceptions should be caught by SelfTestSubsystem managers.
  * <P>
  * 
  * @version $Revision$, $Date$
  */
 public class EInvalidSelfTestException
-    extends ESelfTestException {
+        extends ESelfTestException {
     ////////////////////////
     // default parameters //
     ////////////////////////
 
-
-
     ///////////////////////
     // helper parameters //
     ///////////////////////
@@ -66,14 +61,10 @@ public class EInvalidSelfTestException
     // EInvalidSelfTestException parameters //
     //////////////////////////////////////////
 
-
-
     ///////////////////////////////////////////////
     // ESelfTestException parameters (inherited) //
     ///////////////////////////////////////////////
 
-
-
     /////////////////////
     // default methods //
     /////////////////////
@@ -81,13 +72,13 @@ public class EInvalidSelfTestException
     /**
      * Constructs an "invalid" self test exception.
      * <P>
-     *
+     * 
      * @param instanceName invalid "instanceName" exception details
      */
     public EInvalidSelfTestException(String instanceName) {
         super("The self test plugin named "
-            + instanceName
-            + " is invalid.");
+                + instanceName
+                + " is invalid.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -103,17 +94,17 @@ public class EInvalidSelfTestException
      * Constructs a "invalid" self test exception where the value is always
      * invalid from a name/value pair
      * <P>
-     *
+     * 
      * @param instanceName invalid "instanceName" exception details
      * @param instanceValue invalid "instanceValue" exception details
      */
     public EInvalidSelfTestException(String instanceName,
-        String instanceValue) {
+            String instanceValue) {
         super("The self test plugin named "
-            + instanceName
-            + " contains a value "
-            + instanceValue
-            + " which is invalid.");
+                + instanceName
+                + " contains a value "
+                + instanceValue
+                + " which is invalid.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -134,18 +125,18 @@ public class EInvalidSelfTestException
      * invalid from a substore.parameter/value pair; (the value passed in may
      * be null).
      * <P>
-     *
+     * 
      * @param instanceStore invalid "instanceStore" exception details
      * @param instanceParameter invalid "instanceParameter" exception details
      * @param instanceValue invalid "instanceValue" exception details
-     * (may be null)
+     *            (may be null)
      */
     public EInvalidSelfTestException(String instanceStore,
-        String instanceParameter,
-        String instanceValue) {
+            String instanceParameter,
+            String instanceValue) {
         super("The self test plugin parameter named "
-            + instanceStore + "." + instanceParameter
-            + " is invalid.");
+                + instanceStore + "." + instanceParameter
+                + " is invalid.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -172,7 +163,7 @@ public class EInvalidSelfTestException
     /**
      * Returns the instance name associated with this self test.
      * <P>
-     *
+     * 
      * @return name portion of the name/value pair
      */
     public String getInstanceName() {
@@ -182,7 +173,7 @@ public class EInvalidSelfTestException
     /**
      * Returns the store associated with this self test.
      * <P>
-     *
+     * 
      * @return substore portion of the substore.parameter/value pair
      */
     public String getInstanceStore() {
@@ -192,7 +183,7 @@ public class EInvalidSelfTestException
     /**
      * Returns the parameter associated with this self test.
      * <P>
-     *
+     * 
      * @return parameter portion of the substore.parameter/value pair
      */
     public String getInstanceParameter() {
@@ -202,7 +193,7 @@ public class EInvalidSelfTestException
     /**
      * Returns the value associated with this self test.
      * <P>
-     *
+     * 
      * @return value portion of the name/value pair
      */
     public String getInstanceValue() {
@@ -213,8 +204,6 @@ public class EInvalidSelfTestException
     // EInvalidSelfTestException methods //
     ///////////////////////////////////////
 
-
-
     ////////////////////////////////////////////
     // ESelfTestException methods (inherited) //
     ////////////////////////////////////////////
@@ -225,4 +214,3 @@ public class EInvalidSelfTestException
      * public ESelfTestException( String msg );
      */
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/EMissingSelfTestException.java b/pki/base/common/src/com/netscape/certsrv/selftests/EMissingSelfTestException.java
index 88fa14cb..c15852f4 100644
--- a/pki/base/common/src/com/netscape/certsrv/selftests/EMissingSelfTestException.java
+++ b/pki/base/common/src/com/netscape/certsrv/selftests/EMissingSelfTestException.java
@@ -20,13 +20,10 @@
 
 package com.netscape.certsrv.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -35,20 +32,18 @@ package com.netscape.certsrv.selftests;
  * This class implements a missing self test exception.
  * EMissingSelfTestExceptions are derived from ESelfTestExceptions
  * in order to allow users to easily do self tests without try-catch clauses.
- *
+ * 
  * EMissingSelfTestExceptions should be caught by SelfTestSubsystem managers.
  * <P>
  * 
  * @version $Revision$, $Date$
  */
 public class EMissingSelfTestException
-    extends ESelfTestException {
+        extends ESelfTestException {
     ////////////////////////
     // default parameters //
     ////////////////////////
 
-
-
     ///////////////////////
     // helper parameters //
     ///////////////////////
@@ -66,14 +61,10 @@ public class EMissingSelfTestException
     // EMissingSelfTestException parameters //
     //////////////////////////////////////////
 
-
-
     ///////////////////////////////////////////////
     // ESelfTestException parameters (inherited) //
     ///////////////////////////////////////////////
 
-
-
     /////////////////////
     // default methods //
     /////////////////////
@@ -81,7 +72,7 @@ public class EMissingSelfTestException
     /**
      * Constructs a "missing" self test exception where the name is null
      * <P>
-     *
+     * 
      */
     public EMissingSelfTestException() {
         super("The self test plugin property name is null.");
@@ -91,13 +82,13 @@ public class EMissingSelfTestException
      * Constructs a "missing" self test exception where the name is always
      * missing from a name/value pair.
      * <P>
-     *
+     * 
      * @param instanceName missing "instanceName" exception details
      */
     public EMissingSelfTestException(String instanceName) {
         super("The self test plugin property named "
-            + instanceName
-            + " does not exist.");
+                + instanceName
+                + " does not exist.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -113,16 +104,16 @@ public class EMissingSelfTestException
      * Constructs a "missing" self test exception where the value is always
      * missing from a name/value pair; (the value passed in is always null).
      * <P>
-     *
+     * 
      * @param instanceName missing "instanceName" exception details
      * @param instanceValue missing "instanceValue" exception details
-     * (always null)
+     *            (always null)
      */
     public EMissingSelfTestException(String instanceName,
-        String instanceValue) {
+            String instanceValue) {
         super("The self test plugin property named "
-            + instanceName
-            + " contains no values.");
+                + instanceName
+                + " contains no values.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -143,18 +134,18 @@ public class EMissingSelfTestException
      * missing from a substore.parameter/value pair; (the value passed in may
      * be null).
      * <P>
-     *
+     * 
      * @param instanceStore missing "instanceStore" exception details
      * @param instanceParameter missing "instanceParameter" exception details
      * @param instanceValue missing "instanceValue" exception details
-     * (may be null)
+     *            (may be null)
      */
     public EMissingSelfTestException(String instanceStore,
-        String instanceParameter,
-        String instanceValue) {
+            String instanceParameter,
+            String instanceValue) {
         super("The self test plugin property named "
-            + instanceStore + "." + instanceParameter
-            + " is missing.");
+                + instanceStore + "." + instanceParameter
+                + " is missing.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -181,7 +172,7 @@ public class EMissingSelfTestException
     /**
      * Returns the instance name associated with this self test.
      * <P>
-     *
+     * 
      * @return name portion of the name/value pair
      */
     public String getInstanceName() {
@@ -191,7 +182,7 @@ public class EMissingSelfTestException
     /**
      * Returns the store associated with this self test.
      * <P>
-     *
+     * 
      * @return substore portion of the substore.parameter/value pair
      */
     public String getInstanceStore() {
@@ -201,7 +192,7 @@ public class EMissingSelfTestException
     /**
      * Returns the parameter associated with this self test.
      * <P>
-     *
+     * 
      * @return parameter portion of the substore.parameter/value pair
      */
     public String getInstanceParameter() {
@@ -211,7 +202,7 @@ public class EMissingSelfTestException
     /**
      * Returns the value associated with this self test.
      * <P>
-     *
+     * 
      * @return value portion of the name/value pair
      */
     public String getInstanceValue() {
@@ -222,8 +213,6 @@ public class EMissingSelfTestException
     // EMissingSelfTestException methods //
     ///////////////////////////////////////
 
-
-
     ////////////////////////////////////////////
     // ESelfTestException methods (inherited) //
     ////////////////////////////////////////////
@@ -234,4 +223,3 @@ public class EMissingSelfTestException
      * public ESelfTestException( String msg );
      */
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/ESelfTestException.java b/pki/base/common/src/com/netscape/certsrv/selftests/ESelfTestException.java
index e465517c..6c4f6bf2 100644
--- a/pki/base/common/src/com/netscape/certsrv/selftests/ESelfTestException.java
+++ b/pki/base/common/src/com/netscape/certsrv/selftests/ESelfTestException.java
@@ -20,14 +20,12 @@
 
 package com.netscape.certsrv.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
 
 import com.netscape.certsrv.base.EBaseException;
 
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -36,20 +34,18 @@ import com.netscape.certsrv.base.EBaseException;
  * This class implements a self test exception. ESelfTestExceptions
  * are derived from EBaseExceptions in order to allow users
  * to easily do self tests without try-catch clauses.
- *
+ * 
  * ESelfTestExceptions should be caught by SelfTestSubsystem managers.
  * <P>
  * 
  * @version $Revision$, $Date$
  */
 public class ESelfTestException
-    extends EBaseException {
+        extends EBaseException {
     ////////////////////////
     // default parameters //
     ////////////////////////
 
-
-
     ///////////////////////////////////
     // ESelfTestException parameters //
     ///////////////////////////////////
@@ -60,7 +56,6 @@ public class ESelfTestException
     private static final long serialVersionUID = -8001373369705595891L;
     private static final String SELFTEST_RESOURCES = SelfTestResources.class.getName();
 
-
     ///////////////////////////////////////////
     // EBaseException parameters (inherited) //
     ///////////////////////////////////////////
@@ -71,8 +66,6 @@ public class ESelfTestException
      * public Object mParams[];
      */
 
-
-
     /////////////////////
     // default methods //
     /////////////////////
@@ -80,14 +73,13 @@ public class ESelfTestException
     /**
      * Constructs a self test exception.
      * <P>
-     *
+     * 
      * @param msg exception details
      */
     public ESelfTestException(String msg) {
         super(msg);
     }
 
-
     ////////////////////////////////
     // ESelfTestException methods //
     ////////////////////////////////
@@ -95,13 +87,13 @@ public class ESelfTestException
     /**
      * Returns the bundle file name.
      * <P>
+     * 
      * @return name of bundle class associated with this exception.
      */
     protected String getBundleName() {
         return SELFTEST_RESOURCES;
     }
 
-
     ////////////////////////////////////////
     // EBaseException methods (inherited) //
     ////////////////////////////////////////
@@ -124,4 +116,3 @@ public class ESelfTestException
      * public String toString( Locale locale );
      */
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java b/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java
index f881a285..04285a9d 100644
--- a/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java
+++ b/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java
@@ -20,7 +20,6 @@
 
 package com.netscape.certsrv.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -30,7 +29,6 @@ import java.util.Locale;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.logging.ILogEventListener;
 
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -46,8 +44,6 @@ public interface ISelfTest {
     // default parameters //
     ////////////////////////
 
-
-
     //////////////////////////
     // ISelfTest parameters //
     //////////////////////////
@@ -58,8 +54,6 @@ public interface ISelfTest {
     // default methods //
     /////////////////////
 
-
-
     ///////////////////////
     // ISelfTest methods //
     ///////////////////////
@@ -68,29 +62,29 @@ public interface ISelfTest {
      * Initializes this subsystem with the configuration store
      * associated with this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
     public void initSelfTest(ISelfTestSubsystem subsystem,
-        String instanceName,
-        IConfigStore parameters)
-        throws EDuplicateSelfTestException,
+            String instanceName,
+            IConfigStore parameters)
+            throws EDuplicateSelfTestException,
             EInvalidSelfTestException,
             EMissingSelfTestException;
 
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-        throws ESelfTestException;
+            throws ESelfTestException;
 
     /**
      * Stops this subsystem. The subsystem may call shutdownSelfTest
@@ -103,7 +97,7 @@ public interface ISelfTest {
      * Returns the name associated with this self test. This method may
      * return null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
     public String getSelfTestName();
@@ -112,7 +106,7 @@ public interface ISelfTest {
      * Returns the root configuration storage (self test parameters)
      * associated with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
     public IConfigStore getSelfTestConfigStore();
@@ -121,7 +115,7 @@ public interface ISelfTest {
      * Retrieves description associated with an individual self test.
      * This method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
@@ -130,11 +124,10 @@ public interface ISelfTest {
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
     public void runSelfTest(ILogEventListener logger)
-        throws ESelfTestException;
+            throws ESelfTestException;
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java b/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java
index 3391bdd1..d16627ab 100644
--- a/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java
@@ -20,7 +20,6 @@
 
 package com.netscape.certsrv.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -28,7 +27,6 @@ package com.netscape.certsrv.selftests;
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.logging.ILogEventListener;
 
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -40,13 +38,11 @@ import com.netscape.certsrv.logging.ILogEventListener;
  * @version $Revision$, $Date$
  */
 public interface ISelfTestSubsystem
-    extends ISubsystem {
+        extends ISubsystem {
     ////////////////////////
     // default parameters //
     ////////////////////////
 
-
-
     //////////////////////////////////
     // ISelfTestSubsystem constants //
     //////////////////////////////////
@@ -64,14 +60,10 @@ public interface ISelfTestSubsystem
     // ISubsystem parameters (inherited) //
     ///////////////////////////////////////
 
-
-
     /////////////////////
     // default methods //
     /////////////////////
 
-
-
     ////////////////////////////////
     // ISelfTestSubsystem methods //
     ////////////////////////////////
@@ -84,7 +76,7 @@ public interface ISelfTestSubsystem
      * List the instance names of all the self tests enabled to run on demand
      * (in execution order); may return null.
      * <P>
-     *
+     * 
      * @return list of self test instance names run on demand
      */
     public String[] listSelfTestsEnabledOnDemand();
@@ -92,10 +84,10 @@ public interface ISelfTestSubsystem
     /**
      * Enable the specified self test to be executed on demand.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @param isCritical isCritical is either a critical failure (true) or
-     * a non-critical failure (false)
+     *            a non-critical failure (false)
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
@@ -103,51 +95,49 @@ public interface ISelfTestSubsystem
     //                                      boolean isCritical )
     //  throws EInvalidSelfTestException, EMissingSelfTestException;
 
-
     /**
      * Disable the specified self test from being able to be executed on demand.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name
      */
     //  public void disableSelfTestOnDemand( String instanceName )
     //  throws EMissingSelfTestException;
 
-
     /**
      * Determine if the specified self test is enabled to be executed on demand.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @return true if the specified self test is enabled on demand
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public boolean isSelfTestEnabledOnDemand(String instanceName)
-        throws EMissingSelfTestException;
+            throws EMissingSelfTestException;
 
     /**
-     * Determine if failure of the specified self test is fatal when 
+     * Determine if failure of the specified self test is fatal when
      * it is executed on demand.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @return true if failure of the specified self test is fatal when
-     * it is executed on demand
+     *         it is executed on demand
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public boolean isSelfTestCriticalOnDemand(String instanceName)
-        throws EMissingSelfTestException;
+            throws EMissingSelfTestException;
 
     /**
      * Execute all self tests specified to be run on demand.
      * <P>
-     *
+     * 
      * @exception EMissingSelfTestException subsystem has missing name
      * @exception ESelfTestException self test exception
      */
     public void runSelfTestsOnDemand()
-        throws EMissingSelfTestException, ESelfTestException;
+            throws EMissingSelfTestException, ESelfTestException;
 
     //
     // methods associated with the list of startup self tests
@@ -157,7 +147,7 @@ public interface ISelfTestSubsystem
      * List the instance names of all the self tests enabled to run
      * at server startup (in execution order); may return null.
      * <P>
-     *
+     * 
      * @return list of self test instance names run at server startup
      */
     public String[] listSelfTestsEnabledAtStartup();
@@ -165,10 +155,10 @@ public interface ISelfTestSubsystem
     /**
      * Enable the specified self test at server startup.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @param isCritical isCritical is either a critical failure (true) or
-     * a non-critical failure (false)
+     *            a non-critical failure (false)
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
@@ -176,52 +166,50 @@ public interface ISelfTestSubsystem
     //                                       boolean isCritical )
     //  throws EInvalidSelfTestException, EMissingSelfTestException;
 
-
     /**
      * Disable the specified self test at server startup.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name
      */
     //  public void disableSelfTestAtStartup( String instanceName )
     //  throws EMissingSelfTestException;
 
-
     /**
      * Determine if the specified self test is executed automatically
      * at server startup.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @return true if the specified self test is executed at server startup
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public boolean isSelfTestEnabledAtStartup(String instanceName)
-        throws EMissingSelfTestException;
+            throws EMissingSelfTestException;
 
     /**
      * Determine if failure of the specified self test is fatal to
      * server startup.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @return true if failure of the specified self test is fatal to
-     * server startup
+     *         server startup
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public boolean isSelfTestCriticalAtStartup(String instanceName)
-        throws EMissingSelfTestException;
+            throws EMissingSelfTestException;
 
     /**
      * Execute all self tests specified to be run at server startup.
      * <P>
-     *
+     * 
      * @exception EMissingSelfTestException subsystem has missing name
      * @exception ESelfTestException self test exception
      */
     public void runSelfTestsAtStartup()
-        throws EMissingSelfTestException, ESelfTestException;
+            throws EMissingSelfTestException, ESelfTestException;
 
     //
     // methods associated with the list of self test instances
@@ -231,7 +219,7 @@ public interface ISelfTestSubsystem
      * Retrieve an individual self test from the instances list
      * given its instance name.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @return individual self test
      */
@@ -245,7 +233,7 @@ public interface ISelfTestSubsystem
      * Returns the ILogEventListener of this subsystem.
      * This method may return null.
      * <P>
-     *
+     * 
      * @return ILogEventListener of this subsystem
      */
     public ILogEventListener getSelfTestLogger();
@@ -253,7 +241,7 @@ public interface ISelfTestSubsystem
     /**
      * This method represents the log interface for the self test subsystem.
      * <P>
-     *
+     * 
      * @param logger log event listener
      * @param msg self test log message
      */
@@ -264,10 +252,10 @@ public interface ISelfTestSubsystem
      * on the "on demand" list (note that the specified self test
      * will be appended to the end of each list).
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @param isCritical isCritical is either a critical failure (true) or
-     * a non-critical failure (false)
+     *            a non-critical failure (false)
      * @param instance individual self test
      * @exception EDuplicateSelfTestException subsystem has duplicate name
      * @exception EInvalidSelfTestException subsystem has invalid name/value
@@ -280,29 +268,27 @@ public interface ISelfTestSubsystem
     //         EInvalidSelfTestException,
     //         EMissingSelfTestException;
 
-
     /**
      * Deregister an individual self test on the instances list AND
      * on the "on demand" list (note that the specified self test
      * will be removed from each list).
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name
      */
     //  public void deregisterSelfTestOnDemand( String instanceName )
     //  throws EMissingSelfTestException;
 
-
     /**
      * Register an individual self test on the instances list AND
      * on the "startup" list (note that the specified self test
      * will be appended to the end of each list).
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @param isCritical isCritical is either a critical failure (true) or
-     * a non-critical failure (false)
+     *            a non-critical failure (false)
      * @param instance individual self test
      * @exception EDuplicateSelfTestException subsystem has duplicate name
      * @exception EInvalidSelfTestException subsystem has invalid name/value
@@ -315,21 +301,18 @@ public interface ISelfTestSubsystem
     //         EInvalidSelfTestException,
     //         EMissingSelfTestException;
 
-
     /**
      * Deregister an individual self test on the instances list AND
      * on the "startup" list (note that the specified self test
      * will be removed from each list).
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name
      */
     //  public void deregisterSelfTestAtStartup( String instanceName )
     //  throws EMissingSelfTestException;
 
-
-
     ////////////////////////////////////
     // ISubsystem methods (inherited) //
     ////////////////////////////////////
@@ -353,4 +336,3 @@ public interface ISelfTestSubsystem
      *    public IConfigStore getConfigStore();
      */
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/SelfTestResources.java b/pki/base/common/src/com/netscape/certsrv/selftests/SelfTestResources.java
index c396c14b..c7c4d372 100644
--- a/pki/base/common/src/com/netscape/certsrv/selftests/SelfTestResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/selftests/SelfTestResources.java
@@ -17,10 +17,8 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.selftests;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for Self Tests.
  * <P>
diff --git a/pki/base/common/src/com/netscape/certsrv/template/ArgList.java b/pki/base/common/src/com/netscape/certsrv/template/ArgList.java
index 72288a73..aa0be2d5 100644
--- a/pki/base/common/src/com/netscape/certsrv/template/ArgList.java
+++ b/pki/base/common/src/com/netscape/certsrv/template/ArgList.java
@@ -24,7 +24,7 @@ import java.util.Vector;
  * that will be returned to the end-user via
  * the template framework.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ArgList implements IArgValue {
@@ -39,16 +39,16 @@ public class ArgList implements IArgValue {
 
     /**
      * Adds an argument to the list.
-     *
+     * 
      * @param arg argument to be added
      */
     public void add(IArgValue arg) {
         mList.addElement(arg);
     }
 
-    /** 
+    /**
      * Returns the number of arguments in the list.
-     *
+     * 
      * @return size of the list
      */
     public int size() {
@@ -58,7 +58,7 @@ public class ArgList implements IArgValue {
     /**
      * Returns the argument at the given position
      * Position starts from 0.
-     *
+     * 
      * @param pos position
      * @return argument
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/template/ArgSet.java b/pki/base/common/src/com/netscape/certsrv/template/ArgSet.java
index 471371f9..333a51e5 100644
--- a/pki/base/common/src/com/netscape/certsrv/template/ArgSet.java
+++ b/pki/base/common/src/com/netscape/certsrv/template/ArgSet.java
@@ -22,11 +22,10 @@ import java.util.Hashtable;
 
 /**
  * This class represents a set of arguments.
- * Unlike ArgList, this set of arguments is 
+ * Unlike ArgList, this set of arguments is
  * not ordered.
  * <p>
- * Each argument in the set is tagged with
- * a name (key).
+ * Each argument in the set is tagged with a name (key).
  * <p>
  * 
  * @version $Revision$, $Date$
@@ -36,7 +35,7 @@ public class ArgSet implements IArgValue {
 
     /**
      * Returns a list of argument names.
-     *
+     * 
      * @return list of argument names
      */
     public Enumeration<String> getNames() {
@@ -45,17 +44,17 @@ public class ArgSet implements IArgValue {
 
     /**
      * Sets string argument into the set with the given name.
-     *
+     * 
      * @param name argument name
      * @param arg argument in string
      */
     public void set(String name, String arg) {
-        mArgs.put(name, new ArgString (arg));
+        mArgs.put(name, new ArgString(arg));
     }
 
     /**
      * Sets argument into the set with the given name.
-     *
+     * 
      * @param name argument name
      * @param arg argument value
      */
@@ -65,7 +64,7 @@ public class ArgSet implements IArgValue {
 
     /**
      * Retrieves argument from the set.
-     *
+     * 
      * @param name argument name
      * @return argument value
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/template/ArgString.java b/pki/base/common/src/com/netscape/certsrv/template/ArgString.java
index 385338ca..4fb982eb 100644
--- a/pki/base/common/src/com/netscape/certsrv/template/ArgString.java
+++ b/pki/base/common/src/com/netscape/certsrv/template/ArgString.java
@@ -17,11 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.template;
 
-
-
 /**
  * This class represents a string-based argument.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ArgString implements IArgValue {
@@ -29,7 +27,7 @@ public class ArgString implements IArgValue {
 
     /**
      * Constructs a string-based argument value.
-     *
+     * 
      * @param value argument value
      */
     public ArgString(String value) {
@@ -38,7 +36,7 @@ public class ArgString implements IArgValue {
 
     /**
      * Returns the argument value.
-     *
+     * 
      * @return argument value
      */
     public String getValue() {
diff --git a/pki/base/common/src/com/netscape/certsrv/template/IArgValue.java b/pki/base/common/src/com/netscape/certsrv/template/IArgValue.java
index d679f0a1..e820ce69 100644
--- a/pki/base/common/src/com/netscape/certsrv/template/IArgValue.java
+++ b/pki/base/common/src/com/netscape/certsrv/template/IArgValue.java
@@ -19,9 +19,9 @@ package com.netscape.certsrv.template;
 
 /**
  * This interface presents a generic argument value.
- * Argument value can be in string, in a list, or 
+ * Argument value can be in string, in a list, or
  * in a set.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IArgValue {
diff --git a/pki/base/common/src/com/netscape/certsrv/tks/ITKSAuthority.java b/pki/base/common/src/com/netscape/certsrv/tks/ITKSAuthority.java
index 0fec3043..0a045a6f 100644
--- a/pki/base/common/src/com/netscape/certsrv/tks/ITKSAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/tks/ITKSAuthority.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.tks;
 
-
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.request.IRequestQueue;
 
-
 /**
  * An interface represents a Registration Authority that is
  * responsible for certificate enrollment operations.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ITKSAuthority extends ISubsystem {
@@ -41,18 +39,16 @@ public interface ITKSAuthority extends ISubsystem {
     public final static String PROP_CONNECTOR = "connector";
     public final static String PROP_NEW_NICKNAME = "newNickname";
 
-
-
     /**
      * Retrieves the request queue of this registration authority.
-     *
+     * 
      * @return RA's request queue
      */
     public IRequestQueue getRequestQueue();
 
     /**
      * Returns the nickname of the RA certificate.
-     *
+     * 
      * @return the nickname of the RA certificate
      */
     public String getNickname();
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/Certificates.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/Certificates.java
index c5711725..fdfa3cd3 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/Certificates.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/Certificates.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
 import java.security.cert.X509Certificate;
 
-
 /**
  * This class defines the strong authentication basic elements,
  * the X509 certificates.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class Certificates {
@@ -33,6 +31,7 @@ public class Certificates {
 
     /**
      * Constructs strong authenticator.
+     * 
      * @param certs a list of X509Certificates
      */
     public Certificates(X509Certificate certs[]) {
@@ -41,6 +40,7 @@ public class Certificates {
 
     /**
      * Retrieves certificates.
+     * 
      * @return a list of X509Certificates
      */
     public X509Certificate[] getCertificates() {
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java
index ca4634a6..a25a1a6b 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class represents a Identity exception.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EUsrGrpException extends EBaseException {
@@ -40,8 +38,9 @@ public class EUsrGrpException extends EBaseException {
 
     /**
      * Constructs a usr/grp management exception
+     * 
      * @param msgFormat exception details in message string format
-     * <P>
+     *            <P>
      */
     public EUsrGrpException(String msgFormat) {
         super(msgFormat);
@@ -49,9 +48,10 @@ public class EUsrGrpException extends EBaseException {
 
     /**
      * Constructs a Identity exception.
+     * 
      * @param msgFormat exception details in message string format
      * @param param message string parameter
-     * <P>
+     *            <P>
      */
     public EUsrGrpException(String msgFormat, String param) {
         super(msgFormat, param);
@@ -59,8 +59,9 @@ public class EUsrGrpException extends EBaseException {
 
     /**
      * Constructs a Identity exception.
+     * 
      * @param e system exception
-     * <P>
+     *            <P>
      */
     public EUsrGrpException(String msgFormat, Exception e) {
         super(msgFormat, e);
@@ -68,9 +69,10 @@ public class EUsrGrpException extends EBaseException {
 
     /**
      * Constructs a Identity exception.
+     * 
      * @param msgFormat exception details in message string format
      * @param params list of message format parameters
-     * <P>
+     *            <P>
      */
     public EUsrGrpException(String msgFormat, Object params[]) {
         super(msgFormat, params);
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/ICertUserLocator.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/ICertUserLocator.java
index a9d789e6..dbbd068c 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/ICertUserLocator.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/ICertUserLocator.java
@@ -17,24 +17,23 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
 import netscape.ldap.LDAPException;
 
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
  * This interface defines a certificate mapping strategy to locate
  * a user
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICertUserLocator {
 
     /**
      * Returns a user whose certificates match with the given certificates
+     * 
      * @return an user interface
-     * @exception EUsrGrpException thrown when failed to build user 
+     * @exception EUsrGrpException thrown when failed to build user
      * @exception LDAPException thrown when LDAP internal database is not available
      * @exception ELdapException thrown when the LDAP search failed
      */
@@ -43,6 +42,7 @@ public interface ICertUserLocator {
 
     /**
      * Retrieves description.
+     * 
      * @return description
      */
     public String getDescription();
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroup.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroup.java
index 778b9aab..18903f4a 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroup.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroup.java
@@ -17,40 +17,42 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.base.IAttrSet;
 
-
 /**
  * This interface defines the basic interfaces for
  * an identity group. (get/set methods for a group entry attributes)
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IGroup extends IAttrSet, IGroupConstants {
 
     /**
      * Retrieves the group name.
+     * 
      * @return the group name
      */
     public String getName();
 
     /**
      * Retrieves group identifier.
+     * 
      * @return the group id
      */
     public String getGroupID();
 
     /**
      * Retrieves group description.
+     * 
      * @return description
      */
     public String getDescription();
 
     /**
      * Checks if the given name is member of this group.
+     * 
      * @param name the given name
      * @return true if the given name is the member of this group; otherwise false.
      */
@@ -58,12 +60,14 @@ public interface IGroup extends IAttrSet, IGroupConstants {
 
     /**
      * Adds new member.
+     * 
      * @param name the given name.
      */
     public void addMemberName(String name);
 
     /**
      * Retrieves a list of member names.
+     * 
      * @return a list of member names for this group.
      */
     public Enumeration getMemberNames();
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroupConstants.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroupConstants.java
index 2f8711ce..22d89455 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroupConstants.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroupConstants.java
@@ -17,12 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
-
-
 /**
  * This interface defines the attribute names for a group entry
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IGroupConstants {
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IIdEvaluator.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IIdEvaluator.java
index 94bdf885..41209b4b 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/IIdEvaluator.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IIdEvaluator.java
@@ -17,9 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
-
-
 /**
  * A class represents an ID evaluator.
  * <P>
@@ -31,6 +28,7 @@ public interface IIdEvaluator {
     /**
      * Evaluates if the given value satisfies the ID evaluation:
      * is a user a member of a group
+     * 
      * @param type the type of evaluator, in this case, it is group
      * @param id the user id for the given user
      * @param op operator, only "=" and "!=" are supported
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java
index ff6f7be6..fee5627a 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
 
@@ -25,12 +24,11 @@ import netscape.ldap.LDAPException;
 
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
  * This class defines low-level LDAP usr/grp management
  * usr/grp information is located remotely on another
  * LDAP server.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IUGSubsystem extends ISubsystem, IUsrGrp {
@@ -47,6 +45,7 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Retrieves a user from LDAP
+     * 
      * @param userid the given user id
      * @exception EUsrGrpException thrown when failed to find the user
      */
@@ -54,6 +53,7 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Searches for users that matches the filter.
+     * 
      * @param filter search filter for efficiency
      * @return list of users
      * @exception EUsrGrpException thrown when any internal error occurs
@@ -62,6 +62,7 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Adds the given user to the internal database
+     * 
      * @param identity the given user
      * @exception EUsrGrpException thrown when failed to add user to the group
      * @exception LDAPException thrown when the LDAP internal database is not available
@@ -70,6 +71,7 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Adds a user certificate to user
+     * 
      * @param identity user interface
      * @exception EUsrGrpException thrown when failed to add the user certificate to the given user
      * @exception LDAPException thrown when the LDAP internal database is not available
@@ -81,29 +83,33 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
      * Removes a user certificate for a user entry
      * given a user certificate DN (actually, a combination of version,
      * serialNumber, issuerDN, and SubjectDN), and it gets removed
+     * 
      * @param identity the given user whose user certificate is going to be
-     * be removed.
+     *            be removed.
      * @exception EUsrGrpException thrown when failed to remove user certificate
      */
     public void removeUserCert(IUser identity) throws EUsrGrpException;
 
     /**
      * Removes identity.
+     * 
      * @param userid the given user id
      * @exception EUsrGrpException thrown when failed to remove user
      */
     public void removeUser(String userid) throws EUsrGrpException;
 
     /**
-     * Modifies user attributes.  Certs are handled separately
+     * Modifies user attributes. Certs are handled separately
+     * 
      * @param identity the given identity which contains all the user
-     * attributes being modified
+     *            attributes being modified
      * @exception EUsrGrpException thrown when modification failed
      */
     public void modifyUser(IUser identity) throws EUsrGrpException;
 
     /**
      * Finds groups that match the filter.
+     * 
      * @param filter the search filter
      * @return a list of groups that match the given search filter
      */
@@ -111,24 +117,27 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Find a group for the given name
+     * 
      * @param name the given name
      * @return a group that matched the given name
      */
     public IGroup findGroup(String name);
 
     /**
-     * List groups.  This method is more efficient than findGroups because
-     * this method retrieves group names and description only. Each 
+     * List groups. This method is more efficient than findGroups because
+     * this method retrieves group names and description only. Each
      * retrieved group just contains group name and description.
+     * 
      * @param filter the search filter
      * @return a list of groups, each group just contains group name and
-     * its description.
+     *         its description.
      * @exception EUsrGrpException thrown when failed to list groups
      */
     public Enumeration<IGroup> listGroups(String filter) throws EUsrGrpException;
 
     /**
      * Retrieves a group from LDAP for the given group name
+     * 
      * @param name the given group name
      * @return a group interface
      */
@@ -136,13 +145,15 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Retrieves a group from LDAP for the given DN.
-     * @param DN the given DN 
+     * 
+     * @param DN the given DN
      * @return a group interface for the given DN.
      */
     public IGroup getGroup(String DN);
 
     /**
      * Checks if the given group exists.
+     * 
      * @param name the given group name
      * @return true if the given group exists in the internal database; otherwise false.
      */
@@ -150,23 +161,27 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Checks if the given context is a member of the given group
+     * 
      * @param uid the given user id
      * @param name the given group name
-     * @return true if the user with the given user id is a member of the given 
-     * group
+     * @return true if the user with the given user id is a member of the given
+     *         group
      */
     public boolean isMemberOf(String uid, String name);
+
     public boolean isMemberOf(IUser id, String name);
 
     /**
      * Adds a group of identities.
+     * 
      * @param group the given group
      * @exception EUsrGrpException thrown when failed to add group.
      */
     public void addGroup(IGroup group) throws EUsrGrpException;
 
     /**
-     * Removes a group.  Can't remove SUPER_CERT_ADMINS
+     * Removes a group. Can't remove SUPER_CERT_ADMINS
+     * 
      * @param name the given group name
      * @exception EUsrGrpException thrown when the given group failed to remove
      */
@@ -174,24 +189,27 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Modifies a group.
+     * 
      * @param group the given group which contain all group attributes being
-     * modified.
+     *            modified.
      * @exception EUsrGrpException thrown when failed to modify group.
      */
     public void modifyGroup(IGroup group) throws EUsrGrpException;
 
     /**
      * Removes the user with the given id from the given group
+     * 
      * @param grp the given group
      * @param userid the given user id
      * @exception EUsrGrpException thrown when failed to remove the user from
-     * the given group
+     *                the given group
      */
     public void removeUserFromGroup(IGroup grp, String userid)
-        throws EUsrGrpException;
+            throws EUsrGrpException;
 
     /**
      * Create user with the given id.
+     * 
      * @param id the user with the given id.
      * @return a new user
      */
@@ -199,6 +217,7 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Create group with the given id.
+     * 
      * @param id the group with the given id.
      * @return a new group
      */
@@ -206,6 +225,7 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Get string representation of the given certificate
+     * 
      * @param cert given certificate
      * @return the string representation of the given certificate
      */
@@ -214,6 +234,7 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
     /**
      * Searchs for identities that matches the certificate locater
      * generated filter.
+     * 
      * @param filter search filter
      * @return an user
      * @exception EUsrGrpException thrown when failed to find user
@@ -224,6 +245,7 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Get user locator which does the mapping between the user and the certificate.
+     * 
      * @return CertUserLocator
      */
     public ICertUserLocator getCertUserLocator();
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUser.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUser.java
index 398ccb71..9370a671 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUser.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUser.java
@@ -17,136 +17,154 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
 import java.security.cert.X509Certificate;
 
 import com.netscape.certsrv.base.IAttrSet;
 
-
 /**
  * This interface defines the basic interfaces for
  * a user identity. (get/set methods for a user entry attributes)
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IUser extends IAttrSet, IUserConstants {
 
     /**
      * Retrieves name.
+     * 
      * @return user name
      */
     public String getName();
 
     /**
      * Retrieves user identifier.
+     * 
      * @return user id
      */
     public String getUserID();
 
     /**
      * Retrieves user full name.
+     * 
      * @return user fullname
      */
     public String getFullName();
 
     /**
      * Retrieves user phonenumber.
+     * 
      * @return user phonenumber
      */
     public String getPhone();
 
     /**
      * Retrieves user state
+     * 
      * @return user state
      */
     public String getState();
 
     /**
      * Sets user full name.
+     * 
      * @param name the given full name
      */
     public void setFullName(String name);
 
     /**
      * Sets user ldap DN.
+     * 
      * @param userdn the given user DN
      */
     public void setUserDN(String userdn);
 
     /**
      * Gets user ldap dn
+     * 
      * @return user DN
      */
     public String getUserDN();
 
     /**
      * Retrieves user password.
+     * 
      * @return user password
      */
     public String getPassword();
 
     /**
      * Sets user password.
+     * 
      * @param p the given password
      */
     public void setPassword(String p);
 
     /**
      * Sets user phonenumber
-     * @param p user phonenumber 
+     * 
+     * @param p user phonenumber
      */
     public void setPhone(String p);
 
     /**
      * Sets user state
+     * 
      * @param p the given user state
      */
     public void setState(String p);
 
     /**
      * Sets user type
+     * 
      * @param userType the given user type
      */
     public void setUserType(String userType);
 
     /**
      * Gets user email address.
+     * 
      * @return email address
      */
     public String getEmail();
 
     /**
      * Sets user email address.
+     * 
      * @param email the given email address
      */
     public void setEmail(String email);
 
     /**
      * Gets list of certificates from this user
+     * 
      * @return list of certificates
      */
     public X509Certificate[] getX509Certificates();
 
     /**
      * Sets list of certificates in this user
+     * 
      * @param certs list of certificates
      */
     public void setX509Certificates(X509Certificate certs[]);
 
     /**
      * Get certificate DN
+     * 
      * @return certificate DN
      */
     public String getCertDN();
 
     /**
      * Set certificate DN
+     * 
      * @param userdn the given DN
      */
     public void setCertDN(String userdn);
 
     /**
      * Get user type
+     * 
      * @return user type.
      */
     public String getUserType();
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUserConstants.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUserConstants.java
index f24e9fb4..f66f01c7 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUserConstants.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUserConstants.java
@@ -17,12 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
-
-
 /**
  * This interface defines the attribute names for a user entry
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IUserConstants {
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUsrGrp.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUsrGrp.java
index 17b00c88..f6cef0d4 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUsrGrp.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUsrGrp.java
@@ -22,48 +22,52 @@ import netscape.ldap.LDAPException;
 /**
  * This interface defines the basic capabilities of
  * a usr/group manager. (get/add/modify/remove users or groups)
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IUsrGrp extends IIdEvaluator {
 
     /**
      * Retrieves usr/grp manager identifier.
+     * 
      * @return id
      */
     public String getId();
 
     /**
      * Retrieves the description
+     * 
      * @return description
      */
     public String getDescription();
 
     /**
      * Retrieves an identity
+     * 
      * @param userid the user id for the given user
      * @return user interface
      */
     public IUser getUser(String userid) throws EUsrGrpException;
 
     /**
-     * Adds a user identity to the LDAP server. For example,
-     * <code>
+     * Adds a user identity to the LDAP server. For example, <code>
      *   User user = new User("joe");
      *   user.setFullName("joe doe");
      *   user.setPassword("secret");
      *   usrgrp.addUser(user);
      * </code>
+     * 
      * @param user an user interface
      * @exception EUsrGrpException thrown when some of the user attribute values
-     * are null
+     *                are null
      * @exception LDAPException thrown when the LDAP internal database is not
-     * available, or the add operation failed
+     *                available, or the add operation failed
      */
     public void addUser(IUser user) throws EUsrGrpException, LDAPException;
 
     /**
      * Removes a user.
+     * 
      * @param userid the user id for the given user
      * @exception EUsrGrpException thrown when failed to remove user
      */
@@ -71,6 +75,7 @@ public interface IUsrGrp extends IIdEvaluator {
 
     /**
      * Modifies user.
+     * 
      * @param user the user interface which contains the modified information
      * @exception EUsrGrpException thrown when failed to modify user
      */
@@ -78,6 +83,7 @@ public interface IUsrGrp extends IIdEvaluator {
 
     /**
      * Retrieves an identity group
+     * 
      * @param groupid the given group id.
      * @return the group interface
      */
@@ -85,6 +91,7 @@ public interface IUsrGrp extends IIdEvaluator {
 
     /**
      * Adds a group
+     * 
      * @param group the given group
      * @exception EUsrGrpException thrown when failed to add the group.
      */
@@ -92,6 +99,7 @@ public interface IUsrGrp extends IIdEvaluator {
 
     /**
      * Modifies a group
+     * 
      * @param group the given group contains the new information for modification.
      * @exception EUsrGrpException thrown when failed to modify the group.
      */
@@ -99,9 +107,10 @@ public interface IUsrGrp extends IIdEvaluator {
 
     /**
      * Removes a group
+     * 
      * @param name the group name
      * @exception EUsrGrpException thrown when failed to remove the given
-     * group.
+     *                group.
      */
     public void removeGroup(String name) throws EUsrGrpException;
 
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/UsrGrpResources.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/UsrGrpResources.java
index ed4f28b8..11a3da23 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/UsrGrpResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/UsrGrpResources.java
@@ -20,9 +20,9 @@ package com.netscape.certsrv.usrgrp;
 import java.util.ListResourceBundle;
 
 /**
- * A class represents a resource bundle for the 
+ * A class represents a resource bundle for the
  * user/group manager
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -30,6 +30,7 @@ public class UsrGrpResources extends ListResourceBundle {
 
     /**
      * Returns the content of this resource.
+     * 
      * @return the content of this resource.
      */
     public Object[][] getContents() {
diff --git a/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java b/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java
index 4f68bf63..9b7eec1d 100644
--- a/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java
+++ b/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java
@@ -26,19 +26,16 @@ import javax.servlet.http.HttpServletRequest;
 
 import netscape.ldap.LDAPDN;
 
-public class HttpInput
-{
-   public static int getPortNumberInInt(HttpServletRequest request, String name)
-        throws IOException
-    {
+public class HttpInput {
+    public static int getPortNumberInInt(HttpServletRequest request, String name)
+            throws IOException {
         String val = request.getParameter(name);
         int p = Integer.parseInt(val);
         return p;
     }
-                                                                                
+
     public static String getBoolean(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String val = request.getParameter(name);
         if (val.equals("true") || val.equals("false")) {
             return val;
@@ -47,8 +44,7 @@ public class HttpInput
     }
 
     public static String getCheckbox(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String val = request.getParameter(name);
         if (val == null || val.equals("")) {
             return "off";
@@ -59,8 +55,7 @@ public class HttpInput
     }
 
     public static String getInteger(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String val = request.getParameter(name);
         int p = 0;
         try {
@@ -75,9 +70,8 @@ public class HttpInput
         return val;
     }
 
-    public static String getInteger(HttpServletRequest request, String name, 
-          int min, int max) throws IOException
-    {
+    public static String getInteger(HttpServletRequest request, String name,
+            int min, int max) throws IOException {
         String val = getInteger(request, name);
         int p = Integer.parseInt(val);
         if (p < min || p > max) {
@@ -85,41 +79,36 @@ public class HttpInput
         }
         return val;
     }
-                                                                                
+
     public static String getPortNumber(HttpServletRequest request, String name)
-        throws IOException
-    {
-        String v =  getInteger(request, name);         
+            throws IOException {
+        String v = getInteger(request, name);
         return v;
     }
-                                                                                
+
     public static String getString(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String val = request.getParameter(name);
         return val;
     }
 
     public static String getString(HttpServletRequest request, String name,
-            int minlen, int maxlen) throws IOException
-    {
+            int minlen, int maxlen) throws IOException {
         String val = request.getParameter(name);
         if (val.length() < minlen || val.length() > maxlen) {
-            throw new IOException("String length of '" + val + 
-               "' is out of range");
+            throw new IOException("String length of '" + val +
+                    "' is out of range");
         }
         return val;
     }
-                                                                                
+
     public static String getLdapDatabase(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getURL(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String v = getString(request, name);
         try {
             URL u = new URL(v);
@@ -128,163 +117,145 @@ public class HttpInput
         }
         return v;
     }
-                                                                                
+
     public static String getUID(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getPassword(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
 
     public static String getKeyType(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String v = getString(request, name);
         if (v.equals("rsa")) {
-          return v;
+            return v;
         }
         if (v.equals("ecc")) {
-          return v;
+            return v;
         }
         throw new IOException("Invalid key type '" + v + "' not supported.");
     }
-                                                                                
+
     public static String getKeySize(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String i = getInteger(request, name);
         if (i.equals("256") || i.equals("512") || i.equals("1024") ||
-           i.equals("2048") || i.equals("4096")) {
-          return i;
+                i.equals("2048") || i.equals("4096")) {
+            return i;
         }
         throw new IOException("Invalid key length '" + i + "'. Currently supported key lengths are 256, 512, 1024, 2048, 4096.");
     }
 
     public static String getKeySize(HttpServletRequest request, String name, String keyType)
-        throws IOException
-    {
+            throws IOException {
         String i = getInteger(request, name);
         if (keyType.equals("rsa")) {
-          if (i.equals("256") || i.equals("512") || i.equals("1024") ||
-             i.equals("2048") || i.equals("4096")) {
-            return i;
-          } else {
-            throw new IOException("Invalid key length '" + i + "'. Currently supported RSA key lengths are 256, 512, 1024, 2048, 4096.");
-          }
+            if (i.equals("256") || i.equals("512") || i.equals("1024") ||
+                    i.equals("2048") || i.equals("4096")) {
+                return i;
+            } else {
+                throw new IOException("Invalid key length '" + i + "'. Currently supported RSA key lengths are 256, 512, 1024, 2048, 4096.");
+            }
         }
         if (keyType.equals("ecc")) {
-          int p = 0;
-          try {
-            p = Integer.parseInt(i);
-          } catch (NumberFormatException e) {
-            throw new IOException("Input '" + i + "' is not an integer");
-          }
-          if ((p >= 112) && (p <= 571))
-            return i;
-          else {
-            throw new IOException("Invalid key length '" + i + "'. Please consult your security officer for a proper length, or take the default value. Here are examples of some commonly used key lengths: 256, 384, 521.");
-          }
-/*
+            int p = 0;
+            try {
+                p = Integer.parseInt(i);
+            } catch (NumberFormatException e) {
+                throw new IOException("Input '" + i + "' is not an integer");
+            }
+            if ((p >= 112) && (p <= 571))
+                return i;
+            else {
+                throw new IOException("Invalid key length '" + i + "'. Please consult your security officer for a proper length, or take the default value. Here are examples of some commonly used key lengths: 256, 384, 521.");
+            }
+            /*
 
-          if (i.equals("256") || i.equals("384") || i.equals("521")) { 
-            return i;
-          } else {
-            throw new IOException("Invalid key length '" + i + "'. Currently supported ECC key lengths are 256, 384, 521.");
-          }
-*/
+                      if (i.equals("256") || i.equals("384") || i.equals("521")) { 
+                        return i;
+                      } else {
+                        throw new IOException("Invalid key length '" + i + "'. Currently supported ECC key lengths are 256, 384, 521.");
+                      }
+            */
         }
         throw new IOException("Invalid key type '" + keyType + "'");
     }
-                                                                                
+
     public static String getDN(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String v = getString(request, name);
         String dn[] = LDAPDN.explodeDN(v, true);
         if (dn == null || dn.length <= 0) {
-           throw new IOException("Invalid DN " + v + " in " + name);
+            throw new IOException("Invalid DN " + v + " in " + name);
         }
         return v;
     }
-                                                                                
+
     public static String getID(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getName(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getCertRequest(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getCertChain(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getCert(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
 
     public static String getNickname(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getHostname(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getTokenName(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
 
     public static String getReplicationAgreementName(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getEmail(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String v = getString(request, name);
         if (v.indexOf('@') == -1) {
-           throw new IOException("Invalid email " + v);
+            throw new IOException("Invalid email " + v);
         }
         return v;
     }
-                                                                                
+
     public static String getDomainName(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
-    public static String getSecurityDomainName(HttpServletRequest request, String name)       
-        throws IOException
-    {
+
+    public static String getSecurityDomainName(HttpServletRequest request, String name)
+            throws IOException {
         String v = getName(request, name);
         Pattern p = Pattern.compile("[A-Za-z0-9]+[A-Za-z0-9 -]*");
         Matcher m = p.matcher(v);
diff --git a/pki/base/common/src/com/netscape/certsrv/util/IStatsSubsystem.java b/pki/base/common/src/com/netscape/certsrv/util/IStatsSubsystem.java
index c9881236..989d7a4a 100644
--- a/pki/base/common/src/com/netscape/certsrv/util/IStatsSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/util/IStatsSubsystem.java
@@ -17,12 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.util;
 
-
 import java.util.Date;
 
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
  * A class represents a internal subsystem. This subsystem
  * can be loaded into cert server kernel to perform
@@ -32,10 +30,9 @@ import com.netscape.certsrv.base.ISubsystem;
  * @author thomask
  * @version $Revision$, $Date$
  */
-public interface IStatsSubsystem extends ISubsystem
-{
+public interface IStatsSubsystem extends ISubsystem {
     /**
-     * Retrieves the start time since startup or 
+     * Retrieves the start time since startup or
      * clearing of statistics.
      */
     public Date getStartTime();
diff --git a/pki/base/common/src/com/netscape/certsrv/util/StatsEvent.java b/pki/base/common/src/com/netscape/certsrv/util/StatsEvent.java
index 7c510b88..9e004b62 100644
--- a/pki/base/common/src/com/netscape/certsrv/util/StatsEvent.java
+++ b/pki/base/common/src/com/netscape/certsrv/util/StatsEvent.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.util;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -28,167 +27,149 @@ import java.util.Vector;
  * @author thomask
  * @version $Revision$, $Date$
  */
-public class StatsEvent
-{
-  private String mName = null;
-  private long mMin = -1;
-  private long mMax = -1;
-  private long mTimeTaken = 0;
-  private long mTimeTakenSqSum = 0;
-  private long mNoOfOperations = 0;
-  private Vector mSubEvents = new Vector();
-  private StatsEvent mParent = null;
-
-  public StatsEvent(StatsEvent parent)
-  {
-    mParent = parent;
-  }
-  
-  public void setName(String name) 
-  {
-    mName = name;
-  }
-
-  /**
-   * Retrieves Transaction name.
-   */ 
-  public String getName() 
-  {
-    return mName;
-  }
-    
-  public void addSubEvent(StatsEvent st)
-  {
-    mSubEvents.addElement(st);
-  }
-
-  /**
-   * Retrieves a list of sub transaction names.
-   */
-  public Enumeration getSubEventNames()
-  {
-    Vector names = new Vector();
-    Enumeration e = mSubEvents.elements();
-    while (e.hasMoreElements()) {
-      StatsEvent st = (StatsEvent)e.nextElement();
-      names.addElement(st.getName());
-    }
-    return names.elements();
-  }  
-
-  /** 
-   * Retrieves a sub transaction.
-   */
-  public StatsEvent getSubEvent(String name)
-  {
-    Enumeration e = mSubEvents.elements();
-    while (e.hasMoreElements()) {
-      StatsEvent st = (StatsEvent)e.nextElement();
-      if (st.getName().equals(name)) {
-        return st;
-      }
-    }
-    return null;
-  }
-
-  public void resetCounters()
-  {
-    mMin = -1;
-    mMax = -1;
-    mNoOfOperations = 0;
-    mTimeTaken = 0;
-    mTimeTakenSqSum = 0;
-    Enumeration e = getSubEventNames();
-    while (e.hasMoreElements()) {
-      String n = (String)e.nextElement();
-      StatsEvent c = getSubEvent(n);
-      c.resetCounters();
-    }
-  }
-
-  public long getMax()
-  {
-    return mMax;
-  }
-
-  public long getMin()
-  {
-    return mMin;
-  }
-
-  public void incNoOfOperations(long c)
-  {
-    mNoOfOperations += c;
-  }
-
-  public long getTimeTakenSqSum()
-  {
-    return mTimeTakenSqSum;
-  }
-
-  public long getPercentage()
-  {
-    if (mParent == null || mParent.getTimeTaken() == 0) {
-      return 100;
-    } else {
-      return (mTimeTaken * 100 / mParent.getTimeTaken());
-    }
-  }
-
-  public long getStdDev()
-  {
-    if (getNoOfOperations() == 0) {
-      return 0;
-    } else {
-      long a = getTimeTakenSqSum();
-      long b = (-2 * getAvg() *getTimeTaken());
-      long c = getAvg() * getAvg() * getNoOfOperations();
-      return (long)Math.sqrt((a + b + c)/getNoOfOperations());
-    }
-  }
-
-  public long getAvg()
-  {
-    if (mNoOfOperations == 0) {
-      return -1;
-    } else {
-      return mTimeTaken/mNoOfOperations;
-    }
-  }
-
-  /**
-   * Retrieves number of operations performed.
-   */
-  public long getNoOfOperations()
-  {
-    return mNoOfOperations;
-  }
- 
-  public void incTimeTaken(long c)
-  {
-    if (mMin == -1) {
-      mMin = c;
-    } else {
-      if (c < mMin) {
-        mMin = c;
-      }
-    }
-    if (mMax == -1) {
-      mMax = c;
-    } else {
-      if (c > mMax) {
-        mMax = c;
-      }
-    }
-    mTimeTaken += c;
-    mTimeTakenSqSum += (c * c);
-  }
-
-  /**
-   * Retrieves total time token in msec.
-   */
-  public long getTimeTaken()
-  {
-    return mTimeTaken;
-  }
+public class StatsEvent {
+    private String mName = null;
+    private long mMin = -1;
+    private long mMax = -1;
+    private long mTimeTaken = 0;
+    private long mTimeTakenSqSum = 0;
+    private long mNoOfOperations = 0;
+    private Vector mSubEvents = new Vector();
+    private StatsEvent mParent = null;
+
+    public StatsEvent(StatsEvent parent) {
+        mParent = parent;
+    }
+
+    public void setName(String name) {
+        mName = name;
+    }
+
+    /**
+     * Retrieves Transaction name.
+     */
+    public String getName() {
+        return mName;
+    }
+
+    public void addSubEvent(StatsEvent st) {
+        mSubEvents.addElement(st);
+    }
+
+    /**
+     * Retrieves a list of sub transaction names.
+     */
+    public Enumeration getSubEventNames() {
+        Vector names = new Vector();
+        Enumeration e = mSubEvents.elements();
+        while (e.hasMoreElements()) {
+            StatsEvent st = (StatsEvent) e.nextElement();
+            names.addElement(st.getName());
+        }
+        return names.elements();
+    }
+
+    /**
+     * Retrieves a sub transaction.
+     */
+    public StatsEvent getSubEvent(String name) {
+        Enumeration e = mSubEvents.elements();
+        while (e.hasMoreElements()) {
+            StatsEvent st = (StatsEvent) e.nextElement();
+            if (st.getName().equals(name)) {
+                return st;
+            }
+        }
+        return null;
+    }
+
+    public void resetCounters() {
+        mMin = -1;
+        mMax = -1;
+        mNoOfOperations = 0;
+        mTimeTaken = 0;
+        mTimeTakenSqSum = 0;
+        Enumeration e = getSubEventNames();
+        while (e.hasMoreElements()) {
+            String n = (String) e.nextElement();
+            StatsEvent c = getSubEvent(n);
+            c.resetCounters();
+        }
+    }
+
+    public long getMax() {
+        return mMax;
+    }
+
+    public long getMin() {
+        return mMin;
+    }
+
+    public void incNoOfOperations(long c) {
+        mNoOfOperations += c;
+    }
+
+    public long getTimeTakenSqSum() {
+        return mTimeTakenSqSum;
+    }
+
+    public long getPercentage() {
+        if (mParent == null || mParent.getTimeTaken() == 0) {
+            return 100;
+        } else {
+            return (mTimeTaken * 100 / mParent.getTimeTaken());
+        }
+    }
+
+    public long getStdDev() {
+        if (getNoOfOperations() == 0) {
+            return 0;
+        } else {
+            long a = getTimeTakenSqSum();
+            long b = (-2 * getAvg() * getTimeTaken());
+            long c = getAvg() * getAvg() * getNoOfOperations();
+            return (long) Math.sqrt((a + b + c) / getNoOfOperations());
+        }
+    }
+
+    public long getAvg() {
+        if (mNoOfOperations == 0) {
+            return -1;
+        } else {
+            return mTimeTaken / mNoOfOperations;
+        }
+    }
+
+    /**
+     * Retrieves number of operations performed.
+     */
+    public long getNoOfOperations() {
+        return mNoOfOperations;
+    }
+
+    public void incTimeTaken(long c) {
+        if (mMin == -1) {
+            mMin = c;
+        } else {
+            if (c < mMin) {
+                mMin = c;
+            }
+        }
+        if (mMax == -1) {
+            mMax = c;
+        } else {
+            if (c > mMax) {
+                mMax = c;
+            }
+        }
+        mTimeTaken += c;
+        mTimeTakenSqSum += (c * c);
+    }
+
+    /**
+     * Retrieves total time token in msec.
+     */
+    public long getTimeTaken() {
+        return mTimeTaken;
+    }
 }
diff --git a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java
index 4cfe9a45..e9b1fb3d 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 import java.io.IOException;
 import java.io.PushbackReader;
 import java.io.StringReader;
@@ -36,24 +35,25 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.EAuthException;
 import com.netscape.certsrv.authentication.ECompSyntaxErr;
 
-
 /**
- * class for parsing a DN pattern used to construct a certificate 
- * subject name from ldap attributes and dn.<p>
+ * class for parsing a DN pattern used to construct a certificate
+ * subject name from ldap attributes and dn.
+ * <p>
+ * 
+ * dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name.
+ * <p>
  * 
- * dnpattern is a string representing a subject name pattern to formulate from 
- * the directory attributes and entry dn. If empty or not set, the 
- * ldap entry DN will be used as the certificate subject name. <p>
+ * The syntax is
  * 
- * The syntax is 
  * <pre>
- *		dnPattern := rdnPattern *[ "," rdnPattern ]
- *		rdnPattern := avaPattern *[ "+" avaPattern ]
+ * 	dnPattern := rdnPattern *[ "," rdnPattern ]
+ * 	rdnPattern := avaPattern *[ "+" avaPattern ]
  * 		avaPattern := name "=" value | 
- *				      name "=" "$attr" "." attrName [ "." attrNumber ] | 
- *				      name "=" "$dn" "." attrName [ "." attrNumber ] | 
- *				 	  "$dn" "." "$rdn" "." number
+ * 			      name "=" "$attr" "." attrName [ "." attrNumber ] | 
+ * 			      name "=" "$dn" "." attrName [ "." attrNumber ] | 
+ * 			 	  "$dn" "." "$rdn" "." number
  * </pre>
+ * 
  * <pre>
  * Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i>
  * Ldap entry: dn:  UID=jjames, OU=IS, OU=people, O=acme.org
@@ -80,11 +80,12 @@ import com.netscape.certsrv.authentication.ECompSyntaxErr;
  *     E = the first 'mail' ldap attribute value in user's entry. <br>
  *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
  *     OU = the second 'ou' value in the user's entry DN. note multiple AVAs
- *		    in a RDN in this example. <br>
+ * 	    in a RDN in this example. <br>
  *     O = the (first) 'o' value in the user's entry DN. <br>
  *     C = the string "US"
  * <p>
  * </pre>
+ * 
  * <pre>
  * Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i>
  * Ldap entry: dn:  UID=jjames, OU=IS+OU=people, O=acme.org
@@ -109,15 +110,15 @@ import com.netscape.certsrv.authentication.ECompSyntaxErr;
  * <p>	
  *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
  *     OU = the second 'ou' value in the user's entry DN followed by the 
- *			first 'ou' value in the user's entry. note multiple AVAs
- *		    in a RDN in this example. <br>
+ * 		first 'ou' value in the user's entry. note multiple AVAs
+ * 	    in a RDN in this example. <br>
  *     O = the (first) 'o' value in the user's entry DN. <br>
  *     C = the string "US"
  * <p>
  * </pre>
- * If an attribute or subject DN component does not exist the attribute 
- * is skipped.
- *
+ * 
+ * If an attribute or subject DN component does not exist the attribute is skipped.
+ * 
  * @version $Revision$, $Date$
  */
 class AVAPattern {
@@ -130,8 +131,8 @@ class AVAPattern {
 
     private static final char[] endChars = new char[] { '+', ',' };
 
-    private static final LdapV3DNStrConverter mLdapDNStrConverter = 
-        new LdapV3DNStrConverter();
+    private static final LdapV3DNStrConverter mLdapDNStrConverter =
+            new LdapV3DNStrConverter();
 
     /* ldap attributes needed by this AVA (to retrieve from ldap) */
     protected String[] mLdapAttrs = null;
@@ -140,7 +141,7 @@ class AVAPattern {
     protected String mType = null;
 
     /* the attribute in the AVA pair */
-    protected String mAttr = null; 
+    protected String mAttr = null;
 
     /* value - could be name of an ldap attribute or entry dn attribute. */
     protected String mValue = null;
@@ -151,19 +152,19 @@ class AVAPattern {
     protected String mTestDN = null;
 
     public AVAPattern(String component)
-        throws EAuthException {
-        if (component == null || component.length() == 0) 
+            throws EAuthException {
+        if (component == null || component.length() == 0)
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component));
         parse(new PushbackReader(new StringReader(component)));
     }
 
-    public AVAPattern(PushbackReader in) 
-        throws EAuthException {
+    public AVAPattern(PushbackReader in)
+            throws EAuthException {
         parse(in);
     }
 
     private void parse(PushbackReader in)
-        throws EAuthException {
+            throws EAuthException {
         int c;
 
         // mark ava beginning.
@@ -179,19 +180,19 @@ class AVAPattern {
         } catch (IOException e) {
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
         }
-        if (c == -1) 
+        if (c == -1)
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
 
-            // $rdn "." number syntax. 
+        // $rdn "." number syntax. 
 
         if (c == '$') {
             //System.out.println("$rdn syntax");
             mType = TYPE_RDN;
             try {
-                if (in.read() != 'r' || 
-                    in.read() != 'd' || 
-                    in.read() != 'n' || 
-                    in.read() != '.') 
+                if (in.read() != 'r' ||
+                        in.read() != 'd' ||
+                        in.read() != 'n' ||
+                        in.read() != '.')
                     throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn"));
             } catch (IOException e) {
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn"));
@@ -212,7 +213,7 @@ class AVAPattern {
 
             String rdnNumber = rdnNumberBuf.toString().trim();
 
-            if (rdnNumber.length() == 0) 
+            if (rdnNumber.length() == 0)
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$rdn number not set in ava pattern"));
             try {
                 mElement = Integer.parseInt(rdnNumber) - 1;
@@ -227,15 +228,15 @@ class AVAPattern {
         // read name 
         //System.out.println("reading name");
 
-        StringBuffer attrBuf = new StringBuffer(); 
+        StringBuffer attrBuf = new StringBuffer();
 
         try {
             while (c != '=' && c != -1 && c != ',' && c != '+') {
                 attrBuf.append((char) c);
                 c = in.read();
                 //System.out.println("name read "+(char)c);
-            } 
-            if (c == ',' || c == '+') 
+            }
+            if (c == ',' || c == '+')
                 in.unread(c);
         } catch (IOException e) {
             throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
@@ -243,11 +244,11 @@ class AVAPattern {
         if (c != '=')
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Missing \"=\" in ava pattern"));
 
-            // read value 
-            //System.out.println("reading value");
+        // read value 
+        //System.out.println("reading value");
 
-            // skip spaces 
-            //System.out.println("skip spaces for value");
+        // skip spaces 
+        //System.out.println("skip spaces for value");
         try {
             while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces2 read "+(char)c);
                 ;
@@ -255,7 +256,7 @@ class AVAPattern {
         } catch (IOException e) {
             throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
         }
-        if (c == -1) 
+        if (c == -1)
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "no value after = in ava pattern"));
 
         if (c == '$') {
@@ -266,16 +267,16 @@ class AVAPattern {
             } catch (IOException e) {
                 throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
             }
-            if (c == -1) 
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", 
+            if (c == -1)
+                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                             "expecting $dn or $attr in ava pattern"));
             if (c == 'a') {
                 try {
-                    if (in.read() != 't' || 
-                        in.read() != 't' || 
-                        in.read() != 'r' || 
-                        in.read() != '.') 
-                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", 
+                    if (in.read() != 't' ||
+                            in.read() != 't' ||
+                            in.read() != 'r' ||
+                            in.read() != '.')
+                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "expecting $attr in ava pattern"));
                 } catch (IOException e) {
                     throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
@@ -284,8 +285,8 @@ class AVAPattern {
                 //System.out.println("---- mtype $attr");
             } else if (c == 'd') {
                 try {
-                    if (in.read() != 'n' || 
-                        in.read() != '.') 
+                    if (in.read() != 'n' ||
+                            in.read() != '.')
                         throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "expecting $dn in ava pattern"));
                 } catch (IOException e) {
@@ -294,21 +295,21 @@ class AVAPattern {
                 mType = TYPE_DN;
                 //System.out.println("----- mtype $dn");
             } else {
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", 
-                            "unknown keyword. expecting $dn or $attr.")); 
+                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+                            "unknown keyword. expecting $dn or $attr."));
             }
 
             // get attr name of dn pattern from above. 
             String attrName = attrBuf.toString().trim();
 
             //System.out.println("----- attrName "+attrName);
-            if (attrName.length() == 0) 
+            if (attrName.length() == 0)
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "attribute name expected"));
-            try { 
-                ObjectIdentifier attrOid = 
-                    mLdapDNStrConverter.parseAVAKeyword(attrName); 
+            try {
+                ObjectIdentifier attrOid =
+                        mLdapDNStrConverter.parseAVAKeyword(attrName);
 
-                mAttr = mLdapDNStrConverter.encodeOID(attrOid);		
+                mAttr = mLdapDNStrConverter.encodeOID(attrOid);
                 //System.out.println("----- mAttr "+mAttr);
             } catch (IOException e) {
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage()));
@@ -318,8 +319,8 @@ class AVAPattern {
             StringBuffer valueBuf = new StringBuffer();
 
             try {
-                while ((c = in.read()) != ',' && 
-                    c != -1 && c != '.' && c != '+') {
+                while ((c = in.read()) != ',' &&
+                        c != -1 && c != '.' && c != '+') {
                     //System.out.println("mValue read "+(char)c);
                     valueBuf.append((char) c);
                 }
@@ -330,12 +331,12 @@ class AVAPattern {
             }
 
             mValue = valueBuf.toString().trim();
-            if (mValue.length() == 0) 
+            if (mValue.length() == 0)
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                             "$dn or $attr attribute name expected"));
-                //System.out.println("----- mValue "+mValue);
+            //System.out.println("----- mValue "+mValue);
 
-                // get nth dn or attribute from ldap search.
+            // get nth dn or attribute from ldap search.
             if (c == '.') {
                 StringBuffer attrNumberBuf = new StringBuffer();
 
@@ -345,13 +346,13 @@ class AVAPattern {
                         attrNumberBuf.append((char) c);
                     }
                     if (c != -1) // either ',' or '+'
-                        in.unread(c);  // pushback last , or +
+                        in.unread(c); // pushback last , or +
                 } catch (IOException e) {
                     throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
                 }
                 String attrNumber = attrNumberBuf.toString().trim();
 
-                if (attrNumber.length() == 0) 
+                if (attrNumber.length() == 0)
                     throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                 "nth element $dn or $attr expected"));
                 try {
@@ -372,7 +373,7 @@ class AVAPattern {
             valueBuf.append((char) c);
             try {
                 while ((c = in.read()) != ',' &&
-                    c != -1) {
+                        c != -1) {
                     valueBuf.append((char) c);
                 }
                 if (c == '+' || c == ',') { // either ',' or '+'
@@ -381,8 +382,8 @@ class AVAPattern {
             } catch (IOException e) {
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage()));
             }
-            try { 
-                AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf); 
+            try {
+                AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf);
 
                 mValue = ava.toLdapDNString();
                 //System.out.println("----- mValue "+mValue);
@@ -393,19 +394,19 @@ class AVAPattern {
     }
 
     public String formAVA(LDAPEntry entry)
-        throws EAuthException {
-        if (mType == TYPE_CONSTANT) 
+            throws EAuthException {
+        if (mType == TYPE_CONSTANT)
             return mValue;
 
         if (mType == TYPE_RDN) {
             String dn = entry.getDN();
 
-            if (mTestDN != null) 
+            if (mTestDN != null)
                 dn = mTestDN;
-                //System.out.println("AVAPattern Using dn "+mTestDN);
+            //System.out.println("AVAPattern Using dn "+mTestDN);
             String[] rdns = LDAPDN.explodeDN(dn, false);
 
-            if (mElement >= rdns.length) 
+            if (mElement >= rdns.length)
                 return null;
             return rdns[mElement];
         }
@@ -413,9 +414,9 @@ class AVAPattern {
         if (mType == TYPE_DN) {
             String dn = entry.getDN();
 
-            if (mTestDN != null) 
+            if (mTestDN != null)
                 dn = mTestDN;
-                //System.out.println("AVAPattern Using dn "+mTestDN);
+            //System.out.println("AVAPattern Using dn "+mTestDN);
             String[] rdns = LDAPDN.explodeDN(dn, false);
             String value = null;
             int nFound = -1;
@@ -426,14 +427,14 @@ class AVAPattern {
                 for (int j = 0; j < avas.length; j++) {
                     String[] exploded = explodeAVA(avas[j]);
 
-                    if (exploded[0].equalsIgnoreCase(mValue) && 
-                        ++nFound == mElement) {
+                    if (exploded[0].equalsIgnoreCase(mValue) &&
+                            ++nFound == mElement) {
                         value = exploded[1];
                         break;
                     }
                 }
             }
-            if (value == null) 
+            if (value == null)
                 return null;
             return mAttr + "=" + value;
         }
@@ -441,11 +442,11 @@ class AVAPattern {
         if (mType == TYPE_ATTR) {
             LDAPAttribute ldapAttr = entry.getAttribute(mValue);
 
-            if (ldapAttr == null) 
+            if (ldapAttr == null)
                 return null;
             String value = null;
             @SuppressWarnings("unchecked")
-			Enumeration<String> ldapValues = ldapAttr.getStringValues();
+            Enumeration<String> ldapValues = ldapAttr.getStringValues();
 
             for (int i = 0; ldapValues.hasMoreElements(); i++) {
                 String val = (String) ldapValues.nextElement();
@@ -455,7 +456,7 @@ class AVAPattern {
                     break;
                 }
             }
-            if (value == null) 
+            if (value == null)
                 return null;
             String v = escapeLdapString(value);
 
@@ -486,16 +487,16 @@ class AVAPattern {
                 int k = i + 1;
 
                 if (i == len - 1 ||
-                    (c[k] == ',' || c[k] == '=' || c[k] == '+' || c[k] == '<' ||
-                        c[k] == '>' || c[k] == '#' || c[k] == ';')) {
+                        (c[k] == ',' || c[k] == '=' || c[k] == '+' || c[k] == '<' ||
+                                c[k] == '>' || c[k] == '#' || c[k] == ';')) {
                     newc[j++] = '\\';
                     newc[j++] = c[i];
                 }
             } // escape QUOTATION
             else if (c[i] == '"') {
-                if ((i == 0 && c[len - 1] != '"') || 
-                    (i == len - 1 && c[0] != '"') || 
-                    (i > 0 && i < len - 1)) {
+                if ((i == 0 && c[len - 1] != '"') ||
+                        (i == len - 1 && c[0] != '"') ||
+                        (i > 0 && i < len - 1)) {
                     newc[j++] = '\\';
                     newc[j++] = c[i];
                 }
@@ -513,20 +514,20 @@ class AVAPattern {
     }
 
     /**
-     * Explode RDN into AVAs. 
-     * Does not handle escaped '+' 
+     * Explode RDN into AVAs.
+     * Does not handle escaped '+'
      * Java ldap library does not yet support multiple avas per rdn.
-     * If RDN is malformed returns empty array. 
+     * If RDN is malformed returns empty array.
      */
     public static String[] explodeRDN(String rdn) {
         int plus = rdn.indexOf('+');
 
-        if (plus == -1) 
+        if (plus == -1)
             return new String[] { rdn };
         Vector<String> avas = new Vector<String>();
         StringTokenizer token = new StringTokenizer(rdn, "+");
 
-        while (token.hasMoreTokens()) 
+        while (token.hasMoreTokens())
             avas.addElement(token.nextToken());
         String[] theAvas = new String[avas.size()];
 
@@ -535,17 +536,16 @@ class AVAPattern {
     }
 
     /**
-     * Explode AVA into name and value. 
+     * Explode AVA into name and value.
      * Does not handle escaped '='
      * If AVA is malformed empty array is returned.
      */
     public static String[] explodeAVA(String ava) {
         int equals = ava.indexOf('=');
 
-        if (equals == -1) 
+        if (equals == -1)
             return null;
         return new String[] {
-                ava.substring(0, equals).trim(), ava.substring(equals + 1).trim()};
+                ava.substring(0, equals).trim(), ava.substring(equals + 1).trim() };
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java
index 270d1fa2..65ef434a 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
@@ -48,16 +47,15 @@ import com.netscape.certsrv.usrgrp.ICertUserLocator;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
 
-
 /**
- * Certificate server agent authentication.  
- * Maps a SSL client authenticate certificate to a user (agent) entry in the 
- * internal database. 
+ * Certificate server agent authentication.
+ * Maps a SSL client authenticate certificate to a user (agent) entry in the
+ * internal database.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class AgentCertAuthentication implements IAuthManager, 
+public class AgentCertAuthentication implements IAuthManager,
         IProfileAuthenticator {
 
     /* result auth token attributes */
@@ -91,14 +89,14 @@ public class AgentCertAuthentication implements IAuthManager,
     /**
      * initializes the CertUserDBAuthentication auth manager
      * <p>
-     * called by AuthSubsystem init() method, when initializing
-     * all available authentication managers.
+     * called by AuthSubsystem init() method, when initializing all available authentication managers.
+     * 
      * @param name The name of this authentication manager instance.
      * @param implName The name of the authentication manager plugin.
      * @param config The configuration store for this authentication manager.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -106,7 +104,7 @@ public class AgentCertAuthentication implements IAuthManager,
         mUGSub = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
         mCULocator = mUGSub.getCertUserLocator();
     }
- 
+
     /**
      * Gets the name of this authentication manager.
      */
@@ -120,7 +118,7 @@ public class AgentCertAuthentication implements IAuthManager,
     public String getImplName() {
         return mImplName;
     }
- 
+
     public boolean isSSLClientRequired() {
         return true;
     }
@@ -128,29 +126,29 @@ public class AgentCertAuthentication implements IAuthManager,
     /**
      * authenticates user(agent) by certificate
      * <p>
-     * called by other subsystems or their servlets to authenticate
-     *	 users (agents)
+     * called by other subsystems or their servlets to authenticate users (agents)
+     * 
      * @param authCred - authentication credential that contains
-     *	 an usrgrp.Certificates of the user (agent)
+     *            an usrgrp.Certificates of the user (agent)
      * @return the authentication token that contains the following
-     *
+     * 
      * @exception EMissingCredential If a required credential for this
-     * authentication manager is missing.
+     *                authentication manager is missing.
      * @exception EInvalidCredentials If credentials cannot be authenticated.
      * @exception EBaseException If an internal error occurred.
      * @see com.netscape.certsrv.authentication.AuthToken
      * @see com.netscape.certsrv.usrgrp.Certificates
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
-      
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
+
         CMS.debug("AgentCertAuthentication: start");
-        CMS.debug("authenticator instance name is "+getName());
+        CMS.debug("authenticator instance name is " + getName());
 
         // force SSL handshake
         SessionContext context = SessionContext.getExistingContext();
         ISSLClientCertProvider provider = (ISSLClientCertProvider)
-            context.get("sslClientCertProvider");
+                context.get("sslClientCertProvider");
 
         if (provider == null) {
             CMS.debug("AgentCertAuthentication: No SSL Client Cert Provider Found");
@@ -185,15 +183,15 @@ public class AgentCertAuthentication implements IAuthManager,
         // check if certificate(s) is revoked
         boolean checkRevocation = true;
         try {
-           checkRevocation = mConfig.getBoolean("checkRevocation", true);
+            checkRevocation = mConfig.getBoolean("checkRevocation", true);
         } catch (EBaseException e) {
-           // do nothing; default to true
+            // do nothing; default to true
         }
         if (checkRevocation) {
-          if (CMS.isRevoked(ci)) {
-             CMS.debug("AgentCertAuthentication: certificate revoked");
-             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-          }
+            if (CMS.isRevoked(ci)) {
+                CMS.debug("AgentCertAuthentication: certificate revoked");
+                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+            }
         }
 
         // map cert to user
@@ -205,7 +203,7 @@ public class AgentCertAuthentication implements IAuthManager,
         } catch (EUsrGrpException e) {
             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
         } catch (netscape.ldap.LDAPException e) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
                         e.toString()));
         }
 
@@ -219,16 +217,16 @@ public class AgentCertAuthentication implements IAuthManager,
         IConfigStore sconfig = CMS.getConfigStore();
         String groupname = "";
         try {
-            groupname = sconfig.getString("auths.instance."+ getName() +".agentGroup", 
-              "");
+            groupname = sconfig.getString("auths.instance." + getName() + ".agentGroup",
+                    "");
         } catch (EBaseException ee) {
         }
 
         if (!groupname.equals("")) {
-            CMS.debug("check if "+user.getUserID()+" is  in group "+groupname);
-            IUGSubsystem uggroup = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG);
+            CMS.debug("check if " + user.getUserID() + " is  in group " + groupname);
+            IUGSubsystem uggroup = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
             if (!uggroup.isMemberOf(user, groupname)) {
-                CMS.debug(user.getUserID()+" is not in this group "+groupname);
+                CMS.debug(user.getUserID() + " is not in this group " + groupname);
                 throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHORIZATION_ERROR"));
             }
         }
@@ -237,7 +235,7 @@ public class AgentCertAuthentication implements IAuthManager,
         authToken.set(TOKEN_USERID, user.getUserID());
         authToken.set(TOKEN_UID, user.getUserID());
         authToken.set(TOKEN_GROUP, groupname);
-        authToken.set(CRED_CERT, certs);  
+        authToken.set(CRED_CERT, certs);
 
         CMS.debug("AgentCertAuthentication: authenticated " + user.getUserDN());
 
@@ -246,10 +244,11 @@ public class AgentCertAuthentication implements IAuthManager,
 
     /**
      * get the list of authentication credential attribute names
-     *	 required by this authentication manager. Generally used by
-     *	 the servlets that handle agent operations to authenticate its
-     *	 users.  It calls this method to know which are the
-     *	 required credentials from the user (e.g. Javascript form data)
+     * required by this authentication manager. Generally used by
+     * the servlets that handle agent operations to authenticate its
+     * users. It calls this method to know which are the
+     * required credentials from the user (e.g. Javascript form data)
+     * 
      * @return attribute names in Vector
      */
     public String[] getRequiredCreds() {
@@ -258,14 +257,15 @@ public class AgentCertAuthentication implements IAuthManager,
 
     /**
      * get the list of configuration parameter names
-     *	 required by this authentication manager.  Generally used by
-     *	 the Certificate Server Console to display the table for
-     *	 configuration purposes.  CertUserDBAuthentication is currently not
-     *	 exposed in this case, so this method is not to be used.
+     * required by this authentication manager. Generally used by
+     * the Certificate Server Console to display the table for
+     * configuration purposes. CertUserDBAuthentication is currently not
+     * exposed in this case, so this method is not to be used.
+     * 
      * @return configuration parameter names in Hashtable of Vectors
-     *	 where each hashtable entry's key is the substore name, value is a
-     * Vector of parameter names.  If no substore, the parameter name
-     *	 is the Hashtable key itself, with value same as key.
+     *         where each hashtable entry's key is the substore name, value is a
+     *         Vector of parameter names. If no substore, the parameter name
+     *         is the Hashtable key itself, with value same as key.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
@@ -279,7 +279,8 @@ public class AgentCertAuthentication implements IAuthManager,
 
     /**
      * gets the configuretion substore used by this authentication
-     *  manager
+     * manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -289,7 +290,7 @@ public class AgentCertAuthentication implements IAuthManager,
     // Profile-related methods
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
@@ -326,6 +327,6 @@ public class AgentCertAuthentication implements IAuthManager,
     }
 
     public void populate(IAuthToken token, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java b/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java
index fef68c1c..c699be92 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java
@@ -20,7 +20,6 @@
 
 package com.netscape.cms.authentication;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -101,7 +100,7 @@ import com.netscape.cmsutil.util.Utils;
 /**
  * UID/CMC authentication plug-in
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
@@ -110,133 +109,126 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
     ////////////////////////
     // default parameters //
     ////////////////////////
-    
-    
-    
+
     /////////////////////////////
     // IAuthManager parameters //
     /////////////////////////////
-    
+
     /* authentication plug-in configuration store */
     private IConfigStore mConfig;
     private static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----";
     private static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----";
-    public static final String TOKEN_CERT_SERIAL = "certSerialToRevoke";    
+    public static final String TOKEN_CERT_SERIAL = "certSerialToRevoke";
     public static final String REASON_CODE = "reasonCode";
     /* authentication plug-in name */
     private String mImplName = null;
-    
+
     /* authentication plug-in instance name */
     private String mName = null;
-    
+
     /* authentication plug-in fields */
-    
-    
-    
+
     /* Holds authentication plug-in fields accepted by this implementation.
      * This list is passed to the configuration console so configuration
      * for instances of this implementation can be configured through the
      * console.
      */
     protected static String[] mConfigParams =
-        new String[] {};
-    
+            new String[] {};
+
     /* authentication plug-in values */
-    
+
     /* authentication plug-in properties */
-    
-    
+
     /* required credentials to authenticate. UID and CMC are strings. */
     public static final String CRED_CMC = "cmcRequest";
-    
+
     protected static String[] mRequiredCreds = {};
-    
+
     ////////////////////////////////////
     // IExtendedPluginInfo parameters //
     ////////////////////////////////////
-    
+
     /* Vector of extendedPluginInfo strings */
     protected static Vector mExtendedPluginInfo = null;
     //public static final String AGENT_AUTHMGR_ID = "agentAuthMgr";
     //public static final String AGENT_PLUGIN_ID = "agentAuthPlugin";
-    
-    
+
     /* actual help messages */
     static {
         mExtendedPluginInfo = new Vector();
-        
+
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT +
-            ";Authenticate the CMC request. The signer must be an agent. The \"Authentication Instance ID\" must be named \"CMCAuth\"");
+                ";Authenticate the CMC request. The signer must be an agent. The \"Authentication Instance ID\" must be named \"CMCAuth\"");
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-authentication");
+                ";configuration-authentication");
     }
-    
+
     ///////////////////////
     // Logger parameters //
     ///////////////////////
-    
+
     /* the system's logger */
     private ILogger mLogger = CMS.getLogger();
-    
+
     /* signed audit parameters */
     private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
     private final static String SIGNED_AUDIT_ENROLLMENT_REQUEST_TYPE =
-        "enrollment";
+            "enrollment";
     private final static String SIGNED_AUDIT_REVOCATION_REQUEST_TYPE =
-        "revocation";
-    private final static String
-        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY =
-        "LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY_5";
+            "revocation";
+    private final static String LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY =
+            "LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY_5";
 
     /////////////////////
     // default methods //
     /////////////////////
-    
+
     /**
      * Default constructor, initialization must follow.
      */
     public CMCAuth() {
     }
-    
+
     //////////////////////////
     // IAuthManager methods //
     //////////////////////////
-    
+
     /**
      * Initializes the CMCAuth authentication plug-in.
      * <p>
+     * 
      * @param name The name for this authentication plug-in instance.
      * @param implName The name of the authentication plug-in.
      * @param config - The configuration store for this instance.
      * @exception EBaseException If an error occurs during initialization.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
-        
+
         log(ILogger.LL_INFO, "Initialization complete!");
     }
-    
+
     /**
      * Authenticates user by their CMC;
      * resulting AuthToken sets a TOKEN_SUBJECT for the subject name.
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY
-     * used when CMC (agent-pre-signed) cert requests or revocation requests
-     * are submitted and signature is verified
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY used when CMC (agent-pre-signed) cert requests or revocation requests are submitted and signature is verified
      * </ul>
+     * 
      * @param authCred Authentication credentials, CRED_UID and CRED_CMC.
      * @return an AuthToken
      * @exception com.netscape.certsrv.authentication.EMissingCredential
-     *            If a required authentication credential is missing.
+     *                If a required authentication credential is missing.
      * @exception com.netscape.certsrv.authentication.EInvalidCredentials
-     *            If credentials failed authentication.
+     *                If credentials failed authentication.
      * @exception com.netscape.certsrv.base.EBaseException
-     *            If an internal error occurred.
+     *                If an internal error occurred.
      * @see com.netscape.certsrv.authentication.AuthToken
      */
     public IAuthToken authenticate(IAuthCredentials authCred) throws EMissingCredential, EInvalidCredentials, EBaseException {
@@ -245,13 +237,13 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
         String auditReqType = ILogger.UNIDENTIFIED;
         String auditCertSubject = ILogger.UNIDENTIFIED;
         String auditSignerInfo = ILogger.UNIDENTIFIED;
-        
+
         // ensure that any low-level exceptions are reported
         // to the signed audit log and stored as failures
         try {
             // get the CMC.
 
-            Object argblock = (Object)(authCred.getArgBlock());
+            Object argblock = (Object) (authCred.getArgBlock());
             Object returnVal = null;
             if (argblock == null) {
                 returnVal = authCred.get("cert_request");
@@ -266,140 +258,139 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
             if (cmc == null) {
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditReqType,
-                    auditCertSubject,
-                    auditSignerInfo );
+                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditReqType,
+                        auditCertSubject,
+                        auditSignerInfo);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new EMissingCredential(CMS.getUserMessage(
-                    "CMS_AUTHENTICATION_NULL_CREDENTIAL",CRED_CMC));
+                        "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC));
             }
 
             if (cmc.equals("")) {
                 log(ILogger.LL_FAILURE,
-                    "cmc : attempted login with empty CMC.");
+                        "cmc : attempted login with empty CMC.");
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditReqType,
-                    auditCertSubject,
-                    auditSignerInfo );
+                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditReqType,
+                        auditCertSubject,
+                        auditSignerInfo);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new EInvalidCredentials(CMS.getUserMessage(
-                    "CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+                        "CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
             }
-        
+
             // authenticate by checking CMC.
-        
+
             // everything OK.
             // now formulate the certificate info.
             // set the subject name at a minimum.
             // set anything else like version, extensions, etc.
             // if nothing except subject name is set the rest of
             // cert info will be filled in by policies and CA defaults.
-        
+
             AuthToken authToken = new AuthToken(this);
-        
+
             try {
                 String asciiBASE64Blob;
-                
+
                 int startIndex = cmc.indexOf(HEADER);
                 int endIndex = cmc.indexOf(TRAILER);
-                if (startIndex!= -1 && endIndex!=-1) {
+                if (startIndex != -1 && endIndex != -1) {
                     startIndex = startIndex + HEADER.length();
-                    asciiBASE64Blob=cmc.substring(startIndex, endIndex);
-                }else
+                    asciiBASE64Blob = cmc.substring(startIndex, endIndex);
+                } else
                     asciiBASE64Blob = cmc;
 
-
                 byte[] cmcBlob = CMS.AtoB(asciiBASE64Blob);
-                ByteArrayInputStream cmcBlobIn= new
+                ByteArrayInputStream cmcBlobIn = new
                                                  ByteArrayInputStream(cmcBlob);
-            
+
                 org.mozilla.jss.pkix.cms.ContentInfo cmcReq =
-                    (org.mozilla.jss.pkix.cms.ContentInfo)
-                    org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(
-                        cmcBlobIn);
+                        (org.mozilla.jss.pkix.cms.ContentInfo)
+                        org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(
+                                cmcBlobIn);
 
-                if(!cmcReq.getContentType().equals(
-                    org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) ||
-                    !cmcReq.hasContent()) {
+                if (!cmcReq.getContentType().equals(
+                        org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) ||
+                        !cmcReq.hasContent()) {
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditReqType,
-                        auditCertSubject,
-                        auditSignerInfo );
+                            LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditReqType,
+                            auditCertSubject,
+                            auditSignerInfo);
 
-                    audit( auditMessage );
+                    audit(auditMessage);
 
                     // throw new ECMSGWException(CMSGWResources.NO_CMC_CONTENT);
 
                     throw new EBaseException("NO_CMC_CONTENT");
                 }
-            
+
                 SignedData cmcFullReq = (SignedData)
                                         cmcReq.getInterpretedContent();
-            
+
                 IConfigStore cmc_config = CMS.getConfigStore();
                 boolean checkSignerInfo =
-                    cmc_config.getBoolean("cmc.signerInfo.verify", true);
+                        cmc_config.getBoolean("cmc.signerInfo.verify", true);
                 String userid = "defUser";
                 String uid = "defUser";
                 if (checkSignerInfo) {
-                    IAuthToken agentToken = verifySignerInfo(authToken,cmcFullReq);
+                    IAuthToken agentToken = verifySignerInfo(authToken, cmcFullReq);
                     userid = agentToken.getInString("userid");
                     uid = agentToken.getInString("cn");
                 } else {
                     CMS.debug("CMCAuth: authenticate() signerInfo verification bypassed");
                 }
                 // reset value of auditSignerInfo
-                if( uid != null ) {
+                if (uid != null) {
                     auditSignerInfo = uid.trim();
                 }
 
                 EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
-            
+
                 OBJECT_IDENTIFIER id = ci.getContentType();
 
                 if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) ||
-                    !ci.hasContent()) {
+                        !ci.hasContent()) {
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditReqType,
-                        auditCertSubject,
-                        auditSignerInfo );
+                            LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditReqType,
+                            auditCertSubject,
+                            auditSignerInfo);
 
-                    audit( auditMessage );
+                    audit(auditMessage);
 
                     //  throw new ECMSGWException(
                     // CMSGWResources.NO_PKIDATA);
 
                     throw new EBaseException("NO_PKIDATA");
                 }
-            
+
                 OCTET_STRING content = ci.getContent();
-            
+
                 ByteArrayInputStream s = new
-                    ByteArrayInputStream(content.toByteArray());
+                        ByteArrayInputStream(content.toByteArray());
                 PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
-            
+
                 SEQUENCE reqSequence = pkiData.getReqSequence();
-            
+
                 int numReqs = reqSequence.size();
 
                 if (numReqs == 0) {
@@ -414,11 +405,11 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
                     if (controlSize > 0) {
                         for (int i = 0; i < controlSize; i++) {
                             TaggedAttribute taggedAttribute =
-                                (TaggedAttribute) controlSequence.elementAt(i);
+                                    (TaggedAttribute) controlSequence.elementAt(i);
                             OBJECT_IDENTIFIER type = taggedAttribute.getType();
 
-                            if( type.equals(
-                                OBJECT_IDENTIFIER.id_cmc_revokeRequest)) {
+                            if (type.equals(
+                                    OBJECT_IDENTIFIER.id_cmc_revokeRequest)) {
                                 // if( i ==1 ) {
                                 //     taggedAttribute.getType() ==
                                 //       OBJECT_IDENTIFIER.id_cmc_revokeRequest
@@ -431,19 +422,17 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
                                 bigIntArray = new BigInteger[numVals];
                                 for (int j = 0; j < numVals; j++) {
                                     // serialNumber    INTEGER
-                                
+
                                     // SEQUENCE RevRequest = (SEQUENCE)
                                     //     values.elementAt(j);
                                     byte[] encoded = ASN1Util.encode(
-                                        values.elementAt(j));
-                                    org.mozilla.jss.asn1.ASN1Template
-                                        template = new 
-                                        org.mozilla.jss.pkix.cmmf.RevRequest.Template();
-                                    org.mozilla.jss.pkix.cmmf.RevRequest
-                                        revRequest =
-                                        (org.mozilla.jss.pkix.cmmf.RevRequest) 
-                                        ASN1Util.decode(template, encoded);
-                               
+                                            values.elementAt(j));
+                                    org.mozilla.jss.asn1.ASN1Template template = new
+                                            org.mozilla.jss.pkix.cmmf.RevRequest.Template();
+                                    org.mozilla.jss.pkix.cmmf.RevRequest revRequest =
+                                            (org.mozilla.jss.pkix.cmmf.RevRequest)
+                                            ASN1Util.decode(template, encoded);
+
                                     // SEQUENCE RevRequest = (SEQUENCE)
                                     //     ASN1Util.decode(
                                     //         SEQUENCE.getTemplate(),
@@ -460,20 +449,20 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
 
                                     INTEGER temp = revRequest.getSerialNumber();
                                     int temp2 = temp.intValue();
-                                    
+
                                     bigIntArray[j] = temp;
-                                    authToken.set(TOKEN_CERT_SERIAL,bigIntArray);
-                                    
+                                    authToken.set(TOKEN_CERT_SERIAL, bigIntArray);
+
                                     long reasonCode = revRequest.getReason().getValue();
-                                    Integer IntObject = Integer.valueOf((int)reasonCode);
-                                    authToken.set(REASON_CODE,IntObject);
-                                    
-                                    authToken.set("uid",uid);
-                                    authToken.set("userid",userid);
+                                    Integer IntObject = Integer.valueOf((int) reasonCode);
+                                    authToken.set(REASON_CODE, IntObject);
+
+                                    authToken.set("uid", uid);
+                                    authToken.set("userid", userid);
                                 }
                             }
                         }
-                    
+
                     }
                 } else {
                     // enrollment request
@@ -487,33 +476,33 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
                     for (int i = 0; i < numReqs; i++) {
                         // decode message.
                         TaggedRequest taggedRequest =
-                            (TaggedRequest) reqSequence.elementAt(i);
+                                (TaggedRequest) reqSequence.elementAt(i);
 
                         TaggedRequest.Type type = taggedRequest.getType();
 
                         if (type.equals(TaggedRequest.PKCS10)) {
                             CMS.debug("CMCAuth: in PKCS10");
                             TaggedCertificationRequest tcr =
-                                taggedRequest.getTcr();
+                                    taggedRequest.getTcr();
                             int p10Id = tcr.getBodyPartID().intValue();
 
                             reqIdArray[i] = String.valueOf(p10Id);
 
                             CertificationRequest p10 =
-                                tcr.getCertificationRequest();
+                                    tcr.getCertificationRequest();
 
                             // transfer to sun class
                             ByteArrayOutputStream ostream =
-                                new ByteArrayOutputStream();
+                                    new ByteArrayOutputStream();
 
                             p10.encode(ostream);
                             try {
                                 PKCS10 pkcs10 =
-                                    new PKCS10(ostream.toByteArray());
+                                        new PKCS10(ostream.toByteArray());
 
                                 // xxx do we need to do anything else?
                                 X509CertInfo certInfo =
-                                    CMS.getDefaultX509CertInfo();
+                                        CMS.getDefaultX509CertInfo();
 
                                 // fillPKCS10(certInfo,pkcs10,authToken,null);
 
@@ -523,12 +512,12 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
                                 X500Name tempName = pkcs10.getSubjectName();
 
                                 // reset value of auditCertSubject
-                                if( tempName != null ) {
+                                if (tempName != null) {
                                     auditCertSubject =
-                                        tempName.toString().trim();
-                                    if( auditCertSubject.equals( "" ) ) {
+                                            tempName.toString().trim();
+                                    if (auditCertSubject.equals("")) {
                                         auditCertSubject =
-                                            ILogger.SIGNED_AUDIT_EMPTY_VALUE;
+                                                ILogger.SIGNED_AUDIT_EMPTY_VALUE;
                                     }
                                     authToken.set(AuthToken.TOKEN_CERT_SUBJECT,
                                               tempName.toString());
@@ -541,19 +530,19 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
                             } catch (Exception e) {
                                 // store a message in the signed audit log file
                                 auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditReqType,
-                                    auditCertSubject,
-                                    auditSignerInfo );
+                                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                                        auditSubjectID,
+                                        ILogger.FAILURE,
+                                        auditReqType,
+                                        auditCertSubject,
+                                        auditSignerInfo);
 
-                                audit( auditMessage );
+                                audit(auditMessage);
 
                                 //throw new ECMSGWException(
                                 //CMSGWResources.ERROR_PKCS101, e.toString());
 
-                                e.printStackTrace();    
+                                e.printStackTrace();
                                 throw new EBaseException(e.toString());
                             }
                         } else if (type.equals(TaggedRequest.CRMF)) {
@@ -561,7 +550,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
                             CMS.debug("CMCAuth: in CRMF");
                             try {
                                 CertReqMsg crm =
-                                    taggedRequest.getCrm();
+                                        taggedRequest.getCrm();
                                 CertRequest certReq = crm.getCertReq();
                                 INTEGER reqID = certReq.getCertReqId();
                                 reqIdArray[i] = reqID.toString();
@@ -570,16 +559,16 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
 
                                 // xxx do we need to do anything else?
                                 X509CertInfo certInfo =
-                                    CMS.getDefaultX509CertInfo();
+                                        CMS.getDefaultX509CertInfo();
 
                                 // reset value of auditCertSubject
-                                if( name != null ) {
+                                if (name != null) {
                                     String ss = name.getRFC1485();
 
                                     auditCertSubject = ss;
-                                    if( auditCertSubject.equals( "" ) ) {
+                                    if (auditCertSubject.equals("")) {
                                         auditCertSubject =
-                                            ILogger.SIGNED_AUDIT_EMPTY_VALUE;
+                                                ILogger.SIGNED_AUDIT_EMPTY_VALUE;
                                     }
 
                                     authToken.set(AuthToken.TOKEN_CERT_SUBJECT, ss);
@@ -590,14 +579,14 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
                             } catch (Exception e) {
                                 // store a message in the signed audit log file
                                 auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditReqType,
-                                    auditCertSubject,
-                                    auditSignerInfo );
+                                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                                        auditSubjectID,
+                                        ILogger.FAILURE,
+                                        auditReqType,
+                                        auditCertSubject,
+                                        auditSignerInfo);
 
-                                audit( auditMessage );
+                                audit(auditMessage);
 
                                 //throw new ECMSGWException(
                                 //CMSGWResources.ERROR_PKCS101, e.toString());
@@ -615,134 +604,138 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
             } catch (Exception e) {
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditReqType,
-                    auditCertSubject,
-                    auditSignerInfo );
+                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditReqType,
+                        auditCertSubject,
+                        auditSignerInfo);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 //Debug.printStackTrace(e);
                 throw new EInvalidCredentials(CMS.getUserMessage(
-                    "CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+                        "CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
             }
-        
+
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                auditSubjectID,
-                ILogger.SUCCESS,
-                auditReqType,
-                auditCertSubject,
-                auditSignerInfo );
+                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                    auditSubjectID,
+                    ILogger.SUCCESS,
+                    auditReqType,
+                    auditCertSubject,
+                    auditSignerInfo);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
             return authToken;
-        } catch( EMissingCredential eAudit1 ) {
+        } catch (EMissingCredential eAudit1) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                auditSubjectID,
-                ILogger.FAILURE,
-                auditReqType,
-                auditCertSubject,
-                auditSignerInfo );
+                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                    auditSubjectID,
+                    ILogger.FAILURE,
+                    auditReqType,
+                    auditCertSubject,
+                    auditSignerInfo);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
             // rethrow the specific exception to be handled later
             throw eAudit1;
-        } catch( EInvalidCredentials eAudit2 ) {
+        } catch (EInvalidCredentials eAudit2) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                auditSubjectID,
-                ILogger.FAILURE,
-                auditReqType,
-                auditCertSubject,
-                auditSignerInfo );
+                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                    auditSubjectID,
+                    ILogger.FAILURE,
+                    auditReqType,
+                    auditCertSubject,
+                    auditSignerInfo);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
             // rethrow the specific exception to be handled later
             throw eAudit2;
-        } catch( EBaseException eAudit3 ) {
+        } catch (EBaseException eAudit3) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                auditSubjectID,
-                ILogger.FAILURE,
-                auditReqType,
-                auditCertSubject,
-                auditSignerInfo );
+                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                    auditSubjectID,
+                    ILogger.FAILURE,
+                    auditReqType,
+                    auditCertSubject,
+                    auditSignerInfo);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
             // rethrow the specific exception to be handled later
             throw eAudit3;
         }
     }
-    
+
     /**
      * Returns a list of configuration parameter names.
      * The list is passed to the configuration console so instances of
      * this implementation can be configured through the console.
      * <p>
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
     }
-    
+
     /**
      * gets the configuration substore used by this authentication
-     *  plug-in
+     * plug-in
      * <p>
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
         return mConfig;
     }
-    
+
     /**
      * gets the plug-in name of this authentication plug-in.
      */
     public String getImplName() {
         return mImplName;
     }
-    
+
     /**
      * gets the name of this authentication plug-in instance
      */
     public String getName() {
         return mName;
     }
-    
+
     /**
      * get the list of required credentials.
      * <p>
+     * 
      * @return list of required credentials as strings.
      */
     public String[] getRequiredCreds() {
         return (mRequiredCreds);
     }
-    
+
     /**
      * prepares for shutdown.
      */
     public void shutdown() {
     }
-    
+
     /////////////////////////////////
     // IExtendedPluginInfo methods //
     /////////////////////////////////
-    
+
     /**
      * Activate the help system.
      * <p>
+     * 
      * @return help messages
      */
     public String[] getExtendedPluginInfo() {
@@ -755,14 +748,15 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
         }
         return s;
     }
-    
+
     ////////////////////
     // Logger methods //
     ////////////////////
-    
+
     /**
      * Logs a message for this class in the system log file.
      * <p>
+     * 
      * @param level The log level.
      * @param msg The message to log.
      * @see com.netscape.certsrv.logging.ILogger
@@ -771,19 +765,19 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, "CMC Authentication: " + msg);
+                level, "CMC Authentication: " + msg);
     }
-    
-    protected IAuthToken verifySignerInfo(AuthToken authToken,SignedData cmcFullReq) throws EInvalidCredentials {
-        
+
+    protected IAuthToken verifySignerInfo(AuthToken authToken, SignedData cmcFullReq) throws EInvalidCredentials {
+
         EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
         OBJECT_IDENTIFIER id = ci.getContentType();
         OCTET_STRING content = ci.getContent();
-        
+
         try {
             ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
             PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
-            
+
             SET dais = cmcFullReq.getDigestAlgorithmIdentifiers();
             int numDig = dais.size();
             Hashtable digs = new Hashtable();
@@ -792,24 +786,24 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
             //object in the signedData object.
             for (int i = 0; i < numDig; i++) {
                 AlgorithmIdentifier dai =
-                    (AlgorithmIdentifier) dais.elementAt(i);
+                        (AlgorithmIdentifier) dais.elementAt(i);
                 String name =
-                    DigestAlgorithm.fromOID(dai.getOID()).toString();
-                
+                        DigestAlgorithm.fromOID(dai.getOID()).toString();
+
                 MessageDigest md =
-                    MessageDigest.getInstance(name);
-                
+                        MessageDigest.getInstance(name);
+
                 byte[] digest = md.digest(content.toByteArray());
 
                 digs.put(name, digest);
             }
-            
+
             SET sis = cmcFullReq.getSignerInfos();
             int numSis = sis.size();
-            
+
             for (int i = 0; i < numSis; i++) {
                 org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis.elementAt(i);
-                
+
                 String name = si.getDigestAlgorithm().toString();
                 byte[] digest = (byte[]) digs.get(name);
 
@@ -819,7 +813,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
 
                     pkiData.encode((OutputStream) ostream);
                     digest = md.digest(ostream.toByteArray());
-                    
+
                 }
                 // signed  by  previously certified signature key
                 SignerIdentifier sid = si.getSignerIdentifier();
@@ -833,30 +827,29 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
                         SET certs = cmcFullReq.getCertificates();
                         int numCerts = certs.size();
                         java.security.cert.X509Certificate[] x509Certs = new java.security.cert.X509Certificate[1];
-                         byte[] certByteArray = new byte[0];
-                         for (int j = 0; j < numCerts; j++) {
+                        byte[] certByteArray = new byte[0];
+                        for (int j = 0; j < numCerts; j++) {
                             Certificate certJss = (Certificate) certs.elementAt(j);
                             CertificateInfo certI = certJss.getInfo();
                             Name issuer = certI.getIssuer();
-                            
+
                             byte[] issuerB = ASN1Util.encode(issuer);
-                            INTEGER sn = certI.getSerialNumber(); 
+                            INTEGER sn = certI.getSerialNumber();
                             // if this cert is the signer cert, not a cert in the chain
                             if (new String(issuerB).equals(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer())))
-                            && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString()) ) 
-                            {
+                                    && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
                                 ByteArrayOutputStream os = new
-                                    ByteArrayOutputStream();
+                                        ByteArrayOutputStream();
 
                                 certJss.encode(os);
-                                certByteArray =  os.toByteArray();
- 
+                                certByteArray = os.toByteArray();
+
                                 X509CertImpl tempcert = new X509CertImpl(os.toByteArray());
 
                                 cert = tempcert;
                                 x509Certs[0] = cert;
-                                 // xxx validate the cert length
-                                
+                                // xxx validate the cert length
+
                             }
                         }
                         CMS.debug("CMCAuth: start checking signature");
@@ -880,38 +873,38 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
                             si.verify(digest, id, pubK);
                         }
                         CMS.debug("CMCAuth: finished checking signature");
-                         // verify signer's certificate using the revocator
-                        CryptoManager cm = CryptoManager.getInstance(); 
-                        if( ! cm.isCertValid( certByteArray, true,CryptoManager.CertUsage.SSLClient) )
+                        // verify signer's certificate using the revocator
+                        CryptoManager cm = CryptoManager.getInstance();
+                        if (!cm.isCertValid(certByteArray, true, CryptoManager.CertUsage.SSLClient))
                             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
 
-                       // authenticate signer's certificate using the userdb
+                        // authenticate signer's certificate using the userdb
                         IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-                         
+
                         IAuthManager agentAuth = authSS.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);//AGENT_AUTHMGR_ID);
-                        IAuthCredentials agentCred  = new com.netscape.certsrv.authentication.AuthCredentials();
-                        
+                        IAuthCredentials agentCred = new com.netscape.certsrv.authentication.AuthCredentials();
+
                         agentCred.set(IAuthManager.CRED_SSL_CLIENT_CERT, x509Certs);
-                        
+
                         IAuthToken tempToken = agentAuth.authenticate(agentCred);
                         netscape.security.x509.X500Name tempPrincipal = (X500Name) x509Certs[0].getSubjectDN();
                         String CN = (String) tempPrincipal.getCommonName();//tempToken.get("userid");
-                        
-                        BigInteger agentCertSerial  = x509Certs[0].getSerialNumber();
-                        authToken.set(IAuthManager.CRED_SSL_CLIENT_CERT,agentCertSerial.toString());
-                        tempToken.set("cn",CN);
+
+                        BigInteger agentCertSerial = x509Certs[0].getSerialNumber();
+                        authToken.set(IAuthManager.CRED_SSL_CLIENT_CERT, agentCertSerial.toString());
+                        tempToken.set("cn", CN);
                         return tempToken;
-                        
+
                     }
                     // find from internaldb if it's ca. (ra does not have that.)
                     // find from internaldb usrgrp info
-                    
+
                     // find from certDB
-					si.verify(digest, id);
-                    
+                    si.verify(digest, id);
+
                 } // 
             }
-        }catch (InvalidBERException e) {
+        } catch (InvalidBERException e) {
             CMS.debug("CMCAuth: " + e.toString());
         } catch (IOException e) {
             CMS.debug("CMCAuth: " + e.toString());
@@ -919,7 +912,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
         }
         return (IAuthToken) null;
-        
+
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
@@ -929,22 +922,20 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
     // Profile-related methods
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
      * Retrieves the localizable name of this policy.
      */
-    public String getName(Locale locale)
-    {
+    public String getName(Locale locale) {
         return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_CMS_SIGN_NAME");
     }
 
     /**
      * Retrieves the localizable description of this policy.
      */
-    public String getText(Locale locale)
-    {
+    public String getText(Locale locale) {
         return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_CMS_SIGN_TEXT");
     }
 
@@ -968,13 +959,13 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(CRED_CMC)) {
             return new Descriptor(IDescriptor.STRING_LIST, null, null,
-              "CMC request");
+                    "CMC request");
         }
         return null;
     }
 
     public void populate(IAuthToken token, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
                 token.getInString(AuthToken.TOKEN_CERT_SUBJECT));
     }
@@ -985,10 +976,10 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
 
     /**
      * Signed Audit Log
-     *
+     * 
      * This method is called to store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
     private void audit(String msg) {
@@ -1000,19 +991,19 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     /**
      * Signed Audit Log Subject ID
-     *
+     * 
      * This method is called to obtain the "SubjectID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message SubjectID
      */
     private String auditSubjectID() {
@@ -1042,4 +1033,3 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
         return subjectID;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/Crypt.java b/pki/base/common/src/com/netscape/cms/authentication/Crypt.java
index 95012039..e6dd7087 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/Crypt.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/Crypt.java
@@ -17,149 +17,148 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 public class Crypt {
     // Static data:
     static byte[]
-        IP =		// Initial permutation
-        {
-            58, 50, 42, 34, 26, 18, 10, 2,
-            60, 52, 44, 36, 28, 20, 12, 4,
-            62, 54, 46, 38, 30, 22, 14, 6,
-            64, 56, 48, 40, 32, 24, 16, 8,
-            57, 49, 41, 33, 25, 17, 9, 1,
-            59, 51, 43, 35, 27, 19, 11, 3,
-            61, 53, 45, 37, 29, 21, 13, 5,
-            63, 55, 47, 39, 31, 23, 15, 7
+            IP = // Initial permutation
+            {
+                    58, 50, 42, 34, 26, 18, 10, 2,
+                    60, 52, 44, 36, 28, 20, 12, 4,
+                    62, 54, 46, 38, 30, 22, 14, 6,
+                    64, 56, 48, 40, 32, 24, 16, 8,
+                    57, 49, 41, 33, 25, 17, 9, 1,
+                    59, 51, 43, 35, 27, 19, 11, 3,
+                    61, 53, 45, 37, 29, 21, 13, 5,
+                    63, 55, 47, 39, 31, 23, 15, 7
         },
-        FP =		// Final permutation, FP = IP^(-1)
-        {
-            40, 8, 48, 16, 56, 24, 64, 32,
-            39, 7, 47, 15, 55, 23, 63, 31,
-            38, 6, 46, 14, 54, 22, 62, 30,
-            37, 5, 45, 13, 53, 21, 61, 29,
-            36, 4, 44, 12, 52, 20, 60, 28,
-            35, 3, 43, 11, 51, 19, 59, 27,
-            34, 2, 42, 10, 50, 18, 58, 26,
-            33, 1, 41, 9, 49, 17, 57, 25
+            FP = // Final permutation, FP = IP^(-1)
+            {
+                    40, 8, 48, 16, 56, 24, 64, 32,
+                    39, 7, 47, 15, 55, 23, 63, 31,
+                    38, 6, 46, 14, 54, 22, 62, 30,
+                    37, 5, 45, 13, 53, 21, 61, 29,
+                    36, 4, 44, 12, 52, 20, 60, 28,
+                    35, 3, 43, 11, 51, 19, 59, 27,
+                    34, 2, 42, 10, 50, 18, 58, 26,
+                    33, 1, 41, 9, 49, 17, 57, 25
         },
-        // Permuted-choice 1 from the key bits to yield C and D.
-        // Note that bits 8,16... are left out:
-        // They are intended for a parity check.
-        PC1_C =
+            // Permuted-choice 1 from the key bits to yield C and D.
+            // Note that bits 8,16... are left out:
+            // They are intended for a parity check.
+            PC1_C =
         {
-            57, 49, 41, 33, 25, 17, 9,
-            1, 58, 50, 42, 34, 26, 18,
-            10, 2, 59, 51, 43, 35, 27,
-            19, 11, 3, 60, 52, 44, 36
+                57, 49, 41, 33, 25, 17, 9,
+                1, 58, 50, 42, 34, 26, 18,
+                10, 2, 59, 51, 43, 35, 27,
+                19, 11, 3, 60, 52, 44, 36
         },
-        PC1_D =
+            PC1_D =
         {
-            63, 55, 47, 39, 31, 23, 15,
-            7, 62, 54, 46, 38, 30, 22,
-            14, 6, 61, 53, 45, 37, 29,
-            21, 13, 5, 28, 20, 12, 4
+                63, 55, 47, 39, 31, 23, 15,
+                7, 62, 54, 46, 38, 30, 22,
+                14, 6, 61, 53, 45, 37, 29,
+                21, 13, 5, 28, 20, 12, 4
         },
-        shifts =	// Sequence of shifts used for the key schedule.
-        {
-            1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+            shifts = // Sequence of shifts used for the key schedule.
+            {
+                    1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
         },
-        // Permuted-choice 2, to pick out the bits from
-        // the CD array that generate the key schedule.
-        PC2_C =
+            // Permuted-choice 2, to pick out the bits from
+            // the CD array that generate the key schedule.
+            PC2_C =
         {
-            14, 17, 11, 24, 1, 5,
-            3, 28, 15, 6, 21, 10,
-            23, 19, 12, 4, 26, 8,
-            16, 7, 27, 20, 13, 2
+                14, 17, 11, 24, 1, 5,
+                3, 28, 15, 6, 21, 10,
+                23, 19, 12, 4, 26, 8,
+                16, 7, 27, 20, 13, 2
         },
-        PC2_D =
+            PC2_D =
         {
-            41, 52, 31, 37, 47, 55,
-            30, 40, 51, 45, 33, 48,
-            44, 49, 39, 56, 34, 53,
-            46, 42, 50, 36, 29, 32
+                41, 52, 31, 37, 47, 55,
+                30, 40, 51, 45, 33, 48,
+                44, 49, 39, 56, 34, 53,
+                46, 42, 50, 36, 29, 32
         },
-        e2 =		// The E-bit selection table. (see E below)
-        {
-            32, 1, 2, 3, 4, 5,
-            4, 5, 6, 7, 8, 9,
-            8, 9, 10, 11, 12, 13,
-            12, 13, 14, 15, 16, 17,
-            16, 17, 18, 19, 20, 21,
-            20, 21, 22, 23, 24, 25,
-            24, 25, 26, 27, 28, 29,
-            28, 29, 30, 31, 32, 1
+            e2 = // The E-bit selection table. (see E below)
+            {
+                    32, 1, 2, 3, 4, 5,
+                    4, 5, 6, 7, 8, 9,
+                    8, 9, 10, 11, 12, 13,
+                    12, 13, 14, 15, 16, 17,
+                    16, 17, 18, 19, 20, 21,
+                    20, 21, 22, 23, 24, 25,
+                    24, 25, 26, 27, 28, 29,
+                    28, 29, 30, 31, 32, 1
         },
-        // P is a permutation on the selected combination of
-        // the current L and key.
-        P =
+            // P is a permutation on the selected combination of
+            // the current L and key.
+            P =
         {
-            16, 7, 20, 21,
-            29, 12, 28, 17,
-            1, 15, 23, 26,
-            5, 18, 31, 10,
-            2, 8, 24, 14,
-            32, 27, 3, 9,
-            19, 13, 30, 6,
-            22, 11, 4, 25
+                16, 7, 20, 21,
+                29, 12, 28, 17,
+                1, 15, 23, 26,
+                5, 18, 31, 10,
+                2, 8, 24, 14,
+                32, 27, 3, 9,
+                19, 13, 30, 6,
+                22, 11, 4, 25
         };
     // The 8 selection functions.  For some reason, they gave a 0-origin
     // index, unlike everything else.
     static byte[][] S =
         {
-            {
-                14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
-                0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
-                4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
-                15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
-            }, {
-                15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
-                3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
-                0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
-                13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
-            }, {
-                10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
-                13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
-                13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
-                1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
-            }, {
-                7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
-                13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
-                10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
-                3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
-            }, {
-                2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
-                14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
-                4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
-                11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
-            }, {
-                12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
-                10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
-                9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
-                4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
-            }, {
-                4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
-                13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
-                1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
-                6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
-            }, {
-                13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
-                1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
-                7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
-                2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
-            }
+                {
+                        14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
+                        0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
+                        4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
+                        15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
+                }, {
+                        15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
+                        3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
+                        0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
+                        13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
+                }, {
+                        10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
+                        13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
+                        13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
+                        1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
+                }, {
+                        7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
+                        13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
+                        10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
+                        3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
+                }, {
+                        2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
+                        14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
+                        4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
+                        11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
+                }, {
+                        12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
+                        10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
+                        9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
+                        4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
+                }, {
+                        4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
+                        13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
+                        1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
+                        6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
+                }, {
+                        13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
+                        1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
+                        7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
+                        2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
+                }
         };
 
     // Dynamic data:
-    byte[] C = new byte[28],		// The C and D arrays used to
-        D = new byte[28],		// calculate the key schedule.
-        E = new byte[48],		// The E bit-selection table.
-        L = new byte[32],		// The current block,
-        R = new byte[32],		//  divided into two halves.
-        tempL = new byte[32],
-        f = new byte[32],
-        preS = new byte[48];		// The combination of the key and
+    byte[] C = new byte[28], // The C and D arrays used to
+            D = new byte[28], // calculate the key schedule.
+            E = new byte[48], // The E bit-selection table.
+            L = new byte[32], // The current block,
+            R = new byte[32], //  divided into two halves.
+            tempL = new byte[32],
+            f = new byte[32],
+            preS = new byte[48]; // The combination of the key and
     // the input, before selection.
     // The key schedule.  Generated from the key.
     byte[][] KS = new byte[16][48];
@@ -169,7 +168,7 @@ public class Crypt {
 
     // Public methods:
     /**
-     * Create Crypt object with no passwd or salt set.  Must use setPasswd()
+     * Create Crypt object with no passwd or salt set. Must use setPasswd()
      * and setSalt() before getEncryptedPasswd().
      */
     public Crypt() {
@@ -177,9 +176,9 @@ public class Crypt {
     }
 
     /**
-     * Create a Crypt object with specified salt.  Use setPasswd() before
+     * Create a Crypt object with specified salt. Use setPasswd() before
      * getEncryptedPasswd().
-     *
+     * 
      * @param salt the salt string for encryption
      */
     public Crypt(String salt) {
@@ -190,9 +189,9 @@ public class Crypt {
 
     /**
      * Create a Crypt object with specified passwd and salt (often the
-     * already encypted passwd).  Get the encrypted result with
+     * already encypted passwd). Get the encrypted result with
      * getEncryptedPasswd().
-     *
+     * 
      * @param passwd the passwd to encrypt
      * @param salt the salt string for encryption
      */
@@ -204,7 +203,7 @@ public class Crypt {
 
     /**
      * Retrieve the passwd string currently being encrypted.
-     *
+     * 
      * @return the current passwd string
      */
     public String getPasswd() {
@@ -213,7 +212,7 @@ public class Crypt {
 
     /**
      * Retrieve the salt string currently being used for encryption.
-     *
+     * 
      * @return the current salt string
      */
     public String getSalt() {
@@ -223,7 +222,7 @@ public class Crypt {
     /**
      * Retrieve the resulting encrypted string from the current passwd and
      * salt settings.
-     *
+     * 
      * @return the encrypted passwd
      */
     public String getEncryptedPasswd() {
@@ -231,9 +230,9 @@ public class Crypt {
     }
 
     /**
-     * Set a new passwd string for encryption.  Use getEncryptedPasswd() to
+     * Set a new passwd string for encryption. Use getEncryptedPasswd() to
      * retrieve the new result.
-     *
+     * 
      * @param passwd the new passwd string
      */
     public void setPasswd(String passwd) {
@@ -242,9 +241,9 @@ public class Crypt {
     }
 
     /**
-     * Set a new salt string for encryption.  Use getEncryptedPasswd() to
+     * Set a new salt string for encryption. Use getEncryptedPasswd() to
      * retrieve the new result.
-     *
+     * 
      * @param salt the new salt string
      */
     public void setSalt(String salt) {
@@ -254,14 +253,12 @@ public class Crypt {
 
     // Internal crypt methods:
     String crypt() {
-        if (Salt.length() == 0) return "";
+        if (Salt.length() == 0)
+            return "";
         int i, j, pwi;
         byte c, temp;
-        byte[] block = new byte[66],
-            iobuf = new byte[16],
-            salt = new byte[2],
-            pw = Passwd.getBytes(),		//jdk1.1
-            saltbytes = Salt.getBytes();			//jdk1.1
+        byte[] block = new byte[66], iobuf = new byte[16], salt = new byte[2], pw = Passwd.getBytes(), //jdk1.1
+        saltbytes = Salt.getBytes(); //jdk1.1
 
         //	  pw = new byte[Passwd.length()],	//jdk1.0.2
         // saltbytes = new byte[Salt.length()];		//jdk1.0.2
@@ -288,8 +285,10 @@ public class Crypt {
         for (i = 0; i < 2; i++) {
             c = salt[i];
             iobuf[i] = c;
-            if (c > 'Z') c -= 6;
-            if (c > '9') c -= 7;
+            if (c > 'Z')
+                c -= 6;
+            if (c > '9')
+                c -= 7;
             c -= '.';
             for (j = 0; j < 6; j++) {
                 if (((c >> j) & 1) != 0) {
@@ -311,8 +310,10 @@ public class Crypt {
                 c |= block[6 * i + j];
             }
             c += '.';
-            if (c > '9') c += 7;
-            if (c > 'Z') c += 6;
+            if (c > '9')
+                c += 7;
+            if (c > 'Z')
+                c += 6;
             iobuf[i + 2] = c;
         }
 
@@ -320,11 +321,11 @@ public class Crypt {
         if (iobuf[1] == 0)
             iobuf[1] = iobuf[0];
 
-        return new String(iobuf);		//jdk1.1
+        return new String(iobuf); //jdk1.1
         //return new String(iobuf,0);		//jdk1.0.2
     }
 
-    void setkey(byte[] key)	// Set up the key schedule from the key.
+    void setkey(byte[] key) // Set up the key schedule from the key.
     {
         int i, j, k;
         byte t;
@@ -378,32 +379,32 @@ public class Crypt {
         for (j = 32; j < 64; j++)
             R[j - 32] = block[IP[j] - 1];
 
-            // Perform an encryption operation 16 times.
+        // Perform an encryption operation 16 times.
         for (ii = 0; ii < 16; ii++) {
             i = ii;
             // Save the R array, which will be the new L.
             for (j = 0; j < 32; j++)
                 tempL[j] = R[j];
-                // Expand R to 48 bits using the E selector;
-                //  exclusive-or with the current key bits.
+            // Expand R to 48 bits using the E selector;
+            //  exclusive-or with the current key bits.
             for (j = 0; j < 48; j++)
                 preS[j] = (byte) (R[E[j] - 1] ^ KS[i][j]);
 
-                // The pre-select bits are now considered in 8 groups of
-                // 6 bits each.  The 8 selection functions map these 6-bit
-                // quantities into 4-bit quantities and the results permuted
-                // to make an f(R, K).  The indexing into the selection functions
-                // is peculiar; it could be simplified by rewriting the tables.
+            // The pre-select bits are now considered in 8 groups of
+            // 6 bits each.  The 8 selection functions map these 6-bit
+            // quantities into 4-bit quantities and the results permuted
+            // to make an f(R, K).  The indexing into the selection functions
+            // is peculiar; it could be simplified by rewriting the tables.
             for (j = 0; j < 8; j++) {
                 t = 6 * j;
-                k = S[j][ (preS[t  ] << 5) +
+                k = S[j][(preS[t] << 5) +
                         (preS[t + 1] << 3) +
                         (preS[t + 2] << 2) +
                         (preS[t + 3] << 1) +
                         (preS[t + 4]) +
-                        (preS[t + 5] << 4) ];
+                        (preS[t + 5] << 4)];
                 t = 4 * j;
-                f[t  ] = (byte) ((k >> 3) & 1);
+                f[t] = (byte) ((k >> 3) & 1);
                 f[t + 1] = (byte) ((k >> 2) & 1);
                 f[t + 2] = (byte) ((k >> 1) & 1);
                 f[t + 3] = (byte) ((k) & 1);
diff --git a/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java b/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java
index 1f2eb69a..21280f0f 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 import java.io.IOException;
 import java.io.PushbackReader;
 import java.io.StringReader;
@@ -28,24 +27,25 @@ import netscape.ldap.LDAPEntry;
 import com.netscape.certsrv.authentication.EAuthException;
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
- * class for parsing a DN pattern used to construct a certificate 
- * subject name from ldap attributes and dn.<p>
+ * class for parsing a DN pattern used to construct a certificate
+ * subject name from ldap attributes and dn.
+ * <p>
  * 
- * dnpattern is a string representing a subject name pattern to formulate from 
- * the directory attributes and entry dn. If empty or not set, the 
- * ldap entry DN will be used as the certificate subject name. <p>
+ * dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name.
+ * <p>
+ * 
+ * The syntax is
  * 
- * The syntax is 
  * <pre>
- *		dnPattern := rdnPattern *[ "," rdnPattern ]
- *		rdnPattern := avaPattern *[ "+" avaPattern ]
+ * 	dnPattern := rdnPattern *[ "," rdnPattern ]
+ * 	rdnPattern := avaPattern *[ "+" avaPattern ]
  * 		avaPattern := name "=" value | 
- *				      name "=" "$attr" "." attrName [ "." attrNumber ] | 
- *				      name "=" "$dn" "." attrName [ "." attrNumber ] | 
- *				 	  "$dn" "." "$rdn" "." number
+ * 			      name "=" "$attr" "." attrName [ "." attrNumber ] | 
+ * 			      name "=" "$dn" "." attrName [ "." attrNumber ] | 
+ * 			 	  "$dn" "." "$rdn" "." number
  * </pre>
+ * 
  * <pre>
  * Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i>
  * Ldap entry: dn:  UID=jjames, OU=IS, OU=people, O=acme.org
@@ -72,11 +72,12 @@ import com.netscape.certsrv.base.EBaseException;
  *     E = the first 'mail' ldap attribute value in user's entry. <br>
  *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
  *     OU = the second 'ou' value in the user's entry DN. note multiple AVAs
- *		    in a RDN in this example. <br>
+ * 	    in a RDN in this example. <br>
  *     O = the (first) 'o' value in the user's entry DN. <br>
  *     C = the string "US"
  * <p>
  * </pre>
+ * 
  * <pre>
  * Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i>
  * Ldap entry: dn:  UID=jjames, OU=IS+OU=people, O=acme.org
@@ -101,15 +102,15 @@ import com.netscape.certsrv.base.EBaseException;
  * <p>	
  *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
  *     OU = the second 'ou' value in the user's entry DN followed by the 
- *			first 'ou' value in the user's entry. note multiple AVAs
- *		    in a RDN in this example. <br>
+ * 		first 'ou' value in the user's entry. note multiple AVAs
+ * 	    in a RDN in this example. <br>
  *     O = the (first) 'o' value in the user's entry DN. <br>
  *     C = the string "US"
  * <p>
  * </pre>
- * If an attribute or subject DN component does not exist the attribute 
- * is skipped.
- *
+ * 
+ * If an attribute or subject DN component does not exist the attribute is skipped.
+ * 
  * @version $Revision$, $Date$
  */
 public class DNPattern {
@@ -125,13 +126,14 @@ public class DNPattern {
 
     protected String mTestDN = null;
 
-    /** 
+    /**
      * Construct a DN pattern by parsing a pattern string.
+     * 
      * @param pattern the DN pattern
-     * @exception EBaseException If parsing error occurs. 
+     * @exception EBaseException If parsing error occurs.
      */
     public DNPattern(String pattern)
-        throws EAuthException {
+            throws EAuthException {
         if (pattern == null || pattern.equals("")) {
             // create an attribute list that is the dn. 
             mLdapAttrs = new String[] { "dn" };
@@ -143,13 +145,13 @@ public class DNPattern {
         }
     }
 
-    public DNPattern(PushbackReader in) 
-        throws EAuthException {
+    public DNPattern(PushbackReader in)
+            throws EAuthException {
         parse(in);
     }
 
     private void parse(PushbackReader in)
-        throws EAuthException {
+            throws EAuthException {
         Vector rdnPatterns = new Vector();
         RDNPattern rdnPattern = null;
         int lastChar = -1;
@@ -162,8 +164,7 @@ public class DNPattern {
             } catch (IOException e) {
                 throw new EAuthException("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString());
             }
-        }
-        while (lastChar == ',');
+        } while (lastChar == ',');
 
         mRDNPatterns = new RDNPattern[rdnPatterns.size()];
         rdnPatterns.copyInto(mRDNPatterns);
@@ -173,8 +174,8 @@ public class DNPattern {
         for (int i = 0; i < mRDNPatterns.length; i++) {
             String[] rdnAttrs = mRDNPatterns[i].getLdapAttrs();
 
-            if (rdnAttrs != null && rdnAttrs.length > 0) 
-                for (int j = 0; j < rdnAttrs.length; j++) 
+            if (rdnAttrs != null && rdnAttrs.length > 0)
+                for (int j = 0; j < rdnAttrs.length; j++)
                     ldapAttrs.addElement(rdnAttrs[j]);
         }
         mLdapAttrs = new String[ldapAttrs.size()];
@@ -183,11 +184,12 @@ public class DNPattern {
 
     /**
      * Form a Ldap v3 DN string from results of a ldap search.
+     * 
      * @param entry LDAPentry from a ldap search
-     * @return Ldap v3 DN string to use for a subject name. 
+     * @return Ldap v3 DN string to use for a subject name.
      */
     public String formDN(LDAPEntry entry)
-        throws EAuthException {
+            throws EAuthException {
         StringBuffer formedDN = new StringBuffer();
 
         for (int i = 0; i < mRDNPatterns.length; i++) {
@@ -197,7 +199,7 @@ public class DNPattern {
 
             if (rdn != null) {
                 if (rdn != null && rdn.length() != 0) {
-                    if (formedDN.length() != 0) 
+                    if (formedDN.length() != 0)
                         formedDN.append(",");
                     formedDN.append(rdn);
                 }
diff --git a/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java
index c9b64fca..4b6e4aa3 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 // ldap java sdk
 import java.io.IOException;
 import java.security.cert.CertificateException;
@@ -57,25 +56,25 @@ import com.netscape.certsrv.ldap.ILdapConnFactory;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
  * Abstract class for directory based authentication managers
- * Uses a pattern for formulating subject names. 
- * The pattern is read from configuration file. 
+ * Uses a pattern for formulating subject names.
+ * The pattern is read from configuration file.
  * Syntax of the pattern is described in the init() method.
  * 
  * <P>
+ * 
  * @version $Revision$, $Date$
  */
-public abstract class DirBasedAuthentication 
-    implements IAuthManager, IExtendedPluginInfo {
+public abstract class DirBasedAuthentication
+        implements IAuthManager, IExtendedPluginInfo {
 
-    protected static final String USER_DN = "userDN";  
+    protected static final String USER_DN = "userDN";
 
     /* configuration parameter keys */
-    protected static final String PROP_LDAP = "ldap";  
-    protected static final String PROP_BASEDN = "basedn";  
-    protected static final String PROP_DNPATTERN = "dnpattern";  
+    protected static final String PROP_LDAP = "ldap";
+    protected static final String PROP_BASEDN = "basedn";
+    protected static final String PROP_DNPATTERN = "dnpattern";
     protected static final String PROP_LDAPSTRINGATTRS = "ldapStringAttributes";
     protected static final String PROP_LDAPBYTEATTRS = "ldapByteAttributes";
 
@@ -117,8 +116,8 @@ public abstract class DirBasedAuthentication
     protected String[] mLdapAttrs = null;
 
     /* default dn pattern if left blank or not set in the config */
-    protected static String DEFAULT_DNPATTERN = 
-        "E=$attr.mail, CN=$attr.cn, O=$dn.o, C=$dn.c";
+    protected static String DEFAULT_DNPATTERN =
+            "E=$attr.mail, CN=$attr.cn, O=$dn.o, C=$dn.c";
 
     /* Vector of extendedPluginInfo strings */
     protected static Vector<String> mExtendedPluginInfo = null;
@@ -126,31 +125,31 @@ public abstract class DirBasedAuthentication
     static {
         mExtendedPluginInfo = new Vector<String>();
         mExtendedPluginInfo.add(PROP_DNPATTERN + ";string;Template for cert" +
-            " Subject Name. ($dn.xxx - get value from user's LDAP " +
-            "DN.  $attr.yyy - get value from LDAP attributes in " +
-            "user's entry.) Default: " + DEFAULT_DNPATTERN);
+                " Subject Name. ($dn.xxx - get value from user's LDAP " +
+                "DN.  $attr.yyy - get value from LDAP attributes in " +
+                "user's entry.) Default: " + DEFAULT_DNPATTERN);
         mExtendedPluginInfo.add(PROP_LDAPSTRINGATTRS + ";string;" +
-            "Comma-separated list of LDAP attributes to copy from " +
-            "the user's LDAP entry into the AuthToken. e.g use " +
-            "'mail' to copy user's email address for subjectAltName");
+                "Comma-separated list of LDAP attributes to copy from " +
+                "the user's LDAP entry into the AuthToken. e.g use " +
+                "'mail' to copy user's email address for subjectAltName");
         mExtendedPluginInfo.add(PROP_LDAPBYTEATTRS + ";string;" +
-            "Comma-separated list of binary LDAP attributes to copy" +
-            " from the user's LDAP entry into the AuthToken");
+                "Comma-separated list of binary LDAP attributes to copy" +
+                " from the user's LDAP entry into the AuthToken");
         mExtendedPluginInfo.add("ldap.ldapconn.host;string,required;" +
-            "LDAP host to connect to");
+                "LDAP host to connect to");
         mExtendedPluginInfo.add("ldap.ldapconn.port;number,required;" +
-            "LDAP port number (use 389, or 636 if SSL)");
+                "LDAP port number (use 389, or 636 if SSL)");
         mExtendedPluginInfo.add("ldap.ldapconn.secureConn;boolean;" +
-            "Use SSL to connect to directory?");
+                "Use SSL to connect to directory?");
         mExtendedPluginInfo.add("ldap.ldapconn.version;choice(3,2);" +
-            "LDAP protocol version");
+                "LDAP protocol version");
         mExtendedPluginInfo.add("ldap.basedn;string,required;Base DN to start searching " +
-            "under. If your user's DN is 'uid=jsmith, o=company', you " +
-            "might want to use 'o=company' here");
+                "under. If your user's DN is 'uid=jsmith, o=company', you " +
+                "might want to use 'o=company' here");
         mExtendedPluginInfo.add("ldap.minConns;number;number of connections " +
-            "to keep open to directory server. Default 5.");
+                "to keep open to directory server. Default 5.");
         mExtendedPluginInfo.add("ldap.maxConns;number;when needed, connection " +
-            "pool can grow to this many (multiplexed) connections. Default 1000.");
+                "pool can grow to this many (multiplexed) connections. Default 1000.");
     }
 
     /**
@@ -163,24 +162,24 @@ public abstract class DirBasedAuthentication
      * Initializes the UidPwdDirBasedAuthentication auth manager.
      * 
      * Takes the following configuration parameters: <br>
+     * 
      * <pre>
-     *		ldap.basedn             - the ldap base dn.
-     *		ldap.ldapconn.host      - the ldap host.
-     *		ldap.ldapconn.port      - the ldap port 
-     *		ldap.ldapconn.secureConn - whether port should be secure 
-     *		ldap.minConns           - minimum connections
-     *		ldap.maxConns           - max connections
-     *		dnpattern               - dn pattern.
+     * 	ldap.basedn             - the ldap base dn.
+     * 	ldap.ldapconn.host      - the ldap host.
+     * 	ldap.ldapconn.port      - the ldap port 
+     * 	ldap.ldapconn.secureConn - whether port should be secure 
+     * 	ldap.minConns           - minimum connections
+     * 	ldap.maxConns           - max connections
+     * 	dnpattern               - dn pattern.
      * </pre>
      * <p>
-     * <i><b>dnpattern</b></i> is a string representing a subject name pattern 
-     * to formulate from the directory attributes and entry dn. If empty or 
-     * not set, the ldap entry DN will be used as the certificate subject name.
+     * <i><b>dnpattern</b></i> is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name.
      * <p>
-     * The syntax is 
+     * The syntax is
+     * 
      * <pre>
      *     dnpattern = SubjectNameComp *[ "," SubjectNameComp ]
-     *
+     * 
      *     SubjectNameComponent = DnComp | EntryComp | ConstantComp  
      *     DnComp = CertAttr "=" "$dn" "." DnAttr "." Num
      *     EntryComp = CertAttr "=" "$attr" "." EntryAttr "." Num
@@ -190,11 +189,12 @@ public abstract class DirBasedAuthentication
      *     CertAttr  =  a Component in the Certificate Subject Name
      *                  (multiple AVA in one RDN not supported) 
      *     Num       =  the nth value of tha attribute  in the dn or entry.
-     *     Constant  =  Constant String, with any accepted ldap string value. 
+     *     Constant  =  Constant String, with any accepted ldap string value.
      * 
      * </pre>
      * <p>
      * <b>Example:</b>
+     * 
      * <pre>
      * dnpattern: 
      *     E=$attr.mail.1, CN=$attr.cn, OU=$attr.ou.2, O=$dn.o, C=US
@@ -213,6 +213,7 @@ public abstract class DirBasedAuthentication
      * </pre>
      * <p>
      * The subject name formulated in the cert will be : <br>
+     * 
      * <pre>
      *   E=joesmith@acme.com, CN=Joe Smith, OU=Human Resources, O=Acme.com, C=US
      *   
@@ -229,19 +230,20 @@ public abstract class DirBasedAuthentication
      * @exception EBaseException If an error occurs during initialization.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         init(name, implName, config, true);
     }
 
     public void init(String name, String implName, IConfigStore config, boolean needBaseDN)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
 
         /* initialize ldap server configuration */
         mLdapConfig = mConfig.getSubStore(PROP_LDAP);
-        if (needBaseDN) mBaseDN = mLdapConfig.getString(PROP_BASEDN);
+        if (needBaseDN)
+            mBaseDN = mLdapConfig.getString(PROP_BASEDN);
         if (needBaseDN && ((mBaseDN == null) || (mBaseDN.length() == 0) || (mBaseDN.trim().equals(""))))
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "basedn"));
         mConnFactory = CMS.getLdapAnonConnFactory();
@@ -250,7 +252,7 @@ public abstract class DirBasedAuthentication
         /* initialize dn pattern */
         String pattern = mConfig.getString(PROP_DNPATTERN, null);
 
-        if (pattern == null || pattern.length() == 0) 
+        if (pattern == null || pattern.length() == 0)
             pattern = DEFAULT_DNPATTERN;
         mPattern = new DNPattern(pattern);
         String[] patternLdapAttrs = mPattern.getLdapAttrs();
@@ -261,15 +263,15 @@ public abstract class DirBasedAuthentication
         if (ldapStringAttrs == null) {
             mLdapStringAttrs = patternLdapAttrs;
         } else {
-            StringTokenizer pAttrs = 
-                new StringTokenizer(ldapStringAttrs, ",", false);
+            StringTokenizer pAttrs =
+                    new StringTokenizer(ldapStringAttrs, ",", false);
             int begin = 0;
 
             if (patternLdapAttrs != null && patternLdapAttrs.length > 0) {
-                mLdapStringAttrs = new String[ 
+                mLdapStringAttrs = new String[
                         patternLdapAttrs.length + pAttrs.countTokens()];
-                System.arraycopy(patternLdapAttrs, 0, 
-                    mLdapStringAttrs, 0, patternLdapAttrs.length);
+                System.arraycopy(patternLdapAttrs, 0,
+                        mLdapStringAttrs, 0, patternLdapAttrs.length);
                 begin = patternLdapAttrs.length;
             } else {
                 mLdapStringAttrs = new String[pAttrs.countTokens()];
@@ -285,11 +287,11 @@ public abstract class DirBasedAuthentication
         if (ldapByteAttrs == null) {
             mLdapByteAttrs = new String[0];
         } else {
-            StringTokenizer byteAttrs = 
-                new StringTokenizer(ldapByteAttrs, ",", false);
+            StringTokenizer byteAttrs =
+                    new StringTokenizer(ldapByteAttrs, ",", false);
 
             mLdapByteAttrs = new String[byteAttrs.countTokens()];
-            for (int j = 0; j < mLdapByteAttrs.length; j++) { 
+            for (int j = 0; j < mLdapByteAttrs.length; j++) {
                 mLdapByteAttrs[j] = ((String) byteAttrs.nextElement()).trim();
             }
         }
@@ -297,10 +299,10 @@ public abstract class DirBasedAuthentication
         /* make the combined list */
         mLdapAttrs =
                 new String[mLdapStringAttrs.length + mLdapByteAttrs.length];
-        System.arraycopy(mLdapStringAttrs, 0, mLdapAttrs, 
-            0, mLdapStringAttrs.length);
-        System.arraycopy(mLdapByteAttrs, 0, mLdapAttrs, 
-            mLdapStringAttrs.length, mLdapByteAttrs.length);
+        System.arraycopy(mLdapStringAttrs, 0, mLdapAttrs,
+                0, mLdapStringAttrs.length);
+        System.arraycopy(mLdapByteAttrs, 0, mLdapAttrs,
+                mLdapStringAttrs.length, mLdapByteAttrs.length);
 
         log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_INIT_DONE"));
     }
@@ -320,21 +322,22 @@ public abstract class DirBasedAuthentication
     }
 
     /**
-     * Authenticates user through LDAP by a set of credentials. 
+     * Authenticates user through LDAP by a set of credentials.
      * Resulting AuthToken a TOKEN_CERTINFO field of a X509CertInfo
      * <p>
+     * 
      * @param authCred Authentication credentials, CRED_UID and CRED_PWD.
      * @return A AuthToken with a TOKEN_SUBJECT of X500name type.
      * @exception com.netscape.certsrv.authentication.EMissingCredential
-     *			If a required authentication credential is missing.
+     *                If a required authentication credential is missing.
      * @exception com.netscape.certsrv.authentication.EInvalidCredentials
-     *			If credentials failed authentication.
-     * @exception com.netscape.certsrv.base.EBaseException 
-     *			If an internal error occurred. 
+     *                If credentials failed authentication.
+     * @exception com.netscape.certsrv.base.EBaseException
+     *                If an internal error occurred.
      * @see com.netscape.certsrv.authentication.AuthToken
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
         String userdn = null;
         LDAPConnection conn = null;
         AuthToken authToken = new AuthToken(this);
@@ -360,11 +363,11 @@ public abstract class DirBasedAuthentication
             // set subject name.
             try {
                 CertificateSubjectName subjectname = (CertificateSubjectName)
-                    certInfo.get(X509CertInfo.SUBJECT);
+                        certInfo.get(X509CertInfo.SUBJECT);
 
                 if (subjectname != null)
-                    authToken.set(AuthToken.TOKEN_CERT_SUBJECT, 
-                        subjectname.toString());
+                    authToken.set(AuthToken.TOKEN_CERT_SUBJECT,
+                            subjectname.toString());
             } // error means it's not set.
             catch (CertificateException e) {
             } catch (IOException e) {
@@ -373,15 +376,15 @@ public abstract class DirBasedAuthentication
             // set validity if any 
             try {
                 CertificateValidity validity = (CertificateValidity)
-                    certInfo.get(X509CertInfo.VALIDITY);
+                        certInfo.get(X509CertInfo.VALIDITY);
 
                 if (validity != null) {
                     // the gets throws IOException but only if attribute 
                     // not recognized. In these cases they are always. 
-                    authToken.set(AuthToken.TOKEN_CERT_NOTBEFORE, 
-                        (Date)validity.get(CertificateValidity.NOT_BEFORE));
-                    authToken.set(AuthToken.TOKEN_CERT_NOTAFTER, 
-                        (Date)validity.get(CertificateValidity.NOT_AFTER));
+                    authToken.set(AuthToken.TOKEN_CERT_NOTBEFORE,
+                            (Date) validity.get(CertificateValidity.NOT_BEFORE));
+                    authToken.set(AuthToken.TOKEN_CERT_NOTAFTER,
+                            (Date) validity.get(CertificateValidity.NOT_AFTER));
                 }
             } // error means it's not set.
             catch (CertificateException e) {
@@ -391,7 +394,7 @@ public abstract class DirBasedAuthentication
             // set extensions if any.
             try {
                 CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
+                        certInfo.get(X509CertInfo.EXTENSIONS);
 
                 if (extensions != null)
                     authToken.set(AuthToken.TOKEN_CERT_EXTENSIONS, extensions);
@@ -401,7 +404,7 @@ public abstract class DirBasedAuthentication
             }
 
         } finally {
-            if (conn != null) 
+            if (conn != null)
                 mConnFactory.returnConn(conn);
         }
 
@@ -410,15 +413,16 @@ public abstract class DirBasedAuthentication
 
     /**
      * get the list of required credentials.
+     * 
      * @return list of required credentials as strings.
      */
     public abstract String[] getRequiredCreds();
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
+     * Returns a list of configuration parameter names.
+     * The list is passed to the configuration console so instances of
      * this implementation can be configured through the console.
-     *
+     * 
      * @return String array of configuration parameter names.
      */
     public abstract String[] getConfigParams();
@@ -440,6 +444,7 @@ public abstract class DirBasedAuthentication
 
     /**
      * Gets the configuration substore used by this authentication manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -452,11 +457,11 @@ public abstract class DirBasedAuthentication
      * @param authCreds The authentication credentials.
      * @return The user's ldap entry dn.
      * @exception EInvalidCredentials If the uid and password are not valid
-     * @exception EBaseException If an internal error occurs. 
+     * @exception EBaseException If an internal error occurs.
      */
     protected abstract String authenticate(
-        LDAPConnection conn, IAuthCredentials authCreds, AuthToken token)
-        throws EBaseException;
+            LDAPConnection conn, IAuthCredentials authCreds, AuthToken token)
+            throws EBaseException;
 
     /**
      * Formulate the cert info.
@@ -465,13 +470,13 @@ public abstract class DirBasedAuthentication
      * @param userdn The user's dn.
      * @param certinfo A certinfo object to fill.
      * @param token A authentication token to fill.
-     * @exception EBaseException If an internal error occurs. 
+     * @exception EBaseException If an internal error occurs.
      */
-    protected void formCertInfo(LDAPConnection conn, 
-        String userdn, 
-        X509CertInfo certinfo,
-        AuthToken token)
-        throws EBaseException {
+    protected void formCertInfo(LDAPConnection conn,
+            String userdn,
+            X509CertInfo certinfo,
+            AuthToken token)
+            throws EBaseException {
         String dn = null;
         // get ldap attributes to retrieve.
         String[] attrs = getLdapAttrs();
@@ -480,9 +485,9 @@ public abstract class DirBasedAuthentication
         try {
             if (conn != null) {
                 LDAPEntry entry = null;
-                LDAPSearchResults results = 
-                    conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", 
-                        attrs, false);
+                LDAPSearchResults results =
+                        conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*",
+                                attrs, false);
 
                 if (!results.hasMoreElements()) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_ATTR_ERROR"));
@@ -508,19 +513,19 @@ public abstract class DirBasedAuthentication
 
             // pack the dn into X500name and set subject name.
             if (dn.length() == 0) {
-                EBaseException ex = 
-                    new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_EMPTY_DN_FORMED", mName));
+                EBaseException ex =
+                        new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_EMPTY_DN_FORMED", mName));
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_DN_ERROR", ex.toString()));
                 throw ex;
             }
             X500Name subjectdn = new X500Name(dn);
 
-            certinfo.set(X509CertInfo.SUBJECT, 
-                new CertificateSubjectName(subjectdn));
+            certinfo.set(X509CertInfo.SUBJECT,
+                    new CertificateSubjectName(subjectdn));
         } catch (LDAPException e) {
             switch (e.getLDAPResultCode()) {
-            case LDAPException.SERVER_DOWN: 
+            case LDAPException.SERVER_DOWN:
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_AUTH_ATTR_ERROR"));
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
@@ -534,7 +539,7 @@ public abstract class DirBasedAuthentication
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.toString()));
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
-                            e.errorCodeToString()));
+                                e.errorCodeToString()));
             }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_CREATE_SUBJECT_ERROR", userdn, e.getMessage()));
@@ -553,19 +558,20 @@ public abstract class DirBasedAuthentication
     protected void setAuthTokenValues(LDAPEntry e, AuthToken tok) {
         for (int i = 0; i < mLdapStringAttrs.length; i++)
             setAuthTokenStringValue(mLdapStringAttrs[i], e, tok);
-        for (int j = 0; j < mLdapByteAttrs.length; j++) 
+        for (int j = 0; j < mLdapByteAttrs.length; j++)
             setAuthTokenByteValue(mLdapByteAttrs[j], e, tok);
     }
 
     protected void setAuthTokenStringValue(
-        String name, LDAPEntry entry, AuthToken tok) {
+            String name, LDAPEntry entry, AuthToken tok) {
         LDAPAttribute values = entry.getAttribute(name);
 
-        if (values == null) return;
+        if (values == null)
+            return;
 
         Vector<String> v = new Vector<String>();
         @SuppressWarnings("unchecked")
-		Enumeration<String> e = values.getStringValues();
+        Enumeration<String> e = values.getStringValues();
 
         while (e.hasMoreElements()) {
             v.addElement(e.nextElement());
@@ -579,14 +585,15 @@ public abstract class DirBasedAuthentication
     }
 
     protected void setAuthTokenByteValue(
-        String name, LDAPEntry entry, AuthToken tok) {
+            String name, LDAPEntry entry, AuthToken tok) {
         LDAPAttribute values = entry.getAttribute(name);
 
-        if (values == null) return;
+        if (values == null)
+            return;
 
         Vector<byte[]> v = new Vector<byte[]>();
         @SuppressWarnings("unchecked")
-		Enumeration<byte[]> e = values.getByteValues();
+        Enumeration<byte[]> e = values.getByteValues();
 
         while (e.hasMoreElements()) {
             v.addElement(e.nextElement());
@@ -602,6 +609,7 @@ public abstract class DirBasedAuthentication
     /**
      * Return a list of LDAP attributes with String values to retrieve.
      * Subclasses can override to return any set of attributes.
+     * 
      * @return Array of LDAP attributes to retrieve from the directory.
      */
     protected String[] getLdapAttrs() {
@@ -611,6 +619,7 @@ public abstract class DirBasedAuthentication
     /**
      * Return a list of LDAP attributes with byte[] values to retrieve.
      * Subclasses can override to return any set of attributes.
+     * 
      * @return Array of LDAP attributes to retrieve from the directory.
      */
     protected String[] getLdapByteAttrs() {
@@ -618,22 +627,23 @@ public abstract class DirBasedAuthentication
     }
 
     /**
-     * Formulate the subject name 
+     * Formulate the subject name
+     * 
      * @param entry The LDAP entry
      * @return The subject name string.
      * @exception EBaseException If an internal error occurs.
      */
     protected String formSubjectName(LDAPEntry entry)
-        throws EAuthException {
-        if (mPattern.mPatternString == null) 
+            throws EAuthException {
+        if (mPattern.mPatternString == null)
             return entry.getDN();
-		
-            /*
-             if (mTestDNString != null) {
-             mPattern.mTestDN = mTestDNString;
-             //System.out.println("Set DNPattern.mTestDN to "+mPattern.mTestDN);
-            }
-            */
+
+        /*
+         if (mTestDNString != null) {
+         mPattern.mTestDN = mTestDNString;
+         //System.out.println("Set DNPattern.mTestDN to "+mPattern.mTestDN);
+        }
+        */
 
         String dn = mPattern.formDN(entry);
 
@@ -643,6 +653,7 @@ public abstract class DirBasedAuthentication
 
     /**
      * Logs a message for this class in the system log file.
+     * 
      * @param level The log level.
      * @param msg The message to log.
      * @see com.netscape.certsrv.logging.ILogger
@@ -651,15 +662,14 @@ public abstract class DirBasedAuthentication
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] s = Utils.getStringArrayFromVector(mExtendedPluginInfo);
 
         return s;
-		
+
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java b/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java
index ab59c499..d2142ea3 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 // ldap java sdk
 import java.io.BufferedReader;
 import java.io.BufferedWriter;
@@ -49,15 +48,14 @@ import com.netscape.certsrv.profile.IProfileAuthenticator;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This represents the authentication manager that authenticates
  * user against a file where id, and password are stored.
  * 
  * @version $Revision$, $Date$
  */
-public class FlatFileAuth 
-    implements IProfileAuthenticator, IExtendedPluginInfo {
+public class FlatFileAuth
+        implements IProfileAuthenticator, IExtendedPluginInfo {
 
     /* configuration parameter keys */
     protected static final String PROP_FILENAME = "fileName";
@@ -66,39 +64,39 @@ public class FlatFileAuth
     protected static final String PROP_DEFERONFAILURE = "deferOnFailure";
 
     protected String mFilename = "config/pwfile";
-    protected long   mFileLastRead = 0;
+    protected long mFileLastRead = 0;
     protected String mKeyAttributes = "UID";
     protected String mAuthAttrs = "PWD";
     protected boolean mDeferOnFailure = true;
     private static final String DATE_PATTERN = "yyyy-MM-dd-HH-mm-ss";
     private static SimpleDateFormat mDateFormat = new SimpleDateFormat(DATE_PATTERN);
 
-    protected static String[] mConfigParams = 
-        new String[] {
-            PROP_FILENAME,
-            PROP_KEYATTRIBUTES,
-            PROP_AUTHATTRS,
-            PROP_DEFERONFAILURE
+    protected static String[] mConfigParams =
+            new String[] {
+                    PROP_FILENAME,
+                    PROP_KEYATTRIBUTES,
+                    PROP_AUTHATTRS,
+                    PROP_DEFERONFAILURE
         };
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String s[] = {
                 PROP_FILENAME + ";string;Pathname of password file",
                 PROP_KEYATTRIBUTES + ";string;Comma-separated list of attributes" +
-                " which together form a unique identifier for the user",
+                        " which together form a unique identifier for the user",
                 PROP_AUTHATTRS + ";string;Comma-separated list of attributes" +
-                " which are used for further authentication",
+                        " which are used for further authentication",
                 PROP_DEFERONFAILURE + ";boolean;if user is not found, defer the " +
-                "request to the queue for manual-authentication (true), or " +
-                "simply rejected the request (false)"
+                        "request to the queue for manual-authentication (true), or " +
+                        "simply rejected the request (false)"
             };
 
         return s;
     }
-	
+
     /** name of this authentication manager instance */
     protected String mName = null;
-	
+
     protected String FFAUTH = "FlatFileAuth";
 
     /** name of the authentication manager plugin */
@@ -109,17 +107,19 @@ public class FlatFileAuth
 
     /** system logger */
     protected ILogger mLogger = CMS.getLogger();
-	
-    /** This array is created as to include all the requested attributes
-     *
+
+    /**
+     * This array is created as to include all the requested attributes
+     * 
      */
     String[] reqCreds = null;
 
     String[] authAttrs = null;
     String[] keyAttrs = null;
 
-    /** Hashtable of entries from Auth File. Hash index is the
-     *  concatenation of the attributes from matchAttributes property
+    /**
+     * Hashtable of entries from Auth File. Hash index is the
+     * concatenation of the attributes from matchAttributes property
      */
     protected Hashtable entries = null;
 
@@ -132,7 +132,7 @@ public class FlatFileAuth
      * @param s The default value of the property
      */
     protected String getPropertyS(String propertyName, String s)
-        throws EBaseException {
+            throws EBaseException {
         String p;
 
         try {
@@ -157,7 +157,7 @@ public class FlatFileAuth
      * @param b The default value of the property
      */
     protected boolean getPropertyB(String propertyName, boolean b)
-        throws EBaseException {
+            throws EBaseException {
         boolean p;
 
         try {
@@ -170,7 +170,7 @@ public class FlatFileAuth
     }
 
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -219,6 +219,7 @@ public class FlatFileAuth
 
     /**
      * Log a message.
+     * 
      * @param level The logging level.
      * @param msg The message to log.
      */
@@ -226,9 +227,9 @@ public class FlatFileAuth
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
- 
+
     void print(String s) {
         CMS.debug("FlatFileAuth: " + s);
     }
@@ -257,9 +258,9 @@ public class FlatFileAuth
             s[i] = (String) e.nextElement();
         }
         return s;
-		
+
     }
-			
+
     /**
      * Split a comma-delimited String into an array of individual
      * Strings.
@@ -298,9 +299,9 @@ public class FlatFileAuth
         return sb.toString();
     }
 
-    private synchronized void updateFile (String key) {
+    private synchronized void updateFile(String key) {
         try {
-            String name = writeFile (key);
+            String name = writeFile(key);
             if (name != null) {
                 File orgFile = new File(mFilename);
                 long lastModified = orgFile.lastModified();
@@ -310,15 +311,15 @@ public class FlatFileAuth
                 } else {
                     mFileLastRead = newFile.lastModified();
                 }
-                if (orgFile.renameTo(new File(name.substring(0, name.length()-1)))) {
+                if (orgFile.renameTo(new File(name.substring(0, name.length() - 1)))) {
                     if (!newFile.renameTo(new File(mFilename))) {
                         log(ILogger.LL_FAILURE, CMS.getLogMessage("RENAME_FILE_ERROR", name, mFilename));
-                        File file = new File(name.substring(0, name.length()-1));
+                        File file = new File(name.substring(0, name.length() - 1));
                         file.renameTo(new File(mFilename));
                     }
                 } else {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("RENAME_FILE_ERROR", mFilename,
-                                                              name.substring(0, name.length()-1)));
+                                                              name.substring(0, name.length() - 1)));
                 }
             }
         } catch (Exception e) {
@@ -326,7 +327,7 @@ public class FlatFileAuth
         }
     }
 
-    private String writeFile (String key) {
+    private String writeFile(String key) {
         BufferedReader reader = null;
         BufferedWriter writer = null;
         String name = null;
@@ -334,9 +335,9 @@ public class FlatFileAuth
         boolean done = false;
         String line = null;
         try {
-            reader = new BufferedReader (new FileReader (mFilename));
-            name = mFilename+"."+mDateFormat.format(new Date())+"~";
-            writer = new BufferedWriter (new FileWriter(name));
+            reader = new BufferedReader(new FileReader(mFilename));
+            name = mFilename + "." + mDateFormat.format(new Date()) + "~";
+            writer = new BufferedWriter(new FileWriter(name));
             if (reader != null && writer != null) {
                 while ((line = reader.readLine()) != null) {
                     if (commentOutNextLine) {
@@ -374,12 +375,15 @@ public class FlatFileAuth
                 long s2 = 0;
                 File f1 = new File(mFilename);
                 File f2 = new File(name);
-                if (f1.exists()) s1 = f1.length();
-                if (f2.exists()) s2 = f2.length();
+                if (f1.exists())
+                    s1 = f1.length();
+                if (f2.exists())
+                    s2 = f2.length();
                 if (s1 > 0 && s2 > 0 && s2 > s1) {
                     done = true;
                 } else {
-                    if (f2.exists()) f2.delete();
+                    if (f2.exists())
+                        f2.delete();
                     name = null;
                 }
             }
@@ -390,27 +394,29 @@ public class FlatFileAuth
         return name;
     }
 
-
     /**
-     * Read a file with the following format: <p><pre>
+     * Read a file with the following format:
+     * <p>
+     * 
+     * <pre>
      * param1: valuea
      * param2: valueb
      * -blank-line-
      * param1: valuec
      * param2: valued
      * </pre>
-     *
+     * 
      * @param f The file to read
      * @param keys The parameters to concat together to form the hash
-     *   key
+     *            key
      * @return a hashtable of hashtables.
      */
     protected Hashtable readFile(File f, String[] keys)
-        throws IOException {
+            throws IOException {
         log(ILogger.LL_INFO, "Reading file: " + f.getName());
         BufferedReader file = new BufferedReader(
                 new FileReader(f)
-            );
+                );
 
         String line;
         Hashtable allusers = new Hashtable();
@@ -429,7 +435,7 @@ public class FlatFileAuth
                 entry = new Hashtable();
             }
 
-            if (colon == -1) {    // no colon -> empty line signifies end of record
+            if (colon == -1) { // no colon -> empty line signifies end of record
                 if (!line.trim().equals("")) {
                     if (file != null) {
                         file.close();
@@ -458,8 +464,8 @@ public class FlatFileAuth
     }
 
     private void putEntry(Hashtable allUsers,
-        Hashtable entry, 
-        String[] keys) {
+            Hashtable entry,
+            String[] keys) {
         if (entry == null) {
             return;
         }
@@ -499,11 +505,11 @@ public class FlatFileAuth
     /**
      * Compare attributes provided by the user with those in
      * in flat file.
-     *
+     * 
      */
 
     private IAuthToken doAuthentication(Hashtable user, IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
         AuthToken authToken = new AuthToken(this);
 
         for (int i = 0; i < authAttrs.length; i++) {
@@ -536,10 +542,10 @@ public class FlatFileAuth
 
     /**
      * Authenticate the request
-     *
+     * 
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
         IAuthToken authToken = null;
         String keyForUser = "";
 
@@ -603,14 +609,14 @@ public class FlatFileAuth
     /**
      * Return a list of HTTP parameters which will be taken from the
      * request posting and placed into the AuthCredentials block
-     *
+     * 
      * Note that this method will not be called until after the
      * init() method is called
      */
     public String[] getRequiredCreds() {
         print("getRequiredCreds returning: " + joinStringArray(reqCreds, ","));
         return reqCreds;
-	
+
     }
 
     /**
@@ -640,7 +646,7 @@ public class FlatFileAuth
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
@@ -666,7 +672,7 @@ public class FlatFileAuth
     }
 
     public void populate(IAuthToken token, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java b/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java
index 19bfab69..a2d3bc72 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java
@@ -17,17 +17,16 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 // java sdk imports.
 import java.util.Hashtable;
 import java.util.Vector;
 
-
 /**
  * The structure stores the information of which machine is enabled for
  * the agent-initiated user enrollment, and whom agents enable this feature,
  * and the value of the timeout.
  * <P>
+ * 
  * @version $Revision$, $Date$
  */
 public class HashAuthData extends Hashtable {
@@ -54,7 +53,7 @@ public class HashAuthData extends Hashtable {
         Vector val = (Vector) get(hostname);
 
         if (val == null) {
-            val = new Vector();   
+            val = new Vector();
             put(hostname, val);
         }
         val.setElementAt(agentName, 0);
@@ -117,4 +116,3 @@ public class HashAuthData extends Hashtable {
         val.setElementAt(Long.valueOf(lastLogin), 3);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java
index 24a10e0a..a0199a9b 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 // ldap java sdk
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -40,11 +39,10 @@ import com.netscape.certsrv.base.IExtendedPluginInfo;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
  * Hash uid/pwd directory based authentication manager
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
@@ -71,18 +69,18 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
     private ILogger mLogger = CMS.getLogger();
     private static Vector mExtendedPluginInfo = null;
     private HashAuthData mHosts = null;
-   
+
     static String[] mConfigParams =
-        new String[] {};
+            new String[] {};
 
     static {
         mExtendedPluginInfo = new Vector();
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT +
-            ";Authenticate the username and password provided " +
-            "by the user against an LDAP directory. Works with the " +
-            "Dir Based Enrollment HTML form");
+                ";Authenticate the username and password provided " +
+                "by the user against an LDAP directory. Works with the " +
+                "Dir Based Enrollment HTML form");
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-authrules-uidpwddirauth");
+                ";configuration-authrules-uidpwddirauth");
     };
 
     /**
@@ -91,8 +89,8 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
     public HashAuthentication() {
     }
 
-    public void init(String name, String implName, IConfigStore config)  
-        throws EBaseException {
+    public void init(String name, String implName, IConfigStore config)
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -124,7 +122,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
     }
 
     public void createEntry(String host, String dn, long timeout,
-        String secret, long lastLogin) {
+            String secret, long lastLogin) {
         Vector v = new Vector();
 
         v.addElement(dn);
@@ -141,7 +139,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
     public String getAgentName(String hostname) {
         return mHosts.getAgentName(hostname);
     }
-    
+
     public void setAgentName(String hostname, String agentName) {
         mHosts.setAgentName(hostname, agentName);
     }
@@ -184,7 +182,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
 
     public boolean validFingerprint(String host, String pageID, String uid, String fingerprint) {
@@ -192,7 +190,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
 
         if (val.equals(fingerprint))
             return true;
-        return false; 
+        return false;
     }
 
     public Enumeration getHosts() {
@@ -200,8 +198,8 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
     }
 
     public String hashFingerprint(String host, String pageID, String uid) {
-        byte[] hash = 
-            mSHADigest.digest((SALT + pageID + getSecret(host) + uid).getBytes());        
+        byte[] hash =
+                mSHADigest.digest((SALT + pageID + getSecret(host) + uid).getBytes());
         String b64E = com.netscape.osutil.OSUtil.BtoA(hash);
 
         return "{SHA}" + b64E;
@@ -216,18 +214,18 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
      * @param authCreds The authentication credentials.
      * @return The user's ldap entry dn.
      * @exception EInvalidCredentials If the uid and password are not valid
-     * @exception EBaseException If an internal error occurs. 
+     * @exception EBaseException If an internal error occurs.
      */
     public IAuthToken authenticate(IAuthCredentials authCreds)
-        throws EBaseException {
+            throws EBaseException {
         AuthToken token = new AuthToken(this);
         String fingerprint = (String) authCreds.get(CRED_FINGERPRINT);
         String pageID = (String) authCreds.get(CRED_PAGEID);
         String uid = (String) authCreds.get(CRED_UID);
         String host = (String) authCreds.get(CRED_HOST);
 
-        if (fingerprint.equals("") || 
-            !validFingerprint(host, pageID, uid, fingerprint)) {
+        if (fingerprint.equals("") ||
+                !validFingerprint(host, pageID, uid, fingerprint)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_INVALID_FINGER_PRINT"));
             throw new EAuthException("Invalid Fingerprint");
         }
@@ -240,6 +238,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
 
     /**
      * Returns array of required credentials for this authentication manager.
+     * 
      * @return Array of required credentials.
      */
     public String[] getRequiredCreds() {
@@ -248,6 +247,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
 
     /**
      * Gets the configuration substore used by this authentication manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -276,14 +276,13 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
+     * Returns a list of configuration parameter names.
+     * The list is passed to the configuration console so instances of
      * this implementation can be configured through the console.
-     *
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java b/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java
index 56c8739a..ac13a02f 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 // ldap java sdk
 import java.util.Enumeration;
 import java.util.Locale;
@@ -49,26 +48,25 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.ldap.ILdapConnFactory;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * uid/pwd directory based authentication manager
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PortalEnroll extends DirBasedAuthentication {
 
     /* configuration parameter keys */
-    protected static final String PROP_LDAPAUTH = "ldapauth";  
-    protected static final String PROP_AUTHTYPE = "authtype";  
-    protected static final String PROP_BINDDN = "bindDN";  
-    protected static final String PROP_BINDPW = "bindPW";  
-    protected static final String PROP_LDAPCONN = "ldapconn";  
-    protected static final String PROP_HOST = "host";  
-    protected static final String PROP_PORT = "port";  
-    protected static final String PROP_SECURECONN = "secureConn";  
-    protected static final String PROP_VERSION = "version";  
-    protected static final String PROP_OBJECTCLASS = "objectclass";  
+    protected static final String PROP_LDAPAUTH = "ldapauth";
+    protected static final String PROP_AUTHTYPE = "authtype";
+    protected static final String PROP_BINDDN = "bindDN";
+    protected static final String PROP_BINDPW = "bindPW";
+    protected static final String PROP_LDAPCONN = "ldapconn";
+    protected static final String PROP_HOST = "host";
+    protected static final String PROP_PORT = "port";
+    protected static final String PROP_SECURECONN = "secureConn";
+    protected static final String PROP_VERSION = "version";
+    protected static final String PROP_OBJECTCLASS = "objectclass";
 
     /* required credentials to authenticate. uid and pwd are strings. */
     public static final String CRED_UID = "uid";
@@ -80,83 +78,84 @@ public class PortalEnroll extends DirBasedAuthentication {
     private String mObjectClass = null;
     private String mBindDN = null;
     private String mBaseDN = null;
-    private ILdapConnFactory  mLdapFactory = null;
-    private LDAPConnection        mLdapConn = null;
+    private ILdapConnFactory mLdapFactory = null;
+    private LDAPConnection mLdapConn = null;
 
     // contains all nested superiors' required attrs in the form of a
     //	vector of "required" attributes in Enumeration
     Vector mRequiredAttrs = null;
-     
+
     // contains all nested superiors' optional attrs in the form of a
     //	vector of "optional" attributes in Enumeration
     Vector mOptionalAttrs = null;
 
     // contains all the objclasses, including superiors and itself
     Vector mObjClasses = null;
-     
+
     /* Holds configuration parameters accepted by this implementation.
      * This list is passed to the configuration console so configuration
      * for instances of this implementation can be configured through the
      * console.
      */
-    protected static String[] mConfigParams = 
-        new String[] { 
-            PROP_DNPATTERN,
-            "ldap.ldapconn.host",
-            "ldap.ldapconn.port",
-            "ldap.ldapconn.secureConn",
-            "ldap.ldapconn.version",
-            "ldap.ldapauth.bindDN",
-            "ldap.ldapauth.bindPWPrompt",
-            "ldap.ldapauth.clientCertNickname",
-            "ldap.ldapauth.authtype",
-            "ldap.basedn",
-            "ldap.objectclass",
-            "ldap.minConns", 
-            "ldap.maxConns",
+    protected static String[] mConfigParams =
+            new String[] {
+                    PROP_DNPATTERN,
+                    "ldap.ldapconn.host",
+                    "ldap.ldapconn.port",
+                    "ldap.ldapconn.secureConn",
+                    "ldap.ldapconn.version",
+                    "ldap.ldapauth.bindDN",
+                    "ldap.ldapauth.bindPWPrompt",
+                    "ldap.ldapauth.clientCertNickname",
+                    "ldap.ldapauth.authtype",
+                    "ldap.basedn",
+                    "ldap.objectclass",
+                    "ldap.minConns",
+                    "ldap.maxConns",
         };
-					  
+
     /**
      * Default constructor, initialization must follow.
      */
-    public PortalEnroll() 
-        throws EBaseException {	
+    public PortalEnroll()
+            throws EBaseException {
         super();
     }
 
     /**
      * Initializes the PortalEnrollment auth manager.
      * <p>
+     * 
      * @param name - The name for this authentication manager instance.
      * @param implName - The name of the authentication manager plugin.
      * @param config - The configuration store for this instance.
      * @exception EBaseException If an error occurs during initialization.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         super.init(name, implName, config);
-		
+
         /* Get Bind DN for directory server */
         mConfig = mLdapConfig.getSubStore(PROP_LDAPAUTH);
         mBindDN = mConfig.getString(PROP_BINDDN);
-        if ( (mBindDN == null) || (mBindDN.length() == 0) || (mBindDN == ""))
+        if ((mBindDN == null) || (mBindDN.length() == 0) || (mBindDN == ""))
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "binddn"));
-		
-            /* Get Bind DN for directory server */
+
+        /* Get Bind DN for directory server */
         mBaseDN = mLdapConfig.getString(PROP_BASEDN);
         if ((mBaseDN == null) || (mBaseDN.length() == 0) || (mBaseDN == ""))
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "basedn"));
-		
-            /* Get Object clase name for enrollment */
+
+        /* Get Object clase name for enrollment */
         mObjectClass = mLdapConfig.getString(PROP_OBJECTCLASS);
-        if (mObjectClass == null || mObjectClass.length() == 0) 
+        if (mObjectClass == null || mObjectClass.length() == 0)
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "objectclass"));
 
-            /* Get connect parameter */
+        /* Get connect parameter */
         mLdapFactory = CMS.getLdapBoundConnFactory();
         mLdapFactory.init(mLdapConfig);
         mLdapConn = mLdapFactory.getConn();
-		
+
         log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_PORTAL_INIT"));
     }
 
@@ -166,18 +165,18 @@ public class PortalEnroll extends DirBasedAuthentication {
      * @param authCreds The authentication credentials.
      * @return The user's ldap entry dn.
      * @exception EInvalidCredentials If the uid and password are not valid
-     * @exception EBaseException If an internal error occurs. 
+     * @exception EBaseException If an internal error occurs.
      */
-    protected String authenticate(LDAPConnection conn, 
-        IAuthCredentials authCreds,
-        AuthToken token)
-        throws EBaseException {
+    protected String authenticate(LDAPConnection conn,
+            IAuthCredentials authCreds,
+            AuthToken token)
+            throws EBaseException {
         String uid = null;
         String pwd = null;
         String dn = null;
 
         argblk = authCreds.getArgBlock();
-	    
+
         // authenticate by binding to ldap server with password.
         try {
             // get the uid.
@@ -185,7 +184,7 @@ public class PortalEnroll extends DirBasedAuthentication {
             if (uid == null) {
                 throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
             }
-	
+
             // get the password.
             pwd = (String) authCreds.get(CRED_PWD);
             if (pwd == null) {
@@ -206,8 +205,8 @@ public class PortalEnroll extends DirBasedAuthentication {
                 throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "UID already exists."));
             } else {
                 dn = regist(token, uid);
-                if (dn == null) 
-                    throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE","Could not add user " + uid + "."));
+                if (dn == null)
+                    throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Could not add user " + uid + "."));
             }
 
             // bind as user dn and pwd - authenticates user with pwd.
@@ -217,22 +216,21 @@ public class PortalEnroll extends DirBasedAuthentication {
             token.set(CRED_UID, uid);
 
             log(ILogger.LL_INFO, "portal authentication is done");
-            
+
             return dn;
         } catch (ELdapException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.toString()));
             throw e;
         } catch (LDAPException e) {
             switch (e.getLDAPResultCode()) {
-            case LDAPException.NO_SUCH_OBJECT: 
-            case LDAPException.LDAP_PARTIAL_RESULTS: 
+            case LDAPException.NO_SUCH_OBJECT:
+            case LDAPException.LDAP_PARTIAL_RESULTS:
                 log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_ADD_USER_ERROR", conn.getHost(), Integer.toString(conn.getPort())));
-                throw new 
-                  EAuthInternalError(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", "Check Configuration detail."));
+                throw new EAuthInternalError(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", "Check Configuration detail."));
 
             case LDAPException.INVALID_CREDENTIALS:
-                log(ILogger.LL_SECURITY, 
-                    CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
+                log(ILogger.LL_SECURITY,
+                        CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
                 throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
 
             case LDAPException.SERVER_DOWN:
@@ -240,24 +238,24 @@ public class PortalEnroll extends DirBasedAuthentication {
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
 
-            default: 
+            default:
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.getMessage()));
                 throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", 
-                            e.errorCodeToString()));
+                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
+                                e.errorCodeToString()));
             }
         } catch (EBaseException e) {
             if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true)
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_MAKE_DN_ERROR", e.toString()));
             throw e;
-        }		    
+        }
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
+     * Returns a list of configuration parameter names.
+     * The list is passed to the configuration console so instances of
      * this implementation can be configured through the console.
-     *
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
@@ -267,43 +265,44 @@ public class PortalEnroll extends DirBasedAuthentication {
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] s = {
                 PROP_DNPATTERN + ";string;Template for cert" +
-                " Subject Name. ($dn.xxx - get value from user's LDAP " +
-                "DN.  $attr.yyy - get value from LDAP attributes in " +
-                "user's entry.) Default: " + DEFAULT_DNPATTERN,
+                        " Subject Name. ($dn.xxx - get value from user's LDAP " +
+                        "DN.  $attr.yyy - get value from LDAP attributes in " +
+                        "user's entry.) Default: " + DEFAULT_DNPATTERN,
                 "ldap.ldapconn.host;string,required;" + "LDAP host to connect to",
                 "ldap.ldapconn.port;number,required;" + "LDAP port number (default 389, or 636 if SSL)",
                 "ldap.objectclass;string,required;SEE DOCUMENTATION for Object Class. "
-                + "Default is inetOrgPerson.",
+                        + "Default is inetOrgPerson.",
                 "ldap.ldapconn.secureConn;boolean;" + "Use SSL to connect to directory?",
                 "ldap.ldapconn.version;choice(3,2);" + "LDAP protocol version",
                 "ldap.ldapauth.bindDN;string,required;DN to bind as for Directory Manager. "
-                + "For example 'CN=Directory Manager'",
+                        + "For example 'CN=Directory Manager'",
                 "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " +
-                "the above user",
+                        "the above user",
                 "ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth);"
-                + "How to bind to the directory (for pin removal only)",
+                        + "How to bind to the directory (for pin removal only)",
                 "ldap.ldapauth.clientCertNickname;string;If you want to use "
-                + "SSL client auth to the directory, set the client "
-                + "cert nickname here",
+                        + "SSL client auth to the directory, set the client "
+                        + "cert nickname here",
                 "ldap.basedn;string,required;Base DN to start searching " +
-                "under. If your user's DN is 'uid=jsmith, o=company', you " +
-                "might want to use 'o=company' here",
+                        "under. If your user's DN is 'uid=jsmith, o=company', you " +
+                        "might want to use 'o=company' here",
                 "ldap.minConns;number;number of connections " +
-                "to keep open to directory server",
+                        "to keep open to directory server",
                 "ldap.maxConns;number;when needed, connection " +
-                "pool can grow to this many connections",
+                        "pool can grow to this many connections",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This authentication plugin checks to see if a user " +
-                "exists in the directory. If not, then the user is created " +
-                "with the requested password.",
+                        ";This authentication plugin checks to see if a user " +
+                        "exists in the directory. If not, then the user is created " +
+                        "with the requested password.",
                 IExtendedPluginInfo.HELP_TOKEN + ";configuration-authrules-portalauth"
             };
-    
+
         return s;
     }
 
     /**
      * Returns array of required credentials for this authentication manager.
+     * 
      * @return Array of required credentials.
      */
     public String[] getRequiredCreds() {
@@ -312,6 +311,7 @@ public class PortalEnroll extends DirBasedAuthentication {
 
     /**
      * adds a user to the directory.
+     * 
      * @return dn upon success and null upon failure.
      * @param token authentication token
      * @param uid the user's id.
@@ -321,7 +321,7 @@ public class PortalEnroll extends DirBasedAuthentication {
 
         /* Specify the attributes of the entry */
         Vector objectclass_values = null;
-		
+
         LDAPAttributeSet attrs = new LDAPAttributeSet();
         LDAPAttribute attr = new LDAPAttribute("objectclass");
 
@@ -369,7 +369,7 @@ public class PortalEnroll extends DirBasedAuthentication {
                 } catch (EBaseException e) {
                     if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true)
                         continue;
-                }		    
+                }
 
                 CMS.debug("PortalEnroll: " + attrname + " = " + attrval);
                 attrs.add(new LDAPAttribute(attrname, attrval));
@@ -386,17 +386,17 @@ public class PortalEnroll extends DirBasedAuthentication {
             while (attrnames.hasMoreElements()) {
                 String attrname = (String) attrnames.nextElement();
                 String attrval = null;
-				
+
                 CMS.debug("PortalEnroll: attrname is: " + attrname);
                 try {
                     attrval = (String) argblk.getValueAsString(attrname);
                 } catch (EBaseException e) {
                     if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true)
                         continue;
-                }		    
+                }
                 CMS.debug("PortalEnroll: " + attrname + " = " + attrval);
                 if (attrval != null) {
-                  attrs.add(new LDAPAttribute(attrname, attrval));
+                    attrs.add(new LDAPAttribute(attrname, attrval));
                 }
             }
         }
@@ -417,7 +417,7 @@ public class PortalEnroll extends DirBasedAuthentication {
         }
 
         log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_REGISTRATION_DONE"));
-        
+
         return dn;
     }
 
@@ -461,4 +461,3 @@ public class PortalEnroll extends DirBasedAuthentication {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java b/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java
index 1f21bc1d..3542570a 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 import java.io.IOException;
 import java.io.PushbackReader;
 import java.io.StringReader;
@@ -29,24 +28,25 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.EAuthException;
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
- * class for parsing a DN pattern used to construct a certificate 
- * subject name from ldap attributes and dn.<p>
+ * class for parsing a DN pattern used to construct a certificate
+ * subject name from ldap attributes and dn.
+ * <p>
  * 
- * dnpattern is a string representing a subject name pattern to formulate from 
- * the directory attributes and entry dn. If empty or not set, the 
- * ldap entry DN will be used as the certificate subject name. <p>
+ * dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name.
+ * <p>
+ * 
+ * The syntax is
  * 
- * The syntax is 
  * <pre>
- *		dnPattern := rdnPattern *[ "," rdnPattern ]
- *		rdnPattern := avaPattern *[ "+" avaPattern ]
+ * 	dnPattern := rdnPattern *[ "," rdnPattern ]
+ * 	rdnPattern := avaPattern *[ "+" avaPattern ]
  * 		avaPattern := name "=" value | 
- *				      name "=" "$attr" "." attrName [ "." attrNumber ] | 
- *				      name "=" "$dn" "." attrName [ "." attrNumber ] | 
- *				 	  "$dn" "." "$rdn" "." number
+ * 			      name "=" "$attr" "." attrName [ "." attrNumber ] | 
+ * 			      name "=" "$dn" "." attrName [ "." attrNumber ] | 
+ * 			 	  "$dn" "." "$rdn" "." number
  * </pre>
+ * 
  * <pre>
  * Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i>
  * Ldap entry: dn:  UID=jjames, OU=IS, OU=people, O=acme.org
@@ -73,11 +73,12 @@ import com.netscape.certsrv.base.EBaseException;
  *     E = the first 'mail' ldap attribute value in user's entry. <br>
  *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
  *     OU = the second 'ou' value in the user's entry DN. note multiple AVAs
- *		    in a RDN in this example. <br>
+ * 	    in a RDN in this example. <br>
  *     O = the (first) 'o' value in the user's entry DN. <br>
  *     C = the string "US"
  * <p>
  * </pre>
+ * 
  * <pre>
  * Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i>
  * Ldap entry: dn:  UID=jjames, OU=IS+OU=people, O=acme.org
@@ -102,15 +103,15 @@ import com.netscape.certsrv.base.EBaseException;
  * <p>	
  *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
  *     OU = the second 'ou' value in the user's entry DN followed by the 
- *			first 'ou' value in the user's entry. note multiple AVAs
- *		    in a RDN in this example. <br>
+ * 		first 'ou' value in the user's entry. note multiple AVAs
+ * 	    in a RDN in this example. <br>
  *     O = the (first) 'o' value in the user's entry DN. <br>
  *     C = the string "US"
  * <p>
  * </pre>
- * If an attribute or subject DN component does not exist the attribute 
- * is skipped.
- *
+ * 
+ * If an attribute or subject DN component does not exist the attribute is skipped.
+ * 
  * @version $Revision$, $Date$
  */
 class RDNPattern {
@@ -126,13 +127,14 @@ class RDNPattern {
 
     protected String mTestDN = null;
 
-    /** 
+    /**
      * Construct a DN pattern by parsing a pattern string.
+     * 
      * @param pattenr the DN pattern
-     * @exception EBaseException If parsing error occurs. 
+     * @exception EBaseException If parsing error occurs.
      */
     public RDNPattern(String pattern)
-        throws EAuthException {
+            throws EAuthException {
         if (pattern == null || pattern.equals("")) {
             // create an attribute list that is the dn. 
             mLdapAttrs = new String[] { "dn" };
@@ -145,15 +147,15 @@ class RDNPattern {
     }
 
     /**
-     * Construct a DN pattern from a input stream of pattern 
+     * Construct a DN pattern from a input stream of pattern
      */
-    public RDNPattern(PushbackReader in) 
-        throws EAuthException {
+    public RDNPattern(PushbackReader in)
+            throws EAuthException {
         parse(in);
     }
 
     private void parse(PushbackReader in)
-        throws EAuthException {
+            throws EAuthException {
         //System.out.println("_________ begin rdn _________");
         Vector avaPatterns = new Vector();
         AVAPattern avaPattern = null;
@@ -167,17 +169,16 @@ class RDNPattern {
             //" mAttr "+avaPattern.mAttr+
             //" mValue "+avaPattern.mValue+
             //" mElement "+avaPattern.mElement);
-            try { 
-                lastChar = in.read(); 
+            try {
+                lastChar = in.read();
             } catch (IOException e) {
                 throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
             }
-        }
-        while (lastChar == '+');
+        } while (lastChar == '+');
 
         if (lastChar != -1) {
             try {
-                in.unread(lastChar);	// pushback last , 
+                in.unread(lastChar); // pushback last , 
             } catch (IOException e) {
                 throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
             }
@@ -191,7 +192,7 @@ class RDNPattern {
         for (int i = 0; i < mAVAPatterns.length; i++) {
             String avaAttr = mAVAPatterns[i].getLdapAttr();
 
-            if (avaAttr == null || avaAttr.length() == 0) 
+            if (avaAttr == null || avaAttr.length() == 0)
                 continue;
             ldapAttrs.addElement(avaAttr);
         }
@@ -201,15 +202,16 @@ class RDNPattern {
 
     /**
      * Form a Ldap v3 DN string from results of a ldap search.
+     * 
      * @param entry LDAPentry from a ldap search
-     * @return Ldap v3 DN string to use for a subject name. 
+     * @return Ldap v3 DN string to use for a subject name.
      */
     public String formRDN(LDAPEntry entry)
-        throws EAuthException {
+            throws EAuthException {
         StringBuffer formedRDN = new StringBuffer();
 
         for (int i = 0; i < mAVAPatterns.length; i++) {
-            if (mTestDN != null) 
+            if (mTestDN != null)
                 mAVAPatterns[i].mTestDN = mTestDN;
             String ava = mAVAPatterns[i].formAVA(entry);
 
diff --git a/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java
index e73a112c..35c23bd0 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 import java.security.Principal;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -47,15 +46,14 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.usrgrp.Certificates;
 
-
 /**
- * Certificate server SSL client authentication.  
- *
+ * Certificate server SSL client authentication.
+ * 
  * @author Christina Fu
- * <P>
- *
+ *         <P>
+ * 
  */
-public class SSLclientCertAuthentication implements IAuthManager, 
+public class SSLclientCertAuthentication implements IAuthManager,
         IProfileAuthenticator {
 
     /* result auth token attributes */
@@ -86,19 +84,19 @@ public class SSLclientCertAuthentication implements IAuthManager,
     /**
      * initializes the SSLClientCertAuthentication auth manager
      * <p>
-     * called by AuthSubsystem init() method, when initializing
-     * all available authentication managers.
+     * called by AuthSubsystem init() method, when initializing all available authentication managers.
+     * 
      * @param name The name of this authentication manager instance.
      * @param implName The name of the authentication manager plugin.
      * @param config The configuration store for this authentication manager.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
     }
- 
+
     /**
      * Gets the name of this authentication manager.
      */
@@ -112,7 +110,7 @@ public class SSLclientCertAuthentication implements IAuthManager,
     public String getImplName() {
         return mImplName;
     }
- 
+
     public boolean isSSLClientRequired() {
         return true;
     }
@@ -120,29 +118,29 @@ public class SSLclientCertAuthentication implements IAuthManager,
     /**
      * authenticates user by certificate
      * <p>
-     * called by other subsystems or their servlets to authenticate
-     *	 users
+     * called by other subsystems or their servlets to authenticate users
+     * 
      * @param authCred - authentication credential that contains
-     *	 an usrgrp.Certificates of the user (agent)
+     *            an usrgrp.Certificates of the user (agent)
      * @return the authentication token that contains the following
-     *
+     * 
      * @exception EMissingCredential If a required credential for this
-     * authentication manager is missing.
+     *                authentication manager is missing.
      * @exception EInvalidCredentials If credentials cannot be authenticated.
      * @exception EBaseException If an internal error occurred.
      * @see com.netscape.certsrv.authentication.AuthToken
      * @see com.netscape.certsrv.usrgrp.Certificates
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
-      
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
+
         CMS.debug("SSLclientCertAuthentication: start");
-        CMS.debug("authenticator instance name is "+getName());
+        CMS.debug("authenticator instance name is " + getName());
 
         // force SSL handshake
         SessionContext context = SessionContext.getExistingContext();
         ISSLClientCertProvider provider = (ISSLClientCertProvider)
-            context.get("sslClientCertProvider");
+                context.get("sslClientCertProvider");
 
         if (provider == null) {
             CMS.debug("SSLclientCertAuthentication: No SSL Client Cert Provider Found");
@@ -173,7 +171,7 @@ public class SSLclientCertAuthentication implements IAuthManager,
                 // find out which one is the leaf cert
                 clientCert = ci[i];
 
-                byte [] extBytes = clientCert.getExtensionValue("2.5.29.19");
+                byte[] extBytes = clientCert.getExtensionValue("2.5.29.19");
                 // try to see if this is a leaf cert
                 // look for BasicConstraint extension
                 if (extBytes == null) {
@@ -186,24 +184,24 @@ public class SSLclientCertAuthentication implements IAuthManager,
                     // so it's not likely to be a leaf cert,
                     // however, check the isCA field regardless
                     try {
-                      BasicConstraintsExtension bce =
-                        new BasicConstraintsExtension(true, extBytes);
-                      if (bce != null) {
-                          if (!(Boolean)bce.get("is_ca")) {
-                            CMS.debug("SSLclientCertAuthentication: authenticate: found CA cert in chain");
-                            break;
-                          } // else found a ca cert, continue
-                      }
-                   } catch (Exception e) {
-                     CMS.debug("SSLclientCertAuthentication: authenticate: exception:"+
+                        BasicConstraintsExtension bce =
+                                new BasicConstraintsExtension(true, extBytes);
+                        if (bce != null) {
+                            if (!(Boolean) bce.get("is_ca")) {
+                                CMS.debug("SSLclientCertAuthentication: authenticate: found CA cert in chain");
+                                break;
+                            } // else found a ca cert, continue
+                        }
+                    } catch (Exception e) {
+                        CMS.debug("SSLclientCertAuthentication: authenticate: exception:" +
                                  e.toString());
-                     throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-                   }
-               }
+                        throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+                    }
+                }
             }
             if (clientCert == null) {
-              CMS.debug("SSLclientCertAuthentication: authenticate: client cert not found");
-              throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+                CMS.debug("SSLclientCertAuthentication: authenticate: client cert not found");
+                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
             }
         } catch (CertificateException e) {
             CMS.debug(e.toString());
@@ -213,15 +211,15 @@ public class SSLclientCertAuthentication implements IAuthManager,
         // check if certificate(s) is revoked
         boolean checkRevocation = true;
         try {
-           checkRevocation = mConfig.getBoolean("checkRevocation", true);
+            checkRevocation = mConfig.getBoolean("checkRevocation", true);
         } catch (EBaseException e) {
-           // do nothing; default to true
+            // do nothing; default to true
         }
         if (checkRevocation) {
-          if (CMS.isRevoked(ci)) {
-             CMS.debug("SSLclientCertAuthentication: certificate revoked");
-             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-          }
+            if (CMS.isRevoked(ci)) {
+                CMS.debug("SSLclientCertAuthentication: certificate revoked");
+                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+            }
         }
         Certificates certs = new Certificates(ci);
         Principal p_dn = clientCert.getSubjectDN();
@@ -232,13 +230,13 @@ public class SSLclientCertAuthentication implements IAuthManager,
             authToken.set(TOKEN_UID, uid);
             authToken.set(TOKEN_USERID, uid);
         }
-/*
-        authToken.set(TOKEN_USER_DN, user.getUserDN());
-        authToken.set(TOKEN_USERID, user.getUserID());
-        authToken.set(TOKEN_UID, user.getUserID());
-        authToken.set(TOKEN_GROUP, groupname);
-*/
-        authToken.set(CRED_CERT, certs);  
+        /*
+                authToken.set(TOKEN_USER_DN, user.getUserDN());
+                authToken.set(TOKEN_USERID, user.getUserID());
+                authToken.set(TOKEN_UID, user.getUserID());
+                authToken.set(TOKEN_GROUP, groupname);
+        */
+        authToken.set(CRED_CERT, certs);
 
         CMS.debug("SSLclientCertAuthentication: authenticated ");
 
@@ -257,7 +255,7 @@ public class SSLclientCertAuthentication implements IAuthManager,
             String n = t.substring(0, i);
             if (n.equalsIgnoreCase("uid")) {
                 String v = t.substring(i + 1);
-                CMS.debug("SSLclientCertAuthentication: getUidFromDN(): uid found:"+v);
+                CMS.debug("SSLclientCertAuthentication: getUidFromDN(): uid found:" + v);
                 return v;
             } else {
                 continue;
@@ -268,10 +266,11 @@ public class SSLclientCertAuthentication implements IAuthManager,
 
     /**
      * get the list of authentication credential attribute names
-     *	 required by this authentication manager. Generally used by
-     *	 the servlets that handle agent operations to authenticate its
-     *	 users.  It calls this method to know which are the
-     *	 required credentials from the user (e.g. Javascript form data)
+     * required by this authentication manager. Generally used by
+     * the servlets that handle agent operations to authenticate its
+     * users. It calls this method to know which are the
+     * required credentials from the user (e.g. Javascript form data)
+     * 
      * @return attribute names in Vector
      */
     public String[] getRequiredCreds() {
@@ -280,14 +279,15 @@ public class SSLclientCertAuthentication implements IAuthManager,
 
     /**
      * get the list of configuration parameter names
-     *	 required by this authentication manager.  Generally used by
-     *	 the Certificate Server Console to display the table for
-     *	 configuration purposes.  CertUserDBAuthentication is currently not
-     *	 exposed in this case, so this method is not to be used.
+     * required by this authentication manager. Generally used by
+     * the Certificate Server Console to display the table for
+     * configuration purposes. CertUserDBAuthentication is currently not
+     * exposed in this case, so this method is not to be used.
+     * 
      * @return configuration parameter names in Hashtable of Vectors
-     *	 where each hashtable entry's key is the substore name, value is a
-     * Vector of parameter names.  If no substore, the parameter name
-     *	 is the Hashtable key itself, with value same as key.
+     *         where each hashtable entry's key is the substore name, value is a
+     *         Vector of parameter names. If no substore, the parameter name
+     *         is the Hashtable key itself, with value same as key.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
@@ -301,7 +301,8 @@ public class SSLclientCertAuthentication implements IAuthManager,
 
     /**
      * gets the configuretion substore used by this authentication
-     *  manager
+     * manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -311,7 +312,7 @@ public class SSLclientCertAuthentication implements IAuthManager,
     // Profile-related methods
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
@@ -348,7 +349,7 @@ public class SSLclientCertAuthentication implements IAuthManager,
     }
 
     public void populate(IAuthToken token, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
                 token.getInString(TOKEN_USERDN));
         request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
diff --git a/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java b/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java
index 8b0a7b9b..7a0784c5 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java
@@ -26,7 +26,7 @@ import com.netscape.certsrv.authentication.ISharedToken;
 public class SharedSecret implements ISharedToken {
 
     public SharedSecret() {
-    } 
+    }
 
     public String getSharedToken(PKIData cmcdata) {
         return "testing";
diff --git a/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java
index bb393767..5dcb80a6 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java
@@ -46,13 +46,13 @@ import com.netscape.cmsutil.http.JssSSLSocketFactory;
 import com.netscape.cmsutil.xml.XMLObject;
 
 /**
- * Token authentication.  
+ * Token authentication.
  * Checked if the given token is valid.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class TokenAuthentication implements IAuthManager, 
+public class TokenAuthentication implements IAuthManager,
         IProfileAuthenticator {
 
     /* result auth token attributes */
@@ -79,21 +79,21 @@ public class TokenAuthentication implements IAuthManager,
     /**
      * initializes the TokenAuthentication auth manager
      * <p>
-     * called by AuthSubsystem init() method, when initializing
-     * all available authentication managers.
+     * called by AuthSubsystem init() method, when initializing all available authentication managers.
+     * 
      * @param name The name of this authentication manager instance.
      * @param implName The name of the authentication manager plugin.
      * @param config The configuration store for this authentication manager.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
 
         mUGSub = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
     }
- 
+
     /**
      * Gets the name of this authentication manager.
      */
@@ -107,7 +107,7 @@ public class TokenAuthentication implements IAuthManager,
     public String getImplName() {
         return mImplName;
     }
- 
+
     public boolean isSSLClientRequired() {
         return false;
     }
@@ -115,21 +115,21 @@ public class TokenAuthentication implements IAuthManager,
     /**
      * authenticates user(agent) by certificate
      * <p>
-     * called by other subsystems or their servlets to authenticate
-     *	 users (agents)
+     * called by other subsystems or their servlets to authenticate users (agents)
+     * 
      * @param authCred - authentication credential that contains
-     *	 an usrgrp.Certificates of the user (agent)
+     *            an usrgrp.Certificates of the user (agent)
      * @return the authentication token that contains the following
-     * @exception EMissingCredential If a required credential for this 
-     * authentication manager is missing.
+     * @exception EMissingCredential If a required credential for this
+     *                authentication manager is missing.
      * @exception EInvalidCredentials If credentials cannot be authenticated.
      * @exception EBaseException If an internal error occurred.
      * @see com.netscape.certsrv.authentication.AuthToken
      * @see com.netscape.certsrv.usrgrp.Certificates
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
-      
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
+
         CMS.debug("TokenAuthentication: start");
 
         // force SSL handshake
@@ -141,8 +141,8 @@ public class TokenAuthentication implements IAuthManager,
         // get group name from configuration file
         IConfigStore sconfig = CMS.getConfigStore();
 
-        String sessionId = (String)authCred.get(CRED_SESSION_ID);
-        String givenHost = (String)authCred.get("clientHost");
+        String sessionId = (String) authCred.get(CRED_SESSION_ID);
+        String givenHost = (String) authCred.get("clientHost");
         String auth_host = sconfig.getString("securitydomain.host");
         int auth_port = sconfig.getInteger("securitydomain.httpseeport");
 
@@ -151,7 +151,7 @@ public class TokenAuthentication implements IAuthManager,
         try {
             JssSSLSocketFactory factory = new JssSSLSocketFactory();
             httpclient = new HttpClient(factory);
-            String content = CRED_SESSION_ID+"="+sessionId+"&hostname="+givenHost;
+            String content = CRED_SESSION_ID + "=" + sessionId + "&hostname=" + givenHost;
             CMS.debug("TokenAuthentication: content=" + content);
             httpclient.connect(auth_host, auth_port);
             HttpRequest httprequest = new HttpRequest();
@@ -165,8 +165,8 @@ public class TokenAuthentication implements IAuthManager,
             HttpResponse httpresponse = httpclient.send(httprequest);
 
             c = httpresponse.getContent();
-        } catch (Exception e) { 
-            CMS.debug("TokenAuthentication authenticate Exception="+e.toString());
+        } catch (Exception e) {
+            CMS.debug("TokenAuthentication authenticate Exception=" + e.toString());
         }
 
         if (c != null) {
@@ -177,9 +177,9 @@ public class TokenAuthentication implements IAuthManager,
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "TokenAuthentication::authenticate() - "
-                             + "Exception="+e.toString() );
-                    throw new EBaseException( e.toString() );
+                    CMS.debug("TokenAuthentication::authenticate() - "
+                             + "Exception=" + e.toString());
+                    throw new EBaseException(e.toString());
                 }
                 String status = parser.getValue("Status");
 
@@ -195,13 +195,13 @@ public class TokenAuthentication implements IAuthManager,
                 authToken.set(TOKEN_UID, uid);
                 authToken.set(TOKEN_GID, gid);
 
-                if(context != null)  {
+                if (context != null) {
                     CMS.debug("SessionContext.USER_ID " + uid + " SessionContext.GROUP_ID " + gid);
-                    context.put(SessionContext.USER_ID,  uid );
-                    context.put(SessionContext.GROUP_ID, gid );
+                    context.put(SessionContext.USER_ID, uid);
+                    context.put(SessionContext.GROUP_ID, gid);
                 }
 
-                CMS.debug("TokenAuthentication: authenticated uid="+uid+", gid="+gid);
+                CMS.debug("TokenAuthentication: authenticated uid=" + uid + ", gid=" + gid);
             } catch (EBaseException e) {
                 throw e;
             } catch (Exception e) {
@@ -213,10 +213,11 @@ public class TokenAuthentication implements IAuthManager,
 
     /**
      * get the list of authentication credential attribute names
-     *	 required by this authentication manager. Generally used by
-     *	 the servlets that handle agent operations to authenticate its
-     *	 users.  It calls this method to know which are the
-     *	 required credentials from the user (e.g. Javascript form data)
+     * required by this authentication manager. Generally used by
+     * the servlets that handle agent operations to authenticate its
+     * users. It calls this method to know which are the
+     * required credentials from the user (e.g. Javascript form data)
+     * 
      * @return attribute names in Vector
      */
     public String[] getRequiredCreds() {
@@ -225,14 +226,15 @@ public class TokenAuthentication implements IAuthManager,
 
     /**
      * get the list of configuration parameter names
-     *	 required by this authentication manager.  Generally used by
-     *	 the Certificate Server Console to display the table for
-     *	 configuration purposes.  CertUserDBAuthentication is currently not
-     *	 exposed in this case, so this method is not to be used.
+     * required by this authentication manager. Generally used by
+     * the Certificate Server Console to display the table for
+     * configuration purposes. CertUserDBAuthentication is currently not
+     * exposed in this case, so this method is not to be used.
+     * 
      * @return configuration parameter names in Hashtable of Vectors
-     *	 where each hashtable entry's key is the substore name, value is a
-     * Vector of parameter names.  If no substore, the parameter name
-     *	 is the Hashtable key itself, with value same as key.
+     *         where each hashtable entry's key is the substore name, value is a
+     *         Vector of parameter names. If no substore, the parameter name
+     *         is the Hashtable key itself, with value same as key.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
@@ -246,7 +248,8 @@ public class TokenAuthentication implements IAuthManager,
 
     /**
      * gets the configuretion substore used by this authentication
-     *  manager
+     * manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -256,7 +259,7 @@ public class TokenAuthentication implements IAuthManager,
     // Profile-related methods
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
@@ -296,6 +299,6 @@ public class TokenAuthentication implements IAuthManager,
     }
 
     public void populate(IAuthToken token, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java
index 565bca1a..c9fbbf9a 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 // ldap java sdk
 import netscape.ldap.LDAPConnection;
 import netscape.ldap.LDAPException;
@@ -33,11 +32,10 @@ import com.netscape.certsrv.base.IExtendedPluginInfo;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * udn/pwd directory based authentication manager
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UdnPwdDirAuthentication extends DirBasedAuthentication {
@@ -52,25 +50,25 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
      * for instances of this implementation can be configured through the
      * console.
      */
-    protected static String[] mConfigParams = 
-        new String[] {	PROP_DNPATTERN,
-            PROP_LDAPSTRINGATTRS,
-            PROP_LDAPBYTEATTRS,
-            "ldap.ldapconn.host",
-            "ldap.ldapconn.port",
-            "ldap.ldapconn.secureConn",
-            "ldap.ldapconn.version",
-            "ldap.minConns", 
-            "ldap.maxConns",
+    protected static String[] mConfigParams =
+            new String[] { PROP_DNPATTERN,
+                    PROP_LDAPSTRINGATTRS,
+                    PROP_LDAPBYTEATTRS,
+                    "ldap.ldapconn.host",
+                    "ldap.ldapconn.port",
+                    "ldap.ldapconn.secureConn",
+                    "ldap.ldapconn.version",
+                    "ldap.minConns",
+                    "ldap.maxConns",
         };
 
     static {
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT +
-            ";Authenticate the user distinguished name and password provided " +
-            "by the user against an LDAP directory. Works with the " +
-            "Dir Based Enrollment HTML form");
+                ";Authenticate the user distinguished name and password provided " +
+                "by the user against an LDAP directory. Works with the " +
+                "Dir Based Enrollment HTML form");
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-authentication");
+                ";configuration-authentication");
     };
 
     /**
@@ -83,13 +81,14 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
     /**
      * Initializes the UdnPwdDirAuthentication auth manager.
      * <p>
+     * 
      * @param name - The name for this authentication manager instance.
      * @param implName - The name of the authentication manager plugin.
      * @param config - The configuration store for this instance.
      * @exception EBaseException If an error occurs during initialization.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         super.init(name, implName, config, false);
     }
 
@@ -99,12 +98,12 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
      * @param authCreds The authentication credentials.
      * @return The user's ldap entry dn.
      * @exception EInvalidCredentials If the udn and password are not valid
-     * @exception EBaseException If an internal error occurs. 
+     * @exception EBaseException If an internal error occurs.
      */
-    protected String authenticate(LDAPConnection conn, 
-        IAuthCredentials authCreds,
-        AuthToken token)
-        throws EBaseException {
+    protected String authenticate(LDAPConnection conn,
+            IAuthCredentials authCreds,
+            AuthToken token)
+            throws EBaseException {
         String userdn = null;
 
         // authenticate by binding to ldap server with password.
@@ -114,7 +113,7 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
             if (userdn == null) {
                 throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UDN));
             }
-	
+
             // get the password.
             String pwd = (String) authCreds.get(CRED_PWD);
 
@@ -123,8 +122,8 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
             }
             if (pwd.equals("")) {
                 // anonymous binding not allowed
-                log(ILogger.LL_FAILURE, 
-                    "user " + userdn + " attempted login with empty password.");
+                log(ILogger.LL_FAILURE,
+                        "user " + userdn + " attempted login with empty password.");
                 throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
             }
 
@@ -135,21 +134,21 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
 
             return userdn;
         } catch (ELdapException e) {
-            log(ILogger.LL_FAILURE, 
-                "Couldn't get ldap connection. Error: " + e.toString());
+            log(ILogger.LL_FAILURE,
+                    "Couldn't get ldap connection. Error: " + e.toString());
             throw e;
         } catch (LDAPException e) {
             switch (e.getLDAPResultCode()) {
-            case LDAPException.NO_SUCH_OBJECT: 
-            case LDAPException.LDAP_PARTIAL_RESULTS: 
-                log(ILogger.LL_SECURITY, 
-                    "user " + userdn + " does not exist in ldap server host " +
-                    conn.getHost() + ", port " + conn.getPort() + ".");
+            case LDAPException.NO_SUCH_OBJECT:
+            case LDAPException.LDAP_PARTIAL_RESULTS:
+                log(ILogger.LL_SECURITY,
+                        "user " + userdn + " does not exist in ldap server host " +
+                                conn.getHost() + ", port " + conn.getPort() + ".");
                 throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
 
             case LDAPException.INVALID_CREDENTIALS:
-                log(ILogger.LL_SECURITY, 
-                    "authenticate user " + userdn + " with bad password.");
+                log(ILogger.LL_SECURITY,
+                        "authenticate user " + userdn + " with bad password.");
                 throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
 
             case LDAPException.SERVER_DOWN:
@@ -157,21 +156,21 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
 
-            default: 
-                log(ILogger.LL_FAILURE, 
-                    "Ldap error encountered. " + e.getMessage());
+            default:
+                log(ILogger.LL_FAILURE,
+                        "Ldap error encountered. " + e.getMessage());
                 throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", 
-                            e.errorCodeToString()));
+                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
+                                e.errorCodeToString()));
             }
-        } 
+        }
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
+     * Returns a list of configuration parameter names.
+     * The list is passed to the configuration console so instances of
      * this implementation can be configured through the console.
-     *
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
@@ -180,6 +179,7 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
 
     /**
      * Returns array of required credentials for this authentication manager.
+     * 
      * @return Array of required credentials.
      */
     public String[] getRequiredCreds() {
@@ -187,4 +187,3 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java
index e97fee8b..dd750614 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 // ldap java sdk
 import java.util.Enumeration;
 import java.util.Locale;
@@ -47,15 +46,14 @@ import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * uid/pwd directory based authentication manager
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class UidPwdDirAuthentication extends DirBasedAuthentication 
-    implements IProfileAuthenticator {
+public class UidPwdDirAuthentication extends DirBasedAuthentication
+        implements IProfileAuthenticator {
 
     /* required credentials to authenticate. uid and pwd are strings. */
     public static final String CRED_UID = "uid";
@@ -67,26 +65,26 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
      * for instances of this implementation can be configured through the
      * console.
      */
-    protected static String[] mConfigParams = 
-        new String[] {	PROP_DNPATTERN,
-            PROP_LDAPSTRINGATTRS,
-            PROP_LDAPBYTEATTRS,
-            "ldap.ldapconn.host",
-            "ldap.ldapconn.port",
-            "ldap.ldapconn.secureConn",
-            "ldap.ldapconn.version",
-            "ldap.basedn",
-            "ldap.minConns", 
-            "ldap.maxConns",
+    protected static String[] mConfigParams =
+            new String[] { PROP_DNPATTERN,
+                    PROP_LDAPSTRINGATTRS,
+                    PROP_LDAPBYTEATTRS,
+                    "ldap.ldapconn.host",
+                    "ldap.ldapconn.port",
+                    "ldap.ldapconn.secureConn",
+                    "ldap.ldapconn.version",
+                    "ldap.basedn",
+                    "ldap.minConns",
+                    "ldap.maxConns",
         };
 
     static {
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT +
-            ";Authenticate the username and password provided " +
-            "by the user against an LDAP directory. Works with the " +
-            "Dir Based Enrollment HTML form");
+                ";Authenticate the username and password provided " +
+                "by the user against an LDAP directory. Works with the " +
+                "Dir Based Enrollment HTML form");
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-authrules-uidpwddirauth");
+                ";configuration-authrules-uidpwddirauth");
     };
 
     /**
@@ -102,12 +100,12 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
      * @param authCreds The authentication credentials.
      * @return The user's ldap entry dn.
      * @exception EInvalidCredentials If the uid and password are not valid
-     * @exception EBaseException If an internal error occurs. 
+     * @exception EBaseException If an internal error occurs.
      */
-    protected String authenticate(LDAPConnection conn, 
-        IAuthCredentials authCreds,
-        AuthToken token)
-        throws EBaseException {
+    protected String authenticate(LDAPConnection conn,
+            IAuthCredentials authCreds,
+            AuthToken token)
+            throws EBaseException {
         String userdn = null;
         String uid = null;
 
@@ -119,12 +117,12 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
             if (uid == null) {
                 throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
             }
-	
+
             // get the password.
             String pwd = (String) authCreds.get(CRED_PWD);
 
             if (pwd == null) {
-                throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL",CRED_PWD));
+                throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
             }
             if (pwd.equals("")) {
                 // anonymous binding not allowed
@@ -133,7 +131,7 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
             }
 
             // get user dn.
-            CMS.debug("Authenticating: Searching for UID=" + uid + 
+            CMS.debug("Authenticating: Searching for UID=" + uid +
                       " base DN=" + mBaseDN);
             LDAPSearchResults res = conn.search(mBaseDN,
                     LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false);
@@ -160,8 +158,8 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
             throw e;
         } catch (LDAPException e) {
             switch (e.getLDAPResultCode()) {
-            case LDAPException.NO_SUCH_OBJECT: 
-            case LDAPException.LDAP_PARTIAL_RESULTS: 
+            case LDAPException.NO_SUCH_OBJECT:
+            case LDAPException.LDAP_PARTIAL_RESULTS:
                 log(ILogger.LL_SECURITY, CMS.getLogMessage("USER_NOT_EXIST", uid));
                 throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
 
@@ -174,20 +172,20 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
 
-            default: 
+            default:
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.getMessage()));
                 throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", 
-                            e.errorCodeToString()));
+                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
+                                e.errorCodeToString()));
             }
-        } 
+        }
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
+     * Returns a list of configuration parameter names.
+     * The list is passed to the configuration console so instances of
      * this implementation can be configured through the console.
-     *
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
@@ -196,6 +194,7 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
 
     /**
      * Returns array of required credentials for this authentication manager.
+     * 
      * @return Array of required credentials.
      */
     public String[] getRequiredCreds() {
@@ -203,9 +202,9 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
     }
 
     // Profile-related methods
-      
+
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
@@ -247,19 +246,19 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
      * parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(CRED_UID)) { 
+        if (name.equals(CRED_UID)) {
             return new Descriptor(IDescriptor.STRING, null, null,
                     CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_UID"));
         } else if (name.equals(CRED_PWD)) {
             return new Descriptor(IDescriptor.PASSWORD, null, null,
                     CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_PWD"));
-	
+
         }
         return null;
     }
 
-    public void populate(IAuthToken token, IRequest request) 
-        throws EProfileException {
+    public void populate(IAuthToken token, IRequest request)
+            throws EProfileException {
         request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
                 token.getInString(USER_DN));
     }
diff --git a/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java
index ce60bf8d..2908d532 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 // ldap java sdk
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -53,15 +52,14 @@ import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * uid/pwd/pin directory based authentication manager
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UidPwdPinDirAuthentication extends DirBasedAuthentication
-    implements IExtendedPluginInfo, IProfileAuthenticator {
+        implements IExtendedPluginInfo, IProfileAuthenticator {
 
     /* required credentials to authenticate. uid and pwd are strings. */
     public static final String CRED_UID = "uid";
@@ -84,49 +82,49 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
      * for instances of this implementation can be configured through the
      * console.
      */
-    protected static String[] mConfigParams = 
-        new String[] { PROP_REMOVE_PIN,
-            PROP_PIN_ATTR,
-            PROP_DNPATTERN,
-            PROP_LDAPSTRINGATTRS,
-            PROP_LDAPBYTEATTRS,
-            "ldap.ldapconn.host",
-            "ldap.ldapconn.port",
-            "ldap.ldapconn.secureConn",
-            "ldap.ldapconn.version",
-            "ldap.ldapauth.bindDN",
-            "ldap.ldapauth.bindPWPrompt",
-            "ldap.ldapauth.clientCertNickname",
-            "ldap.ldapauth.authtype",
-            "ldap.basedn",
-            "ldap.minConns", 
-            "ldap.maxConns",
+    protected static String[] mConfigParams =
+            new String[] { PROP_REMOVE_PIN,
+                    PROP_PIN_ATTR,
+                    PROP_DNPATTERN,
+                    PROP_LDAPSTRINGATTRS,
+                    PROP_LDAPBYTEATTRS,
+                    "ldap.ldapconn.host",
+                    "ldap.ldapconn.port",
+                    "ldap.ldapconn.secureConn",
+                    "ldap.ldapconn.version",
+                    "ldap.ldapauth.bindDN",
+                    "ldap.ldapauth.bindPWPrompt",
+                    "ldap.ldapauth.clientCertNickname",
+                    "ldap.ldapauth.authtype",
+                    "ldap.basedn",
+                    "ldap.minConns",
+                    "ldap.maxConns",
         };
 
     static {
         mExtendedPluginInfo.add(
-            PROP_REMOVE_PIN + ";boolean;SEE DOCUMENTATION for pin removal");
+                PROP_REMOVE_PIN + ";boolean;SEE DOCUMENTATION for pin removal");
         mExtendedPluginInfo.add(
-            PROP_PIN_ATTR + ";string;directory attribute to use for pin (default 'pin')");
+                PROP_PIN_ATTR + ";string;directory attribute to use for pin (default 'pin')");
         mExtendedPluginInfo.add(
-            "ldap.ldapauth.bindDN;string;DN to bind as for pin removal. "
-            + "For example 'CN=PinRemoval User'");
+                "ldap.ldapauth.bindDN;string;DN to bind as for pin removal. "
+                        + "For example 'CN=PinRemoval User'");
         mExtendedPluginInfo.add(
-            "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " +
-            "the above user");
+                "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " +
+                        "the above user");
         mExtendedPluginInfo.add(
-            "ldap.ldapauth.clientCertNickname;string;If you want to use "
-            + "SSL client auth to the directory, set the client "
-            + "cert nickname here");
+                "ldap.ldapauth.clientCertNickname;string;If you want to use "
+                        + "SSL client auth to the directory, set the client "
+                        + "cert nickname here");
         mExtendedPluginInfo.add(
-            "ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth),required;"
-            + "How to bind to the directory (for pin removal only)");
+                "ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth),required;"
+                        + "How to bind to the directory (for pin removal only)");
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT
-            + ";Authenticate the username, password and pin provided "
-            + "by the user against an LDAP directory. Works with the "
-            + "Dir/Pin Based Enrollment HTML form");
+                + ";Authenticate the username, password and pin provided "
+                + "by the user against an LDAP directory. Works with the "
+                + "Dir/Pin Based Enrollment HTML form");
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-authrules-uidpwdpindirauth");
+                ";configuration-authrules-uidpwdpindirauth");
 
     }
 
@@ -135,12 +133,12 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
     protected MessageDigest mSHADigest = null;
     protected MessageDigest mMD5Digest = null;
 
-    private   String mBindDN = null;
-    private   String mBindPassword = null;
+    private String mBindDN = null;
+    private String mBindPassword = null;
 
-    private   ILdapConnFactory  removePinLdapFactory = null;
-    private   LDAPConnection        removePinLdapConnection = null;
-    private   IConfigStore          removePinLdapConfigStore = null;
+    private ILdapConnFactory removePinLdapFactory = null;
+    private LDAPConnection removePinLdapConnection = null;
+    private IConfigStore removePinLdapConfigStore = null;
 
     /**
      * Default constructor, initialization must follow.
@@ -149,12 +147,12 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
         super();
     }
 
-    public void init(String name, String implName, IConfigStore config) 
-        throws EBaseException {
+    public void init(String name, String implName, IConfigStore config)
+            throws EBaseException {
         super.init(name, implName, config);
-        mRemovePin = 
+        mRemovePin =
                 config.getBoolean(PROP_REMOVE_PIN, DEF_REMOVE_PIN);
-        mPinAttr = 
+        mPinAttr =
                 config.getString(PROP_PIN_ATTR, DEF_PIN_ATTR);
         if (mPinAttr.equals("")) {
             mPinAttr = DEF_PIN_ATTR;
@@ -166,7 +164,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
             removePinLdapFactory.init(removePinLdapConfigStore);
             removePinLdapConnection = removePinLdapFactory.getConn();
         }
-        
+
         try {
             mSHADigest = MessageDigest.getInstance("SHA1");
             mMD5Digest = MessageDigest.getInstance("MD5");
@@ -177,7 +175,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
     }
 
     protected void verifyPassword(String Password) {
-    }    
+    }
 
     /**
      * Authenticates a user based on its uid, pwd, pin in the directory.
@@ -185,16 +183,16 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
      * @param authCreds The authentication credentials with uid, pwd, pin.
      * @return The user's ldap entry dn.
      * @exception EInvalidCredentials If the uid and password are not valid
-     * @exception EBaseException If an internal error occurs. 
+     * @exception EBaseException If an internal error occurs.
      */
-    protected String authenticate(LDAPConnection conn, 
-        IAuthCredentials authCreds,
-        AuthToken token)
-        throws EBaseException {
+    protected String authenticate(LDAPConnection conn,
+            IAuthCredentials authCreds,
+            AuthToken token)
+            throws EBaseException {
         String userdn = null;
-        String uid = null; 
-        String pwd = null; 
-        String pin = null; 
+        String uid = null;
+        String pwd = null;
+        String pin = null;
 
         try {
             // get the uid.
@@ -202,7 +200,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
             if (uid == null) {
                 throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
             }
-	
+
             // get the password.
             pwd = (String) authCreds.get(CRED_PWD);
             if (pwd == null) {
@@ -256,8 +254,8 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
             throw e;
         } catch (LDAPException e) {
             switch (e.getLDAPResultCode()) {
-            case LDAPException.NO_SUCH_OBJECT: 
-            case LDAPException.LDAP_PARTIAL_RESULTS: 
+            case LDAPException.NO_SUCH_OBJECT:
+            case LDAPException.LDAP_PARTIAL_RESULTS:
                 log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid));
                 throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
 
@@ -270,24 +268,24 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
 
-            default: 
+            default:
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.getMessage()));
                 throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", 
-                            e.errorCodeToString()));
+                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
+                                e.errorCodeToString()));
             }
-        } 
+        }
     }
 
-    protected void checkpin(LDAPConnection conn, String userdn, 
-        String uid, String pin)
-        throws EBaseException, LDAPException {
+    protected void checkpin(LDAPConnection conn, String userdn,
+            String uid, String pin)
+            throws EBaseException, LDAPException {
         LDAPSearchResults res = null;
         LDAPEntry entry = null;
 
         // get pin.
 
-        res = conn.search(userdn, LDAPv2.SCOPE_BASE, 
+        res = conn.search(userdn, LDAPv2.SCOPE_BASE,
                     "(objectclass=*)", new String[] { mPinAttr }, false);
         if (res.hasMoreElements()) {
             entry = (LDAPEntry) res.nextElement();
@@ -309,7 +307,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
             log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
         }
-        byte[] entrypin = (byte[]) pinValues.nextElement();  
+        byte[] entrypin = (byte[]) pinValues.nextElement();
 
         // compare value digest.
 
@@ -317,14 +315,14 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
             log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
         }
-       
+
         byte hashtype = entrypin[0];
 
         byte[] pinDigest = null;
         String toBeDigested = userdn + pin;
 
         if (hashtype == SENTINEL_SHA) {
-            
+
             pinDigest = mSHADigest.digest(toBeDigested.getBytes());
         } else if (hashtype == SENTINEL_MD5) {
             pinDigest = mMD5Digest.digest(toBeDigested.getBytes());
@@ -343,7 +341,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
         int i;
 
         for (i = 0; i < (entrypin.length - 1); i++) {
-            if (pinDigest[i] != entrypin[i + 1]) 
+            if (pinDigest[i] != entrypin[i + 1])
                 break;
         }
         if (i != (entrypin.length - 1)) {
@@ -354,17 +352,17 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
         // pin ok. remove pin if so configured
         // Note that this means that a policy may reject this request later,
         // but the user will not be able to enroll again as his pin is gone.
-        
+
         // We remove the pin using a different connection which is bound as
         // a more privileged user.
 
         if (mRemovePin) {
 
             try {
-                removePinLdapConnection.modify(userdn, 
-                    new LDAPModification(
-                        LDAPModification.DELETE,
-                        new LDAPAttribute(mPinAttr, entrypin)));
+                removePinLdapConnection.modify(userdn,
+                        new LDAPModification(
+                                LDAPModification.DELETE,
+                                new LDAPAttribute(mPinAttr, entrypin)));
 
             } catch (LDAPException e) {
                 log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_CANT_REMOVE_PIN", userdn));
@@ -374,10 +372,10 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
+     * Returns a list of configuration parameter names.
+     * The list is passed to the configuration console so instances of
      * this implementation can be configured through the console.
-     *
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
@@ -386,6 +384,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
 
     /**
      * Returns array of required credentials for this authentication manager.
+     * 
      * @return Array of required credentials.
      */
     public String[] getRequiredCreds() {
@@ -395,7 +394,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
     // Profile-related methods
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
@@ -453,7 +452,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
     }
 
     public void populate(IAuthToken token, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
                 token.getInString(USER_DN));
     }
@@ -462,4 +461,3 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
         return false;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java
index 0bb36f28..a4eac090 100644
--- a/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java
+++ b/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authorization;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Locale;
@@ -37,27 +36,25 @@ import com.netscape.certsrv.evaluators.IAccessEvaluator;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
- * An abstract class represents an authorization manager that governs the 
- * access of internal resources such as servlets. 
- * It parses in the ACLs associated with each protected 
- * resources, and provides protected method <CODE>checkPermission</CODE> 
- * for code that needs to verify access before performing 
+ * An abstract class represents an authorization manager that governs the
+ * access of internal resources such as servlets.
+ * It parses in the ACLs associated with each protected
+ * resources, and provides protected method <CODE>checkPermission</CODE> for code that needs to verify access before performing
  * actions.
  * <P>
  * Here is a sample resourceACLS for a resource
+ * 
  * <PRE>
  *   certServer.UsrGrpAdminServlet:
  *       execute:
  *           deny (execute) user="tempAdmin";
  *           allow (execute) group="Administrators";
  * </PRE>
- * To perform permission checking, code call authz mgr authorize()
- * method to verify access. See AuthzMgr for calling example.
+ * 
+ * To perform permission checking, code call authz mgr authorize() method to verify access. See AuthzMgr for calling example.
  * <P>
- * default "evaluators" are used to evaluate the "group=.." or "user=.."
- * rules.  See evaluator for more info
+ * default "evaluators" are used to evaluate the "group=.." or "user=.." rules. See evaluator for more info
  * 
  * @version $Revision$, $Date$
  * @see <A HREF="http://developer.netscape.com/library/documentation/enterprise/admnunix/aclfiles.htm">ACL Files</A>
@@ -92,10 +89,10 @@ public abstract class AAclAuthz {
     }
 
     /**
-     * Initializes 
+     * Initializes
      */
-    protected void init(IConfigStore config) 
-        throws EBaseException {
+    protected void init(IConfigStore config)
+            throws EBaseException {
 
         mLogger = CMS.getLogger();
         CMS.debug("AAclAuthz: init begins");
@@ -129,10 +126,9 @@ public abstract class AAclAuthz {
                         (IAccessEvaluator) Class.forName(evalClassPath).newInstance();
             } catch (Exception e) {
                 String errMsg = "init(): failed to load class: " +
-                    evalClassPath + ":" + e.toString();
+                        evalClassPath + ":" + e.toString();
 
-                throw new
-                    EACLsException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL",
+                throw new EACLsException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL",
                             evalClassPath));
             }
 
@@ -152,15 +148,15 @@ public abstract class AAclAuthz {
 
     /**
      * Parse ACL resource attributes, then update the ACLs memory store
-     * This is intended to be used if storing ACLs on ldap is not desired, 
+     * This is intended to be used if storing ACLs on ldap is not desired,
      * and the caller is expected to call this method to add resource
-     * and acl info into acls memory store.  The resACLs format should conform
+     * and acl info into acls memory store. The resACLs format should conform
      * to the following:
-     *    <resource ID>:right-1[,right-n]:[allow,deny](right(s))<evaluatorType>=<value>:<comment for this resource acl
+     * <resource ID>:right-1[,right-n]:[allow,deny](right(s))<evaluatorType>=<value>:<comment for this resource acl
      * <P>
-     * Example:
-     *    resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties
-     * @param resACLs same format as the resourceACLs attribute 
+     * Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties
+     * 
+     * @param resACLs same format as the resourceACLs attribute
      * @throws EBaseException parsing error from <code>parseACL</code>
      */
     public void addACLs(String resACLs) throws EBaseException {
@@ -180,7 +176,7 @@ public abstract class AAclAuthz {
     public IACL getACL(String target) {
         return (ACL) mACLs.get(target);
     }
-	
+
     protected Enumeration<String> getTargetNames() {
         return mACLs.keys();
     }
@@ -207,7 +203,7 @@ public abstract class AAclAuthz {
      * Returns a list of configuration parameter names.
      * The list is passed to the configuration console so instances of
      * this implementation can be configured through the console.
-     *
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
@@ -233,45 +229,31 @@ public abstract class AAclAuthz {
      *******************************************************/
 
     /**
-     * Checks if the permission is granted or denied in 
+     * Checks if the permission is granted or denied in
      * the current execution context. If the code is
      * marked as privileged, this methods will simply
      * return.
      * <P>
-     * note that if a resource does not exist in the aclResources
-     *	 entry, but a higher level node exist, it will still be
-     *	 evaluated.  The highest level node's acl determines the
-     *	 permission.  If the higher level node doesn't contain any acl
-     *	 information, then it's passed down to the lower node.  If
-     *	 a node has no aci in its resourceACLs, then it's considered
-     *	 passed.
+     * note that if a resource does not exist in the aclResources entry, but a higher level node exist, it will still be evaluated. The highest level node's acl determines the permission. If the higher level node doesn't contain any acl information, then it's passed down to the lower node. If a node has no aci in its resourceACLs, then it's considered passed.
      * <p>
-     * example: certServer.common.users, if failed permission check for
-     *	 "certServer", then it's considered failed, and there is no need to
-     *	 continue the check.  If passed permission check for "certServer",
-     * then it's considered passed, and no need to continue the
-     *	 check.  If certServer contains no aci then "certServer.common" will be
-     *	 checked for permission instead.  If down to the leaf level,
-     *	 the node still contains no aci, then it's considered passed.
-     *  If at the leaf level, no such resource exist, or no acis, it's
-     *	 considered passed.
+     * example: certServer.common.users, if failed permission check for "certServer", then it's considered failed, and there is no need to continue the check. If passed permission check for "certServer", then it's considered passed, and no need to continue the check. If certServer contains no aci then "certServer.common" will be checked for permission instead. If down to the leaf level, the node still contains no aci, then it's considered passed. If at the leaf level, no such resource exist, or
+     * no acis, it's considered passed.
      * <p>
-     * If there are multiple aci's for a resource, ALL aci's will be
-     *	 checked, and only if all passed permission checks, will the
-     *	 eventual access be granted.
+     * If there are multiple aci's for a resource, ALL aci's will be checked, and only if all passed permission checks, will the eventual access be granted.
+     * 
      * @param name resource name
      * @param perm permission requested
      * @exception EACLsException access permission denied
      */
-    protected synchronized void checkPermission(String name, String perm) 
-        throws EACLsException {
+    protected synchronized void checkPermission(String name, String perm)
+            throws EACLsException {
         String resource = "";
         StringTokenizer st = new StringTokenizer(name, ".");
 
         while (st.hasMoreTokens()) {
             String node = st.nextToken();
 
-            if (! "".equals(resource)) {
+            if (!"".equals(resource)) {
                 resource = resource + "." + node;
             } else {
                 resource = node;
@@ -288,18 +270,17 @@ public abstract class AAclAuthz {
                 params[1] = perm;
 
                 String errMsg = "checkPermission(): permission denied for the resource " +
-                    name + " on operation " + perm;
+                        name + " on operation " + perm;
 
                 log(ILogger.LL_SECURITY, CMS.getLogMessage("AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm));
 
-                throw new
-                    EACLsException(CMS.getUserMessage("CMS_ACL_NO_PERMISSION",
+                throw new EACLsException(CMS.getUserMessage("CMS_ACL_NO_PERMISSION",
                             (String[]) params));
             }
 
             if (passed) {
                 String infoMsg = "checkPermission(): permission granted for the resource " +
-                    name + " on operation " + perm;
+                        name + " on operation " + perm;
 
                 log(ILogger.LL_INFO, infoMsg);
 
@@ -309,38 +290,31 @@ public abstract class AAclAuthz {
     }
 
     /**
-     * Checks if the permission is granted or denied in 
+     * Checks if the permission is granted or denied in
      * the current execution context.
      * <P>
-     * An <code>ACL</code> may contain one or more <code>ACLEntry</code>.
-     * However, in case of multiple <code>ACLEntry</code>, a subject must
-     * pass ALL of the <code>ACLEntry</code> evaluation for permission
-     * to be granted
+     * An <code>ACL</code> may contain one or more <code>ACLEntry</code>. However, in case of multiple <code>ACLEntry</code>, a subject must pass ALL of the <code>ACLEntry</code> evaluation for permission to be granted
      * <P>
-     * negative ("deny") aclEntries are treated differently than
-     * positive ("allow") statements. If a negative aclEntries 
-     * fails the acl check, the permission check will return "false"
-     * right away; while in the case of a positive aclEntry, if the
-     * the aclEntry fails the acl check, the next aclEntry will be
-     * evaluated.
+     * negative ("deny") aclEntries are treated differently than positive ("allow") statements. If a negative aclEntries fails the acl check, the permission check will return "false" right away; while in the case of a positive aclEntry, if the the aclEntry fails the acl check, the next aclEntry will be evaluated.
+     * 
      * @param name resource name
      * @param perm permission requested
      * @return true if access allowed
      *         false if should be passed down to the next node
      * @exception EACLsException if access disallowed
      */
-    private boolean checkACLs(String name, String perm) 
-        throws EACLsException {
+    private boolean checkACLs(String name, String perm)
+            throws EACLsException {
         ACL acl = (ACL) mACLs.get(name);
 
         // no such resource, pass it down
         if (acl == null) {
             String infoMsg = "checkACLs(): no acl for" +
-                name + "...pass down to next node";
+                    name + "...pass down to next node";
 
             log(ILogger.LL_INFO, infoMsg);
 
-            return false; 
+            return false;
         }
 
         Enumeration<ACLEntry> e = acl.entries();
@@ -348,7 +322,7 @@ public abstract class AAclAuthz {
         if ((e == null) || (e.hasMoreElements() == false)) {
             // no acis for node, pass down to next node
             String infoMsg = " AAclAuthz.checkACLs(): no acis for " +
-                name + " acl entry...pass down to next node";
+                    name + " acl entry...pass down to next node";
 
             log(ILogger.LL_INFO, infoMsg);
 
@@ -383,7 +357,7 @@ public abstract class AAclAuthz {
      * Resolves the given expressions.
      * expression || expression || ...
      * example:
-     *     group="Administrators" || group="Operators"
+     * group="Administrators" || group="Operators"
      */
     private boolean evaluateExpressions(String s) {
         // XXX - just handle "||" (or) among multiple expressions for now
@@ -449,8 +423,8 @@ public abstract class AAclAuthz {
     private boolean evaluateExpression(String expression) {
         // XXX - just recognize "=" for now!!
         int i = expression.indexOf("=");
-        String type = expression.substring(0, i);	
-        String value = expression.substring(i + 1);	
+        String type = expression.substring(0, i);
+        String value = expression.substring(i + 1);
         IAccessEvaluator evaluator = (IAccessEvaluator) mEvaluators.get(type);
 
         if (evaluator == null) {
@@ -468,76 +442,62 @@ public abstract class AAclAuthz {
      *******************************************************/
 
     /**
-     * Checks if the permission is granted or denied with id from authtoken 
+     * Checks if the permission is granted or denied with id from authtoken
      * gotten from authentication that precedes authorization. If the code is
      * marked as privileged, this methods will simply
      * return.
      * <P>
-     * note that if a resource does not exist in the aclResources
-     *	 entry, but a higher level node exist, it will still be
-     *	 evaluated.  The highest level node's acl determines the
-     *	 permission.  If the higher level node doesn't contain any acl
-     *	 information, then it's passed down to the lower node.  If
-     *	 a node has no aci in its resourceACLs, then it's considered
-     *	 passed.
+     * note that if a resource does not exist in the aclResources entry, but a higher level node exist, it will still be evaluated. The highest level node's acl determines the permission. If the higher level node doesn't contain any acl information, then it's passed down to the lower node. If a node has no aci in its resourceACLs, then it's considered passed.
      * <p>
-     * example: certServer.common.users, if failed permission check for
-     *	 "certServer", then it's considered failed, and there is no need to
-     *	 continue the check.  If passed permission check for "certServer",
-     * then it's considered passed, and no need to continue the
-     *	 check.  If certServer contains no aci then "certServer.common" will be
-     *	 checked for permission instead.  If down to the leaf level,
-     *	 the node still contains no aci, then it's considered passed.
-     *  If at the leaf level, no such resource exist, or no acis, it's
-     *	 considered passed.
+     * example: certServer.common.users, if failed permission check for "certServer", then it's considered failed, and there is no need to continue the check. If passed permission check for "certServer", then it's considered passed, and no need to continue the check. If certServer contains no aci then "certServer.common" will be checked for permission instead. If down to the leaf level, the node still contains no aci, then it's considered passed. If at the leaf level, no such resource exist, or
+     * no acis, it's considered passed.
      * <p>
-     * If there are multiple aci's for a resource, ALL aci's will be
-     *	 checked, and only if all passed permission checks, will the
-     *	 eventual access be granted.
+     * If there are multiple aci's for a resource, ALL aci's will be checked, and only if all passed permission checks, will the eventual access be granted.
+     * 
      * @param authToken authentication token gotten from authentication
      * @param name resource name
      * @param perm permission requested
      * @exception EACLsException access permission denied
      */
-    public synchronized void checkPermission(IAuthToken authToken, String name, 
-        String perm) 
-        throws EACLsException {
- 
+    public synchronized void checkPermission(IAuthToken authToken, String name,
+            String perm)
+            throws EACLsException {
+
         Vector<String> nodev = getNodes(name);
         Enumeration<String> nodes = nodev.elements();
         String order = getOrder();
         Enumeration<ACLEntry> entries = null;
 
-        if (order.equals("deny")) 
+        if (order.equals("deny"))
             entries = getDenyEntries(nodes, perm);
-        else 
+        else
             entries = getAllowEntries(nodes, perm);
- 
+
         boolean permitted = false;
 
         while (entries.hasMoreElements()) {
             ACLEntry entry = (ACLEntry) entries.nextElement();
 
             CMS.debug("checkACLS(): ACLEntry expressions= " +
-                entry.getAttributeExpressions());
+                    entry.getAttributeExpressions());
             if (evaluateExpressions(authToken, entry.getAttributeExpressions())) {
-                log(ILogger.LL_SECURITY, 
-                    " checkACLs(): permission denied");
+                log(ILogger.LL_SECURITY,
+                        " checkACLs(): permission denied");
                 throw new EACLsException(CMS.getUserMessage("CMS_ACL_PERMISSION_DENIED"));
             }
         }
 
         nodes = nodev.elements();
-        if (order.equals("deny")) 
+        if (order.equals("deny"))
             entries = getAllowEntries(nodes, perm);
-        else 
+        else
             entries = getDenyEntries(nodes, perm);
 
-        while (entries.hasMoreElements()) { 
+        while (entries.hasMoreElements()) {
             ACLEntry entry = (ACLEntry) entries.nextElement();
 
             CMS.debug("checkACLS(): ACLEntry expressions= " +
-                entry.getAttributeExpressions());
+                    entry.getAttributeExpressions());
             if (evaluateExpressions(authToken, entry.getAttributeExpressions())) {
                 permitted = true;
             }
@@ -546,7 +506,7 @@ public abstract class AAclAuthz {
         nodev = null;
         if (permitted) {
             String infoMsg = "checkPermission(): permission granted for the resource " +
-                name + " on operation " + perm;
+                    name + " on operation " + perm;
 
             log(ILogger.LL_INFO, infoMsg);
             return;
@@ -557,10 +517,10 @@ public abstract class AAclAuthz {
             params[1] = perm;
 
             String errMsg = "checkPermission(): permission denied for the resource " +
-                name + " on operation " + perm;
+                    name + " on operation " + perm;
 
-            log(ILogger.LL_SECURITY, 
-                CMS.getLogMessage("AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm));
+            log(ILogger.LL_SECURITY,
+                    CMS.getLogMessage("AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm));
 
             throw new EACLsException(CMS.getUserMessage("CMS_ACL_NO_PERMISSION",
                         (String[]) params));
@@ -582,13 +542,13 @@ public abstract class AAclAuthz {
             while (e.hasMoreElements()) {
                 ACLEntry entry = (ACLEntry) e.nextElement();
 
-                if (!entry.isNegative() && 
-                    entry.containPermission(operation)) {
+                if (!entry.isNegative() &&
+                        entry.containPermission(operation)) {
                     v.addElement(entry);
                 }
             }
         }
-       
+
         return v.elements();
     }
 
@@ -607,13 +567,13 @@ public abstract class AAclAuthz {
             while (e.hasMoreElements()) {
                 ACLEntry entry = e.nextElement();
 
-                if (entry.isNegative() && 
-                    entry.containPermission(operation)) {
+                if (entry.isNegative() &&
+                        entry.containPermission(operation)) {
                     v.addElement(entry);
                 }
             }
         }
-       
+
         return v.elements();
     }
 
@@ -621,7 +581,7 @@ public abstract class AAclAuthz {
      * Resolves the given expressions.
      * expression || expression || ...
      * example:
-     *     group="Administrators" || group="Operators"
+     * group="Administrators" || group="Operators"
      */
     private boolean evaluateExpressions(IAuthToken authToken, String s) {
         // XXX - just handle "||" (or) among multiple expressions for now
@@ -703,7 +663,7 @@ public abstract class AAclAuthz {
         while (index != -1) {
             name = name.substring(0, index);
             v.addElement(name);
-            index = name.lastIndexOf(".");    
+            index = name.lastIndexOf(".");
         }
 
         return v;
@@ -745,7 +705,7 @@ public abstract class AAclAuthz {
                 i = exp.indexOf(">");
                 if (i == -1) {
                     i = exp.indexOf("<");
-                    if (i == -1) {  
+                    if (i == -1) {
                         log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_OP_NOT_SUPPORTED", exp));
                     } else {
                         return "<";
@@ -780,19 +740,19 @@ public abstract class AAclAuthz {
      *******************************************************/
 
     /**
-     * This one only updates the memory.  Classes extend this class should
+     * This one only updates the memory. Classes extend this class should
      * also update to a permanent storage
      */
-    public void updateACLs(String id, String rights, String strACLs, 
-        String desc) throws EACLsException {
+    public void updateACLs(String id, String rights, String strACLs,
+            String desc) throws EACLsException {
         ACL acl = (ACL) getACL(id);
-  
+
         String resourceACLs = id;
 
         if (rights != null)
             resourceACLs = id + ":" + rights + ":" + strACLs + ":" + desc;
 
-            // memory update
+        // memory update
         ACL ac = null;
 
         try {
@@ -806,6 +766,7 @@ public abstract class AAclAuthz {
 
     /**
      * gets an enumeration of resources
+     * 
      * @return an enumeration of resources contained in the ACL table
      */
     public Enumeration<ACL> aclResElements() {
@@ -814,6 +775,7 @@ public abstract class AAclAuthz {
 
     /**
      * gets an enumeration of access evaluators
+     * 
      * @return an enumeraton of access evaluators
      */
     public Enumeration<IAccessEvaluator> aclEvaluatorElements() {
@@ -822,6 +784,7 @@ public abstract class AAclAuthz {
 
     /**
      * gets the access evaluators
+     * 
      * @return handle to the access evaluators table
      */
     public Hashtable<String, IAccessEvaluator> getAccessEvaluators() {
@@ -830,6 +793,7 @@ public abstract class AAclAuthz {
 
     /**
      * is this resource name unique
+     * 
      * @return true if unique; false otherwise
      */
     public boolean isTypeUnique(String type) {
@@ -844,7 +808,7 @@ public abstract class AAclAuthz {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION,
-            level, msg);
+                level, msg);
     }
 
     /*********************************
@@ -852,7 +816,7 @@ public abstract class AAclAuthz {
      **********************************/
 
     /**
-     * update acls.  called after memory upate is done to flush to permanent
+     * update acls. called after memory upate is done to flush to permanent
      * storage.
      * <p>
      */
@@ -860,9 +824,9 @@ public abstract class AAclAuthz {
 
     /**
      * an abstract class that enforces implementation of the
-     *	 authorize() method that will authorize an operation on a
-     *	 particular resource
-     *
+     * authorize() method that will authorize an operation on a
+     * particular resource
+     * 
      * @param authToken the authToken associated with a user
      * @param resource - the protected resource name
      * @param operation - the protected resource operation name
diff --git a/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java
index 29cb671e..c3e65ca8 100644
--- a/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java
+++ b/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authorization;
 
-
 // cert server imports.
 import com.netscape.certsrv.acls.EACLsException;
 import com.netscape.certsrv.apps.CMS;
@@ -31,14 +30,13 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.IExtendedPluginInfo;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * A class for basic acls authorization manager
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class BasicAclAuthz extends AAclAuthz
-    implements IAuthzManager, IExtendedPluginInfo {
+        implements IAuthzManager, IExtendedPluginInfo {
 
     // members
 
@@ -73,7 +71,7 @@ public class BasicAclAuthz extends AAclAuthz
          * console.
          */
         mConfigParams =
-                new String[] { 
+                new String[] {
                     "dummy"
                 };
     }
@@ -82,7 +80,7 @@ public class BasicAclAuthz extends AAclAuthz
      *
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -113,15 +111,16 @@ public class BasicAclAuthz extends AAclAuthz
      * <p>
      * Example:
      * <p>
-     * For example, if UsrGrpAdminServlet needs to authorize the caller
-     * it would do be done in the following fashion:
+     * For example, if UsrGrpAdminServlet needs to authorize the caller it would do be done in the following fashion:
+     * 
      * <PRE>
-     *   try {
-     *     authzTok = mAuthz.authorize("DirACLBasedAuthz", authToken, RES_GROUP, "read");
-     *   } catch (EBaseException e) {
-     *      log(ILogger.LL_FAILURE, "authorize call: "+ e.toString());
-     *   }
-     * </PRE> 
+     * try {
+     *     authzTok = mAuthz.authorize(&quot;DirACLBasedAuthz&quot;, authToken, RES_GROUP, &quot;read&quot;);
+     * } catch (EBaseException e) {
+     *     log(ILogger.LL_FAILURE, &quot;authorize call: &quot; + e.toString());
+     * }
+     * </PRE>
+     * 
      * @param authToken the authToken associated with a user
      * @param resource - the protected resource name
      * @param operation - the protected resource operation name
@@ -130,7 +129,7 @@ public class BasicAclAuthz extends AAclAuthz
      * @return authzToken if success
      */
     public AuthzToken authorize(IAuthToken authToken, String resource, String operation)
-        throws EAuthzInternalError, EAuthzAccessDenied {
+            throws EAuthzInternalError, EAuthzAccessDenied {
         AuthzToken authzToken = new AuthzToken(this);
 
         try {
@@ -142,11 +141,11 @@ public class BasicAclAuthz extends AAclAuthz
             authzToken.set(AuthzToken.TOKEN_AUTHZ_RESOURCE, resource);
             authzToken.set(AuthzToken.TOKEN_AUTHZ_OPERATION, operation);
             authzToken.set(AuthzToken.TOKEN_AUTHZ_STATUS,
-                AuthzToken.AUTHZ_STATUS_SUCCESS);
+                    AuthzToken.AUTHZ_STATUS_SUCCESS);
         } catch (EACLsException e) {
             // audit here later 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED"));
-            String params[] = {resource, operation};
+            String params[] = { resource, operation };
 
             throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
         }
@@ -155,22 +154,23 @@ public class BasicAclAuthz extends AAclAuthz
     }
 
     public AuthzToken authorize(IAuthToken authToken, String expression)
-      throws EAuthzAccessDenied {
+            throws EAuthzAccessDenied {
         if (evaluateACLs(authToken, expression)) {
             return (new AuthzToken(this));
         } else {
-            String params[] = {expression};
+            String params[] = { expression };
             throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
         }
     }
 
     /**
      * This currently does not flush to permanent storage
+     * 
      * @param id is the resource id
-     * @param strACLs 
+     * @param strACLs
      */
     public void updateACLs(String id, String rights, String strACLs,
-        String desc) throws EACLsException {
+            String desc) throws EACLsException {
         try {
             super.updateACLs(id, rights, strACLs, desc);
             //            flushResourceACLs();
@@ -180,7 +180,7 @@ public class BasicAclAuthz extends AAclAuthz
             needsFlush = true;
 
             String errMsg = "updateACLs: failed to flushResourceACLs(): "
-                + ex.toString();
+                    + ex.toString();
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES", ex.toString()));
 
@@ -198,7 +198,7 @@ public class BasicAclAuthz extends AAclAuthz
     }
 
     /**
-     * graceful shutdown 
+     * graceful shutdown
      */
     public void shutdown() {
         log(ILogger.LL_INFO, "shutting down");
@@ -206,6 +206,7 @@ public class BasicAclAuthz extends AAclAuthz
 
     /**
      * Logs a message for this class in the system log file.
+     * 
      * @param level The log level.
      * @param msg The message to log.
      * @see com.netscape.certsrv.logging.ILogger
@@ -214,6 +215,6 @@ public class BasicAclAuthz extends AAclAuthz
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION,
-            level, msg);
+                level, msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java
index 820bf97b..b2318e7e 100644
--- a/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java
+++ b/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authorization;
 
-
 import java.util.Enumeration;
 
 import netscape.ldap.LDAPAttribute;
@@ -44,15 +43,14 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.ldap.ILdapConnFactory;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * A class for ldap acls based authorization manager
  * The ldap server used for acls is the cms internal ldap db.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DirAclAuthz extends AAclAuthz
-    implements IAuthzManager, IExtendedPluginInfo {
+        implements IAuthzManager, IExtendedPluginInfo {
 
     // members
 
@@ -76,21 +74,21 @@ public class DirAclAuthz extends AAclAuthz
 
     static {
         mExtendedPluginInfo.add("ldap.ldapconn.host;string,required;" +
-            "LDAP host to connect to");
+                "LDAP host to connect to");
         mExtendedPluginInfo.add("ldap.ldapconn.port;number,required;" +
-            "LDAP port number (use 389, or 636 if SSL)");
+                "LDAP port number (use 389, or 636 if SSL)");
         mExtendedPluginInfo.add("ldap.ldapconn.secureConn;boolean;" +
-            "Use SSL to connect to directory?");
+                "Use SSL to connect to directory?");
         mExtendedPluginInfo.add("ldap.ldapconn.version;choice(3,2);" +
-            "LDAP protocol version");
+                "LDAP protocol version");
         mExtendedPluginInfo.add("ldap.basedn;string,required;Base DN to start sarching " +
-            "under. If the ACL's DN is 'cn=resourceACL, o=NetscapeCertificateServer' you " +
-            "might want to use 'o=NetscapeCertificateServer' here");
+                "under. If the ACL's DN is 'cn=resourceACL, o=NetscapeCertificateServer' you " +
+                "might want to use 'o=NetscapeCertificateServer' here");
         mExtendedPluginInfo.add("ldap.minConns;number;number of connections " +
-            "to keep open to directory server. Default 5.");
+                "to keep open to directory server. Default 5.");
         mExtendedPluginInfo.add("ldap.maxConns;number;when needed, connection "
-            +
-            "pool can grow to this many (multiplexed) connections. Default 1000");
+                +
+                "pool can grow to this many (multiplexed) connections. Default 1000");
     }
 
     /**
@@ -104,14 +102,14 @@ public class DirAclAuthz extends AAclAuthz
          * console.
          */
         mConfigParams =
-                new String[] { 
-                    "ldap.ldapconn.host",
-                    "ldap.ldapconn.port",
-                    "ldap.ldapconn.secureConn",
-                    "ldap.ldapconn.version",
-                    "ldap.basedn",
-                    "ldap.minConns",
-                    "ldap.maxConns",
+                new String[] {
+                        "ldap.ldapconn.host",
+                        "ldap.ldapconn.port",
+                        "ldap.ldapconn.secureConn",
+                        "ldap.ldapconn.version",
+                        "ldap.basedn",
+                        "ldap.minConns",
+                        "ldap.maxConns",
                 };
     }
 
@@ -119,7 +117,7 @@ public class DirAclAuthz extends AAclAuthz
      *
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -154,7 +152,7 @@ public class DirAclAuthz extends AAclAuthz
         CMS.debug("DirAclAuthz: about to ldap search aclResources");
         try {
             conn = getConn();
-            LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, 
+            LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB,
                     "cn=aclResources", null, false);
 
             returnConn(conn);
@@ -165,7 +163,7 @@ public class DirAclAuthz extends AAclAuthz
                 LDAPAttribute aclRes = entry.getAttribute("resourceACLS");
 
                 @SuppressWarnings("unchecked")
-				Enumeration<String> en = (Enumeration<String> )aclRes.getStringValues();
+                Enumeration<String> en = (Enumeration<String>) aclRes.getStringValues();
 
                 for (; en != null && en.hasMoreElements();) {
                     addACLs(en.nextElement());
@@ -205,15 +203,16 @@ public class DirAclAuthz extends AAclAuthz
      * <p>
      * Example:
      * <p>
-     * For example, if UsrGrpAdminServlet needs to authorize the caller
-     * it would do be done in the following fashion:
+     * For example, if UsrGrpAdminServlet needs to authorize the caller it would do be done in the following fashion:
+     * 
      * <PRE>
-     *   try {
-     *     authzTok = mAuthz.authorize("DirAclAuthz", authToken, RES_GROUP, "read");
-     *   } catch (EBaseException e) {
-     *      log(ILogger.LL_FAILURE, "authorize call: "+ e.toString());
-     *   }
-     * </PRE> 
+     * try {
+     *     authzTok = mAuthz.authorize(&quot;DirAclAuthz&quot;, authToken, RES_GROUP, &quot;read&quot;);
+     * } catch (EBaseException e) {
+     *     log(ILogger.LL_FAILURE, &quot;authorize call: &quot; + e.toString());
+     * }
+     * </PRE>
+     * 
      * @param authToken the authToken associated with a user
      * @param resource - the protected resource name
      * @param operation - the protected resource operation name
@@ -221,7 +220,7 @@ public class DirAclAuthz extends AAclAuthz
      * @return authzToken
      */
     public AuthzToken authorize(IAuthToken authToken, String resource, String operation)
-        throws EAuthzInternalError, EAuthzAccessDenied {
+            throws EAuthzInternalError, EAuthzAccessDenied {
         AuthzToken authzToken = new AuthzToken(this);
 
         try {
@@ -234,40 +233,37 @@ public class DirAclAuthz extends AAclAuthz
         } catch (EACLsException e) {
             // audit here later 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED"));
-            String params[] = {resource, operation};
+            String params[] = { resource, operation };
 
             throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
         }
-		
+
         return authzToken;
     }
 
     public AuthzToken authorize(IAuthToken authToken, String expression)
-      throws EAuthzAccessDenied {
+            throws EAuthzAccessDenied {
         if (evaluateACLs(authToken, expression)) {
             return (new AuthzToken(this));
         } else {
-            String params[] = {expression};
+            String params[] = { expression };
             throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
         }
     }
 
     /**
-     * update acls.  when memory update is done, flush to ldap.
+     * update acls. when memory update is done, flush to ldap.
      * <p>
-     * Currently, it is possible that when the memory is updated
-     *	 successfully, and the ldap isn't, the memory upates lingers.
-     *	 The result is that the changes will only be done on ldap at the
-     *	 next update, or when the system shuts down, another flush will be
-     *	 attempted.
+     * Currently, it is possible that when the memory is updated successfully, and the ldap isn't, the memory upates lingers. The result is that the changes will only be done on ldap at the next update, or when the system shuts down, another flush will be attempted.
+     * 
      * @param id is the resource id
      * @param rights The allowable rights for this resource
      * @param strACLs has the same format as a resourceACLs entry acis
-     *	 on the ldap server
+     *            on the ldap server
      * @param desc The description for this resource
      */
     public void updateACLs(String id, String rights, String strACLs,
-        String desc) throws EACLsException {
+            String desc) throws EACLsException {
         try {
             super.updateACLs(id, rights, strACLs, desc);
             flushResourceACLs();
@@ -277,7 +273,7 @@ public class DirAclAuthz extends AAclAuthz
             needsFlush = true;
 
             String errMsg = "updateACLs: failed to flushResourceACLs(): "
-                + ex.toString();
+                    + ex.toString();
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES", ex.toString()));
 
@@ -335,7 +331,7 @@ public class DirAclAuthz extends AAclAuthz
     }
 
     /**
-     * graceful shutdown 
+     * graceful shutdown
      */
     public void shutdown() {
         if (needsFlush) {
@@ -351,13 +347,14 @@ public class DirAclAuthz extends AAclAuthz
         try {
             mLdapConnFactory.reset();
             mLdapConnFactory = null;
-        } catch (ELdapException e) { 
+        } catch (ELdapException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_LDAP_ERROR", e.toString()));
         }
     }
 
     /**
      * Logs a message for this class in the system log file.
+     * 
      * @param level The log level.
      * @param msg The message to log.
      * @see com.netscape.certsrv.logging.ILogger
@@ -366,6 +363,6 @@ public class DirAclAuthz extends AAclAuthz
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION,
-            level, msg);
+                level, msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java
index 6fe802e7..19b6180d 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -38,14 +37,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a Authority Information Access CRL extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSAuthInfoAccessExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     public static final String PROP_NUM_ADS = "numberOfAccessDescriptions";
     public static final String PROP_ACCESS_METHOD = "accessMethod";
     public static final String PROP_ACCESS_LOCATION_TYPE = "accessLocationType";
@@ -62,7 +60,7 @@ public class CMSAuthInfoAccessExtension
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         AuthInfoAccessExtension authInfoAccessExt = (AuthInfoAccessExtension) ext;
 
         authInfoAccessExt.setCritical(critical);
@@ -71,7 +69,7 @@ public class CMSAuthInfoAccessExtension
     }
 
     public Extension getCRLExtension(IConfigStore config, Object ip,
-        boolean critical) {
+            boolean critical) {
         ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
         AuthInfoAccessExtension authInfoAccessExt = new AuthInfoAccessExtension(critical);
 
@@ -138,7 +136,7 @@ public class CMSAuthInfoAccessExtension
                     String hostname = CMS.getEENonSSLHost();
                     String port = CMS.getEENonSSLPort();
                     if (hostname != null && port != null) {
-                        accessLocation = "http://"+hostname+":"+port+"/ca/ee/ca/getCAChain?op=downloadBIN";
+                        accessLocation = "http://" + hostname + ":" + port + "/ca/ee/ca/getCAChain?op=downloadBIN";
                     }
                     URIName uriName = new URIName(accessLocation);
                     authInfoAccessExt.addAccessDescription(AuthInfoAccessExtension.METHOD_CA_ISSUERS, new GeneralName(uriName));
@@ -211,7 +209,7 @@ public class CMSAuthInfoAccessExtension
                 String hostname = CMS.getEENonSSLHost();
                 String port = CMS.getEENonSSLPort();
                 if (hostname != null && port != null) {
-                    accessLocation = "http://"+hostname+":"+port+"/ca/ee/ca/getCAChain?op=downloadBIN";
+                    accessLocation = "http://" + hostname + ":" + port + "/ca/ee/ca/getCAChain?op=downloadBIN";
                 }
                 nvp.add(PROP_ACCESS_LOCATION + i, accessLocation);
             }
@@ -224,32 +222,32 @@ public class CMSAuthInfoAccessExtension
                 "critical;boolean;Set criticality for Authority Information Access extension.",
                 PROP_NUM_ADS + ";number;Set number of Access Descriptions.",
                 PROP_ACCESS_METHOD + "0;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," +
-                PROP_ACCESS_METHOD_OCSP +");Select access description method.",
+                        PROP_ACCESS_METHOD_OCSP + ");Select access description method.",
                 PROP_ACCESS_LOCATION_TYPE + "0;choice(" + PROP_URINAME + "," +
-                PROP_DIRNAME + ");Select access location type.",
+                        PROP_DIRNAME + ");Select access location type.",
                 PROP_ACCESS_LOCATION + "0;string;Enter access location " +
-                "corresponding to the selected access location type.",
+                        "corresponding to the selected access location type.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-authorityinformationaccess",
+                        ";configuration-ca-edit-crlextension-authorityinformationaccess",
                 PROP_ACCESS_METHOD + "1;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," +
-                PROP_ACCESS_METHOD_OCSP +");Select access description method.",
+                        PROP_ACCESS_METHOD_OCSP + ");Select access description method.",
                 PROP_ACCESS_LOCATION_TYPE + "1;choice(" + PROP_URINAME + "," +
-                PROP_DIRNAME + ");Select access location type.",
+                        PROP_DIRNAME + ");Select access location type.",
                 PROP_ACCESS_LOCATION + "1;string;Enter access location " +
-                "corresponding to the selected access location type.",
+                        "corresponding to the selected access location type.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-authorityinformationaccess",
+                        ";configuration-ca-edit-crlextension-authorityinformationaccess",
                 PROP_ACCESS_METHOD + "2;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," +
-                PROP_ACCESS_METHOD_OCSP +");Select access description method.",
+                        PROP_ACCESS_METHOD_OCSP + ");Select access description method.",
                 PROP_ACCESS_LOCATION_TYPE + "2;choice(" + PROP_URINAME + "," +
-                PROP_DIRNAME + ");Select access location type.",
+                        PROP_DIRNAME + ");Select access location type.",
                 PROP_ACCESS_LOCATION + "2;string;Enter access location " +
-                "corresponding to the selected access location type.",
+                        "corresponding to the selected access location type.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-authorityinformationaccess",
+                        ";configuration-ca-edit-crlextension-authorityinformationaccess",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The Freshest CRL is a non critical CRL extension " +
-                "that identifies the delta CRL distribution points for a particular CRL."
+                        ";The Freshest CRL is a non critical CRL extension " +
+                        "that identifies the delta CRL distribution points for a particular CRL."
             };
 
         return params;
@@ -257,6 +255,6 @@ public class CMSAuthInfoAccessExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSAuthInfoAccessExtension - " + msg);
+                "CMSAuthInfoAccessExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java
index 4cdb0bdc..89ededb6 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateParsingException;
@@ -43,21 +42,20 @@ import com.netscape.certsrv.ca.ICertificateAuthority;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents an authority key identifier extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSAuthorityKeyIdentifierExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     private ILogger mLogger = CMS.getLogger();
 
     public CMSAuthorityKeyIdentifierExtension() {
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         AuthorityKeyIdentifierExtension authKeyIdExt = null;
         KeyIdentifier keyId = null;
         GeneralNames names = null;
@@ -78,8 +76,8 @@ public class CMSAuthorityKeyIdentifierExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object ip,
-        boolean critical) {
+            Object ip,
+            boolean critical) {
         AuthorityKeyIdentifierExtension authKeyIdExt = null;
         ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
 
@@ -88,12 +86,12 @@ public class CMSAuthorityKeyIdentifierExtension
 
             try {
                 X509CertInfo info = (X509CertInfo)
-                    ((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getCACert().get(
-                        X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                        ((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getCACert().get(
+                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
 
                 if (info != null) {
-                    CertificateExtensions caCertExtensions = (CertificateExtensions) 
-                        info.get(X509CertInfo.EXTENSIONS);
+                    CertificateExtensions caCertExtensions = (CertificateExtensions)
+                            info.get(X509CertInfo.EXTENSIONS);
 
                     if (caCertExtensions != null) {
                         for (int i = 0; i < caCertExtensions.size(); i++) {
@@ -101,7 +99,7 @@ public class CMSAuthorityKeyIdentifierExtension
 
                             if (caCertExt instanceof SubjectKeyIdentifierExtension) {
                                 SubjectKeyIdentifierExtension id =
-                                    (SubjectKeyIdentifierExtension) caCertExt;
+                                        (SubjectKeyIdentifierExtension) caCertExt;
 
                                 keyId = (KeyIdentifier)
                                         id.get(SubjectKeyIdentifierExtension.KEY_ID);
@@ -148,11 +146,11 @@ public class CMSAuthorityKeyIdentifierExtension
                 "enable;boolean;Check to enable Authority Key Identifier CRL extension.",
                 "critical;boolean;Set criticality for Authority Key Identifier CRL extension.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-authoritykeyidentifier",
+                        ";configuration-ca-edit-crlextension-authoritykeyidentifier",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The authority key identifier extension provides a means " +
-                "of identifying the public key corresponding to the private " +
-                "key used to sign a CRL."
+                        ";The authority key identifier extension provides a means " +
+                        "of identifying the public key corresponding to the private " +
+                        "key used to sign a CRL."
             };
 
         return params;
@@ -160,6 +158,6 @@ public class CMSAuthorityKeyIdentifierExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSAuthorityKeyIdentifierExtension - " + msg);
+                "CMSAuthorityKeyIdentifierExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java
index e4bb4cb6..e7f4e7b3 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Locale;
@@ -34,21 +33,20 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a CRL number extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSCRLNumberExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     private ILogger mLogger = CMS.getLogger();
 
     public CMSCRLNumberExtension() {
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         BigInteger crlNumber = null;
         CRLNumberExtension crlNumberExt = null;
 
@@ -64,8 +62,8 @@ public class CMSCRLNumberExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object ip,
-        boolean critical) {
+            Object ip,
+            boolean critical) {
         CRLNumberExtension crlNumberExt = null;
         ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
 
@@ -92,11 +90,11 @@ public class CMSCRLNumberExtension
                 "enable;boolean;Check to enable CRL Number extension.",
                 "critical;boolean;Set criticality for CRL Number extension.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-crlnumber",
+                        ";configuration-ca-edit-crlextension-crlnumber",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The CRL number is a non-critical CRL extension " +
-                "which conveys a monotonically increasing sequence number " +
-                "for each CRL issued by a CA"
+                        ";The CRL number is a non-critical CRL extension " +
+                        "which conveys a monotonically increasing sequence number " +
+                        "for each CRL issued by a CA"
             };
 
         return params;
@@ -104,6 +102,6 @@ public class CMSCRLNumberExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSCRLNumberExtension - " + msg);
+                "CMSCRLNumberExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java
index 245428a6..6ed993d5 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -33,21 +32,20 @@ import com.netscape.certsrv.ca.ICMSCRLExtension;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a CRL reason extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSCRLReasonExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     private ILogger mLogger = CMS.getLogger();
 
     public CMSCRLReasonExtension() {
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         RevocationReason reason = null;
         CRLReasonExtension crlReasonExt = null;
 
@@ -61,8 +59,8 @@ public class CMSCRLReasonExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object crlIssuingPoint,
-        boolean critical) {
+            Object crlIssuingPoint,
+            boolean critical) {
         CRLReasonExtension crlReasonExt = null;
 
         return crlReasonExt;
@@ -82,10 +80,10 @@ public class CMSCRLReasonExtension
                 "enable;boolean;Check to enable reason code CRL entry extension.",
                 "critical;boolean;Set criticality for reason code CRL entry extension.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-crlreason",
+                        ";configuration-ca-edit-crlextension-crlreason",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The CRL reason code is a non-critical CRL entry extension " +
-                "that identifies the reason for the certificate revocation."
+                        ";The CRL reason code is a non-critical CRL entry extension " +
+                        "that identifies the reason for the certificate revocation."
             };
 
         return params;
@@ -93,6 +91,6 @@ public class CMSCRLReasonExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSCRLReasonExtension - " + msg);
+                "CMSCRLReasonExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java
index 601e15d2..68d6128d 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -40,18 +39,18 @@ import com.netscape.certsrv.logging.ILogger;
 
 /**
  * This represents a certificate issuer extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSCertificateIssuerExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     private ILogger mLogger = CMS.getLogger();
 
     public CMSCertificateIssuerExtension() {
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         CertificateIssuerExtension certIssuerExt = null;
         GeneralNames names = null;
 
@@ -67,8 +66,8 @@ public class CMSCertificateIssuerExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object ip,
-        boolean critical) {
+            Object ip,
+            boolean critical) {
         CertificateIssuerExtension certIssuerExt = null;
         int numNames = 0;
 
@@ -207,10 +206,10 @@ public class CMSCertificateIssuerExtension
                 "nameType2;choice(DirectoryName,URI);Select Certificate Issuer name type.",
                 "name2;string;Enter Certificate Issuer name corresponding to the selected name type.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-certificateissuer",
+                        ";configuration-ca-edit-crlextension-certificateissuer",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This CRL entry extension identifies the certificate issuer" +
-                " associated with an entry in an indirect CRL."
+                        ";This CRL entry extension identifies the certificate issuer" +
+                        " associated with an entry in an indirect CRL."
             };
 
         return params;
@@ -219,4 +218,4 @@ public class CMSCertificateIssuerExtension
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java
index 35d21e5c..8672502a 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Locale;
@@ -34,21 +33,20 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a delta CRL indicator extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSDeltaCRLIndicatorExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     private ILogger mLogger = CMS.getLogger();
 
     public CMSDeltaCRLIndicatorExtension() {
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         BigInteger baseCRLNumber = null;
         DeltaCRLIndicatorExtension deltaCRLIndicatorExt = null;
 
@@ -65,8 +63,8 @@ public class CMSDeltaCRLIndicatorExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object ip,
-        boolean critical) {
+            Object ip,
+            boolean critical) {
         DeltaCRLIndicatorExtension deltaCRLIndicatorExt = null;
         ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
 
@@ -94,10 +92,10 @@ public class CMSDeltaCRLIndicatorExtension
                 "enable;boolean;Check to enable Delta CRL Indicator extension.",
                 "critical;boolean;Set criticality for Delta CRL Indicator extension.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-crlnumber",
+                        ";configuration-ca-edit-crlextension-crlnumber",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The Delta CRL Indicator is a critical CRL extension " +
-                "which identifies a delta-CRL."
+                        ";The Delta CRL Indicator is a critical CRL extension " +
+                        "which identifies a delta-CRL."
             };
 
         return params;
@@ -105,7 +103,6 @@ public class CMSDeltaCRLIndicatorExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSDeltaCRLIndicatorExtension - " + msg);
+                "CMSDeltaCRLIndicatorExtension - " + msg);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java
index 86bdd05e..38eb7a1c 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -40,14 +39,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a freshest CRL extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSFreshestCRLExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     public static final String PROP_NUM_POINTS = "numPoints";
     public static final String PROP_POINTTYPE = "pointType";
     public static final String PROP_POINTNAME = "pointName";
@@ -60,7 +58,7 @@ public class CMSFreshestCRLExtension
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         FreshestCRLExtension freshestCRLExt = (FreshestCRLExtension) ext;
 
         freshestCRLExt.setCritical(critical);
@@ -69,7 +67,7 @@ public class CMSFreshestCRLExtension
     }
 
     public Extension getCRLExtension(IConfigStore config, Object ip,
-        boolean critical) {
+            boolean critical) {
         ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
         FreshestCRLExtension freshestCRLExt = null;
 
@@ -159,7 +157,7 @@ public class CMSFreshestCRLExtension
             numPoints = config.getInteger(PROP_NUM_POINTS, 0);
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, "Invalid numPoints property for CRL " +
-                "Freshest CRL extension - " + e);
+                    "Freshest CRL extension - " + e);
         }
         nvp.add(PROP_NUM_POINTS, String.valueOf(numPoints));
 
@@ -204,26 +202,26 @@ public class CMSFreshestCRLExtension
                 "critical;boolean;Set criticality for Freshest CRL extension.",
                 PROP_NUM_POINTS + ";number;Set number of CRL distribution points.",
                 PROP_POINTTYPE + "0;choice(" + PROP_DIRNAME + "," + PROP_URINAME +
-                ");Select CRL distribution point name type.",
+                        ");Select CRL distribution point name type.",
                 PROP_POINTNAME + "0;string;Enter CRL distribution point name " +
-                "corresponding to the selected point type.",
+                        "corresponding to the selected point type.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-issuingdistributionpoint",
+                        ";configuration-ca-edit-crlextension-issuingdistributionpoint",
                 PROP_POINTTYPE + "1;choice(" + PROP_DIRNAME + "," + PROP_URINAME +
-                ");Select CRL distribution point name type.",
+                        ");Select CRL distribution point name type.",
                 PROP_POINTNAME + "1;string;Enter CRL distribution point name " +
-                "corresponding to the selected point type.",
+                        "corresponding to the selected point type.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-issuingdistributionpoint",
+                        ";configuration-ca-edit-crlextension-issuingdistributionpoint",
                 PROP_POINTTYPE + "2;choice(" + PROP_DIRNAME + "," + PROP_URINAME +
-                ");Select CRL distribution point name type.",
+                        ");Select CRL distribution point name type.",
                 PROP_POINTNAME + "2;string;Enter CRL distribution point name " +
-                "corresponding to the selected point type.",
+                        "corresponding to the selected point type.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-issuingdistributionpoint",
+                        ";configuration-ca-edit-crlextension-issuingdistributionpoint",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The Freshest CRL is a non critical CRL extension " +
-                "that identifies the delta CRL distribution points for a particular CRL."
+                        ";The Freshest CRL is a non critical CRL extension " +
+                        "that identifies the delta CRL distribution points for a particular CRL."
             };
 
         return params;
@@ -231,6 +229,6 @@ public class CMSFreshestCRLExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSFreshestCRLExtension - " + msg);
+                "CMSFreshestCRLExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java
index e0e39b8a..45aa5038 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -36,14 +35,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a hold instruction extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSHoldInstructionExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     public static final String PROP_INSTR = "instruction";
     public static final String PROP_INSTR_NONE = "none";
     public static final String PROP_INSTR_CALLISSUER = "callissuer";
@@ -55,12 +53,12 @@ public class CMSHoldInstructionExtension
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         HoldInstructionExtension holdInstrExt = null;
 
         try {
             ObjectIdentifier holdInstr =
-                ((HoldInstructionExtension) ext).getHoldInstructionCode();
+                    ((HoldInstructionExtension) ext).getHoldInstructionCode();
 
             holdInstrExt = new HoldInstructionExtension(Boolean.valueOf(critical),
                         holdInstr);
@@ -71,8 +69,8 @@ public class CMSHoldInstructionExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object ip,
-        boolean critical) {
+            Object ip,
+            boolean critical) {
         HoldInstructionExtension holdInstrExt = null;
         String instruction = null;
 
@@ -121,8 +119,7 @@ public class CMSHoldInstructionExtension
         }
         if (instruction != null) {
             if (!(instruction.equalsIgnoreCase(PROP_INSTR_NONE) ||
-                    instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER) ||
-                    instruction.equalsIgnoreCase(PROP_INSTR_REJECT))) {
+                    instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER) || instruction.equalsIgnoreCase(PROP_INSTR_REJECT))) {
                 instruction = PROP_INSTR_NONE;
             }
         } else {
@@ -138,14 +135,14 @@ public class CMSHoldInstructionExtension
                 "enable;boolean;Check to enable Hold Instruction CRL entry extension.",
                 "critical;boolean;Set criticality for Hold Instruction CRL entry extension.",
                 PROP_INSTR + ";choice(" + PROP_INSTR_NONE + "," + PROP_INSTR_CALLISSUER + "," +
-                PROP_INSTR_REJECT + ");Select hold instruction code.",
+                        PROP_INSTR_REJECT + ");Select hold instruction code.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-holdinstruction",
+                        ";configuration-ca-edit-crlextension-holdinstruction",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The hold instruction code is a non-critical CRL entry " +
-                "extension that provides a registered instruction identifier " +
-                "which indicates the action to be taken after encountering " +
-                "a certificate that has been placed on hold."
+                        ";The hold instruction code is a non-critical CRL entry " +
+                        "extension that provides a registered instruction identifier " +
+                        "which indicates the action to be taken after encountering " +
+                        "a certificate that has been placed on hold."
             };
 
         return params;
@@ -153,6 +150,6 @@ public class CMSHoldInstructionExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSHoldInstructionExtension - " + msg);
+                "CMSHoldInstructionExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java
index c0c62244..083873c3 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.util.Date;
 import java.util.Locale;
@@ -33,21 +32,20 @@ import com.netscape.certsrv.ca.ICMSCRLExtension;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a invalidity date extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSInvalidityDateExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     private ILogger mLogger = CMS.getLogger();
 
     public CMSInvalidityDateExtension() {
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         InvalidityDateExtension invalidityDateExt = null;
 
         try {
@@ -62,8 +60,8 @@ public class CMSInvalidityDateExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object crlIssuingPoint,
-        boolean critical) {
+            Object crlIssuingPoint,
+            boolean critical) {
         InvalidityDateExtension invalidityDateExt = null;
 
         return invalidityDateExt;
@@ -83,12 +81,12 @@ public class CMSInvalidityDateExtension
                 "enable;boolean;Check to enable Invalidity Date CRL entry extension.",
                 "critical;boolean;Set criticality for Invalidity Date CRL entry extension.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-invaliditydate",
+                        ";configuration-ca-edit-crlextension-invaliditydate",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The invalidity date is a non-critical CRL entry extension " +
-                "that provides the date on which it is known or suspected " +
-                "that the private key was compromised or that the certificate" +
-                " otherwise became invalid."
+                        ";The invalidity date is a non-critical CRL entry extension " +
+                        "that provides the date on which it is known or suspected " +
+                        "that the private key was compromised or that the certificate" +
+                        " otherwise became invalid."
             };
 
         return params;
@@ -96,6 +94,6 @@ public class CMSInvalidityDateExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSInvalidityDateExtension - " + msg);
+                "CMSInvalidityDateExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java
index 9ca9d5d2..204048c9 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.util.Locale;
@@ -47,14 +46,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a issuer alternative name extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSIssuerAlternativeNameExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     private static final String PROP_RFC822_NAME = "rfc822Name";
     private static final String PROP_DNS_NAME = "dNSName";
     private static final String PROP_DIR_NAME = "directoryName";
@@ -70,7 +68,7 @@ public class CMSIssuerAlternativeNameExtension
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         IssuerAlternativeNameExtension issuerAltNameExt = null;
         GeneralNames names = null;
 
@@ -84,8 +82,8 @@ public class CMSIssuerAlternativeNameExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object ip,
-        boolean critical) {
+            Object ip,
+            boolean critical) {
         ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
         IssuerAlternativeNameExtension issuerAltNameExt = null;
         int numNames = 0;
@@ -196,7 +194,7 @@ public class CMSIssuerAlternativeNameExtension
             numNames = config.getInteger("numNames", 0);
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, "Invalid numNames property for CRL " +
-                "IssuerAlternativeName extension - " + e);
+                    "IssuerAlternativeName extension - " + e);
         }
         nvp.add("numNames", String.valueOf(numNames));
 
@@ -207,10 +205,10 @@ public class CMSIssuerAlternativeNameExtension
                 nameType = config.getString("nameType" + i);
             } catch (EPropertyNotFound e) {
                 log(ILogger.LL_FAILURE, "Undefined nameType" + i + " property for " +
-                    "CRL IssuerAlternativeName extension - " + e);
+                        "CRL IssuerAlternativeName extension - " + e);
             } catch (EBaseException e) {
                 log(ILogger.LL_FAILURE, "Invalid nameType" + i + " property for " +
-                    "CRL IssuerAlternativeName extension - " + e);
+                        "CRL IssuerAlternativeName extension - " + e);
             }
 
             if (nameType != null && nameType.length() > 0) {
@@ -225,10 +223,10 @@ public class CMSIssuerAlternativeNameExtension
                 name = config.getString("name" + i);
             } catch (EPropertyNotFound e) {
                 log(ILogger.LL_FAILURE, "Undefined name" + i + " property for " +
-                    "CRL IssuerAlternativeName extension - " + e);
+                        "CRL IssuerAlternativeName extension - " + e);
             } catch (EBaseException e) {
                 log(ILogger.LL_FAILURE, "Invalid name" + i + " property for " +
-                    "CRL IssuerAlternativeName extension - " + e);
+                        "CRL IssuerAlternativeName extension - " + e);
             }
 
             if (name != null && name.length() > 0) {
@@ -254,22 +252,22 @@ public class CMSIssuerAlternativeNameExtension
                 "critical;boolean;Set criticality for Issuer Alternative Name CRL extension.",
                 "numNames;number;Set number of alternative names for the CRL issuer.",
                 "nameType0;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," +
-                PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
-                PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
+                        PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
+                        PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
                 "name0;string;Enter Issuer Alternative Name corresponding to the selected name type.",
                 "nameType1;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," +
-                PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
-                PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
+                        PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
+                        PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
                 "name1;string;Enter Issuer Alternative Name corresponding to the selected name type.",
                 "nameType2;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," +
-                PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
-                PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
+                        PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
+                        PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
                 "name2;string;Enter Issuer Alternative Name corresponding to the selected name type.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-issueralternativename",
+                        ";configuration-ca-edit-crlextension-issueralternativename",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The issuer alternative names extension allows additional" +
-                " identities to be associated with the issuer of the CRL."
+                        ";The issuer alternative names extension allows additional" +
+                        " identities to be associated with the issuer of the CRL."
             };
 
         return params;
@@ -277,6 +275,6 @@ public class CMSIssuerAlternativeNameExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSIssuerAlternativeNameExtension - " + msg);
+                "CMSIssuerAlternativeNameExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java
index ccc5b64d..3df24330 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.util.Locale;
 import java.util.StringTokenizer;
@@ -43,14 +42,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a issuing distribution point extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSIssuingDistributionPointExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     public static final String PROP_POINTTYPE = "pointType";
     public static final String PROP_POINTNAME = "pointName";
     public static final String PROP_DIRNAME = "DirectoryName";
@@ -61,14 +59,14 @@ public class CMSIssuingDistributionPointExtension
     public static final String PROP_INDIRECT = "indirectCRL";
     public static final String PROP_REASONS = "onlySomeReasons";
 
-    private static final String[] reasonFlags = {"unused",
+    private static final String[] reasonFlags = { "unused",
             "keyCompromise",
             "cACompromise",
             "affiliationChanged",
             "superseded",
             "cessationOfOperation",
             "certificateHold",
-            "privilegeWithdrawn"};
+            "privilegeWithdrawn" };
 
     private ILogger mLogger = CMS.getLogger();
 
@@ -76,9 +74,9 @@ public class CMSIssuingDistributionPointExtension
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         IssuingDistributionPointExtension issuingDPointExt =
-            (IssuingDistributionPointExtension) ext;
+                (IssuingDistributionPointExtension) ext;
 
         issuingDPointExt.setCritical(critical);
 
@@ -86,8 +84,8 @@ public class CMSIssuingDistributionPointExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object ip,
-        boolean critical) {
+            Object ip,
+            boolean critical) {
 
         CMS.debug("in CMSIssuingDistributionPointExtension::getCRLExtension.");
         ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
@@ -164,7 +162,7 @@ public class CMSIssuingDistributionPointExtension
         }
         if (reasons != null && reasons.length() > 0) {
 
-            boolean[] bits = {false, false, false, false, false, false, false};
+            boolean[] bits = { false, false, false, false, false, false, false };
             int k = 0;
             StringTokenizer st = new StringTokenizer(reasons, ",");
 
@@ -275,25 +273,25 @@ public class CMSIssuingDistributionPointExtension
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "caCertsOnly", e.toString()));
         }
         // Disable these for now unitl we support them fully
-/*
-        try {
-            boolean userCertsOnly = config.getBoolean(PROP_USERCERTS, false);
-
-            nvp.add(PROP_USERCERTS, String.valueOf(userCertsOnly));
-        } catch (EBaseException e) {
-            nvp.add(PROP_USERCERTS, "false");
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "userCertsOnly", e.toString()));
-        }
+        /*
+                try {
+                    boolean userCertsOnly = config.getBoolean(PROP_USERCERTS, false);
+
+                    nvp.add(PROP_USERCERTS, String.valueOf(userCertsOnly));
+                } catch (EBaseException e) {
+                    nvp.add(PROP_USERCERTS, "false");
+                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "userCertsOnly", e.toString()));
+                }
 
-        try {
-            boolean indirectCRL = config.getBoolean(PROP_INDIRECT, false);
+                try {
+                    boolean indirectCRL = config.getBoolean(PROP_INDIRECT, false);
 
-            nvp.add(PROP_INDIRECT, String.valueOf(indirectCRL));
-        } catch (EBaseException e) {
-            nvp.add(PROP_INDIRECT, "false");
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "indirectCRL", e.toString()));
-        }
-*/
+                    nvp.add(PROP_INDIRECT, String.valueOf(indirectCRL));
+                } catch (EBaseException e) {
+                    nvp.add(PROP_INDIRECT, "false");
+                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "indirectCRL", e.toString()));
+                }
+        */
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
@@ -310,20 +308,20 @@ public class CMSIssuingDistributionPointExtension
                 "enable;boolean;Check to enable Issuing Distribution Point CRL extension.",
                 "critical;boolean;Set criticality for Issuing Distribution Point CRL extension.",
                 PROP_POINTTYPE + ";choice(" + PROP_DIRNAME + "," + PROP_URINAME + "," +
-                PROP_RDNNAME + ");Select Issuing Distribution Point name type.",
+                        PROP_RDNNAME + ");Select Issuing Distribution Point name type.",
                 PROP_POINTNAME + ";string;Enter Issuing Distribution Point name " +
-                "corresponding to the selected point type.",
+                        "corresponding to the selected point type.",
                 PROP_REASONS + ";string;Select any combination of the following reasons: " +
-                sb_reasons.toString(),
+                        sb_reasons.toString(),
                 PROP_CACERTS + ";boolean;Check if CRL contains CA certificates only",
-             //   Remove these from the UI until they can be supported fully.
-             //   PROP_USERCERTS + ";boolean;Check if CRL contains user certificates only",
-             //   PROP_INDIRECT + ";boolean;Check if CRL is built indirectly.",
+                //   Remove these from the UI until they can be supported fully.
+                //   PROP_USERCERTS + ";boolean;Check if CRL contains user certificates only",
+                //   PROP_INDIRECT + ";boolean;Check if CRL is built indirectly.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-issuingdistributionpoint",
+                        ";configuration-ca-edit-crlextension-issuingdistributionpoint",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The issuing distribution point is a critical CRL extension " +
-                "that identifies the CRL distribution point for a particular CRL."
+                        ";The issuing distribution point is a critical CRL extension " +
+                        "that identifies the CRL distribution point for a particular CRL."
             };
 
         return params;
@@ -331,6 +329,6 @@ public class CMSIssuingDistributionPointExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSIssuingDistributionPointExtension - " + msg);
+                "CMSIssuingDistributionPointExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
index d026cdba..530ca944 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.evaluators;
 
-
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.IAuthToken;
 import com.netscape.certsrv.base.EBaseException;
@@ -28,7 +27,6 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
  * A class represents a group acls evaluator.
  * <P>
@@ -54,7 +52,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
     }
 
     /**
-     * initialization.  nothing for now.
+     * initialization. nothing for now.
      */
     public void init() {
         CMS.debug("GroupAccessEvaluator: init");
@@ -62,6 +60,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
 
     /**
      * gets the type name for this acl evaluator
+     * 
      * @return type for this acl evaluator: "group" or "at_group"
      */
     public String getType() {
@@ -70,6 +69,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
 
     /**
      * gets the description for this acl evaluator
+     * 
      * @return description for this acl evaluator
      */
     public String getDescription() {
@@ -86,13 +86,14 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
 
     /**
      * evaluates uid in AuthToken to see if it has membership in
-     *	 group value
+     * group value
+     * 
      * @param authToken authentication token
      * @param type must be "at_group"
      * @param op must be "="
      * @param value the group name
      * @return true if AuthToken uid belongs to the group value,
-     *	 false otherwise
+     *         false otherwise
      */
     public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
 
@@ -104,17 +105,17 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
             if (uid == null) {
                 uid = authToken.getInString("uid");
                 if (uid == null) {
-                  CMS.debug("GroupAccessEvaluator: evaluate: uid null");
-                  log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL"));
-                  return false;
+                    CMS.debug("GroupAccessEvaluator: evaluate: uid null");
+                    log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL"));
+                    return false;
                 }
             }
-            CMS.debug("GroupAccessEvaluator: evaluate: uid="+uid +" value="+value);
+            CMS.debug("GroupAccessEvaluator: evaluate: uid=" + uid + " value=" + value);
 
             String groupname = authToken.getInString("gid");
 
             if (groupname != null) {
-                CMS.debug("GroupAccessEvaluator: evaluate: authToken gid="+groupname);
+                CMS.debug("GroupAccessEvaluator: evaluate: authToken gid=" + groupname);
                 if (op.equals("=")) {
                     return groupname.equals(Utils.stripQuotes(value));
                 } else if (op.equals("!=")) {
@@ -123,12 +124,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
             } else {
                 CMS.debug("GroupAccessEvaluator: evaluate: no gid in authToken");
                 IUser id = null;
-                try { 
-                    id = mUG.getUser(uid); 
-                } catch (EBaseException e) { 
+                try {
+                    id = mUG.getUser(uid);
+                } catch (EBaseException e) {
                     CMS.debug("GroupAccessEvaluator: " + e.toString());
                     return false;
-                } 
+                }
 
                 if (op.equals("=")) {
                     return mUG.isMemberOf(id, Utils.stripQuotes(value));
@@ -143,12 +144,13 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
 
     /**
      * evaluates uid in SessionContext to see if it has membership in
-     *	 group value
+     * group value
+     * 
      * @param type must be "group"
      * @param op must be "="
      * @param value the group name
      * @return true if SessionContext uid belongs to the group value,
-     *	 false otherwise
+     *         false otherwise
      */
     public boolean evaluate(String type, String op, String value) {
 
@@ -161,12 +163,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL"));
                 return false;
             }
-            if (op.equals("=")) 
+            if (op.equals("="))
                 return mUG.isMemberOf(id, Utils.stripQuotes(value));
             else
                 return !(mUG.isMemberOf(id, Utils.stripQuotes(value)));
-            
-        } 
+
+        }
 
         return false;
     }
@@ -175,7 +177,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
-            level, "GroupAccessEvaluator: " + msg);
+                level, "GroupAccessEvaluator: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java
index a5c99eeb..17d38368 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.evaluators;
 
-
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.IAuthToken;
 import com.netscape.certsrv.base.SessionContext;
@@ -25,7 +24,6 @@ import com.netscape.certsrv.evaluators.IAccessEvaluator;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
  * A class represents a IP address acls evaluator.
  * <P>
@@ -44,13 +42,14 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
     }
 
     /**
-     * initialization.  nothing for now.
+     * initialization. nothing for now.
      */
     public void init() {
     }
 
     /**
      * gets the type name for this acl evaluator
+     * 
      * @return type for this acl evaluator: ipaddress
      */
     public String getType() {
@@ -59,6 +58,7 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
 
     /**
      * gets the description for this acl evaluator
+     * 
      * @return description for this acl evaluator
      */
     public String getDescription() {
@@ -75,6 +75,7 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
 
     /**
      * Gets the IP address from session context
+     * 
      * @param authToken authentication token
      * @param type must be "ipaddress"
      * @param op must be "=" or "!="
@@ -87,12 +88,13 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
 
     /**
      * evaluates uid in SessionContext to see if it has membership in
-     *	 group value
+     * group value
+     * 
      * @param type must be "group"
      * @param op must be "="
      * @param value the group name
      * @return true if SessionContext uid belongs to the group value,
-     *	 false otherwise
+     *         false otherwise
      */
     public boolean evaluate(String type, String op, String value) {
 
@@ -106,13 +108,13 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUATOR_IPADDRESS_NULL"));
                 return false;
             }
-            if (op.equals("=")) { 
+            if (op.equals("=")) {
                 return ipaddress.matches(value);
             } else {
                 return !(ipaddress.matches(value));
             }
-            
-        } 
+
+        }
 
         return false;
     }
@@ -121,6 +123,6 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
-            level, "GroupAccessEvaluator: " + msg);
+                level, "GroupAccessEvaluator: " + msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java
index 4b6b5677..bf7727c9 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.evaluators;
 
-
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.IAuthToken;
 import com.netscape.certsrv.base.SessionContext;
@@ -26,7 +25,6 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.usrgrp.IUser;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
  * A class represents a user acls evaluator.
  * <P>
@@ -48,7 +46,7 @@ public class UserAccessEvaluator implements IAccessEvaluator {
     }
 
     /**
-     * initialization.  nothing for now.
+     * initialization. nothing for now.
      */
     public void init() {
         CMS.debug("UserAccessEvaluator: init");
@@ -56,6 +54,7 @@ public class UserAccessEvaluator implements IAccessEvaluator {
 
     /**
      * gets the type name for this acl evaluator
+     * 
      * @return type for this acl evaluator: "user" or "at_user"
      */
     public String getType() {
@@ -64,6 +63,7 @@ public class UserAccessEvaluator implements IAccessEvaluator {
 
     /**
      * gets the description for this acl evaluator
+     * 
      * @return description for this acl evaluator
      */
     public String getDescription() {
@@ -80,6 +80,7 @@ public class UserAccessEvaluator implements IAccessEvaluator {
 
     /**
      * Evaluates the user in AuthToken to see if it's equal to value
+     * 
      * @param authToken AuthToken from authentication
      * @param type must be "at_user"
      * @param op must be "="
@@ -92,9 +93,9 @@ public class UserAccessEvaluator implements IAccessEvaluator {
             String s = Utils.stripQuotes(value);
 
             if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("="))
-                return true; 
-            
-                // should define "uid" at a common place
+                return true;
+
+            // should define "uid" at a common place
             String uid = null;
 
             uid = authToken.getInString("uid");
@@ -108,13 +109,14 @@ public class UserAccessEvaluator implements IAccessEvaluator {
                 return s.equalsIgnoreCase(uid);
             else if (op.equals("!="))
                 return !(s.equalsIgnoreCase(uid));
-        }        
+        }
 
         return false;
     }
 
     /**
      * Evaluates the user in session context to see if it's equal to value
+     * 
      * @param type must be "user"
      * @param op must be "="
      * @param value the user id
@@ -145,7 +147,7 @@ public class UserAccessEvaluator implements IAccessEvaluator {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
-            level, "UserAccessEvaluator: " + msg);
+                level, "UserAccessEvaluator: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java
index b1b406c0..442828e7 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.evaluators;
 
-
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.IAuthToken;
 import com.netscape.certsrv.base.SessionContext;
@@ -26,10 +25,9 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.usrgrp.IUser;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
  * A class represents a user-origreq uid mapping acls evaluator.
- * This is primarily used for renewal.  During renewal, the orig_req
+ * This is primarily used for renewal. During renewal, the orig_req
  * uid is placed in the SessionContext of the renewal session context
  * to be evaluated by this evaluator
  * <P>
@@ -52,7 +50,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
     }
 
     /**
-     * initialization.  nothing for now.
+     * initialization. nothing for now.
      */
     public void init() {
         CMS.debug("UserOrigReqAccessEvaluator: init");
@@ -60,6 +58,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
 
     /**
      * gets the type name for this acl evaluator
+     * 
      * @return type for this acl evaluator: "user_origreq" or "at_user_origreq"
      */
     public String getType() {
@@ -68,6 +67,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
 
     /**
      * gets the description for this acl evaluator
+     * 
      * @return description for this acl evaluator
      */
     public String getDescription() {
@@ -84,6 +84,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
 
     /**
      * Evaluates the user in AuthToken to see if it's equal to value
+     * 
      * @param authToken AuthToken from authentication
      * @param type must be "at_userreq"
      * @param op must be "="
@@ -96,9 +97,9 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
             String s = Utils.stripQuotes(value);
 
             if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("="))
-                return true; 
-            
-                // should define "uid" at a common place
+                return true;
+
+            // should define "uid" at a common place
             String uid = null;
 
             uid = authToken.getInString("uid");
@@ -107,30 +108,31 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
                 CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken null");
                 return false;
             } else
-                CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken ="+ uid);
+                CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken =" + uid);
 
             // find value of param in request
             SessionContext mSC = SessionContext.getContext();
-            CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting "+"orig_req."+s+ " in SessionContext");
+            CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting " + "orig_req." + s + " in SessionContext");
             // "orig_req.auth_token.uid"
-            String orig_id = (String) mSC.get("orig_req."+s);
+            String orig_id = (String) mSC.get("orig_req." + s);
 
             if (orig_id == null) {
                 CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id null");
                 return false;
             }
-                CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id ="+ orig_id);
+            CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id =" + orig_id);
             if (op.equals("="))
                 return uid.equalsIgnoreCase(orig_id);
             else if (op.equals("!="))
                 return !(uid.equalsIgnoreCase(orig_id));
-        }        
+        }
 
         return false;
     }
 
     /**
      * Evaluates the user in session context to see if it's equal to value
+     * 
      * @param type must be "user_origreq"
      * @param op must be "="
      * @param value the user id
@@ -141,7 +143,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
         SessionContext mSC = SessionContext.getContext();
 
         if (type.equals(mType)) {
-// what do I do with s here?
+            // what do I do with s here?
             String s = Utils.stripQuotes(value);
 
             if (s.equals(ANYBODY) && op.equals("="))
@@ -149,7 +151,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
 
             IUser id = (IUser) mSC.get(SessionContext.USER);
             // "orig_req.auth_token.uid"
-            String orig_id = (String) mSC.get("orig_req"+s);
+            String orig_id = (String) mSC.get("orig_req" + s);
 
             if (op.equals("="))
                 return id.getName().equalsIgnoreCase(orig_id);
diff --git a/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java b/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java
index 8488ec2d..5b8176da 100644
--- a/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java
+++ b/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.jobs;
 
-
 import java.io.IOException;
 import java.util.Hashtable;
 
@@ -36,11 +35,10 @@ import com.netscape.certsrv.notification.IEmailTemplate;
 import com.netscape.certsrv.notification.IMailNotification;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This abstract class is a base job for real job extentions for the
- * Jobs Scheduler. 
- *
+ * Jobs Scheduler.
+ * 
  * @version $Revision$, $Date$
  * @see com.netscape.certsrv.jobs.IJob
  */
@@ -81,8 +79,9 @@ public abstract class AJobBase implements IJob, Runnable {
 
     /**
      * tells if the job is enabled
+     * 
      * @return a boolean value indicating whether the job is enabled
-     *	 or not
+     *         or not
      */
     public boolean isEnabled() {
         boolean enabled = false;
@@ -98,16 +97,17 @@ public abstract class AJobBase implements IJob, Runnable {
      * abstract methods
      ***********************/
     public abstract void init(ISubsystem owner, String id, String implName, IConfigStore
-        config) throws EBaseException;
+            config) throws EBaseException;
 
     public abstract void run();
 
     /***********************
      * public methods
      ***********************/
-    
+
     /**
      * get instance id.
+     * 
      * @return a String identifier
      */
     public String getId() {
@@ -116,6 +116,7 @@ public abstract class AJobBase implements IJob, Runnable {
 
     /**
      * set instance id.
+     * 
      * @param id String id of the instance
      */
     public void setId(String id) {
@@ -124,6 +125,7 @@ public abstract class AJobBase implements IJob, Runnable {
 
     /**
      * get cron string associated with this job
+     * 
      * @return a JobCron object that represents the schedule of this job
      */
     public IJobCron getJobCron() {
@@ -132,6 +134,7 @@ public abstract class AJobBase implements IJob, Runnable {
 
     /**
      * gets the plugin name of this job.
+     * 
      * @return a String that is the name of this implementation
      */
     public String getImplName() {
@@ -140,6 +143,7 @@ public abstract class AJobBase implements IJob, Runnable {
 
     /**
      * Gets the configuration substore used by this job
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -193,29 +197,29 @@ public abstract class AJobBase implements IJob, Runnable {
         } catch (ENotificationException e) {
             // already logged, lets audit
             mLogger.log(ILogger.EV_AUDIT, null,
-                ILogger.S_OTHER,
-                ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString()));
+                    ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString()));
         } catch (IOException e) {
             // already logged, lets audit
             mLogger.log(ILogger.EV_AUDIT, null,
-                ILogger.S_OTHER,
-                ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString()));
+                    ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString()));
         }
     }
 
     protected void buildItemParams(X509CertImpl cert) {
         mItemParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM,
-            (Object) cert.getSerialNumber().toString());
+                (Object) cert.getSerialNumber().toString());
         mItemParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM,
-            (Object) cert.getSerialNumber().toString(16));
+                (Object) cert.getSerialNumber().toString(16));
         mItemParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN,
-            (Object) cert.getIssuerDN().toString());
+                (Object) cert.getIssuerDN().toString());
         mItemParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN,
-            (Object) cert.getSubjectDN().toString());
+                (Object) cert.getSubjectDN().toString());
         mItemParams.put(IEmailFormProcessor.TOKEN_NOT_AFTER,
-            (Object) cert.getNotAfter().toString());
+                (Object) cert.getNotAfter().toString());
         mItemParams.put(IEmailFormProcessor.TOKEN_NOT_BEFORE,
-            (Object) cert.getNotBefore().toString());
+                (Object) cert.getNotBefore().toString());
         // ... and more
     }
 
@@ -258,7 +262,8 @@ public abstract class AJobBase implements IJob, Runnable {
     }
 
     /**
-     * logs an entry in the log file.  Used by classes extending this class.
+     * logs an entry in the log file. Used by classes extending this class.
+     * 
      * @param level log level
      * @param msg log message in String
      */
@@ -266,21 +271,21 @@ public abstract class AJobBase implements IJob, Runnable {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, mId + ": " + msg);
+                level, mId + ": " + msg);
     }
 
     /**
-     * capable of logging multiline entry in the log file.  Used by classes extending this class.
+     * capable of logging multiline entry in the log file. Used by classes extending this class.
+     * 
      * @param level log level
      * @param msg log message in String
      * @param multiline boolean indicating whether the message is a
-     *	 multi-lined message.
+     *            multi-lined message.
      */
     public void log(int level, String msg, boolean multiline) {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, mId + ": " + msg, multiline);
+                level, mId + ": " + msg, multiline);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java b/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java
index a23cc1f3..29c5f21a 100644
--- a/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java
+++ b/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.jobs;
 
-
 import java.security.cert.X509Certificate;
 import java.text.DateFormat;
 import java.util.Date;
@@ -46,38 +45,25 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.certsrv.request.RequestId;
 
-
 /**
- * a job for the Jobs Scheduler.  This job checks in the internal ldap
+ * a job for the Jobs Scheduler. This job checks in the internal ldap
  * db for valid certs that have not been published to the
  * publishing directory.
  * <p>
  * the $TOKENS that are available for the this jobs's summary outer form are:<br>
  * <UL>
- * $Status
- * $InstanceID
- * $SummaryItemList
- * $SummaryTotalNum
- * $SummaryTotalSuccess
- * $SummaryTotalfailure
- * $ExecutionTime
+ * $Status $InstanceID $SummaryItemList $SummaryTotalNum $SummaryTotalSuccess $SummaryTotalfailure $ExecutionTime
  * </UL>
  * and for the inner list items:
  * <UL>
- * $SerialNumber
- * $IssuerDN
- * $SubjectDN
- * $NotAfter
- * $NotBefore
- * $RequestorEmail
- * $CertType
+ * $SerialNumber $IssuerDN $SubjectDN $NotAfter $NotBefore $RequestorEmail $CertType
  * </UL>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PublishCertsJob extends AJobBase
-    implements IJob, Runnable, IExtendedPluginInfo {
-	
+        implements IJob, Runnable, IExtendedPluginInfo {
+
     ICertificateAuthority mCa = null;
     IRequestQueue mReqQ = null;
     ICertificateRepository mRepository = null;
@@ -90,15 +76,15 @@ public class PublishCertsJob extends AJobBase
      * console.
      */
     protected static String[] mConfigParams =
-        new String[] { 
-            "enabled",
-            "cron",
-            "summary.enabled",
-            "summary.emailSubject",
-            "summary.emailTemplate",
-            "summary.itemTemplate",
-            "summary.senderEmail",
-            "summary.recipientEmail"
+            new String[] {
+                    "enabled",
+                    "cron",
+                    "summary.enabled",
+                    "summary.emailSubject",
+                    "summary.emailTemplate",
+                    "summary.itemTemplate",
+                    "summary.senderEmail",
+                    "summary.recipientEmail"
         };
 
     /* Vector of extendedPluginInfo strings */
@@ -110,24 +96,24 @@ public class PublishCertsJob extends AJobBase
     public String[] getExtendedPluginInfo(Locale locale) {
         String s[] = {
                 IExtendedPluginInfo.HELP_TEXT +
-                "; A job that checks for valid certificates in the " +
-                "database, that have not been published and publish them to " +
-                "the publishing directory",
+                        "; A job that checks for valid certificates in the " +
+                        "database, that have not been published and publish them to " +
+                        "the publishing directory",
                 "cron;string;Format: minute hour dayOfMonth month " +
-                "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
+                        "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
                 "summary.senderEmail;string;Specify the address to be used " +
-                "as the email's 'sender'. Bounces go to this address.",
+                        "as the email's 'sender'. Bounces go to this address.",
                 "summary.recipientEmail;string;Who should receive summaries",
                 "enabled;boolean;Enable this plugin",
                 "summary.enabled;boolean;Enable the summary. You must enabled " +
-                "this for the job to work.",
+                        "this for the job to work.",
                 "summary.emailSubject;string;Subject of summary email",
                 "summary.emailTemplate;string;Fully qualified pathname of " +
-                "template file of email to be sent",
+                        "template file of email to be sent",
                 "summary.itemTemplate;string;Fully qualified pathname of " +
-                "file containing template for each item",
+                        "file containing template for each item",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-jobrules-unpublishexpiredjobs",
+                        ";configuration-jobrules-unpublishexpiredjobs",
             };
 
         return s;
@@ -151,13 +137,13 @@ public class PublishCertsJob extends AJobBase
         mReqQ = mCa.getRequestQueue();
         mRepository = (ICertificateRepository) mCa.getCertificateRepository();
         mPublisherProcessor = mCa.getPublisherProcessor();
-		
+
         // read from the configuration file
         mCron = mConfig.getString(IJobCron.PROP_CRON);
         if (mCron == null) {
             return;
         }
-		
+
         // parse cron string into a JobCron class
         IJobsScheduler scheduler = (IJobsScheduler) owner;
 
@@ -182,12 +168,12 @@ public class PublishCertsJob extends AJobBase
      * look in the internal db for certificateRecords that are
      * valid but not published
      * The publish() method should set <b>InLdapPublishDir</b> flag accordingly.
-     *    if publish unsuccessfully, log it -- unsuccessful certs should be
-     *    picked up and attempted again at the next scheduled run
+     * if publish unsuccessfully, log it -- unsuccessful certs should be
+     * picked up and attempted again at the next scheduled run
      */
     public void run() {
-	CMS.debug("in PublishCertsJob "+
-					   getId()+ " : run()");
+        CMS.debug("in PublishCertsJob " +
+                       getId() + " : run()");
         // get time now..."now" is before the loop
         Date date = CMS.getCurrentDate();
         long now = date.getTime();
@@ -196,8 +182,8 @@ public class PublishCertsJob extends AJobBase
 
         // form filter
         String filter = // might need to use "metaInfo"
-            "(!(certMetainfo=" + ICertRecord.META_LDAPPUBLISH +
-            ":true))";
+                "(!(certMetainfo=" + ICertRecord.META_LDAPPUBLISH +
+                        ":true))";
 
         Enumeration unpublishedCerts = null;
 
@@ -225,28 +211,29 @@ public class PublishCertsJob extends AJobBase
             itemForm = getTemplateContent(mItemForm);
         }
 
-	// filter out the invalid ones and publish them
+        // filter out the invalid ones and publish them
         // publish() will set inLdapPublishDir flag
         while (unpublishedCerts != null && unpublishedCerts.hasMoreElements()) {
             ICertRecord rec = (ICertRecord) unpublishedCerts.nextElement();
 
-            if (rec == null) break;
+            if (rec == null)
+                break;
             X509CertImpl cert = rec.getCertificate();
-	    Date notBefore = cert.getNotBefore();
-	    Date notAfter = cert.getNotAfter();
+            Date notBefore = cert.getNotBefore();
+            Date notAfter = cert.getNotAfter();
 
-	    // skip CA certs
-	    if (cert.getBasicConstraintsIsCA() == true)
-		continue;
+            // skip CA certs
+            if (cert.getBasicConstraintsIsCA() == true)
+                continue;
 
-	    // skip the expired certs
-	    if (notAfter.before(date))
-		continue;
+            // skip the expired certs
+            if (notAfter.before(date))
+                continue;
 
             if (mSummary == true)
                 buildItemParams(cert);
 
-                // get request id from cert record MetaInfo
+            // get request id from cert record MetaInfo
             MetaInfo minfo = null;
 
             try {
@@ -255,42 +242,42 @@ public class PublishCertsJob extends AJobBase
                 negCount += 1;
                 if (mSummary == true)
                     buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                        STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,					
-                    CMS.getLogMessage("JOBS_META_INFO_ERROR",
-                        cert.getSerialNumber().toString(16) +
-                        e.toString()));
+                            STATUS_FAILURE);
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("JOBS_META_INFO_ERROR",
+                                cert.getSerialNumber().toString(16) +
+                                        e.toString()));
             }
 
             String ridString = null;
 
             try {
                 if (minfo != null)
-                    ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID); 
+                    ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID);
             } catch (EBaseException e) {
                 negCount += 1;
                 if (mSummary == true)
                     buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                        STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,					
-                    CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
-                        cert.getSerialNumber().toString(16) +
-                        e.toString()));
+                            STATUS_FAILURE);
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
+                                cert.getSerialNumber().toString(16) +
+                                        e.toString()));
             } catch (NullPointerException e) {
                 // no requestId in MetaInfo...skip to next record
                 negCount += 1;
                 if (mSummary == true)
                     buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                        STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,					
-                    CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
-                        cert.getSerialNumber().toString(16) +
-                        e.toString()));
+                            STATUS_FAILURE);
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
+                                cert.getSerialNumber().toString(16) +
+                                        e.toString()));
             }
 
             if (ridString != null) {
                 RequestId rid = new RequestId(ridString);
-				
+
                 // get request from request id
                 IRequest req = null;
 
@@ -304,19 +291,19 @@ public class PublishCertsJob extends AJobBase
                     negCount += 1;
                     if (mSummary == true)
                         buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
-                    log(ILogger.LL_FAILURE,					
-                        CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR",
-                            cert.getSerialNumber().toString(16) +
-                            e.toString()));
+                                STATUS_FAILURE);
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR",
+                                    cert.getSerialNumber().toString(16) +
+                                            e.toString()));
                 }
                 try {
                     if ((mPublisherProcessor != null) &&
-                        mPublisherProcessor.enabled()) { 
+                            mPublisherProcessor.enabled()) {
                         mPublisherProcessor.publishCert((X509Certificate) cert, req);
                         if (mSummary == true)
                             buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                STATUS_SUCCESS);
+                                    STATUS_SUCCESS);
                         count += 1;
                     } else {
                         negCount += 1;
@@ -325,22 +312,22 @@ public class PublishCertsJob extends AJobBase
                     negCount += 1;
                     if (mSummary == true)
                         buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
-                    log(ILogger.LL_FAILURE,					
-                        CMS.getLogMessage("JOBS_PUBLISH_ERROR",
-                            cert.getSerialNumber().toString(16) +
-                            e.toString()));
+                                STATUS_FAILURE);
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("JOBS_PUBLISH_ERROR",
+                                    cert.getSerialNumber().toString(16) +
+                                            e.toString()));
                 }
             } // ridString != null
             else {
                 try {
                     if ((mPublisherProcessor != null) &&
-                        mPublisherProcessor.enabled()) { 
+                            mPublisherProcessor.enabled()) {
                         mPublisherProcessor.publishCert((X509Certificate) cert, null);
 
                         if (mSummary == true)
                             buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                STATUS_SUCCESS);
+                                    STATUS_SUCCESS);
                         count += 1;
                     } else {
                         negCount += 1;
@@ -350,12 +337,12 @@ public class PublishCertsJob extends AJobBase
 
                     if (mSummary == true)
                         buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
+                                STATUS_FAILURE);
 
-                    log(ILogger.LL_FAILURE,					
-                        CMS.getLogMessage("JOBS_PUBLISH_ERROR",
-                            cert.getSerialNumber().toString(16) +
-                            e.toString()));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("JOBS_PUBLISH_ERROR",
+                                    cert.getSerialNumber().toString(16) +
+                                            e.toString()));
                 }
             } // ridString == null
 
@@ -365,7 +352,7 @@ public class PublishCertsJob extends AJobBase
             // if summary is enabled, form the item content
             if (mSummary) {
                 IEmailFormProcessor emailItemFormProcessor =
-                    CMS.getEmailFormProcessor();
+                        CMS.getEmailFormProcessor();
                 String c = emailItemFormProcessor.getEmailContent(itemForm,
                         mItemParams);
 
@@ -381,36 +368,35 @@ public class PublishCertsJob extends AJobBase
         // time for summary
         if (mSummary == true) {
             buildContentParams(IEmailFormProcessor.TOKEN_ID,
-                mId);
+                    mId);
             buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST,
-                itemListContent);
+                    itemListContent);
             buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM,
-                String.valueOf(count + negCount));
+                    String.valueOf(count + negCount));
             buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM,
-                String.valueOf(count));
+                    String.valueOf(count));
             buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM,
-                String.valueOf(negCount));
+                    String.valueOf(negCount));
             buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME,
-                nowString);
+                    nowString);
 
             IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor();
             String mailContent =
-                emailFormProcessor.getEmailContent(contentForm,
-                    mContentParams);
+                    emailFormProcessor.getEmailContent(contentForm,
+                            mContentParams);
 
             mailSummary(mailContent);
         }
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
+     * Returns a list of configuration parameter names.
+     * The list is passed to the configuration console so instances of
      * this implementation can be configured through the console.
-     *
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java b/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java
index 8649cf23..2a3fffed 100644
--- a/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java
+++ b/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.jobs;
 
-
 import java.io.IOException;
 import java.text.DateFormat;
 import java.util.Calendar;
@@ -49,12 +48,11 @@ import com.netscape.certsrv.notification.IMailNotification;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.RequestId;
 
-
 /**
- * A job for the Jobs Scheduler.  This job checks in the internal ldap
+ * A job for the Jobs Scheduler. This job checks in the internal ldap
  * db for certs about to expire within the next configurable days and
  * sends email notifications to the appropriate recipients.
- *
+ * 
  * the $TOKENS that are available for the this jobs's summary outer form are:<br
  >
  * <UL>
@@ -79,14 +77,14 @@ import com.netscape.certsrv.request.RequestId;
  * <LI>$HttpHost
  * <LI>$HttpPort
  * </UL>
- *
+ * 
  * @version $Revision$, $Date$
  * @see com.netscape.certsrv.jobs.IJob
  * @see com.netscape.cms.jobs.AJobBase
  */
-public class RenewalNotificationJob 
-    extends AJobBase
-    implements IJob, Runnable, IExtendedPluginInfo {
+public class RenewalNotificationJob
+        extends AJobBase
+        implements IJob, Runnable, IExtendedPluginInfo {
 
     // config parameters...
     public static final String PROP_CRON = "cron";
@@ -98,14 +96,14 @@ public class RenewalNotificationJob
 
     /**
      * This job will send notification at this much time before the
-     *	 enpiration date
+     * enpiration date
      */
     public static final String PROP_NOTIFYTRIGGEROFFSET =
-        "notifyTriggerOffset";
+            "notifyTriggerOffset";
 
     /**
      * This job will stop sending notification this much time after
-     *	 the expiration date
+     * the expiration date
      */
     public static final String PROP_NOTIFYENDOFFSET = "notifyEndOffset";
 
@@ -113,13 +111,13 @@ public class RenewalNotificationJob
      * sender email address as appeared on the notification email
      */
     public static final String PROP_SENDEREMAIL =
-        "senderEmail";
+            "senderEmail";
 
     /**
      * email subject line as appeared on the notification email
      */
     public static final String PROP_EMAILSUBJECT =
-        "emailSubject";
+            "emailSubject";
 
     /**
      * location of the template file used for email notification
@@ -149,7 +147,7 @@ public class RenewalNotificationJob
 
     /**
      * location of the template file for each item appeared on the
-     *	 notification summary
+     * notification summary
      */
     public static final String PROP_SUMMARY_ITEMTEMPLATE = "summary.itemTemplate";
 
@@ -159,44 +157,44 @@ public class RenewalNotificationJob
      * for instances of this implementation can be configured through the
      * console.
      */
-    protected static String[] mConfigParams = 
-        new String[] {
-            "enabled",
-            PROP_CRON,
-            PROP_PROFILE_ID,
-            PROP_NOTIFYTRIGGEROFFSET,
-            PROP_NOTIFYENDOFFSET,
-            PROP_SENDEREMAIL,
-            PROP_EMAILSUBJECT,
-            PROP_EMAILTEMPLATE,
-            "summary.enabled",
-            PROP_SUMMARY_RECIPIENTEMAIL,
-            PROP_SUMMARY_SENDEREMAIL,
-            PROP_SUMMARY_SUBJECT,
-            PROP_SUMMARY_ITEMTEMPLATE,
-            PROP_SUMMARY_TEMPLATE,
+    protected static String[] mConfigParams =
+            new String[] {
+                    "enabled",
+                    PROP_CRON,
+                    PROP_PROFILE_ID,
+                    PROP_NOTIFYTRIGGEROFFSET,
+                    PROP_NOTIFYENDOFFSET,
+                    PROP_SENDEREMAIL,
+                    PROP_EMAILSUBJECT,
+                    PROP_EMAILTEMPLATE,
+                    "summary.enabled",
+                    PROP_SUMMARY_RECIPIENTEMAIL,
+                    PROP_SUMMARY_SENDEREMAIL,
+                    PROP_SUMMARY_SUBJECT,
+                    PROP_SUMMARY_ITEMTEMPLATE,
+                    PROP_SUMMARY_TEMPLATE,
         };
-    
+
     protected ICertificateRepository mCertDB = null;
     protected ICertificateAuthority mCA = null;
     protected boolean mSummary = false;
     protected String mEmailSender = null;
     protected String mEmailSubject = null;
     protected String mEmailTemplateName = null;
-    protected	String mSummaryItemTemplateName = null;
-    protected	String mSummaryTemplateName = null;
+    protected String mSummaryItemTemplateName = null;
+    protected String mSummaryTemplateName = null;
     protected boolean mSummaryHTML = false;
     protected boolean mHTML = false;
 
     protected String mHttpHost = null;
     protected String mHttpPort = null;
 
-    private	int mPreDays = 0;
-    private	long mPreMS = 0;
-    private	int mPostDays = 0;
-    private	long mPostMS = 0;
-    private	int mMaxNotifyCount = 1;
-    private     String[] mProfileId = null;
+    private int mPreDays = 0;
+    private long mPreMS = 0;
+    private int mPostDays = 0;
+    private long mPostMS = 0;
+    private int mMaxNotifyCount = 1;
+    private String[] mProfileId = null;
 
     /* Vector of extendedPluginInfo strings */
     protected static Vector mExtendedPluginInfo = null;
@@ -207,8 +205,8 @@ public class RenewalNotificationJob
 
     /**
      * class constructor
-     */		   
-    public RenewalNotificationJob () {
+     */
+    public RenewalNotificationJob() {
     }
 
     /**
@@ -217,48 +215,49 @@ public class RenewalNotificationJob
     public String[] getExtendedPluginInfo(Locale locale) {
         String s[] = {
                 IExtendedPluginInfo.HELP_TEXT +
-                "; A job that checks for expiring or expired certs" +
-                "notifyTriggerOffset before and notifyEndOffset after " +
-                "the expiration date",
-			
-                PROP_PROFILE_ID + ";string;Specify the ID of the profile which "+
-                "approved the certificates that are about to expire. For multiple "+
-                "profiles, each entry is separated by white space. For example, " +
-                "if the administrator just wants to give automated notification " +
-                "when the SSL server certificates are about to expire, then "+
-                "he should enter \"caServerCert caAgentServerCert\" in the profileId textfield. "+
-                "Blank field means all profiles.",
+                        "; A job that checks for expiring or expired certs" +
+                        "notifyTriggerOffset before and notifyEndOffset after " +
+                        "the expiration date",
+
+                PROP_PROFILE_ID + ";string;Specify the ID of the profile which " +
+                        "approved the certificates that are about to expire. For multiple " +
+                        "profiles, each entry is separated by white space. For example, " +
+                        "if the administrator just wants to give automated notification " +
+                        "when the SSL server certificates are about to expire, then " +
+                        "he should enter \"caServerCert caAgentServerCert\" in the profileId textfield. " +
+                        "Blank field means all profiles.",
                 PROP_NOTIFYTRIGGEROFFSET + ";number,required;How long (in days) before " +
-                "certificate expiration will the first notification " +
-                "be sent",
+                        "certificate expiration will the first notification " +
+                        "be sent",
                 PROP_NOTIFYENDOFFSET + ";number,required;How long (in days) after " +
-                "certificate expiration will notifications " +
-                "continue to be resent if certificate is not renewed",
+                        "certificate expiration will notifications " +
+                        "continue to be resent if certificate is not renewed",
                 PROP_CRON + ";string,required;Format: minute hour dayOfMonth Mmonth " +
-                "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
+                        "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
                 PROP_SENDEREMAIL + ";string,required;Specify the address to be used " +
-                "as the email's 'sender'. Bounces go to this address.",
+                        "as the email's 'sender'. Bounces go to this address.",
                 PROP_EMAILSUBJECT + ";string,required;Email subject",
                 PROP_EMAILTEMPLATE + ";string,required;Fully qualified pathname of " +
-                "template file of email to be sent",
+                        "template file of email to be sent",
                 "enabled;boolean;Enable this plugin",
                 "summary.enabled;boolean;Enabled sending of summaries",
                 PROP_SUMMARY_SENDEREMAIL + ";string,required;Sender email address of summary",
                 PROP_SUMMARY_RECIPIENTEMAIL + ";string,required;Who should receive summaries",
                 PROP_SUMMARY_SUBJECT + ";string,required;Subject of summary email",
                 PROP_SUMMARY_TEMPLATE + ";string,required;Fully qualified pathname of " +
-                "template file of email to be sent",
+                        "template file of email to be sent",
                 PROP_SUMMARY_ITEMTEMPLATE + ";string,required;Fully qualified pathname of " +
-                "file with template to be used for each summary item",
+                        "file with template to be used for each summary item",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-jobrules-renewalnotification",
+                        ";configuration-jobrules-renewalnotification",
             };
 
         return s;
     }
-    
+
     /**
      * Initialize from the configuration file.
+     * 
      * @param id String name of this instance
      * @param implName string name of this implementation
      * @param config configuration store for this instance
@@ -289,10 +288,10 @@ public class RenewalNotificationJob
 
         mJobCron = scheduler.createJobCron(mCron);
     }
-    
+
     /**
      * finds out which cert needs notification and notifies the
-     *	 responsible parties
+     * responsible parties
      */
     public void run() {
         // for forming renewal URL at template
@@ -301,7 +300,7 @@ public class RenewalNotificationJob
 
         // read from the configuration file				
         try {
-            mPreDays = mConfig.getInteger(PROP_NOTIFYTRIGGEROFFSET, 30);  // in days
+            mPreDays = mConfig.getInteger(PROP_NOTIFYTRIGGEROFFSET, 30); // in days
             mPostDays = mConfig.getInteger(PROP_NOTIFYENDOFFSET, 15); // in days
 
             mEmailSender = mConfig.getString(PROP_SENDEREMAIL);
@@ -314,19 +313,19 @@ public class RenewalNotificationJob
             if (sc.getBoolean(PROP_ENABLED, false)) {
                 mSummary = true;
                 mSummaryItemTemplateName =
-                    mConfig.getString(PROP_SUMMARY_ITEMTEMPLATE);
+                        mConfig.getString(PROP_SUMMARY_ITEMTEMPLATE);
                 mSummarySenderEmail =
-                    mConfig.getString(PROP_SUMMARY_SENDEREMAIL);
+                        mConfig.getString(PROP_SUMMARY_SENDEREMAIL);
                 mSummaryReceiverEmail =
-                    mConfig.getString(PROP_SUMMARY_RECIPIENTEMAIL);
+                        mConfig.getString(PROP_SUMMARY_RECIPIENTEMAIL);
                 mSummaryMailSubject =
-                    mConfig.getString(PROP_SUMMARY_SUBJECT);
+                        mConfig.getString(PROP_SUMMARY_SUBJECT);
                 mSummaryTemplateName =
-                    mConfig.getString(PROP_SUMMARY_TEMPLATE);
+                        mConfig.getString(PROP_SUMMARY_TEMPLATE);
             } else {
                 mSummary = false;
             }
-		
+
             long msperday = 86400 * 1000;
             long mspredays = mPreDays;
             long mspostdays = mPostDays;
@@ -347,9 +346,9 @@ public class RenewalNotificationJob
              * if notified successfully, mark "STATUS_SUCCESS",
              *    else, if notified unsuccessfully, mark "STATUS_FAILURE".
              */
-	    
+
             /* 1) make target notAfter string */
-	    
+
             Date expiryDate = null;
             Date stopDate = null;
 
@@ -360,13 +359,13 @@ public class RenewalNotificationJob
 
             expiryDate = new Date(expiryMS);
             stopDate = new Date(stopMS);
-			
+
             // All cert records which:
             //   1) expire before the deadline
             //   2) have not already been renewed
             // filter format: 
             // (& (notafter<='time')(!(certAutoRenew=DONE))(!certAutoRenew=DISABLED))
-		
+
             StringBuffer f = new StringBuffer();
             String profileId = "";
             try {
@@ -374,24 +373,24 @@ public class RenewalNotificationJob
             } catch (EBaseException ee) {
             }
 
-            if (profileId != null && profileId.length() > 0) { 
+            if (profileId != null && profileId.length() > 0) {
                 StringTokenizer tokenizer = new StringTokenizer(profileId);
                 int num = tokenizer.countTokens();
                 mProfileId = new String[num];
-                for (int i=0; i<num; i++)
+                for (int i = 0; i < num; i++)
                     mProfileId[i] = tokenizer.nextToken();
             }
 
             f.append("(&");
             if (mProfileId != null) {
                 if (mProfileId.length == 1)
-                    f.append("("+ICertRecord.ATTR_META_INFO+ "=" + 
-                      ICertRecord.META_PROFILE_ID +":"+mProfileId[0]+")");
+                    f.append("(" + ICertRecord.ATTR_META_INFO + "=" +
+                            ICertRecord.META_PROFILE_ID + ":" + mProfileId[0] + ")");
                 else {
                     f.append("(|");
-                    for (int i=0; i<mProfileId.length; i++) {
-                        f.append("("+ICertRecord.ATTR_META_INFO+ "=" + 
-                          ICertRecord.META_PROFILE_ID +":"+mProfileId[i]+")");
+                    for (int i = 0; i < mProfileId.length; i++) {
+                        f.append("(" + ICertRecord.ATTR_META_INFO + "=" +
+                                ICertRecord.META_PROFILE_ID + ":" + mProfileId[i] + ")");
                     }
                     f.append(")");
                 }
@@ -407,7 +406,7 @@ public class RenewalNotificationJob
             String filter = f.toString();
 
             String emailTemplate =
-                getTemplateContent(mEmailTemplateName);
+                    getTemplateContent(mEmailTemplateName);
 
             mHTML = mMailHTML;
 
@@ -415,7 +414,7 @@ public class RenewalNotificationJob
                 String summaryItemTemplate = null;
 
                 if (mSummary == true) {
-                    summaryItemTemplate = 
+                    summaryItemTemplate =
                             getTemplateContent(mSummaryItemTemplateName);
                 }
 
@@ -423,7 +422,7 @@ public class RenewalNotificationJob
                 CertRecProcessor cp = new CertRecProcessor(this, emailTemplate, summaryItemTemplate, ic);
                 //CertRecordList list = mCertDB.findCertRecordsInList(filter, null, "serialno", 5);
                 //list.processCertRecords(0, list.getSize() - 1, cp);
-			
+
                 Enumeration en = mCertDB.findCertRecs(filter);
 
                 while (en.hasMoreElements()) {
@@ -436,36 +435,36 @@ public class RenewalNotificationJob
                         log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_FAILED_PROCESS", e.toString()));
                     }
                 }
-			
+
                 // Now send the summary
 
                 if (mSummary == true) {
                     try {
                         String summaryTemplate =
-                            getTemplateContent(mSummaryTemplateName);
+                                getTemplateContent(mSummaryTemplateName);
 
                         mSummaryHTML = mMailHTML;
 
                         buildContentParams(IEmailFormProcessor.TOKEN_ID,
-                            mId);
+                                mId);
 
                         buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST,
-                            ic.mItemListContent);
+                                ic.mItemListContent);
                         buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM,
-                            String.valueOf(ic.mNumFail + ic.mNumSuccessful));
-                        buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM, 
-                            String.valueOf(ic.mNumSuccessful));
+                                String.valueOf(ic.mNumFail + ic.mNumSuccessful));
+                        buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM,
+                                String.valueOf(ic.mNumSuccessful));
                         buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM,
-                            String.valueOf(ic.mNumFail));
+                                String.valueOf(ic.mNumFail));
 
                         buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME,
-                            nowString);
-					
+                                nowString);
+
                         IEmailFormProcessor summaryEmfp = CMS.getEmailFormProcessor();
 
-                        String summaryContent = 
-                            summaryEmfp.getEmailContent(summaryTemplate,
-                                mContentParams);
+                        String summaryContent =
+                                summaryEmfp.getEmailContent(summaryTemplate,
+                                        mContentParams);
 
                         if (summaryContent == null) {
                             log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SUMMARY_CONTENT_NULL"));
@@ -490,38 +489,43 @@ public class RenewalNotificationJob
 
     /**
      * get instance id.
+     * 
      * @return a String identifier
      */
     public String getId() {
         return mId;
     }
-    
+
     /**
      * set instance id.
+     * 
      * @param id String id of the instance
      */
     public void setId(String id) {
         mId = id;
     }
-    
+
     /**
      * get cron string associated with this job
+     * 
      * @return a JobCron object that represents the schedule of this job
      */
     public IJobCron getJobCron() {
         return mJobCron;
     }
-    
+
     /**
      * gets the plugin name of this job.
+     * 
      * @return a String that is the name of this implementation
      */
     public String getImplName() {
         return mImplName;
     }
-    
+
     /**
      * Gets the configuration substore used by this job
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -529,11 +533,11 @@ public class RenewalNotificationJob
     }
 
     protected void mailUser(String subject,
-        String msg,
-        String sender,
-        IRequest req,
-        ICertRecord cr)
-        throws IOException, ENotificationException, EBaseException {
+            String msg,
+            String sender,
+            IRequest req,
+            ICertRecord cr)
+            throws IOException, ENotificationException, EBaseException {
 
         IMailNotification mn = CMS.getMailNotification();
 
@@ -568,13 +572,18 @@ public class RenewalNotificationJob
 
         mn.setTo(rcp);
 
-        if (sender != null) mn.setFrom(sender);
-        else mn.setFrom("nobody");
+        if (sender != null)
+            mn.setFrom(sender);
+        else
+            mn.setFrom("nobody");
 
-        if (subject != null) mn.setSubject(subject);
-        else mn.setFrom("Important message from Certificate Authority");
+        if (subject != null)
+            mn.setSubject(subject);
+        else
+            mn.setFrom("Important message from Certificate Authority");
 
-        if (mHTML == true) mn.setContentType("text/html");
+        if (mHTML == true)
+            mn.setContentType("text/html");
 
         String failedString = null;
 
@@ -584,10 +593,10 @@ public class RenewalNotificationJob
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
+     * Returns a list of configuration parameter names.
+     * The list is passed to the configuration console so instances of
      * this implementation can be configured through the console.
-     *
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
@@ -595,15 +604,14 @@ public class RenewalNotificationJob
     }
 }
 
-
 class CertRecProcessor implements IElementProcessor {
     protected RenewalNotificationJob mJob;
     protected String mEmailTemplate;
     protected String mSummaryItemTemplate;
     protected ItemCounter mIC;
 
-    public CertRecProcessor(RenewalNotificationJob job, String emailTemplate, 
-        String summaryItemTemplate, ItemCounter ic) {
+    public CertRecProcessor(RenewalNotificationJob job, String emailTemplate,
+            String summaryItemTemplate, ItemCounter ic) {
         mJob = job;
         mEmailTemplate = emailTemplate;
         mSummaryItemTemplate = summaryItemTemplate;
@@ -621,9 +629,9 @@ class CertRecProcessor implements IElementProcessor {
         if (cr != null) {
             mJob.buildItemParams(cr.getCertificate());
             mJob.buildItemParams(IEmailFormProcessor.TOKEN_HTTP_HOST,
-                mJob.mHttpHost);
+                    mJob.mHttpHost);
             mJob.buildItemParams(IEmailFormProcessor.TOKEN_HTTP_PORT, mJob.mHttpPort);
-						
+
             MetaInfo metaInfo = null;
 
             metaInfo = (MetaInfo) cr.get(ICertRecord.ATTR_META_INFO);
@@ -632,10 +640,10 @@ class CertRecProcessor implements IElementProcessor {
                 numFailCounted = true;
                 if (mJob.mSummary == true)
                     mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                        AJobBase.STATUS_FAILURE);
-                mJob.log(ILogger.LL_FAILURE,					
-                    CMS.getLogMessage("JOBS_GET_CERT_ERROR",
-                        cr.getCertificate().getSerialNumber().toString(16)));
+                            AJobBase.STATUS_FAILURE);
+                mJob.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("JOBS_GET_CERT_ERROR",
+                                cr.getCertificate().getSerialNumber().toString(16)));
             } else {
                 ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
             }
@@ -645,54 +653,54 @@ class CertRecProcessor implements IElementProcessor {
 
         if (ridString != null) {
             RequestId rid = new RequestId(ridString);
-						
+
             try {
                 req = mJob.mCA.getRequestQueue().findRequest(rid);
             } catch (Exception e) {
                 // it is ok not to be able to get the request. The main reason
                 // to get the request is to retrieve the requestor's email.
                 // We can retrieve the email from the CertRecord.
-                CMS.debug("huh RenewalNotificationJob Exception: "+e.toString());
+                CMS.debug("huh RenewalNotificationJob Exception: " + e.toString());
             }
 
             if (req != null)
                 mJob.buildItemParams(req);
         } // ridString != null
 
-        try {						
+        try {
             // send mail to user
-						
+
             IEmailFormProcessor emfp = CMS.getEmailFormProcessor();
             String message = emfp.getEmailContent(mEmailTemplate,
                     mJob.mItemParams);
 
             mJob.mailUser(mJob.mEmailSubject,
-                message,
-                mJob.mEmailSender,
-                req,
-                cr);
-						
+                    message,
+                    mJob.mEmailSender,
+                    req,
+                    cr);
+
             mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                AJobBase.STATUS_SUCCESS);
-						
+                    AJobBase.STATUS_SUCCESS);
+
             mIC.mNumSuccessful++;
-						
+
         } catch (Exception e) {
-            CMS.debug("RenewalNotificationJob Exception: "+e.toString());
+            CMS.debug("RenewalNotificationJob Exception: " + e.toString());
             mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS, AJobBase.STATUS_FAILURE);
             mJob.log(ILogger.LL_FAILURE, e.toString(), ILogger.L_MULTILINE);
             if (numFailCounted == false) {
                 mIC.mNumFail++;
             }
         }
-				
+
         if (mJob.mSummary == true) {
             IEmailFormProcessor summaryItemEmfp =
-                CMS.getEmailFormProcessor();
-            String c = 
-                summaryItemEmfp.getEmailContent(mSummaryItemTemplate,
-                    mJob.mItemParams);
-					
+                    CMS.getEmailFormProcessor();
+            String c =
+                    summaryItemEmfp.getEmailContent(mSummaryItemTemplate,
+                            mJob.mItemParams);
+
             if (mIC.mItemListContent == null) {
                 mIC.mItemListContent = c;
             } else {
@@ -702,7 +710,6 @@ class CertRecProcessor implements IElementProcessor {
     }
 }
 
-
 class ItemCounter {
     public int mNumSuccessful = 0;
     public int mNumFail = 0;
diff --git a/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java b/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java
index 07a35a9d..0a3bf0e1 100644
--- a/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java
+++ b/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.jobs;
 
-
 import java.text.DateFormat;
 import java.util.Date;
 import java.util.Locale;
@@ -37,25 +36,22 @@ import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
 
-
 /**
- * A job for the Jobs Scheduler.  This job checks in the internal ldap
+ * A job for the Jobs Scheduler. This job checks in the internal ldap
  * db for requests currently in the request queue and send a summary
  * report to the administrator
  * <p>
  * the $TOKENS that are available for the this jobs's summary outer form are:<br>
  * <UL>
- * $InstanceID
- * $SummaryTotalNum
- * $ExecutionTime
+ * $InstanceID $SummaryTotalNum $ExecutionTime
  * </UL>
- *
+ * 
  * @version $Revision$, $Date$
  * @see com.netscape.certsrv.jobs.IJob
  * @see com.netscape.cms.jobs.AJobBase
  */
 public class RequestInQueueJob extends AJobBase
-    implements IJob, Runnable, IExtendedPluginInfo {
+        implements IJob, Runnable, IExtendedPluginInfo {
     protected static final String PROP_SUBSYSTEM_ID = "subsystemId";
 
     IAuthority mSub = null;
@@ -68,15 +64,15 @@ public class RequestInQueueJob extends AJobBase
      * console.
      */
     protected static String[] mConfigParams =
-        new String[] { 
-            "enabled",
-            "cron",
-            "subsystemId",
-            "summary.enabled",
-            "summary.emailSubject",
-            "summary.emailTemplate",
-            "summary.senderEmail",
-            "summary.recipientEmail"
+            new String[] {
+                    "enabled",
+                    "cron",
+                    "subsystemId",
+                    "summary.enabled",
+                    "summary.emailSubject",
+                    "summary.emailTemplate",
+                    "summary.senderEmail",
+                    "summary.recipientEmail"
         };
 
     /**
@@ -85,30 +81,31 @@ public class RequestInQueueJob extends AJobBase
     public String[] getExtendedPluginInfo(Locale locale) {
         String s[] = {
                 IExtendedPluginInfo.HELP_TEXT +
-                "; A job that checks for enrollment requests in the " +
-                "queue, and reports to recipientEmail",
+                        "; A job that checks for enrollment requests in the " +
+                        "queue, and reports to recipientEmail",
                 "cron;string;Format: minute hour dayOfMonth month " +
-                "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
+                        "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
                 "summary.senderEmail;string;Specify the address to be used " +
-                "as the email's 'sender'. Bounces go to this address.",
+                        "as the email's 'sender'. Bounces go to this address.",
                 "summary.recipientEmail;string;Who should receive summaries",
                 "enabled;boolean;Enable this plugin",
                 "summary.enabled;boolean;Enable the summary. You must enabled " +
-                "this for the job to work.",
+                        "this for the job to work.",
                 "summary.emailSubject;string;Subject of summary email",
                 "summary.emailTemplate;string;Fully qualified pathname of " +
-                "template file of email to be sent",
+                        "template file of email to be sent",
                 "subsystemId;choice(ca,ra);The type of subsystem this job is " +
-                "for",
+                        "for",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-jobrules-requestinqueuejob",
+                        ";configuration-jobrules-requestinqueuejob",
             };
 
         return s;
     }
-    
+
     /**
      * initialize from the configuration file
+     * 
      * @param id String name of this instance
      * @param implName string name of this implementation
      * @param config configuration store for this instance
@@ -137,7 +134,7 @@ public class RequestInQueueJob extends AJobBase
         if (mCron == null) {
             return;
         }
-		
+
         // parse cron string into a JobCron class
         IJobsScheduler scheduler = (IJobsScheduler) owner;
 
@@ -162,7 +159,8 @@ public class RequestInQueueJob extends AJobBase
      * summarize the queue status and mail it
      */
     public void run() {
-        if (mSummary == false) return;
+        if (mSummary == false)
+            return;
 
         Date date = CMS.getCurrentDate();
         long now = date.getTime();
@@ -171,7 +169,7 @@ public class RequestInQueueJob extends AJobBase
 
         int count = 0;
         IRequestList list =
-            mReqQ.listRequestsByStatus(RequestStatus.PENDING);
+                mReqQ.listRequestsByStatus(RequestStatus.PENDING);
 
         while (list != null && list.hasMoreElements()) {
             RequestId rid = list.nextRequestId();
@@ -196,23 +194,23 @@ public class RequestInQueueJob extends AJobBase
 
         buildContentParams(IEmailFormProcessor.TOKEN_ID, mId);
         buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM,
-            String.valueOf(count));
+                String.valueOf(count));
         buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME,
-            nowString);
+                nowString);
 
         IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor();
         String mailContent =
-            emailFormProcessor.getEmailContent(contentForm,
-                mContentParams);
+                emailFormProcessor.getEmailContent(contentForm,
+                        mContentParams);
 
         mailSummary(mailContent);
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
+     * Returns a list of configuration parameter names.
+     * The list is passed to the configuration console so instances of
      * this implementation can be configured through the console.
-     *
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
diff --git a/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java b/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java
index 6a0a6d03..6aea0c51 100644
--- a/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java
+++ b/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.jobs;
 
-
 import java.security.cert.X509Certificate;
 import java.text.DateFormat;
 import java.util.Date;
@@ -46,38 +45,25 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.certsrv.request.RequestId;
 
-
 /**
- * a job for the Jobs Scheduler.  This job checks in the internal ldap
+ * a job for the Jobs Scheduler. This job checks in the internal ldap
  * db for certs that have expired and remove them from the ldap
  * publishing directory.
  * <p>
  * the $TOKENS that are available for the this jobs's summary outer form are:<br>
  * <UL>
- * $Status
- * $InstanceID
- * $SummaryItemList
- * $SummaryTotalNum
- * $SummaryTotalSuccess
- * $SummaryTotalfailure
- * $ExecutionTime
+ * $Status $InstanceID $SummaryItemList $SummaryTotalNum $SummaryTotalSuccess $SummaryTotalfailure $ExecutionTime
  * </UL>
  * and for the inner list items:
  * <UL>
- * $SerialNumber
- * $IssuerDN
- * $SubjectDN
- * $NotAfter
- * $NotBefore
- * $RequestorEmail
- * $CertType
+ * $SerialNumber $IssuerDN $SubjectDN $NotAfter $NotBefore $RequestorEmail $CertType
  * </UL>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UnpublishExpiredJob extends AJobBase
-    implements IJob, Runnable, IExtendedPluginInfo {
-	
+        implements IJob, Runnable, IExtendedPluginInfo {
+
     ICertificateAuthority mCa = null;
     IRequestQueue mReqQ = null;
     ICertificateRepository mRepository = null;
@@ -90,15 +76,15 @@ public class UnpublishExpiredJob extends AJobBase
      * console.
      */
     protected static String[] mConfigParams =
-        new String[] { 
-            "enabled",
-            "cron",
-            "summary.enabled",
-            "summary.emailSubject",
-            "summary.emailTemplate",
-            "summary.itemTemplate",
-            "summary.senderEmail",
-            "summary.recipientEmail"
+            new String[] {
+                    "enabled",
+                    "cron",
+                    "summary.enabled",
+                    "summary.emailSubject",
+                    "summary.emailTemplate",
+                    "summary.itemTemplate",
+                    "summary.senderEmail",
+                    "summary.recipientEmail"
         };
 
     /* Vector of extendedPluginInfo strings */
@@ -110,24 +96,24 @@ public class UnpublishExpiredJob extends AJobBase
     public String[] getExtendedPluginInfo(Locale locale) {
         String s[] = {
                 IExtendedPluginInfo.HELP_TEXT +
-                "; A job that checks for expired certificates in the " +
-                "database, and removes them from the publishing " +
-                "directory",
+                        "; A job that checks for expired certificates in the " +
+                        "database, and removes them from the publishing " +
+                        "directory",
                 "cron;string;Format: minute hour dayOfMonth month " +
-                "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
+                        "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
                 "summary.senderEmail;string;Specify the address to be used " +
-                "as the email's 'sender'. Bounces go to this address.",
+                        "as the email's 'sender'. Bounces go to this address.",
                 "summary.recipientEmail;string;Who should receive summaries",
                 "enabled;boolean;Enable this plugin",
                 "summary.enabled;boolean;Enable the summary. You must enabled " +
-                "this for the job to work.",
+                        "this for the job to work.",
                 "summary.emailSubject;string;Subject of summary email",
                 "summary.emailTemplate;string;Fully qualified pathname of " +
-                "template file of email to be sent",
+                        "template file of email to be sent",
                 "summary.itemTemplate;string;Fully qualified pathname of " +
-                "file containing template for each item",
+                        "file containing template for each item",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-jobrules-unpublishexpiredjobs",
+                        ";configuration-jobrules-unpublishexpiredjobs",
             };
 
         return s;
@@ -151,13 +137,13 @@ public class UnpublishExpiredJob extends AJobBase
         mReqQ = mCa.getRequestQueue();
         mRepository = (ICertificateRepository) mCa.getCertificateRepository();
         mPublisherProcessor = mCa.getPublisherProcessor();
-		
+
         // read from the configuration file
         mCron = mConfig.getString(IJobCron.PROP_CRON);
         if (mCron == null) {
             return;
         }
-		
+
         // parse cron string into a JobCron class
         IJobsScheduler scheduler = (IJobsScheduler) owner;
 
@@ -183,8 +169,8 @@ public class UnpublishExpiredJob extends AJobBase
      * expired.
      * remove them from ldap publishing directory
      * if remove successfully, mark <i>false</i> on the
-     *		 <b>InLdapPublishDir</b> flag,
-     *    else, if remove unsuccessfully, log it
+     * <b>InLdapPublishDir</b> flag,
+     * else, if remove unsuccessfully, log it
      */
     public void run() {
         //		System.out.println("in ExpiredUnpublishJob "+
@@ -197,9 +183,9 @@ public class UnpublishExpiredJob extends AJobBase
 
         // form filter
         String filter = "(&(x509Cert.notAfter<=" + now +
-            ")(!(x509Cert.notAfter=" + now + "))" +
-            "(" + "certMetainfo=" + ICertRecord.META_LDAPPUBLISH +
-            ":true))";
+                ")(!(x509Cert.notAfter=" + now + "))" +
+                "(" + "certMetainfo=" + ICertRecord.META_LDAPPUBLISH +
+                ":true))";
         // a test for without CertRecord.META_LDAPPUBLISH
         //String filter = "(x509Cert.notAfter<="+ now +")";
 
@@ -233,13 +219,14 @@ public class UnpublishExpiredJob extends AJobBase
         while (expired != null && expired.hasMoreElements()) {
             ICertRecord rec = (ICertRecord) expired.nextElement();
 
-            if (rec == null) break;
+            if (rec == null)
+                break;
             X509CertImpl cert = rec.getCertificate();
 
             if (mSummary == true)
                 buildItemParams(cert);
 
-                // get request id from cert record MetaInfo
+            // get request id from cert record MetaInfo
             MetaInfo minfo = null;
 
             try {
@@ -248,42 +235,42 @@ public class UnpublishExpiredJob extends AJobBase
                 negCount += 1;
                 if (mSummary == true)
                     buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                        STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,					
-                    CMS.getLogMessage("JOBS_META_INFO_ERROR",
-                        cert.getSerialNumber().toString(16) +
-                        e.toString()));
+                            STATUS_FAILURE);
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("JOBS_META_INFO_ERROR",
+                                cert.getSerialNumber().toString(16) +
+                                        e.toString()));
             }
 
             String ridString = null;
 
             try {
                 if (minfo != null)
-                    ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID); 
+                    ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID);
             } catch (EBaseException e) {
                 negCount += 1;
                 if (mSummary == true)
                     buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                        STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,					
-                    CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
-                        cert.getSerialNumber().toString(16) +
-                        e.toString()));
+                            STATUS_FAILURE);
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
+                                cert.getSerialNumber().toString(16) +
+                                        e.toString()));
             } catch (NullPointerException e) {
                 // no requestId in MetaInfo...skip to next record
                 negCount += 1;
                 if (mSummary == true)
                     buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                        STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,					
-                    CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
-                        cert.getSerialNumber().toString(16) +
-                        e.toString()));
+                            STATUS_FAILURE);
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
+                                cert.getSerialNumber().toString(16) +
+                                        e.toString()));
             }
 
             if (ridString != null) {
                 RequestId rid = new RequestId(ridString);
-				
+
                 // get request from request id
                 IRequest req = null;
 
@@ -297,19 +284,19 @@ public class UnpublishExpiredJob extends AJobBase
                     negCount += 1;
                     if (mSummary == true)
                         buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
-                    log(ILogger.LL_FAILURE,					
-                        CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR",
-                            cert.getSerialNumber().toString(16) +
-                            e.toString()));
+                                STATUS_FAILURE);
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR",
+                                    cert.getSerialNumber().toString(16) +
+                                            e.toString()));
                 }
                 try {
                     if ((mPublisherProcessor != null) &&
-                        mPublisherProcessor.enabled()) { 
+                            mPublisherProcessor.enabled()) {
                         mPublisherProcessor.unpublishCert((X509Certificate) cert, req);
                         if (mSummary == true)
                             buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                STATUS_SUCCESS);
+                                    STATUS_SUCCESS);
                         count += 1;
                     } else {
                         negCount += 1;
@@ -318,21 +305,21 @@ public class UnpublishExpiredJob extends AJobBase
                     negCount += 1;
                     if (mSummary == true)
                         buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
-                    log(ILogger.LL_FAILURE,					
-                        CMS.getLogMessage("JOBS_UNPUBLISH_ERROR",
-                            cert.getSerialNumber().toString(16) +
-                            e.toString()));
+                                STATUS_FAILURE);
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("JOBS_UNPUBLISH_ERROR",
+                                    cert.getSerialNumber().toString(16) +
+                                            e.toString()));
                 }
             } // ridString != null
             else {
                 try {
                     if ((mPublisherProcessor != null) &&
-                        mPublisherProcessor.enabled()) { 
+                            mPublisherProcessor.enabled()) {
                         mPublisherProcessor.unpublishCert((X509Certificate) cert, null);
                         if (mSummary == true)
                             buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                STATUS_SUCCESS);
+                                    STATUS_SUCCESS);
                         count += 1;
                     } else {
                         negCount += 1;
@@ -341,11 +328,11 @@ public class UnpublishExpiredJob extends AJobBase
                     negCount += 1;
                     if (mSummary == true)
                         buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
-                    log(ILogger.LL_FAILURE,					
-                        CMS.getLogMessage("JOBS_UNPUBLISH_ERROR",
-                            cert.getSerialNumber().toString(16) +
-                            e.toString()));
+                                STATUS_FAILURE);
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("JOBS_UNPUBLISH_ERROR",
+                                    cert.getSerialNumber().toString(16) +
+                                            e.toString()));
                 }
             } // ridString == null
 
@@ -355,7 +342,7 @@ public class UnpublishExpiredJob extends AJobBase
             // if summary is enabled, form the item content
             if (mSummary) {
                 IEmailFormProcessor emailItemFormProcessor =
-                    CMS.getEmailFormProcessor();
+                        CMS.getEmailFormProcessor();
                 String c = emailItemFormProcessor.getEmailContent(itemForm,
                         mItemParams);
 
@@ -371,36 +358,35 @@ public class UnpublishExpiredJob extends AJobBase
         // time for summary
         if (mSummary == true) {
             buildContentParams(IEmailFormProcessor.TOKEN_ID,
-                mId);
+                    mId);
             buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST,
-                itemListContent);
+                    itemListContent);
             buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM,
-                String.valueOf(count + negCount));
+                    String.valueOf(count + negCount));
             buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM,
-                String.valueOf(count));
+                    String.valueOf(count));
             buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM,
-                String.valueOf(negCount));
+                    String.valueOf(negCount));
             buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME,
-                nowString);
+                    nowString);
 
             IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor();
             String mailContent =
-                emailFormProcessor.getEmailContent(contentForm,
-                    mContentParams);
+                    emailFormProcessor.getEmailContent(contentForm,
+                            mContentParams);
 
             mailSummary(mailContent);
         }
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
+     * Returns a list of configuration parameter names.
+     * The list is passed to the configuration console so instances of
      * this implementation can be configured through the console.
-     *
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java b/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java
index d238c279..6c9a295b 100644
--- a/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java
+++ b/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.listeners;
 
-
 import java.io.File;
 import java.io.IOException;
 import java.text.DateFormat;
@@ -45,12 +44,10 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestListener;
 import com.netscape.certsrv.request.RequestId;
 
-
 /**
  * a listener for every completed enrollment request
  * <p>
- * Here is a list of available $TOKENs for email notification
- templates if certificate is successfully issued:
+ * Here is a list of available $TOKENs for email notification templates if certificate is successfully issued:
  * <UL>
  * <LI>$InstanceID
  * <LI>$SerialNumber
@@ -66,13 +63,12 @@ import com.netscape.certsrv.request.RequestId;
  * <LI>$RecipientEmail
  * </UL>
  * <p>
- * Here is a list of available $TOKENs for email notification
- templates if certificate request is rejected:
+ * Here is a list of available $TOKENs for email notification templates if certificate request is rejected:
  * <UL>
  * <LI>$RequestId
  * <LI>$InstanceID
  * </UL>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CertificateIssuedListener implements IRequestListener {
@@ -107,7 +103,7 @@ public class CertificateIssuedListener implements IRequestListener {
     }
 
     public void init(ISubsystem sub, IConfigStore config)
-        throws EListenersException, EPropertyNotFound, EBaseException {
+            throws EListenersException, EPropertyNotFound, EBaseException {
         mSubsystem = (ICertAuthority) sub;
         mConfig = mSubsystem.getConfigStore();
 
@@ -130,8 +126,8 @@ public class CertificateIssuedListener implements IRequestListener {
 
         if (ridx == -1) {
             CMS.debug("CertificateIssuedListener: file separator: " + File.separator
-                +
-                " not found. Use default /");
+                    +
+                    " not found. Use default /");
             ridx = mFormPath.lastIndexOf("/");
             mDir = mFormPath.substring(0, ridx + 1);
         } else {
@@ -166,9 +162,10 @@ public class CertificateIssuedListener implements IRequestListener {
     }
 
     public void accept(IRequest r) {
-        CMS.debug("CertificateIssuedListener: accept " + 
-            r.getRequestId().toString());
-        if (mEnabled != true) return;
+        CMS.debug("CertificateIssuedListener: accept " +
+                r.getRequestId().toString());
+        if (mEnabled != true)
+            return;
 
         mSubject = mSubject_Success;
         mReqId = r.getRequestId();
@@ -192,15 +189,15 @@ public class CertificateIssuedListener implements IRequestListener {
                 return;
             if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) {
                 CMS.debug("CertificateIssuedListener: Request errored. " +
-                    "No need to email notify for enrollment request id " +
-                    mReqId);
+                        "No need to email notify for enrollment request id " +
+                        mReqId);
                 return;
             }
         }
         String requestType = r.getRequestType();
 
         if (requestType.equals(IRequest.ENROLLMENT_REQUEST) ||
-            requestType.equals(IRequest.RENEWAL_REQUEST)) {
+                requestType.equals(IRequest.RENEWAL_REQUEST)) {
             CMS.debug("accept() enrollment/renewal request...");
             // Get the certificate from the request
             X509CertImpl issuedCert[] = null;
@@ -224,10 +221,10 @@ public class CertificateIssuedListener implements IRequestListener {
                 try {
                     keys.set(IEmailResolverKeys.KEY_REQUEST, r);
                     keys.set(IEmailResolverKeys.KEY_CERT,
-                        issuedCert[0]);
+                            issuedCert[0]);
                 } catch (EBaseException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
                 }
 
                 IEmailResolver er = CMS.getReqCertSANameEmailResolver();
@@ -236,30 +233,30 @@ public class CertificateIssuedListener implements IRequestListener {
                     mEmail = er.getEmail(keys);
                 } catch (ENotificationException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                            e.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
+                                    e.toString()));
                 } catch (EBaseException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                            e.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
+                                    e.toString()));
                 } catch (Exception e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                            e.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
+                                    e.toString()));
                 }
-				
+
                 // now we can mail
                 if ((mEmail != null) && (!mEmail.equals(""))) {
                     mailIt(mEmail, issuedCert);
                 } else {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR",
-                            issuedCert[0].getSerialNumber().toString(), mReqId.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR",
+                                    issuedCert[0].getSerialNumber().toString(), mReqId.toString()));
                     // send failure notification to "sender"
                     mSubject = "Certificate Issued notification undeliverable";
                     mailIt(mSenderEmail, issuedCert);
                 }
-            }				
+            }
         }
     }
 
@@ -282,7 +279,7 @@ public class CertificateIssuedListener implements IRequestListener {
             if (!template.init()) {
                 return;
             }
-		
+
             buildContentParams(issuedCert, mEmail);
             IEmailFormProcessor et = CMS.getEmailFormProcessor();
             String c = et.getEmailContent(template.toString(), mContentParams);
@@ -293,19 +290,19 @@ public class CertificateIssuedListener implements IRequestListener {
             mn.setContent(c);
         } else {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR",
-                    issuedCert[0].getSerialNumber().toString(), mReqId.toString()));
+                    CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR",
+                            issuedCert[0].getSerialNumber().toString(), mReqId.toString()));
 
             mn.setContent("Serial Number = " +
-                issuedCert[0].getSerialNumber() +
-                "; Request ID = " + mReqId);
+                    issuedCert[0].getSerialNumber() +
+                    "; Request ID = " + mReqId);
         }
-		
+
         try {
             mn.sendNotification();
         } catch (ENotificationException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-			
+
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
         }
@@ -320,7 +317,7 @@ public class CertificateIssuedListener implements IRequestListener {
             keys.set(IEmailResolverKeys.KEY_REQUEST, r);
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
+                    CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
         }
 
         IEmailResolver er = CMS.getReqCertSANameEmailResolver();
@@ -352,17 +349,17 @@ public class CertificateIssuedListener implements IRequestListener {
                 if (!template.init()) {
                     return;
                 }
-			
+
                 if (template.isHTML()) {
                     mn.setContentType("text/html");
                 }
 
                 // build some token data
                 mContentParams.put(IEmailFormProcessor.TOKEN_ID,
-                    mConfig.getName());
+                        mConfig.getName());
                 mReqId = r.getRequestId();
                 mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID,
-                    (Object) mReqId.toString());
+                        (Object) mReqId.toString());
                 IEmailFormProcessor et = CMS.getEmailFormProcessor();
                 String c = et.getEmailContent(template.toString(), mContentParams);
 
@@ -377,48 +374,48 @@ public class CertificateIssuedListener implements IRequestListener {
             } catch (ENotificationException e) {
                 // already logged, lets audit
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-				
+
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
             }
         } else {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION_NOTIFICATION", mReqId.toString()));
+                    CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION_NOTIFICATION", mReqId.toString()));
 
         }
     }
 
     private void buildContentParams(X509CertImpl issuedCert[], String mEmail) {
         mContentParams.put(IEmailFormProcessor.TOKEN_ID,
-            mConfig.getName());
+                mConfig.getName());
         mContentParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM,
-            (Object) issuedCert[0].getSerialNumber().toString());
+                (Object) issuedCert[0].getSerialNumber().toString());
         mContentParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM,
-            (Object) Long.toHexString(issuedCert[0].getSerialNumber().longValue()));
+                (Object) Long.toHexString(issuedCert[0].getSerialNumber().longValue()));
         mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID,
-            (Object) mReqId.toString());
+                (Object) mReqId.toString());
         mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST,
-            (Object) mHttpHost);
+                (Object) mHttpHost);
         mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT,
-            (Object) mHttpPort);
+                (Object) mHttpPort);
         mContentParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN,
-            (Object) issuedCert[0].getIssuerDN().toString());
+                (Object) issuedCert[0].getIssuerDN().toString());
         mContentParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN,
-            (Object) issuedCert[0].getSubjectDN().toString());
+                (Object) issuedCert[0].getSubjectDN().toString());
 
         Date date = (Date) issuedCert[0].getNotAfter();
 
         mContentParams.put(IEmailFormProcessor.TOKEN_NOT_AFTER,
-            mDateFormat.format(date));
+                mDateFormat.format(date));
 
         date = (Date) issuedCert[0].getNotBefore();
         mContentParams.put(IEmailFormProcessor.TOKEN_NOT_BEFORE,
-            mDateFormat.format(date));
+                mDateFormat.format(date));
 
         mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL,
-            (Object) mSenderEmail);
+                (Object) mSenderEmail);
         mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL,
-            (Object) mEmail);
+                (Object) mEmail);
         // ... and more
     }
 
@@ -448,7 +445,7 @@ public class CertificateIssuedListener implements IRequestListener {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, msg);
+                level, msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java b/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java
index ca62af5f..841f7186 100644
--- a/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java
+++ b/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.listeners;
 
-
 import java.io.File;
 import java.io.IOException;
 import java.security.cert.X509Certificate;
@@ -47,12 +46,10 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestListener;
 import com.netscape.certsrv.request.RequestId;
 
-
 /**
  * a listener for every completed enrollment request
  * <p>
- * Here is a list of available $TOKENs for email notification
- templates if certificate is successfully issued:
+ * Here is a list of available $TOKENs for email notification templates if certificate is successfully issued:
  * <UL>
  * <LI>$InstanceID
  * <LI>$SerialNumber
@@ -68,13 +65,12 @@ import com.netscape.certsrv.request.RequestId;
  * <LI>$RecipientEmail
  * </UL>
  * <p>
- * Here is a list of available $TOKENs for email notification
- templates if certificate request is revoked:
+ * Here is a list of available $TOKENs for email notification templates if certificate request is revoked:
  * <UL>
  * <LI>$RequestId
  * <LI>$InstanceID
  * </UL>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CertificateRevokedListener implements IRequestListener {
@@ -109,7 +105,7 @@ public class CertificateRevokedListener implements IRequestListener {
     }
 
     public void init(ISubsystem sub, IConfigStore config)
-        throws EListenersException, EPropertyNotFound, EBaseException {
+            throws EListenersException, EPropertyNotFound, EBaseException {
         mSubsystem = (ICertAuthority) sub;
         mConfig = mSubsystem.getConfigStore();
 
@@ -132,8 +128,8 @@ public class CertificateRevokedListener implements IRequestListener {
 
         if (ridx == -1) {
             CMS.debug("CertificateRevokedListener: file separator: " + File.separator
-                +
-                " not found. Use default /");
+                    +
+                    " not found. Use default /");
             ridx = mFormPath.lastIndexOf("/");
             mDir = mFormPath.substring(0, ridx + 1);
         } else {
@@ -168,7 +164,8 @@ public class CertificateRevokedListener implements IRequestListener {
     }
 
     public void accept(IRequest r) {
-        if (mEnabled != true) return;
+        if (mEnabled != true)
+            return;
 
         mSubject = mSubject_Success;
         mReqId = r.getRequestId();
@@ -190,18 +187,18 @@ public class CertificateRevokedListener implements IRequestListener {
 
         if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) {
             CMS.debug("CertificateRevokedListener: Request errored. " +
-                "No need to email notify for enrollment request id " +
-                mReqId);
+                    "No need to email notify for enrollment request id " +
+                    mReqId);
             return;
         }
-     
+
         if (requestType.equals(IRequest.REVOCATION_REQUEST)) {
             CMS.debug("CertificateRevokedListener: accept() revocation request...");
             // Get the certificate from the request
             //X509CertImpl issuedCert[] =
             //    (X509CertImpl[])
             RevokedCertImpl crlentries[] =
-                r.getExtDataInRevokedCertArray(IRequest.CERT_INFO);
+                    r.getExtDataInRevokedCertArray(IRequest.CERT_INFO);
 
             if (crlentries != null) {
                 CMS.debug("CertificateRevokedListener: Sending email notification..");
@@ -213,10 +210,10 @@ public class CertificateRevokedListener implements IRequestListener {
                 try {
                     keys.set(IEmailResolverKeys.KEY_REQUEST, r);
                     keys.set(IEmailResolverKeys.KEY_CERT,
-                        crlentries[0]);
+                            crlentries[0]);
                 } catch (EBaseException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
                 }
 
                 IEmailResolver er = CMS.getReqCertSANameEmailResolver();
@@ -225,30 +222,30 @@ public class CertificateRevokedListener implements IRequestListener {
                     mEmail = er.getEmail(keys);
                 } catch (ENotificationException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                            e.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
+                                    e.toString()));
                 } catch (EBaseException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                            e.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
+                                    e.toString()));
                 } catch (Exception e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                            e.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
+                                    e.toString()));
                 }
-				
+
                 // now we can mail
                 if ((mEmail != null) && (!mEmail.equals(""))) {
                     mailIt(mEmail, crlentries);
                 } else {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR",
-                            crlentries[0].getSerialNumber().toString(), mReqId.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR",
+                                    crlentries[0].getSerialNumber().toString(), mReqId.toString()));
                     // send failure notification to "sender"
                     mSubject = "Certificate Issued notification undeliverable";
                     mailIt(mSenderEmail, crlentries);
                 }
-            }				
+            }
         }
     }
 
@@ -271,7 +268,7 @@ public class CertificateRevokedListener implements IRequestListener {
             if (!template.init()) {
                 return;
             }
-		
+
             buildContentParams(crlentries, mEmail);
             IEmailFormProcessor et = CMS.getEmailFormProcessor();
             String c = et.getEmailContent(template.toString(), mContentParams);
@@ -282,19 +279,19 @@ public class CertificateRevokedListener implements IRequestListener {
             mn.setContent(c);
         } else {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR",
-                    crlentries[0].getSerialNumber().toString(), mReqId.toString()));
+                    CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR",
+                            crlentries[0].getSerialNumber().toString(), mReqId.toString()));
 
             mn.setContent("Serial Number = " +
-                crlentries[0].getSerialNumber() +
-                "; Request ID = " + mReqId);
+                    crlentries[0].getSerialNumber() +
+                    "; Request ID = " + mReqId);
         }
-		
+
         try {
             mn.sendNotification();
         } catch (ENotificationException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-			
+
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
         }
@@ -302,18 +299,18 @@ public class CertificateRevokedListener implements IRequestListener {
 
     private void buildContentParams(RevokedCertImpl crlentries[], String mEmail) {
         mContentParams.put(IEmailFormProcessor.TOKEN_ID,
-            mConfig.getName());
+                mConfig.getName());
         mContentParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM,
-            (Object) crlentries[0].getSerialNumber().toString());
+                (Object) crlentries[0].getSerialNumber().toString());
         mContentParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM,
-            (Object) Long.toHexString(crlentries[0].getSerialNumber().longValue()));
+                (Object) Long.toHexString(crlentries[0].getSerialNumber().longValue()));
         mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID,
-            (Object) mReqId.toString());
+                (Object) mReqId.toString());
         mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST,
-            (Object) mHttpHost);
+                (Object) mHttpHost);
         mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT,
-            (Object) mHttpPort);
-        
+                (Object) mHttpPort);
+
         try {
             RevokedCertImpl revCert = (RevokedCertImpl) crlentries[0];
             ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
@@ -321,22 +318,22 @@ public class CertificateRevokedListener implements IRequestListener {
             X509Certificate cert = certDB.getX509Certificate(revCert.getSerialNumber());
 
             mContentParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN,
-                (Object) cert.getIssuerDN().toString());
+                    (Object) cert.getIssuerDN().toString());
             mContentParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN,
-                (Object) cert.getSubjectDN().toString());
+                    (Object) cert.getSubjectDN().toString());
             Date date = (Date) crlentries[0].getRevocationDate();
-            
+
             mContentParams.put(IEmailFormProcessor.TOKEN_REVOCATION_DATE,
-                mDateFormat.format(date));
+                    mDateFormat.format(date));
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
+                    CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
         }
 
         mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL,
-            (Object) mSenderEmail);
+                (Object) mSenderEmail);
         mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL,
-            (Object) mEmail);
+                (Object) mEmail);
         // ... and more
     }
 
@@ -366,7 +363,7 @@ public class CertificateRevokedListener implements IRequestListener {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, msg);
+                level, msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java b/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java
index 2f02774d..c71b9c60 100644
--- a/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java
+++ b/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.listeners;
 
-
 import java.util.Hashtable;
 
 import netscape.ldap.LDAPAttribute;
@@ -39,10 +38,9 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestListener;
 import com.netscape.certsrv.request.RequestId;
 
-
 /**
  * This represnets a listener that removes pin from LDAP directory.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PinRemovalListener implements IRequestListener {
@@ -87,18 +85,18 @@ public class PinRemovalListener implements IRequestListener {
 
     protected String[] configParams = { "a" };
 
-    public String[] getConfigParams() 
-        throws EBaseException {
+    public String[] getConfigParams()
+            throws EBaseException {
 
         return configParams;
     }
 
     public void init(ISubsystem sub, IConfigStore config) throws EBaseException {
-	init(null, null, config);
+        init(null, null, config);
     }
 
     public void init(String name, String ImplName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = ImplName;
         mConfig = config;
@@ -115,7 +113,8 @@ public class PinRemovalListener implements IRequestListener {
     }
 
     public void accept(IRequest r) {
-        if (mEnabled != true) return;
+        if (mEnabled != true)
+            return;
 
         mReqId = r.getRequestId();
 
@@ -129,7 +128,7 @@ public class PinRemovalListener implements IRequestListener {
         String requestType = r.getRequestType();
 
         if (requestType.equals(IRequest.ENROLLMENT_REQUEST) ||
-            requestType.equals(IRequest.RENEWAL_REQUEST)) {
+                requestType.equals(IRequest.RENEWAL_REQUEST)) {
 
             String uid = r.getExtDataInString(
                     IRequest.HTTP_PARAMS, "uid");
@@ -144,21 +143,21 @@ public class PinRemovalListener implements IRequestListener {
             try {
                 LDAPSearchResults res = mRemovePinLdapConnection.search(mBaseDN,
                         LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false);
-			
+
                 if (!res.hasMoreElements()) {
                     log(ILogger.LL_SECURITY, "uid " + uid + " does not exist in the ldap " +
-                        " server. Could not remove pin");
+                            " server. Could not remove pin");
                     return;
                 }
 
                 LDAPEntry entry = (LDAPEntry) res.nextElement();
 
                 userdn = entry.getDN();
-	
+
                 mRemovePinLdapConnection.modify(userdn,
-                    new LDAPModification(
-                        LDAPModification.DELETE,
-                        new LDAPAttribute(mPinAttr)));
+                        new LDAPModification(
+                                LDAPModification.DELETE,
+                                new LDAPAttribute(mPinAttr)));
 
                 log(ILogger.LL_INFO, "Removed pin for user \"" + userdn + "\"");
 
@@ -173,10 +172,9 @@ public class PinRemovalListener implements IRequestListener {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, "PinRemovalListener: " + msg);
+                level, "PinRemovalListener: " + msg);
     }
 
     public void set(String name, String val) {
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java b/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java
index f5810a46..e5c07520 100644
--- a/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java
+++ b/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.listeners;
 
-
 import java.io.IOException;
 import java.util.Hashtable;
 
@@ -39,7 +38,6 @@ import com.netscape.certsrv.request.RequestId;
 import com.netscape.cms.profile.input.SubjectNameInput;
 import com.netscape.cms.profile.input.SubmitterInfoInput;
 
-
 /**
  * a listener for every request gets into the request queue.
  * <p>
@@ -54,7 +52,7 @@ import com.netscape.cms.profile.input.SubmitterInfoInput;
  * <LI>$SenderEmail
  * <LI>$RecipientEmail
  * </UL>
- *
+ * 
  */
 public class RequestInQListener implements IRequestListener {
     protected static final String PROP_ENABLED = "enabled";
@@ -89,8 +87,8 @@ public class RequestInQListener implements IRequestListener {
      * initializes the listener from the configuration
      */
     public void init(ISubsystem sub, IConfigStore config)
-        throws EListenersException, EPropertyNotFound, EBaseException {
-		
+            throws EListenersException, EPropertyNotFound, EBaseException {
+
         mSubsystem = (ICertAuthority) sub;
         mConfig = mSubsystem.getConfigStore();
 
@@ -118,32 +116,34 @@ public class RequestInQListener implements IRequestListener {
         // make available http host and port for forming url in templates
         mHttpHost = CMS.getAgentHost();
         mAgentPort = CMS.getAgentPort();
-        if (mAgentPort == null) 
+        if (mAgentPort == null)
             log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_REQUEST_PORT_NOT_FOUND"));
         else
             CMS.debug("RequestInQuListener: agentport = " + mAgentPort);
 
-            // register for this event listener
+        // register for this event listener
         mSubsystem.registerPendingListener(this);
     }
 
     /**
      * carries out the operation when the listener is triggered.
+     * 
      * @param r IRequest structure holding the request information
      * @see com.netscape.certsrv.request.IRequest
      */
     public void accept(IRequest r) {
 
-        if (mEnabled != true) return;
+        if (mEnabled != true)
+            return;
 
-            // regardless of type of request...notify for everything
-            // no need for email resolver here...
+        // regardless of type of request...notify for everything
+        // no need for email resolver here...
         IMailNotification mn = CMS.getMailNotification();
 
         mn.setFrom(mSenderEmail);
         mn.setTo(mRecipientEmail);
         mn.setSubject(mEmailSubject + " (request id: " +
-            r.getRequestId() + ")");
+                r.getRequestId() + ")");
 
         /*
          * get form file from disk
@@ -158,7 +158,7 @@ public class RequestInQListener implements IRequestListener {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_INIT"));
                 return;
             }
-		
+
             buildContentParams(r);
             IEmailFormProcessor et = CMS.getEmailFormProcessor();
             String c = et.getEmailContent(template.toString(), mContentParams);
@@ -169,8 +169,8 @@ public class RequestInQListener implements IRequestListener {
             mn.setContent(c);
         } else {
             // log and mail
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_GET"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_GET"));
             mn.setContent("Template not retrievable for Request in Queue notification");
         }
 
@@ -179,77 +179,78 @@ public class RequestInQListener implements IRequestListener {
         } catch (ENotificationException e) {
             // already logged, lets audit
             mLogger.log(ILogger.EV_AUDIT, null,
-                ILogger.S_OTHER,
-                ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-			
+                    ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                ILogger.LL_FAILURE,
-                CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString()));
+                    ILogger.LL_FAILURE,
+                    CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString()));
 
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString()));
+                    CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString()));
         }
     }
 
     private void buildContentParams(IRequest r) {
         mContentParams.clear();
         mContentParams.put(IEmailFormProcessor.TOKEN_ID,
-            mConfig.getName());
+                mConfig.getName());
         Object val = null;
 
         String profileId = r.getExtDataInString("profileId");
 
         if (profileId == null) {
-          val = r.getExtDataInString(IRequest.HTTP_PARAMS, "csrRequestorEmail");
+            val = r.getExtDataInString(IRequest.HTTP_PARAMS, "csrRequestorEmail");
         } else {
-          // use the submitter info if available, otherwise, use the 
-          // subject name input email 
-          val = r.getExtDataInString(SubmitterInfoInput.EMAIL);
+            // use the submitter info if available, otherwise, use the 
+            // subject name input email 
+            val = r.getExtDataInString(SubmitterInfoInput.EMAIL);
 
-          if ((val == null) || (((String) val).compareTo("") == 0)) {
-              val = r.getExtDataInString(SubjectNameInput.VAL_EMAIL);
-          }
+            if ((val == null) || (((String) val).compareTo("") == 0)) {
+                val = r.getExtDataInString(SubjectNameInput.VAL_EMAIL);
+            }
         }
         if (val != null)
             mContentParams.put(IEmailFormProcessor.TOKEN_REQUESTOR_EMAIL,
-                val);
+                    val);
 
         if (profileId == null) {
-          val = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+            val = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
         } else {
-          val = profileId;
+            val = profileId;
         }
         if (val != null) {
             mContentParams.put(IEmailFormProcessor.TOKEN_CERT_TYPE,
-                val);
+                    val);
         }
 
         RequestId reqId = r.getRequestId();
 
         mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID,
-            (Object) reqId.toString());
+                (Object) reqId.toString());
 
         mContentParams.put(IEmailFormProcessor.TOKEN_ID, mId);
 
         val = r.getRequestType();
         if (val != null)
             mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_TYPE,
-                val);
+                    val);
 
         mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST,
-            (Object) mHttpHost);
+                (Object) mHttpHost);
         mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT,
-            (Object) mAgentPort);
+                (Object) mAgentPort);
 
         mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL,
-            (Object) mSenderEmail);
+                (Object) mSenderEmail);
         mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL,
-            (Object) mRecipientEmail);
+                (Object) mRecipientEmail);
     }
 
     /**
      * sets the configurable parameters
+     * 
      * @param name a String represents the name of the configuration parameter to be set
      * @param val a String containing the value to be set for name
      */
@@ -277,7 +278,6 @@ public class RequestInQListener implements IRequestListener {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, msg);
+                level, msg);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/logging/LogEntry.java b/pki/base/common/src/com/netscape/cms/logging/LogEntry.java
index 4ab9f281..759b0937 100644
--- a/pki/base/common/src/com/netscape/cms/logging/LogEntry.java
+++ b/pki/base/common/src/com/netscape/cms/logging/LogEntry.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.logging;
 
-
 import java.text.DateFormat;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.Vector;
 
-
 /**
  * A log entry of LogFile
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class LogEntry {
@@ -43,7 +41,7 @@ public class LogEntry {
 
     /**
      * Constructor for a LogEntry.
-     *
+     * 
      */
     public LogEntry(String entry) throws ParseException {
         mEntry = entry;
@@ -52,10 +50,10 @@ public class LogEntry {
 
     /**
      * parse a log entry
-     *
+     * 
      * return a vector of the segments of the entry
      */
-     
+
     public Vector parse() throws ParseException {
         int x = mEntry.indexOf("[");
 
diff --git a/pki/base/common/src/com/netscape/cms/logging/LogFile.java b/pki/base/common/src/com/netscape/cms/logging/LogFile.java
index c2dd7b33..4a3b3cb0 100644
--- a/pki/base/common/src/com/netscape/cms/logging/LogFile.java
+++ b/pki/base/common/src/com/netscape/cms/logging/LogFile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.logging;
 
-
 import java.io.BufferedReader;
 import java.io.BufferedWriter;
 import java.io.ByteArrayOutputStream;
@@ -81,7 +80,7 @@ import com.netscape.cmsutil.util.Utils;
 
 /**
  * A log event listener which write logs to log files
- *
+ * 
  * @version $Revision$, $Date$
  **/
 public class LogFile implements ILogEventListener, IExtendedPluginInfo {
@@ -108,7 +107,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     private final static String LOG_SIGNED_AUDIT_EXCEPTION =
                                "LOG_SIGNED_AUDIT_EXCEPTION_1";
 
-    protected ILogger mSignedAuditLogger  = CMS.getSignedAuditLogger();
+    protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
     protected IConfigStore mConfig = null;
 
     /**
@@ -152,7 +151,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     /**
      * The log date entry format
      */
-    protected    SimpleDateFormat mLogDateFormat = new SimpleDateFormat(mDatePattern);
+    protected SimpleDateFormat mLogDateFormat = new SimpleDateFormat(mDatePattern);
 
     /**
      * The date object used for log entries
@@ -235,13 +234,13 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
     /**
      * Constructor for a LogFile.
-     *
+     * 
      */
     public LogFile() {
     }
 
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         mConfig = config;
 
         try {
@@ -263,7 +262,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             try {
                 mSAuditCertNickName = config.getString(
                                           PROP_SIGNED_AUDIT_CERT_NICKNAME);
-                CMS.debug("LogFile: init(): audit log signing enabled. signedAuditCertNickname="+ mSAuditCertNickName);
+                CMS.debug("LogFile: init(): audit log signing enabled. signedAuditCertNickname=" + mSAuditCertNickName);
             } catch (EBaseException e) {
                 throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
                         config.getName() + "."
@@ -272,9 +271,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             if (mSAuditCertNickName == null ||
                     mSAuditCertNickName.trim().equals("")) {
                 throw new ELogException(CMS.getUserMessage(
-                    "CMS_BASE_GET_PROPERTY_FAILED",
-                    config.getName() + "."
-                    + PROP_SIGNED_AUDIT_CERT_NICKNAME));
+                        "CMS_BASE_GET_PROPERTY_FAILED",
+                        config.getName() + "."
+                                + PROP_SIGNED_AUDIT_CERT_NICKNAME));
             }
         }
 
@@ -309,13 +308,14 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             String eventId = tokens.nextToken().trim();
 
             theVector.addElement(eventId);
-            CMS.debug("LogFile: log event type selected: "+eventId);
+            CMS.debug("LogFile: log event type selected: " + eventId);
         }
         return theVector;
     }
 
     /**
      * add the event to the selected events list
+     * 
      * @param event to be selected
      */
     public void selectEvent(String event) {
@@ -325,6 +325,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
     /**
      * remove the event from the selected events list
+     * 
      * @param event to be de-selected
      */
     public void deselectEvent(String event) {
@@ -334,6 +335,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
     /**
      * replace the selected events list
+     * 
      * @param events comma-separated event list
      */
     public void replaceEvents(String events) {
@@ -348,9 +350,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
         ByteArrayOutputStream output = new ByteArrayOutputStream();
         Base64OutputStream b64 = new Base64OutputStream(new
                 PrintStream(new
-                    FilterOutputStream(output)
+                        FilterOutputStream(output)
                 )
-            );
+                );
 
         b64.write(bytes);
         b64.flush();
@@ -363,7 +365,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     private static boolean mInSignedAuditLogFailureMode = false;
 
     private static synchronized void shutdownCMS() {
-        if( mInSignedAuditLogFailureMode == false ) {
+        if (mInSignedAuditLogFailureMode == false) {
 
             // Set signed audit log failure mode true
             // No, this isn't a race condition, because the method is
@@ -371,7 +373,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             mInSignedAuditLogFailureMode = true;
 
             // Block all new incoming requests
-            if( CMS.areRequestsDisabled() == false ) {
+            if (CMS.areRequestsDisabled() == false) {
                 // XXX is this a race condition?
                 CMS.disableRequests();
             }
@@ -389,7 +391,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
     /**
      * Initialize and open the log using the parameters from a config store
-     *
+     * 
      * @param config The property config store to find values in
      */
     public void init(IConfigStore config) throws IOException,
@@ -445,50 +447,50 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             // retrieve the subsystem
             String subsystem = "";
 
-            ISubsystem caSubsystem = CMS.getSubsystem( "ca" );
-            if( caSubsystem != null ) {
+            ISubsystem caSubsystem = CMS.getSubsystem("ca");
+            if (caSubsystem != null) {
                 subsystem = "ca";
             }
 
-            ISubsystem raSubsystem = CMS.getSubsystem( "ra" );
-            if( raSubsystem != null ) {
+            ISubsystem raSubsystem = CMS.getSubsystem("ra");
+            if (raSubsystem != null) {
                 subsystem = "ra";
             }
 
-            ISubsystem kraSubsystem = CMS.getSubsystem( "kra" );
-            if( kraSubsystem != null ) {
+            ISubsystem kraSubsystem = CMS.getSubsystem("kra");
+            if (kraSubsystem != null) {
                 subsystem = "kra";
             }
 
-            ISubsystem ocspSubsystem = CMS.getSubsystem( "ocsp" );
-            if( ocspSubsystem != null ) {
+            ISubsystem ocspSubsystem = CMS.getSubsystem("ocsp");
+            if (ocspSubsystem != null) {
                 subsystem = "ocsp";
             }
 
             // retrieve the instance name
             String instIDPath = CMS.getInstanceDir();
-            int index = instIDPath.lastIndexOf( "/" );
-            String instID = instIDPath.substring( index + 1 );
+            int index = instIDPath.lastIndexOf("/");
+            String instID = instIDPath.substring(index + 1);
 
             // build the default signedAudit file name
             signedAuditDefaultFileName = subsystem + "_"
                                        + instID + "_" + "audit";
 
-        } catch( Exception e2 ) {
+        } catch (Exception e2) {
             throw new ELogException(
-                          CMS.getUserMessage( "CMS_BASE_GET_PROPERTY_FAILED",
+                          CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
                                               config.getName() + "." +
-                                              PROP_FILE_NAME ) );
+                                                      PROP_FILE_NAME));
         }
 
         // the default value is determined by the eventType.
         if (mType.equals(ILogger.PROP_SIGNED_AUDIT)) {
             defaultFileName = "logs/signedAudit/" + signedAuditDefaultFileName;
-        }else if (mType.equals(ILogger.PROP_SYSTEM)) {
+        } else if (mType.equals(ILogger.PROP_SYSTEM)) {
             defaultFileName = "logs/system";
-        }else if (mType.equals(ILogger.PROP_AUDIT)) {
+        } else if (mType.equals(ILogger.PROP_AUDIT)) {
             defaultFileName = "logs/transactions";
-        }else {
+        } else {
             //wont get here
             throw new ELogException(CMS.getUserMessage("CMS_LOG_INVALID_LOG_TYPE",
                     config.getName()));
@@ -502,29 +504,29 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
         }
 
         if (mOn) {
-          init(fileName, config.getInteger(PROP_BUFFER_SIZE, BUFFER_SIZE),
-            config.getInteger(PROP_FLUSH_INTERVAL, FLUSH_INTERVAL));
+            init(fileName, config.getInteger(PROP_BUFFER_SIZE, BUFFER_SIZE),
+                    config.getInteger(PROP_FLUSH_INTERVAL, FLUSH_INTERVAL));
         }
     }
 
     /**
      * Initialize and open the log
-     *
-     * @param    bufferSize   The buffer size for the output stream in bytes
-     * @param    flushInterval   The interval in seconds to flush the log
+     * 
+     * @param bufferSize The buffer size for the output stream in bytes
+     * @param flushInterval The interval in seconds to flush the log
      */
-    public void init(String fileName, int bufferSize, int flushInterval) throws IOException,ELogException {
+    public void init(String fileName, int bufferSize, int flushInterval) throws IOException, ELogException {
 
         if (fileName == null)
             throw new ELogException(CMS.getUserMessage("CMS_LOG_INVALID_FILE_NAME", "null"));
 
-            //If we want to reuse the old log files
-            //mFileName = fileName + "." + mLogFileDateFormat.format(mDate);
+        //If we want to reuse the old log files
+        //mFileName = fileName + "." + mLogFileDateFormat.format(mDate);
         mFileName = fileName;
-        if( !Utils.isNT() ) {
+        if (!Utils.isNT()) {
             // Always insure that a physical file exists!
-            Utils.exec( "touch " + mFileName );
-            Utils.exec( "chmod 00640 " + mFileName );
+            Utils.exec("touch " + mFileName);
+            Utils.exec("chmod 00640 " + mFileName);
         }
         mFile = new File(mFileName);
         mBufferSize = bufferSize;
@@ -540,25 +542,25 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
             Provider[] providers = java.security.Security.getProviders();
             int ps = providers.length;
-            for (int i = 0; i<ps; i++) {
-                CMS.debug("LogFile: provider "+i+"= "+providers[i].getName());
+            for (int i = 0; i < ps; i++) {
+                CMS.debug("LogFile: provider " + i + "= " + providers[i].getName());
             }
 
             CryptoManager cm = CryptoManager.getInstance();
 
             // find CertServer's private key
-            X509Certificate cert = cm.findCertByNickname( mSAuditCertNickName );
+            X509Certificate cert = cm.findCertByNickname(mSAuditCertNickName);
             if (cert != null) {
-                CMS.debug("LogFile: setupSignig(): found cert:"+mSAuditCertNickName);
+                CMS.debug("LogFile: setupSignig(): found cert:" + mSAuditCertNickName);
             } else {
-                CMS.debug("LogFile: setupSignig(): cert not found:"+mSAuditCertNickName);
+                CMS.debug("LogFile: setupSignig(): cert not found:" + mSAuditCertNickName);
             }
             mSigningKey = cm.findPrivKeyByCert(cert);
 
             String sigAlgorithm;
-            if( mSigningKey instanceof RSAPrivateKey ) {
+            if (mSigningKey instanceof RSAPrivateKey) {
                 sigAlgorithm = "SHA-256/RSA";
-            } else if( mSigningKey instanceof DSAPrivateKey ) {
+            } else if (mSigningKey instanceof DSAPrivateKey) {
                 sigAlgorithm = "SHA-256/DSA";
             } else {
                 throw new NoSuchAlgorithmException("Unknown private key type");
@@ -567,11 +569,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             CryptoToken savedToken = cm.getThreadToken();
             try {
                 CryptoToken keyToken =
-                    ((org.mozilla.jss.pkcs11.PK11PrivKey)mSigningKey)
-                            .getOwningToken();
+                        ((org.mozilla.jss.pkcs11.PK11PrivKey) mSigningKey)
+                                .getOwningToken();
                 cm.setThreadToken(keyToken);
                 mSignature = java.security.Signature.getInstance(sigAlgorithm,
-                    CRYPTO_PROVIDER);
+                        CRYPTO_PROVIDER);
             } finally {
                 cm.setThreadToken(savedToken);
             }
@@ -580,7 +582,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
             // get the last signature from the currently-opened file
             String entry = getLastSignature(mFile);
-            if( entry != null ) {
+            if (entry != null) {
                 mSignature.update(entry.getBytes("UTF-8"));
                 mSignature.update(LINE_SEP_BYTE);
             }
@@ -614,12 +616,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     }
 
     private static void setupSigningFailure(String logMessageCode, Exception e)
-        throws EBaseException
-    {
+            throws EBaseException {
         try {
-            ConsoleError.send( new SystemEvent(
-                CMS.getLogMessage(logMessageCode)));
-        } catch(Exception e2) {
+            ConsoleError.send(new SystemEvent(
+                    CMS.getLogMessage(logMessageCode)));
+        } catch (Exception e2) {
             // don't allow an exception while printing to the console
             // prevent us from running the rest of this function.
             e2.printStackTrace();
@@ -632,36 +633,35 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     /**
      * Startup the instance
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP used at audit
-     * function startup
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP used at audit function startup
      * </ul>
+     * 
      * @exception EBaseException if an internal error occurred
      */
     public void startup() throws EBaseException {
         // ensure that any low-level exceptions are reported
         // to the signed audit log and stored as failures
         CMS.debug("LogFile: entering LogFile.startup()");
-        if( mOn && mLogSigning ) {
+        if (mOn && mLogSigning) {
             try {
                 setupSigning();
-                audit( CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP,
-                    ILogger.SYSTEM_UID,
-                    ILogger.SUCCESS) );
-            } catch(EBaseException e) {
-                audit( CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP,
-                    ILogger.SYSTEM_UID,
-                    ILogger.FAILURE) );
+                audit(CMS.getLogMessage(
+                        LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP,
+                        ILogger.SYSTEM_UID,
+                        ILogger.SUCCESS));
+            } catch (EBaseException e) {
+                audit(CMS.getLogMessage(
+                        LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP,
+                        ILogger.SYSTEM_UID,
+                        ILogger.FAILURE));
                 throw e;
             }
         }
 
     }
 
-
     /**
      * Retrieves the eventType this log is triggered.
      */
@@ -673,7 +673,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
      * Retrieves the log on/off.
      */
     public String getOn() {
-        return String.valueOf( mOn );
+        return String.valueOf(mOn);
     }
 
     /**
@@ -695,22 +695,21 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     /**
      * Record that the signed audit log has been signed
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_SIGNING used when a signature on the
-     * audit log is generated (same as "flush" time)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_SIGNING used when a signature on the audit log is generated (same as "flush" time)
      * </ul>
+     * 
      * @exception IOException for input/output problems
      * @exception ELogException when plugin implementation fails
      * @exception SignatureException when signing fails
      * @exception InvalidKeyException when an invalid key is utilized
      */
     private void pushSignature() throws IOException, ELogException,
-            SignatureException, InvalidKeyException
-    {
+            SignatureException, InvalidKeyException {
         byte[] sigBytes = null;
 
-        if( mSignature == null ) {
+        if (mSignature == null) {
             return;
         }
 
@@ -727,31 +726,31 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
                 LOGGING_SIGNED_AUDIT_SIGNING,
                 ILogger.SYSTEM_UID,
                 ILogger.SUCCESS,
-                base64Encode( sigBytes ) );
+                base64Encode(sigBytes));
 
-        if( mSignedAuditLogger == null ) {
+        if (mSignedAuditLogger == null) {
             return;
         }
 
         ILogEvent ev = mSignedAuditLogger.create(
                 ILogger.EV_SIGNED_AUDIT,
-                ( Properties ) null,
+                (Properties) null,
                 ILogger.S_SIGNED_AUDIT,
                 ILogger.LL_SECURITY,
                 auditMessage,
                 o,
-                ILogger.L_SINGLELINE );
+                ILogger.L_SINGLELINE);
 
-        String logMesg = logEvt2String(ev);                    
+        String logMesg = logEvt2String(ev);
         doLog(logMesg, true);
     }
 
     private static String getLastSignature(File f) throws IOException {
-        BufferedReader r = new BufferedReader( new FileReader(f) );
+        BufferedReader r = new BufferedReader(new FileReader(f));
         String lastSig = null;
         String curLine = null;
-        while( (curLine = r.readLine()) != null ) {
-            if( curLine.indexOf("AUDIT_LOG_SIGNING") != -1 ) {
+        while ((curLine = r.readLine()) != null) {
+            if (curLine.indexOf("AUDIT_LOG_SIGNING") != -1) {
                 lastSig = curLine;
             }
         }
@@ -760,8 +759,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     }
 
     /**
-     * Open the log file.  This creates the buffered FileWriter
-     *
+     * Open the log file. This creates the buffered FileWriter
+     * 
      */
     protected synchronized void open() throws IOException {
         RandomAccessFile out;
@@ -771,12 +770,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             out.seek(out.length());
             //XXX int or long?
             mBytesWritten = (int) out.length();
-            if( !Utils.isNT() ) {
+            if (!Utils.isNT()) {
                 try {
-                    Utils.exec( "chmod 00640 " + mFile.getCanonicalPath() );
-                } catch( IOException e ) {
-                    CMS.debug( "Unable to change file permissions on "
-                             + mFile.toString() );
+                    Utils.exec("chmod 00640 " + mFile.getCanonicalPath());
+                } catch (IOException e) {
+                    CMS.debug("Unable to change file permissions on "
+                             + mFile.toString());
                 }
             }
             mLogWriter = new BufferedWriter(
@@ -785,20 +784,20 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             // The first time we open, mSignature will not have been
             // initialized yet. That's ok, we will push our first signature
             // in setupSigning().
-            if( mLogSigning && (mSignature != null)) {
+            if (mLogSigning && (mSignature != null)) {
                 try {
                     pushSignature();
                 } catch (ELogException le) {
                     ConsoleError.send(
-                        new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT",
-                                mFileName)));
+                            new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT",
+                                    mFileName)));
                 }
             }
         } catch (IllegalArgumentException iae) {
             ConsoleError.send(
-                new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT",
-                        mFileName)));
-        } catch(GeneralSecurityException gse) {
+                    new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT",
+                            mFileName)));
+        } catch (GeneralSecurityException gse) {
             // error with signed audit log, shutdown CMS
             gse.printStackTrace();
             shutdownCMS();
@@ -808,12 +807,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     }
 
     /**
-     * Flush the log file.  Also update the MAC for hash protected logs
-     *
+     * Flush the log file. Also update the MAC for hash protected logs
+     * 
      */
     public synchronized void flush() {
         try {
-            if( mLogSigning ) {
+            if (mLogSigning) {
                 try {
                     pushSignature();
                 } catch (ELogException le) {
@@ -831,7 +830,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
                 e.printStackTrace();
                 shutdownCMS();
             }
-        } catch(GeneralSecurityException gse) {
+        } catch (GeneralSecurityException gse) {
             // error with signed audit log, shutdown CMS
             gse.printStackTrace();
             shutdownCMS();
@@ -842,7 +841,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
     /**
      * Close the log file
-     *
+     * 
      */
     protected synchronized void close() {
         try {
@@ -859,10 +858,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     /**
      * Shutdown this log file.
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN used at audit
-     * function shutdown
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN used at audit function shutdown
      * </ul>
      */
     public synchronized void shutdown() {
@@ -876,9 +874,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
         auditMessage = CMS.getLogMessage(
                            LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN,
                            ILogger.SYSTEM_UID,
-                           ILogger.SUCCESS );
+                           ILogger.SUCCESS);
 
-        audit( auditMessage );
+        audit(auditMessage);
 
         close();
     }
@@ -886,9 +884,10 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     /**
      * Set the flush interval
      * <P>
-     * @param    flushInterval The amount of time in seconds until the log
-     * is flush.  A value of 0 will disable autoflush.  This will also set
-     * the update period for hash protected logs.
+     * 
+     * @param flushInterval The amount of time in seconds until the log
+     *            is flush. A value of 0 will disable autoflush. This will also set
+     *            the update period for hash protected logs.
      **/
     public synchronized void setFlushInterval(int flushInterval) {
         mFlushInterval = flushInterval * 1000;
@@ -903,7 +902,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     }
 
     /**
-     * Log flush thread.  Sleep for the flush interval and flush the
+     * Log flush thread. Sleep for the flush interval and flush the
      * log. Changing flush interval to 0 will cause this thread to exit.
      */
     final class FlushThread extends Thread {
@@ -925,7 +924,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
                     } catch (InterruptedException e) {
                         // This shouldn't happen very often
                         ConsoleError.send(new
-                            SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "flush")));
+                                SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "flush")));
                     }
                 }
 
@@ -942,10 +941,10 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     }
 
     /**
-     * Synchronized method to write a string to the log file.  All I18N
+     * Synchronized method to write a string to the log file. All I18N
      * should take place before this call.
-     *
-     * @param  entry The log entry string
+     * 
+     * @param entry The log entry string
      */
     protected synchronized void log(String entry) throws ELogException {
         doLog(entry, false);
@@ -971,40 +970,40 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             try {
                 mLogWriter.write(entry, 0/*offset*/, entry.length());
 
-                if (mLogSigning==true) {
-                    if(mSignature != null) {
+                if (mLogSigning == true) {
+                    if (mSignature != null) {
                         // include newline for calculating MAC
                         mSignature.update(entry.getBytes("UTF-8"));
                     } else {
                         CMS.debug("LogFile: mSignature is not yet ready... null in log()");
                     }
                 }
-                if (mTrace) { 
-                    CharArrayWriter cw = new CharArrayWriter(200); 
+                if (mTrace) {
+                    CharArrayWriter cw = new CharArrayWriter(200);
                     PrintWriter pw = new PrintWriter(cw);
                     Exception e = new Exception();
-                    e.printStackTrace(pw); 
-                    char[] c = cw.toCharArray(); 
-                    cw.close(); 
+                    e.printStackTrace(pw);
+                    char[] c = cw.toCharArray();
+                    cw.close();
                     pw.close();
 
-                    CharArrayReader cr = new CharArrayReader(c); 
+                    CharArrayReader cr = new CharArrayReader(c);
                     LineNumberReader lr = new LineNumberReader(cr);
 
-                    String text = null; 
-                    String method = null; 
+                    String text = null;
+                    String method = null;
                     String fileAndLine = null;
-                    if (lr.ready()) { 
-                        text = lr.readLine(); 
-                        do { 
-                            text = lr.readLine(); 
+                    if (lr.ready()) {
+                        text = lr.readLine();
+                        do {
+                            text = lr.readLine();
                         } while (text.indexOf("logging") != -1);
-                        int p = text.indexOf("("); 
+                        int p = text.indexOf("(");
                         fileAndLine = text.substring(p);
 
-                        String classandmethod = text.substring(0, p); 
-                        int q = classandmethod.lastIndexOf("."); 
-                        method = classandmethod.substring(q + 1); 
+                        String classandmethod = text.substring(0, p);
+                        int q = classandmethod.lastIndexOf(".");
+                        method = classandmethod.substring(q + 1);
                         mLogWriter.write(fileAndLine, 0/*offset*/, fileAndLine.length());
                         mLogWriter.write(" ", 0/*offset*/, " ".length());
                         mLogWriter.write(method, 0/*offset*/, method.length());
@@ -1012,8 +1011,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
                 }
                 mLogWriter.newLine();
 
-                if (mLogSigning==true){
-                    if(mSignature != null) {
+                if (mLogSigning == true) {
+                    if (mSignature != null) {
                         mSignature.update(LINE_SEP_BYTE);
                     } else {
                         CMS.debug("LogFile: mSignature is null in log() 2");
@@ -1027,17 +1026,16 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
                     shutdownCMS();
                 }
             } catch (IllegalStateException e) {
-                CMS.debug("LogFile: exception thrown in log(): "+e.toString());
-                ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage(LOG_SIGNED_AUDIT_EXCEPTION,e.toString())));
-            } catch( GeneralSecurityException gse ) {
+                CMS.debug("LogFile: exception thrown in log(): " + e.toString());
+                ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage(LOG_SIGNED_AUDIT_EXCEPTION, e.toString())));
+            } catch (GeneralSecurityException gse) {
                 // DJN: handle error
                 CMS.debug("LogFile: exception thrown in log(): "
-                    + gse.toString());
+                        + gse.toString());
                 gse.printStackTrace();
                 ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage(
-                    LOG_SIGNED_AUDIT_EXCEPTION,gse.toString())));
+                        LOG_SIGNED_AUDIT_EXCEPTION, gse.toString())));
             }
-                
 
             // XXX
             // Although length will be in Unicode dual-bytes, the PrintWriter
@@ -1057,8 +1055,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
     /**
      * Write an event to the log file
-     *
-     * @param  ev The event to be logged.
+     * 
+     * @param ev The event to be logged.
      */
     public void log(ILogEvent ev) throws ELogException {
         if (ev instanceof AuditEvent) {
@@ -1069,7 +1067,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             if (!mType.equals("system") || (!mOn) || mLevel > ev.getLevel()) {
                 return;
             }
-        }  else if (ev instanceof SignedAuditEvent) {
+        } else if (ev instanceof SignedAuditEvent) {
             if (!mType.equals("signedAudit") || (!mOn) || mLevel > ev.getLevel()) {
                 return;
             }
@@ -1082,7 +1080,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             String type = ev.getEventType();
             if (type != null) {
                 if (!mSelectedEvents.contains(type)) {
-                    CMS.debug("LogFile: event type not selected: "+type);
+                    CMS.debug("LogFile: event type not selected: " + type);
                     return;
                 }
             }
@@ -1120,8 +1118,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
     /**
      * change multi-line log entry by replace "\n" with "\n "
-     *
-     * @param  original The original multi-line log entry.
+     * 
+     * @param original The original multi-line log entry.
      */
     private String prepareMultiline(String original) {
         int i, last = 0;
@@ -1138,12 +1136,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
      * Read all entries whose logLevel>=lowLevel && log source = source
      * to at most maxLine entries(from end)
      * If the parameter is -1, it's ignored and return all entries
-     *
+     * 
      * @param maxLine The maximum lines to be returned
      * @param lowLevel The lowest log level to be returned
      * @param source The particular log source to be returned
      * @param fName The log file name to be read. If it's null, read the current
-     * log file
+     *            log file
      */
     public Vector<LogEntry> readEntry(int maxLine, int lowLevel, int source, String fName) {
         Vector<LogEntry> mEntries = new Vector<LogEntry>();
@@ -1152,7 +1150,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
         int lineNo = 0; // lineNo of the current entry in the log file
         int line = 0; // line of readed valid entries
         String firstLine = null; // line buffer
-        String nextLine = null; 
+        String nextLine = null;
         String entry = null;
         LogEntry logEntry = null;
 
@@ -1162,7 +1160,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
          this implementation is assuming parsing is more time consuming than
          condition check
          */
-        LogEntry preLogEntry = null; 
+        LogEntry preLogEntry = null;
 
         if (fName != null) {
             fileName = fName;
@@ -1194,9 +1192,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
                                 // if parse succeed, write out previous entry
                                 if (preLogEntry != null) {
                                     if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel) &&
-                                        ((Integer.parseInt(preLogEntry.getSource()) == source) ||
+                                            ((Integer.parseInt(preLogEntry.getSource()) == source) ||
                                             (source == ILogger.S_ALL)
-                                        )) {
+                                            )) {
                                         mEntries.addElement(preLogEntry);
                                         if (maxLine == -1) {
                                             line++;
@@ -1223,13 +1221,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
                 } catch (IOException e) {
                     CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                        ILogger.LL_FAILURE,
-            CMS.getLogMessage("LOGGING_READ_ERROR", fileName,
-                        Integer.toString(lineNo)));
+                            ILogger.LL_FAILURE,
+                            CMS.getLogMessage("LOGGING_READ_ERROR", fileName,
+                                    Integer.toString(lineNo)));
                 }
 
-            }
-            while (nextLine != null);
+            } while (nextLine != null);
 
             // need to process the last 2 entries of the file
             if (firstLine != null) {
@@ -1248,9 +1245,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
                      */
                     if (preLogEntry != null) {
                         if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel) &&
-                            ((Integer.parseInt(preLogEntry.getSource()) == source) ||
+                                ((Integer.parseInt(preLogEntry.getSource()) == source) ||
                                 (source == ILogger.S_ALL)
-                            )) {
+                                )) {
                             mEntries.addElement(preLogEntry);
                             if (maxLine == -1) {
                                 line++;
@@ -1268,11 +1265,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
                 if (preLogEntry != null) {
                     if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel)
-                        &&
-                        ((Integer.parseInt(preLogEntry.getSource()) == source)
+                            &&
+                            ((Integer.parseInt(preLogEntry.getSource()) == source)
                             ||
                             (source == ILogger.S_ALL)
-                        )) {
+                            )) {
                         // parse the entry, pass to UI
                         mEntries.addElement(preLogEntry);
                         if (maxLine == -1) {
@@ -1291,15 +1288,15 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
                 fBuffer.close();
             } catch (IOException e) {
                 CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE, "logging:" + fileName +
-                    " failed to close for reading");
+                        ILogger.LL_FAILURE, "logging:" + fileName +
+                                " failed to close for reading");
             }
 
         } catch (FileNotFoundException e) {
             CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                ILogger.LL_FAILURE, 
-        CMS.getLogMessage("LOGGING_FILE_NOT_FOUND",
-            fileName));
+                    ILogger.LL_FAILURE,
+                    CMS.getLogMessage("LOGGING_FILE_NOT_FOUND",
+                            fileName));
         }
         return mEntries;
     }
@@ -1307,7 +1304,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     /**
      * Retrieves the configuration store of this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -1316,7 +1313,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
     /**
      * Retrieve last "maxLine" number of system log with log lever >"level"
-     * and from  source "source". If the parameter is omitted. All entries
+     * and from source "source". If the parameter is omitted. All entries
      * are sent back.
      */
     public synchronized NameValuePairs retrieveLogContent(Hashtable<String, String> req) throws ServletException,
@@ -1324,18 +1321,18 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
         NameValuePairs params = new NameValuePairs();
         String tmp, fName = null;
         int maxLine = -1, level = -1, source = -1;
-        Vector<LogEntry>  entries = null;
+        Vector<LogEntry> entries = null;
 
-        if ((tmp = (String)req.get(Constants.PR_LOG_ENTRY)) != null) {
+        if ((tmp = (String) req.get(Constants.PR_LOG_ENTRY)) != null) {
             maxLine = Integer.parseInt(tmp);
         }
-        if ((tmp = (String)req.get(Constants.PR_LOG_LEVEL)) != null) {
+        if ((tmp = (String) req.get(Constants.PR_LOG_LEVEL)) != null) {
             level = Integer.parseInt(tmp);
         }
-        if ((tmp = (String)req.get(Constants.PR_LOG_SOURCE)) != null) {
+        if ((tmp = (String) req.get(Constants.PR_LOG_SOURCE)) != null) {
             source = Integer.parseInt(tmp);
         }
-        tmp = (String)req.get(Constants.PR_LOG_NAME);
+        tmp = (String) req.get(Constants.PR_LOG_NAME);
         if (!(tmp.equals(Constants.PR_CURRENT_LOG))) {
             fName = tmp;
         } else {
@@ -1346,12 +1343,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             entries = readEntry(maxLine, level, source, fName);
             for (int i = 0; i < entries.size(); i++) {
                 params.add(Integer.toString(i) +
-                    ((LogEntry) entries.elementAt(i)).getEntry(), "");
+                        ((LogEntry) entries.elementAt(i)).getEntry(), "");
             }
         } catch (Exception e) {
             CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                ILogger.LL_WARN, 
-                "System log parse error");
+                    ILogger.LL_WARN,
+                    "System log parse error");
         }
         return params;
     }
@@ -1386,9 +1383,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
         // is not for the signed audit type, then we should not show the
         // following parameters.
         //if( mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) {
-            v.addElement( PROP_SIGNED_AUDIT_LOG_SIGNING + "=" );
-            v.addElement( PROP_SIGNED_AUDIT_CERT_NICKNAME + "=" );
-            v.addElement( PROP_SIGNED_AUDIT_EVENTS + "=" );
+        v.addElement(PROP_SIGNED_AUDIT_LOG_SIGNING + "=");
+        v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "=");
+        v.addElement(PROP_SIGNED_AUDIT_EVENTS + "=");
         //}
 
         return v;
@@ -1401,11 +1398,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
             if (mType == null) {
                 v.addElement(PROP_TYPE + "=");
-            }else {
+            } else {
                 v.addElement(PROP_TYPE + "=" +
-                    mConfig.getString(PROP_TYPE));
+                        mConfig.getString(PROP_TYPE));
             }
-            v.addElement(PROP_ON + "=" + String.valueOf( mOn ) );
+            v.addElement(PROP_ON + "=" + String.valueOf(mOn));
             if (mLevel == 0)
                 v.addElement(PROP_LEVEL + "=" + ILogger.LL_DEBUG_STRING);
             else if (mLevel == 1)
@@ -1423,29 +1420,29 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
             if (mFileName == null) {
                 v.addElement(PROP_FILE_NAME + "=");
-            }else {
+            } else {
                 v.addElement(PROP_FILE_NAME + "=" +
-                    mFileName);
+                        mFileName);
             }
             v.addElement(PROP_BUFFER_SIZE + "=" + mBufferSize);
             v.addElement(PROP_FLUSH_INTERVAL + "=" + mFlushInterval / 1000);
 
-            if( (mType != null) && mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) {
-                v.addElement( PROP_SIGNED_AUDIT_LOG_SIGNING + "="
-                            + String.valueOf( mLogSigning ) );
+            if ((mType != null) && mType.equals(ILogger.PROP_SIGNED_AUDIT)) {
+                v.addElement(PROP_SIGNED_AUDIT_LOG_SIGNING + "="
+                            + String.valueOf(mLogSigning));
 
-                if( mSAuditCertNickName == null ) {
-                    v.addElement( PROP_SIGNED_AUDIT_CERT_NICKNAME + "=" );
+                if (mSAuditCertNickName == null) {
+                    v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "=");
                 } else {
-                    v.addElement( PROP_SIGNED_AUDIT_CERT_NICKNAME + "="
-                                + mSAuditCertNickName );
+                    v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "="
+                                + mSAuditCertNickName);
                 }
 
-                if( mSelectedEventsList == null ) {
-                    v.addElement( PROP_SIGNED_AUDIT_EVENTS + "=" );
+                if (mSelectedEventsList == null) {
+                    v.addElement(PROP_SIGNED_AUDIT_EVENTS + "=");
                 } else {
-                    v.addElement( PROP_SIGNED_AUDIT_EVENTS + "="
-                                + mSelectedEventsList );
+                    v.addElement(PROP_SIGNED_AUDIT_EVENTS + "="
+                                + mSelectedEventsList);
                 }
             }
         } catch (Exception e) {
@@ -1454,30 +1451,30 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
-        if( mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) {
+        if (mType.equals(ILogger.PROP_SIGNED_AUDIT)) {
             String[] params = {
-                PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to",
-                PROP_ON + ";boolean;Turn on the listener",
-                PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," +
-                ILogger.LL_INFO_STRING + "," +
-                ILogger.LL_WARN_STRING + "," +
-                ILogger.LL_FAILURE_STRING + "," +
-                ILogger.LL_MISCONF_STRING + "," +
-                ILogger.LL_CATASTRPHE_STRING + "," +
-                ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener",
-                PROP_FILE_NAME + ";string;The name of the file the log is written to",
-                PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)",
-                PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file",
-                IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-logrules-logfile",
-                IExtendedPluginInfo.HELP_TEXT +
-                ";Write the log messages to a file",
-                PROP_SIGNED_AUDIT_LOG_SIGNING +
-                ";boolean;Enable audit logs to be signed",
-                PROP_SIGNED_AUDIT_CERT_NICKNAME +
-                ";string;The nickname of the certificate to be used to sign audit logs",
-                PROP_SIGNED_AUDIT_EVENTS +
-                ";string;A comma-separated list of strings used to specify particular signed audit log events",
+                    PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to",
+                    PROP_ON + ";boolean;Turn on the listener",
+                    PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," +
+                            ILogger.LL_INFO_STRING + "," +
+                            ILogger.LL_WARN_STRING + "," +
+                            ILogger.LL_FAILURE_STRING + "," +
+                            ILogger.LL_MISCONF_STRING + "," +
+                            ILogger.LL_CATASTRPHE_STRING + "," +
+                            ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener",
+                    PROP_FILE_NAME + ";string;The name of the file the log is written to",
+                    PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)",
+                    PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file",
+                    IExtendedPluginInfo.HELP_TOKEN +
+                            ";configuration-logrules-logfile",
+                    IExtendedPluginInfo.HELP_TEXT +
+                            ";Write the log messages to a file",
+                    PROP_SIGNED_AUDIT_LOG_SIGNING +
+                            ";boolean;Enable audit logs to be signed",
+                    PROP_SIGNED_AUDIT_CERT_NICKNAME +
+                            ";string;The nickname of the certificate to be used to sign audit logs",
+                    PROP_SIGNED_AUDIT_EVENTS +
+                            ";string;A comma-separated list of strings used to specify particular signed audit log events",
             };
 
             return params;
@@ -1485,22 +1482,22 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             // mType.equals( ILogger.PROP_AUDIT )  ||
             // mType.equals( ILogger.PROP_SYSTEM )
             String[] params = {
-                PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to",
-                PROP_ON + ";boolean;Turn on the listener",
-                PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," +
-                ILogger.LL_INFO_STRING + "," +
-                ILogger.LL_WARN_STRING + "," +
-                ILogger.LL_FAILURE_STRING + "," +
-                ILogger.LL_MISCONF_STRING + "," +
-                ILogger.LL_CATASTRPHE_STRING + "," +
-                ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener",
-                PROP_FILE_NAME + ";string;The name of the file the log is written to",
-                PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)",
-                PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file",
-                IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-logrules-logfile",
-                IExtendedPluginInfo.HELP_TEXT +
-                ";Write the log messages to a file"
+                    PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to",
+                    PROP_ON + ";boolean;Turn on the listener",
+                    PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," +
+                            ILogger.LL_INFO_STRING + "," +
+                            ILogger.LL_WARN_STRING + "," +
+                            ILogger.LL_FAILURE_STRING + "," +
+                            ILogger.LL_MISCONF_STRING + "," +
+                            ILogger.LL_CATASTRPHE_STRING + "," +
+                            ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener",
+                    PROP_FILE_NAME + ";string;The name of the file the log is written to",
+                    PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)",
+                    PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file",
+                    IExtendedPluginInfo.HELP_TOKEN +
+                            ";configuration-logrules-logfile",
+                    IExtendedPluginInfo.HELP_TEXT +
+                            ";Write the log messages to a file"
             };
 
             return params;
@@ -1509,27 +1506,25 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
     /**
      * Signed Audit Log
-     *
+     * 
      * This method is inherited by all classes that extend this "LogFile"
      * class, and is called to store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
-    protected void audit( String msg )
-    {
+    protected void audit(String msg) {
         // in this case, do NOT strip preceding/trailing whitespace
         // from passed-in String parameters
 
-        if( mSignedAuditLogger == null ) {
+        if (mSignedAuditLogger == null) {
             return;
         }
 
-        mSignedAuditLogger.log( ILogger.EV_SIGNED_AUDIT,
+        mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
                                 null,
                                 ILogger.S_SIGNED_AUDIT,
                                 ILogger.LL_SECURITY,
-                                msg );
+                                msg);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
index d2dab395..967c7903 100644
--- a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
+++ b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.logging;
 
-
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.FilenameFilter;
@@ -41,12 +40,11 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.logging.SystemEvent;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
  * A rotating log file for Certificate log events. This class loosely follows
  * the Netscape Common Log API implementing rollover interval, size and file
  * naming conventions. It does not yet implement Disk Usage.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class RollingLogFile extends LogFile {
@@ -105,7 +103,7 @@ public class RollingLogFile extends LogFile {
     private Object mExpLock = new Object();
 
     private final static String LOGGING_SIGNED_AUDIT_LOG_DELETE =
-        "LOGGING_SIGNED_AUDIT_LOG_DELETE_3";
+            "LOGGING_SIGNED_AUDIT_LOG_DELETE_3";
 
     /**
      * Construct a RollingLogFile
@@ -115,7 +113,7 @@ public class RollingLogFile extends LogFile {
 
     /**
      * Initialize and open a RollingLogFile using the prop config store
-     *
+     * 
      * @param config The property config store to find values in
      */
     public void init(IConfigStore config) throws IOException,
@@ -123,8 +121,8 @@ public class RollingLogFile extends LogFile {
         super.init(config);
 
         rl_init(config.getInteger(PROP_MAX_FILE_SIZE, MAX_FILE_SIZE),
-            config.getString(PROP_ROLLOVER_INTERVAL, ROLLOVER_INTERVAL),
-            config.getString(PROP_EXPIRATION_TIME, EXPIRATION_TIME));
+                config.getString(PROP_ROLLOVER_INTERVAL, ROLLOVER_INTERVAL),
+                config.getString(PROP_EXPIRATION_TIME, EXPIRATION_TIME));
     }
 
     /**
@@ -132,7 +130,7 @@ public class RollingLogFile extends LogFile {
      * attributes.
      */
     protected void rl_init(int maxFileSize, String rolloverInterval,
-        String expirationTime) {
+            String expirationTime) {
         mMaxFileSize = maxFileSize * 1024;
         setRolloverTime(rolloverInterval);
         setExpirationTime(expirationTime);
@@ -153,9 +151,9 @@ public class RollingLogFile extends LogFile {
 
     /**
      * Set the rollover interval
-     *
-     * @param	rolloverSeconds The amount of time in seconds until the log
-     * is rotated.  A value of 0 will disable log rollover.
+     * 
+     * @param rolloverSeconds The amount of time in seconds until the log
+     *            is rotated. A value of 0 will disable log rollover.
      **/
     public synchronized void setRolloverTime(String rolloverSeconds) {
         mRolloverInterval = Long.valueOf(rolloverSeconds).longValue() * 1000;
@@ -171,8 +169,8 @@ public class RollingLogFile extends LogFile {
 
     /**
      * Get the rollover interval
-     *
-     * @return   The interval in seconds in which the log is rotated
+     * 
+     * @return The interval in seconds in which the log is rotated
      **/
     public synchronized int getRolloverTime() {
         return (int) (mRolloverInterval / 1000);
@@ -180,9 +178,9 @@ public class RollingLogFile extends LogFile {
 
     /**
      * Set the file expiration time
-     *
-     * @param	expirationSeconds The amount of time in seconds until log files
-     * are deleted
+     * 
+     * @param expirationSeconds The amount of time in seconds until log files
+     *            are deleted
      **/
     public void setExpirationTime(String expirationSeconds) {
 
@@ -205,8 +203,8 @@ public class RollingLogFile extends LogFile {
 
     /**
      * Get the expiration time
-     *
-     * @return   The age in seconds in which log files are delete
+     * 
+     * @return The age in seconds in which log files are delete
      **/
     public int getExpirationTime() {
         return (int) (mExpirationTime / 1000);
@@ -217,7 +215,7 @@ public class RollingLogFile extends LogFile {
      * extension
      **/
     public synchronized void rotate()
-        throws IOException {
+            throws IOException {
 
         //File backupFile = new File(mFileName + "." + mFileNumber);
         File backupFile = new File(mFileName + "." + mLogFileDateFormat.format(mDate));
@@ -225,54 +223,54 @@ public class RollingLogFile extends LogFile {
         // close, backup, and reopen the log file zeroizing its contents
         super.close();
         try {
-            if( Utils.isNT() ) {
+            if (Utils.isNT()) {
                 // NT is very picky on the path
-                Utils.exec( "copy " +
-                            mFile.getCanonicalPath().replace( '/', '\\' ) +
+                Utils.exec("copy " +
+                            mFile.getCanonicalPath().replace('/', '\\') +
                             " " +
-                            backupFile.getCanonicalPath().replace( '/',
-                                                                   '\\' ) );
+                            backupFile.getCanonicalPath().replace('/',
+                                                                   '\\'));
             } else {
                 // Create a copy of the original file which
                 // preserves the original file permissions.
-                Utils.exec( "cp -p " + mFile.getCanonicalPath() + " " +
-                             backupFile.getCanonicalPath() );
+                Utils.exec("cp -p " + mFile.getCanonicalPath() + " " +
+                             backupFile.getCanonicalPath());
             }
 
             // Zeroize the original file if and only if
             // the backup copy was successful.
-            if( backupFile.exists() ) {
+            if (backupFile.exists()) {
 
                 // Make certain that the backup file has
                 // the correct permissions.
-                if( !Utils.isNT() ) {
-                    Utils.exec( "chmod 00640 " + backupFile.getCanonicalPath() );
+                if (!Utils.isNT()) {
+                    Utils.exec("chmod 00640 " + backupFile.getCanonicalPath());
                 }
 
                 try {
                     // Open and close the original file
                     // to zeroize its contents.
-                    PrintWriter pw = new PrintWriter( mFile );
+                    PrintWriter pw = new PrintWriter(mFile);
                     pw.close();
 
                     // Make certain that the original file retains
                     // the correct permissions.
-                    if( !Utils.isNT() ) {
-                        Utils.exec( "chmod 00640 " + mFile.getCanonicalPath() );
+                    if (!Utils.isNT()) {
+                        Utils.exec("chmod 00640 " + mFile.getCanonicalPath());
                     }
-                } catch ( FileNotFoundException e ) {
-                    CMS.debug( "Unable to zeroize "
-                             + mFile.toString() );
+                } catch (FileNotFoundException e) {
+                    CMS.debug("Unable to zeroize "
+                             + mFile.toString());
                 }
             } else {
-                CMS.debug( "Unable to backup "
+                CMS.debug("Unable to backup "
                          + mFile.toString() + " to "
-                         + backupFile.toString() );
+                         + backupFile.toString());
             }
-        } catch( Exception e ) {
-            CMS.debug( "Unable to backup "
+        } catch (Exception e) {
+            CMS.debug("Unable to backup "
                      + mFile.toString() + " to "
-                     + backupFile.toString() );
+                     + backupFile.toString());
         }
         super.open(); // will reset mBytesWritten
         mFileNumber++;
@@ -282,17 +280,16 @@ public class RollingLogFile extends LogFile {
      * Remove any log files which have not been modified in the specified
      * time
      * <P>
-     *
-     * NOTE:  automatic removal of log files is currently NOT supported!
+     * 
+     * NOTE: automatic removal of log files is currently NOT supported!
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_DELETE used AFTER audit log
-     * expires (authorization should not allow, but in case authorization gets
-     * compromised make sure it is written AFTER the log expiration happens)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_DELETE used AFTER audit log expires (authorization should not allow, but in case authorization gets compromised make sure it is written AFTER the log expiration happens)
      * </ul>
+     * 
      * @param expirationSeconds The number of seconds since the expired files
-     * have been modified.
+     *            have been modified.
      * @return the time in milliseconds when the next file expires
      **/
     public long expire(long expirationSeconds) throws ELogException {
@@ -322,7 +319,7 @@ public class RollingLogFile extends LogFile {
             pathName = fileName.substring(0, index);
             baseName = fileName.substring(index + 1);
             dirName = dirName.concat("/" + pathName);
-        }else { // "/" NOT exist in fileName
+        } else { // "/" NOT exist in fileName
             baseName = fileName;
         }
 
@@ -330,8 +327,7 @@ public class RollingLogFile extends LogFile {
         String[] filelist = dir.list(ff);
 
         if (filelist == null) { // Crap!  Something is wrong.
-            throw new
-                ELogException(CMS.getUserMessage("CMS_LOG_DIRECTORY_LIST_FAILED",
+            throw new ELogException(CMS.getUserMessage("CMS_LOG_DIRECTORY_LIST_FAILED",
                     dirName, ff.toString()));
         }
 
@@ -340,10 +336,10 @@ public class RollingLogFile extends LogFile {
         for (int i = 0; i < filelist.length; i++) {
             if (pathName != null) {
                 filelist[i] = pathName + "/" + filelist[i];
-            }else {
+            } else {
                 filelist[i] = dirName + "/" + filelist[i];
             }
-            
+
             String fullname = dirName + File.separatorChar + filelist[i];
             File file = new File(fullname);
             long fileTime = file.lastModified();
@@ -392,7 +388,7 @@ public class RollingLogFile extends LogFile {
     //
 
     /**
-     * Log rotation thread.  Sleep for the rollover interval and rotate the
+     * Log rotation thread. Sleep for the rollover interval and rotate the
      * log. Changing rollover interval to 0 will cause this thread to exit.
      */
     final class RolloverThread extends Thread {
@@ -414,7 +410,7 @@ public class RollingLogFile extends LogFile {
                     } catch (InterruptedException e) {
                         // This shouldn't happen very often
                         CMS.getLogger().getLogQueue().log(new
-                            SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "rollover")));
+                                SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "rollover")));
                     }
                 }
 
@@ -427,7 +423,7 @@ public class RollingLogFile extends LogFile {
                         rotate();
                     } catch (IOException e) {
                         ConsoleError.send(new
-                            SystemEvent(CMS.getUserMessage("CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(), e.toString())));
+                                SystemEvent(CMS.getUserMessage("CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(), e.toString())));
                         break;
                     }
                 }
@@ -439,9 +435,8 @@ public class RollingLogFile extends LogFile {
         }
     }
 
-
     /**
-     * Log expiration thread.  Sleep for the expiration interval and
+     * Log expiration thread. Sleep for the expiration interval and
      * delete any files which are too old.
      * Changing expiration interval to 0 will cause this thread to exit.
      */
@@ -467,11 +462,11 @@ public class RollingLogFile extends LogFile {
                         wakeupTime = expire((long) (mExpirationTime / 1000));
                     } catch (SecurityException e) {
                         ConsoleError.send(new
-                            SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString())));
+                                SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString())));
                         break;
                     } catch (ELogException e) {
                         ConsoleError.send(new
-                            SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString())));
+                                SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString())));
                         break;
                     }
 
@@ -488,7 +483,7 @@ public class RollingLogFile extends LogFile {
                         } catch (InterruptedException e) {
                             // This shouldn't happen very often
                             ConsoleError.send(new
-                                SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "expiration")));
+                                    SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "expiration")));
                         }
                     }
                 }
@@ -499,8 +494,8 @@ public class RollingLogFile extends LogFile {
 
     /**
      * Write an event to the log file
-     *
-     * @param  ev The event to be logged.
+     * 
+     * @param ev The event to be logged.
      **/
     public synchronized void log(ILogEvent ev) throws ELogException {
         //xxx, Shall we log first without checking if it exceed the maximum?
@@ -519,9 +514,9 @@ public class RollingLogFile extends LogFile {
     /**
      * Retrieve log file list.
      */
-    public synchronized NameValuePairs retrieveLogList(Hashtable<String, String>  req
-        ) throws ServletException,
-            IOException, EBaseException {
+    public synchronized NameValuePairs retrieveLogList(Hashtable<String, String> req
+            ) throws ServletException,
+                    IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         String[] files = null;
 
@@ -534,7 +529,7 @@ public class RollingLogFile extends LogFile {
 
     /**
      * Get the log file list in the log directory
-     *
+     * 
      * @return an array of filenames with related path to cert server root
      */
     protected String[] fileList() {
@@ -552,10 +547,10 @@ public class RollingLogFile extends LogFile {
             } else {
                 dirName = dirName.concat("/" + pathName);
             }
-        }else { // "/" NOT exist in fileName
+        } else { // "/" NOT exist in fileName
             baseName = fileName;
         }
-			
+
         File dir = new File(dirName);
 
         fileFilter ff = new fileFilter(baseName + ".");
@@ -563,13 +558,13 @@ public class RollingLogFile extends LogFile {
         //error,logs,logs/error jdk115
         //logs/system,., logs/system jdk116
         //System.out.println(mFile.getName()+","+dirName+","+mFile.getPath()); //log/system,.
-		
+
         String[] filelist = dir.list(ff);
 
         for (int i = 0; i < filelist.length; i++) {
             if (pathName != null) {
                 filelist[i] = pathName + "/" + filelist[i];
-            }else {
+            } else {
                 filelist[i] = dirName + "/" + filelist[i];
             }
         }
@@ -627,10 +622,10 @@ public class RollingLogFile extends LogFile {
         info.addElement(PROP_ROLLOVER_INTERVAL + ";choice(Hourly,Daily,Weekly,Monthly,Yearly);The frequency of the log being rotated.");
         info.addElement(PROP_EXPIRATION_TIME + ";integer;The amount of time before a backed up log is removed in seconds");
         info.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            //";configuration-logrules-rollinglogfile");
-            ";configuration-adminbasics");
+                //";configuration-logrules-rollinglogfile");
+                ";configuration-adminbasics");
         info.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Write the log messages to a file which will be rotated automatically.");
+                ";Write the log messages to a file which will be rotated automatically.");
         String[] params = new String[info.size()];
 
         info.copyInto(params);
@@ -639,14 +634,13 @@ public class RollingLogFile extends LogFile {
     }
 }
 
-
 /**
  * A file filter to select the file with a given prefix
  */
 class fileFilter implements FilenameFilter {
     String patternToMatch = null;
 
-    public fileFilter (String pattern) {
+    public fileFilter(String pattern) {
         patternToMatch = pattern;
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/notification/MailNotification.java b/pki/base/common/src/com/netscape/cms/notification/MailNotification.java
index af651584..ef09d8f7 100644
--- a/pki/base/common/src/com/netscape/cms/notification/MailNotification.java
+++ b/pki/base/common/src/com/netscape/cms/notification/MailNotification.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.notification;
 
-
 import java.io.IOException;
 import java.io.PrintStream;
 import java.util.Vector;
@@ -30,13 +29,12 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.notification.ENotificationException;
 import com.netscape.certsrv.notification.IMailNotification;
 
-
 /**
  * This class handles mail notification via SMTP.
  * This class uses <b>smtp.host</b> in the configuration for smtp
- * host.  The port default (25) is used.  If no smtp specified, local
+ * host. The port default (25) is used. If no smtp specified, local
  * host is used
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class MailNotification implements IMailNotification {
@@ -56,10 +54,10 @@ public class MailNotification implements IMailNotification {
         if (mHost == null) {
             try {
                 IConfigStore mConfig =
-                    CMS.getConfigStore();
+                        CMS.getConfigStore();
 
                 IConfigStore c =
-                    mConfig.getSubStore(PROP_SMTP_SUBSTORE);
+                        mConfig.getSubStore(PROP_SMTP_SUBSTORE);
 
                 if (c == null) {
                     return;
@@ -94,7 +92,7 @@ public class MailNotification implements IMailNotification {
         if ((mFrom != null) && (!mFrom.equals("")))
             sc.from(mFrom);
         else {
-            throw new ENotificationException (
+            throw new ENotificationException(
                     CMS.getUserMessage("CMS_NOTIFICATION_NO_SMTP_SENDER"));
         }
 
@@ -103,7 +101,7 @@ public class MailNotification implements IMailNotification {
             log(ILogger.LL_INFO, "mail to be sent to " + mTo);
             sc.to(mTo);
         } else {
-            throw new ENotificationException (
+            throw new ENotificationException(
                     CMS.getUserMessage("CMS_NOTIFICATION_NO_SMTP_RECEIVER"));
         }
 
@@ -129,13 +127,14 @@ public class MailNotification implements IMailNotification {
             sc.closeServer();
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-            throw new ENotificationException (
+            throw new ENotificationException(
                     CMS.getUserMessage("CMS_NOTIFICATION_SMTP_SEND_FAILED", mTo));
         }
     }
 
     /**
      * sets the "From" field
+     * 
      * @param from email address of the sender
      */
     public void setFrom(String from) {
@@ -144,6 +143,7 @@ public class MailNotification implements IMailNotification {
 
     /**
      * sets the "Subject" field
+     * 
      * @param subject subject of the email
      */
     public void setSubject(String subject) {
@@ -152,6 +152,7 @@ public class MailNotification implements IMailNotification {
 
     /**
      * sets the "Content-Type" field
+     * 
      * @param contentType content type of the email
      */
     public void setContentType(String contentType) {
@@ -160,6 +161,7 @@ public class MailNotification implements IMailNotification {
 
     /**
      * sets the content of the email
+     * 
      * @param content the message content
      */
     public void setContent(String content) {
@@ -168,6 +170,7 @@ public class MailNotification implements IMailNotification {
 
     /**
      * sets the recipients' email addresses
+     * 
      * @param addresses a list of email addresses of the recipients
      */
     public void setTo(Vector<String> addresses) {
@@ -177,6 +180,7 @@ public class MailNotification implements IMailNotification {
 
     /**
      * sets the recipient's email address
+     * 
      * @param to address of the recipient email address
      */
     public void setTo(String to) {
@@ -187,7 +191,7 @@ public class MailNotification implements IMailNotification {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, "MailNotification: " + msg);
+                level, "MailNotification: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java
index 0468e13f..34cf5578 100644
--- a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java
+++ b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.ocsp;
 
-
 import java.math.BigInteger;
 import java.security.MessageDigest;
 import java.security.cert.X509CRL;
@@ -75,11 +74,10 @@ import com.netscape.cmsutil.ocsp.SingleResponse;
 import com.netscape.cmsutil.ocsp.TBSRequest;
 import com.netscape.cmsutil.ocsp.UnknownInfo;
 
-
 /**
  * This is the default OCSP store that stores revocation information
  * as certificate record (CMS internal data structure).
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DefStore implements IDefStore, IExtendedPluginInfo {
@@ -90,18 +88,18 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
     private static final String PROP_USE_CACHE = "useCache";
 
     private static final String PROP_REFRESH_IN_SEC = "refreshInSec";
-    private static final int DEF_REFRESH_IN_SEC = 0; 
+    private static final int DEF_REFRESH_IN_SEC = 0;
 
     public static final BigInteger BIG_ZERO = new BigInteger("0");
     public static final Long MINUS_ONE = Long.valueOf(-1);
 
-    private final static String PROP_BY_NAME = 
-        "byName";
-    private final static String PROP_WAIT_ON_CRL_UPDATE = 
-        "waitOnCRLUpdate";
+    private final static String PROP_BY_NAME =
+            "byName";
+    private final static String PROP_WAIT_ON_CRL_UPDATE =
+            "waitOnCRLUpdate";
     private final static String PROP_NOT_FOUND_GOOD = "notFoundAsGood";
     private final static String PROP_INCLUDE_NEXT_UPDATE =
-        "includeNextUpdate";
+            "includeNextUpdate";
 
     protected Hashtable<String, Long> mReqCounts = new Hashtable<String, Long>();
     protected boolean mNotFoundGood = true;
@@ -123,19 +121,19 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
     public DefStore() {
     }
 
-    public String[] getExtendedPluginInfo(Locale locale) { 
-        Vector<String> v = new Vector<String>(); 
+    public String[] getExtendedPluginInfo(Locale locale) {
+        Vector<String> v = new Vector<String>();
 
         v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_NOT_FOUND_GOOD"));
         v.addElement(PROP_BY_NAME + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_BY_NAME"));
         v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_INCLUDE_NEXT_UPDATE"));
         v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_DESC"));
-        v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-defstore"); 
+        v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-defstore");
         return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
     }
 
-    public void init(ISubsystem owner, IConfigStore config) 	
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         mOCSPAuthority = (IOCSPAuthority) owner;
         mConfig = config;
 
@@ -170,8 +168,8 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
         initWebGateway();
 
         /**
-         DeleteOldCRLsThread t = new DeleteOldCRLsThread(this);
-         t.start();
+         * DeleteOldCRLsThread t = new DeleteOldCRLsThread(this);
+         * t.start();
          **/
         // deleteOldCRLs();
     }
@@ -180,7 +178,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
      * init web gateway - just gets the ee gateway for this CA.
      */
     private void initWebGateway()
-        throws EBaseException {
+            throws EBaseException {
     }
 
     public IRepositoryRecord createRepositoryRecord() {
@@ -222,20 +220,20 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
     }
 
     /**
-     * This store will not delete the old CRL until the 
+     * This store will not delete the old CRL until the
      * new one is totally committed.
      */
     public void deleteOldCRLs() throws EBaseException {
         Enumeration<ICRLIssuingPointRecord> recs = searchCRLIssuingPointRecord(
                 "objectclass=" +
-                CMS.getCRLIssuingPointRecordName(),
+                        CMS.getCRLIssuingPointRecordName(),
                 100);
         X509CertImpl theCert = null;
         ICRLIssuingPointRecord theRec = null;
 
         while (recs.hasMoreElements()) {
-            ICRLIssuingPointRecord rec = 
-                recs.nextElement();
+            ICRLIssuingPointRecord rec =
+                    recs.nextElement();
 
             deleteOldCRLsInCA(rec.getId());
         }
@@ -246,7 +244,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
 
         try {
             ICRLIssuingPointRecord cp = (ICRLIssuingPointRecord)
-                readCRLIssuingPoint(caName);
+                    readCRLIssuingPoint(caName);
 
             if (cp == null)
                 return; // nothing to do
@@ -257,34 +255,35 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
             Enumeration<IRepositoryRecord> e = searchRepository(
                     caName,
                     "(!" + IRepositoryRecord.ATTR_SERIALNO + "=" +
-                    thisUpdate + ")");
+                            thisUpdate + ")");
 
             while (e != null && e.hasMoreElements()) {
                 IRepositoryRecord r = e.nextElement();
-                Enumeration<ICertRecord> recs = 
-                    searchCertRecord(caName,
-                        r.getSerialNumber().toString(),
-                        ICertRecord.ATTR_ID + "=*");
-
-                log(ILogger.LL_INFO, "remove CRL 0x" + 
-                    r.getSerialNumber().toString(16) + 
-                    " of " + caName);
-                String rep_dn = "ou=" + 
-                    r.getSerialNumber().toString() +
-                    ",cn=" + transformDN(caName) + "," + 
-                    getBaseDN();
+                Enumeration<ICertRecord> recs =
+                        searchCertRecord(caName,
+                                r.getSerialNumber().toString(),
+                                ICertRecord.ATTR_ID + "=*");
+
+                log(ILogger.LL_INFO, "remove CRL 0x" +
+                        r.getSerialNumber().toString(16) +
+                        " of " + caName);
+                String rep_dn = "ou=" +
+                        r.getSerialNumber().toString() +
+                        ",cn=" + transformDN(caName) + "," +
+                        getBaseDN();
 
                 while (recs != null && recs.hasMoreElements()) {
-                    ICertRecord rec =  recs.nextElement();
-                    String cert_dn = "cn=" + 
-                        rec.getSerialNumber().toString() + "," + rep_dn;
+                    ICertRecord rec = recs.nextElement();
+                    String cert_dn = "cn=" +
+                            rec.getSerialNumber().toString() + "," + rep_dn;
 
                     s.delete(cert_dn);
                 }
                 s.delete(rep_dn);
             }
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
     }
 
@@ -297,12 +296,12 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public void startup() throws EBaseException {
-        int refresh = mConfig.getInteger(PROP_REFRESH_IN_SEC, 
-           DEF_REFRESH_IN_SEC);
+        int refresh = mConfig.getInteger(PROP_REFRESH_IN_SEC,
+                DEF_REFRESH_IN_SEC);
         if (refresh > 0) {
-          DefStoreCRLUpdater updater = 
-            new DefStoreCRLUpdater(mCacheCRLIssuingPoints, refresh);
-          updater.start();
+            DefStoreCRLUpdater updater =
+                    new DefStoreCRLUpdater(mCacheCRLIssuingPoints, refresh);
+            updater.start();
         }
     }
 
@@ -324,10 +323,10 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
     /**
      * Validate an OCSP request.
      */
-    public OCSPResponse validate(OCSPRequest request) 
-        throws EBaseException {	
+    public OCSPResponse validate(OCSPRequest request)
+            throws EBaseException {
 
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
 
         mOCSPAuthority.incNumOCSPRequest(1);
         long startTime = CMS.getCurrentDate().getTime();
@@ -339,13 +338,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
             //     certificate's status
             Vector<SingleResponse> singleResponses = new Vector<SingleResponse>();
             if (statsSub != null) {
-              statsSub.startTiming("lookup");
+                statsSub.startTiming("lookup");
             }
 
             long lookupStartTime = CMS.getCurrentDate().getTime();
             for (int i = 0; i < tbsReq.getRequestCount(); i++) {
                 com.netscape.cmsutil.ocsp.Request req =
-                    tbsReq.getRequestAt(i);
+                        tbsReq.getRequestAt(i);
                 CertID cid = req.getCertID();
                 SingleResponse sr = processRequest(cid);
 
@@ -353,17 +352,17 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
             }
             long lookupEndTime = CMS.getCurrentDate().getTime();
             if (statsSub != null) {
-              statsSub.endTiming("lookup");
+                statsSub.endTiming("lookup");
             }
             mOCSPAuthority.incLookupTime(lookupEndTime - lookupStartTime);
 
-            if (singleResponses.size() <= 0) { 
+            if (singleResponses.size() <= 0) {
                 CMS.debug("DefStore: No Request Found");
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_REQUEST_FAILURE", "No Request Found"));
                 return null;
             }
             if (statsSub != null) {
-              statsSub.startTiming("build_response");
+                statsSub.startTiming("build_response");
             }
             SingleResponse res[] = new SingleResponse[singleResponses.size()];
 
@@ -391,24 +390,24 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
             ResponseData rd = new ResponseData(rid,
                     new GeneralizedTime(CMS.getCurrentDate()), res, nonce);
             if (statsSub != null) {
-              statsSub.endTiming("build_response");
+                statsSub.endTiming("build_response");
             }
 
             if (statsSub != null) {
-              statsSub.startTiming("signing");
+                statsSub.startTiming("signing");
             }
             long signStartTime = CMS.getCurrentDate().getTime();
             BasicOCSPResponse basicRes = mOCSPAuthority.sign(rd);
             long signEndTime = CMS.getCurrentDate().getTime();
             if (statsSub != null) {
-              statsSub.endTiming("signing");
+                statsSub.endTiming("signing");
             }
             mOCSPAuthority.incSignTime(signEndTime - signStartTime);
 
             OCSPResponse response = new OCSPResponse(
                     OCSPResponseStatus.SUCCESSFUL,
                     new ResponseBytes(ResponseBytes.OCSP_BASIC,
-                        new OCTET_STRING(ASN1Util.encode(basicRes))));
+                            new OCTET_STRING(ASN1Util.encode(basicRes))));
 
             log(ILogger.LL_INFO, "done OCSP request");
             long endTime = CMS.getCurrentDate().getTime();
@@ -435,17 +434,17 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
             ICRLIssuingPointRecord theRec = null;
             byte keyhsh[] = cid.getIssuerKeyHash().toByteArray();
             CRLIPContainer matched = (CRLIPContainer)
-                mCacheCRLIssuingPoints.get(new String(keyhsh));
+                    mCacheCRLIssuingPoints.get(new String(keyhsh));
 
             if (matched == null) {
                 Enumeration<ICRLIssuingPointRecord> recs = searchCRLIssuingPointRecord(
                         "objectclass=" +
-                        CMS.getCRLIssuingPointRecordName(),
+                                CMS.getCRLIssuingPointRecordName(),
                         100);
 
                 while (recs.hasMoreElements()) {
                     ICRLIssuingPointRecord rec = (ICRLIssuingPointRecord)
-                        recs.nextElement();
+                            recs.nextElement();
                     byte certdata[] = rec.getCACert();
                     X509CertImpl cert = null;
 
@@ -468,15 +467,15 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
                         byte crldata[] = rec.getCRL();
 
                         if (rec.getCRLCache() == null) {
-                          CMS.debug("DefStore: start building x509 crl impl");
-                          try {
-                            theCRL = new X509CRLImpl(crldata);
-                          } catch (Exception e) {
-                            log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CRL", e.toString()));
-                          }
-                          CMS.debug("DefStore: done building x509 crl impl");
+                            CMS.debug("DefStore: start building x509 crl impl");
+                            try {
+                                theCRL = new X509CRLImpl(crldata);
+                            } catch (Exception e) {
+                                log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CRL", e.toString()));
+                            }
+                            CMS.debug("DefStore: done building x509 crl impl");
                         } else {
-                          CMS.debug("DefStore: using crl cache");
+                            CMS.debug("DefStore: using crl cache");
                         }
                         mCacheCRLIssuingPoints.put(new String(digest), new CRLIPContainer(theRec, theCert, theCRL));
                         break;
@@ -524,25 +523,25 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
                         CMS.debug("DefStore: evaluating crl cache");
                         Hashtable<BigInteger, RevokedCertificate> cache = theRec.getCRLCacheNoClone();
                         if (cache != null) {
-                             RevokedCertificate rc = (RevokedCertificate)
-                                  cache.get(new BigInteger(serialNo.toString()));
-                             if (rc == null) { 
-                                if (isNotFoundGood()) { 
-                                   certStatus = new GoodInfo(); 
-                                } else { 
-                                   certStatus = new UnknownInfo(); 
+                            RevokedCertificate rc = (RevokedCertificate)
+                                    cache.get(new BigInteger(serialNo.toString()));
+                            if (rc == null) {
+                                if (isNotFoundGood()) {
+                                    certStatus = new GoodInfo();
+                                } else {
+                                    certStatus = new UnknownInfo();
                                 }
-                             } else {
-           
+                            } else {
+
                                 certStatus = new RevokedInfo(
-                                     new GeneralizedTime(
-                                        rc.getRevocationDate()));
-                             }
+                                        new GeneralizedTime(
+                                                rc.getRevocationDate()));
+                            }
                         }
                     }
-                     
+
                 } else {
-                        CMS.debug("DefStore: evaluating x509 crl impl");
+                    CMS.debug("DefStore: evaluating x509 crl impl");
                     X509CRLEntry crlentry = theCRL.getRevokedCertificate(new BigInteger(serialNo.toString()));
 
                     if (crlentry == null) {
@@ -555,7 +554,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
                     } else {
                         certStatus = new RevokedInfo(new GeneralizedTime(
                                         crlentry.getRevocationDate()));
-               
+
                     }
                 }
                 return new SingleResponse(cid, certStatus, thisUpdate,
@@ -580,17 +579,17 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
         return mDBService.getBaseDN();
     }
 
-    public Enumeration<ICRLIssuingPointRecord > searchAllCRLIssuingPointRecord(int maxSize)
-        throws EBaseException {
+    public Enumeration<ICRLIssuingPointRecord> searchAllCRLIssuingPointRecord(int maxSize)
+            throws EBaseException {
         return searchCRLIssuingPointRecord(
                 "objectclass=" +
-                CMS.getCRLIssuingPointRecordName(),
+                        CMS.getCRLIssuingPointRecordName(),
                 maxSize);
     }
 
     public Enumeration<ICRLIssuingPointRecord> searchCRLIssuingPointRecord(String filter,
-        int maxSize)
-        throws EBaseException {
+            int maxSize)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration<ICRLIssuingPointRecord> e = null;
 
@@ -604,20 +603,21 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public synchronized void modifyCRLIssuingPointRecord(String name,
-        ModificationSet mods) throws EBaseException {
+            ModificationSet mods) throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String dn = "cn=" +
-                transformDN(name) + "," + getBaseDN();
+                    transformDN(name) + "," + getBaseDN();
 
             s.modify(dn, mods);
         } catch (EBaseException e) {
-          CMS.debug("modifyCRLIssuingPointRecord: error=" + e);
-          CMS.debug(e);
-          throw e;
+            CMS.debug("modifyCRLIssuingPointRecord: error=" + e);
+            CMS.debug(e);
+            throw e;
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
     }
 
@@ -625,42 +625,45 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
      * Returns an issuing point.
      */
     public ICRLIssuingPointRecord readCRLIssuingPoint(String name)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         ICRLIssuingPointRecord rec = null;
 
         try {
             String dn = "cn=" +
-                transformDN(name) + "," + getBaseDN();
+                    transformDN(name) + "," + getBaseDN();
 
             if (s != null) {
                 rec = (ICRLIssuingPointRecord) s.read(dn);
             }
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
         return rec;
     }
 
     public ICRLIssuingPointRecord createCRLIssuingPointRecord(
-        String name, BigInteger crlNumber,
-        Long crlSize, Date thisUpdate, Date nextUpdate) {
+            String name, BigInteger crlNumber,
+            Long crlSize, Date thisUpdate, Date nextUpdate) {
         return CMS.createCRLIssuingPointRecord(
                 name, crlNumber, crlSize, thisUpdate, nextUpdate);
     }
 
-     public void deleteCRLIssuingPointRecord(String id)
-        throws EBaseException {
+    public void deleteCRLIssuingPointRecord(String id)
+            throws EBaseException {
 
         IDBSSession s = null;
 
         try {
             s = mDBService.createSession();
-            String name = "cn=" + transformDN(id) + "," + getBaseDN(); 
+            String name = "cn=" + transformDN(id) + "," + getBaseDN();
             CMS.debug("DefStore::deleteCRLIssuingPointRecord: Attempting to delete: " + name);
-            if (s != null) s.delete(name);
+            if (s != null)
+                s.delete(name);
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
     }
 
@@ -668,12 +671,12 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
      * Creates a new issuing point in OCSP.
      */
     public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String dn = "cn=" +
-                transformDN(name) + "," + getBaseDN();
+                    transformDN(name) + "," + getBaseDN();
 
             s.add(dn, (ICRLIssuingPointRecord) rec);
         } finally {
@@ -683,7 +686,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public Enumeration<IRepositoryRecord> searchRepository(String name, String filter)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration<IRepositoryRecord> e = null;
 
@@ -701,13 +704,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
      * Creates a new issuing point in OCSP.
      */
     public void addRepository(String name, String thisUpdate,
-        IRepositoryRecord rec)
-        throws EBaseException {
+            IRepositoryRecord rec)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String dn = "ou=" + thisUpdate + ",cn=" +
-                transformDN(name) + "," + getBaseDN();
+                    transformDN(name) + "," + getBaseDN();
 
             s.add(dn, rec);
         } finally {
@@ -717,22 +720,24 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public void modifyCertRecord(String name, String thisUpdate,
-        String sno,
-        ModificationSet mods) throws EBaseException {
+            String sno,
+            ModificationSet mods) throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String dn = "cn=" + sno + ",ou=" + thisUpdate +
-                ",cn=" + transformDN(name) + "," + getBaseDN();
+                    ",cn=" + transformDN(name) + "," + getBaseDN();
 
-            if (s != null) s.modify(dn, mods);
+            if (s != null)
+                s.modify(dn, mods);
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
     }
 
     public Enumeration<ICertRecord> searchCertRecord(String name, String thisUpdate,
-        String filter) throws EBaseException {
+            String filter) throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration<ICertRecord> e = null;
 
@@ -748,20 +753,21 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public ICertRecord readCertRecord(String name, String thisUpdate,
-        String sno)
-        throws EBaseException {
+            String sno)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         ICertRecord rec = null;
 
         try {
             String dn = "cn=" + sno + ",ou=" + thisUpdate +
-                ",cn=" + transformDN(name) + "," + getBaseDN();
+                    ",cn=" + transformDN(name) + "," + getBaseDN();
 
             if (s != null) {
                 rec = (ICertRecord) s.read(dn);
             }
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
         return rec;
     }
@@ -770,13 +776,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
      * Creates a new issuing point in OCSP.
      */
     public void addCertRecord(String name, String thisUpdate,
-        String sno, ICertRecord rec)
-        throws EBaseException {
+            String sno, ICertRecord rec)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String dn = "cn=" + sno + ",ou=" + thisUpdate +
-                ",cn=" + transformDN(name) + "," + getBaseDN();
+                    ",cn=" + transformDN(name) + "," + getBaseDN();
 
             s.add(dn, rec);
         } finally {
@@ -785,26 +791,26 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
         }
     }
 
-    public NameValuePairs getConfigParameters() { 
+    public NameValuePairs getConfigParameters() {
         try {
-            NameValuePairs params = new NameValuePairs(); 
+            NameValuePairs params = new NameValuePairs();
 
             params.add(Constants.PR_OCSPSTORE_IMPL_NAME,
-                mConfig.getString("class"));
-            params.add(PROP_NOT_FOUND_GOOD, 
-                mConfig.getString(PROP_NOT_FOUND_GOOD, "true"));
-            params.add(PROP_BY_NAME, 
-                mConfig.getString(PROP_BY_NAME, "true"));
-            params.add(PROP_INCLUDE_NEXT_UPDATE, 
-                mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false"));
-            return params; 
+                    mConfig.getString("class"));
+            params.add(PROP_NOT_FOUND_GOOD,
+                    mConfig.getString(PROP_NOT_FOUND_GOOD, "true"));
+            params.add(PROP_BY_NAME,
+                    mConfig.getString(PROP_BY_NAME, "true"));
+            params.add(PROP_INCLUDE_NEXT_UPDATE,
+                    mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false"));
+            return params;
         } catch (Exception e) {
             return null;
         }
     }
 
-    public void setConfigParameters(NameValuePairs pairs) 
-        throws EBaseException { 
+    public void setConfigParameters(NameValuePairs pairs)
+            throws EBaseException {
         Enumeration<String> k = pairs.getNames();
 
         while (k.hasMoreElements()) {
@@ -821,8 +827,8 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
             CMS.debug("DefStore: Ready to update Issuer");
 
             try {
-              if (!((X509CRLImpl)crl).areEntriesIncluded())
-                crl = new X509CRLImpl(((X509CRLImpl)crl).getEncoded());
+                if (!((X509CRLImpl) crl).areEntriesIncluded())
+                    crl = new X509CRLImpl(((X509CRLImpl) crl).getEncoded());
             } catch (Exception e) {
                 CMS.debug(e);
             }
@@ -832,51 +838,51 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
 
             if (crl.getThisUpdate() != null)
                 mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE,
-                    Modification.MOD_REPLACE, crl.getThisUpdate());
+                        Modification.MOD_REPLACE, crl.getThisUpdate());
             if (crl.getNextUpdate() != null)
                 mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE,
-                    Modification.MOD_REPLACE, crl.getNextUpdate());
+                        Modification.MOD_REPLACE, crl.getNextUpdate());
             if (mUseCache) {
-              if (((X509CRLImpl)crl).getListOfRevokedCertificates() != null) {
-                 mods.add(ICRLIssuingPointRecord.ATTR_CRL_CACHE,
-                    Modification.MOD_REPLACE, 
-                    ((X509CRLImpl)crl).getListOfRevokedCertificates());
-              }
+                if (((X509CRLImpl) crl).getListOfRevokedCertificates() != null) {
+                    mods.add(ICRLIssuingPointRecord.ATTR_CRL_CACHE,
+                            Modification.MOD_REPLACE,
+                            ((X509CRLImpl) crl).getListOfRevokedCertificates());
+                }
             }
             if (((X509CRLImpl) crl).getNumberOfRevokedCertificates() < 0) {
                 mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
-                    Modification.MOD_REPLACE, Long.valueOf(0));
+                        Modification.MOD_REPLACE, Long.valueOf(0));
             } else {
                 mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
-                    Modification.MOD_REPLACE, Long.valueOf(((X509CRLImpl) crl).getNumberOfRevokedCertificates()));
+                        Modification.MOD_REPLACE, Long.valueOf(((X509CRLImpl) crl).getNumberOfRevokedCertificates()));
             }
-            BigInteger crlNumber = ((X509CRLImpl)crl).getCRLNumber();
+            BigInteger crlNumber = ((X509CRLImpl) crl).getCRLNumber();
             if (crlNumber == null) {
                 mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER,
-                    Modification.MOD_REPLACE, new BigInteger("-1"));
+                        Modification.MOD_REPLACE, new BigInteger("-1"));
             } else {
                 mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER,
-                    Modification.MOD_REPLACE, crlNumber);
+                        Modification.MOD_REPLACE, crlNumber);
             }
             try {
                 mods.add(ICRLIssuingPointRecord.ATTR_CRL,
-                    Modification.MOD_REPLACE, crl.getEncoded());
+                        Modification.MOD_REPLACE, crl.getEncoded());
             } catch (Exception e) {
                 // ignore
             }
-            CMS.debug("DefStore: ready to CRL update " + 
-                crl.getIssuerDN().getName());
+            CMS.debug("DefStore: ready to CRL update " +
+                    crl.getIssuerDN().getName());
             modifyCRLIssuingPointRecord(
-                crl.getIssuerDN().getName(), mods);
-            CMS.debug("DefStore: done CRL update " + 
-                crl.getIssuerDN().getName());
+                    crl.getIssuerDN().getName(), mods);
+            CMS.debug("DefStore: done CRL update " +
+                    crl.getIssuerDN().getName());
 
             // update cache
             mCacheCRLIssuingPoints.clear();
 
-            log(ILogger.LL_INFO, "AddCRLServlet: Finish Committing CRL." + 
-                " thisUpdate=" + crl.getThisUpdate() + 
-                " nextUpdate=" + crl.getNextUpdate());
+            log(ILogger.LL_INFO, "AddCRLServlet: Finish Committing CRL." +
+                    " thisUpdate=" + crl.getThisUpdate() +
+                    " nextUpdate=" + crl.getNextUpdate());
 
         } finally {
             mStateCount--;
@@ -889,7 +895,6 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
 
 }
 
-
 class DeleteOldCRLsThread extends Thread {
     private DefStore mDefStore = null;
 
@@ -905,7 +910,6 @@ class DeleteOldCRLsThread extends Thread {
     }
 }
 
-
 class CRLIPContainer {
     private ICRLIssuingPointRecord mRec = null;
     private X509CertImpl mCert = null;
diff --git a/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java b/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java
index 5e4e6566..83ec664b 100644
--- a/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java
+++ b/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.ocsp;
 
-
 import java.math.BigInteger;
 import java.security.MessageDigest;
 import java.security.cert.X509CRL;
@@ -71,11 +70,10 @@ import com.netscape.cmsutil.ocsp.SingleResponse;
 import com.netscape.cmsutil.ocsp.TBSRequest;
 import com.netscape.cmsutil.ocsp.UnknownInfo;
 
-
 /**
  * This is the LDAP OCSP store. It reads CA certificate and
  * revocation list attributes from the CA entry.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class LDAPStore implements IDefStore, IExtendedPluginInfo {
@@ -93,8 +91,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     private static final String PROP_PORT = "port";
 
     private final static String PROP_NOT_FOUND_GOOD = "notFoundAsGood";
-    private final static String PROP_INCLUDE_NEXT_UPDATE = 
-        "includeNextUpdate";
+    private final static String PROP_INCLUDE_NEXT_UPDATE =
+            "includeNextUpdate";
 
     private IOCSPAuthority mOCSPAuthority = null;
     private IConfigStore mConfig = null;
@@ -111,8 +109,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     public LDAPStore() {
     }
 
-    public String[] getExtendedPluginInfo(Locale locale) { 
-        Vector v = new Vector(); 
+    public String[] getExtendedPluginInfo(Locale locale) {
+        Vector v = new Vector();
 
         v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_NOT_FOUND_GOOD"));
         v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_INCLUDE_NEXT_UPDATE"));
@@ -121,33 +119,33 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
         v.addElement(PROP_CRL_ATTR + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CRL_ATTR"));
         v.addElement(PROP_CA_CERT_ATTR + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CA_CERT_ATTR"));
         v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_DESC"));
-        v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-ldapstore"); 
-        return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); 
+        v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-ldapstore");
+        return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
     }
 
     /**
      * Fetch CA certificate and CRL from LDAP server.
      */
-    public void init(ISubsystem owner, IConfigStore config) 	
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         mOCSPAuthority = (IOCSPAuthority) owner;
         mConfig = config;
 
         mCRLAttr = mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR);
-        mCACertAttr = mConfig.getString(PROP_CA_CERT_ATTR, 
+        mCACertAttr = mConfig.getString(PROP_CA_CERT_ATTR,
                     DEF_CA_CERT_ATTR);
         mByName = mConfig.getBoolean(PROP_BY_NAME, true);
-		
+
     }
 
     /**
      * Locates the CA certificate.
      */
-    public X509CertImpl locateCACert(LDAPConnection conn, String baseDN) 
-        throws EBaseException {
+    public X509CertImpl locateCACert(LDAPConnection conn, String baseDN)
+            throws EBaseException {
         try {
-            LDAPSearchResults results = conn.search(baseDN, 
-                    LDAPv2.SCOPE_SUB, mCACertAttr + "=*", 
+            LDAPSearchResults results = conn.search(baseDN,
+                    LDAPv2.SCOPE_SUB, mCACertAttr + "=*",
                     null, false);
 
             if (!results.hasMoreElements()) {
@@ -166,8 +164,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
             return caCert;
         } catch (Exception e) {
             CMS.debug("LDAPStore: locateCACert " + e.toString());
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("OCSP_LOCATE_CA", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("OCSP_LOCATE_CA", e.toString()));
         }
         return null;
     }
@@ -175,11 +173,11 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     /**
      * Locates the CRL.
      */
-    public X509CRLImpl locateCRL(LDAPConnection conn, String baseDN) 
-        throws EBaseException {
+    public X509CRLImpl locateCRL(LDAPConnection conn, String baseDN)
+            throws EBaseException {
         try {
-            LDAPSearchResults results = conn.search(baseDN, 
-                    LDAPv2.SCOPE_SUB, mCRLAttr + "=*", 
+            LDAPSearchResults results = conn.search(baseDN,
+                    LDAPv2.SCOPE_SUB, mCRLAttr + "=*",
                     null, false);
 
             if (!results.hasMoreElements()) {
@@ -198,21 +196,20 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
             return crl;
         } catch (Exception e) {
             CMS.debug("LDAPStore: locateCRL " + e.toString());
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("OCSP_LOCATE_CRL", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("OCSP_LOCATE_CRL", e.toString()));
         }
         return null;
     }
 
-    public void updateCRLHash(X509CertImpl caCert, X509CRLImpl crl) 
-        throws EBaseException {
+    public void updateCRLHash(X509CertImpl caCert, X509CRLImpl crl)
+            throws EBaseException {
         X509CRLImpl oldCRL = (X509CRLImpl) mCRLs.get(caCert);
 
         if (oldCRL != null) {
-            if (oldCRL.getThisUpdate().getTime() >= 
-                crl.getThisUpdate().getTime()) {
-                log(ILogger.LL_INFO, 
-                    "LDAPStore: no update, received CRL is older than current CRL");
+            if (oldCRL.getThisUpdate().getTime() >= crl.getThisUpdate().getTime()) {
+                log(ILogger.LL_INFO,
+                        "LDAPStore: no update, received CRL is older than current CRL");
                 return; // no update
             }
         }
@@ -240,8 +237,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
             String baseDN = mConfig.getString(PROP_BASE_DN + Integer.toString(i), null);
             CRLUpdater updater = new CRLUpdater(
                     this, c, baseDN,
-                    mConfig.getInteger(PROP_REFRESH_IN_SEC + Integer.toString(i), 
-                        DEF_REFRESH_IN_SEC));
+                    mConfig.getInteger(PROP_REFRESH_IN_SEC + Integer.toString(i),
+                            DEF_REFRESH_IN_SEC));
 
             updater.start();
         }
@@ -265,10 +262,10 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     /**
      * Validate an OCSP request.
      */
-    public OCSPResponse validate(OCSPRequest request) 
-        throws EBaseException {	
+    public OCSPResponse validate(OCSPRequest request)
+            throws EBaseException {
 
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
 
         mOCSPAuthority.incNumOCSPRequest(1);
         long startTime = CMS.getCurrentDate().getTime();
@@ -279,13 +276,13 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
             Vector singleResponses = new Vector();
 
             if (statsSub != null) {
-              statsSub.startTiming("lookup");
+                statsSub.startTiming("lookup");
             }
 
             long lookupStartTime = CMS.getCurrentDate().getTime();
             for (int i = 0; i < tbsReq.getRequestCount(); i++) {
-                com.netscape.cmsutil.ocsp.Request req = 
-                    tbsReq.getRequestAt(i);
+                com.netscape.cmsutil.ocsp.Request req =
+                        tbsReq.getRequestAt(i);
                 CertID cid = req.getCertID();
                 SingleResponse sr = processRequest(cid);
 
@@ -293,12 +290,12 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
             }
             long lookupEndTime = CMS.getCurrentDate().getTime();
             if (statsSub != null) {
-              statsSub.endTiming("lookup");
+                statsSub.endTiming("lookup");
             }
             mOCSPAuthority.incLookupTime(lookupEndTime - lookupStartTime);
 
             if (statsSub != null) {
-              statsSub.startTiming("build_response");
+                statsSub.startTiming("build_response");
             }
             SingleResponse res[] = new SingleResponse[singleResponses.size()];
 
@@ -323,14 +320,14 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
                 }
             }
 
-            ResponseData rd = new ResponseData(rid, 
+            ResponseData rd = new ResponseData(rid,
                     new GeneralizedTime(CMS.getCurrentDate()), res, nonce);
             if (statsSub != null) {
-              statsSub.endTiming("build_response");
+                statsSub.endTiming("build_response");
             }
 
             if (statsSub != null) {
-              statsSub.startTiming("signing");
+                statsSub.startTiming("signing");
             }
 
             long signStartTime = CMS.getCurrentDate().getTime();
@@ -338,13 +335,13 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
             long signEndTime = CMS.getCurrentDate().getTime();
             mOCSPAuthority.incSignTime(signEndTime - signStartTime);
             if (statsSub != null) {
-              statsSub.endTiming("signing");
+                statsSub.endTiming("signing");
             }
 
             OCSPResponse response = new OCSPResponse(
-                    OCSPResponseStatus.SUCCESSFUL, 
-                    new ResponseBytes(ResponseBytes.OCSP_BASIC, 
-                        new OCTET_STRING(ASN1Util.encode(basicRes))));
+                    OCSPResponseStatus.SUCCESSFUL,
+                    new ResponseBytes(ResponseBytes.OCSP_BASIC,
+                            new OCTET_STRING(ASN1Util.encode(basicRes))));
 
             log(ILogger.LL_INFO, "done OCSP request");
             long endTime = CMS.getCurrentDate().getTime();
@@ -375,8 +372,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public void addRepository(String name, String thisUpdate,
-        IRepositoryRecord rec)
-        throws EBaseException {
+            IRepositoryRecord rec)
+            throws EBaseException {
         throw new EBaseException("NOT SUPPORTED");
     }
 
@@ -389,12 +386,12 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public ICRLIssuingPointRecord readCRLIssuingPoint(String name)
-        throws EBaseException {
+            throws EBaseException {
         throw new EBaseException("NOT SUPPORTED");
     }
 
     public Enumeration searchAllCRLIssuingPointRecord(int maxSize)
-        throws EBaseException {
+            throws EBaseException {
         Vector recs = new Vector();
         Enumeration keys = mCRLs.keys();
 
@@ -408,25 +405,25 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public Enumeration searchCRLIssuingPointRecord(String filter,
-        int maxSize)
-        throws EBaseException {
+            int maxSize)
+            throws EBaseException {
         return null;
     }
 
     public ICRLIssuingPointRecord createCRLIssuingPointRecord(
-        String name, BigInteger crlNumber,
-        Long crlSize, Date thisUpdate, Date nextUpdate) {
+            String name, BigInteger crlNumber,
+            Long crlSize, Date thisUpdate, Date nextUpdate) {
         return null;
     }
 
     public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec)
-        throws EBaseException {
+            throws EBaseException {
         throw new EBaseException("NOT SUPPORTED");
     }
 
     public void deleteCRLIssuingPointRecord(String id)
-       throws EBaseException  {
-       throw new EBaseException("NOT SUPPORTED");
+            throws EBaseException {
+        throw new EBaseException("NOT SUPPORTED");
     }
 
     public boolean isNotFoundGood() {
@@ -439,7 +436,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
 
     public boolean includeNextUpdate() throws EBaseException {
         return mConfig.getBoolean(PROP_INCLUDE_NEXT_UPDATE, false);
-    } 
+    }
 
     public boolean isNotFoundGood1() throws EBaseException {
         return mConfig.getBoolean(PROP_NOT_FOUND_GOOD, true);
@@ -470,7 +467,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
             }
             X509Key key = (X509Key) caCert.getPublicKey();
 
-            if( key == null ) {
+            if (key == null) {
                 System.out.println("LDAPStore::processRequest - key is null!");
                 return null;
             }
@@ -508,55 +505,55 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
                 cid.getSerialNumber());
 
         if (entry == null) {
-            if (isNotFoundGood1()) { 
-                certStatus = new GoodInfo(); 
-            } else { 
-                certStatus = new UnknownInfo(); 
+            if (isNotFoundGood1()) {
+                certStatus = new GoodInfo();
+            } else {
+                certStatus = new UnknownInfo();
             }
         } else {
             certStatus = new RevokedInfo(new GeneralizedTime(
                             entry.getRevocationDate()));
         }
-		
+
         return new SingleResponse(cid, certStatus, thisUpdate, nextUpdate);
     }
 
     /**
      * Provides configuration parameters.
      */
-    public NameValuePairs getConfigParameters() { 
+    public NameValuePairs getConfigParameters() {
         try {
-            NameValuePairs params = new NameValuePairs(); 
+            NameValuePairs params = new NameValuePairs();
 
-            params.add(Constants.PR_OCSPSTORE_IMPL_NAME, 
-                mConfig.getString("class"));
+            params.add(Constants.PR_OCSPSTORE_IMPL_NAME,
+                    mConfig.getString("class"));
             int num = mConfig.getInteger(PROP_NUM_CONNS, 0);
 
             params.add(PROP_NUM_CONNS, Integer.toString(num));
             for (int i = 0; i < num; i++) {
-                params.add(PROP_HOST + Integer.toString(i), 
-                    mConfig.getString(PROP_HOST + 
-                        Integer.toString(i), ""));
-                params.add(PROP_PORT + Integer.toString(i), 
-                    mConfig.getString(PROP_PORT + 
-                        Integer.toString(i), "389"));
-                params.add(PROP_BASE_DN + Integer.toString(i), 
-                    mConfig.getString(PROP_BASE_DN + 
-                        Integer.toString(i), ""));
-                params.add(PROP_REFRESH_IN_SEC + Integer.toString(i), 
-                    mConfig.getString(PROP_REFRESH_IN_SEC + 
-                        Integer.toString(i), Integer.toString(DEF_REFRESH_IN_SEC)));
+                params.add(PROP_HOST + Integer.toString(i),
+                        mConfig.getString(PROP_HOST +
+                                Integer.toString(i), ""));
+                params.add(PROP_PORT + Integer.toString(i),
+                        mConfig.getString(PROP_PORT +
+                                Integer.toString(i), "389"));
+                params.add(PROP_BASE_DN + Integer.toString(i),
+                        mConfig.getString(PROP_BASE_DN +
+                                Integer.toString(i), ""));
+                params.add(PROP_REFRESH_IN_SEC + Integer.toString(i),
+                        mConfig.getString(PROP_REFRESH_IN_SEC +
+                                Integer.toString(i), Integer.toString(DEF_REFRESH_IN_SEC)));
             }
-            params.add(PROP_BY_NAME, 
-                mConfig.getString(PROP_BY_NAME, "true"));
-            params.add(PROP_CA_CERT_ATTR, 
-                mConfig.getString(PROP_CA_CERT_ATTR, DEF_CA_CERT_ATTR));
+            params.add(PROP_BY_NAME,
+                    mConfig.getString(PROP_BY_NAME, "true"));
+            params.add(PROP_CA_CERT_ATTR,
+                    mConfig.getString(PROP_CA_CERT_ATTR, DEF_CA_CERT_ATTR));
             params.add(PROP_CRL_ATTR,
-                mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR));
+                    mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR));
             params.add(PROP_NOT_FOUND_GOOD,
-                mConfig.getString(PROP_NOT_FOUND_GOOD, "true"));
+                    mConfig.getString(PROP_NOT_FOUND_GOOD, "true"));
             params.add(PROP_INCLUDE_NEXT_UPDATE,
-                mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false"));
+                    mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false"));
             return params;
         } catch (Exception e) {
             return null;
@@ -564,7 +561,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public void setConfigParameters(NameValuePairs pairs)
-        throws EBaseException {
+            throws EBaseException {
         Enumeration k = pairs.getNames();
 
         while (k.hasMoreElements()) {
@@ -575,15 +572,14 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     }
 }
 
-
 class CRLUpdater extends Thread {
     private LDAPConnection mC = null;
     private String mBaseDN = null;
     private int mSec = 0;
     private LDAPStore mStore = null;
 
-    public CRLUpdater(LDAPStore store, LDAPConnection c, 
-        String baseDN, int sec) {
+    public CRLUpdater(LDAPStore store, LDAPConnection c,
+            String baseDN, int sec) {
         mC = c;
         mSec = sec;
         mBaseDN = baseDN;
@@ -608,7 +604,6 @@ class CRLUpdater extends Thread {
     }
 }
 
-
 class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord {
     /**
      *
@@ -739,7 +734,7 @@ class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord {
         return null;
     }
 
-    public void set(String name, Object obj)throws EBaseException {
+    public void set(String name, Object obj) throws EBaseException {
     }
 
     public Object get(String name) throws EBaseException {
@@ -747,7 +742,7 @@ class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord {
     }
 
     public void delete(String name) throws EBaseException {
-	
+
     }
 
     public Enumeration getElements() {
diff --git a/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java b/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java
index 4d59f34e..d0b596c5 100644
--- a/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java
+++ b/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.password;
 
-
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.password.EPasswordCheckException;
 import com.netscape.certsrv.password.IConfigPasswordCheck;
 import com.netscape.certsrv.password.IPasswordCheck;
 
-
 /**
  * This class checks the given password if it meets the specific requirements.
- * For example, it can also specify the format of the password which has to 
+ * For example, it can also specify the format of the password which has to
  * be 8 characters long and must be in alphanumeric.
  * <P>
  * 
@@ -75,9 +73,10 @@ public class PasswordChecker implements IPasswordCheck, IConfigPasswordCheck {
     /**
      * Returns true if the given password meets the quality requirement;
      * otherwise returns false.
+     * 
      * @param mPassword The given password being checked.
      * @return true if the password meets the quality requirement; otherwise
-     * returns false.
+     *         returns false.
      */
     public boolean isGoodPassword(String mPassword) {
         if (mPassword == null || mPassword.length() == 0) {
@@ -96,6 +95,7 @@ public class PasswordChecker implements IPasswordCheck, IConfigPasswordCheck {
 
     /**
      * Returns a reason if the password doesnt meet the quality requirement.
+     * 
      * @return string as a reason if the password quality requirement is not met.
      */
     public String getReason(String mPassword) {
@@ -113,4 +113,3 @@ public class PasswordChecker implements IPasswordCheck, IConfigPasswordCheck {
         return null;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java b/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java
index d9a527d6..1c43d92d 100644
--- a/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java
+++ b/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy;
 
-
 import java.io.IOException;
 import java.security.InvalidKeyException;
 import java.security.MessageDigest;
@@ -42,16 +41,16 @@ import com.netscape.certsrv.request.AgentApprovals;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 
-
 /**
  * The abstract policy rule that concrete implementations will
  * extend.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -68,15 +67,16 @@ public abstract class APolicyRule implements IPolicyRule {
     /**
      * Initializes the policy rule.
      * <P>
-     *
-     * @param config	The config store reference
+     * 
+     * @param config The config store reference
      */
     public abstract void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Gets the description for this policy rule.
      * <P>
+     * 
      * @return The Description for this rule.
      */
     public String getDescription() {
@@ -86,8 +86,8 @@ public abstract class APolicyRule implements IPolicyRule {
     /**
      * Sets a predicate expression for rule matching.
      * <P>
-     *
-     * @param exp	The predicate expression for the rule.
+     * 
+     * @param exp The predicate expression for the rule.
      */
     public void setPredicate(IExpression exp) {
         mFilterExp = exp;
@@ -96,7 +96,7 @@ public abstract class APolicyRule implements IPolicyRule {
     /**
      * Returns the predicate expression for the rule.
      * <P>
-     *
+     * 
      * @return The predicate expression for the rule.
      */
     public IExpression getPredicate() {
@@ -106,7 +106,7 @@ public abstract class APolicyRule implements IPolicyRule {
     /**
      * Returns the name of the policy rule.
      * <P>
-     *
+     * 
      * @return The name of the policy class.
      */
     public String getName() {
@@ -114,45 +114,45 @@ public abstract class APolicyRule implements IPolicyRule {
     }
 
     /**
-     * Sets the instance name for a policy rule. 
+     * Sets the instance name for a policy rule.
      * <P>
-     *
-     * @param instanceName	The name of the rule instance.
+     * 
+     * @param instanceName The name of the rule instance.
      */
-    public void setInstanceName(String instanceName) { 
+    public void setInstanceName(String instanceName) {
         mInstanceName = instanceName;
     }
 
     /**
      * Returns the name of the policy rule instance.
      * <P>
-     *
+     * 
      * @return The name of the policy rule instance if set, else
-     *		   the name of the rule class. 
+     *         the name of the rule class.
      */
-    public String getInstanceName() { 
+    public String getInstanceName() {
         return mInstanceName != null ? mInstanceName : NAME;
     }
 
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public abstract PolicyResult apply(IRequest req);
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public abstract Vector getInstanceParams();
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public abstract Vector getDefaultParams();
@@ -161,8 +161,8 @@ public abstract class APolicyRule implements IPolicyRule {
         setPolicyException(req, format, params);
     }
 
-    public void setError(IRequest req, String format, String arg1, 
-        String arg2) {
+    public void setError(IRequest req, String format, String arg1,
+            String arg2) {
         Object[] np = new Object[2];
 
         np[0] = arg1;
@@ -189,7 +189,7 @@ public abstract class APolicyRule implements IPolicyRule {
 
     /**
      * determines whether a DEFERRED policy result should be returned
-     * by checking the contents of the AgentApprovals attribute.  This
+     * by checking the contents of the AgentApprovals attribute. This
      * call should be used by policy modules instead of returning
      * PolicyResult.DEFERRED directly.
      * <p>
@@ -223,12 +223,12 @@ public abstract class APolicyRule implements IPolicyRule {
         }
     }
 
-    public void setPolicyException(IRequest req, String format, 
-        Object[] params) {
-        if (format == null) 
+    public void setPolicyException(IRequest req, String format,
+            Object[] params) {
+        if (format == null)
             return;
 
-        EPolicyException ex; 
+        EPolicyException ex;
 
         if (params == null)
             ex = new EPolicyException(format);
@@ -247,12 +247,12 @@ public abstract class APolicyRule implements IPolicyRule {
      * log a message for this policy rule.
      */
     protected void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, 
-            "APolicyRule " + NAME + ": " + msg);
+        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
+                "APolicyRule " + NAME + ": " + msg);
     }
 
-    public static KeyIdentifier createKeyIdentifier(X509Key key) 
-        throws NoSuchAlgorithmException, InvalidKeyException {
+    public static KeyIdentifier createKeyIdentifier(X509Key key)
+            throws NoSuchAlgorithmException, InvalidKeyException {
         MessageDigest md = MessageDigest.getInstance("SHA-1");
 
         md.update(key.getEncoded());
@@ -260,19 +260,20 @@ public abstract class APolicyRule implements IPolicyRule {
     }
 
     /**
-     * Form a byte array of octet string key identifier from the sha-1 hash of 
+     * Form a byte array of octet string key identifier from the sha-1 hash of
      * the Subject Public Key INFO. (including algorithm ID, etc.)
      * <p>
+     * 
      * @param certInfo cert info of the certificate.
      * @return A Key identifier with the sha-1 hash of subject public key.
      */
     protected KeyIdentifier formSpkiSHA1KeyId(X509CertInfo certInfo)
-        throws EBaseException {
+            throws EBaseException {
         KeyIdentifier keyId = null;
 
         try {
             CertificateX509Key certKey =
-                (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
+                    (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
 
             if (certKey == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
@@ -286,23 +287,23 @@ public abstract class APolicyRule implements IPolicyRule {
             }
             keyId = createKeyIdentifier(key);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         } catch (NoSuchAlgorithmException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         } catch (InvalidKeyException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         }
@@ -310,19 +311,20 @@ public abstract class APolicyRule implements IPolicyRule {
     }
 
     /**
-     * Form a byte array of octet string key identifier from the sha-1 hash of 
+     * Form a byte array of octet string key identifier from the sha-1 hash of
      * the Subject Public Key BIT STRING.
      * <p>
+     * 
      * @param certInfo cert info of the certificate.
      * @return A Key identifier with the sha-1 hash of subject public key.
      */
     protected KeyIdentifier formSHA1KeyId(X509CertInfo certInfo)
-        throws EBaseException {
+            throws EBaseException {
         KeyIdentifier keyId = null;
 
         try {
             CertificateX509Key certKey =
-                (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
+                    (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
 
             if (certKey == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
@@ -341,22 +343,21 @@ public abstract class APolicyRule implements IPolicyRule {
             md.update(rawKey);
             keyId = new KeyIdentifier(md.digest());
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         } catch (NoSuchAlgorithmException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         }
         return keyId;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java b/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java
index 3aeadabe..c9e9401a 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Vector;
 
 import com.netscape.certsrv.apps.CMS;
@@ -30,24 +29,24 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * AgentPolicy is an enrollment policy wraps another policy module.
- *   Requests are sent first to the contained module, but if the
- *   policy indicates that the request should be deferred, a check
- *   for agent approvals is done.  If any are found, the request
- *   is approved.
+ * Requests are sent first to the contained module, but if the
+ * policy indicates that the request should be deferred, a check
+ * for agent approvals is done. If any are found, the request
+ * is approved.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class AgentPolicy extends APolicyRule
-    implements IEnrollmentPolicy {
+        implements IEnrollmentPolicy {
     public AgentPolicy() {
         NAME = "AgentPolicy";
         DESC = "Agent Approval Policy";
@@ -56,19 +55,15 @@ public class AgentPolicy extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=AgentPolicy
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
-     *      ra.Policy.rule.<ruleName>.class=xxxx
-     *      ra.Policy.rule.<ruleName>.params.*
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=AgentPolicy ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com ra.Policy.rule.<ruleName>.class=xxxx ra.Policy.rule.<ruleName>.params.*
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
 
         // Create subordinate object
         String className = (String) config.get("class");
@@ -79,14 +74,14 @@ public class AgentPolicy extends APolicyRule
 
             try {
                 @SuppressWarnings("unchecked")
-				Class<APolicyRule> c = (Class<APolicyRule>) Class.forName(className);
+                Class<APolicyRule> c = (Class<APolicyRule>) Class.forName(className);
 
                 Object o = c.newInstance();
 
                 if (!(o instanceof APolicyRule)) {
                     throw new EPolicyException(
-                            CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CLASS", 
-                                getInstanceName(), className));
+                            CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CLASS",
+                                    getInstanceName(), className));
                 }
 
                 APolicyRule pr = (APolicyRule) o;
@@ -100,7 +95,7 @@ public class AgentPolicy extends APolicyRule
                 System.err.println("Agent Policy Error: " + e);
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_LOADING_POLICY_ERROR",
-                            getInstanceName(), className));
+                                getInstanceName(), className));
             }
         }
     }
@@ -108,8 +103,8 @@ public class AgentPolicy extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -144,7 +139,7 @@ public class AgentPolicy extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector<String> getInstanceParams() {
@@ -153,13 +148,12 @@ public class AgentPolicy extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector<String> getDefaultParams() {
         return null;
     }
 
-    APolicyRule mPolicy = null; 
+    APolicyRule mPolicy = null;
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java
index 90e81ed4..93327445 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Locale;
@@ -44,20 +43,20 @@ import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * This checks if attribute present.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
-public class AttributePresentConstraints extends APolicyRule 
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class AttributePresentConstraints extends APolicyRule
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_ENABLED = "enabled";
     protected static final String PROP_LDAP = "ldap";
 
@@ -82,42 +81,42 @@ public class AttributePresentConstraints extends APolicyRule
     public String[] getExtendedPluginInfo(Locale locale) {
         String params[] = {
                 PROP_ATTR + ";string,required;Ldap attribute to check presence of (default " +
-                DEF_ATTR + ")",
+                        DEF_ATTR + ")",
                 PROP_VALUE + ";string;if this parameter is non-empty, the attribute must " +
-                "match this value for the request to proceed ",
+                        "match this value for the request to proceed ",
                 PROP_LDAP_BASE + ";string,required;Base DN to start searching " +
-                "under. If your user's DN is 'uid=jsmith, o=company', you " +
-                "might want to use 'o=company' here",
+                        "under. If your user's DN is 'uid=jsmith, o=company', you " +
+                        "might want to use 'o=company' here",
                 PROP_LDAP_HOST + ";string,required;" +
-                "LDAP host to connect to",
+                        "LDAP host to connect to",
                 PROP_LDAP_PORT + ";number,required;" +
-                "LDAP port number (use 389, or 636 if SSL)",
+                        "LDAP port number (use 389, or 636 if SSL)",
                 PROP_LDAP_SSL + ";boolean;" +
-                "Use SSL to connect to directory?",
+                        "Use SSL to connect to directory?",
                 PROP_LDAP_VER + ";choice(3,2),required;" +
-                "LDAP protocol version",
+                        "LDAP protocol version",
                 PROP_LDAP_BIND + ";string;DN to bind as for attribute checking. " +
-                "For example 'CN=Pincheck User'",
+                        "For example 'CN=Pincheck User'",
                 PROP_LDAP_PW + ";password;Enter password used to bind as " +
-                "the above user",
+                        "the above user",
                 PROP_LDAP_AUTH + ";choice(BasicAuth,SslClientAuth),required;" +
-                "How to bind to the directory",
+                        "How to bind to the directory",
                 PROP_LDAP_CERT + ";string;If you want to use " +
-                "SSL client auth to the directory, set the client " +
-                "cert nickname here",
+                        "SSL client auth to the directory, set the client " +
+                        "cert nickname here",
                 PROP_LDAP_BASE + ";string,required;Base DN to start searching " +
-                "under. If your user's DN is 'uid=jsmith, o=company', you " +
-                "might want to use 'o=company' here",
+                        "under. If your user's DN is 'uid=jsmith, o=company', you " +
+                        "might want to use 'o=company' here",
                 PROP_LDAP_MINC + ";number;number of connections " +
-                "to keep open to directory server. Default " + DEF_LDAP_MINC,
+                        "to keep open to directory server. Default " + DEF_LDAP_MINC,
                 PROP_LDAP_MAXC + ";number;when needed, connection " +
-                "pool can grow to this many (multiplexed) connections. Default " + DEF_LDAP_MAXC,
+                        "pool can grow to this many (multiplexed) connections. Default " + DEF_LDAP_MAXC,
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-pinpresent",
+                        ";configuration-policyrules-pinpresent",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";" + DESC + " This plugin can be used to " +
-                "check the presence (and, optionally, the value) of any LDAP " +
-                "attribute for the user. "
+                        ";" + DESC + " This plugin can be used to " +
+                        "check the presence (and, optionally, the value) of any LDAP " +
+                        "attribute for the user. "
             };
 
         return params;
@@ -179,9 +178,9 @@ public class AttributePresentConstraints extends APolicyRule
     protected static final String PROP_VALUE = "value";
     protected static final String DEF_VALUE = "";
 
-    protected static Vector<String>    mParamNames;
+    protected static Vector<String> mParamNames;
     protected static Hashtable<String, Object> mParamDefault;
-    protected        Hashtable<String, Object> mParamValue = null;
+    protected Hashtable<String, Object> mParamValue = null;
 
     static {
         mParamNames = new Vector<String>();
@@ -200,7 +199,7 @@ public class AttributePresentConstraints extends APolicyRule
         addParam(PROP_ATTR, DEF_ATTR);
         addParam(PROP_VALUE, DEF_VALUE);
     };
-	
+
     protected static void addParam(String name, Object value) {
         mParamNames.addElement(name);
         mParamDefault.put(name, value);
@@ -209,8 +208,8 @@ public class AttributePresentConstraints extends APolicyRule
     protected void getStringConfigParam(IConfigStore config, String paramName) {
         try {
             mParamValue.put(
-                paramName, config.getString(paramName, (String) mParamDefault.get(paramName))
-            );
+                    paramName, config.getString(paramName, (String) mParamDefault.get(paramName))
+                    );
         } catch (Exception e) {
         }
     }
@@ -218,12 +217,12 @@ public class AttributePresentConstraints extends APolicyRule
     protected void getIntConfigParam(IConfigStore config, String paramName) {
         try {
             mParamValue.put(
-                paramName, Integer.valueOf(
-                    config.getInteger(paramName,
-                        ((Integer) mParamDefault.get(paramName)).intValue()
-                    )
-                )
-            );
+                    paramName, Integer.valueOf(
+                            config.getInteger(paramName,
+                                    ((Integer) mParamDefault.get(paramName)).intValue()
+                                    )
+                            )
+                    );
         } catch (Exception e) {
         }
     }
@@ -231,18 +230,18 @@ public class AttributePresentConstraints extends APolicyRule
     protected void getBooleanConfigParam(IConfigStore config, String paramName) {
         try {
             mParamValue.put(
-                paramName, Boolean.valueOf(
-                    config.getBoolean(paramName,
-                        ((Boolean) mParamDefault.get(paramName)).booleanValue()
-                    )
-                )
-            );
+                    paramName, Boolean.valueOf(
+                            config.getBoolean(paramName,
+                                    ((Boolean) mParamDefault.get(paramName)).booleanValue()
+                                    )
+                            )
+                    );
         } catch (Exception e) {
         }
     }
 
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         mParamValue = new Hashtable<String, Object>();
@@ -277,7 +276,7 @@ public class AttributePresentConstraints extends APolicyRule
         String requestType = r.getRequestType();
 
         if (requestType.equals(IRequest.ENROLLMENT_REQUEST) ||
-            requestType.equals(IRequest.RENEWAL_REQUEST)) {
+                requestType.equals(IRequest.RENEWAL_REQUEST)) {
 
             String uid = r.getExtDataInString(IRequest.HTTP_PARAMS, "uid");
 
@@ -291,10 +290,10 @@ public class AttributePresentConstraints extends APolicyRule
 
             try {
                 String[] attrs = { (String) mParamValue.get(PROP_ATTR) };
-                LDAPSearchResults searchResult = 
-                    mCheckAttrLdapConnection.search((String) mParamValue.get(PROP_LDAP_BASE),
-                        LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", attrs, false);
-			
+                LDAPSearchResults searchResult =
+                        mCheckAttrLdapConnection.search((String) mParamValue.get(PROP_LDAP_BASE),
+                                LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", attrs, false);
+
                 if (!searchResult.hasMoreElements()) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
                     setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
@@ -304,12 +303,12 @@ public class AttributePresentConstraints extends APolicyRule
                 LDAPEntry entry = (LDAPEntry) searchResult.nextElement();
 
                 userdn = entry.getDN();
-	
+
                 LDAPAttribute attr = entry.getAttribute((String) mParamValue.get(PROP_ATTR));
 
                 /* if attribute not present, reject the request */
                 if (attr == null) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", userdn)); 
+                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", userdn));
                     setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
                     return PolicyResult.REJECTED;
                 }
@@ -331,7 +330,7 @@ public class AttributePresentConstraints extends APolicyRule
                         return PolicyResult.REJECTED;
                     }
                 }
-				
+
                 CMS.debug("AttributePresentConstraints: Attribute is present for user: \"" + userdn + "\"");
 
             } catch (LDAPException e) {
@@ -344,7 +343,7 @@ public class AttributePresentConstraints extends APolicyRule
         return res;
     }
 
-    public Vector<String>  getInstanceParams() {
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         Enumeration<String> e = mParamNames.elements();
@@ -397,10 +396,11 @@ public class AttributePresentConstraints extends APolicyRule
     }
 
     protected void log(int level, String msg) {
-        if (mLogger == null) return;
+        if (mLogger == null)
+            return;
 
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, "AttributePresentConstraints: " + msg);
+                level, "AttributePresentConstraints: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
index 3caee615..b9a6e24a 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.math.BigInteger;
 import java.security.interfaces.DSAParams;
 import java.util.Locale;
@@ -40,20 +39,20 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * DSAKeyConstraints policy enforces min and max size of the key.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class DSAKeyConstraints extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     private int mMinSize;
     private int mMaxSize;
 
@@ -73,7 +72,7 @@ public class DSAKeyConstraints extends APolicyRule
         defConfParams.addElement(PROP_MIN_SIZE + "=" + DEF_MIN_SIZE);
         defConfParams.addElement(PROP_MAX_SIZE + "=" + DEF_MAX_SIZE);
     }
-		
+
     public DSAKeyConstraints() {
         NAME = "DSAKeyConstraints";
         DESC = "Enforces DSA Key Constraints.";
@@ -84,9 +83,9 @@ public class DSAKeyConstraints extends APolicyRule
                 PROP_MIN_SIZE + ";number;Minimum key size",
                 PROP_MAX_SIZE + ";number;Maximum key size",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-dsakeyconstraints",
+                        ";configuration-policyrules-dsakeyconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Rejects request if DSA key size is out of range"
+                        ";Rejects request if DSA key size is out of range"
             };
 
         return params;
@@ -95,18 +94,13 @@ public class DSAKeyConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
-     * The entries probably are of the form
-     *      ra.Policy.rule.<ruleName>.implName=DSAKeyConstraints
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.minSize=512
-     *      ra.Policy.rule.<ruleName>.maxSize=1024
-     *      ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
-     *
-     * @param config	The config store reference
+     * 
+     * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=DSAKeyConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.minSize=512 ra.Policy.rule.<ruleName>.maxSize=1024 ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
 
         // Get Min and Max sizes
         mConfig = config;
@@ -120,34 +114,34 @@ public class DSAKeyConstraints extends APolicyRule
 
                 log(ILogger.LL_FAILURE, PROP_MAX_SIZE + " " + msg);
                 throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", 
-                            PROP_MAX_SIZE, msg));
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
+                                PROP_MAX_SIZE, msg));
             }
             if (mMinSize < DEF_MIN_SIZE) {
                 String msg = "cannot be less than " + DEF_MIN_SIZE;
 
                 log(ILogger.LL_FAILURE, PROP_MIN_SIZE + " " + msg);
                 throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", 
-                            PROP_MIN_SIZE, msg));
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
+                                PROP_MIN_SIZE, msg));
             }
             if (mMaxSize % INCREMENT != 0) {
                 String msg = "must be in increments of " + INCREMENT;
 
                 log(ILogger.LL_FAILURE, PROP_MAX_SIZE + " " + msg);
                 throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", 
-                            PROP_MIN_SIZE, msg));
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
+                                PROP_MIN_SIZE, msg));
             }
             if (mMaxSize % INCREMENT != 0) {
                 String msg = "must be in increments of " + INCREMENT;
 
                 log(ILogger.LL_FAILURE, PROP_MIN_SIZE + " " + msg);
                 throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", 
-                            PROP_MIN_SIZE, msg));
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
+                                PROP_MIN_SIZE, msg));
             }
-			
+
             config.putInteger(PROP_MIN_SIZE, mMinSize);
             config.putInteger(PROP_MAX_SIZE, mMaxSize);
 
@@ -160,8 +154,8 @@ public class DSAKeyConstraints extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -171,7 +165,7 @@ public class DSAKeyConstraints extends APolicyRule
         try {
             // Get the certificate info from the request
             X509CertInfo ci[] =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                    req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
             // There should be a certificate info set.
             if (ci == null || ci[0] == null) {
@@ -182,19 +176,19 @@ public class DSAKeyConstraints extends APolicyRule
             // Else check if the key size(s) are within the limit.
             for (int i = 0; i < ci.length; i++) {
                 CertificateX509Key certKey = (CertificateX509Key)
-                    ci[i].get(X509CertInfo.KEY);
+                        ci[i].get(X509CertInfo.KEY);
                 X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
                 String alg = key.getAlgorithmId().toString();
 
                 if (!alg.equalsIgnoreCase(DSA))
                     continue;
 
-                    // Check DSAKey parameters.
-                    // size refers to the p parameter.
+                // Check DSAKey parameters.
+                // size refers to the p parameter.
                 DSAPublicKey dsaKey = new DSAPublicKey(key.getEncoded());
                 DSAParams keyParams = dsaKey.getParams();
 
-                if (keyParams == null) { 
+                if (keyParams == null) {
                     // key parameters could not be parsed.
                     Object[] params = new Object[] {
                             getInstanceName(), String.valueOf(i + 1) };
@@ -205,11 +199,11 @@ public class DSAKeyConstraints extends APolicyRule
                 BigInteger p = keyParams.getP();
                 int len = p.bitLength();
 
-                if (len < mMinSize || len > mMaxSize || 
-                    (len % INCREMENT) != 0) {
-                    String[] parms = new String[] { 
-                            getInstanceName(), 
-                            String.valueOf(len), 
+                if (len < mMinSize || len > mMaxSize ||
+                        (len % INCREMENT) != 0) {
+                    String[] parms = new String[] {
+                            getInstanceName(),
+                            String.valueOf(len),
                             String.valueOf(mMinSize),
                             String.valueOf(mMaxSize),
                             String.valueOf(INCREMENT) };
@@ -220,7 +214,7 @@ public class DSAKeyConstraints extends APolicyRule
             }
         } catch (Exception e) {
             // e.printStackTrace();
-            String[] params = { getInstanceName(), e.toString()};
+            String[] params = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
             result = PolicyResult.REJECTED;
@@ -230,27 +224,27 @@ public class DSAKeyConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector getInstanceParams() { 
+    public Vector getInstanceParams() {
         Vector confParams = new Vector();
 
         try {
             confParams.addElement(PROP_MIN_SIZE + "=" + mConfig.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE));
             confParams.addElement(PROP_MAX_SIZE + "=" + mConfig.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE));
-        } catch (EBaseException e) {;
+        } catch (EBaseException e) {
+            ;
         }
         return confParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
         return defConfParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java b/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java
index 3d4aedc3..fd143646 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Locale;
 import java.util.Vector;
 
@@ -30,22 +29,22 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * This is the default revocation policy. Currently this does
  * nothing. We can later add checks like whether or not to
  * revoke expired certs ..etc here.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class DefaultRevocation extends APolicyRule
-    implements IRevocationPolicy, IExtendedPluginInfo {
+        implements IRevocationPolicy, IExtendedPluginInfo {
     public DefaultRevocation() {
         NAME = "DefaultRevocation";
         DESC = "Default Revocation Policy";
@@ -54,24 +53,22 @@ public class DefaultRevocation extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=DefaultRevocation
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=DefaultRevocation ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
     }
 
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -80,7 +77,7 @@ public class DefaultRevocation extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getInstanceParams() {
@@ -89,7 +86,7 @@ public class DefaultRevocation extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
@@ -104,4 +101,3 @@ public class DefaultRevocation extends APolicyRule
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java
index aed75bcd..f79688f4 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Locale;
 import java.util.Vector;
 
@@ -35,29 +34,29 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * IssuerConstraints is a rule for restricting the issuers of the
  * certificates used for certificate-based enrollments.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$ $Date$
  */
 public class IssuerConstraints extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     private final static String PROP_ISSUER_DN = "issuerDN";
     private static final String CLIENT_ISSUER = "clientIssuer";
     private X500Name mIssuerDN = null;
     private String mIssuerDNString;
 
     /**
-     * checks the issuer of the ssl client-auth cert.  Only one issuer
-     *	 is allowed for now
+     * checks the issuer of the ssl client-auth cert. Only one issuer
+     * is allowed for now
      */
     public IssuerConstraints() {
         NAME = "IssuerConstraints";
@@ -68,10 +67,10 @@ public class IssuerConstraints extends APolicyRule
         String[] params = {
                 PROP_ISSUER_DN + ";string;Subject DN of the Issuer. The IssuerDN of the authenticating cert must match what's specified here",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-issuerconstraints",
+                        ";configuration-policyrules-issuerconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Rejects the request if the issuer in the certificate is" +
-                "not of the one specified"
+                        ";Rejects the request if the issuer in the certificate is" +
+                        "not of the one specified"
             };
 
         return params;
@@ -81,34 +80,35 @@ public class IssuerConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     * @param config	The config store reference
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
         try {
             mIssuerDNString = config.getString(PROP_ISSUER_DN, null);
-            if ((mIssuerDNString != null) && 
-                !mIssuerDNString.equals("")) {
+            if ((mIssuerDNString != null) &&
+                    !mIssuerDNString.equals("")) {
                 mIssuerDN = new X500Name(mIssuerDNString);
             }
         } catch (Exception e) {
-            log(ILogger.LL_FAILURE, 
-                NAME + CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED"));
+            log(ILogger.LL_FAILURE,
+                    NAME + CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED"));
 
-            String[] params = {getInstanceName(), e.toString()};
+            String[] params = { getInstanceName(), e.toString() };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
         }
         CMS.debug(
-            NAME + ": init() done");
+                NAME + ": init() done");
     }
 
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -125,82 +125,82 @@ public class IssuerConstraints extends APolicyRule
 
                 if (!ci_name.equals(mIssuerDN)) {
                     setError(req,
-                        CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER",
-                            getInstanceName()), "");
+                            CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER",
+                                    getInstanceName()), "");
                     result = PolicyResult.REJECTED;
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED")); 
+                            CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED"));
                     CMS.debug(
-                        NAME + ": apply() - issuerDN mismatch: client issuerDN = " + clientIssuerDN + "; expected issuerDN = " + mIssuerDNString);
+                            NAME + ": apply() - issuerDN mismatch: client issuerDN = " + clientIssuerDN + "; expected issuerDN = " + mIssuerDNString);
                 }
             } else {
 
                 // Get the certificate info from the request
                 X509CertInfo certInfo[] =
-                    req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                        req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
                 if (certInfo == null) {
-                    log(ILogger.LL_FAILURE, 
-                        NAME + ": apply() - missing certInfo");
-                    setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", 
+                    log(ILogger.LL_FAILURE,
+                            NAME + ": apply() - missing certInfo");
+                    setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
                             getInstanceName()), "");
                     return PolicyResult.REJECTED;
                 }
-				
+
                 for (int i = 0; i < certInfo.length; i++) {
                     String oldIssuer = (String)
-                        certInfo[i].get(X509CertInfo.ISSUER).toString();
-					
+                            certInfo[i].get(X509CertInfo.ISSUER).toString();
+
                     if (oldIssuer == null) {
                         setError(req,
-                            CMS.getUserMessage("CMS_POLICY_CLIENT_ISSUER_NOT_FOUND",
-                                getInstanceName()), "");
+                                CMS.getUserMessage("CMS_POLICY_CLIENT_ISSUER_NOT_FOUND",
+                                        getInstanceName()), "");
                         result = PolicyResult.REJECTED;
-                        log(ILogger.LL_FAILURE, 
-                            NAME + ": apply() - client issuerDN not found");
+                        log(ILogger.LL_FAILURE,
+                                NAME + ": apply() - client issuerDN not found");
                     }
                     X500Name oi_name = new X500Name(oldIssuer);
 
                     if (!oi_name.equals(mIssuerDN)) {
                         setError(req,
-                            CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER",
-                                getInstanceName()), "");
+                                CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER",
+                                        getInstanceName()), "");
                         result = PolicyResult.REJECTED;
-                        log(ILogger.LL_FAILURE, 
-                            NAME + ": apply() - cert issuerDN mismatch: client issuerDN = " + oldIssuer + "; expected issuerDN = " + mIssuerDNString);
+                        log(ILogger.LL_FAILURE,
+                                NAME + ": apply() - cert issuerDN mismatch: client issuerDN = " + oldIssuer + "; expected issuerDN = " + mIssuerDNString);
                     }
                 }
             }
         } catch (Exception e) {
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
             result = PolicyResult.REJECTED;
         }
 
         if (result.equals(PolicyResult.ACCEPTED)) {
-            log(ILogger.LL_INFO, 
-                NAME + ": apply() - accepted");
+            log(ILogger.LL_INFO,
+                    NAME + ": apply() - accepted");
         }
         return result;
     }
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getInstanceParams() {
         Vector confParams = new Vector();
 
         confParams.addElement(PROP_ISSUER_DN + "=" +
-            mIssuerDNString);
+                mIssuerDNString);
         return confParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
index 8286cf31..c523ae9f 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.StringTokenizer;
@@ -37,43 +36,43 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * KeyAlgorithmConstraints enforces a constraint that the RA or a CA
  * honor only the keys generated using one of the permitted algorithms
  * such as RSA, DSA or DH.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class KeyAlgorithmConstraints extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     private Vector mAlgorithms;
     private final static String DEF_KEY_ALGORITHM = "RSA,DSA";
     private final static String PROP_ALGORITHMS = "algorithms";
     private final static String[] supportedAlgorithms =
-        {"RSA", "DSA", "DH" };
+        { "RSA", "DSA", "DH" };
 
     private final static Vector defConfParams = new Vector();
 
     static {
-        defConfParams.addElement(PROP_ALGORITHMS + "=" + 
-            DEF_KEY_ALGORITHM);
+        defConfParams.addElement(PROP_ALGORITHMS + "=" +
+                DEF_KEY_ALGORITHM);
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String params[] = {
                 "algorithms;choice(RSA\\,DSA,RSA,DSA);Certificate's key can be one of these algorithms",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-keyalgorithmconstraints",
+                        ";configuration-policyrules-keyalgorithmconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Rejects the request if the key in the certificate is " +
-                "not of the type specified"
+                        ";Rejects the request if the key in the certificate is " +
+                        "not of the type specified"
             };
 
         return params;
@@ -87,17 +86,13 @@ public class KeyAlgorithmConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
-     * The entries probably are of the form
-     *      ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints
-     *      ra.Policy.rule.<ruleName>.algorithms=RSA,DSA
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config	The config store reference
+     * 
+     * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints ra.Policy.rule.<ruleName>.algorithms=RSA,DSA ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate=ou==Sales
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
 
         mAlgorithms = new Vector();
 
@@ -112,7 +107,7 @@ public class KeyAlgorithmConstraints extends APolicyRule
         try {
             algNames = config.getString(PROP_ALGORITHMS, null);
         } catch (Exception e) {
-            String[] params = {getInstanceName(), e.toString()};
+            String[] params = { getInstanceName(), e.toString() };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
@@ -133,11 +128,10 @@ public class KeyAlgorithmConstraints extends APolicyRule
         }
 
         // Check if configured algorithms are supported.
-        for (Enumeration e = mAlgorithms.elements();
-            e.hasMoreElements();) {
+        for (Enumeration e = mAlgorithms.elements(); e.hasMoreElements();) {
             int i;
             String configuredAlg = (String) e.nextElement();
-				
+
             // See if it is a supported algorithm.
             for (i = 0; i < supportedAlgorithms.length; i++) {
                 if (configuredAlg.equals(supportedAlgorithms[i]))
@@ -148,15 +142,15 @@ public class KeyAlgorithmConstraints extends APolicyRule
             if (i == supportedAlgorithms.length)
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_UNSUPPORTED_KEY_ALG",
-                            getInstanceName(), configuredAlg));
+                                getInstanceName(), configuredAlg));
         }
     }
 
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -179,18 +173,18 @@ public class KeyAlgorithmConstraints extends APolicyRule
             // Else check if the key algorithm is supported.
             for (int i = 0; i < certInfo.length; i++) {
                 CertificateX509Key certKey = (CertificateX509Key)
-                    certInfo[i].get(X509CertInfo.KEY);
+                        certInfo[i].get(X509CertInfo.KEY);
                 X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
                 String alg = key.getAlgorithmId().getName().toUpperCase();
 
                 if (!mAlgorithms.contains(alg)) {
-                    setError(req, CMS.getUserMessage("CMS_POLICY_KEY_ALG_VIOLATION", 
+                    setError(req, CMS.getUserMessage("CMS_POLICY_KEY_ALG_VIOLATION",
                             getInstanceName(), alg), "");
                     result = PolicyResult.REJECTED;
                 }
             }
         } catch (Exception e) {
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                     params), "");
@@ -201,10 +195,10 @@ public class KeyAlgorithmConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector getInstanceParams() { 
+    public Vector getInstanceParams() {
         Vector v = new Vector();
         StringBuffer sb = new StringBuffer();
 
@@ -217,14 +211,13 @@ public class KeyAlgorithmConstraints extends APolicyRule
         v.addElement(PROP_ALGORITHMS + "=" + sb.toString());
         return v;
     }
-		
+
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
         return defConfParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java b/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java
index a2bf9437..1abc5bda 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Vector;
 
 import com.netscape.certsrv.authentication.IAuthToken;
@@ -29,23 +28,23 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * ManualAuthentication is an enrollment policy that queues
  * all requests for issuing agent's approval if no authentication
  * is present. The policy rejects a request if any of the auth tokens
  * indicates authentication failure.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class ManualAuthentication extends APolicyRule
-    implements IEnrollmentPolicy {
+        implements IEnrollmentPolicy {
     public ManualAuthentication() {
         NAME = "ManualAuthentication";
         DESC = "Manual Authentication Policy";
@@ -54,30 +53,28 @@ public class ManualAuthentication extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=ManualAuthentication
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=ManualAuthentication ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
     }
 
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         IAuthToken authToken = req.getExtDataInAuthToken(IRequest.AUTH_TOKEN);
 
-        if (authToken == null) 
+        if (authToken == null)
             return deferred(req);
 
         return PolicyResult.ACCEPTED;
@@ -85,7 +82,7 @@ public class ManualAuthentication extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getInstanceParams() {
@@ -94,11 +91,10 @@ public class ManualAuthentication extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
         return null;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
index 7f7537bf..57176950 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.StringTokenizer;
@@ -41,21 +40,21 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * RSAKeyConstraints policy enforces min and max size of the key.
  * Optionally checks the exponents.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class RSAKeyConstraints extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     private Vector mExponents;
     private int mMinSize;
     private int mMaxSize;
@@ -81,10 +80,10 @@ public class RSAKeyConstraints extends APolicyRule
                 PROP_MAX_SIZE + ";number;Maximum size of user's RSA key (bits)",
                 PROP_EXPONENTS + ";string;Comma-separated list of permissible exponents",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-rsakeyconstraints",
+                        ";configuration-policyrules-rsakeyconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Reject request if RSA key length is not within the " +
-                "specified constraints"
+                        ";Reject request if RSA key length is not within the " +
+                        "specified constraints"
             };
 
         return params;
@@ -98,38 +97,34 @@ public class RSAKeyConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries probably are of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.minSize=512
-     *      ra.Policy.rule.<ruleName>.maxSize=2048
-     *      ra.Policy.rule.<ruleName>.predicate=ou==Marketing
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.minSize=512 ra.Policy.rule.<ruleName>.maxSize=2048 ra.Policy.rule.<ruleName>.predicate=ou==Marketing
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
 
         if (config == null || config.size() == 0)
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_MISSING_POLICY_CONFIG",
-                        getInstanceName()));
+                            getInstanceName()));
         String exponents = null;
 
         // Get Min and Max sizes
         mMinSize = config.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE);
         mMaxSize = config.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE);
 
-        if (mMinSize <= 0) 
+        if (mMinSize <= 0)
             throw new EBaseException(
                     CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MIN_SIZE));
-        if (mMaxSize <= 0) 
+        if (mMaxSize <= 0)
             throw new EBaseException(
                     CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MAX_SIZE));
 
-        if (mMinSize > mMaxSize) 
+        if (mMinSize > mMaxSize)
             throw new EBaseException(
                     CMS.getUserMessage("CMS_BASE_A_GREATER_THAN_EQUAL_B", PROP_MIN_SIZE, PROP_MAX_SIZE));
 
@@ -149,8 +144,8 @@ public class RSAKeyConstraints extends APolicyRule
                 }
             } catch (Exception e) {
                 // e.printStackTrace();
-                String[] params = {getInstanceName(), exponents, 
-                        PROP_EXPONENTS};
+                String[] params = { getInstanceName(), exponents,
+                        PROP_EXPONENTS };
 
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_INVALID_CONFIG_PARAM", params));
@@ -161,8 +156,8 @@ public class RSAKeyConstraints extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -172,11 +167,11 @@ public class RSAKeyConstraints extends APolicyRule
         try {
             // Get the certificate info from the request
             X509CertInfo certInfo[] =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                    req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
             // There should be a certificate info set.
             if (certInfo == null) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", 
+                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
                         getInstanceName()), "");
                 return PolicyResult.REJECTED;
             }
@@ -184,7 +179,7 @@ public class RSAKeyConstraints extends APolicyRule
             // Else check if the key size(s) are within the limit.
             for (int i = 0; i < certInfo.length; i++) {
                 CertificateX509Key certKey = (CertificateX509Key)
-                    certInfo[i].get(X509CertInfo.KEY);
+                        certInfo[i].get(X509CertInfo.KEY);
                 X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
                 String alg = key.getAlgorithmId().toString();
 
@@ -196,22 +191,22 @@ public class RSAKeyConstraints extends APolicyRule
                     newkey = new X509Key(AlgorithmId.get("RSA"),
                                 key.getKey());
                 } catch (Exception e) {
-                    CMS.debug( "RSAKeyConstraints::apply() - "
-                             + "Exception="+e.toString() );
-                    setError( req,
-                              CMS.getUserMessage( "CMS_POLICY_KEY_SIZE_VIOLATION", 
-                                                  getInstanceName() ),
-                              "" );
+                    CMS.debug("RSAKeyConstraints::apply() - "
+                             + "Exception=" + e.toString());
+                    setError(req,
+                              CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION",
+                                                  getInstanceName()),
+                              "");
                     return PolicyResult.REJECTED;
                 }
                 RSAPublicKey rsaKey = new RSAPublicKey(newkey.getEncoded());
                 int keySize = rsaKey.getKeySize();
 
                 if (keySize < mMinSize || keySize > mMaxSize) {
-                    String[] params = {getInstanceName(), 
-                            String.valueOf(keySize), 
+                    String[] params = { getInstanceName(),
+                            String.valueOf(keySize),
                             String.valueOf(mMinSize),
-                            String.valueOf(mMaxSize)};
+                            String.valueOf(mMaxSize) };
 
                     setError(req, CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION",
                             params), "");
@@ -226,15 +221,14 @@ public class RSAKeyConstraints extends APolicyRule
                     if (!mExponents.contains(exp)) {
                         StringBuffer sb = new StringBuffer();
 
-                        for (Enumeration e = mExponents.elements(); 
-                            e.hasMoreElements();) {
+                        for (Enumeration e = mExponents.elements(); e.hasMoreElements();) {
                             BigInt bi = (BigInt) e.nextElement();
 
                             sb.append(bi.toBigInteger().toString());
                             sb.append(" ");
                         }
-                        String[] params = {getInstanceName(), 
-                                exp.toBigInteger().toString(), new String(sb)};
+                        String[] params = { getInstanceName(),
+                                exp.toBigInteger().toString(), new String(sb) };
 
                         setError(req, CMS.getUserMessage("CMS_POLICY_EXPONENT_VIOLATION", params), "");
                         result = PolicyResult.REJECTED;
@@ -243,7 +237,7 @@ public class RSAKeyConstraints extends APolicyRule
             }
         } catch (Exception e) {
             // e.printStackTrace();
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
             result = PolicyResult.REJECTED;
@@ -253,10 +247,10 @@ public class RSAKeyConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector getInstanceParams() { 
+    public Vector getInstanceParams() {
         Vector confParams = new Vector();
 
         confParams.addElement(PROP_MIN_SIZE + "=" + mMinSize);
@@ -275,11 +269,10 @@ public class RSAKeyConstraints extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
         return defConfParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java
index 08e479b8..499e2663 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Date;
 import java.util.Locale;
 import java.util.Vector;
@@ -37,21 +36,22 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Whether to allow renewal of an expired cert.
+ * 
  * @version $Revision$, $Date$
- * <P>
- * <PRE>
+ *          <P>
+ * 
+ *          <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
- * <P>
- *
+ *          <P>
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class RenewalConstraints extends APolicyRule
-    implements IRenewalPolicy, IExtendedPluginInfo {
+        implements IRenewalPolicy, IExtendedPluginInfo {
 
     private static final String PROP_ALLOW_EXPIRED_CERTS = "allowExpiredCerts";
     private static final String PROP_RENEWAL_NOT_AFTER = "renewalNotAfter";
@@ -66,7 +66,7 @@ public class RenewalConstraints extends APolicyRule
     static {
         defConfParams.addElement(PROP_ALLOW_EXPIRED_CERTS + "=" + true);
         defConfParams.addElement(PROP_RENEWAL_NOT_AFTER + "=" +
-            DEF_RENEWAL_NOT_AFTER);
+                DEF_RENEWAL_NOT_AFTER);
     }
 
     public RenewalConstraints() {
@@ -79,10 +79,10 @@ public class RenewalConstraints extends APolicyRule
                 PROP_ALLOW_EXPIRED_CERTS + ";boolean;Allow a user to renew an already-expired certificate",
                 PROP_RENEWAL_NOT_AFTER + ";number;Number of days since certificate expiry after which renewal request would be rejected",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-renewalconstraints",
+                        ";configuration-policyrules-renewalconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Permit administrator to decide policy on whether to " +
-                "permit renewals for already-expired certificates"
+                        ";Permit administrator to decide policy on whether to " +
+                        "permit renewals for already-expired certificates"
             };
 
         return params;
@@ -92,24 +92,22 @@ public class RenewalConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries probably are of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=ValidityConstraints
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.allowExpiredCerts=true
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.allowExpiredCerts=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
         // Get min and max validity in days and configure them.
         try {
-            mAllowExpiredCerts = 
+            mAllowExpiredCerts =
                     config.getBoolean(PROP_ALLOW_EXPIRED_CERTS, true);
             String val = config.getString(PROP_RENEWAL_NOT_AFTER, null);
 
-            if (val == null) 
+            if (val == null)
                 mRenewalNotAfter = DEF_RENEWAL_NOT_AFTER * DAYS_TO_MS_FACTOR;
             else {
                 mRenewalNotAfter = Long.parseLong(val) * DAYS_TO_MS_FACTOR;
@@ -125,8 +123,8 @@ public class RenewalConstraints extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -135,25 +133,25 @@ public class RenewalConstraints extends APolicyRule
         try {
             // Get the certificates being renwed.
             X509CertImpl[] oldCerts =
-                req.getExtDataInCertArray(IRequest.OLD_CERTS);
+                    req.getExtDataInCertArray(IRequest.OLD_CERTS);
 
             if (oldCerts == null) {
                 setError(req, CMS.getUserMessage("CMS_POLICY_NO_OLD_CERT",
                         getInstanceName()), "");
                 return PolicyResult.REJECTED;
             }
-			
+
             if (mAllowExpiredCerts) {
                 CMS.debug("checking validity of each cert");
                 // check if each cert to be renewed is expired for more than 		    // allowed days.
                 for (int i = 0; i < oldCerts.length; i++) {
                     X509CertInfo oldCertInfo = (X509CertInfo)
-                        oldCerts[i].get(X509CertImpl.NAME + "." +
-                            X509CertImpl.INFO);
-                    CertificateValidity  oldValidity = (CertificateValidity)
-                        oldCertInfo.get(X509CertInfo.VALIDITY);
+                            oldCerts[i].get(X509CertImpl.NAME + "." +
+                                    X509CertImpl.INFO);
+                    CertificateValidity oldValidity = (CertificateValidity)
+                            oldCertInfo.get(X509CertInfo.VALIDITY);
                     Date notAfter = (Date)
-                        oldValidity.get(CertificateValidity.NOT_AFTER);
+                            oldValidity.get(CertificateValidity.NOT_AFTER);
 
                     // Is the Certificate eligible for renewal ?
 
@@ -166,12 +164,12 @@ public class RenewalConstraints extends APolicyRule
 
                     if (renewedNotAfter.before(now)) {
                         CMS.debug(
-                            "One or more certificates is expired for more than " + (mRenewalNotAfter / DAYS_TO_MS_FACTOR) + " days");
+                                "One or more certificates is expired for more than " + (mRenewalNotAfter / DAYS_TO_MS_FACTOR) + " days");
                         String params[] = { getInstanceName(), Long.toString(mRenewalNotAfter / DAYS_TO_MS_FACTOR) };
 
-                        setError(req, 
-                            CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS_AFTER_ALLOWED_PERIOD",
-                                params), "");
+                        setError(req,
+                                CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS_AFTER_ALLOWED_PERIOD",
+                                        params), "");
                         return PolicyResult.REJECTED;
                     }
                 }
@@ -182,12 +180,12 @@ public class RenewalConstraints extends APolicyRule
             // check if each cert to be renewed is expired.
             for (int i = 0; i < oldCerts.length; i++) {
                 X509CertInfo oldCertInfo = (X509CertInfo)
-                    oldCerts[i].get(
-                        X509CertImpl.NAME + "." + X509CertImpl.INFO);
-                CertificateValidity  oldValidity = (CertificateValidity)
-                    oldCertInfo.get(X509CertInfo.VALIDITY);
+                        oldCerts[i].get(
+                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                CertificateValidity oldValidity = (CertificateValidity)
+                        oldCertInfo.get(X509CertInfo.VALIDITY);
                 Date notAfter = (Date)
-                    oldValidity.get(CertificateValidity.NOT_AFTER);
+                        oldValidity.get(CertificateValidity.NOT_AFTER);
 
                 // Is the Certificate still valid?
                 Date now = CMS.getCurrentDate();
@@ -195,19 +193,19 @@ public class RenewalConstraints extends APolicyRule
                 CMS.debug("RenewalConstraints: cert " + i + " notAfter " + notAfter + " now=" + now);
                 if (notAfter.before(now)) {
                     CMS.debug(
-                        "RenewalConstraints: One or more certificates is expired.");
+                            "RenewalConstraints: One or more certificates is expired.");
                     String params[] = { getInstanceName() };
 
-                    setError(req, 
-                        CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS",
-                            params), "");
+                    setError(req,
+                            CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS",
+                                    params), "");
                     result = PolicyResult.REJECTED;
                     break;
                 }
             }
 
         } catch (Exception e) {
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
             result = PolicyResult.REJECTED;
@@ -217,22 +215,22 @@ public class RenewalConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getInstanceParams() {
         Vector confParams = new Vector();
 
         confParams.addElement(
-            PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts);
+                PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts);
         confParams.addElement(PROP_RENEWAL_NOT_AFTER + "=" +
-            mRenewalNotAfter / DAYS_TO_MS_FACTOR);
+                mRenewalNotAfter / DAYS_TO_MS_FACTOR);
         return confParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
index 3d98f3c2..b3f9298c 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Date;
 import java.util.Locale;
 import java.util.Vector;
@@ -36,30 +35,30 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * RenewalValidityConstraints is a default rule for Certificate
  * Renewal. This policy enforces the no of days before which a
  * currently active certificate can be renewed and sets new validity
  * period for the renewed certificate starting from the the ending
  * period in the old certificate.
- *
+ * 
  * The main parameters are:
- *
- *  The renewal leadtime in days: - i.e how many days before the
- *      expiry of the current certificate can one request the renewal.
- *      min and max validity duration.
+ * 
+ * The renewal leadtime in days: - i.e how many days before the
+ * expiry of the current certificate can one request the renewal.
+ * min and max validity duration.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class RenewalValidityConstraints extends APolicyRule
-    implements IRenewalPolicy, IExtendedPluginInfo {
+        implements IRenewalPolicy, IExtendedPluginInfo {
     private long mMinValidity;
     private long mMaxValidity;
     private long mRenewalInterval;
@@ -78,11 +77,11 @@ public class RenewalValidityConstraints extends APolicyRule
 
     static {
         defConfParams.addElement(PROP_MIN_VALIDITY + "=" +
-            DEF_MIN_VALIDITY);
+                DEF_MIN_VALIDITY);
         defConfParams.addElement(PROP_MAX_VALIDITY + "=" +
-            DEF_MAX_VALIDITY);
+                DEF_MAX_VALIDITY);
         defConfParams.addElement(PROP_RENEWAL_INTERVAL + "=" +
-            DEF_RENEWAL_INTERVAL);
+                DEF_RENEWAL_INTERVAL);
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
@@ -91,10 +90,10 @@ public class RenewalValidityConstraints extends APolicyRule
                 PROP_MAX_VALIDITY + ";number;Specifies the maximum validity period, in days, for renewed certificates.",
                 PROP_RENEWAL_INTERVAL + ";number;Specifies how many days before its expiration that a certificate can be renewed.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-renewalvalidityconstraints",
+                        ";configuration-policyrules-renewalvalidityconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Reject renewal request if the certificate is too far " +
-                "before it's expiry date"
+                        ";Reject renewal request if the certificate is too far " +
+                        "before it's expiry date"
             };
 
         return params;
@@ -109,20 +108,15 @@ public class RenewalValidityConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries probably are of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=ValidityConstraints
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.minValidity=30
-     *      ra.Policy.rule.<ruleName>.maxValidity=180
-     *      ra.Policy.rule.<ruleName>.renewalInterval=15
-     *      ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.minValidity=30 ra.Policy.rule.<ruleName>.maxValidity=180 ra.Policy.rule.<ruleName>.renewalInterval=15 ra.Policy.rule.<ruleName>.predicate=ou==Sales
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
 
         // Get min and max validity in days and onfigure them.
         try {
@@ -148,7 +142,7 @@ public class RenewalValidityConstraints extends APolicyRule
 
             // minValidity can't be bigger than maxValidity.
             if (mMinValidity > mMaxValidity) {
-                String params[] = {getInstanceName(),
+                String params[] = { getInstanceName(),
                         String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR),
                         String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) };
 
@@ -158,7 +152,7 @@ public class RenewalValidityConstraints extends APolicyRule
 
             // Renewal interval can't be more than maxValidity.
             if (mRenewalInterval > mMaxValidity) {
-                String params[] = {getInstanceName(),
+                String params[] = { getInstanceName(),
                         String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR),
                         String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) };
 
@@ -167,7 +161,7 @@ public class RenewalValidityConstraints extends APolicyRule
             }
         } catch (Exception e) {
             // e.printStackTrace();
-            String[] params = {getInstanceName(), e.toString()};
+            String[] params = { getInstanceName(), e.toString() };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
@@ -177,8 +171,8 @@ public class RenewalValidityConstraints extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -191,15 +185,15 @@ public class RenewalValidityConstraints extends APolicyRule
         try {
             // Get the certificate info from the request
             X509CertInfo certInfo[] =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                    req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
             // Get the certificates being renwed.
             X509CertImpl currentCerts[] =
-                req.getExtDataInCertArray(IRequest.OLD_CERTS);
+                    req.getExtDataInCertArray(IRequest.OLD_CERTS);
 
             // Both certificate info and current certs should be set
             if (certInfo == null) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", 
+                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
                         getInstanceName()), "");
                 return PolicyResult.REJECTED;
             }
@@ -218,12 +212,12 @@ public class RenewalValidityConstraints extends APolicyRule
             // set the validity.
             for (int i = 0; i < certInfo.length; i++) {
                 X509CertInfo oldCertInfo = (X509CertInfo)
-                    currentCerts[i].get(X509CertImpl.NAME +
-                        "." + X509CertImpl.INFO);
-                CertificateValidity  oldValidity = (CertificateValidity)
-                    oldCertInfo.get(X509CertInfo.VALIDITY);
+                        currentCerts[i].get(X509CertImpl.NAME +
+                                "." + X509CertImpl.INFO);
+                CertificateValidity oldValidity = (CertificateValidity)
+                        oldCertInfo.get(X509CertInfo.VALIDITY);
                 Date notAfter = (Date)
-                    oldValidity.get(CertificateValidity.NOT_AFTER);
+                        oldValidity.get(CertificateValidity.NOT_AFTER);
 
                 // Is the Certificate still valid?
                 Date now = CMS.getCurrentDate();
@@ -233,14 +227,14 @@ public class RenewalValidityConstraints extends APolicyRule
                     long interval = notAfter.getTime() - now.getTime();
 
                     if (interval > mRenewalInterval) {
-                        setError(req, 
-                            CMS.getUserMessage("CMS_POLICY_LONG_RENEWAL_LEAD_TIME",
-                                getInstanceName(),
-                                String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR)), "");
-                        setError(req, 
-                            CMS.getUserMessage("CMS_POLICY_EXISTING_CERT_DETAILS",
-                                getInstanceName(),
-                                getCertDetails(req, currentCerts[i])), "");
+                        setError(req,
+                                CMS.getUserMessage("CMS_POLICY_LONG_RENEWAL_LEAD_TIME",
+                                        getInstanceName(),
+                                        String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR)), "");
+                        setError(req,
+                                CMS.getUserMessage("CMS_POLICY_EXISTING_CERT_DETAILS",
+                                        getInstanceName(),
+                                        getCertDetails(req, currentCerts[i])), "");
 
                         result = PolicyResult.REJECTED;
                         setDummyValidity(certInfo[i]);
@@ -256,19 +250,19 @@ public class RenewalValidityConstraints extends APolicyRule
                 // If the new notAfter is within renewal interval days from 
                 // today or already expired, set the notBefore to today.
                 if (renewedNotAfter.before(now) ||
-                    (renewedNotAfter.getTime() - now.getTime()) <=
-                    mRenewalInterval) {
+                        (renewedNotAfter.getTime() - now.getTime()) <=
+                        mRenewalInterval) {
                     renewedNotBef = now;
                     renewedNotAfter = new Date(now.getTime() +
                                 mMaxValidity);
                 }
                 CertificateValidity newValidity =
-                    new CertificateValidity(renewedNotBef, renewedNotAfter);
+                        new CertificateValidity(renewedNotBef, renewedNotAfter);
 
                 certInfo[i].set(X509CertInfo.VALIDITY, newValidity);
             }
         } catch (Exception e) {
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
             result = PolicyResult.REJECTED;
@@ -278,24 +272,24 @@ public class RenewalValidityConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getInstanceParams() {
         Vector confParams = new Vector();
 
         confParams.addElement(PROP_MIN_VALIDITY + "=" +
-            mMinValidity / DAYS_TO_MS_FACTOR);
+                mMinValidity / DAYS_TO_MS_FACTOR);
         confParams.addElement(PROP_MAX_VALIDITY + "=" +
-            mMaxValidity / DAYS_TO_MS_FACTOR);
+                mMaxValidity / DAYS_TO_MS_FACTOR);
         confParams.addElement(PROP_RENEWAL_INTERVAL + "=" +
-            mRenewalInterval / DAYS_TO_MS_FACTOR);
+                mRenewalInterval / DAYS_TO_MS_FACTOR);
         return confParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
@@ -306,7 +300,7 @@ public class RenewalValidityConstraints extends APolicyRule
     private void setDummyValidity(X509CertInfo certInfo) {
         try {
             certInfo.set(X509CertInfo.VALIDITY,
-                new CertificateValidity(CMS.getCurrentDate(), new Date()));
+                    new CertificateValidity(CMS.getCurrentDate(), new Date()));
         } catch (Exception e) {
         }
     }
@@ -317,8 +311,8 @@ public class RenewalValidityConstraints extends APolicyRule
         sb.append("\n");
         sb.append("Serial No: " + cert.getSerialNumber().toString(16));
         sb.append("\n");
-        sb.append("Validity: " + cert.getNotBefore().toString() + 
-            " - " + cert.getNotAfter().toString());
+        sb.append("Validity: " + cert.getNotBefore().toString() +
+                " - " + cert.getNotAfter().toString());
         sb.append("\n");
         String certType = req.getExtDataInString(IRequest.CERT_TYPE);
 
@@ -326,11 +320,12 @@ public class RenewalValidityConstraints extends APolicyRule
             certType = IRequest.SERVER_CERT;
         if (certType.equals(IRequest.CLIENT_CERT)) {
 
-            /*** Take this our - URL formulation hard to do here.
-             sb.append("Use the following url with your CA/RA gateway spec to download the certificate.");
-             sb.append("\n");
-             sb.append("/query/certImport?op=displayByserial&serialNumber=");
-             sb.append(cert.getSerialNumber().toString(16));
+            /***
+             * Take this our - URL formulation hard to do here.
+             * sb.append("Use the following url with your CA/RA gateway spec to download the certificate.");
+             * sb.append("\n");
+             * sb.append("/query/certImport?op=displayByserial&serialNumber=");
+             * sb.append(cert.getSerialNumber().toString(16));
              ***/
             sb.append("\n");
         } else {
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
index 686529f4..b18e4b7f 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Date;
 import java.util.Locale;
 import java.util.Vector;
@@ -38,20 +37,20 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Whether to allow revocation of an expired cert.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class RevocationConstraints extends APolicyRule
-    implements IRevocationPolicy, IExtendedPluginInfo {
+        implements IRevocationPolicy, IExtendedPluginInfo {
     private static final String PROP_ALLOW_EXPIRED_CERTS = "allowExpiredCerts";
     private static final String PROP_ALLOW_ON_HOLD = "allowOnHold";
 
@@ -74,13 +73,13 @@ public class RevocationConstraints extends APolicyRule
                 PROP_ALLOW_EXPIRED_CERTS + ";boolean;Allow a user to revoke an already-expired certificate",
                 PROP_ALLOW_ON_HOLD + ";boolean;Allow a user to set reason to On-Hold",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-revocationconstraints",
+                        ";configuration-policyrules-revocationconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Allow administrator to decide policy on whether to allow " +
-                "recovation of expired certificates" +
-                "and set reason to On-Hold"
+                        ";Allow administrator to decide policy on whether to allow " +
+                        "recovation of expired certificates" +
+                        "and set reason to On-Hold"
 
-            };
+        };
 
         return params;
 
@@ -89,20 +88,18 @@ public class RevocationConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries probably are of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=ValidityConstraints
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.allowExpiredCerts=true
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.allowExpiredCerts=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
         // Get min and max validity in days and onfigure them.
         try {
-            mAllowExpiredCerts = 
+            mAllowExpiredCerts =
                     config.getBoolean(PROP_ALLOW_EXPIRED_CERTS, true);
             mAllowOnHold =
                     config.getBoolean(PROP_ALLOW_ON_HOLD, true);
@@ -117,8 +114,8 @@ public class RevocationConstraints extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -138,35 +135,35 @@ public class RevocationConstraints extends APolicyRule
 
                 setError(req, CMS.getUserMessage("CMS_POLICY_NO_ON_HOLD_ALLOWED", params), "");
                 return PolicyResult.REJECTED;
-            }                
+            }
         }
 
         if (mAllowExpiredCerts)
             // nothing to check.
             return PolicyResult.ACCEPTED;
-		
+
         PolicyResult result = PolicyResult.ACCEPTED;
 
         try {
             // Get the certificates being renwed.
             X509CertImpl[] oldCerts =
-                req.getExtDataInCertArray(IRequest.OLD_CERTS);
+                    req.getExtDataInCertArray(IRequest.OLD_CERTS);
 
             if (oldCerts == null) {
                 setError(req, CMS.getUserMessage("CMS_POLICY_NO_OLD_CERT"),
-                    getInstanceName());
+                        getInstanceName());
                 return PolicyResult.REJECTED;
             }
 
             // check if each cert to be renewed is expired.
             for (int i = 0; i < oldCerts.length; i++) {
                 X509CertInfo oldCertInfo = (X509CertInfo)
-                    oldCerts[i].get(
-                        X509CertImpl.NAME + "." + X509CertImpl.INFO);
-                CertificateValidity  oldValidity = (CertificateValidity)
-                    oldCertInfo.get(X509CertInfo.VALIDITY);
+                        oldCerts[i].get(
+                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                CertificateValidity oldValidity = (CertificateValidity)
+                        oldCertInfo.get(X509CertInfo.VALIDITY);
                 Date notAfter = (Date)
-                    oldValidity.get(CertificateValidity.NOT_AFTER);
+                        oldValidity.get(CertificateValidity.NOT_AFTER);
 
                 // Is the Certificate still valid?
                 Date now = CMS.getCurrentDate();
@@ -174,16 +171,16 @@ public class RevocationConstraints extends APolicyRule
                 if (notAfter.before(now)) {
                     String params[] = { getInstanceName() };
 
-                    setError(req, 
-                        CMS.getUserMessage("CMS_POLICY_CANNOT_REVOKE_EXPIRED_CERTS",
-                            params), "");
+                    setError(req,
+                            CMS.getUserMessage("CMS_POLICY_CANNOT_REVOKE_EXPIRED_CERTS",
+                                    params), "");
                     result = PolicyResult.REJECTED;
                     break;
                 }
             }
 
         } catch (Exception e) {
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
             result = PolicyResult.REJECTED;
@@ -193,22 +190,22 @@ public class RevocationConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getInstanceParams() {
         Vector confParams = new Vector();
 
         confParams.addElement(
-            PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts);
+                PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts);
         confParams.addElement(
-            PROP_ALLOW_ON_HOLD + "=" + mAllowOnHold);
+                PROP_ALLOW_ON_HOLD + "=" + mAllowOnHold);
         return confParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java
index 9d519284..b8ffa86e 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Locale;
 import java.util.StringTokenizer;
 import java.util.Vector;
@@ -41,21 +40,21 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * SigningAlgorithmConstraints enforces that only a supported
  * signing algorithm be requested.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class SigningAlgorithmConstraints extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     private String[] mAllowedAlgs = null; // algs allowed by this policy
     static String[] mDefaultAllowedAlgs = null; // default algs allowed by this policy based on CA's key
     private String[] mConfigAlgs = null; // algs listed in config file
@@ -94,17 +93,13 @@ public class SigningAlgorithmConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
-     * The entries probably are of the form
-     *      ra.Policy.rule.<ruleName>.implName=SigningAlgorithmConstraints
-     *      ra.Policy.rule.<ruleName>.algorithms=SHA-1WithRSA, SHA-1WithDSA
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config	The config store reference
+     * 
+     * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=SigningAlgorithmConstraints ra.Policy.rule.<ruleName>.algorithms=SHA-1WithRSA, SHA-1WithDSA ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate=ou==Sales
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mAuthority = (IAuthority) ((IPolicyProcessor) owner).getAuthority();
 
         // Get allowed algorithms from config file
@@ -114,7 +109,7 @@ public class SigningAlgorithmConstraints extends APolicyRule
             try {
                 algNames = config.getString(PROP_ALGORITHMS, null);
             } catch (Exception e) {
-                String[] params = {getInstanceName(), e.toString(), PROP_ALGORITHMS};
+                String[] params = { getInstanceName(), e.toString(), PROP_ALGORITHMS };
 
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_PARAM_CONFIG_ERROR", params));
@@ -136,7 +131,7 @@ public class SigningAlgorithmConstraints extends APolicyRule
                 for (int i = 0; i < itemCount; i++) {
                     mAllowedAlgs[i] = (String) algs.elementAt(i);
                 }
-			
+
             }
 
         }
@@ -149,8 +144,8 @@ public class SigningAlgorithmConstraints extends APolicyRule
 
         if (mAllowedAlgs != null) {
             // winnow out unknown algorithms
-            winnowAlgs(AlgorithmId.ALL_SIGNING_ALGORITHMS, 
-                "CMS_POLICY_UNKNOWN_SIGNING_ALG", true);
+            winnowAlgs(AlgorithmId.ALL_SIGNING_ALGORITHMS,
+                    "CMS_POLICY_UNKNOWN_SIGNING_ALG", true);
         } else {
             // if nothing was in the config file, allow all known algs
             mAllowedAlgs = AlgorithmId.ALL_SIGNING_ALGORITHMS;
@@ -183,16 +178,16 @@ public class SigningAlgorithmConstraints extends APolicyRule
 
         // get list of algorithms allowed for the key
         String[] allowedByKey =
-            ((ICertAuthority) mAuthority).getCASigningAlgorithms();
+                ((ICertAuthority) mAuthority).getCASigningAlgorithms();
 
         if (allowedByKey != null) {
             // don't show algorithms that don't match CA's key in UI.	
             mDefaultAllowedAlgs = new String[allowedByKey.length];
             for (int i = 0; i < allowedByKey.length; i++)
                 mDefaultAllowedAlgs[i] = allowedByKey[i];
-                // winnow out algorithms that don't match CA's signing key
+            // winnow out algorithms that don't match CA's signing key
             winnowAlgs(allowedByKey,
-                "CMS_POLICY_SIGNALG_NOT_MATCH_CAKEY_1", false);
+                    "CMS_POLICY_SIGNALG_NOT_MATCH_CAKEY_1", false);
             winnowedByKey = true;
         } else {
             // We don't know the CA's signing algorithms.  Maybe we're
@@ -203,14 +198,14 @@ public class SigningAlgorithmConstraints extends APolicyRule
     /**
      * Winnows out of mAllowedAlgorithms those algorithms that aren't allowed
      * for some reason.
-     *
-     * @param allowed An array of allowed algorithms.  Only algorithms in this
-     *    list will survive the winnowing process.
+     * 
+     * @param allowed An array of allowed algorithms. Only algorithms in this
+     *            list will survive the winnowing process.
      * @param reason A string describing the problem with an algorithm
-     *		that is not allowed by this list. Must be a predefined string in PolicyResources.
+     *            that is not allowed by this list. Must be a predefined string in PolicyResources.
      */
-    private void winnowAlgs(String[] allowed, String reason, boolean isError) 
-        throws EBaseException {
+    private void winnowAlgs(String[] allowed, String reason, boolean isError)
+            throws EBaseException {
         int i, j, goodSize;
 
         // validate the currently-allowed algorithms
@@ -240,7 +235,7 @@ public class SigningAlgorithmConstraints extends APolicyRule
         // convert back into an array
         goodSize = goodAlgs.size();
         if (mAllowedAlgs.length != goodSize) {
-            mAllowedAlgs = new String[ goodSize ];
+            mAllowedAlgs = new String[goodSize];
             for (i = 0; i < goodSize; i++) {
                 mAllowedAlgs[i] = (String) goodAlgs.elementAt(i);
             }
@@ -250,8 +245,8 @@ public class SigningAlgorithmConstraints extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -282,10 +277,10 @@ public class SigningAlgorithmConstraints extends APolicyRule
                 }
 
                 CertificateAlgorithmId certAlgId = (CertificateAlgorithmId)
-                    certInfo[i].get(X509CertInfo.ALGORITHM_ID);
+                        certInfo[i].get(X509CertInfo.ALGORITHM_ID);
 
                 AlgorithmId algId = (AlgorithmId)
-                    certAlgId.get(CertificateAlgorithmId.ALGORITHM);
+                        certAlgId.get(CertificateAlgorithmId.ALGORITHM);
                 String alg = algId.getName();
 
                 // test against the list of allowed algorithms
@@ -298,10 +293,10 @@ public class SigningAlgorithmConstraints extends APolicyRule
                     // if the algor doesn't match the CA's key replace
                     // it with one that does.
                     if (mAllowedAlgs[0].equals("SHA1withDSA") ||
-                        alg.equals("SHA1withDSA")) {
+                            alg.equals("SHA1withDSA")) {
                         certInfo[i].set(X509CertInfo.ALGORITHM_ID,
-                            new CertificateAlgorithmId(
-                                AlgorithmId.get(mAllowedAlgs[0])));
+                                new CertificateAlgorithmId(
+                                        AlgorithmId.get(mAllowedAlgs[0])));
                         return PolicyResult.ACCEPTED;
                     }
 
@@ -313,9 +308,9 @@ public class SigningAlgorithmConstraints extends APolicyRule
             }
         } catch (Exception e) {
             // e.printStackTrace();
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", 
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                     params), "");
             result = PolicyResult.REJECTED;
         }
@@ -324,10 +319,10 @@ public class SigningAlgorithmConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector getInstanceParams() { 
+    public Vector getInstanceParams() {
         Vector confParams = new Vector();
         StringBuffer sb = new StringBuffer();
 
@@ -343,10 +338,10 @@ public class SigningAlgorithmConstraints extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector getDefaultParams() { 
+    public Vector getDefaultParams() {
         StringBuffer sb = new StringBuffer();
         sb.append(PROP_ALGORITHMS);
         sb.append("=");
@@ -365,14 +360,14 @@ public class SigningAlgorithmConstraints extends APolicyRule
         }
         defConfParams.addElement(sb.toString());
 
-        return defConfParams; 
+        return defConfParams;
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
         if (!winnowedByKey) {
-            try { 
-                winnowByKey(); 
-            } catch (Exception e) { 
+            try {
+                winnowByKey();
+            } catch (Exception e) {
             }
         }
 
@@ -380,51 +375,51 @@ public class SigningAlgorithmConstraints extends APolicyRule
 
         String[] params_BOTH = {
                 PROP_ALGORITHMS + ";" + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA256withRSA\\,SHA512withRSA\\,SHA1withDSA," +
-                "MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA1withDSA,"+
-                "MD2withRSA\\,MD5withRSA\\,SHA1withRSA," +
-                "MD2withRSA\\,SHA1withRSA\\,SHA1withDSA," +
-                "MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," +
-                "MD2withRSA\\,MD5withRSA\\,SHA1withDSA," +
-                "MD2withRSA\\,MD5withRSA," +
-                "MD2withRSA\\,SHA1withRSA," +
-                "MD2withRSA\\,SHA1withDSA," +
-                "MD5withRSA\\,SHA1withRSA," +
-                "MD5withRSA\\,SHA1withDSA," +
-                "SHA1withRSA\\,SHA1withDSA," +
-                "MD2withRSA," +
-                "MD5withRSA," +
-                "SHA1withRSA," +
-                "SHA1withDSA);List of algorithms to restrict the requested signing algorithm " +
-                "to be one of the algorithms supported by Certificate System",
+                        "MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," +
+                        "MD2withRSA\\,MD5withRSA\\,SHA1withRSA," +
+                        "MD2withRSA\\,SHA1withRSA\\,SHA1withDSA," +
+                        "MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," +
+                        "MD2withRSA\\,MD5withRSA\\,SHA1withDSA," +
+                        "MD2withRSA\\,MD5withRSA," +
+                        "MD2withRSA\\,SHA1withRSA," +
+                        "MD2withRSA\\,SHA1withDSA," +
+                        "MD5withRSA\\,SHA1withRSA," +
+                        "MD5withRSA\\,SHA1withDSA," +
+                        "SHA1withRSA\\,SHA1withDSA," +
+                        "MD2withRSA," +
+                        "MD5withRSA," +
+                        "SHA1withRSA," +
+                        "SHA1withDSA);List of algorithms to restrict the requested signing algorithm " +
+                        "to be one of the algorithms supported by Certificate System",
                 IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Restricts the requested signing algorithm to be one of" +
-                " the algorithms supported by Certificate System"
+                        ";Restricts the requested signing algorithm to be one of" +
+                        " the algorithms supported by Certificate System"
             };
 
         String[] params_RSA = {
                 PROP_ALGORITHMS + ";" + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA," +
-                "MD2withRSA\\,MD5withRSA," +
-                "MD2withRSA\\,SHA1withRSA," +
-                "MD5withRSA\\,SHA1withRSA," +
-                "MD2withRSA," +
-                "MD5withRSA," +
-                "SHA1withRSA);Restrict the requested signing algorithm to be " +
-                "one of the algorithms supported by Certificate System",
+                        "MD2withRSA\\,MD5withRSA," +
+                        "MD2withRSA\\,SHA1withRSA," +
+                        "MD5withRSA\\,SHA1withRSA," +
+                        "MD2withRSA," +
+                        "MD5withRSA," +
+                        "SHA1withRSA);Restrict the requested signing algorithm to be " +
+                        "one of the algorithms supported by Certificate System",
                 IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Restricts the requested signing algorithm to be one of" +
-                " the algorithms supported by Certificate System"
+                        ";Restricts the requested signing algorithm to be one of" +
+                        " the algorithms supported by Certificate System"
             };
 
         String[] params_DSA = {
                 PROP_ALGORITHMS + ";" + "choice(SHA1withDSA);Restrict the requested signing " +
-                "algorithm to be one of the algorithms supported by Certificate " +
-                "System",
+                        "algorithm to be one of the algorithms supported by Certificate " +
+                        "System",
                 IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Restricts the requested signing algorithm to be one of" +
-                " the algorithms supported by Certificate System"
+                        ";Restricts the requested signing algorithm to be one of" +
+                        " the algorithms supported by Certificate System"
             };
 
         switch (mDefaultAllowedAlgs.length) {
@@ -447,4 +442,3 @@ public class SigningAlgorithmConstraints extends APolicyRule
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java
index 8e8cd4a7..0cec678c 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Locale;
 import java.util.Vector;
 
@@ -41,16 +40,16 @@ import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.certsrv.security.ISigningUnit;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * This simple policy checks the subordinate CA CSR to see
  * if it is the same as the local CA.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -66,32 +65,28 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-subcanamecheck",
+                        ";configuration-policyrules-subcanamecheck",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Checks if subordinate CA request matches the local CA. There are no parameters to change"
+                        ";Checks if subordinate CA request matches the local CA. There are no parameters to change"
             };
 
         return params;
 
     }
-	
+
     /**
      * Initializes this policy rule.
      * <P>
-     *
-     * The entries probably are of the form
-     *      ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints
-     *      ra.Policy.rule.<ruleName>.algorithms=RSA,DSA
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config	The config store reference
+     * 
+     * The entries probably are of the form ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints ra.Policy.rule.<ruleName>.algorithms=RSA,DSA ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.predicate=ou==Sales
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         // get CA's public key to create authority key id.
-        ICertAuthority certAuthority = (ICertAuthority) 
-            ((IPolicyProcessor) owner).getAuthority();
+        ICertAuthority certAuthority = (ICertAuthority)
+                ((IPolicyProcessor) owner).getAuthority();
 
         if (certAuthority == null) {
             // should never get here.
@@ -106,7 +101,7 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli
         }
         mCA = (ICertificateAuthority) certAuthority;
         ISigningUnit su = mCA.getSigningUnit();
-        if( su == null || CMS.isPreOpMode() ) {
+        if (su == null || CMS.isPreOpMode()) {
             return;
         }
 
@@ -124,8 +119,8 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -136,7 +131,7 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli
             // Get the certificate templates
             X509CertInfo[] certInfos = req.getExtDataInCertInfoArray(
                     IRequest.CERT_INFO);
-						
+
             if (certInfos == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_CERT_INFO", getInstanceName()));
                 setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME + ":" + getInstanceName()), "");
@@ -163,7 +158,7 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli
             }
         } catch (Exception e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_SUBJECT_NAME_1", getInstanceName()));
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                     params), "");
@@ -174,24 +169,23 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector getInstanceParams() { 
+    public Vector getInstanceParams() {
         Vector v = new Vector();
 
         return v;
     }
-		
+
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector getDefaultParams() { 
+    public Vector getDefaultParams() {
         Vector v = new Vector();
 
         return v;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java
index dc8ecd79..9afbf765 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
-
-
 /**
  * This class is used to help migrate CMS4.1 to CMS4.2.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java
index 2cff24d3..9a43db9f 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -44,35 +43,35 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Checks the uniqueness of the subject name. This policy
- * can only be used (installed) in Certificate Authority 
- * subsystem. 
- *
+ * can only be used (installed) in Certificate Authority
+ * subsystem.
+ * 
  * This policy can perform pre-agent-approval checking or
  * post-agent-approval checking based on configuration
  * setting.
- *
+ * 
  * In some situations, user may want to have 2 certificates with
- * the same subject name. For example, one key for encryption, 
- * and one for signing. This policy does not deal with this case 
+ * the same subject name. For example, one key for encryption,
+ * and one for signing. This policy does not deal with this case
  * directly. But it can be easily extended to do that.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
-public class UniqueSubjectNameConstraints extends APolicyRule 
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
-    protected static final String PROP_PRE_AGENT_APPROVAL_CHECKING = 
-        "enablePreAgentApprovalChecking";
-    protected static final String PROP_KEY_USAGE_EXTENSION_CHECKING = 
-        "enableKeyUsageExtensionChecking";
+public class UniqueSubjectNameConstraints extends APolicyRule
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
+    protected static final String PROP_PRE_AGENT_APPROVAL_CHECKING =
+            "enablePreAgentApprovalChecking";
+    protected static final String PROP_KEY_USAGE_EXTENSION_CHECKING =
+            "enableKeyUsageExtensionChecking";
 
     public ICertificateAuthority mCA = null;
 
@@ -82,17 +81,17 @@ public class UniqueSubjectNameConstraints extends APolicyRule
     public UniqueSubjectNameConstraints() {
         NAME = "UniqueSubjectName";
         DESC = "Ensure the uniqueness of the subject name.";
-    } 
+    }
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
                 PROP_PRE_AGENT_APPROVAL_CHECKING + ";boolean;If checked, check subject name uniqueness BEFORE agent approves, (else checks AFTER approval)",
                 PROP_KEY_USAGE_EXTENSION_CHECKING + ";boolean;If checked, allow non-unique subject names if Key Usage Extension differs",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-uniquesubjectname",
+                        ";configuration-policyrules-uniquesubjectname",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Rejects a request if there exists an unrevoked, unexpired " +
-                "certificate with the same subject name"
+                        ";Rejects a request if there exists an unrevoked, unexpired " +
+                        "certificate with the same subject name"
             };
 
         return params;
@@ -102,22 +101,18 @@ public class UniqueSubjectNameConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries probably are of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.implName=UniqueSubjectName
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *      ca.Policy.rule.<ruleName>.enablePreAgentApprovalChecking=true
-     *      ca.Policy.rule.<ruleName>.enableKeyUsageExtensionChecking=true
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.implName=UniqueSubjectName ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.enablePreAgentApprovalChecking=true ca.Policy.rule.<ruleName>.enableKeyUsageExtensionChecking=true
+     * 
+     * @param config The config store reference
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         // get CA's public key to create authority key id.
         ICertAuthority certAuthority = (ICertAuthority)
-            ((IPolicyProcessor) owner).getAuthority();
+                ((IPolicyProcessor) owner).getAuthority();
 
         if (certAuthority == null) {
             // should never get here.
@@ -131,12 +126,12 @@ public class UniqueSubjectNameConstraints extends APolicyRule
 
         mCA = (ICertificateAuthority) certAuthority;
         try {
-            mPreAgentApprovalChecking = 
+            mPreAgentApprovalChecking =
                     config.getBoolean(PROP_PRE_AGENT_APPROVAL_CHECKING, false);
         } catch (EBaseException e) {
         }
         try {
-            mKeyUsageExtensionChecking = 
+            mKeyUsageExtensionChecking =
                     config.getBoolean(PROP_KEY_USAGE_EXTENSION_CHECKING, true);
         } catch (EBaseException e) {
         }
@@ -145,8 +140,8 @@ public class UniqueSubjectNameConstraints extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -162,9 +157,9 @@ public class UniqueSubjectNameConstraints extends APolicyRule
             // Get the certificate templates
             X509CertInfo[] certInfos = req.getExtDataInCertInfoArray(
                     IRequest.CERT_INFO);
-			
+
             if (certInfos == null) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", 
+                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
                         getInstanceName()), "");
                 return PolicyResult.REJECTED;
             }
@@ -172,11 +167,11 @@ public class UniqueSubjectNameConstraints extends APolicyRule
             // retrieve the subject name and check its unqiueness
             for (int i = 0; i < certInfos.length; i++) {
                 CertificateSubjectName subName = (CertificateSubjectName)
-                    certInfos[i].get(X509CertInfo.SUBJECT);
+                        certInfos[i].get(X509CertInfo.SUBJECT);
 
                 // if there is no name set, set one here.
                 if (subName == null) {
-                    setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUBJECT_NAME", 
+                    setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUBJECT_NAME",
                             getInstanceName()), "");
                     return PolicyResult.REJECTED;
                 }
@@ -184,18 +179,18 @@ public class UniqueSubjectNameConstraints extends APolicyRule
                 String filter = "x509Cert.subject=" + certSubjectName;
                 // subject name is indexed, so we only use subject name
                 // in the filter
-                Enumeration<ICertRecord> matched = 
-                    mCA.getCertificateRepository().findCertRecords(filter);
+                Enumeration<ICertRecord> matched =
+                        mCA.getCertificateRepository().findCertRecords(filter);
 
                 while (matched.hasMoreElements()) {
-                    ICertRecord rec =  matched.nextElement();
+                    ICertRecord rec = matched.nextElement();
                     String status = rec.getStatus();
 
                     if (status.equals(ICertRecord.STATUS_REVOKED) || status.equals(ICertRecord.STATUS_EXPIRED) || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
                         // accept this only if we have a REVOKED, 
                         // EXPIRED or REVOKED_EXPIRED certificate
                         continue;
-					
+
                     }
                     // you already have an VALID or INVALID (not yet valid) certificate
                     if (mKeyUsageExtensionChecking && agentApproved(req)) {
@@ -210,15 +205,15 @@ public class UniqueSubjectNameConstraints extends APolicyRule
                         }
                     }
 
-                    setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_NAME_EXIST", 
+                    setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_NAME_EXIST",
                             getInstanceName() + " " + certSubjectName), "");
                     return PolicyResult.REJECTED;
                 }
             }
         } catch (Exception e) {
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", 
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                     params), "");
             result = PolicyResult.REJECTED;
         }
@@ -229,8 +224,8 @@ public class UniqueSubjectNameConstraints extends APolicyRule
      * Checks if the key extension in the issued certificate
      * is the same as the one in the certificate template.
      */
-    private boolean sameKeyUsageExtension(ICertRecord rec, 
-        X509CertInfo certInfo) {
+    private boolean sameKeyUsageExtension(ICertRecord rec,
+            X509CertInfo certInfo) {
         X509CertImpl impl = rec.getCertificate();
         boolean bits[] = impl.getKeyUsage();
 
@@ -282,25 +277,25 @@ public class UniqueSubjectNameConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector<String> getInstanceParams() {
         Vector<String> confParams = new Vector<String>();
 
         confParams.addElement(PROP_PRE_AGENT_APPROVAL_CHECKING +
-            "=" + mPreAgentApprovalChecking);
+                "=" + mPreAgentApprovalChecking);
         confParams.addElement(PROP_KEY_USAGE_EXTENSION_CHECKING +
-            "=" + mKeyUsageExtensionChecking);
+                "=" + mKeyUsageExtensionChecking);
         return confParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         Vector<String> defParams = new Vector<String>();
 
         defParams.addElement(PROP_PRE_AGENT_APPROVAL_CHECKING + "=");
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java
index 62c49450..ef35f5e6 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Date;
 import java.util.Locale;
 import java.util.Vector;
@@ -35,26 +34,26 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * ValidityConstraints is a default rule for Enrollment and
  * Renewal that enforces minimum and maximum validity periods
  * and changes them if not met.
- *
+ * 
  * Optionally the lead and lag times - i.e how far back into the
  * front or back the notBefore date could go in minutes can also
  * be specified.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class ValidityConstraints extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected long mMinValidity;
     protected long mMaxValidity;
     protected long mLeadTime;
@@ -78,15 +77,15 @@ public class ValidityConstraints extends APolicyRule
 
     static {
         defConfParams.addElement(PROP_MIN_VALIDITY + "=" +
-            DEF_MIN_VALIDITY);
+                DEF_MIN_VALIDITY);
         defConfParams.addElement(PROP_MAX_VALIDITY + "=" +
-            DEF_MAX_VALIDITY);
+                DEF_MAX_VALIDITY);
         defConfParams.addElement(PROP_LEAD_TIME + "=" +
-            DEF_LEAD_TIME);
+                DEF_LEAD_TIME);
         defConfParams.addElement(PROP_LAG_TIME + "=" +
-            DEF_LAG_TIME);
+                DEF_LAG_TIME);
         defConfParams.addElement(PROP_NOT_BEFORE_SKEW + "=" +
-            DEF_NOT_BEFORE_SKEW);
+                DEF_NOT_BEFORE_SKEW);
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
@@ -97,11 +96,11 @@ public class ValidityConstraints extends APolicyRule
                 PROP_LAG_TIME + ";number;NOT CURRENTLY IN USE",
                 PROP_NOT_BEFORE_SKEW + ";number;Number of minutes a cert's notBefore should be in the past",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-validityconstraints",
+                        ";configuration-policyrules-validityconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Ensures that the user's requested validity period is " +
-                "acceptable. If not specified, as is usually the case, " +
-                "this policy will set the validity. See RFC 2459."
+                        ";Ensures that the user's requested validity period is " +
+                        "acceptable. If not specified, as is usually the case, " +
+                        "this policy will set the validity. See RFC 2459."
             };
 
         return params;
@@ -116,19 +115,15 @@ public class ValidityConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries probably are of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=ValidityConstraints
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.minValidity=30
-     *      ra.Policy.rule.<ruleName>.maxValidity=180
-     *      ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints ra.Policy.rule.<ruleName>.enable=true ra.Policy.rule.<ruleName>.minValidity=30 ra.Policy.rule.<ruleName>.maxValidity=180 ra.Policy.rule.<ruleName>.predicate=ou==Sales
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
 
         // Get min and max validity in days and configure them.
         try {
@@ -164,7 +159,7 @@ public class ValidityConstraints extends APolicyRule
                 mNotBeforeSkew = DEF_NOT_BEFORE_SKEW * MINS_TO_MS_FACTOR;
         } catch (Exception e) {
             // e.printStackTrace();
-            String[] params = {getInstanceName(), e.toString()};
+            String[] params = { getInstanceName(), e.toString() };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
@@ -174,8 +169,8 @@ public class ValidityConstraints extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -198,7 +193,7 @@ public class ValidityConstraints extends APolicyRule
             // Else check if validity is within the limit
             for (int i = 0; i < certInfo.length; i++) {
                 CertificateValidity validity = (CertificateValidity)
-                    certInfo[i].get(X509CertInfo.VALIDITY);
+                        certInfo[i].get(X509CertInfo.VALIDITY);
 
                 Date notBefore = null, notAfter = null;
 
@@ -215,9 +210,9 @@ public class ValidityConstraints extends APolicyRule
                 // (date = 0 is hack for serialization)
 
                 if (validity == null ||
-                    (notBefore.getTime() == 0 && notAfter.getTime() == 0)) {
+                        (notBefore.getTime() == 0 && notAfter.getTime() == 0)) {
                     certInfo[i].set(X509CertInfo.VALIDITY,
-                        makeDefaultValidity(req));
+                            makeDefaultValidity(req));
                     continue;
                 }
 
@@ -228,22 +223,20 @@ public class ValidityConstraints extends APolicyRule
                             getInstanceName()), "");
                     result = PolicyResult.REJECTED;
                 }
-                if ((notAfter.getTime() - notBefore.getTime()) >
-                    mMaxValidity) {
-                    String params[] = {getInstanceName(), 
+                if ((notAfter.getTime() - notBefore.getTime()) > mMaxValidity) {
+                    String params[] = { getInstanceName(),
                             String.valueOf(
-                                ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)),
-                            String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR)};
+                                    ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)),
+                            String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) };
 
                     setError(req, CMS.getUserMessage("CMS_POLICY_MORE_THAN_MAX_VALIDITY", params), "");
                     result = PolicyResult.REJECTED;
                 }
-                if ((notAfter.getTime() - notBefore.getTime()) <
-                    mMinValidity) {
-                    String params[] = {getInstanceName(), 
+                if ((notAfter.getTime() - notBefore.getTime()) < mMinValidity) {
+                    String params[] = { getInstanceName(),
                             String.valueOf(
-                                ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)),
-                            String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR)};
+                                    ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)),
+                            String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR) };
 
                     setError(req, CMS.getUserMessage("CMS_POLICY_LESS_THAN_MIN_VALIDITY", params), "");
                     result = PolicyResult.REJECTED;
@@ -251,7 +244,7 @@ public class ValidityConstraints extends APolicyRule
             }
         } catch (Exception e) {
             // e.printStackTrace();
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                     params), "");
@@ -262,28 +255,28 @@ public class ValidityConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getInstanceParams() {
         Vector confParams = new Vector();
 
         confParams.addElement(PROP_MIN_VALIDITY + "=" +
-            mMinValidity / DAYS_TO_MS_FACTOR);
+                mMinValidity / DAYS_TO_MS_FACTOR);
         confParams.addElement(PROP_MAX_VALIDITY + "=" +
-            mMaxValidity / DAYS_TO_MS_FACTOR);
-        confParams.addElement(PROP_LEAD_TIME + "=" 
-            + mLeadTime / MINS_TO_MS_FACTOR);
-        confParams.addElement(PROP_LAG_TIME + "=" + 
-            mLagTime / MINS_TO_MS_FACTOR);
-        confParams.addElement(PROP_NOT_BEFORE_SKEW + "=" + 
-            mNotBeforeSkew / MINS_TO_MS_FACTOR);
+                mMaxValidity / DAYS_TO_MS_FACTOR);
+        confParams.addElement(PROP_LEAD_TIME + "="
+                + mLeadTime / MINS_TO_MS_FACTOR);
+        confParams.addElement(PROP_LAG_TIME + "=" +
+                mLagTime / MINS_TO_MS_FACTOR);
+        confParams.addElement(PROP_NOT_BEFORE_SKEW + "=" +
+                mNotBeforeSkew / MINS_TO_MS_FACTOR);
         return confParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
@@ -292,10 +285,10 @@ public class ValidityConstraints extends APolicyRule
 
     /**
      * Create a default validity value for a request
-     *
+     * 
      * This code can be easily overridden in a derived class, if the
      * calculations here aren't accepatble.
-     *
+     * 
      * TODO: it might be good to base this calculation on the creation
      * time of the request.
      */
@@ -312,7 +305,7 @@ public class ValidityConstraints extends APolicyRule
 
     /**
      * convert a millisecond resolution time into one with 1 second
-     * resolution.  Most times in certificates are storage at 1
+     * resolution. Most times in certificates are storage at 1
      * second resolution, so its better if we deal with things at
      * that level.
      */
@@ -320,4 +313,3 @@ public class ValidityConstraints extends APolicyRule
         return (input / 1000) * 1000;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
index 4f8aaa29..f37a2b59 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.io.Serializable;
 import java.security.cert.CertificateException;
@@ -44,12 +43,11 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Authority Information Access extension policy.
  * If this policy is enabled, it adds an authority
  * information access extension to the certificate.
- *
+ * 
  * The following listed sample configuration parameters:
  * 
  * ca.Policy.impl.AuthInfoAccess.class=com.netscape.certsrv.policy.AuthInfoAccessExt
@@ -68,33 +66,34 @@ import com.netscape.cms.policy.APolicyRule;
  * ca.Policy.rule.aia.enable=true
  * ca.Policy.rule.aia.implName=AuthInfoAccess
  * ca.Policy.rule.aia.predicate=
- *
+ * 
  * Currently, this policy only supports the following location:
- *  uriName:[URI], dirName:[DN]
+ * uriName:[URI], dirName:[DN]
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
-public class AuthInfoAccessExt extends APolicyRule implements 
+public class AuthInfoAccessExt extends APolicyRule implements
         IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL =
-        "critical";
+            "critical";
     protected static final String PROP_AD =
-        "ad";
+            "ad";
     protected static final String PROP_METHOD =
-        "method";
+            "method";
     protected static final String PROP_LOCATION =
-        "location";
+            "location";
     protected static final String PROP_LOCATION_TYPE =
-        "location_type";
+            "location_type";
 
     protected static final String PROP_NUM_ADS =
-        "numADs";
+            "numADs";
 
     public static final int MAX_AD = 5;
 
@@ -109,13 +108,13 @@ public class AuthInfoAccessExt extends APolicyRule implements
         Vector<String> v = new Vector<String>();
 
         v.addElement(PROP_CRITICAL +
-            ";boolean;RFC 2459 recommendation: This extension MUST be non-critical.");
+                ";boolean;RFC 2459 recommendation: This extension MUST be non-critical.");
         v.addElement(PROP_NUM_ADS +
-            ";number;The total number of access descriptions.");
+                ";number;The total number of access descriptions.");
         v.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Adds Authority Info Access Extension. Defined in RFC 2459 " + "(4.2.2.1)");
+                ";Adds Authority Info Access Extension. Defined in RFC 2459 " + "(4.2.2.1)");
         v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-authinfoaccess");
+                ";configuration-policyrules-authinfoaccess");
 
         for (int i = 0; i < MAX_AD; i++) {
             v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_METHOD + ";string;" + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 1.3.6.1.5.5.7.48.1 (ocsp), 1.3.6.1.5.5.7.48.2 (caIssuers), 2.16.840.1.113730.1.16.1 (renewal)");
@@ -128,17 +127,15 @@ public class AuthInfoAccessExt extends APolicyRule implements
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *      ca.Policy.rule.<ruleName>.predicate=
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.predicate=
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
     }
 
@@ -153,7 +150,7 @@ public class AuthInfoAccessExt extends APolicyRule implements
         //
         for (int i = 0;; i++) {
             ObjectIdentifier methodOID = null;
-            String method = mConfig.getString(PROP_AD + 
+            String method = mConfig.getString(PROP_AD +
                     Integer.toString(i) + "_" + PROP_METHOD, null);
 
             if (method == null)
@@ -162,10 +159,10 @@ public class AuthInfoAccessExt extends APolicyRule implements
             if (method.equals(""))
                 break;
 
-                //
-                // method ::= ocsp | caIssuers | <OID>
-                // OID ::= [object identifier]
-                //
+            //
+            // method ::= ocsp | caIssuers | <OID>
+            // OID ::= [object identifier]
+            //
             try {
                 if (method.equalsIgnoreCase("ocsp")) {
                     methodOID = ObjectIdentifier.getObjectIdentifier("1.3.6.1.5.5.7.48.1");
@@ -186,17 +183,17 @@ public class AuthInfoAccessExt extends APolicyRule implements
             // TAG ::= uriName | dirName
             // VALUE ::= [value defined by TAG]
             //
-            String location_type = mConfig.getString(PROP_AD + 
-                    Integer.toString(i) + 
+            String location_type = mConfig.getString(PROP_AD +
+                    Integer.toString(i) +
                     "_" + PROP_LOCATION_TYPE, null);
-            String location = mConfig.getString(PROP_AD + 
-                    Integer.toString(i) + 
+            String location = mConfig.getString(PROP_AD +
+                    Integer.toString(i) +
                     "_" + PROP_LOCATION, null);
 
             if (location == null)
                 break;
             GeneralName gn = CMS.form_GeneralName(location_type, location);
-            Vector<Serializable> e = new Vector<Serializable>(); 
+            Vector<Serializable> e = new Vector<Serializable>();
 
             e.addElement(methodOID);
             e.addElement(gn);
@@ -209,7 +206,7 @@ public class AuthInfoAccessExt extends APolicyRule implements
      * If this policy is enabled, add the authority information
      * access extension to the certificate.
      * <P>
-     *
+     * 
      * @param req The request on which to apply policy.
      * @return The policy result object.
      */
@@ -221,7 +218,7 @@ public class AuthInfoAccessExt extends APolicyRule implements
                 IRequest.CERT_INFO);
 
         if (ci == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), ""); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -229,8 +226,8 @@ public class AuthInfoAccessExt extends APolicyRule implements
 
             certInfo = ci[j];
             if (certInfo == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, "")); 
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", 
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, ""));
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                         NAME, "Configuration Info Error"), "");
                 return PolicyResult.REJECTED; // unrecoverable error.
             }
@@ -238,19 +235,19 @@ public class AuthInfoAccessExt extends APolicyRule implements
             try {
                 // Find the extensions in the certInfo
                 CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
+                        certInfo.get(X509CertInfo.EXTENSIONS);
 
                 // add access descriptions
                 Enumeration<Vector<Serializable>> e = getAccessDescriptions();
 
                 if (!e.hasMoreElements()) {
                     return res;
-                }	
-	
+                }
+
                 if (extensions == null) {
                     // create extension if not exist
                     certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
+                            new CertificateVersion(CertificateVersion.V3));
                     extensions = new CertificateExtensions();
                     certInfo.set(X509CertInfo.EXTENSIONS, extensions);
                 } else {
@@ -263,12 +260,12 @@ public class AuthInfoAccessExt extends APolicyRule implements
                 }
 
                 // Create the extension
-                AuthInfoAccessExtension aiaExt = new 
-                    AuthInfoAccessExtension(mConfig.getBoolean(
-                            PROP_CRITICAL, false));
+                AuthInfoAccessExtension aiaExt = new
+                        AuthInfoAccessExtension(mConfig.getBoolean(
+                                PROP_CRITICAL, false));
 
                 while (e.hasMoreElements()) {
-                    Vector<Serializable> ad =  e.nextElement();
+                    Vector<Serializable> ad = e.nextElement();
                     ObjectIdentifier oid = (ObjectIdentifier) ad.elementAt(0);
                     GeneralName gn = (GeneralName) ad.elementAt(1);
 
@@ -278,17 +275,17 @@ public class AuthInfoAccessExt extends APolicyRule implements
 
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", 
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                         NAME, e.getMessage()), "");
                 return PolicyResult.REJECTED; // unrecoverable error.
             } catch (EBaseException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", 
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                         NAME, "Configuration Info Error"), "");
                 return PolicyResult.REJECTED; // unrecoverable error.
             } catch (CertificateException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", 
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                         NAME, "Certificate Info Error"), "");
                 return PolicyResult.REJECTED; // unrecoverable error.
             }
@@ -299,15 +296,15 @@ public class AuthInfoAccessExt extends APolicyRule implements
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         try {
-            params.addElement(PROP_CRITICAL + "=" + 
-                mConfig.getBoolean(PROP_CRITICAL, false));
+            params.addElement(PROP_CRITICAL + "=" +
+                    mConfig.getBoolean(PROP_CRITICAL, false));
         } catch (EBaseException e) {
             params.addElement(PROP_CRITICAL + "=false");
         }
@@ -325,46 +322,46 @@ public class AuthInfoAccessExt extends APolicyRule implements
             String method = null;
 
             try {
-                method = mConfig.getString(PROP_AD + 
+                method = mConfig.getString(PROP_AD +
                             Integer.toString(i) + "_" + PROP_METHOD,
                             "");
             } catch (EBaseException e) {
             }
-            params.addElement(PROP_AD + 
-                Integer.toString(i) + 
-                "_" + PROP_METHOD + "=" + method);
+            params.addElement(PROP_AD +
+                    Integer.toString(i) +
+                    "_" + PROP_METHOD + "=" + method);
             String location_type = null;
 
             try {
-                location_type = mConfig.getString(PROP_AD + 
-                            Integer.toString(i) + "_" + PROP_LOCATION_TYPE, 
+                location_type = mConfig.getString(PROP_AD +
+                            Integer.toString(i) + "_" + PROP_LOCATION_TYPE,
                             IGeneralNameUtil.GENNAME_CHOICE_URL);
             } catch (EBaseException e) {
             }
-            params.addElement(PROP_AD + 
-                Integer.toString(i) + 
-                "_" + PROP_LOCATION_TYPE + "=" + location_type);
+            params.addElement(PROP_AD +
+                    Integer.toString(i) +
+                    "_" + PROP_LOCATION_TYPE + "=" + location_type);
             String location = null;
 
             try {
-                location = mConfig.getString(PROP_AD + 
-                            Integer.toString(i) + "_" + PROP_LOCATION, 
+                location = mConfig.getString(PROP_AD +
+                            Integer.toString(i) + "_" + PROP_LOCATION,
                             "");
             } catch (EBaseException e) {
             }
-            params.addElement(PROP_AD + 
-                Integer.toString(i) + 
-                "_" + PROP_LOCATION + "=" + location);
+            params.addElement(PROP_AD +
+                    Integer.toString(i) +
+                    "_" + PROP_LOCATION + "=" + location);
         }
         return params;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         Vector<String> defParams = new Vector<String>();
 
         defParams.addElement(PROP_CRITICAL + "=false");
@@ -376,14 +373,13 @@ public class AuthInfoAccessExt extends APolicyRule implements
         // the CMS.cfg
         //
         for (int i = 0; i < MAX_AD; i++) {
-            defParams.addElement(PROP_AD + Integer.toString(i) + 
-                "_" + PROP_METHOD + "=");
-            defParams.addElement(PROP_AD + Integer.toString(i) + 
-                "_" + PROP_LOCATION_TYPE + "=" + IGeneralNameUtil.GENNAME_CHOICE_URL);
-            defParams.addElement(PROP_AD + Integer.toString(i) + 
-                "_" + PROP_LOCATION + "=");
+            defParams.addElement(PROP_AD + Integer.toString(i) +
+                    "_" + PROP_METHOD + "=");
+            defParams.addElement(PROP_AD + Integer.toString(i) +
+                    "_" + PROP_LOCATION_TYPE + "=" + IGeneralNameUtil.GENNAME_CHOICE_URL);
+            defParams.addElement(PROP_AD + Integer.toString(i) +
+                    "_" + PROP_LOCATION + "=");
         }
         return defParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java
index 7ec05fec..63b84a39 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -45,21 +44,21 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Authority Public Key Extension Policy
- * Adds the subject public key id extension to certificates. 
+ * Adds the subject public key id extension to certificates.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class AuthorityKeyIdentifierExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL = "critical";
     protected static final String PROP_ALT_KEYID_TYPE = "AltKeyIdType";
 
@@ -98,27 +97,25 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
 
     /**
      * Initializes this policy rule.
-     * Reads configuration file and creates a authority key identifier 
-     * extension to add. Key identifier inside the extension is constructed as 
-     * the CA's subject key identifier extension if it exists. 
-     * If it does not exist this can be configured to use: 
-     * (1) sha-1 hash of the CA's subject public key info 
-     * (what communicator expects if the CA does not have a subject key 
+     * Reads configuration file and creates a authority key identifier
+     * extension to add. Key identifier inside the extension is constructed as
+     * the CA's subject key identifier extension if it exists.
+     * If it does not exist this can be configured to use:
+     * (1) sha-1 hash of the CA's subject public key info
+     * (what communicator expects if the CA does not have a subject key
      * identifier extension) or (2) No extension set (3) Empty sequence
      * in Authority Key Identifier extension.
-     *
+     * 
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.predicate=
-     *      ca.Policy.rule.<ruleName>.implName=
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.predicate= ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         mEnabled = mConfig.getBoolean(
@@ -131,44 +128,44 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
         if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_SPKISHA1))
             mAltKeyIdType = ALT_KEYID_TYPE_SPKISHA1;
 
-            /*
-             else if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_EMPTY))
-             mAltKeyIdType = ALT_KEYID_TYPE_EMPTY;
-             */
+        /*
+         else if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_EMPTY))
+         mAltKeyIdType = ALT_KEYID_TYPE_EMPTY;
+         */
         else if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_NONE))
             mAltKeyIdType = ALT_KEYID_TYPE_NONE;
         else {
             log(ILogger.LL_FAILURE, NAME +
-                CMS.getLogMessage("CA_UNKNOWN_ALT_KEY_ID_TYPE", mAltKeyIdType));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", PROP_ALT_KEYID_TYPE,  
+                    CMS.getLogMessage("CA_UNKNOWN_ALT_KEY_ID_TYPE", mAltKeyIdType));
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", PROP_ALT_KEYID_TYPE,
                         "value must be one of " + ALT_KEYID_TYPE_SPKISHA1 + ", " + ALT_KEYID_TYPE_NONE));
         }
 
         // create authority key id extension.
         ICertAuthority certAuthority = (ICertAuthority)
-            ((IPolicyProcessor) owner).getAuthority();
+                ((IPolicyProcessor) owner).getAuthority();
 
         if (certAuthority == null) {
             // should never get here.
             String msg = NAME + ": " +
-                "Cannot find the Certificate Manager or Registration Manager";
+                    "Cannot find the Certificate Manager or Registration Manager";
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg));
         }
         if (!(certAuthority instanceof ICertificateAuthority)) {
             log(ILogger.LL_FAILURE, NAME +
-                CMS.getLogMessage("POLICY_INVALID_POLICY", NAME));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", 
+                    CMS.getLogMessage("POLICY_INVALID_POLICY", NAME));
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
                         NAME + " policy can only be used in a Certificate Authority."));
-        } 
+        }
         //CertificateChain caChain = certAuthority.getCACertChain();
         //X509Certificate caCert = caChain.getFirstCertificate();
         X509CertImpl caCert = certAuthority.getCACert();
-        if( caCert == null || CMS.isPreOpMode() ) {
+        if (caCert == null || CMS.isPreOpMode()) {
             return;
         }
-        KeyIdentifier keyId = formKeyIdentifier(caCert); 
+        KeyIdentifier keyId = formKeyIdentifier(caCert);
 
         if (keyId != null) {
             try {
@@ -176,7 +173,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
                             mCritical, keyId, null, null);
             } catch (IOException e) {
                 String msg = NAME + ": " +
-                    "Error forming Authority Key Identifier extension: " + e;
+                        "Error forming Authority Key Identifier extension: " + e;
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_AUTHORITY_KEY_ID_1", NAME));
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg));
@@ -191,26 +188,26 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
 
     /**
      * Adds Authority Key Identifier Extension to a certificate.
-     * If the extension is already there, accept it if it's from the agent, 
+     * If the extension is already there, accept it if it's from the agent,
      * else replace it.
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         // get certInfo from request.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
-            return PolicyResult.REJECTED; 
+            return PolicyResult.REJECTED;
         }
 
         for (int i = 0; i < ci.length; i++) {
             PolicyResult certResult = applyCert(req, ci[i]);
 
-            if (certResult == PolicyResult.REJECTED) 
+            if (certResult == PolicyResult.REJECTED)
                 return certResult;
         }
         return PolicyResult.ACCEPTED;
@@ -223,7 +220,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
             // from agent. else replace it.
             AuthorityKeyIdentifierExtension authorityKeyIdExt = null;
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             try {
                 if (extensions != null) {
@@ -236,45 +233,45 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
             if (authorityKeyIdExt != null) {
                 if (agentApproved(req)) {
                     CMS.debug(
-                        "AuthorityKeyIdentifierKeyExt: agent approved request id " + req.getRequestId() +
-                        " already has authority key id extension with value " +
-                        authorityKeyIdExt);
+                            "AuthorityKeyIdentifierKeyExt: agent approved request id " + req.getRequestId() +
+                                    " already has authority key id extension with value " +
+                                    authorityKeyIdExt);
                     return PolicyResult.ACCEPTED;
                 } else {
                     CMS.debug(
-                        "AuthorityKeyIdentifierKeyExt: request id from user " + req.getRequestId() +
-                        " had authority key identifier - deleted");
+                            "AuthorityKeyIdentifierKeyExt: request id from user " + req.getRequestId() +
+                                    " had authority key identifier - deleted");
                     extensions.delete(AuthorityKeyIdentifierExtension.class.getSimpleName());
                 }
             }
 
             // if no authority key identifier should be set b/c CA does not 
             // have a subject key identifier, return here. 
-            if (mTheExtension == null) 
+            if (mTheExtension == null)
                 return PolicyResult.ACCEPTED;
 
-                // add authority key id extension.
+            // add authority key id extension.
             if (extensions == null) {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             }
             extensions.set(
-                AuthorityKeyIdentifierExtension.class.getSimpleName(), mTheExtension);
+                    AuthorityKeyIdentifierExtension.class.getSimpleName(), mTheExtension);
             CMS.debug(
-                "AuthorityKeyIdentifierKeyExt: added authority key id ext to request " + req.getRequestId());
+                    "AuthorityKeyIdentifierKeyExt: added authority key id ext to request " + req.getRequestId());
             return PolicyResult.ACCEPTED;
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.toString()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", 
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.toString()));
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                     NAME, e.getMessage()), "");
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("BASE_INVALID_CERT", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", 
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("BASE_INVALID_CERT", e.getMessage()));
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                     NAME, "Certificate Info Error"), "");
             return PolicyResult.REJECTED;
         }
@@ -284,12 +281,13 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
      * Form the Key Identifier in the Authority Key Identifier extension.
      * from the CA's cert.
      * <p>
+     * 
      * @param caCertImpl Certificate Info
      * @return A Key Identifier.
      * @throws com.netscape.certsrv.base.EBaseException on error
      */
     protected KeyIdentifier formKeyIdentifier(X509CertImpl caCertImpl)
-        throws EBaseException {
+            throws EBaseException {
         KeyIdentifier keyId = null;
 
         // get CA's certInfo.
@@ -298,50 +296,51 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
         try {
             certInfo = (X509CertInfo) caCertImpl.get(
                         X509CertImpl.NAME + "." + X509CertImpl.INFO);
-            if (certInfo == null) { 
+            if (certInfo == null) {
                 String msg = "Bad CA certificate encountered. " +
-                    "TBS Certificate missing.";
+                        "TBS Certificate missing.";
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_CERT_FORMAT"));
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", NAME + ": " + msg));
             }
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, NAME + ": " +
-                CMS.getLogMessage("BASE_DECODE_CERT_FAILED_1", e.toString()));
+                    CMS.getLogMessage("BASE_DECODE_CERT_FAILED_1", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
                         NAME + " Error decoding the CA Certificate: " + e));
         }
 
         // get Key Id from CA's Subject Key Id extension in CA's CertInfo.
         keyId = getKeyIdentifier(certInfo);
-        if (keyId != null) 
+        if (keyId != null)
             return keyId;
 
-            // if none exists use the configured alternate.
+        // if none exists use the configured alternate.
         if (mAltKeyIdType == ALT_KEYID_TYPE_SPKISHA1) {
             keyId = formSpkiSHA1KeyId(certInfo);
         } /*
-         else if (mAltKeyIdType == ALT_KEYID_TYPE_EMPTY) {
-         keyId = formEmptyKeyId(certInfo);
-         }
-         */ else if (mAltKeyIdType == ALT_KEYID_TYPE_NONE) {
+          else if (mAltKeyIdType == ALT_KEYID_TYPE_EMPTY) {
+          keyId = formEmptyKeyId(certInfo);
+          }
+          */else if (mAltKeyIdType == ALT_KEYID_TYPE_NONE) {
             keyId = null;
         } else {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",  
-                        mAltKeyIdType, 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
+                        mAltKeyIdType,
                         "Unknown Alternate Key Identifier type."));
         }
         return keyId;
     }
 
     /**
-     * Get the Key Identifier in a subject key identifier extension from a 
+     * Get the Key Identifier in a subject key identifier extension from a
      * CertInfo.
+     * 
      * @param certInfo the CertInfo structure.
      * @return Key Identifier in a Subject Key Identifier extension if any.
      */
-    protected KeyIdentifier getKeyIdentifier(X509CertInfo certInfo) 
-        throws EBaseException {
+    protected KeyIdentifier getKeyIdentifier(X509CertInfo certInfo)
+            throws EBaseException {
         CertificateExtensions exts = null;
         SubjectKeyIdentifierExtension subjKeyIdExt = null;
         KeyIdentifier keyId = null;
@@ -357,7 +356,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
             CMS.debug(NAME + ": " + "No extensions found. Error " + e);
             return null;
         }
-        if (exts == null) 
+        if (exts == null)
             return null;
 
         try {
@@ -366,7 +365,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
         } catch (IOException e) {
             // extension isn't there.
             CMS.debug(
-                "AuthorityKeyIdentifierKeyExt: No Subject Key Identifier Extension found. Error: " + e);
+                    "AuthorityKeyIdentifierKeyExt: No Subject Key Identifier Extension found. Error: " + e);
             return null;
         }
         if (subjKeyIdExt == null)
@@ -378,7 +377,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
         } catch (IOException e) {
             // no key identifier in subject key id extension. 
             String msg = NAME + ": " +
-                "Bad Subject Key Identifier Extension found. Error: " + e;
+                    "Bad Subject Key Identifier Extension found. Error: " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_AUTHORITY_KEY_ID_1", NAME));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg));
@@ -388,40 +387,39 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mInstanceParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefaultParams;
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
                 PROP_CRITICAL + ";boolean;" +
-                "RFC 2459 recommendation: MUST NOT be marked critical.",
+                        "RFC 2459 recommendation: MUST NOT be marked critical.",
                 PROP_ALT_KEYID_TYPE + ";" +
-                "choice(" + ALT_KEYID_TYPE_SPKISHA1 + "," + ALT_KEYID_TYPE_NONE + ");" +
-                "Specifies whether to use a SHA1 hash of the CA's subject " +
-                "public key info for key identifier or leave out the " +
-                "authority key identifier extension if the CA certificate " +
-                "does not have a Subject Key Identifier extension.",
+                        "choice(" + ALT_KEYID_TYPE_SPKISHA1 + "," + ALT_KEYID_TYPE_NONE + ");" +
+                        "Specifies whether to use a SHA1 hash of the CA's subject " +
+                        "public key info for key identifier or leave out the " +
+                        "authority key identifier extension if the CA certificate " +
+                        "does not have a Subject Key Identifier extension.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-authkeyid",
+                        ";configuration-policyrules-authkeyid",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds Authority Key Identifier Extension. " +
-                "See RFC 2459 (4.2.1.1)"
+                        ";Adds Authority Key Identifier Extension. " +
+                        "See RFC 2459 (4.2.1.1)"
             };
 
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java
index 1636902d..dedd8ce8 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -47,48 +46,48 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Basic Constraints policy.
  * Adds the Basic constraints extension.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class BasicConstraintsExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_MAXPATHLEN = "maxPathLen";
     protected static final String PROP_IS_CA = "isCA";
     protected static final String PROP_IS_CRITICAL = "critical";
 
     protected static final String ARG_PATHLEN = "BasicConstraintsPathLen";
 
-    protected int mMaxPathLen = 0;	// < 0 means unlimited
+    protected int mMaxPathLen = 0; // < 0 means unlimited
     protected String mOrigMaxPathLen = ""; // for UI display only
     protected boolean mCritical = true;
-    protected int mDefaultMaxPathLen = 0;	// depends on the CA's path length.
-    protected int mCAPathLen = 0;	
+    protected int mDefaultMaxPathLen = 0; // depends on the CA's path length.
+    protected int mCAPathLen = 0;
     protected boolean mRemoveExt = true;
     protected boolean mIsCA = true;
 
     public static final boolean DEFAULT_CRITICALITY = true;
 
     /**
-     * Adds the basic constraints extension as a critical extension in 
-     * CA certificates i.e. certype is ca, with either a requested 
+     * Adds the basic constraints extension as a critical extension in
+     * CA certificates i.e. certype is ca, with either a requested
      * or configured path len.
-     * The requested or configured path length cannot be greater than 
+     * The requested or configured path length cannot be greater than
      * or equal to the CA's basic constraints path length.
      * If the CA path length is 0, all requests for CA certs are rejected.
      */
     public BasicConstraintsExt() {
         NAME = "BasicConstraintsExt";
-        DESC = 
+        DESC =
                 "Sets critical basic constraints extension in subordinate CA certs";
     }
 
@@ -96,33 +95,31 @@ public class BasicConstraintsExt extends APolicyRule
      * Initializes this policy rule.
      * <p>
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.implName=BasicConstraintsExtImpl
-     *      ca.Policy.rule.<ruleName>.pathLen=<n>, -1 for undefined.
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.implName=BasicConstraintsExtImpl ca.Policy.rule.<ruleName>.pathLen=<n>, -1 for undefined. ca.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
 
         // get the CA's path len to check against configured max path len.
         ICertAuthority certAuthority = (ICertAuthority)
-            ((IPolicyProcessor) owner).getAuthority();
+                ((IPolicyProcessor) owner).getAuthority();
 
         if (certAuthority == null) {
             // should never get here.
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
                         "Cannot find the Certificate Manager or Registration Manager"));
         }
         if (certAuthority instanceof IRegistrationAuthority) {
-            log(ILogger.LL_WARN, 
-                "default basic constraints extension path len to -1.");
+            log(ILogger.LL_WARN,
+                    "default basic constraints extension path len to -1.");
             mCAPathLen = -1;
         } else {
             CertificateChain caChain = certAuthority.getCACertChain();
-            if( caChain == null || CMS.isPreOpMode() ) {
+            if (caChain == null || CMS.isPreOpMode()) {
                 return;
             }
             X509Certificate caCert = caChain.getFirstCertificate();
@@ -132,14 +129,14 @@ public class BasicConstraintsExt extends APolicyRule
         // set default to one less than the CA's pathlen or 0 if CA's 
         // pathlen is 0. 
         // If it's unlimited default the max pathlen also to unlimited.
-        if (mCAPathLen < 0) 
+        if (mCAPathLen < 0)
             mDefaultMaxPathLen = -1;
-        else if (mCAPathLen > 0) 
+        else if (mCAPathLen > 0)
             mDefaultMaxPathLen = mCAPathLen - 1;
         else // (mCAPathLen == 0)  
         {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("POLICY_PATHLEN_ZERO"));
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("POLICY_PATHLEN_ZERO"));
             //return;
         }
 
@@ -151,19 +148,19 @@ public class BasicConstraintsExt extends APolicyRule
             mIsCA = config.getBoolean(PROP_IS_CA, true);
             mMaxPathLen = config.getInteger(PROP_MAXPATHLEN);
             if (mMaxPathLen < 0) {
-                log(ILogger.LL_MISCONF, 
-                    CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_4", "",
-                        String.valueOf(mMaxPathLen)));
+                log(ILogger.LL_MISCONF,
+                        CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_4", "",
+                                String.valueOf(mMaxPathLen)));
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_INVALID_MAXPATHLEN_1",
-                            NAME, String.valueOf(mMaxPathLen)));
+                                NAME, String.valueOf(mMaxPathLen)));
             }
             mOrigMaxPathLen = Integer.toString(mMaxPathLen);
         } catch (EBaseException e) {
-            if (!(e instanceof EPropertyNotFound) && 
-                !(e instanceof EPropertyNotDefined)) {
-                log(ILogger.LL_MISCONF, 
-                    CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN"));
+            if (!(e instanceof EPropertyNotFound) &&
+                    !(e instanceof EPropertyNotDefined)) {
+                log(ILogger.LL_MISCONF,
+                        CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN"));
                 throw e;
             }
 
@@ -179,49 +176,49 @@ public class BasicConstraintsExt extends APolicyRule
             // else maxPathlen must be at most one less than the CA's 
             // pathlen or 0 if CA's pathlen is 0. 
 
-            if (mCAPathLen > 0 && 
-                (mMaxPathLen >= mCAPathLen || mMaxPathLen < 0)) {
-                String maxStr = (mMaxPathLen < 0) ? 
-                    String.valueOf(mMaxPathLen) + "(unlimited)" :
-                    String.valueOf(mMaxPathLen);
+            if (mCAPathLen > 0 &&
+                    (mMaxPathLen >= mCAPathLen || mMaxPathLen < 0)) {
+                String maxStr = (mMaxPathLen < 0) ?
+                        String.valueOf(mMaxPathLen) + "(unlimited)" :
+                        String.valueOf(mMaxPathLen);
 
-                log(ILogger.LL_MISCONF, 
-                    CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", "",
-                        maxStr,
-                        String.valueOf(mCAPathLen)));
+                log(ILogger.LL_MISCONF,
+                        CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", "",
+                                maxStr,
+                                String.valueOf(mCAPathLen)));
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG_1",
-                            NAME, maxStr, Integer.toString(mCAPathLen)));
+                                NAME, maxStr, Integer.toString(mCAPathLen)));
             } else if (mCAPathLen == 0 && mMaxPathLen != 0) {
-                log(ILogger.LL_MISCONF, 
-                    CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_2", "", String.valueOf(mMaxPathLen))); 
+                log(ILogger.LL_MISCONF,
+                        CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_2", "", String.valueOf(mMaxPathLen)));
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_INVALID_MAXPATHLEN",
-                            NAME, String.valueOf(mMaxPathLen)));
+                                NAME, String.valueOf(mMaxPathLen)));
             }
         }
 
     }
 
     /**
-     * Checks if the basic contraints extension in certInfo is valid and 
+     * Checks if the basic contraints extension in certInfo is valid and
      * add the basic constraints extension for CA certs if none exists.
      * Non-CA certs do not get a basic constraints extension.
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
         // get cert info.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         X509CertInfo certInfo = null;
 
         if (ci == null || (certInfo = ci[0]) == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), ""); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -229,24 +226,24 @@ public class BasicConstraintsExt extends APolicyRule
         boolean isCA = mIsCA;
 
         /**
-         boolean isCA = false;
-         String type = (String)req.get(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
-         if (type != null && type.equalsIgnoreCase(IRequest.CA_CERT)) {
-         isCA = true;
-         }
+         * boolean isCA = false;
+         * String type = (String)req.get(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+         * if (type != null && type.equalsIgnoreCase(IRequest.CA_CERT)) {
+         * isCA = true;
+         * }
          **/
 
         for (int i = 0; i < ci.length; i++) {
             PolicyResult certResult = applyCert(req, isCA, certInfo);
 
-            if (certResult == PolicyResult.REJECTED) 
+            if (certResult == PolicyResult.REJECTED)
                 return certResult;
         }
         return PolicyResult.ACCEPTED;
     }
 
     public PolicyResult applyCert(
-        IRequest req, boolean isCA, X509CertInfo certInfo) {
+            IRequest req, boolean isCA, X509CertInfo certInfo) {
 
         // get basic constraints extension from cert info if any.
         CertificateExtensions extensions = null;
@@ -272,8 +269,8 @@ public class BasicConstraintsExt extends APolicyRule
             if (extensions == null) {
                 try {
                     // create extensions set if none.
-                    certInfo.set(X509CertInfo.VERSION, 
-                        new CertificateVersion(CertificateVersion.V3));
+                    certInfo.set(X509CertInfo.VERSION,
+                            new CertificateVersion(CertificateVersion.V3));
                     extensions = new CertificateExtensions();
                     certInfo.set(X509CertInfo.EXTENSIONS, extensions);
                 } catch (CertificateException e) {
@@ -293,21 +290,21 @@ public class BasicConstraintsExt extends APolicyRule
             try {
                 critExt = new BasicConstraintsExtension(isCA, mCritical, mMaxPathLen);
             } catch (IOException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2",  
-                        e.toString()));
-                setError(req, 
-                    CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2",
+                                e.toString()));
+                setError(req,
+                        CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
                 return PolicyResult.REJECTED; // unrecoverable error.
             }
- 
+
             try {
                 extensions.set(BasicConstraintsExtension.class.getSimpleName(), critExt);
             } catch (IOException e) {
             }
             CMS.debug(
-                "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " +
-                req.getRequestId());
+                    "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " +
+                            req.getRequestId());
             return PolicyResult.ACCEPTED;
         }
 
@@ -318,29 +315,29 @@ public class BasicConstraintsExt extends APolicyRule
         if (mCAPathLen == 0) {
             // reject all subordinate CA cert requests because CA's 
             // path length is 0.
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_NO_SUB_CA_CERTS_ALLOWED_1", NAME));
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED", NAME), ""); 
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_NO_SUB_CA_CERTS_ALLOWED_1", NAME));
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED", NAME), "");
             return PolicyResult.REJECTED;
         }
 
-        if (basicExt != null) { 
+        if (basicExt != null) {
             try {
-                boolean extIsCA = 
-                    ((Boolean) basicExt.get(BasicConstraintsExtension.IS_CA)).booleanValue();
-                int pathLen = 
-                    ((Integer) basicExt.get(BasicConstraintsExtension.PATH_LEN)).intValue();
+                boolean extIsCA =
+                        ((Boolean) basicExt.get(BasicConstraintsExtension.IS_CA)).booleanValue();
+                int pathLen =
+                        ((Integer) basicExt.get(BasicConstraintsExtension.PATH_LEN)).intValue();
 
                 if (mMaxPathLen > -1) {
                     if (pathLen > mMaxPathLen || pathLen < 0) {
-                        log(ILogger.LL_FAILURE, 
-                            CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", NAME, "unlimited", String.valueOf(pathLen))); 
-                        if (pathLen < 0) 
+                        log(ILogger.LL_FAILURE,
+                                CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", NAME, "unlimited", String.valueOf(pathLen)));
+                        if (pathLen < 0)
                             setError(req, CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG",
                                     NAME, "unlimited", Integer.toString(mMaxPathLen)), "");
                         else
                             setError(req, CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG",
-                                    NAME, Integer.toString(pathLen), 
+                                    NAME, Integer.toString(pathLen),
                                     Integer.toString(mMaxPathLen)), "");
                         return PolicyResult.REJECTED;
                     }
@@ -348,20 +345,20 @@ public class BasicConstraintsExt extends APolicyRule
 
                 // adjust isCA field
                 if (!extIsCA) {
-                    basicExt.set(BasicConstraintsExtension.IS_CA, 
-                        Boolean.valueOf(true));
+                    basicExt.set(BasicConstraintsExtension.IS_CA,
+                            Boolean.valueOf(true));
                 }
 
                 // adjust path length field.
                 if (mMaxPathLen == 0) {
                     if (pathLen != 0) {
-                        basicExt.set(BasicConstraintsExtension.PATH_LEN, 
-                            Integer.valueOf(0));
+                        basicExt.set(BasicConstraintsExtension.PATH_LEN,
+                                Integer.valueOf(0));
                         pathLen = 0;
                     }
                 } else if (mMaxPathLen > 0 && pathLen > mMaxPathLen) {
-                    basicExt.set(BasicConstraintsExtension.PATH_LEN, 
-                        Integer.valueOf(mMaxPathLen));
+                    basicExt.set(BasicConstraintsExtension.PATH_LEN,
+                            Integer.valueOf(mMaxPathLen));
                     pathLen = mMaxPathLen;
                 }
 
@@ -372,10 +369,10 @@ public class BasicConstraintsExt extends APolicyRule
                     try {
                         critExt = new BasicConstraintsExtension(isCA, mCritical, pathLen);
                     } catch (IOException e) {
-                        log(ILogger.LL_FAILURE, 
-                            CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_1", NAME));
-                        setError(req, 
-                            CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
+                        log(ILogger.LL_FAILURE,
+                                CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_1", NAME));
+                        setError(req,
+                                CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
                         return PolicyResult.REJECTED; // unrecoverable error.
                     }
                     extensions.delete(BasicConstraintsExtension.class.getSimpleName());
@@ -385,8 +382,8 @@ public class BasicConstraintsExt extends APolicyRule
                 // not possible in these cases.
             }
             CMS.debug(
-                "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " +
-                req.getRequestId());
+                    "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " +
+                            req.getRequestId());
             return PolicyResult.ACCEPTED;
         }
 
@@ -394,8 +391,8 @@ public class BasicConstraintsExt extends APolicyRule
         if (extensions == null) {
             try {
                 // create extensions set if none.
-                certInfo.set(X509CertInfo.VERSION, 
-                    new CertificateVersion(CertificateVersion.V3));
+                certInfo.set(X509CertInfo.VERSION,
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             } catch (CertificateException e) {
@@ -413,29 +410,29 @@ public class BasicConstraintsExt extends APolicyRule
         if (reqPathLenStr == null) {
             reqPathLen = mMaxPathLen;
         } else {
-            try { 
-                reqPathLen = Integer.parseInt(reqPathLenStr); 
+            try {
+                reqPathLen = Integer.parseInt(reqPathLenStr);
                 if ((mMaxPathLen == 0 && reqPathLen != 0) ||
-                    (mMaxPathLen > 0 && 
+                        (mMaxPathLen > 0 &&
                         (reqPathLen > mMaxPathLen || reqPathLen < 0))) {
-                    String plenStr = 
-                        ((reqPathLen < 0) ? 
-                            reqPathLenStr + "(unlimited)" : reqPathLenStr);
-
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("POLICY_PATHLEN_TOO_BIG_3", plenStr,
-                            String.valueOf(mMaxPathLen)));
-                    setError(req, 
-                        CMS.getUserMessage("CMS_POLICY_PATHLEN_TOO_BIG",
-                            NAME, plenStr, String.valueOf(mMaxPathLen)), "");
+                    String plenStr =
+                            ((reqPathLen < 0) ?
+                                    reqPathLenStr + "(unlimited)" : reqPathLenStr);
+
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("POLICY_PATHLEN_TOO_BIG_3", plenStr,
+                                    String.valueOf(mMaxPathLen)));
+                    setError(req,
+                            CMS.getUserMessage("CMS_POLICY_PATHLEN_TOO_BIG",
+                                    NAME, plenStr, String.valueOf(mMaxPathLen)), "");
                     return PolicyResult.REJECTED;
                 }
             } catch (NumberFormatException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("POLICY_INVALID_PATHLEN_FORMAT_2", NAME, reqPathLenStr));
-                setError(req, CMS.getUserMessage("CMS_POLICY_INVALID_PATHLEN_FORMAT", 
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("POLICY_INVALID_PATHLEN_FORMAT_2", NAME, reqPathLenStr));
+                setError(req, CMS.getUserMessage("CMS_POLICY_INVALID_PATHLEN_FORMAT",
                         NAME, reqPathLenStr), "");
-                return PolicyResult.REJECTED; 
+                return PolicyResult.REJECTED;
             }
         }
         BasicConstraintsExtension newExt;
@@ -443,29 +440,29 @@ public class BasicConstraintsExt extends APolicyRule
         try {
             newExt = new BasicConstraintsExtension(isCA, mCritical, reqPathLen);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", e.toString()));
-            setError(req, 
-                CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", e.toString()));
+            setError(req,
+                    CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
             return PolicyResult.REJECTED; // unrecoverable error.
         }
         try {
             extensions.set(BasicConstraintsExtension.class.getSimpleName(), newExt);
-        }catch (IOException e) {
+        } catch (IOException e) {
             // doesn't happen.
         }
         CMS.debug(
-            "BasicConstraintsExt: added the extension to request " +
-            req.getRequestId());
+                "BasicConstraintsExt: added the extension to request " +
+                        req.getRequestId());
         return PolicyResult.ACCEPTED;
     }
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         // Because of one of the UI bugs 385273, we should leave the empty space
@@ -478,10 +475,10 @@ public class BasicConstraintsExt extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         Vector<String> defParams = new Vector<String>();
 
         defParams.addElement(PROP_IS_CRITICAL + "=true");
@@ -494,17 +491,16 @@ public class BasicConstraintsExt extends APolicyRule
         String[] params = {
                 PROP_MAXPATHLEN + ";number;'0' means : no subordinates allowed, 'n' means : at most n subordinates allowed.",
                 PROP_IS_CRITICAL + ";boolean;" +
-                "RFC 2459 recommendation: MUST be critical in CA certs, SHOULD NOT appear in EE certs.",
+                        "RFC 2459 recommendation: MUST be critical in CA certs, SHOULD NOT appear in EE certs.",
                 PROP_IS_CA + ";boolean;" +
-                "Identifies the subject of the certificate is a CA or not.",
+                        "Identifies the subject of the certificate is a CA or not.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-basicconstraints",
+                        ";configuration-policyrules-basicconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds the Basic Constraints extension. See RFC 2459 (4.2.1.10)"
+                        ";Adds the Basic Constraints extension. See RFC 2459 (4.2.1.10)"
             };
 
         return params;
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
index 05d4a28e..0363079e 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Hashtable;
@@ -50,18 +49,18 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * The type of the distribution point or issuer name. The name is expressed
  * as a simple string in the configuration file, so this attribute is needed
  * to tell whether the simple string should be stored in an X.500 Name,
  * a URL, or an RDN.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -69,7 +68,7 @@ class NameType {
     private NameType() {
     } // no default constructor
 
-    private String stringRep;  // string representation of this type
+    private String stringRep; // string representation of this type
 
     private NameType(String s) {
         map.put(s, this);
@@ -79,7 +78,7 @@ class NameType {
     private static Hashtable<String, NameType> map = new Hashtable<String, NameType>();
 
     /**
-     * Looks up a NameType from its string representation.  Returns null
+     * Looks up a NameType from its string representation. Returns null
      * if no matching NameType was found.
      */
     public static NameType fromString(String s) {
@@ -93,10 +92,9 @@ class NameType {
     public static final NameType DIRECTORY_NAME = new NameType("DirectoryName");
     public static final NameType URI = new NameType("URI");
     public static final NameType RELATIVE_TO_ISSUER =
-        new NameType("RelativeToIssuer");
+            new NameType("RelativeToIssuer");
 }
 
-
 /**
  * These are the parameters that may be given in the configuration file
  * for each distribution point. They are parsed by DPParamsToDP().
@@ -124,13 +122,12 @@ class DistPointParams {
 
 }
 
-
 /**
  * CRL Distribution Points policy.
  * Adds the CRL Distribution Points extension to the certificate.
  */
 public class CRLDistributionPointsExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
 
     public static final String PROP_IS_CRITICAL = "critical";
     public static final String PROP_NUM_POINTS = "numPoints";
@@ -173,29 +170,29 @@ public class CRLDistributionPointsExt extends APolicyRule
         // should replace MAX_POINTS with mNumPoints if bug 385118 is fixed
         for (int i = 0; i < MAX_POINTS; i++) {
             v.addElement(PROP_POINT_TYPE + Integer.toString(i) + ";choice(" +
-                "DirectoryName,URI,RelativeToIssuer);" +
-                "The type of the CRL distribution point.");
+                    "DirectoryName,URI,RelativeToIssuer);" +
+                    "The type of the CRL distribution point.");
             v.addElement(PROP_POINT_NAME + Integer.toString(i) + ";string;" +
-                "The name of the CRL distribution point depending on the CRLDP type.");
+                    "The name of the CRL distribution point depending on the CRLDP type.");
             v.addElement(PROP_REASONS + Integer.toString(i) + ";string;" +
-                "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold.");
+                    "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold.");
             v.addElement(PROP_ISSUER_TYPE + Integer.toString(i) + ";choice(" +
-                "DirectoryName,URI);" +
-                "The type of the issuer that has signed the CRL maintained at this distribution point.");
+                    "DirectoryName,URI);" +
+                    "The type of the issuer that has signed the CRL maintained at this distribution point.");
             v.addElement(PROP_ISSUER_NAME + Integer.toString(i) + ";string;" +
-                "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type.");
+                    "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type.");
         }
 
         v.addElement(PROP_NUM_POINTS +
-            ";number;The total number of CRL distribution points to be contained or allowed in the extension.");
+                ";number;The total number of CRL distribution points to be contained or allowed in the extension.");
         v.addElement(PROP_IS_CRITICAL +
-            ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications.");
+                ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications.");
         v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-crldistributionpoints");
+                ";configuration-policyrules-crldistributionpoints");
         v.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";This policy inserts the CRL Distribution Points " +
-            "Extension into the certificate. See RFC 2459 (4.2.1.14). "
-        );
+                ";This policy inserts the CRL Distribution Points " +
+                "Extension into the certificate. See RFC 2459 (4.2.1.14). "
+                );
 
         mExtParams = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
     }
@@ -212,13 +209,13 @@ public class CRLDistributionPointsExt extends APolicyRule
      * Performs one-time initialization of the policy.
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         // Register the CRL Distribution Points extension.
         try {
             netscape.security.x509.OIDMap.addAttribute(
-                CRLDistributionPointsExtension.class.getName(),
-                CRLDistributionPointsExtension.OID,
-                CRLDistributionPointsExtension.class.getSimpleName());
+                    CRLDistributionPointsExtension.class.getName(),
+                    CRLDistributionPointsExtension.OID,
+                    CRLDistributionPointsExtension.class.getSimpleName());
         } catch (CertificateException e) {
             // ignore, just means it has already been added
         }
@@ -273,7 +270,7 @@ public class CRLDistributionPointsExt extends APolicyRule
      * actual CRL Distribution Point object.
      */
     private CRLDistributionPoint DPParamsToDP(DistPointParams params)
-        throws EBaseException {
+            throws EBaseException {
         CRLDistributionPoint crlDP = new CRLDistributionPoint();
 
         try {
@@ -337,14 +334,14 @@ public class CRLDistributionPointsExt extends APolicyRule
 
                     if (r == null) {
                         log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_REASON", s));
-                        throw new EBaseException("Unknown reason: " + s);    
+                        throw new EBaseException("Unknown reason: " + s);
                     } else {
                         reasonBits |= r.getBitMask();
                     }
                 }
                 if (reasonBits != 0) {
                     BitArray ba = new BitArray(8, new byte[] { reasonBits }
-                        );
+                            );
 
                     crlDP.setReasons(ba);
                 }
@@ -421,15 +418,15 @@ public class CRLDistributionPointsExt extends APolicyRule
         try {
             // find the extensions in the certInfo
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             // prepare the extensions data structure
             if (extensions == null) {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             } else {
                 // remove any previously computed version of the extension
@@ -446,13 +443,13 @@ public class CRLDistributionPointsExt extends APolicyRule
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                e.getMessage());
+                    e.getMessage());
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR",
                     e.getMessage()));
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                e.getMessage());
+                    e.getMessage());
             return PolicyResult.REJECTED;
         }
     }
@@ -471,7 +468,7 @@ public class CRLDistributionPointsExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector<String> getInstanceParams() {
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java
index 1e61c4ad..a56cbe9a 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -50,21 +49,21 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Certificate Policies.
  * Adds certificate policies extension.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class CertificatePoliciesExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL = "critical";
     protected static final String PROP_NUM_CERTPOLICIES = "numCertPolicies";
 
@@ -91,17 +90,15 @@ public class CertificatePoliciesExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.predicate=certType==ca
-     *      ca.Policy.rule.<ruleName>.implName=
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         mEnabled = mConfig.getBoolean(
@@ -126,7 +123,7 @@ public class CertificatePoliciesExt extends APolicyRule
                 mCertPolicies[i] = new CertPolicy(subtreeName, mConfig, mEnabled);
             } catch (EBaseException e) {
                 log(ILogger.LL_FAILURE, NAME + ": " +
-                    CMS.getLogMessage("POLICY_ERROR_CREATE_CERT_POLICY", e.toString()));
+                        CMS.getLogMessage("POLICY_ERROR_CREATE_CERT_POLICY", e.toString()));
                 throw e;
             }
         }
@@ -138,21 +135,21 @@ public class CertificatePoliciesExt extends APolicyRule
 
                 for (int j = 0; j < mNumCertPolicies; j++) {
                     CertPolicies.addElement(
-                        mCertPolicies[j].mCertificatePolicyInfo);
+                            mCertPolicies[j].mCertificatePolicyInfo);
                 }
-                mCertificatePoliciesExtension = 
+                mCertificatePoliciesExtension =
                         new CertificatePoliciesExtension(mCritical, CertPolicies);
             } catch (IOException e) {
                 throw new EBaseException(
                         CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                            "Error initializing " + NAME + " Error: " + e));
+                                "Error initializing " + NAME + " Error: " + e));
             }
         }
 
         // form instance params 
         mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
         mInstanceParams.addElement(
-            PROP_NUM_CERTPOLICIES + "=" + mNumCertPolicies);
+                PROP_NUM_CERTPOLICIES + "=" + mNumCertPolicies);
         for (int i = 0; i < mNumCertPolicies; i++) {
             mCertPolicies[i].getInstanceParams(mInstanceParams);
         }
@@ -161,19 +158,19 @@ public class CertificatePoliciesExt extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <p>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
 
         // get certInfo from request.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-		
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; 
+            return PolicyResult.REJECTED;
         }
 
         for (int i = 0; i < ci.length; i++) {
@@ -194,8 +191,8 @@ public class CertificatePoliciesExt extends APolicyRule
             if (extensions == null) {
                 extensions = new CertificateExtensions();
                 try {
-                    certInfo.set(X509CertInfo.VERSION, 
-                        new CertificateVersion(CertificateVersion.V3));
+                    certInfo.set(X509CertInfo.VERSION,
+                            new CertificateVersion(CertificateVersion.V3));
                     certInfo.set(X509CertInfo.EXTENSIONS, extensions);
                 } catch (Exception e) {
                 }
@@ -213,24 +210,24 @@ public class CertificatePoliciesExt extends APolicyRule
                 }
             }
             extensions.set(CertificatePoliciesExtension.class.getSimpleName(),
-                mCertificatePoliciesExtension);
+                    mCertificatePoliciesExtension);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1",
                     e.toString()));
             setError(req,
-                CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
+                    CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1",
                     e.toString()));
             setError(req,
-                CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
+                    CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
             return PolicyResult.REJECTED;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1",
                     e.toString()));
             setError(req,
-                CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
+                    CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
             return PolicyResult.REJECTED;
         }
         return PolicyResult.ACCEPTED;
@@ -238,51 +235,51 @@ public class CertificatePoliciesExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mInstanceParams;
     }
 
     /**
-     * Default config parameters. 
-     * To add more permitted or excluded subtrees, 
-     * increase the num to greater than 0 and more configuration params 
+     * Default config parameters.
+     * To add more permitted or excluded subtrees,
+     * increase the num to greater than 0 and more configuration params
      * will show up in the console.
      */
     private static Vector<String> mDefParams = new Vector<String>();
     static {
         mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
         mDefParams.addElement(
-            PROP_NUM_CERTPOLICIES + "=" + DEF_NUM_CERTPOLICIES);
+                PROP_NUM_CERTPOLICIES + "=" + DEF_NUM_CERTPOLICIES);
         String certPolicy0Dot = PROP_CERTPOLICY + "0.";
 
         mDefParams.addElement(
-            certPolicy0Dot + CertPolicy.PROP_POLICY_IDENTIFIER + "=" + "");
+                certPolicy0Dot + CertPolicy.PROP_POLICY_IDENTIFIER + "=" + "");
         mDefParams.addElement(
-            certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_ORG + "=" + "");
+                certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_ORG + "=" + "");
         mDefParams.addElement(
-            certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_NUMS + "=" + "");
+                certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_NUMS + "=" + "");
         mDefParams.addElement(
-            certPolicy0Dot + CertPolicy.PROP_USER_NOTICE_TEXT + "=" + "");
+                certPolicy0Dot + CertPolicy.PROP_USER_NOTICE_TEXT + "=" + "");
         mDefParams.addElement(
-            certPolicy0Dot + CertPolicy.PROP_CPS_URI + "=" + "");
+                certPolicy0Dot + CertPolicy.PROP_CPS_URI + "=" + "");
 
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefParams;
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
         Vector<String> theparams = new Vector<String>();
-		
+
         theparams.addElement(PROP_CRITICAL + ";boolean;RFC 3280 recommendation: MUST be non-critical.");
         theparams.addElement(PROP_NUM_CERTPOLICIES + ";number; Number of certificate policies. The value must be greater than or equal to 1");
 
@@ -290,22 +287,22 @@ public class CertificatePoliciesExt extends APolicyRule
             String certPolicykDot = PROP_CERTPOLICY + k + ".";
 
             theparams.addElement(certPolicykDot +
-                CertPolicy.PROP_POLICY_IDENTIFIER + ";string,required;An object identifier in the form n.n.n.n");
+                    CertPolicy.PROP_POLICY_IDENTIFIER + ";string,required;An object identifier in the form n.n.n.n");
             theparams.addElement(certPolicykDot +
-                CertPolicy.PROP_NOTICE_REF_ORG + ";string;See RFC 3280 sec 4.2.1.5");
+                    CertPolicy.PROP_NOTICE_REF_ORG + ";string;See RFC 3280 sec 4.2.1.5");
             theparams.addElement(certPolicykDot +
-                CertPolicy.PROP_NOTICE_REF_NUMS +
-                ";string;comma-separated list of numbers. See RFC 3280 sec 4.2.1.5");
+                    CertPolicy.PROP_NOTICE_REF_NUMS +
+                    ";string;comma-separated list of numbers. See RFC 3280 sec 4.2.1.5");
             theparams.addElement(certPolicykDot +
-                CertPolicy.PROP_USER_NOTICE_TEXT + ";string;See RFC 3280 sec 4.2.1.5");
+                    CertPolicy.PROP_USER_NOTICE_TEXT + ";string;See RFC 3280 sec 4.2.1.5");
             theparams.addElement(certPolicykDot +
-                CertPolicy.PROP_CPS_URI + ";string;See RFC 3280 sec 4.2.1.5");
+                    CertPolicy.PROP_CPS_URI + ";string;See RFC 3280 sec 4.2.1.5");
         }
 
         theparams.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-certificatepolicies");
+                ";configuration-policyrules-certificatepolicies");
         theparams.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Adds Certificate Policies Extension. See RFC 3280 (4.2.1.5)");
+                ";Adds Certificate Policies Extension. See RFC 3280 (4.2.1.5)");
 
         String[] params = new String[theparams.size()];
 
@@ -314,7 +311,6 @@ public class CertificatePoliciesExt extends APolicyRule
     }
 }
 
-
 class CertPolicy {
 
     protected static final String PROP_POLICY_IDENTIFIER = "policyId";
@@ -337,34 +333,35 @@ class CertPolicy {
 
     /**
      * forms policy map parameters.
+     * 
      * @param name name of this policy map, for example certPolicy0
      * @param config parent's config from where we find this configuration.
      * @param enabled whether policy was enabled.
      */
-    protected CertPolicy(String name, IConfigStore config, boolean enabled) 
-        throws EBaseException {
+    protected CertPolicy(String name, IConfigStore config, boolean enabled)
+            throws EBaseException {
         mName = name;
         mConfig = config.getSubStore(mName);
         mNameDot = mName + ".";
 
-        if( mConfig == null ) {
-            CMS.debug( "CertificatePoliciesExt::CertPolicy - mConfig is " +
-                       "null!" );
-            throw new EBaseException( "mConfig is null" );
+        if (mConfig == null) {
+            CMS.debug("CertificatePoliciesExt::CertPolicy - mConfig is " +
+                       "null!");
+            throw new EBaseException("mConfig is null");
         }
 
         // if there's no configuration for this policy put it there.
         if (mConfig.size() == 0) {
-            config.putString(mNameDot + PROP_POLICY_IDENTIFIER, ""); 
-            config.putString(mNameDot + PROP_NOTICE_REF_ORG, ""); 
-            config.putString(mNameDot + PROP_NOTICE_REF_NUMS, ""); 
-            config.putString(mNameDot + PROP_USER_NOTICE_TEXT, ""); 
-            config.putString(mNameDot + PROP_CPS_URI, ""); 
+            config.putString(mNameDot + PROP_POLICY_IDENTIFIER, "");
+            config.putString(mNameDot + PROP_NOTICE_REF_ORG, "");
+            config.putString(mNameDot + PROP_NOTICE_REF_NUMS, "");
+            config.putString(mNameDot + PROP_USER_NOTICE_TEXT, "");
+            config.putString(mNameDot + PROP_CPS_URI, "");
             mConfig = config.getSubStore(mName);
-            if(mConfig == null || mConfig.size() == 0) {
-	            CMS.debug( "CertificatePoliciesExt::CertPolicy - mConfig " +
-                           "is null or empty!" );
-                throw new EBaseException( "mConfig is null or empty" );
+            if (mConfig == null || mConfig.size() == 0) {
+                CMS.debug("CertificatePoliciesExt::CertPolicy - mConfig " +
+                           "is null or empty!");
+                throw new EBaseException("mConfig is null or empty");
             }
         }
 
@@ -376,28 +373,28 @@ class CertPolicy {
         mCpsUri = mConfig.getString(PROP_CPS_URI, null);
 
         // adjust for "" and console returning "null"
-        if (mPolicyId != null && 
-            (mPolicyId.length() == 0 || 
+        if (mPolicyId != null &&
+                (mPolicyId.length() == 0 ||
                 mPolicyId.equals("null"))) {
             mPolicyId = null;
         }
-        if (mNoticeRefOrg != null && 
-            (mNoticeRefOrg.length() == 0 || 
+        if (mNoticeRefOrg != null &&
+                (mNoticeRefOrg.length() == 0 ||
                 mNoticeRefOrg.equals("null"))) {
             mNoticeRefOrg = null;
         }
-        if (mNoticeRefNums != null && 
-            (mNoticeRefNums.length() == 0 || 
+        if (mNoticeRefNums != null &&
+                (mNoticeRefNums.length() == 0 ||
                 mNoticeRefNums.equals("null"))) {
             mNoticeRefNums = null;
         }
-        if (mNoticeRefExplicitText != null && 
-            (mNoticeRefExplicitText.length() == 0 || 
+        if (mNoticeRefExplicitText != null &&
+                (mNoticeRefExplicitText.length() == 0 ||
                 mNoticeRefExplicitText.equals("null"))) {
             mNoticeRefExplicitText = null;
         }
-        if (mCpsUri != null && 
-            (mCpsUri.length() == 0 || 
+        if (mCpsUri != null &&
+                (mCpsUri.length() == 0 ||
                 mCpsUri.equals("null"))) {
             mCpsUri = null;
         }
@@ -405,42 +402,43 @@ class CertPolicy {
         // policy ids cannot be null if policy is enabled.
         String msg = "value cannot be null.";
 
-        if (mPolicyId == null && enabled) 
+        if (mPolicyId == null && enabled)
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
                         mNameDot + PROP_POLICY_IDENTIFIER, msg));
         msg = "NoticeReference is optional; If chosen to include, NoticeReference must at least has 'organization'";
-        if (mNoticeRefOrg == null && mNoticeRefNums != null && enabled) 
+        if (mNoticeRefOrg == null && mNoticeRefNums != null && enabled)
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
                         mNameDot + PROP_NOTICE_REF_ORG, msg));
-		
-            // if a policy id is not null check that it is a valid OID.
+
+        // if a policy id is not null check that it is a valid OID.
         ObjectIdentifier policyId = null;
 
-        if (mPolicyId != null) 
+        if (mPolicyId != null)
             policyId = CMS.checkOID(
                         mNameDot + PROP_POLICY_IDENTIFIER, mPolicyId);
-		
-            // if enabled, form CertificatePolicyInfo to be encoded in
-            // extension. Policy ids should be all set.
+
+        // if enabled, form CertificatePolicyInfo to be encoded in
+        // extension. Policy ids should be all set.
         if (enabled) {
-	    CMS.debug("CertPolicy: in CertPolicy");
+            CMS.debug("CertPolicy: in CertPolicy");
             DisplayText displayText = null;
 
-            if (mNoticeRefExplicitText != null && 
-                !mNoticeRefExplicitText.equals(""))
+            if (mNoticeRefExplicitText != null &&
+                    !mNoticeRefExplicitText.equals(""))
                 displayText = new DisplayText(DisplayText.tag_VisibleString, mNoticeRefExplicitText);
-                //		  new DisplayText(DisplayText.tag_IA5String, mNoticeRefExplicitText);
+            //		  new DisplayText(DisplayText.tag_IA5String, mNoticeRefExplicitText);
             DisplayText orgName = null;
 
-            if (mNoticeRefOrg != null && 
-                !mNoticeRefOrg.equals(""))
+            if (mNoticeRefOrg != null &&
+                    !mNoticeRefOrg.equals(""))
                 orgName =
                         new DisplayText(DisplayText.tag_VisibleString, mNoticeRefOrg);
-                //		  new DisplayText(DisplayText.tag_VisibleString, mNoticeRefOrg);
+            //		  new DisplayText(DisplayText.tag_VisibleString, mNoticeRefOrg);
 
-            int[] nums = new int[0];;
-            if (mNoticeRefNums != null && 
-                !mNoticeRefNums.equals("")) {
+            int[] nums = new int[0];
+            ;
+            if (mNoticeRefNums != null &&
+                    !mNoticeRefNums.equals("")) {
 
                 // should add a method to NoticeReference to take a
                 // Vector...but let's do this for now
@@ -468,24 +466,23 @@ class CertPolicy {
             try {
                 cpolicyId = new CertificatePolicyId(ObjectIdentifier.getObjectIdentifier(mPolicyId));
             } catch (Exception e) {
-                throw new
-                    EBaseException(CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR", mPolicyId));
+                throw new EBaseException(CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR", mPolicyId));
             }
 
             PolicyQualifiers policyQualifiers = new PolicyQualifiers();
-			
+
             NoticeReference noticeReference = null;
-			
+
             if (orgName != null)
                 noticeReference = new NoticeReference(orgName, nums);
 
             UserNotice userNotice = null;
 
             if (displayText != null || noticeReference != null) {
-                userNotice = new UserNotice (noticeReference, displayText);
-				
+                userNotice = new UserNotice(noticeReference, displayText);
+
                 PolicyQualifierInfo policyQualifierInfo1 =
-                    new PolicyQualifierInfo(PolicyQualifierInfo.QT_UNOTICE, userNotice);
+                        new PolicyQualifierInfo(PolicyQualifierInfo.QT_UNOTICE, userNotice);
 
                 policyQualifiers.add(policyQualifierInfo1);
             }
@@ -493,25 +490,25 @@ class CertPolicy {
             CPSuri cpsUri = null;
 
             if (mCpsUri != null && mCpsUri.length() > 0) {
-                cpsUri = new CPSuri (mCpsUri);
+                cpsUri = new CPSuri(mCpsUri);
                 PolicyQualifierInfo policyQualifierInfo2 =
-                    new PolicyQualifierInfo(PolicyQualifierInfo.QT_CPS, cpsUri);
-				
+                        new PolicyQualifierInfo(PolicyQualifierInfo.QT_CPS, cpsUri);
+
                 policyQualifiers.add(policyQualifierInfo2);
             }
 
             if ((mNoticeRefOrg == null || mNoticeRefOrg.equals("")) &&
-                (mNoticeRefExplicitText == null || mNoticeRefExplicitText.equals("")) &&
-                (mCpsUri == null || mCpsUri.equals(""))) {
-		CMS.debug("CertPolicy mNoticeRefOrg = "+mNoticeRefOrg);
-		CMS.debug("CertPolicy mNoticeRefExplicitText = "+mNoticeRefExplicitText);
-		CMS.debug("CertPolicy mCpsUri = "+mCpsUri);
+                    (mNoticeRefExplicitText == null || mNoticeRefExplicitText.equals("")) &&
+                    (mCpsUri == null || mCpsUri.equals(""))) {
+                CMS.debug("CertPolicy mNoticeRefOrg = " + mNoticeRefOrg);
+                CMS.debug("CertPolicy mNoticeRefExplicitText = " + mNoticeRefExplicitText);
+                CMS.debug("CertPolicy mCpsUri = " + mCpsUri);
 
                 mCertificatePolicyInfo = new CertificatePolicyInfo(cpolicyId);
             } else {
-		CMS.debug("CertPolicy mNoticeRefOrg = "+mNoticeRefOrg);
-		CMS.debug("CertPolicy mNoticeRefExplicitText = "+mNoticeRefExplicitText);
-		CMS.debug("CertPolicy mCpsUri = "+mCpsUri);
+                CMS.debug("CertPolicy mNoticeRefOrg = " + mNoticeRefOrg);
+                CMS.debug("CertPolicy mNoticeRefExplicitText = " + mNoticeRefExplicitText);
+                CMS.debug("CertPolicy mCpsUri = " + mCpsUri);
                 mCertificatePolicyInfo = new CertificatePolicyInfo(cpolicyId, policyQualifiers);
             }
         }
@@ -519,20 +516,19 @@ class CertPolicy {
 
     protected void getInstanceParams(Vector<String> instanceParams) {
         instanceParams.addElement(
-            mNameDot + PROP_POLICY_IDENTIFIER + "=" + (mPolicyId == null ? "" :
-                mPolicyId));
+                mNameDot + PROP_POLICY_IDENTIFIER + "=" + (mPolicyId == null ? "" :
+                        mPolicyId));
         instanceParams.addElement(
-            mNameDot + PROP_NOTICE_REF_ORG + "=" + (mNoticeRefOrg == null ? "" :
-                mNoticeRefOrg));
+                mNameDot + PROP_NOTICE_REF_ORG + "=" + (mNoticeRefOrg == null ? "" :
+                        mNoticeRefOrg));
         instanceParams.addElement(
-            mNameDot + PROP_NOTICE_REF_NUMS + "=" + (mNoticeRefNums == null ? "" :
-                mNoticeRefNums));
+                mNameDot + PROP_NOTICE_REF_NUMS + "=" + (mNoticeRefNums == null ? "" :
+                        mNoticeRefNums));
         instanceParams.addElement(
-            mNameDot + PROP_USER_NOTICE_TEXT + "=" + (mNoticeRefExplicitText == null ? "" :
-                mNoticeRefExplicitText));
+                mNameDot + PROP_USER_NOTICE_TEXT + "=" + (mNoticeRefExplicitText == null ? "" :
+                        mNoticeRefExplicitText));
         instanceParams.addElement(
-            mNameDot + PROP_CPS_URI + "=" + (mCpsUri == null ? "" :
-                mCpsUri));
+                mNameDot + PROP_CPS_URI + "=" + (mCpsUri == null ? "" :
+                        mCpsUri));
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java
index e3927502..174cdcf3 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Date;
@@ -40,20 +39,20 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Certificate Renewal Window Extension Policy
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class CertificateRenewalWindowExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
 
     protected static final String PROP_END_TIME = "relativeEndTime";
     protected static final String PROP_BEGIN_TIME = "relativeBeginTime";
@@ -64,7 +63,7 @@ public class CertificateRenewalWindowExt extends APolicyRule
     protected String mEndTime;
 
     /**
-     * Adds the  Netscape comment in the end-entity certificates or
+     * Adds the Netscape comment in the end-entity certificates or
      * CA certificates. The policy is set to be non-critical with the
      * provided OID.
      */
@@ -75,11 +74,11 @@ public class CertificateRenewalWindowExt extends APolicyRule
 
     /**
      * Initializes this policy rule.
-     *
-     * @param config        The config store reference
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mCritical = config.getBoolean(PROP_CRITICAL, false);
         mBeginTime = config.getString(PROP_BEGIN_TIME, null);
         mEndTime = config.getString(PROP_END_TIME, null);
@@ -89,16 +88,16 @@ public class CertificateRenewalWindowExt extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <p>
-     *
-     * @param req   The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
         // get cert info.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
@@ -128,8 +127,8 @@ public class CertificateRenewalWindowExt extends APolicyRule
         if (extensions == null) {
             extensions = new CertificateExtensions();
             try {
-                certInfo.set(X509CertInfo.VERSION, 
-                    new CertificateVersion(CertificateVersion.V3));
+                certInfo.set(X509CertInfo.VERSION,
+                        new CertificateVersion(CertificateVersion.V3));
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             } catch (Exception e) {
             }
@@ -137,7 +136,7 @@ public class CertificateRenewalWindowExt extends APolicyRule
             // remove any previously computed version of the extension
             try {
                 extensions.delete(CertificateRenewalWindowExtension.class.getSimpleName());
-				
+
             } catch (IOException e) {
                 // this is the hack: for some reason, the key which is the name
                 // of the policy has been converted into the OID 
@@ -154,22 +153,22 @@ public class CertificateRenewalWindowExt extends APolicyRule
 
             if (mEndTime == null || mEndTime.equals("")) {
                 crwExt = new CertificateRenewalWindowExtension(
-                            mCritical, 
+                            mCritical,
                             getDateValue(now, mBeginTime),
                             null);
             } else {
                 crwExt = new CertificateRenewalWindowExtension(
-                            mCritical, 
+                            mCritical,
                             getDateValue(now, mBeginTime),
                             getDateValue(now, mEndTime));
             }
-            extensions.set(CertificateRenewalWindowExtension.class.getSimpleName(), 
-                crwExt);
+            extensions.set(CertificateRenewalWindowExtension.class.getSimpleName(),
+                    crwExt);
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME));
+                    CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME));
             setError(req,
-                CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
+                    CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
             return PolicyResult.REJECTED;
         }
         return PolicyResult.ACCEPTED;
@@ -179,13 +178,13 @@ public class CertificateRenewalWindowExt extends APolicyRule
         long time;
 
         if (s.endsWith("s")) {
-            time = 1000 * Long.parseLong(s.substring(0, 
+            time = 1000 * Long.parseLong(s.substring(0,
                             s.length() - 1));
         } else if (s.endsWith("m")) {
-            time = 60 * 1000 * Long.parseLong(s.substring(0, 
+            time = 60 * 1000 * Long.parseLong(s.substring(0,
                             s.length() - 1));
         } else if (s.endsWith("h")) {
-            time = 60 * 60 * 1000 * Long.parseLong(s.substring(0, 
+            time = 60 * 60 * 1000 * Long.parseLong(s.substring(0,
                             s.length() - 1));
         } else if (s.endsWith("D")) {
             time = 24 * 60 * 60 * 1000 * Long.parseLong(
@@ -206,9 +205,9 @@ public class CertificateRenewalWindowExt extends APolicyRule
                 PROP_BEGIN_TIME + ";string;Start Time in seconds (Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.",
                 PROP_END_TIME + ";string;End Time in seconds (Optional, Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-certificaterenewalwindow",
+                        ";configuration-policyrules-certificaterenewalwindow",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds 'Certificate Renewal Window' extension. See manual"
+                        ";Adds 'Certificate Renewal Window' extension. See manual"
             };
 
         return params;
@@ -217,10 +216,10 @@ public class CertificateRenewalWindowExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         params.addElement(PROP_CRITICAL + "=" + mCritical);
@@ -239,10 +238,10 @@ public class CertificateRenewalWindowExt extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         Vector<String> defParams = new Vector<String>();
 
         defParams.addElement(PROP_CRITICAL + "=false");
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
index 14ef4213..a4a5fde6 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -43,31 +42,31 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Certificate Scope Of Use extension policy. This extension
  * is defined in draft-thayes-cert-scope-00.txt
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
-public class CertificateScopeOfUseExt extends APolicyRule implements 
+public class CertificateScopeOfUseExt extends APolicyRule implements
         IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL =
-        "critical";
+            "critical";
     protected static final String PROP_ENTRY =
-        "entry";
+            "entry";
     protected static final String PROP_NAME =
-        "name";
+            "name";
     protected static final String PROP_NAME_TYPE =
-        "name_type";
+            "name_type";
     protected static final String PROP_PORT_NUMBER =
-        "port_number";
+            "port_number";
 
     public static final int MAX_ENTRY = 5;
 
@@ -82,11 +81,11 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
         Vector<String> v = new Vector<String>();
 
         v.addElement(PROP_CRITICAL +
-            ";boolean; This extension may be either critical or non-critical.");
+                ";boolean; This extension may be either critical or non-critical.");
         v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-certificatescopeofuse");
+                ";configuration-policyrules-certificatescopeofuse");
         v.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Adds Certificate Scope of Use Extension.");
+                ";Adds Certificate Scope of Use Extension.");
 
         for (int i = 0; i < MAX_ENTRY; i++) {
             v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME + ";" + IGeneralNameUtil.GENNAME_VALUE_INFO);
@@ -99,17 +98,15 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *      ca.Policy.rule.<ruleName>.predicate=
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.predicate=
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
     }
 
@@ -124,7 +121,7 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
         //
         for (int i = 0;; i++) {
             // get port number (optional)
-            String port = mConfig.getString(PROP_ENTRY + 
+            String port = mConfig.getString(PROP_ENTRY +
                     Integer.toString(i) + "_" + PROP_PORT_NUMBER, null);
             BigInt portNumber = null;
 
@@ -137,11 +134,11 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
             // TAG ::= uriName | dirName
             // VALUE ::= [value defined by TAG]
             //
-            String name_type = mConfig.getString(PROP_ENTRY + 
-                    Integer.toString(i) + 
+            String name_type = mConfig.getString(PROP_ENTRY +
+                    Integer.toString(i) +
                     "_" + PROP_NAME_TYPE, null);
-            String name = mConfig.getString(PROP_ENTRY + 
-                    Integer.toString(i) + 
+            String name = mConfig.getString(PROP_ENTRY +
+                    Integer.toString(i) +
                     "_" + PROP_NAME, null);
 
             if (name == null || name.equals(""))
@@ -157,7 +154,7 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
      * If this policy is enabled, add the authority information
      * access extension to the certificate.
      * <P>
-     *
+     * 
      * @param req The request on which to apply policy.
      * @return The policy result object.
      */
@@ -169,7 +166,7 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
                 IRequest.CERT_INFO);
 
         if (ci == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -177,29 +174,29 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
 
             certInfo = ci[j];
             if (certInfo == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CA_CERT_INFO_ERROR", NAME));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, "Configuration Info Error");
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CA_CERT_INFO_ERROR", NAME));
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, "Configuration Info Error");
                 return PolicyResult.REJECTED; // unrecoverable error.
             }
 
             try {
                 // Find the extensions in the certInfo
                 CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
+                        certInfo.get(X509CertInfo.EXTENSIONS);
 
                 // add access descriptions
                 Vector<CertificateScopeEntry> entries = getScopeEntries();
 
                 if (entries.size() == 0) {
                     return res;
-                }	
-	
+                }
+
                 if (extensions == null) {
                     // create extension if not exist
                     certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
+                            new CertificateVersion(CertificateVersion.V3));
                     extensions = new CertificateExtensions();
                     certInfo.set(X509CertInfo.EXTENSIONS, extensions);
                 } else {
@@ -212,29 +209,29 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
                 }
 
                 // Create the extension
-                CertificateScopeOfUseExtension suExt = new 
-                    CertificateScopeOfUseExtension(mConfig.getBoolean(
-                            PROP_CRITICAL, false), entries);
+                CertificateScopeOfUseExtension suExt = new
+                        CertificateScopeOfUseExtension(mConfig.getBoolean(
+                                PROP_CRITICAL, false), entries);
 
                 extensions.set(CertificateScopeOfUseExtension.NAME, suExt);
 
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, e.getMessage());
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, e.getMessage());
                 return PolicyResult.REJECTED; // unrecoverable error.
             } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, 
-                    "Configuration Info Error encountered: " +
-                    e.getMessage());
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, "Configuration Info Error");
+                log(ILogger.LL_FAILURE,
+                        "Configuration Info Error encountered: " +
+                                e.getMessage());
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, "Configuration Info Error");
                 return PolicyResult.REJECTED; // unrecoverable error.
             } catch (CertificateException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, "Certificate Info Error");
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, "Certificate Info Error");
                 return PolicyResult.REJECTED; // unrecoverable error.
             }
         }
@@ -244,15 +241,15 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         try {
-            params.addElement(PROP_CRITICAL + "=" + 
-                mConfig.getBoolean(PROP_CRITICAL, false));
+            params.addElement(PROP_CRITICAL + "=" +
+                    mConfig.getBoolean(PROP_CRITICAL, false));
         } catch (EBaseException e) {
         }
 
@@ -260,50 +257,50 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
             String name_type = null;
 
             try {
-                name_type = mConfig.getString(PROP_ENTRY + 
-                            Integer.toString(i) + "_" + PROP_NAME_TYPE, 
+                name_type = mConfig.getString(PROP_ENTRY +
+                            Integer.toString(i) + "_" + PROP_NAME_TYPE,
                             null);
             } catch (EBaseException e) {
             }
             if (name_type == null)
                 break;
-            params.addElement(PROP_ENTRY + 
-                Integer.toString(i) + 
-                "_" + PROP_NAME_TYPE + "=" + name_type);
+            params.addElement(PROP_ENTRY +
+                    Integer.toString(i) +
+                    "_" + PROP_NAME_TYPE + "=" + name_type);
             String name = null;
 
             try {
-                name = mConfig.getString(PROP_ENTRY + 
-                            Integer.toString(i) + "_" + PROP_NAME, 
+                name = mConfig.getString(PROP_ENTRY +
+                            Integer.toString(i) + "_" + PROP_NAME,
                             null);
             } catch (EBaseException e) {
             }
             if (name == null)
                 break;
-            params.addElement(PROP_ENTRY + 
-                Integer.toString(i) + 
-                "_" + PROP_NAME + "=" + name);
+            params.addElement(PROP_ENTRY +
+                    Integer.toString(i) +
+                    "_" + PROP_NAME + "=" + name);
             String port = null;
 
             try {
-                port = mConfig.getString(PROP_ENTRY + 
-                            Integer.toString(i) + "_" + PROP_PORT_NUMBER, 
+                port = mConfig.getString(PROP_ENTRY +
+                            Integer.toString(i) + "_" + PROP_PORT_NUMBER,
                             "");
             } catch (EBaseException e) {
             }
-            params.addElement(PROP_ENTRY + 
-                Integer.toString(i) + 
-                "_" + PROP_PORT_NUMBER + "=" + port);
+            params.addElement(PROP_ENTRY +
+                    Integer.toString(i) +
+                    "_" + PROP_PORT_NUMBER + "=" + port);
         }
         return params;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         Vector<String> defParams = new Vector<String>();
 
         defParams.addElement(PROP_CRITICAL + "=false");
@@ -314,14 +311,13 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
         // the CMS.cfg
         //
         for (int i = 0; i < MAX_ENTRY; i++) {
-            defParams.addElement(PROP_ENTRY + Integer.toString(i) + 
-                "_" + PROP_NAME_TYPE + "=");
-            defParams.addElement(PROP_ENTRY + Integer.toString(i) + 
-                "_" + PROP_NAME + "=");
-            defParams.addElement(PROP_ENTRY + Integer.toString(i) + 
-                "_" + PROP_PORT_NUMBER + "=");
+            defParams.addElement(PROP_ENTRY + Integer.toString(i) +
+                    "_" + PROP_NAME_TYPE + "=");
+            defParams.addElement(PROP_ENTRY + Integer.toString(i) +
+                    "_" + PROP_NAME + "=");
+            defParams.addElement(PROP_ENTRY + Integer.toString(i) +
+                    "_" + PROP_PORT_NUMBER + "=");
         }
         return defParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java
index 94d7d8df..2684d02c 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -40,20 +39,20 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * This implements the extended key usage extension.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class ExtendedKeyUsageExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     public static final String PROP_CRITICAL = "critical";
     protected static final String PROP_PURPOSE_ID = "id";
     protected static final String PROP_NUM_IDS = "numIds";
@@ -63,7 +62,7 @@ public class ExtendedKeyUsageExt extends APolicyRule
     private Vector<ObjectIdentifier> mUsages = null;
 
     private String[] mParams = null;
-    
+
     // PKIX specifies the that the extension SHOULD NOT be critical
     public static final boolean DEFAULT_CRITICALITY = false;
 
@@ -81,7 +80,7 @@ public class ExtendedKeyUsageExt extends APolicyRule
      * Performs one-time initialization of the policy.
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
         setExtendedPluginInfo();
         setupParams();
@@ -99,7 +98,7 @@ public class ExtendedKeyUsageExt extends APolicyRule
         }
 
         X509CertInfo[] ci =
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
@@ -119,15 +118,15 @@ public class ExtendedKeyUsageExt extends APolicyRule
         try {
             // find the extensions in the certInfo
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             // prepare the extensions data structure
             if (extensions == null) {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             } else {
                 try {
@@ -143,17 +142,17 @@ public class ExtendedKeyUsageExt extends APolicyRule
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                e.getMessage());
+                    e.getMessage());
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR",
                     e.getMessage()));
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                e.getMessage());
+                    e.getMessage());
             return PolicyResult.REJECTED;
         }
     }
-    
+
     /**
      * Returns instance specific parameters.
      */
@@ -172,16 +171,16 @@ public class ExtendedKeyUsageExt extends APolicyRule
 
         for (int i = 0; i < numIds; i++) {
             if (mUsages.size() <= i) {
-                params.addElement(PROP_PURPOSE_ID + 
-                    Integer.toString(i) + "=");
+                params.addElement(PROP_PURPOSE_ID +
+                        Integer.toString(i) + "=");
             } else {
                 usage = ((ObjectIdentifier) mUsages.elementAt(i)).toString();
                 if (usage == null) {
-                    params.addElement(PROP_PURPOSE_ID + 
-                        Integer.toString(i) + "=");
+                    params.addElement(PROP_PURPOSE_ID +
+                            Integer.toString(i) + "=");
                 } else {
-                    params.addElement(PROP_PURPOSE_ID + 
-                        Integer.toString(i) + "=" + usage);
+                    params.addElement(PROP_PURPOSE_ID +
+                            Integer.toString(i) + "=" + usage);
                 }
             }
         }
@@ -200,17 +199,17 @@ public class ExtendedKeyUsageExt extends APolicyRule
         }
         for (int i = 0; i < mNum; i++) {
             v.addElement(PROP_PURPOSE_ID + Integer.toString(i) + ";string;" +
-                "A unique,valid OID specified in dot-separated numeric component notation. e.g. 2.16.840.1.113730.1.99");
+                    "A unique,valid OID specified in dot-separated numeric component notation. e.g. 2.16.840.1.113730.1.99");
         }
 
         v.addElement(PROP_NUM_IDS + ";number;The total number of policy IDs.");
         v.addElement(PROP_CRITICAL +
-            ";boolean;RFC 2459 recommendation: This extension may, at the option of the certificate issuer, be either critical or non-critical.");
+                ";boolean;RFC 2459 recommendation: This extension may, at the option of the certificate issuer, be either critical or non-critical.");
         v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-extendedkeyusage");
+                ";configuration-policyrules-extendedkeyusage");
         v.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Adds Extended Key Usage Extension. Defined in RFC 2459 " +
-            "(4.2.1.13)");
+                ";Adds Extended Key Usage Extension. Defined in RFC 2459 " +
+                "(4.2.1.13)");
 
         mParams = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
     }
@@ -221,7 +220,7 @@ public class ExtendedKeyUsageExt extends APolicyRule
         }
         return mParams;
     }
-    
+
     /**
      * Returns default parameters.
      */
@@ -235,30 +234,32 @@ public class ExtendedKeyUsageExt extends APolicyRule
         }
         return defParams;
     }
-    
+
     /**
      * Setups parameters.
      */
     private void setupParams() throws EBaseException {
-        
+
         mCritical = mConfig.getBoolean(PROP_CRITICAL, false);
         if (mUsages == null) {
             mUsages = new Vector<ObjectIdentifier>();
         }
-        
+
         int mNum = mConfig.getInteger(PROP_NUM_IDS, MAX_PURPOSE_ID);
 
         for (int i = 0; i < mNum; i++) {
             ObjectIdentifier usageOID = null;
-	        
-            String usage = mConfig.getString(PROP_PURPOSE_ID + 
+
+            String usage = mConfig.getString(PROP_PURPOSE_ID +
                     Integer.toString(i), null);
 
             try {
-           
-                if (usage == null)  break;
+
+                if (usage == null)
+                    break;
                 usage = usage.trim();
-                if (usage.equals(""))   break;
+                if (usage.equals(""))
+                    break;
                 if (usage.equalsIgnoreCase("ocspsigning")) {
                     usageOID = ObjectIdentifier.getObjectIdentifier(ExtendedKeyUsageExtension.OID_OCSPSigning);
                 } else if (usage.equalsIgnoreCase("codesigning")) {
@@ -268,10 +269,10 @@ public class ExtendedKeyUsageExt extends APolicyRule
                     usageOID = ObjectIdentifier.getObjectIdentifier(usage);
                 }
             } catch (IOException ex) {
-                throw new EBaseException(this.getClass().getName() + ":" + 
+                throw new EBaseException(this.getClass().getName() + ":" +
                         ex.getMessage());
             } catch (NumberFormatException ex) {
-                throw new EBaseException(this.getClass().getName() + ":" + 
+                throw new EBaseException(this.getClass().getName() + ":" +
                         "OID '" + usage + "' format error");
             }
             mUsages.addElement(usageOID);
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java b/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java
index bdfdb14a..8305317e 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
@@ -46,12 +45,11 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Private Integer extension policy.
  * If this policy is enabled, it adds an Private Integer
  * extension to the certificate.
- *
+ * 
  * The following listed sample configuration parameters:
  * 
  * ca.Policy.impl.privateInteger.class=com.netscape.certsrv.policy.genericASNExt
@@ -78,51 +76,52 @@ import com.netscape.cms.policy.APolicyRule;
  * ca.Policy.rule.genericASNExt.implName=genericASNExt
  * ca.Policy.rule.genericASNExt.predicate=
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
-public class GenericASN1Ext extends APolicyRule implements 
+public class GenericASN1Ext extends APolicyRule implements
         IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final int MAX_ATTR = 10;
 
     protected static final String PROP_CRITICAL =
-        "critical";
+            "critical";
     protected static final String PROP_NAME =
-        "name";
+            "name";
     protected static final String PROP_OID =
-        "oid";
+            "oid";
     protected static final String PROP_PATTERN =
-        "pattern";
+            "pattern";
     protected static final String PROP_ATTRIBUTE =
-        "attribute";
+            "attribute";
     protected static final String PROP_TYPE =
-        "type";
+            "type";
     protected static final String PROP_SOURCE =
-        "source";
+            "source";
     protected static final String PROP_VALUE =
-        "value";
+            "value";
     protected static final String PROP_PREDICATE =
-        "predicate";
+            "predicate";
 
     protected static final String PROP_ENABLE =
-        "enable";
+            "enable";
 
     public IConfigStore mConfig = null;
 
     private String pattern = null;
-    
+
     public String[] getExtendedPluginInfo(Locale locale) {
         String s[] = {
                 "enable" + ";boolean;Enable this policy",
                 "predicate" + ";string;",
                 PROP_CRITICAL + ";boolean;",
-                PROP_NAME + ";string;Name for this extension.",                  
-                PROP_OID + ";string;OID number for this extension. It should be unique.",                   
+                PROP_NAME + ";string;Name for this extension.",
+                PROP_OID + ";string;OID number for this extension. It should be unique.",
                 PROP_PATTERN + ";string;Pattern for extension; {012}34",
                 // Attribute 0
                 PROP_ATTRIBUTE + "." + "0" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
@@ -165,14 +164,14 @@ public class GenericASN1Ext extends APolicyRule implements
                 PROP_ATTRIBUTE + "." + "9" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
                 PROP_ATTRIBUTE + "." + "9" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-genericasn1ext",
+                        ";configuration-policyrules-genericasn1ext",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds Private extension based on ASN1. See manual"    		
+                        ";Adds Private extension based on ASN1. See manual"
             };
 
         return s;
     }
-    
+
     public GenericASN1Ext() {
         NAME = "GenericASN1Ext";
         DESC = "Sets Generic extension for certificates";
@@ -181,17 +180,15 @@ public class GenericASN1Ext extends APolicyRule implements
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.implName=genericASNExt
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *      ca.Policy.rule.<ruleName>.predicate=
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.implName=genericASNExt ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.predicate=
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
         if (mConfig == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR"));
@@ -202,32 +199,32 @@ public class GenericASN1Ext extends APolicyRule implements
 
         if (enable == false)
             return;
-	    
+
         String oid = mConfig.getString(PROP_OID, null);
 
         if ((oid == null) || (oid.length() == 0)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR"));
             return;
         }
-	    
+
         String name = mConfig.getString(PROP_NAME, null);
 
         if ((name == null) || (name.length() == 0)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR"));
             return;
         }
-	    
+
         try {
             if (File.separatorChar == '\\') {
                 pattern = mConfig.getString(PROP_PATTERN, null);
                 checkFilename(0);
-            }                
+            }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, "" + e.toString());
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, "" + e.toString());
         }
-		
+
         // Check OID value 
         CMS.checkOID(name, oid);
         pattern = mConfig.getString(PROP_PATTERN, null);
@@ -241,14 +238,14 @@ public class GenericASN1Ext extends APolicyRule implements
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, "" + e.toString());
         }
-        
+
     }
 
     // Check filename
-    private  int checkFilename(int index) 
-        throws IOException, EBaseException {
+    private int checkFilename(int index)
+            throws IOException, EBaseException {
         String source = null;
-        
+
         while (index < pattern.length()) {
             char ch = pattern.charAt(index);
 
@@ -262,28 +259,28 @@ public class GenericASN1Ext extends APolicyRule implements
                 return index;
 
             default:
-                source = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_SOURCE, null);                    
+                source = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_SOURCE, null);
                 if ((source != null) && (source.equalsIgnoreCase("file"))) {
-                    String oValue = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null);                    
+                    String oValue = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null);
                     String nValue = oValue.replace('\\', '/');
 
-                    mConfig.putString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, nValue);                    
+                    mConfig.putString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, nValue);
                     FileInputStream fis = new FileInputStream(nValue);
                     fis.close();
-                }                        
+                }
             }
             index++;
-        }            
+        }
 
         return index;
     }
 
     // Check oid
-    private  int checkOID(int index) 
-        throws EBaseException {
+    private int checkOID(int index)
+            throws EBaseException {
         String type = null;
         String oid = null;
-		
+
         while (index < pattern.length()) {
             char ch = pattern.charAt(index);
 
@@ -297,23 +294,23 @@ public class GenericASN1Ext extends APolicyRule implements
                 return index;
 
             default:
-                type = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_TYPE, null);                    
+                type = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_TYPE, null);
                 if ((type != null) && (type.equalsIgnoreCase("OID"))) {
-                    oid = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null);                    
+                    oid = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null);
                     CMS.checkOID(oid, oid);
-                }                        
+                }
             }
             index++;
-        }            
+        }
 
         return index;
     }
-	
+
     /**
      * If this policy is enabled, add the private Integer
      * information extension to the certificate.
      * <P>
-     *
+     * 
      * @param req The request on which to apply policy.
      * @return The policy result object.
      */
@@ -321,9 +318,9 @@ public class GenericASN1Ext extends APolicyRule implements
         PolicyResult res = PolicyResult.ACCEPTED;
         X509CertInfo certInfo;
         X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-	
+
         if (ci == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -343,7 +340,7 @@ public class GenericASN1Ext extends APolicyRule implements
                 if (extensions == null) {
                     // create extension if not exist
                     certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
+                            new CertificateVersion(CertificateVersion.V3));
                     extensions = new CertificateExtensions();
                     certInfo.set(X509CertInfo.EXTENSIONS, extensions);
                 } else {
@@ -358,35 +355,35 @@ public class GenericASN1Ext extends APolicyRule implements
 
                 // Create the extension
                 GenericASN1Extension priExt = mkExtension();
-                
+
                 extensions.set(priExt.getName(), priExt);
 
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, e.getMessage());
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, e.getMessage());
                 return PolicyResult.REJECTED; // unrecoverable error.
             } catch (EBaseException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, "Configuration Info Error");
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, "Configuration Info Error");
                 return PolicyResult.REJECTED; // unrecoverable error.
             } catch (CertificateException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, "Certificate Info Error");
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, "Certificate Info Error");
                 return PolicyResult.REJECTED; // unrecoverable error.
             } catch (ParseException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("BASE_EXTENSION_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, "Pattern parsing error");
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("BASE_EXTENSION_ERROR", e.getMessage()));
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, "Pattern parsing error");
                 return PolicyResult.REJECTED; // unrecoverable error.
             } catch (Exception e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("BASE_UNKNOWN_EXCEPTION", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, "Unknown Error");
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("BASE_UNKNOWN_EXCEPTION", e.getMessage()));
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, "Unknown Error");
                 return PolicyResult.REJECTED; // unrecoverable error.
             }
         }
@@ -397,7 +394,7 @@ public class GenericASN1Ext extends APolicyRule implements
      * Construct GenericASN1Extension with value from CMS.cfg
      */
     protected GenericASN1Extension mkExtension()
-        throws IOException, EBaseException, ParseException {
+            throws IOException, EBaseException, ParseException {
         GenericASN1Extension ext;
 
         Hashtable<String, String> h = new Hashtable<String, String>();
@@ -413,21 +410,21 @@ public class GenericASN1Ext extends APolicyRule implements
             String proptype = PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE;
             String propsource = PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE;
             String propvalue = PROP_ATTRIBUTE + "." + idx + "." + PROP_VALUE;
-		
+
             h.put(proptype, mConfig.getString(proptype, null));
             h.put(propsource, mConfig.getString(propsource, null));
             h.put(propvalue, mConfig.getString(propvalue, null));
         }
         ext = new GenericASN1Extension(h);
         return ext;
-    }        
-        
+    }
+
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         int idx = 0;
         Vector<String> params = new Vector<String>();
 
@@ -436,7 +433,7 @@ public class GenericASN1Ext extends APolicyRule implements
             params.addElement(PROP_NAME + "=" + mConfig.getString(PROP_NAME, null));
             params.addElement(PROP_OID + "=" + mConfig.getString(PROP_OID, null));
             params.addElement(PROP_PATTERN + "=" + mConfig.getString(PROP_PATTERN, null));
-		
+
             for (idx = 0; idx < MAX_ATTR; idx++) {
                 String proptype = PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE;
                 String propsource = PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE;
@@ -447,7 +444,8 @@ public class GenericASN1Ext extends APolicyRule implements
                 params.addElement(propvalue + "=" + mConfig.getString(propvalue, null));
             }
             params.addElement(PROP_PREDICATE + "=" + mConfig.getString(PROP_PREDICATE, null));
-        } catch (EBaseException e) {;
+        } catch (EBaseException e) {
+            ;
         }
 
         return params;
@@ -455,26 +453,25 @@ public class GenericASN1Ext extends APolicyRule implements
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         int idx = 0;
-        
+
         Vector<String> defParams = new Vector<String>();
 
         defParams.addElement(PROP_CRITICAL + "=false");
         defParams.addElement(PROP_NAME + "=");
         defParams.addElement(PROP_OID + "=");
         defParams.addElement(PROP_PATTERN + "=");
-		
+
         for (idx = 0; idx < MAX_ATTR; idx++) {
             defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE + "=");
             defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE + "=");
             defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_VALUE + "=");
         }
-        
+
         return defParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java
index 9524f689..4124b7be 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -41,23 +40,23 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Issuer Alt Name Extension policy.
  * 
- * This extension is used to associate Internet-style identities 
- * with the Certificate issuer. 
+ * This extension is used to associate Internet-style identities
+ * with the Certificate issuer.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class IssuerAltNameExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     public static final String PROP_CRITICAL = "critical";
 
     // PKIX specifies the that the extension SHOULD NOT be critical
@@ -69,15 +68,15 @@ public class IssuerAltNameExt extends APolicyRule
     static {
         defaultParams.addElement(PROP_CRITICAL + "=" + DEFAULT_CRITICALITY);
         CMS.getGeneralNamesConfigDefaultParams(null, true, defaultParams);
-	
+
         Vector<String> info = new Vector<String>();
 
         info.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: SHOULD NOT be marked critical.");
         info.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-issueraltname");
+                ";configuration-policyrules-issueraltname");
         info.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";This policy inserts the Issuer Alternative Name " +
-            "Extension into the certificate. See RFC 2459 (4.2.1.8). ");
+                ";This policy inserts the Issuer Alternative Name " +
+                "Extension into the certificate. See RFC 2459 (4.2.1.8). ");
 
         CMS.getGeneralNamesConfigExtendedPluginInfo(null, true, info);
 
@@ -102,10 +101,11 @@ public class IssuerAltNameExt extends APolicyRule
 
     /**
      * Initializes this policy rule.
-     * @param config    The config store reference
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         // get criticality
@@ -120,43 +120,43 @@ public class IssuerAltNameExt extends APolicyRule
 
         // form extension
         try {
-            if (mEnabled && 
-                mGNs.getGeneralNames() != null && !mGNs.getGeneralNames().isEmpty()) {
-                mExtension = 
+            if (mEnabled &&
+                    mGNs.getGeneralNames() != null && !mGNs.getGeneralNames().isEmpty()) {
+                mExtension =
                         new IssuerAlternativeNameExtension(
-                            Boolean.valueOf(mCritical), mGNs.getGeneralNames());
+                                Boolean.valueOf(mCritical), mGNs.getGeneralNames());
             }
         } catch (Exception e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
         }
 
         // init instance params
-        mParams.addElement(PROP_CRITICAL + "=" + mCritical); 
+        mParams.addElement(PROP_CRITICAL + "=" + mCritical);
         mGNs.getInstanceParams(mParams);
 
         return;
     }
 
     /**
-     * Adds a extension if none exists. 
-     *
-     * @param req   The request on which to apply policy.
+     * Adds a extension if none exists.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
-        if (mEnabled == false || mExtension == null) 
+        if (mEnabled == false || mExtension == null)
             return res;
 
-            // get cert info.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        // get cert info.
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         X509CertInfo certInfo = null;
 
         if (ci == null || (certInfo = ci[0]) == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -188,7 +188,7 @@ public class IssuerAltNameExt extends APolicyRule
             extensions = new CertificateExtensions();
             try {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             } catch (CertificateException e) {
                 // not possible
@@ -214,10 +214,10 @@ public class IssuerAltNameExt extends APolicyRule
         try {
             extensions.set(IssuerAlternativeNameExtension.class.getSimpleName(), mExtension);
         } catch (Exception e) {
-            if (e instanceof RuntimeException) 
+            if (e instanceof RuntimeException)
                 throw (RuntimeException) e;
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString()));
             setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR"), NAME);
             return PolicyResult.REJECTED;
         }
@@ -226,21 +226,21 @@ public class IssuerAltNameExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return Empty Vector since this policy has no configuration parameters.
-     * for this policy instance.
+     *         for this policy instance.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
-     * @return Empty Vector since this policy implementation has no 
-     * configuration parameters.
+     * 
+     * @return Empty Vector since this policy implementation has no
+     *         configuration parameters.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return defaultParams;
     }
 
@@ -249,4 +249,3 @@ public class IssuerAltNameExt extends APolicyRule
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java
index 4e9ef825..3f4e029a 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -44,25 +43,25 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Policy to add Key Usage Extension.
  * Adds the key usage extension based on what's requested.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class KeyUsageExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
 
     private final static String HTTP_INPUT = "HTTP_INPUT";
-    protected static final boolean[] DEF_BITS = 
-        new boolean[KeyUsageExtension.NBITS];
+    protected static final boolean[] DEF_BITS =
+            new boolean[KeyUsageExtension.NBITS];
     protected int mCAPathLen = -1;
     protected IConfigStore mConfig = null;
     protected static final String PROP_CRITICAL = "critical";
@@ -97,25 +96,23 @@ public class KeyUsageExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.implName=KeyUsageExt
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *		ca.Policy.rule.<ruleName>.
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.implName=KeyUsageExt ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         ICertAuthority certAuthority = (ICertAuthority)
-            ((IPolicyProcessor) owner).getAuthority();
+                ((IPolicyProcessor) owner).getAuthority();
 
         if (certAuthority == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
                         "Cannot find the Certificate Manager or Registration Manager"));
         }
 
@@ -146,29 +143,29 @@ public class KeyUsageExt extends APolicyRule
 
     /**
      * Adds the key usage extension if not set already.
-     * (CRMF, agent, authentication (currently) or PKCS#10 (future) 
-     *  or RA could have set the extension.)
-     * If not set, set from http input parameters or use default if 
+     * (CRMF, agent, authentication (currently) or PKCS#10 (future)
+     * or RA could have set the extension.)
+     * If not set, set from http input parameters or use default if
      * no http input parameters are set.
      * 
-     * Note: this allows any bits requested - does not check if user 
-     * authenticated is allowed to have a Key Usage Extension with 
-     * those bits. Unless the CA's certificate path length is 0, then 
+     * Note: this allows any bits requested - does not check if user
+     * authenticated is allowed to have a Key Usage Extension with
+     * those bits. Unless the CA's certificate path length is 0, then
      * we do not allow CA sign or CRL sign bits in any request.
      * 
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -184,7 +181,7 @@ public class KeyUsageExt extends APolicyRule
     public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
         try {
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
             KeyUsageExtension ext = null;
 
             if (extensions != null) {
@@ -203,11 +200,11 @@ public class KeyUsageExt extends APolicyRule
 
                         if ((bits.length > KeyUsageExtension.KEY_CERTSIGN_BIT &&
                                 bits[KeyUsageExtension.KEY_CERTSIGN_BIT] == true) ||
-                            (bits.length > KeyUsageExtension.CRL_SIGN_BIT && 
+                                (bits.length > KeyUsageExtension.CRL_SIGN_BIT &&
                                 bits[KeyUsageExtension.CRL_SIGN_BIT] == true)) {
-                            setError(req, 
-                                CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"), 
-                                NAME);
+                            setError(req,
+                                    CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"),
+                                    NAME);
                             return PolicyResult.REJECTED;
                         }
                     }
@@ -216,8 +213,8 @@ public class KeyUsageExt extends APolicyRule
             } else {
                 // create extensions set if none.
                 if (extensions == null) {
-                    certInfo.set(X509CertInfo.VERSION, 
-                        new CertificateVersion(CertificateVersion.V3));
+                    certInfo.set(X509CertInfo.VERSION,
+                            new CertificateVersion(CertificateVersion.V3));
                     extensions = new CertificateExtensions();
                     certInfo.set(X509CertInfo.EXTENSIONS, extensions);
                 }
@@ -225,41 +222,41 @@ public class KeyUsageExt extends APolicyRule
 
             boolean[] bits = new boolean[KeyUsageExtension.NBITS];
 
-            bits[KeyUsageExtension.DIGITAL_SIGNATURE_BIT] = getBit("digital_signature", 
-                        mDigitalSignature, req); 
-            bits[KeyUsageExtension.NON_REPUDIATION_BIT] = getBit("non_repudiation", 
+            bits[KeyUsageExtension.DIGITAL_SIGNATURE_BIT] = getBit("digital_signature",
+                        mDigitalSignature, req);
+            bits[KeyUsageExtension.NON_REPUDIATION_BIT] = getBit("non_repudiation",
                         mNonRepudiation, req);
-            bits[KeyUsageExtension.KEY_ENCIPHERMENT_BIT] = getBit("key_encipherment", 
+            bits[KeyUsageExtension.KEY_ENCIPHERMENT_BIT] = getBit("key_encipherment",
                         mKeyEncipherment, req);
-            bits[KeyUsageExtension.DATA_ENCIPHERMENT_BIT] = getBit("data_encipherment", 
+            bits[KeyUsageExtension.DATA_ENCIPHERMENT_BIT] = getBit("data_encipherment",
                         mDataEncipherment, req);
-            bits[KeyUsageExtension.KEY_AGREEMENT_BIT] = getBit("key_agreement", 
-                        mKeyAgreement, req); 
-            bits[KeyUsageExtension.KEY_CERTSIGN_BIT] = getBit("key_certsign", 
+            bits[KeyUsageExtension.KEY_AGREEMENT_BIT] = getBit("key_agreement",
+                        mKeyAgreement, req);
+            bits[KeyUsageExtension.KEY_CERTSIGN_BIT] = getBit("key_certsign",
                         mKeyCertsign, req);
             bits[KeyUsageExtension.CRL_SIGN_BIT] = getBit("crl_sign", mCrlSign, req);
             bits[KeyUsageExtension.ENCIPHER_ONLY_BIT] = getBit("encipher_only",
                         mEncipherOnly, req);
-            bits[KeyUsageExtension.DECIPHER_ONLY_BIT] = getBit("decipher_only",  
+            bits[KeyUsageExtension.DECIPHER_ONLY_BIT] = getBit("decipher_only",
                         mDecipherOnly, req);
-            
+
             // don't allow no bits set or the extension does not 
             // encode/decode properlly.
             boolean bitset = false;
 
             for (int i = 0; i < bits.length; i++) {
                 if (bits[i]) {
-                    bitset = true;   
+                    bitset = true;
                     break;
                 }
             }
             if (!bitset) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET", NAME)); 
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET", NAME));
                 setError(req, CMS.getUserMessage("CMS_POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET"),
-                    NAME); 
+                        NAME);
                 return PolicyResult.REJECTED;
             }
-  
+
             // create the extension.
             try {
                 mKeyUsage = new KeyUsageExtension(mCritical, bits);
@@ -269,23 +266,23 @@ public class KeyUsageExt extends APolicyRule
             return PolicyResult.ACCEPTED;
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, e.getMessage());
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, e.getMessage());
             return PolicyResult.REJECTED; // unrecoverable error.
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Certificate Info Error");
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED; // unrecoverable error.
         }
     }
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         params.addElement(PROP_CRITICAL + "=" + mCritical);
@@ -328,21 +325,21 @@ public class KeyUsageExt extends APolicyRule
                 PROP_ENCIPHER_ONLY + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
                 PROP_DECIPHER_ONLY + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-keyusage",
+                        ";configuration-policyrules-keyusage",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds Key Usage Extension; See in RFC 2459 (4.2.1.3)"
+                        ";Adds Key Usage Extension; See in RFC 2459 (4.2.1.3)"
 
-            };
+        };
 
         return params;
     }
-	
+
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefParams;
     }
 
@@ -355,4 +352,3 @@ public class KeyUsageExt extends APolicyRule
         return Boolean.valueOf(choice).booleanValue();
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java
index 019e3e08..e3cb7ddc 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.BufferedReader;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
@@ -45,21 +44,21 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Netscape comment
  * Adds Netscape comment policy
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class NSCCommentExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
 
     protected static final String PROP_USER_NOTICE_DISPLAY_TEXT = "displayText";
     protected static final String PROP_COMMENT_FILE = "commentFile";
@@ -68,17 +67,17 @@ public class NSCCommentExt extends APolicyRule
     protected static final String TEXT = "Text";
     protected static final String FILE = "File";
 
-    protected String  mUserNoticeDisplayText;
-    protected String  mCommentFile;
-    protected String  mInputType;
+    protected String mUserNoticeDisplayText;
+    protected String mCommentFile;
+    protected String mInputType;
     protected boolean mCritical;
     private Vector<String> mParams = new Vector<String>();
 
-    protected String  tempCommentFile;
+    protected String tempCommentFile;
     protected boolean certApplied = false;
 
     /**
-     * Adds the  Netscape comment in the end-entity certificates or
+     * Adds the Netscape comment in the end-entity certificates or
      * CA certificates. The policy is set to be non-critical with the
      * provided OID.
      */
@@ -91,16 +90,13 @@ public class NSCCommentExt extends APolicyRule
      * Initializes this policy rule.
      * <p>
      * The entries may be of the form:
-     *
-     *	  ca.Policy.rule.<ruleName>.implName=NSCCommentExtImpl
-     *	  ca.Policy.rule.<ruleName>.displayText=<n>
-     *	  ca.Policy.rule.<ruleName>.commentFile=<n>
-     *	  ca.Policy.rule.<ruleName>.enable=false
-     *
-     * @param config		The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.implName=NSCCommentExtImpl ca.Policy.rule.<ruleName>.displayText=<n> ca.Policy.rule.<ruleName>.commentFile=<n> ca.Policy.rule.<ruleName>.enable=false
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
 
         FileInputStream fileStream = null;
 
@@ -138,11 +134,11 @@ public class NSCCommentExt extends APolicyRule
 
             mParams.addElement(PROP_COMMENT_FILE + "=" + mCommentFile);
         } catch (FileNotFoundException e) {
-            Object[] params = {getInstanceName(), "File not found : " + tempCommentFile};
+            Object[] params = { getInstanceName(), "File not found : " + tempCommentFile };
 
             throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params);
         } catch (Exception e) {
-            Object[] params = {getInstanceName(), e.getMessage()};
+            Object[] params = { getInstanceName(), e.getMessage() };
 
             throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params);
         }
@@ -151,16 +147,16 @@ public class NSCCommentExt extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <p>
-     *
-     * @param req   The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
         // get cert info.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
@@ -191,8 +187,8 @@ public class NSCCommentExt extends APolicyRule
         if (extensions == null) {
             extensions = new CertificateExtensions();
             try {
-                certInfo.set(X509CertInfo.VERSION, 
-                    new CertificateVersion(CertificateVersion.V3));
+                certInfo.set(X509CertInfo.VERSION,
+                        new CertificateVersion(CertificateVersion.V3));
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             } catch (Exception e) {
             }
@@ -200,7 +196,7 @@ public class NSCCommentExt extends APolicyRule
             // remove any previously computed version of the extension
             try {
                 extensions.delete(NSCCommentExtension.class.getSimpleName());
-			
+
             } catch (IOException e) {
                 // this is the hack: for some reason, the key which is the name
                 // of the policy has been converted into the OID 
@@ -225,9 +221,9 @@ public class NSCCommentExt extends APolicyRule
                 fis.close();
             } catch (IOException e) {
                 setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, " Comment Text file not found : " + mCommentFile);
+                        NAME, " Comment Text file not found : " + mCommentFile);
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_COMMENT_FILE_NOT_FOUND", e.toString()));
+                        CMS.getLogMessage("POLICY_COMMENT_FILE_NOT_FOUND", e.toString()));
                 return PolicyResult.REJECTED;
 
             }
@@ -235,20 +231,20 @@ public class NSCCommentExt extends APolicyRule
         }
 
         certApplied = true;
-	
+
         DisplayText displayText =
-            new DisplayText(DisplayText.tag_IA5String, mUserNoticeDisplayText);
+                new DisplayText(DisplayText.tag_IA5String, mUserNoticeDisplayText);
 
         try {
-            NSCCommentExtension cpExt = 
-                new NSCCommentExtension(mCritical, mUserNoticeDisplayText);
+            NSCCommentExtension cpExt =
+                    new NSCCommentExtension(mCritical, mUserNoticeDisplayText);
 
             extensions.set(NSCCommentExtension.class.getSimpleName(), cpExt);
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME));
+                    CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME));
             setError(req,
-                CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
+                    CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
             return PolicyResult.REJECTED;
         }
         return PolicyResult.ACCEPTED;
@@ -258,16 +254,16 @@ public class NSCCommentExt extends APolicyRule
         String[] params = {
                 PROP_CRITICAL + ";boolean;Netscape recommendation: non-critical.",
                 PROP_INPUT_TYPE + ";choice(Text,File);Whether the comments " +
-                "would be entered in the displayText field or come from " +
-                "a file.",
+                        "would be entered in the displayText field or come from " +
+                        "a file.",
                 PROP_USER_NOTICE_DISPLAY_TEXT + ";string;The comment that may be " +
-                "displayed to the user when the certificate is viewed.",
+                        "displayed to the user when the certificate is viewed.",
                 PROP_COMMENT_FILE + ";string; If data source is 'File', specify " +
-                "the file name with full path.",
+                        "the file name with full path.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-nsccomment",
+                        ";configuration-policyrules-nsccomment",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds 'netscape comment' extension. See manual"
+                        ";Adds 'netscape comment' extension. See manual"
             };
 
         return params;
@@ -276,19 +272,19 @@ public class NSCCommentExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         Vector<String> defParams = new Vector<String>();
 
         defParams.addElement(PROP_CRITICAL + "=false");
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java
index 88c57d2e..a0db6c04 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -46,30 +45,30 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * NS Cert Type policy.
  * Adds the ns cert type extension depending on cert type requested.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class NSCertTypeExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_SET_DEFAULT_BITS = "setDefaultBits";
     protected static final boolean DEF_SET_DEFAULT_BITS = true;
-    protected static final String DEF_SET_DEFAULT_BITS_VAL = 
-        Boolean.valueOf(DEF_SET_DEFAULT_BITS).toString();
+    protected static final String DEF_SET_DEFAULT_BITS_VAL =
+            Boolean.valueOf(DEF_SET_DEFAULT_BITS).toString();
 
     protected static final int DEF_PATHLEN = -1;
 
-    protected static final boolean[] DEF_BITS = 
-        new boolean[NSCertTypeExtension.NBITS];
+    protected static final boolean[] DEF_BITS =
+            new boolean[NSCertTypeExtension.NBITS];
 
     // XXX for future use. currenlty always allow. 
     protected static final String PROP_AGENT_OVERR = "allowAgentOverride";
@@ -112,16 +111,15 @@ public class NSCertTypeExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=nsCertTypeExt
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=nsCertTypeExt ra.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         // XXX future use.
@@ -130,7 +128,7 @@ public class NSCertTypeExt extends APolicyRule
         mCritical = config.getBoolean(PROP_CRITICAL, false);
 
         ICertAuthority certAuthority = (ICertAuthority)
-            ((IPolicyProcessor) owner).getAuthority();
+                ((IPolicyProcessor) owner).getAuthority();
 
         if (certAuthority instanceof ICertificateAuthority) {
             CertificateChain caChain = certAuthority.getCACertChain();
@@ -141,7 +139,7 @@ public class NSCertTypeExt extends APolicyRule
             // CA reject if it does not allow any subordinate CA certs.
             if (caChain != null) {
                 caCert = caChain.getFirstCertificate();
-                if (caCert != null) 
+                if (caCert != null)
                     mCAPathLen = caCert.getBasicConstraints();
             }
         }
@@ -155,21 +153,21 @@ public class NSCertTypeExt extends APolicyRule
      * reads ns cert type choices from form. If no choices from form
      * will defaults to all.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         CMS.debug("NSCertTypeExt: Impl: " + NAME + ", Instance: " + getInstanceName() + "::apply()");
         PolicyResult res = PolicyResult.ACCEPTED;
 
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-		
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
         X509CertInfo certInfo = null;
 
         if (ci == null || (certInfo = ci[0]) == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -184,10 +182,10 @@ public class NSCertTypeExt extends APolicyRule
 
     public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
         try {
-            String certType = 
-                req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+            String certType =
+                    req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
             NSCertTypeExtension nsCertTypeExt = null;
 
             if (extensions != null) {
@@ -201,13 +199,13 @@ public class NSCertTypeExt extends APolicyRule
                 }
                 // XXX agent servlet currently sets this. it should be
                 // delayed to here.
-                if (nsCertTypeExt != null && 
-                    extensionIsGood(nsCertTypeExt, req)) {
+                if (nsCertTypeExt != null &&
+                        extensionIsGood(nsCertTypeExt, req)) {
                     CMS.debug(
-                        "NSCertTypeExt: already has correct ns cert type ext");
+                            "NSCertTypeExt: already has correct ns cert type ext");
                     return PolicyResult.ACCEPTED;
-                } else if ((nsCertTypeExt != null) && 
-                    (certType.equals("ocspResponder"))) {
+                } else if ((nsCertTypeExt != null) &&
+                        (certType.equals("ocspResponder"))) {
                     // Fix for #528732 : Always delete
                     // this extension from OCSP signing cert
                     extensions.delete(NSCertTypeExtension.class.getSimpleName());
@@ -216,12 +214,12 @@ public class NSCertTypeExt extends APolicyRule
             } else {
                 // create extensions set if none.
                 if (extensions == null) {
-                    certInfo.set(X509CertInfo.VERSION, 
-                        new CertificateVersion(CertificateVersion.V3));
+                    certInfo.set(X509CertInfo.VERSION,
+                            new CertificateVersion(CertificateVersion.V3));
                     extensions = new CertificateExtensions();
                     certInfo.set(X509CertInfo.EXTENSIONS, extensions);
                     CMS.debug(
-                        "NSCertTypeExt: Created extensions for adding ns cert type..");
+                            "NSCertTypeExt: Created extensions for adding ns cert type..");
                 }
             }
             // add ns cert type extension if not set or not set correctly.
@@ -230,12 +228,12 @@ public class NSCertTypeExt extends APolicyRule
             bits = getBitsFromRequest(req, mSetDefaultBits);
 
             // check if ca doesn't allow any subordinate ca 
-            if (mCAPathLen == 0 && bits != null) {   
-                if (bits[NSCertTypeExtension.SSL_CA_BIT] || 
-                    bits[NSCertTypeExtension.EMAIL_CA_BIT] || 
-                    bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT]) {
-                    setError(req, 
-                        CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"), NAME);
+            if (mCAPathLen == 0 && bits != null) {
+                if (bits[NSCertTypeExtension.SSL_CA_BIT] ||
+                        bits[NSCertTypeExtension.EMAIL_CA_BIT] ||
+                        bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT]) {
+                    setError(req,
+                            CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"), NAME);
                     return PolicyResult.REJECTED;
                 }
             }
@@ -249,11 +247,12 @@ public class NSCertTypeExt extends APolicyRule
             int j;
 
             for (j = 0; bits != null && j < bits.length; j++)
-                if (bits[j]) break;
+                if (bits[j])
+                    break;
             if (bits == null || j == bits.length) {
                 if (!mSetDefaultBits) {
                     CMS.debug(
-                        "NSCertTypeExt: no bits requested, not setting default.");
+                            "NSCertTypeExt: no bits requested, not setting default.");
                     return PolicyResult.ACCEPTED;
                 } else
                     bits = DEF_BITS;
@@ -264,26 +263,26 @@ public class NSCertTypeExt extends APolicyRule
             return PolicyResult.ACCEPTED;
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, e.getMessage());
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, e.getMessage());
             return PolicyResult.REJECTED; // unrecoverable error.
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
 
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Certificate Info Error");
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED; // unrecoverable error.
         }
     }
 
     /**
-     * check if ns cert type extension is set correctly, 
-     * correct bits if not. 
+     * check if ns cert type extension is set correctly,
+     * correct bits if not.
      * if not authorized to set extension, bits will be replaced.
      */
     protected boolean extensionIsGood(
-        NSCertTypeExtension nsCertTypeExt, IRequest req)
-        throws IOException, CertificateException {
+            NSCertTypeExtension nsCertTypeExt, IRequest req)
+            throws IOException, CertificateException {
         // always return false for now to make sure minimum is set.
         // agents and ee can add others.
 
@@ -295,7 +294,7 @@ public class NSCertTypeExt extends APolicyRule
             // don't know where this came from.
             // set all bits to false to reset.
             CMS.debug(
-                "NSCertTypeExt: unknown origin: setting ns cert type bits to false");
+                    "NSCertTypeExt: unknown origin: setting ns cert type bits to false");
             boolean[] bits = new boolean[8];
 
             for (int i = bits.length - 1; i >= 0; i--) {
@@ -316,36 +315,36 @@ public class NSCertTypeExt extends APolicyRule
             }
             if (certType.equals(IRequest.CA_CERT)) {
                 if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CA_BIT) &&
-                    !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_CA_BIT) &&
-                    !nsCertTypeExt.isSet(
-                        NSCertTypeExtension.OBJECT_SIGNING_CA_BIT)) {
+                        !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_CA_BIT) &&
+                        !nsCertTypeExt.isSet(
+                                NSCertTypeExtension.OBJECT_SIGNING_CA_BIT)) {
                     // min not set so set all.
                     CMS.debug(
-                        "NSCertTypeExt: is extension good: no ca bits set. set all");
+                            "NSCertTypeExt: is extension good: no ca bits set. set all");
 
-                    nsCertTypeExt.set(NSCertTypeExtension.SSL_CA, 
-                        Boolean.valueOf(true));
+                    nsCertTypeExt.set(NSCertTypeExtension.SSL_CA,
+                            Boolean.valueOf(true));
                     nsCertTypeExt.set(NSCertTypeExtension.EMAIL_CA,
-                        Boolean.valueOf(true));
+                            Boolean.valueOf(true));
                     nsCertTypeExt.set(NSCertTypeExtension.OBJECT_SIGNING_CA,
-                        Boolean.valueOf(true));
+                            Boolean.valueOf(true));
                 }
                 return true;
             } else if (certType.equals(IRequest.CLIENT_CERT)) {
                 if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CLIENT_BIT) &&
-                    !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_BIT) &&
-                    !nsCertTypeExt.isSet(NSCertTypeExtension.SSL_SERVER_BIT) &&
-                    !nsCertTypeExt.isSet(
-                        NSCertTypeExtension.OBJECT_SIGNING_BIT)) {
+                        !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_BIT) &&
+                        !nsCertTypeExt.isSet(NSCertTypeExtension.SSL_SERVER_BIT) &&
+                        !nsCertTypeExt.isSet(
+                                NSCertTypeExtension.OBJECT_SIGNING_BIT)) {
                     // min not set so set all.
                     CMS.debug(
-                        "NSCertTypeExt: is extension good: no cl bits set. set all");
-                    nsCertTypeExt.set(NSCertTypeExtension.SSL_CLIENT, 
-                        new Boolean(true));
+                            "NSCertTypeExt: is extension good: no cl bits set. set all");
+                    nsCertTypeExt.set(NSCertTypeExtension.SSL_CLIENT,
+                            new Boolean(true));
                     nsCertTypeExt.set(NSCertTypeExtension.EMAIL,
-                        new Boolean(true));
+                            new Boolean(true));
                     nsCertTypeExt.set(NSCertTypeExtension.OBJECT_SIGNING,
-                        new Boolean(true));
+                            new Boolean(true));
                 }
                 return true;
             } else if (certType.equals(IRequest.SERVER_CERT)) {
@@ -359,13 +358,13 @@ public class NSCertTypeExt extends APolicyRule
 
     /**
      * Gets ns cert type bits from request.
-     * If none set, use cert type to determine correct bits. 
-     * If no cert type, use default. 
-     */ 
+     * If none set, use cert type to determine correct bits.
+     * If no cert type, use default.
+     */
 
     protected boolean[] getBitsFromRequest(IRequest req, boolean setDefault) {
         boolean[] bits = null;
-		
+
         CMS.debug("NSCertTypeExt: ns cert type getting ns cert type vars");
         bits = getNSCertTypeBits(req);
         if (bits == null && setDefault) {
@@ -440,14 +439,14 @@ public class NSCertTypeExt extends APolicyRule
      */
     protected boolean[] getCertTypeBits(IRequest req) {
         String certType =
-            req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+                req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
 
-        if (certType == null || certType.length() == 0) 
+        if (certType == null || certType.length() == 0)
             return null;
 
         boolean[] bits = new boolean[KeyUsageExtension.NBITS];
 
-        for (int i = bits.length - 1; i >= 0; i--) 
+        for (int i = bits.length - 1; i >= 0; i--)
             bits[i] = false;
 
         if (certType.equals(IRequest.CLIENT_CERT)) {
@@ -477,7 +476,7 @@ public class NSCertTypeExt extends APolicyRule
     }
 
     /**
-     * merge bits with those set from form. 
+     * merge bits with those set from form.
      * make sure required minimum is set. Agent or auth can set others.
      * XXX form shouldn't set the extension
      */
@@ -492,10 +491,10 @@ public class NSCertTypeExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         params.addElement(PROP_CRITICAL + "=" + mCritical);
@@ -507,22 +506,22 @@ public class NSCertTypeExt extends APolicyRule
     private static Vector<String> mDefParams = new Vector<String>();
     static {
         mDefParams.addElement(
-            PROP_CRITICAL + "=false");
+                PROP_CRITICAL + "=false");
         mDefParams.addElement(
-            PROP_SET_DEFAULT_BITS + "=" + DEF_SET_DEFAULT_BITS);
+                PROP_SET_DEFAULT_BITS + "=" + DEF_SET_DEFAULT_BITS);
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
                 PROP_CRITICAL + ";boolean;Netscape recommendation: non-critical.",
                 PROP_SET_DEFAULT_BITS + ";boolean;Specify whether to set the Netscape certificate " +
-                "type extension with default bits ('ssl client' and 'email') in certificates " +
-                "specified by the predicate " +
-                "expression.",
+                        "type extension with default bits ('ssl client' and 'email') in certificates " +
+                        "specified by the predicate " +
+                        "expression.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-nscerttype",
+                        ";configuration-policyrules-nscerttype",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds Netscape Certificate Type extension."
+                        ";Adds Netscape Certificate Type extension."
             };
 
         return params;
@@ -530,11 +529,10 @@ public class NSCertTypeExt extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java
index 8b8001bb..4fd38077 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -43,22 +42,22 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Name Constraints Extension Policy
- * Adds the name constraints extension to a (CA) certificate. 
+ * Adds the name constraints extension to a (CA) certificate.
  * Filtering of CA certificates is done through predicates.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class NameConstraintsExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL = "critical";
     protected static final String PROP_NUM_PERMITTEDSUBTREES = "numPermittedSubtrees";
     protected static final String PROP_NUM_EXCLUDEDSUBTREES = "numExcludedSubtrees";
@@ -90,37 +89,35 @@ public class NameConstraintsExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.predicate=certType==ca
-     *      ca.Policy.rule.<ruleName>.implName=
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         // XXX should do do this ? 
         // if CA does not allow subordinate CAs by way of basic constraints, 
         // this policy always rejects 
         /*****
-         ICertAuthority certAuthority = (ICertAuthority)
-         ((IPolicyProcessor)owner).getAuthority();
-         if (certAuthority instanceof ICertificateAuthority) {
-         CertificateChain caChain = certAuthority.getCACertChain();
-         X509Certificate caCert = null;
-         // Note that in RA the chain could be null if CA was not up when
-         // RA was started. In that case just set the length to -1 and let
-         // CA reject if it does not allow any subordinate CA certs.
-         if (caChain != null) {
-         caCert = caChain.getFirstCertificate();
-         if (caCert != null) 
-         mCAPathLen = caCert.getBasicConstraints();
-         }
-         }
+         * ICertAuthority certAuthority = (ICertAuthority)
+         * ((IPolicyProcessor)owner).getAuthority();
+         * if (certAuthority instanceof ICertificateAuthority) {
+         * CertificateChain caChain = certAuthority.getCACertChain();
+         * X509Certificate caCert = null;
+         * // Note that in RA the chain could be null if CA was not up when
+         * // RA was started. In that case just set the length to -1 and let
+         * // CA reject if it does not allow any subordinate CA certs.
+         * if (caChain != null) {
+         * caCert = caChain.getFirstCertificate();
+         * if (caCert != null)
+         * mCAPathLen = caCert.getBasicConstraints();
+         * }
+         * }
          ****/
 
         mEnabled = mConfig.getBoolean(
@@ -133,25 +130,25 @@ public class NameConstraintsExt extends APolicyRule
 
         if (mNumPermittedSubtrees < 0) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                        PROP_NUM_PERMITTEDSUBTREES, 
+                        PROP_NUM_PERMITTEDSUBTREES,
                         "value must be greater than or equal to 0"));
         }
         if (mNumExcludedSubtrees < 0) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                        PROP_NUM_EXCLUDEDSUBTREES, 
+                        PROP_NUM_EXCLUDEDSUBTREES,
                         "value must be greater than or equal to 0"));
         }
 
         // init permitted subtrees if any.
         if (mNumPermittedSubtrees > 0) {
-            mPermittedSubtrees = 
+            mPermittedSubtrees =
                     form_subtrees(PROP_PERMITTEDSUBTREES, mNumPermittedSubtrees);
             CMS.debug("NameConstraintsExt: formed permitted subtrees");
         }
 
         // init excluded subtrees if any.
         if (mNumExcludedSubtrees > 0) {
-            mExcludedSubtrees = 
+            mExcludedSubtrees =
                     form_subtrees(PROP_EXCLUDEDSUBTREES, mNumExcludedSubtrees);
             CMS.debug("NameConstraintsExt: formed excluded subtrees");
         }
@@ -163,13 +160,13 @@ public class NameConstraintsExt extends APolicyRule
 
                 for (int i = 0; i < mNumPermittedSubtrees; i++) {
                     permittedSubtrees.addElement(
-                        mPermittedSubtrees[i].mGeneralSubtree);
+                            mPermittedSubtrees[i].mGeneralSubtree);
                 }
                 Vector<GeneralSubtree> excludedSubtrees = new Vector<GeneralSubtree>();
 
                 for (int j = 0; j < mNumExcludedSubtrees; j++) {
                     excludedSubtrees.addElement(
-                        mExcludedSubtrees[j].mGeneralSubtree);
+                            mExcludedSubtrees[j].mGeneralSubtree);
                 }
                 GeneralSubtrees psb = null;
 
@@ -181,44 +178,44 @@ public class NameConstraintsExt extends APolicyRule
                 if (excludedSubtrees.size() > 0) {
                     esb = new GeneralSubtrees(excludedSubtrees);
                 }
-                mNameConstraintsExtension = 
-                        new NameConstraintsExtension(mCritical, 
-                            psb,
-                            esb);
+                mNameConstraintsExtension =
+                        new NameConstraintsExtension(mCritical,
+                                psb,
+                                esb);
                 CMS.debug("NameConstraintsExt: formed Name Constraints Extension " +
-                    mNameConstraintsExtension);
+                        mNameConstraintsExtension);
             } catch (IOException e) {
                 throw new EBaseException(
                         CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                            "Error initializing Name Constraints Extension: " + e));
+                                "Error initializing Name Constraints Extension: " + e));
             }
         }
 
         // form instance params 
         mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
         mInstanceParams.addElement(
-            PROP_NUM_PERMITTEDSUBTREES + "=" + mNumPermittedSubtrees);
+                PROP_NUM_PERMITTEDSUBTREES + "=" + mNumPermittedSubtrees);
         mInstanceParams.addElement(
-            PROP_NUM_EXCLUDEDSUBTREES + "=" + mNumExcludedSubtrees);
+                PROP_NUM_EXCLUDEDSUBTREES + "=" + mNumExcludedSubtrees);
         if (mNumPermittedSubtrees > 0) {
-            for (int i = 0; i < mPermittedSubtrees.length; i++) 
+            for (int i = 0; i < mPermittedSubtrees.length; i++)
                 mPermittedSubtrees[i].getInstanceParams(mInstanceParams);
         }
         if (mNumExcludedSubtrees > 0) {
-            for (int j = 0; j < mExcludedSubtrees.length; j++) 
+            for (int j = 0; j < mExcludedSubtrees.length; j++)
                 mExcludedSubtrees[j].getInstanceParams(mInstanceParams);
         }
     }
 
-    Subtree[] form_subtrees(String subtreesName, int numSubtrees) 
-        throws EBaseException {
+    Subtree[] form_subtrees(String subtreesName, int numSubtrees)
+            throws EBaseException {
         Subtree[] subtrees = new Subtree[numSubtrees];
 
         for (int i = 0; i < numSubtrees; i++) {
             String subtreeName = subtreesName + i;
             IConfigStore subtreeConfig = mConfig.getSubStore(subtreeName);
-            Subtree subtree = 
-                new Subtree(subtreeName, subtreeConfig, mEnabled);
+            Subtree subtree =
+                    new Subtree(subtreeName, subtreeConfig, mEnabled);
 
             subtrees[i] = subtree;
         }
@@ -228,10 +225,10 @@ public class NameConstraintsExt extends APolicyRule
     /**
      * Adds Name Constraints Extension to a (CA) certificate.
      * 
-     * If a Name constraints Extension is already there, accept it if 
+     * If a Name constraints Extension is already there, accept it if
      * it's been approved by agent, else replace it.
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -244,12 +241,12 @@ public class NameConstraintsExt extends APolicyRule
         }
 
         // get certInfo from request.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; 
+            return PolicyResult.REJECTED;
         }
 
         for (int i = 0; i < ci.length; i++) {
@@ -269,7 +266,7 @@ public class NameConstraintsExt extends APolicyRule
         try {
             NameConstraintsExtension nameConstraintsExt = null;
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             try {
                 if (extensions != null) {
@@ -283,65 +280,65 @@ public class NameConstraintsExt extends APolicyRule
             if (nameConstraintsExt != null) {
                 if (agentApproved(req)) {
                     CMS.debug(
-                        "NameConstraintsExt: request id from agent " + req.getRequestId() +
-                        " already has name constraints - accepted");
+                            "NameConstraintsExt: request id from agent " + req.getRequestId() +
+                                    " already has name constraints - accepted");
                     return PolicyResult.ACCEPTED;
                 } else {
                     CMS.debug(
-                        "NameConstraintsExt: request id " + req.getRequestId() + " from user " +
-                        " already has name constraints - deleted");
+                            "NameConstraintsExt: request id " + req.getRequestId() + " from user " +
+                                    " already has name constraints - deleted");
                     extensions.delete(NameConstraintsExtension.class.getSimpleName());
                 }
             }
 
             if (extensions == null) {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             }
             extensions.set(
-                NameConstraintsExtension.class.getSimpleName(), mNameConstraintsExtension);
+                    NameConstraintsExtension.class.getSimpleName(), mNameConstraintsExtension);
             CMS.debug(
-                "NameConstraintsExt: added Name Constraints Extension to request " +
-                req.getRequestId());
+                    "NameConstraintsExt: added Name Constraints Extension to request " +
+                            req.getRequestId());
             return PolicyResult.ACCEPTED;
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_NAME_CONST_EXTENSION", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, e.getMessage());
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_NAME_CONST_EXTENSION", e.getMessage()));
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, e.getMessage());
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Certificate Info Error");
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED;
         }
     }
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mInstanceParams;
     }
 
     /**
-     * Default config parameters. 
-     * To add more permitted or excluded subtrees, 
-     * increase the num to greater than 0 and more configuration params 
+     * Default config parameters.
+     * To add more permitted or excluded subtrees,
+     * increase the num to greater than 0 and more configuration params
      * will show up in the console.
      */
     private static Vector<String> mDefParams = new Vector<String>();
     static {
         mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
         mDefParams.addElement(
-            PROP_NUM_PERMITTEDSUBTREES + "=" + DEF_NUM_PERMITTEDSUBTREES);
+                PROP_NUM_PERMITTEDSUBTREES + "=" + DEF_NUM_PERMITTEDSUBTREES);
         mDefParams.addElement(
-            PROP_NUM_EXCLUDEDSUBTREES + "=" + DEF_NUM_EXCLUDEDSUBTREES);
+                PROP_NUM_EXCLUDEDSUBTREES + "=" + DEF_NUM_EXCLUDEDSUBTREES);
         for (int k = 0; k < DEF_NUM_PERMITTEDSUBTREES; k++) {
             Subtree.getDefaultParams(PROP_PERMITTEDSUBTREES + k, mDefParams);
         }
@@ -352,10 +349,10 @@ public class NameConstraintsExt extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefParams;
     }
 
@@ -364,9 +361,9 @@ public class NameConstraintsExt extends APolicyRule
 
         theparams.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST be critical.");
         theparams.addElement(
-            PROP_NUM_PERMITTEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11");
+                PROP_NUM_PERMITTEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11");
         theparams.addElement(
-            PROP_NUM_EXCLUDEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11");
+                PROP_NUM_EXCLUDEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11");
 
         // now do the subtrees.
         for (int k = 0; k < DEF_NUM_PERMITTEDSUBTREES; k++) {
@@ -376,9 +373,9 @@ public class NameConstraintsExt extends APolicyRule
             Subtree.getExtendedPluginInfo(PROP_EXCLUDEDSUBTREES + l, theparams);
         }
         theparams.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-nameconstraints");
+                ";configuration-policyrules-nameconstraints");
         theparams.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Adds Name Constraints Extension. See RFC 2459");
+                ";Adds Name Constraints Extension. See RFC 2459");
 
         String[] info = new String[theparams.size()];
 
@@ -387,9 +384,8 @@ public class NameConstraintsExt extends APolicyRule
     }
 }
 
-
 /**
- * subtree configuration 
+ * subtree configuration
  */
 class Subtree {
 
@@ -400,8 +396,7 @@ class Subtree {
     protected static final int DEF_MIN = 0;
     protected static final int DEF_MAX = -1; // -1 (less than 0) means not set.
 
-    protected static final String 
-        MINMAX_INFO = "number;See RFC 2459 section 4.2.1.11";
+    protected static final String MINMAX_INFO = "number;See RFC 2459 section 4.2.1.11";
 
     String mName = null;
     IConfigStore mConfig = null;
@@ -414,13 +409,13 @@ class Subtree {
     String mNameDotMax = null;
 
     public Subtree(
-        String subtreeName, IConfigStore config, boolean policyEnabled) 
-        throws EBaseException {
+            String subtreeName, IConfigStore config, boolean policyEnabled)
+            throws EBaseException {
         mName = subtreeName;
         mConfig = config;
 
         if (mName != null) {
-            mNameDot = mName + "."; 
+            mNameDot = mName + ".";
             mNameDotMin = mNameDot + PROP_MIN;
             mNameDotMax = mNameDot + PROP_MAX;
         } else {
@@ -439,13 +434,14 @@ class Subtree {
         // if policy enabled get values to form the general subtree.
         mMin = mConfig.getInteger(PROP_MIN, DEF_MIN);
         mMax = mConfig.getInteger(PROP_MAX, DEF_MAX);
-        if (mMax < -1) mMax = -1;
+        if (mMax < -1)
+            mMax = -1;
         mBase = CMS.createGeneralNameAsConstraintsConfig(
-                    mNameDot + PROP_BASE, mConfig.getSubStore(PROP_BASE), 
+                    mNameDot + PROP_BASE, mConfig.getSubStore(PROP_BASE),
                     true, policyEnabled);
 
         if (policyEnabled) {
-            mGeneralSubtree = 
+            mGeneralSubtree =
                     new GeneralSubtree(mBase.getGeneralName(), mMin, mMax);
         }
     }
@@ -476,4 +472,3 @@ class Subtree {
         info.addElement(nameDot + PROP_MAX + ";" + MINMAX_INFO);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java
index 9e36ae80..6056eb1b 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -39,25 +38,25 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * This implements an OCSP Signing policy, it
  * adds the OCSP Signing extension to the certificate.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$ $Date$
  */
 public class OCSPNoCheckExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
-    
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
+
     public static final String PROP_CRITICAL = "critical";
     private boolean mCritical = false;
-    
+
     // PKIX specifies the that the extension SHOULD NOT be critical
     public static final boolean DEFAULT_CRITICALITY = false;
 
@@ -75,9 +74,9 @@ public class OCSPNoCheckExt extends APolicyRule
         String[] params = {
                 PROP_CRITICAL + ";boolean;RFC 2560 recommendation: SHOULD be non-critical.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-ocspnocheck",
+                        ";configuration-policyrules-ocspnocheck",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds OCSP signing extension to certificate"
+                        ";Adds OCSP signing extension to certificate"
             };
 
         return params;
@@ -88,9 +87,9 @@ public class OCSPNoCheckExt extends APolicyRule
      * Performs one-time initialization of the policy.
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mOCSPNoCheck = new OCSPNoCheckExtension();
-    
+
         if (mOCSPNoCheck != null) {
             // configure the extension itself
             mCritical = config.getBoolean(PROP_CRITICAL,
@@ -110,7 +109,7 @@ public class OCSPNoCheckExt extends APolicyRule
         }
 
         X509CertInfo[] ci =
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
@@ -131,15 +130,15 @@ public class OCSPNoCheckExt extends APolicyRule
 
             // find the extensions in the certInfo
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             // prepare the extensions data structure
             if (extensions == null) {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             } else {
                 try {
@@ -157,16 +156,16 @@ public class OCSPNoCheckExt extends APolicyRule
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                e.getMessage());
+                    e.getMessage());
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                e.getMessage());
+                    e.getMessage());
             return PolicyResult.REJECTED;
         }
     }
-    
+
     /**
      * Returns instance parameters.
      */
@@ -175,9 +174,9 @@ public class OCSPNoCheckExt extends APolicyRule
 
         params.addElement(PROP_CRITICAL + "=" + mCritical);
         return params;
-        
+
     }
-    
+
     /**
      * Returns default parameters.
      */
@@ -186,6 +185,6 @@ public class OCSPNoCheckExt extends APolicyRule
 
         defParams.addElement(PROP_CRITICAL + "=false");
         return defParams;
-        
+
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java
index 849036c7..cc44c2f1 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -40,31 +39,29 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Policy Constraints Extension Policy
- * Adds the policy constraints extension to (CA) certificates. 
+ * Adds the policy constraints extension to (CA) certificates.
  * Filtering of CA certificates is done through predicates.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class PolicyConstraintsExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL = "critical";
-    protected static final String 
-        PROP_REQ_EXPLICIT_POLICY = "reqExplicitPolicy";
-    protected static final String 
-        PROP_INHIBIT_POLICY_MAPPING = "inhibitPolicyMapping";
+    protected static final String PROP_REQ_EXPLICIT_POLICY = "reqExplicitPolicy";
+    protected static final String PROP_INHIBIT_POLICY_MAPPING = "inhibitPolicyMapping";
 
     protected static final boolean DEF_CRITICAL = false;
-    protected static final int DEF_REQ_EXPLICIT_POLICY = -1; 	// not set
-    protected static final int DEF_INHIBIT_POLICY_MAPPING = -1;	// not set
+    protected static final int DEF_REQ_EXPLICIT_POLICY = -1; // not set
+    protected static final int DEF_INHIBIT_POLICY_MAPPING = -1; // not set
 
     protected boolean mEnabled = false;
     protected IConfigStore mConfig = null;
@@ -80,9 +77,9 @@ public class PolicyConstraintsExt extends APolicyRule
     static {
         mDefaultParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
         mDefaultParams.addElement(
-            PROP_REQ_EXPLICIT_POLICY + "=" + DEF_REQ_EXPLICIT_POLICY);
+                PROP_REQ_EXPLICIT_POLICY + "=" + DEF_REQ_EXPLICIT_POLICY);
         mDefaultParams.addElement(
-            PROP_INHIBIT_POLICY_MAPPING + "=" + DEF_INHIBIT_POLICY_MAPPING);
+                PROP_INHIBIT_POLICY_MAPPING + "=" + DEF_INHIBIT_POLICY_MAPPING);
     }
 
     public PolicyConstraintsExt() {
@@ -93,37 +90,35 @@ public class PolicyConstraintsExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.predicate=certType==ca
-     *      ca.Policy.rule.<ruleName>.implName=
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         // XXX should do do this ? 
         // if CA does not allow subordinate CAs by way of basic constraints, 
         // this policy always rejects 
         /*****
-         ICertAuthority certAuthority = (ICertAuthority)
-         ((GenericPolicyProcessor)owner).mAuthority;
-         if (certAuthority instanceof ICertificateAuthority) {
-         CertificateChain caChain = certAuthority.getCACertChain();
-         X509Certificate caCert = null;
-         // Note that in RA the chain could be null if CA was not up when
-         // RA was started. In that case just set the length to -1 and let
-         // CA reject if it does not allow any subordinate CA certs.
-         if (caChain != null) {
-         caCert = caChain.getFirstCertificate();
-         if (caCert != null) 
-         mCAPathLen = caCert.getBasicConstraints();
-         }
-         }
+         * ICertAuthority certAuthority = (ICertAuthority)
+         * ((GenericPolicyProcessor)owner).mAuthority;
+         * if (certAuthority instanceof ICertificateAuthority) {
+         * CertificateChain caChain = certAuthority.getCACertChain();
+         * X509Certificate caCert = null;
+         * // Note that in RA the chain could be null if CA was not up when
+         * // RA was started. In that case just set the length to -1 and let
+         * // CA reject if it does not allow any subordinate CA certs.
+         * if (caChain != null) {
+         * caCert = caChain.getFirstCertificate();
+         * if (caCert != null)
+         * mCAPathLen = caCert.getBasicConstraints();
+         * }
+         * }
          ****/
 
         mEnabled = mConfig.getBoolean(
@@ -135,42 +130,42 @@ public class PolicyConstraintsExt extends APolicyRule
         mInhibitPolicyMapping = mConfig.getInteger(
                     PROP_INHIBIT_POLICY_MAPPING, DEF_INHIBIT_POLICY_MAPPING);
 
-        if (mReqExplicitPolicy < -1) 
+        if (mReqExplicitPolicy < -1)
             mReqExplicitPolicy = -1;
-        if (mInhibitPolicyMapping < -1) 
+        if (mInhibitPolicyMapping < -1)
             mInhibitPolicyMapping = -1;
-		
-            // create instance of policy constraings extension 
+
+        // create instance of policy constraings extension 
         try {
-            mPolicyConstraintsExtension = 
-                    new PolicyConstraintsExtension(mCritical, 
-                        mReqExplicitPolicy, mInhibitPolicyMapping);
+            mPolicyConstraintsExtension =
+                    new PolicyConstraintsExtension(mCritical,
+                            mReqExplicitPolicy, mInhibitPolicyMapping);
             CMS.debug(
-                "PolicyConstraintsExt: Created Policy Constraints Extension: " +
-                mPolicyConstraintsExtension);
+                    "PolicyConstraintsExt: Created Policy Constraints Extension: " +
+                            mPolicyConstraintsExtension);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("POLICY_ERROR_CANT_INIT_POLICY_CONST_EXT", e.toString()));
+                    CMS.getLogMessage("POLICY_ERROR_CANT_INIT_POLICY_CONST_EXT", e.toString()));
             throw new EBaseException(
                     CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                        "Could not init Policy Constraints Extension. Error: " + e));
+                            "Could not init Policy Constraints Extension. Error: " + e));
         }
 
         // form instance params 
         mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
         mInstanceParams.addElement(
-            PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy);
+                PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy);
         mInstanceParams.addElement(
-            PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping);
+                PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping);
     }
 
     /**
      * Adds Policy Constraints Extension to a (CA) certificate.
      * 
-     * If a Policy constraints Extension is already there, accept it if 
+     * If a Policy constraints Extension is already there, accept it if
      * it's been approved by agent, else replace it.
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -181,12 +176,12 @@ public class PolicyConstraintsExt extends APolicyRule
         }
 
         // get certInfo from request.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; 
+            return PolicyResult.REJECTED;
         }
 
         for (int i = 0; i < ci.length; i++) {
@@ -206,7 +201,7 @@ public class PolicyConstraintsExt extends APolicyRule
         try {
             PolicyConstraintsExtension policyConstraintsExt = null;
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             try {
                 if (extensions != null) {
@@ -227,55 +222,55 @@ public class PolicyConstraintsExt extends APolicyRule
 
             if (extensions == null) {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             }
             extensions.set(
-                "PolicyConstriantsExt", mPolicyConstraintsExtension);
+                    "PolicyConstriantsExt", mPolicyConstraintsExtension);
             CMS.debug("PolicyConstraintsExt: added our policy constraints extension");
             return PolicyResult.ACCEPTED;
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_CANT_PROCESS_POLICY_CONST_EXT", e.toString()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, e.getMessage());
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_CANT_PROCESS_POLICY_CONST_EXT", e.toString()));
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, e.getMessage());
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Certificate Info Error");
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED;
         }
     }
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mInstanceParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefaultParams;
     }
 
     /**
-     * gets plugin info for pretty console edit displays. 
+     * gets plugin info for pretty console edit displays.
      */
     public String[] getExtendedPluginInfo(Locale locale) {
         mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
         mInstanceParams.addElement(
-            PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy);
+                PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy);
         mInstanceParams.addElement(
-            PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping);
+                PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping);
 
         String[] params = {
                 PROP_CRITICAL + ";boolean;RFC 2459 recommendation: may be critical or non-critical.",
@@ -287,4 +282,3 @@ public class PolicyConstraintsExt extends APolicyRule
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java
index 1d901d57..681656ea 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -43,22 +42,22 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Policy Mappings Extension Policy
- * Adds the Policy Mappings extension to a (CA) certificate. 
+ * Adds the Policy Mappings extension to a (CA) certificate.
  * Filtering of CA certificates is done through predicates.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class PolicyMappingsExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL = "critical";
     protected static final String PROP_NUM_POLICYMAPPINGS = "numPolicyMappings";
 
@@ -85,37 +84,35 @@ public class PolicyMappingsExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.predicate=certType==ca
-     *      ca.Policy.rule.<ruleName>.implName=
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.predicate=certType==ca ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         // XXX should do do this ? 
         // if CA does not allow subordinate CAs by way of basic constraints, 
         // this policy always rejects 
         /*****
-         ICertAuthority certAuthority = (ICertAuthority)
-         ((IPolicyProcessor)owner).getAuthority();
-         if (certAuthority instanceof ICertificateAuthority) {
-         CertificateChain caChain = certAuthority.getCACertChain();
-         X509Certificate caCert = null;
-         // Note that in RA the chain could be null if CA was not up when
-         // RA was started. In that case just set the length to -1 and let
-         // CA reject if it does not allow any subordinate CA certs.
-         if (caChain != null) {
-         caCert = caChain.getFirstCertificate();
-         if (caCert != null) 
-         mCAPathLen = caCert.getBasicConstraints();
-         }
-         }
+         * ICertAuthority certAuthority = (ICertAuthority)
+         * ((IPolicyProcessor)owner).getAuthority();
+         * if (certAuthority instanceof ICertificateAuthority) {
+         * CertificateChain caChain = certAuthority.getCACertChain();
+         * X509Certificate caCert = null;
+         * // Note that in RA the chain could be null if CA was not up when
+         * // RA was started. In that case just set the length to -1 and let
+         * // CA reject if it does not allow any subordinate CA certs.
+         * if (caChain != null) {
+         * caCert = caChain.getFirstCertificate();
+         * if (caCert != null)
+         * mCAPathLen = caCert.getBasicConstraints();
+         * }
+         * }
          ****/
 
         mEnabled = mConfig.getBoolean(
@@ -140,7 +137,7 @@ public class PolicyMappingsExt extends APolicyRule
                 mPolicyMaps[i] = new PolicyMap(subtreeName, mConfig, mEnabled);
             } catch (EBaseException e) {
                 log(ILogger.LL_FAILURE, NAME + ": " +
-                    CMS.getLogMessage("POLICY_ERROR_CREATE_MAP", e.toString()));
+                        CMS.getLogMessage("POLICY_ERROR_CREATE_MAP", e.toString()));
                 throw e;
             }
         }
@@ -152,21 +149,21 @@ public class PolicyMappingsExt extends APolicyRule
 
                 for (int j = 0; j < mNumPolicyMappings; j++) {
                     certPolicyMaps.addElement(
-                        mPolicyMaps[j].mCertificatePolicyMap);
+                            mPolicyMaps[j].mCertificatePolicyMap);
                 }
-                mPolicyMappingsExtension = 
+                mPolicyMappingsExtension =
                         new PolicyMappingsExtension(mCritical, certPolicyMaps);
             } catch (IOException e) {
                 throw new EBaseException(
                         CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                            "Error initializing " + NAME + " Error: " + e));
+                                "Error initializing " + NAME + " Error: " + e));
             }
         }
 
         // form instance params 
         mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
         mInstanceParams.addElement(
-            PROP_NUM_POLICYMAPPINGS + "=" + mNumPolicyMappings);
+                PROP_NUM_POLICYMAPPINGS + "=" + mNumPolicyMappings);
         for (int i = 0; i < mNumPolicyMappings; i++) {
             mPolicyMaps[i].getInstanceParams(mInstanceParams);
         }
@@ -175,10 +172,10 @@ public class PolicyMappingsExt extends APolicyRule
     /**
      * Adds policy mappings Extension to a (CA) certificate.
      * 
-     * If a policy mappings Extension is already there, accept it if 
+     * If a policy mappings Extension is already there, accept it if
      * it's been approved by agent, else replace it.
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -191,12 +188,12 @@ public class PolicyMappingsExt extends APolicyRule
         }
 
         // get certInfo from request.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-		
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; 
+            return PolicyResult.REJECTED;
         }
 
         for (int i = 0; i < ci.length; i++) {
@@ -215,7 +212,7 @@ public class PolicyMappingsExt extends APolicyRule
         try {
             PolicyMappingsExtension policyMappingsExt = null;
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             try {
                 if (extensions != null) {
@@ -236,87 +233,87 @@ public class PolicyMappingsExt extends APolicyRule
 
             if (extensions == null) {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             }
             extensions.set(
-                PolicyMappingsExtension.class.getSimpleName(), mPolicyMappingsExtension);
+                    PolicyMappingsExtension.class.getSimpleName(), mPolicyMappingsExtension);
             return PolicyResult.ACCEPTED;
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_PROCESS_POLICYMAP_EXT", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, e.getMessage());
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_PROCESS_POLICYMAP_EXT", e.getMessage()));
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, e.getMessage());
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
 
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Certificate Info Error");
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED;
         }
     }
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mInstanceParams;
     }
 
     /**
-     * Default config parameters. 
-     * To add more permitted or excluded subtrees, 
-     * increase the num to greater than 0 and more configuration params 
+     * Default config parameters.
+     * To add more permitted or excluded subtrees,
+     * increase the num to greater than 0 and more configuration params
      * will show up in the console.
      */
     private static Vector<String> mDefParams = new Vector<String>();
     static {
         mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
         mDefParams.addElement(
-            PROP_NUM_POLICYMAPPINGS + "=" + DEF_NUM_POLICYMAPPINGS);
+                PROP_NUM_POLICYMAPPINGS + "=" + DEF_NUM_POLICYMAPPINGS);
         String policyMap0Dot = PROP_POLICYMAP + "0.";
 
         mDefParams.addElement(
-            policyMap0Dot + PolicyMap.PROP_ISSUER_DOMAIN_POLICY + "=" + "");
+                policyMap0Dot + PolicyMap.PROP_ISSUER_DOMAIN_POLICY + "=" + "");
         mDefParams.addElement(
-            policyMap0Dot + PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + "=" + "");
+                policyMap0Dot + PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + "=" + "");
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefParams;
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
         Vector<String> theparams = new Vector<String>();
-		
+
         theparams.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST be non-critical.");
         theparams.addElement(PROP_NUM_POLICYMAPPINGS + ";number; Number of policy mappings. The value must be greater than or equal to 1");
 
-        String policyInfo = 
-            ";string;An object identifier in the form n.n.n.n";
+        String policyInfo =
+                ";string;An object identifier in the form n.n.n.n";
 
         for (int k = 0; k < 5; k++) {
             String policyMapkDot = PROP_POLICYMAP + k + ".";
 
             theparams.addElement(policyMapkDot +
-                PolicyMap.PROP_ISSUER_DOMAIN_POLICY + policyInfo);
+                    PolicyMap.PROP_ISSUER_DOMAIN_POLICY + policyInfo);
             theparams.addElement(policyMapkDot +
-                PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + policyInfo);
+                    PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + policyInfo);
         }
 
         theparams.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-policymappings");
+                ";configuration-policyrules-policymappings");
         theparams.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Adds Policy Mappings Extension. See RFC 2459 (4.2.1.6)");
+                ";Adds Policy Mappings Extension. See RFC 2459 (4.2.1.6)");
 
         String[] params = new String[theparams.size()];
 
@@ -325,7 +322,6 @@ public class PolicyMappingsExt extends APolicyRule
     }
 }
 
-
 class PolicyMap {
 
     protected static String PROP_ISSUER_DOMAIN_POLICY = "issuerDomainPolicy";
@@ -340,47 +336,48 @@ class PolicyMap {
 
     /**
      * forms policy map parameters.
+     * 
      * @param name name of this policy map, for example policyMap0
      * @param config parent's config from where we find this configuration.
      * @param enabled whether policy was enabled.
      */
-    protected PolicyMap(String name, IConfigStore config, boolean enabled) 
-        throws EBaseException {
+    protected PolicyMap(String name, IConfigStore config, boolean enabled)
+            throws EBaseException {
         mName = name;
         mConfig = config.getSubStore(mName);
         mNameDot = mName + ".";
 
-        if( mConfig == null ) {
-            CMS.debug( "PolicyMappingsExt::PolicyMap - mConfig is null!" );
+        if (mConfig == null) {
+            CMS.debug("PolicyMappingsExt::PolicyMap - mConfig is null!");
             return;
         }
 
         // if there's no configuration for this map put it there.
         if (mConfig.size() == 0) {
-            config.putString(mNameDot + PROP_ISSUER_DOMAIN_POLICY, ""); 
-            config.putString(mNameDot + PROP_SUBJECT_DOMAIN_POLICY, ""); 
+            config.putString(mNameDot + PROP_ISSUER_DOMAIN_POLICY, "");
+            config.putString(mNameDot + PROP_SUBJECT_DOMAIN_POLICY, "");
             mConfig = config.getSubStore(mName);
             if (mConfig == null || mConfig.size() == 0) {
-	            CMS.debug( "PolicyMappingsExt::PolicyMap - mConfig " +
-                           "is null or empty!" );
+                CMS.debug("PolicyMappingsExt::PolicyMap - mConfig " +
+                           "is null or empty!");
                 return;
             }
         }
 
         // get policy ids from configuration.
-        mIssuerDomainPolicy = 
+        mIssuerDomainPolicy =
                 mConfig.getString(PROP_ISSUER_DOMAIN_POLICY, null);
-        mSubjectDomainPolicy = 
+        mSubjectDomainPolicy =
                 mConfig.getString(PROP_SUBJECT_DOMAIN_POLICY, null);
 
         // adjust for "" and console returning "null"
-        if (mIssuerDomainPolicy != null && 
-            (mIssuerDomainPolicy.length() == 0 || 
+        if (mIssuerDomainPolicy != null &&
+                (mIssuerDomainPolicy.length() == 0 ||
                 mIssuerDomainPolicy.equals("null"))) {
             mIssuerDomainPolicy = null;
         }
-        if (mSubjectDomainPolicy != null && 
-            (mSubjectDomainPolicy.length() == 0 || 
+        if (mSubjectDomainPolicy != null &&
+                (mSubjectDomainPolicy.length() == 0 ||
                 mSubjectDomainPolicy.equals("null"))) {
             mSubjectDomainPolicy = null;
         }
@@ -388,26 +385,26 @@ class PolicyMap {
         // policy ids cannot be null if policy is enabled.
         String msg = "value cannot be null.";
 
-        if (mIssuerDomainPolicy == null && enabled) 
+        if (mIssuerDomainPolicy == null && enabled)
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
                         mNameDot + PROP_ISSUER_DOMAIN_POLICY, msg));
-        if (mSubjectDomainPolicy == null && enabled) 
+        if (mSubjectDomainPolicy == null && enabled)
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
                         mNameDot + PROP_SUBJECT_DOMAIN_POLICY, msg));
 
-            // if a policy id is not null check that it is a valid OID.
+        // if a policy id is not null check that it is a valid OID.
         ObjectIdentifier issuerPolicyId = null;
         ObjectIdentifier subjectPolicyId = null;
 
-        if (mIssuerDomainPolicy != null) 
+        if (mIssuerDomainPolicy != null)
             issuerPolicyId = CMS.checkOID(
                         mNameDot + PROP_ISSUER_DOMAIN_POLICY, mIssuerDomainPolicy);
-        if (mSubjectDomainPolicy != null) 
+        if (mSubjectDomainPolicy != null)
             subjectPolicyId = CMS.checkOID(
                         mNameDot + PROP_SUBJECT_DOMAIN_POLICY, mSubjectDomainPolicy);
-		
-            // if enabled, form CertificatePolicyMap to be encoded in extension.
-            // policy ids should be all set.
+
+        // if enabled, form CertificatePolicyMap to be encoded in extension.
+        // policy ids should be all set.
         if (enabled) {
             mCertificatePolicyMap = new CertificatePolicyMap(
                         new CertificatePolicyId(issuerPolicyId),
@@ -417,12 +414,11 @@ class PolicyMap {
 
     protected void getInstanceParams(Vector<String> instanceParams) {
         instanceParams.addElement(
-            mNameDot + PROP_ISSUER_DOMAIN_POLICY + "=" + (mIssuerDomainPolicy == null ? "" :
-                mIssuerDomainPolicy));
+                mNameDot + PROP_ISSUER_DOMAIN_POLICY + "=" + (mIssuerDomainPolicy == null ? "" :
+                        mIssuerDomainPolicy));
         instanceParams.addElement(
-            mNameDot + PROP_SUBJECT_DOMAIN_POLICY + "=" + (mSubjectDomainPolicy == null ? "" :
-                mSubjectDomainPolicy));
+                mNameDot + PROP_SUBJECT_DOMAIN_POLICY + "=" + (mSubjectDomainPolicy == null ? "" :
+                        mSubjectDomainPolicy));
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java
index 125555c4..e13a7a84 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.util.Locale;
 import java.util.Vector;
 
@@ -32,11 +31,12 @@ import com.netscape.cms.policy.APolicyRule;
 /**
  * Checks extension presence.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -77,7 +77,7 @@ public class PresenceExt extends APolicyRule {
     }
 
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         mCritical = config.getBoolean(PROP_IS_CRITICAL, false);
@@ -102,14 +102,14 @@ public class PresenceExt extends APolicyRule {
          mTelephoneNumber, mRFC822Name, mID,
          mHostName, mPortNumber, mMaxUsers, mServiceLevel);
          */
-	
+
         return res;
     }
 
-    public Vector<String> getInstanceParams() { 
-        Vector<String> params = new Vector<String>(); 
+    public Vector<String> getInstanceParams() {
+        Vector<String> params = new Vector<String>();
 
-        params.addElement(PROP_IS_CRITICAL + "=" + mCritical); 
+        params.addElement(PROP_IS_CRITICAL + "=" + mCritical);
         params.addElement(PROP_OID + "=" + mOID);
         params.addElement(PROP_VERSION + "=" + mVersion);
         params.addElement(PROP_STREET_ADDRESS + "=" + mStreetAddress);
@@ -137,21 +137,21 @@ public class PresenceExt extends APolicyRule {
                 PROP_MAX_USERS + ";string; max users",
                 PROP_SERVICE_LEVEL + ";string; service level",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-presenceext",
+                        ";configuration-policyrules-presenceext",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds Presence Server Extension;"
+                        ";Adds Presence Server Extension;"
 
-            };
+        };
 
         return params;
     }
-	
+
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefParams;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java
index 8b3ab40c..60c0dfbc 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.text.SimpleDateFormat;
@@ -42,20 +41,20 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * PrivateKeyUsagePeriod Identifier Extension policy.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class PrivateKeyUsagePeriodExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
 
     private final static String PROP_NOT_BEFORE = "notBefore";
     private final static String PROP_NOT_AFTER = "notAfter";
@@ -94,16 +93,16 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
                 PROP_IS_CRITICAL + ";boolean;RFC 2459 recommendation: The profile " +
-                "recommends against the use of this extension. CAs " +
-                "conforming to the profile MUST NOT generate certs with " +
-                "critical private key usage period extensions.",
+                        "recommends against the use of this extension. CAs " +
+                        "conforming to the profile MUST NOT generate certs with " +
+                        "critical private key usage period extensions.",
                 PROP_NOT_BEFORE + ";string; Date before which the Private Key is invalid.",
                 PROP_NOT_AFTER + ";string; Date after which the Private Key is invalid.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-privatekeyusageperiod",
+                        ";configuration-policyrules-privatekeyusageperiod",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds (deprecated) Private Key Usage Period Extension. " +
-                "Defined in RFC 2459 (4.2.1.4)"
+                        ";Adds (deprecated) Private Key Usage Period Extension. " +
+                        "Defined in RFC 2459 (4.2.1.4)"
             };
 
         return params;
@@ -119,17 +118,17 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
 
     /**
      * Initializes this policy rule.
-     *	  ra.Policy.rule.<ruleName>.implName=PrivateKeyUsageExtension
-     *	  ra.Policy.rule.<ruleName>.enable=true
-     *	  ra.Policy.rule.<ruleName>.notBefore=30
-     *	  ra.Policy.rule.<ruleName>.notAfter=180
-     *	  ra.Policy.rule.<ruleName>.critical=false
-     *	  ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config	The config store reference
+     * ra.Policy.rule.<ruleName>.implName=PrivateKeyUsageExtension
+     * ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.notBefore=30
+     * ra.Policy.rule.<ruleName>.notAfter=180
+     * ra.Policy.rule.<ruleName>.critical=false
+     * ra.Policy.rule.<ruleName>.predicate=ou==Sales
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
 
         try {
             // Get params.
@@ -145,7 +144,7 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
             notAfter = formatter.format(formatter.parse(mNotAfter.trim()));
         } catch (Exception e) {
             // e.printStackTrace();
-            Object[] params = {getInstanceName(), e};
+            Object[] params = { getInstanceName(), e };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params);
@@ -154,20 +153,20 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
     }
 
     /**
-     * Adds a private key usage extension if none exists. 
-     *
-     * @param req	The request on which to apply policy.
+     * Adds a private key usage extension if none exists.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
         // get cert info.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-		
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
         if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -201,7 +200,7 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
             // remove any previously computed version of the extension
             try {
                 extensions.delete(PrivateKeyUsageExtension.class.getSimpleName());
-	   
+
             } catch (IOException e) {
             }
 
@@ -209,16 +208,16 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
 
         try {
             ext = new PrivateKeyUsageExtension(
-                        formatter.parse(mNotBefore), 
+                        formatter.parse(mNotBefore),
                         formatter.parse(mNotAfter));
             certInfo.set(X509CertInfo.VERSION,
-                new CertificateVersion(CertificateVersion.V3));
+                    new CertificateVersion(CertificateVersion.V3));
             extensions.set(PrivateKeyUsageExtension.class.getSimpleName(), ext);
         } catch (Exception e) {
-            if (e instanceof RuntimeException) 
+            if (e instanceof RuntimeException)
                 throw (RuntimeException) e;
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_CREATE_PRIVATE_KEY_EXT", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_CREATE_PRIVATE_KEY_EXT", e.toString()));
             setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR"), NAME);
             return PolicyResult.REJECTED;
         }
@@ -227,11 +226,11 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return Empty Vector since this policy has no configuration parameters.
-     * for this policy instance.
+     *         for this policy instance.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         params.addElement(PROP_IS_CRITICAL + "=" + mCritical);
@@ -242,11 +241,11 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
-     * @return Empty Vector since this policy implementation has no 
-     * configuration parameters.
+     * 
+     * @return Empty Vector since this policy implementation has no
+     *         configuration parameters.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         Vector<String> defParams = new Vector<String>();
 
         defParams.addElement(PROP_IS_CRITICAL + "=" + DEFAULT_CRITICALITY);
@@ -255,4 +254,3 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
         return defParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java
index 396afc97..29285f0b 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -37,55 +36,55 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Remove Basic Constraints policy.
  * Adds the Basic constraints extension.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class RemoveBasicConstraintsExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     public RemoveBasicConstraintsExt() {
         NAME = "RemoveBasicConstraintsExt";
         DESC = "Remove Basic Constraints extension";
     }
 
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
     }
 
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
         // get cert info.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         X509CertInfo certInfo = null;
 
         if (ci == null || (certInfo = ci[0]) == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
         for (int i = 0; i < ci.length; i++) {
             PolicyResult certResult = applyCert(req, certInfo);
 
-            if (certResult == PolicyResult.REJECTED) 
+            if (certResult == PolicyResult.REJECTED)
                 return certResult;
         }
         return PolicyResult.ACCEPTED;
     }
 
     public PolicyResult applyCert(
-        IRequest req, X509CertInfo certInfo) {
+            IRequest req, X509CertInfo certInfo) {
         // get basic constraints extension from cert info if any.
         CertificateExtensions extensions = null;
 
@@ -110,10 +109,10 @@ public class RemoveBasicConstraintsExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         return params;
@@ -121,10 +120,10 @@ public class RemoveBasicConstraintsExt extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         Vector<String> defParams = new Vector<String>();
 
         return defParams;
@@ -133,13 +132,12 @@ public class RemoveBasicConstraintsExt extends APolicyRule
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-removebasicconstraints",
+                        ";configuration-policyrules-removebasicconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Removes the Basic Constraints extension."
+                        ";Removes the Basic Constraints extension."
             };
 
         return params;
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java
index aab88ff3..0b8fb305 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -42,43 +41,36 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * 
- * THIS POLICY HAS BEEN DEPRECATED SINCE CMS 4.2. 
- * New Policy is com.netscape.certsrv.policy.SubjectAltNameExt. 
+ * THIS POLICY HAS BEEN DEPRECATED SINCE CMS 4.2.
+ * New Policy is com.netscape.certsrv.policy.SubjectAltNameExt.
  * <p>
  * 
  * Subject Alternative Name extension policy in CMS 4.1.
- *
- * Adds the subject alternative name extension depending on the
- * certificate type requested.
- *
- * Two forms are supported.  1) For S/MIME certificates, email
- * addresses are copied from data stored in the request by the
- * authentication component.  Both 'e' and 'altEmail' are supported
- * so that both the primary address and alternative forms may be
- * certified.  Only the primary goes in the subjectName position (which
- * should be phased out).
- *
- * e
- * mailAlternateAddress
+ * 
+ * Adds the subject alternative name extension depending on the certificate type requested.
+ * 
+ * Two forms are supported. 1) For S/MIME certificates, email addresses are copied from data stored in the request by the authentication component. Both 'e' and 'altEmail' are supported so that both the primary address and alternative forms may be certified. Only the primary goes in the subjectName position (which should be phased out).
+ * 
+ * e mailAlternateAddress
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class SubjAltNameExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     // for future use. currently always allow. 
     protected static final String PROP_AGENT_OVERR = "allowAgentOverride";
     protected static final String PROP_EE_OVERR = "AllowEEOverride";
     protected static final String PROP_ENABLE_MANUAL_VALUES =
-        "enableManualValues";
+            "enableManualValues";
 
     // for future use. currently always non-critical 
     // (standard says SHOULD be marked critical if included.) 
@@ -103,15 +95,15 @@ public class SubjAltNameExt extends APolicyRule
         String[] params = {
                 PROP_CRITICAL + ";boolean;RFC 2459 recommendation: If the certificate subject field contains an empty sequence, the subjectAltName extension MUST be marked critical.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-subjaltname",
+                        ";configuration-policyrules-subjaltname",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This policy inserts the Subject Alternative Name " +
-                "Extension into the certificate. See RFC 2459 (4.2.1.7). " +
-                "* Note: you probably want to use this policy in " +
-                "conjunction with an authentication manager which sets " +
-                "the 'mail' or 'mailalternateaddress' values in the authToken. " +
-                "See the 'ldapStringAttrs' parameter in the Directory-based " +
-                "authentication plugin"
+                        ";This policy inserts the Subject Alternative Name " +
+                        "Extension into the certificate. See RFC 2459 (4.2.1.7). " +
+                        "* Note: you probably want to use this policy in " +
+                        "conjunction with an authentication manager which sets " +
+                        "the 'mail' or 'mailalternateaddress' values in the authToken. " +
+                        "See the 'ldapStringAttrs' parameter in the Directory-based " +
+                        "authentication plugin"
             };
 
         return params;
@@ -121,16 +113,15 @@ public class SubjAltNameExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=SubjAltNameExt
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=SubjAltNameExt ra.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         // future use.
         mAllowAgentOverride = config.getBoolean(PROP_AGENT_OVERR, false);
         mAllowEEOverride = config.getBoolean(PROP_EE_OVERR, false);
@@ -140,21 +131,21 @@ public class SubjAltNameExt extends APolicyRule
 
     /**
      * Adds the subject alternative names extension if not set already.
-     *
+     * 
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
         // Find the X509CertInfo object in the request
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
 
             return PolicyResult.REJECTED; // unrecoverable error.
         }
@@ -174,12 +165,11 @@ public class SubjAltNameExt extends APolicyRule
         //
         // General error handling block
         //
-        apply:
-        try {
+        apply: try {
 
             // Find the extensions in the certInfo
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             if (extensions != null) {
                 //
@@ -199,11 +189,11 @@ public class SubjAltNameExt extends APolicyRule
             // non-client certs, and implement client certs directly here.
             //
             String certType =
-                req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+                    req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
 
             if (certType == null ||
-                !certType.equals(IRequest.CLIENT_CERT) ||
-                !req.getExtDataInBoolean(IRequest.SMIME, false)) {
+                    !certType.equals(IRequest.CLIENT_CERT) ||
+                    !req.getExtDataInBoolean(IRequest.SMIME, false)) {
                 break apply;
             }
 
@@ -212,30 +202,32 @@ public class SubjAltNameExt extends APolicyRule
 
             IAuthToken tok = findAuthToken(req, null);
 
-            if (tok == null) break apply;
+            if (tok == null)
+                break apply;
 
             Vector<String> emails = getEmailList(tok);
 
-            if (emails == null) break apply;
+            if (emails == null)
+                break apply;
 
-                // Create the extension
+            // Create the extension
             SubjectAlternativeNameExtension subjAltNameExt = mkExt(emails);
 
             if (extensions == null)
                 extensions = createCertificateExtensions(certInfo);
 
             extensions.set(SubjectAlternativeNameExtension.class.getSimpleName(),
-                subjAltNameExt);
+                    subjAltNameExt);
 
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); 
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, e.getMessage());
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, e.getMessage());
             return PolicyResult.REJECTED; // unrecoverable error.
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Certificate Info Error");
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -247,7 +239,7 @@ public class SubjAltNameExt extends APolicyRule
      * If the token is not present return null
      */
     protected IAuthToken
-    findAuthToken(IRequest req, String authMgrName) {
+            findAuthToken(IRequest req, String authMgrName) {
 
         return req.getExtDataInAuthToken(IRequest.AUTH_TOKEN);
     }
@@ -257,14 +249,15 @@ public class SubjAltNameExt extends APolicyRule
      * found in this Authentication token
      */
     protected Vector /* of String */<String>
-    getEmailList(IAuthToken tok) {
+            getEmailList(IAuthToken tok) {
 
         Vector<String> v = new Vector<String>();
 
         addValues(tok, "mail", v);
         addValues(tok, "mailalternateaddress", v);
 
-        if (v.size() == 0) return null;
+        if (v.size() == 0)
+            return null;
 
         return v;
     }
@@ -273,10 +266,11 @@ public class SubjAltNameExt extends APolicyRule
      * Add attribute values from an LDAP attribute to a vector
      */
     protected void
-    addValues(IAuthToken tok, String attrName, Vector<String> v) {
+            addValues(IAuthToken tok, String attrName, Vector<String> v) {
         String attr[] = tok.getInStringArray(attrName);
 
-        if (attr == null) return;
+        if (attr == null)
+            return;
 
         for (int i = 0; i < attr.length; i++) {
             v.addElement(attr[i]);
@@ -287,8 +281,8 @@ public class SubjAltNameExt extends APolicyRule
      * Make a Subject name extension given a list of email addresses
      */
     protected SubjectAlternativeNameExtension
-    mkExt(Vector<String> emails)
-        throws IOException {
+            mkExt(Vector<String> emails)
+                    throws IOException {
         SubjectAlternativeNameExtension sa;
         GeneralNames gns = new GeneralNames();
 
@@ -306,17 +300,17 @@ public class SubjAltNameExt extends APolicyRule
     /**
      * Create a new SET of extensions in the certificate info
      * object.
-     *
+     * 
      * This should be a method in the X509CertInfo object
      */
-    protected CertificateExtensions 
-    createCertificateExtensions(X509CertInfo certInfo)
-        throws IOException, CertificateException {
+    protected CertificateExtensions
+            createCertificateExtensions(X509CertInfo certInfo)
+                    throws IOException, CertificateException {
         CertificateExtensions extensions;
 
         // Force version to V3
-        certInfo.set(X509CertInfo.VERSION, 
-            new CertificateVersion(CertificateVersion.V3));
+        certInfo.set(X509CertInfo.VERSION,
+                new CertificateVersion(CertificateVersion.V3));
 
         extensions = new CertificateExtensions();
         certInfo.set(X509CertInfo.EXTENSIONS, extensions);
@@ -326,10 +320,10 @@ public class SubjAltNameExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         //params.addElement("PROP_AGENT_OVERR = " + mAllowAgentOverride);
@@ -342,11 +336,11 @@ public class SubjAltNameExt extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String>  getDefaultParams() { 
-        Vector<String>  defParams = new Vector<String> ();
+    public Vector<String> getDefaultParams() {
+        Vector<String> defParams = new Vector<String>();
 
         //defParams.addElement("PROP_AGENT_OVERR = " + DEF_AGENT_OVERR);
         //defParams.addElement("PROP_EE_OVERR = " + DEF_EE_OVERR);
@@ -356,4 +350,3 @@ public class SubjAltNameExt extends APolicyRule
         return defParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java
index b9bc6059..0268da41 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Enumeration;
@@ -45,32 +44,32 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Subject Alternative Name extension policy.
- *
+ * 
  * Adds the subject alternative name extension as configured.
- *
- * Two forms are supported.  1) For S/MIME certificates, email
+ * 
+ * Two forms are supported. 1) For S/MIME certificates, email
  * addresses are copied from data stored in the request by the
- * authentication component.  Both 'e' and 'altEmail' are supported
+ * authentication component. Both 'e' and 'altEmail' are supported
  * so that both the primary address and alternative forms may be
- * certified.  Only the primary goes in the subjectName position (which
+ * certified. Only the primary goes in the subjectName position (which
  * should be phased out).
- *
+ * 
  * e
  * mailAlternateAddress
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class SubjectAltNameExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     // (standard says SHOULD be marked critical if included.) 
     protected static final String PROP_CRITICAL = "critical";
     protected static final boolean DEF_CRITICAL = false;
@@ -89,11 +88,11 @@ public class SubjectAltNameExt extends APolicyRule
         // default params.
         mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
         mDefParams.addElement(
-            IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" + 
-            IGeneralNameUtil.DEF_NUM_GENERALNAMES);
+                IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" +
+                        IGeneralNameUtil.DEF_NUM_GENERALNAMES);
         for (int i = 0; i < IGeneralNameUtil.DEF_NUM_GENERALNAMES; i++) {
             CMS.getSubjAltNameConfigDefaultParams(
-                IGeneralNameUtil.PROP_GENERALNAME + i, mDefParams);
+                    IGeneralNameUtil.PROP_GENERALNAME + i, mDefParams);
         }
     }
 
@@ -107,16 +106,15 @@ public class SubjectAltNameExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=SubjectAltNameExt
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=SubjectAltNameExt ra.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         // get criticality
@@ -127,11 +125,11 @@ public class SubjectAltNameExt extends APolicyRule
                     IPolicyProcessor.PROP_ENABLE, false);
 
         // get general names configuration.
-        mNumGNs = mConfig.getInteger(IGeneralNameUtil.PROP_NUM_GENERALNAMES); 
+        mNumGNs = mConfig.getInteger(IGeneralNameUtil.PROP_NUM_GENERALNAMES);
         if (mNumGNs <= 0) {
             throw new EBaseException(
-                    CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", 
-                        IGeneralNameUtil.PROP_NUM_GENERALNAMES));
+                    CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER",
+                            IGeneralNameUtil.PROP_NUM_GENERALNAMES));
         }
         mGNs = new ISubjAltNameConfig[mNumGNs];
         for (int i = 0; i < mNumGNs; i++) {
@@ -144,7 +142,7 @@ public class SubjectAltNameExt extends APolicyRule
         // init instance params.
         mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
         mInstanceParams.addElement(
-            IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" + mNumGNs);
+                IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" + mNumGNs);
         for (int j = 0; j < mGNs.length; j++) {
             mGNs[j].getInstanceParams(mInstanceParams);
         }
@@ -152,21 +150,21 @@ public class SubjectAltNameExt extends APolicyRule
 
     /**
      * Adds the subject alternative names extension if not set already.
-     *
+     * 
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
         // Find the X509CertInfo object in the request
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
 
             return PolicyResult.REJECTED; // unrecoverable error.
         }
@@ -186,7 +184,7 @@ public class SubjectAltNameExt extends APolicyRule
         try {
             // Find the extensions in the certInfo
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             // Remove any previously computed version of the extension
             // unless it is from RA. If from RA, accept what RA put in 
@@ -194,7 +192,7 @@ public class SubjectAltNameExt extends APolicyRule
             if (extensions != null) {
                 String sourceId = req.getSourceId();
 
-                if (sourceId != null && sourceId.length() > 0) 
+                if (sourceId != null && sourceId.length() > 0)
                     return res; // accepted
                 try {
                     extensions.delete(SubjectAlternativeNameExtension.class.getSimpleName());
@@ -223,8 +221,8 @@ public class SubjectAltNameExt extends APolicyRule
             }
 
             // nothing was found in request to put into extension
-            if (gns.size() == 0) 
-                return res;	// accepted
+            if (gns.size() == 0)
+                return res; // accepted
 
             String subject = certInfo.get(X509CertInfo.SUBJECT).toString();
 
@@ -233,10 +231,9 @@ public class SubjectAltNameExt extends APolicyRule
             if (subject.equals("")) {
                 curCritical = true;
             }
-            
+
             // make the extension 
-            SubjectAlternativeNameExtension 
-                sa = new SubjectAlternativeNameExtension(curCritical, gns);
+            SubjectAlternativeNameExtension sa = new SubjectAlternativeNameExtension(curCritical, gns);
 
             // add it to certInfo.
             if (extensions == null)
@@ -248,19 +245,19 @@ public class SubjectAltNameExt extends APolicyRule
 
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, e.getMessage());
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, e.getMessage());
             return PolicyResult.REJECTED; // unrecoverable error.
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Certificate Info Error");
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED; // unrecoverable error.
         } catch (Exception e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("BASE_INTERNAL_ERROR_1", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Internal Error");
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("BASE_INTERNAL_ERROR_1", e.getMessage()));
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Internal Error");
             return PolicyResult.REJECTED; // unrecoverable error.
         }
     }
@@ -268,17 +265,17 @@ public class SubjectAltNameExt extends APolicyRule
     /**
      * Create a new SET of extensions in the certificate info
      * object.
-     *
+     * 
      * This should be a method in the X509CertInfo object
      */
-    protected CertificateExtensions 
-    createCertificateExtensions(X509CertInfo certInfo)
-        throws IOException, CertificateException {
+    protected CertificateExtensions
+            createCertificateExtensions(X509CertInfo certInfo)
+                    throws IOException, CertificateException {
         CertificateExtensions extensions;
 
         // Force version to V3
-        certInfo.set(X509CertInfo.VERSION, 
-            new CertificateVersion(CertificateVersion.V3));
+        certInfo.set(X509CertInfo.VERSION,
+                new CertificateVersion(CertificateVersion.V3));
 
         extensions = new CertificateExtensions();
         certInfo.set(X509CertInfo.EXTENSIONS, extensions);
@@ -288,19 +285,19 @@ public class SubjectAltNameExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mInstanceParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefParams;
     }
 
@@ -313,22 +310,21 @@ public class SubjectAltNameExt extends APolicyRule
         info.addElement(IGeneralNameUtil.PROP_NUM_GENERALNAMES_INFO);
         for (int i = 0; i < IGeneralNameUtil.DEF_NUM_GENERALNAMES; i++) {
             CMS.getSubjAltNameConfigExtendedPluginInfo(
-                IGeneralNameUtil.PROP_GENERALNAME + i, info);
+                    IGeneralNameUtil.PROP_GENERALNAME + i, info);
         }
         info.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-subjaltname");
+                ";configuration-policyrules-subjaltname");
         info.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";This policy inserts the Subject Alternative Name " +
-            "Extension into the certificate. See RFC 2459 (4.2.1.7). " +
-            "* Note: you probably want to use this policy in " +
-            "conjunction with an authentication manager which sets " +
-            "the 'mail' or 'mailalternateaddress' values in the authToken. " +
-            "See the 'ldapStringAttrs' parameter in the Directory-based " +
-            "authentication plugin");
+                ";This policy inserts the Subject Alternative Name " +
+                "Extension into the certificate. See RFC 2459 (4.2.1.7). " +
+                "* Note: you probably want to use this policy in " +
+                "conjunction with an authentication manager which sets " +
+                "the 'mail' or 'mailalternateaddress' values in the authToken. " +
+                "See the 'ldapStringAttrs' parameter in the Directory-based " +
+                "authentication plugin");
         mExtendedPluginInfo = new String[info.size()];
         info.copyInto(mExtendedPluginInfo);
         return mExtendedPluginInfo;
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java
index 34821fab..69e6f8e5 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Enumeration;
@@ -45,20 +44,20 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Policy to add the subject directory attributes extension.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
-public class SubjectDirectoryAttributesExt extends APolicyRule 
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class SubjectDirectoryAttributesExt extends APolicyRule
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL = "critical";
     protected static final String PROP_ATTRIBUTE = "attribute";
     protected static final String PROP_NUM_ATTRIBUTES = "numAttributes";
@@ -75,7 +74,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
     protected SubjectDirAttributesExtension mExt = null;
 
     protected Vector<String> mParams = new Vector<String>();
-    private String[] mEPI = null;  			// extended plugin info
+    private String[] mEPI = null; // extended plugin info
     protected static Vector<String> mDefParams = new Vector<String>();
 
     static {
@@ -85,16 +84,16 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
     public SubjectDirectoryAttributesExt() {
         NAME = "SubjectDirectoryAttributesExtPolicy";
         DESC = "Sets Subject Directory Attributes Extension in certificates.";
-        setExtendedPluginInfo();  
+        setExtendedPluginInfo();
     }
 
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         boolean enabled = config.getBoolean("enabled", false);
 
         mConfig = config;
 
-        mCritical = mConfig.getBoolean(PROP_CRITICAL, false);        
+        mCritical = mConfig.getBoolean(PROP_CRITICAL, false);
         mNumAttributes = mConfig.getInteger(PROP_NUM_ATTRIBUTES, DEF_NUM_ATTRIBUTES);
         if (mNumAttributes < 1) {
             EBaseException ex = new EBaseException(
@@ -110,14 +109,14 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
 
             mAttributes[i] = new AttributeConfig(name, c, enabled);
         }
-        if (enabled) { 
+        if (enabled) {
             try {
                 mExt = formExt(null);
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE, NAME + " Error: " + e.getMessage());
-                throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", 
+                throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
                             "Error forming Subject Directory Attributes Extension. " +
-                            "See log file for details."));
+                                    "See log file for details."));
             }
         }
         setInstanceParams();
@@ -126,7 +125,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
         X509CertInfo[] ci =
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
@@ -136,7 +135,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
         for (int i = 0; i < ci.length; i++) {
             PolicyResult r = applyCert(req, ci[i]);
 
-            if (r == PolicyResult.REJECTED) 
+            if (r == PolicyResult.REJECTED)
                 return r;
         }
         return PolicyResult.ACCEPTED;
@@ -153,7 +152,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
             if (extensions == null) {
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             } else {
                 try {
@@ -173,7 +172,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
             } else {
                 SubjectDirAttributesExtension ext = formExt(req);
 
-                if (ext != null) 
+                if (ext != null)
                     extensions.set(SubjectDirAttributesExtension.class.getSimpleName(), formExt(req));
             }
             return PolicyResult.ACCEPTED;
@@ -181,17 +180,16 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                NAME, "Certificate Info Error");
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED; // unrecoverable error.
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); 
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                NAME, "IOException Error");
+                    NAME, "IOException Error");
             return PolicyResult.REJECTED;
-        } 
+        }
     }
 
-
     public Vector<String> getInstanceParams() {
         return mParams; // inited in init()
     }
@@ -201,12 +199,12 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
-        return mEPI;  // inited in the constructor.
+        return mEPI; // inited in the constructor.
     }
 
     private void setInstanceParams() {
-        mParams.addElement(PROP_CRITICAL + "=" + mCritical); 
-        mParams.addElement(PROP_NUM_ATTRIBUTES + "=" + mNumAttributes); 
+        mParams.addElement(PROP_CRITICAL + "=" + mCritical);
+        mParams.addElement(PROP_NUM_ATTRIBUTES + "=" + mNumAttributes);
         for (int i = 0; i < mNumAttributes; i++) {
             mAttributes[i].getInstanceParams(mParams);
         }
@@ -217,8 +215,8 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
     }
 
     private static void setDefaultParams() {
-        mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL); 
-        mDefParams.addElement(PROP_NUM_ATTRIBUTES + "=" + DEF_NUM_ATTRIBUTES); 
+        mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
+        mDefParams.addElement(PROP_NUM_ATTRIBUTES + "=" + DEF_NUM_ATTRIBUTES);
         for (int i = 0; i < DEF_NUM_ATTRIBUTES; i++) {
             AttributeConfig.getDefaultParams(PROP_ATTRIBUTE + i, mDefParams);
         }
@@ -228,32 +226,31 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
         Vector<String> v = new Vector<String>();
 
         v.addElement(PROP_CRITICAL + ";boolean;" +
-            "RFC 2459 recommendation: MUST be non-critical.");
+                "RFC 2459 recommendation: MUST be non-critical.");
         v.addElement(PROP_NUM_ATTRIBUTES + ";number;" +
-            "Number of Attributes in the extension.");
+                "Number of Attributes in the extension.");
 
         for (int i = 0; i < MAX_NUM_ATTRIBUTES; i++) {
             AttributeConfig.getExtendedPluginInfo(PROP_ATTRIBUTE + i, v);
         }
 
         v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-subjectdirectoryattributes");
+                ";configuration-policyrules-subjectdirectoryattributes");
         v.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Adds Subject Directory Attributes extension. See RFC 2459 (4.2.1.9). It's not recommended as an essential part of the profile, but may be used in local environments.");
+                ";Adds Subject Directory Attributes extension. See RFC 2459 (4.2.1.9). It's not recommended as an essential part of the profile, but may be used in local environments.");
 
         mEPI = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
     }
 
-    private SubjectDirAttributesExtension formExt(IRequest req) 
-        throws IOException {
+    private SubjectDirAttributesExtension formExt(IRequest req)
+            throws IOException {
         Vector<Attribute> attrs = new Vector<Attribute>();
 
         // if we're called from init and one attribute is from request attribute
         // the ext can't be formed yet.
         if (req == null) {
             for (int i = 0; i < mNumAttributes; i++) {
-                if (mAttributes[i].mWhereToGetValue == 
-                    AttributeConfig.USE_REQUEST_ATTR)
+                if (mAttributes[i].mWhereToGetValue == AttributeConfig.USE_REQUEST_ATTR)
                     return null;
             }
         }
@@ -265,24 +262,23 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
                 // skip attribute if request attribute doesn't exist.
                 Attribute a = mAttributes[i].formAttr(req);
 
-                if (a == null) 
+                if (a == null)
                     continue;
                 attrs.addElement(a);
             }
         }
-        if (attrs.size() == 0) 
+        if (attrs.size() == 0)
             return null;
         Attribute[] attrList = new Attribute[attrs.size()];
 
         attrs.copyInto(attrList);
-        SubjectDirAttributesExtension ext = 
-            new SubjectDirAttributesExtension(attrList); 
+        SubjectDirAttributesExtension ext =
+                new SubjectDirAttributesExtension(attrList);
 
         return ext;
     }
 }
 
-
 class AttributeConfig {
 
     protected static final String PROP_ATTRIBUTE_NAME = "attributeName";
@@ -305,21 +301,21 @@ class AttributeConfig {
     protected Attribute mAttribute = null;
 
     protected static final String ATTRIBUTE_NAME_INFO = "Attribute name.";
-    protected static final String WTG_VALUE_INFO = 
-        PROP_WTG_VALUE + ";choice(" + USE_REQUEST_ATTR + "," + USE_FIXED + ");" +
-        "Get value from a request attribute or use a fixed value specified below.";
-    protected static final String VALUE_INFO = 
-        PROP_VALUE + ";string;" +
-        "Request attribute name or a fixed value to put into the extension.";
-
-    public AttributeConfig(String name, IConfigStore config, boolean enabled) 
-        throws EBaseException {
+    protected static final String WTG_VALUE_INFO =
+            PROP_WTG_VALUE + ";choice(" + USE_REQUEST_ATTR + "," + USE_FIXED + ");" +
+                    "Get value from a request attribute or use a fixed value specified below.";
+    protected static final String VALUE_INFO =
+            PROP_VALUE + ";string;" +
+                    "Request attribute name or a fixed value to put into the extension.";
+
+    public AttributeConfig(String name, IConfigStore config, boolean enabled)
+            throws EBaseException {
         X500NameAttrMap map = X500NameAttrMap.getDefault();
 
         mName = name;
         mConfig = config;
         if (enabled) {
-            mAttributeName = mConfig.getString(PROP_ATTRIBUTE_NAME);        
+            mAttributeName = mConfig.getString(PROP_ATTRIBUTE_NAME);
             mWhereToGetValue = mConfig.getString(PROP_WTG_VALUE);
             mValue = mConfig.getString(PROP_VALUE);
         } else {
@@ -330,7 +326,7 @@ class AttributeConfig {
 
         if (mAttributeName.length() > 0) {
             mAttributeOID = map.getOid(mAttributeName);
-            if (mAttributeOID == null) 
+            if (mAttributeOID == null)
                 throw new EBaseException(
                         CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", mAttributeName));
         }
@@ -345,8 +341,8 @@ class AttributeConfig {
             if (dot != -1) {
                 mPrefix = mValue.substring(0, dot);
                 mReqAttr = mValue.substring(dot + 1);
-                if (mPrefix == null || mPrefix.length() == 0 || 
-                    mReqAttr == null || mReqAttr.length() == 0) {
+                if (mPrefix == null || mPrefix.length() == 0 ||
+                        mReqAttr == null || mReqAttr.length() == 0) {
                     throw new EBaseException(
                             CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", mValue));
                 }
@@ -357,17 +353,17 @@ class AttributeConfig {
         } else if (mWhereToGetValue.equalsIgnoreCase(USE_FIXED)) {
             mWhereToGetValue = USE_FIXED;
             if (mAttributeOID != null) {
-                try { 
-                    checkValue(mAttributeOID, mValue); 
-                    mAttribute = new Attribute(mAttributeOID, mValue); 
+                try {
+                    checkValue(mAttributeOID, mValue);
+                    mAttribute = new Attribute(mAttributeOID, mValue);
                 } catch (Exception e) {
                     throw new EBaseException(
                             CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                                mAttributeName, e.getMessage()));
+                                    mAttributeName, e.getMessage()));
                 }
             }
         } else if (enabled || mWhereToGetValue.length() > 0) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_VALUE_FOR_TYPE", PROP_WTG_VALUE,  
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_VALUE_FOR_TYPE", PROP_WTG_VALUE,
                         "Must be either '" + USE_REQUEST_ATTR + "' or '" + USE_FIXED + "'."));
         }
     }
@@ -385,7 +381,7 @@ class AttributeConfig {
         String attrChoices = getAllNames();
 
         v.addElement(nameDot + PROP_ATTRIBUTE_NAME + ";choice(" + attrChoices + ");" +
-            ATTRIBUTE_NAME_INFO);
+                ATTRIBUTE_NAME_INFO);
         v.addElement(nameDot + WTG_VALUE_INFO);
         v.addElement(nameDot + VALUE_INFO);
     }
@@ -398,21 +394,21 @@ class AttributeConfig {
         v.addElement(nameDot + PROP_VALUE + "=" + mValue);
     }
 
-    public Attribute formAttr(IRequest req) 
-        throws IOException {
+    public Attribute formAttr(IRequest req)
+            throws IOException {
         String val = req.getExtDataInString(mPrefix, mReqAttr);
 
         if (val == null || val.length() == 0) {
             return null;
         }
-        checkValue(mAttributeOID, val); 
+        checkValue(mAttributeOID, val);
         return new Attribute(mAttributeOID, val);
     }
 
     static private String getAllNames() {
         Enumeration<String> n = X500NameAttrMap.getDefault().getAllNames();
         StringBuffer sb = new StringBuffer();
-        sb.append( n.nextElement());
+        sb.append(n.nextElement());
 
         while (n.hasMoreElements()) {
             sb.append(",");
@@ -421,8 +417,8 @@ class AttributeConfig {
         return sb.toString();
     }
 
-    private static void checkValue(ObjectIdentifier oid, String val) 
-        throws IOException {
+    private static void checkValue(ObjectIdentifier oid, String val)
+            throws IOException {
         AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(oid);
         DerValue derval;
 
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java
index 717a6482..bcf6544f 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -46,21 +45,21 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Subject Public Key Extension Policy
- * Adds the subject public key id extension to certificates. 
+ * Adds the subject public key id extension to certificates.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class SubjectKeyIdentifierExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL = "critical";
     protected static final String PROP_KEYID_TYPE = "keyIdentifierType";
     protected static final String PROP_REQATTR_NAME = "requestAttrName";
@@ -102,17 +101,15 @@ public class SubjectKeyIdentifierExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.predicate=
-     *      ca.Policy.rule.<ruleName>.implName=
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.predicate= ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         mEnabled = mConfig.getBoolean(
@@ -126,26 +123,26 @@ public class SubjectKeyIdentifierExt extends APolicyRule
          */
 
         // parse key id type
-        if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SHA1)) 
+        if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SHA1))
             mKeyIdType = KEYID_TYPE_SHA1;
-        else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_TYPEFIELD)) 
+        else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_TYPEFIELD))
             mKeyIdType = KEYID_TYPE_TYPEFIELD;
 
-            /*
-             else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_REQATTR)
-             mKeyIdType = KEYID_TYPE_REQATTR;
-             */
-        else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SPKISHA1)) 
+        /*
+         else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_REQATTR)
+         mKeyIdType = KEYID_TYPE_REQATTR;
+         */
+        else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SPKISHA1))
             mKeyIdType = KEYID_TYPE_SPKISHA1;
         else {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("KRA_UNKNOWN_KEY_ID_TYPE", mKeyIdType));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", 
-                        PROP_KEYID_TYPE, 
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("KRA_UNKNOWN_KEY_ID_TYPE", mKeyIdType));
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
+                        PROP_KEYID_TYPE,
                         "value must be one of " +
-                        KEYID_TYPE_SHA1 + ", " +
-                        KEYID_TYPE_TYPEFIELD + ", " +
-                        KEYID_TYPE_SPKISHA1));
+                                KEYID_TYPE_SHA1 + ", " +
+                                KEYID_TYPE_TYPEFIELD + ", " +
+                                KEYID_TYPE_SPKISHA1));
         }
 
         // form instance params 
@@ -160,18 +157,18 @@ public class SubjectKeyIdentifierExt extends APolicyRule
     /**
      * Adds Subject Key identifier Extension to a certificate.
      * If the extension is already there, accept it.
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         // get certInfo from request.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-		
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; 
+            return PolicyResult.REJECTED;
         }
 
         for (int i = 0; i < ci.length; i++) {
@@ -189,7 +186,7 @@ public class SubjectKeyIdentifierExt extends APolicyRule
             // if subject key id extension already exists, leave it if approved.
             SubjectKeyIdentifierExtension subjectKeyIdExt = null;
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             try {
                 if (extensions != null) {
@@ -202,14 +199,14 @@ public class SubjectKeyIdentifierExt extends APolicyRule
             if (subjectKeyIdExt != null) {
                 if (agentApproved(req)) {
                     CMS.debug(
-                        "SubjectKeyIdentifierExt: agent approved request id " + req.getRequestId() +
-                        " already has subject key id extension with value " +
-                        subjectKeyIdExt);
+                            "SubjectKeyIdentifierExt: agent approved request id " + req.getRequestId() +
+                                    " already has subject key id extension with value " +
+                                    subjectKeyIdExt);
                     return PolicyResult.ACCEPTED;
                 } else {
                     CMS.debug(
-                        "SubjectKeyIdentifierExt: request id from user " + req.getRequestId() +
-                        " had subject key identifier - deleted to be replaced");
+                            "SubjectKeyIdentifierExt: request id from user " + req.getRequestId() +
+                                    " had subject key identifier - deleted to be replaced");
                     extensions.delete(SubjectKeyIdentifierExtension.class.getSimpleName());
                 }
             }
@@ -217,38 +214,38 @@ public class SubjectKeyIdentifierExt extends APolicyRule
             // create subject key id extension.
             KeyIdentifier keyId = null;
 
-            try { 
-                keyId = formKeyIdentifier(certInfo, req); 
+            try {
+                keyId = formKeyIdentifier(certInfo, req);
             } catch (EBaseException e) {
                 setPolicyException(req, e);
                 return PolicyResult.REJECTED;
             }
-            subjectKeyIdExt = 
+            subjectKeyIdExt =
                     new SubjectKeyIdentifierExtension(
-                        mCritical, keyId.getIdentifier());
+                            mCritical, keyId.getIdentifier());
 
             // add subject key id extension.
             if (extensions == null) {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             }
             extensions.set(
-                SubjectKeyIdentifierExtension.class.getSimpleName(), subjectKeyIdExt);
+                    SubjectKeyIdentifierExtension.class.getSimpleName(), subjectKeyIdExt);
             CMS.debug(
-                "SubjectKeyIdentifierExt: added subject key id ext to request " + req.getRequestId());
+                    "SubjectKeyIdentifierExt: added subject key id ext to request " + req.getRequestId());
             return PolicyResult.ACCEPTED;
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR,NAME", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, e.getMessage());
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR,NAME", e.getMessage()));
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, e.getMessage());
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Certificate Info Error");
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED;
         }
     }
@@ -256,12 +253,13 @@ public class SubjectKeyIdentifierExt extends APolicyRule
     /**
      * Form the Key Identifier in the Subject Key Identifier extension.
      * <p>
+     * 
      * @param certInfo Certificate Info
      * @param req request
      * @return A Key Identifier.
      */
     protected KeyIdentifier formKeyIdentifier(
-        X509CertInfo certInfo, IRequest req) throws EBaseException {
+            X509CertInfo certInfo, IRequest req) throws EBaseException {
         KeyIdentifier keyId = null;
 
         if (mKeyIdType == KEYID_TYPE_SHA1) {
@@ -269,10 +267,10 @@ public class SubjectKeyIdentifierExt extends APolicyRule
         } else if (mKeyIdType == KEYID_TYPE_TYPEFIELD) {
             keyId = formTypeFieldKeyId(certInfo);
         } /*
-         else if (mKeyIdType == KEYID_TYPE_REQATTR) {
-         keyId = formReqAttrKeyId(certInfo, req);
-         }
-         */ else if (mKeyIdType == KEYID_TYPE_SPKISHA1) {
+          else if (mKeyIdType == KEYID_TYPE_REQATTR) {
+          keyId = formReqAttrKeyId(certInfo, req);
+          }
+          */else if (mKeyIdType == KEYID_TYPE_SPKISHA1) {
             keyId = formSpkiSHA1KeyId(certInfo);
         } else {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
@@ -282,22 +280,23 @@ public class SubjectKeyIdentifierExt extends APolicyRule
     }
 
     /**
-     * Form key identifier from a type field value of 0100 followed by 
-     * the least significate 60 bits of the sha-1 hash of the subject 
-     * public key BIT STRING in accordance with RFC 2459. 
+     * Form key identifier from a type field value of 0100 followed by
+     * the least significate 60 bits of the sha-1 hash of the subject
+     * public key BIT STRING in accordance with RFC 2459.
      * <p>
+     * 
      * @param certInfo - certificate info
      * @return A Key Identifier with value formulatd as described.
      */
 
     protected KeyIdentifier formTypeFieldKeyId(X509CertInfo certInfo)
-        throws EBaseException {
+            throws EBaseException {
         KeyIdentifier keyId = null;
         X509Key key = null;
 
         try {
             CertificateX509Key certKey =
-                (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
+                    (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
 
             if (certKey == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", NAME));
@@ -309,13 +308,13 @@ public class SubjectKeyIdentifierExt extends APolicyRule
                 throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString()));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString()));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         }
@@ -330,8 +329,8 @@ public class SubjectKeyIdentifierExt extends APolicyRule
             octetString[0] &= (0x08f & octetString[0]);
             keyId = new KeyIdentifier(octetString);
         } catch (NoSuchAlgorithmException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         }
@@ -340,40 +339,39 @@ public class SubjectKeyIdentifierExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mInstanceParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefaultParams;
     }
 
     /**
-     * Gets extended plugin info for pretty Console displays. 
+     * Gets extended plugin info for pretty Console displays.
      */
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
                 PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST NOT be marked critical.",
                 PROP_KEYID_TYPE + ";" +
-                "choice(" + KEYID_TYPE_SHA1 + "," +
-                KEYID_TYPE_TYPEFIELD + "," +
-                KEYID_TYPE_SPKISHA1 + ");" +
-                "Method to derive the Key Identifier.",
+                        "choice(" + KEYID_TYPE_SHA1 + "," +
+                        KEYID_TYPE_TYPEFIELD + "," +
+                        KEYID_TYPE_SPKISHA1 + ");" +
+                        "Method to derive the Key Identifier.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-subjectkeyidentifier",
+                        ";configuration-policyrules-subjectkeyidentifier",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds the Subject Key Identifier extension. See RFC 2459 (4.2.1.2)"
+                        ";Adds the Subject Key Identifier extension. See RFC 2459 (4.2.1.2)"
             };
 
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java
index 68c706f5..2f95f91b 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Locale;
@@ -49,10 +48,9 @@ import com.netscape.certsrv.registry.IPluginRegistry;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.RequestStatus;
 
-
 /**
  * This class implements a basic profile.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public abstract class BasicProfile implements IProfile {
@@ -76,8 +74,8 @@ public abstract class BasicProfile implements IProfile {
     public static final String PROP_NAME = "name";
     public static final String PROP_DESC = "desc";
     public static final String PROP_NO_DEFAULT = "noDefaultImpl";
-    public static final String PROP_NO_CONSTRAINT= "noConstraintImpl";
-    public static final String PROP_GENERIC_EXT_DEFAULT= "genericExtDefaultImpl";
+    public static final String PROP_NO_CONSTRAINT = "noConstraintImpl";
+    public static final String PROP_GENERIC_EXT_DEFAULT = "genericExtDefaultImpl";
 
     protected IProfileSubsystem mOwner = null;
     protected IConfigStore mConfig = null;
@@ -145,19 +143,19 @@ public abstract class BasicProfile implements IProfile {
     public IProfileAuthenticator getAuthenticator() throws EProfileException {
         try {
             IAuthSubsystem authSub = (IAuthSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
             IProfileAuthenticator auth = (IProfileAuthenticator)
-                authSub.get(mAuthInstanceId);
+                    authSub.get(mAuthInstanceId);
 
-            if (mAuthInstanceId != null && mAuthInstanceId.length() > 0 
-                && auth == null) {
-                throw new EProfileException("Cannot load " + 
+            if (mAuthInstanceId != null && mAuthInstanceId.length() > 0
+                    && auth == null) {
+                throw new EProfileException("Cannot load " +
                         mAuthInstanceId);
             }
             return auth;
         } catch (Exception e) {
             if (mAuthInstanceId != null) {
-                throw new EProfileException("Cannot load " + 
+                throw new EProfileException("Cannot load " +
                         mAuthInstanceId);
             }
             return null;
@@ -167,7 +165,7 @@ public abstract class BasicProfile implements IProfile {
     public String getRequestorDN(IRequest request) {
         return null;
     }
-  
+
     public String getAuthenticatorId() {
         return mAuthInstanceId;
     }
@@ -185,7 +183,7 @@ public abstract class BasicProfile implements IProfile {
      * Initializes this profile.
      */
     public void init(IProfileSubsystem owner, IConfigStore config)
-        throws EBaseException { 
+            throws EBaseException {
         CMS.debug("BasicProfile: start init");
         mOwner = owner;
         mConfig = config;
@@ -214,7 +212,7 @@ public abstract class BasicProfile implements IProfile {
             mAuthzAcl = config.getString("authz.acl", "");
         } catch (EBaseException e) {
             CMS.debug("BasicProfile: authentication class not found " +
-                e.toString());
+                    e.toString());
         }
 
         // handle profile input plugins
@@ -224,7 +222,7 @@ public abstract class BasicProfile implements IProfile {
 
         while (input_st.hasMoreTokens()) {
             String input_id = (String) input_st.nextToken();
-            String inputClassId = inputStore.getString(input_id + "." + 
+            String inputClassId = inputStore.getString(input_id + "." +
                     PROP_CLASS_ID);
             IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput",
                     inputClassId);
@@ -234,12 +232,12 @@ public abstract class BasicProfile implements IProfile {
 
             try {
                 input = (IProfileInput)
-                        Class.forName(inputClass).newInstance(); 
+                        Class.forName(inputClass).newInstance();
             } catch (Exception e) {
                 // throw Exception
-                CMS.debug("BasicProfile: input plugin Class.forName " + 
-                    inputClass + " " + e.toString());
-                throw new EBaseException( e.toString() );
+                CMS.debug("BasicProfile: input plugin Class.forName " +
+                        inputClass + " " + e.toString());
+                throw new EBaseException(e.toString());
             }
             IConfigStore inputConfig = inputStore.getSubStore(input_id);
             input.init(this, inputConfig);
@@ -255,7 +253,7 @@ public abstract class BasicProfile implements IProfile {
         while (output_st.hasMoreTokens()) {
             String output_id = (String) output_st.nextToken();
 
-            String outputClassId = outputStore.getString(output_id + "." + 
+            String outputClassId = outputStore.getString(output_id + "." +
                     PROP_CLASS_ID);
             IPluginInfo outputInfo = mRegistry.getPluginInfo("profileOutput",
                     outputClassId);
@@ -265,12 +263,12 @@ public abstract class BasicProfile implements IProfile {
 
             try {
                 output = (IProfileOutput)
-                        Class.forName(outputClass).newInstance(); 
+                        Class.forName(outputClass).newInstance();
             } catch (Exception e) {
                 // throw Exception
-                CMS.debug("BasicProfile: output plugin Class.forName " + 
-                    outputClass + " " + e.toString());
-                throw new EBaseException( e.toString() );
+                CMS.debug("BasicProfile: output plugin Class.forName " +
+                        outputClass + " " + e.toString());
+                throw new EBaseException(e.toString());
             }
             IConfigStore outputConfig = outputStore.getSubStore(output_id);
             output.init(this, outputConfig);
@@ -286,7 +284,7 @@ public abstract class BasicProfile implements IProfile {
         while (updater_st.hasMoreTokens()) {
             String updater_id = (String) updater_st.nextToken();
 
-            String updaterClassId = updaterStore.getString(updater_id + "." + 
+            String updaterClassId = updaterStore.getString(updater_id + "." +
                     PROP_CLASS_ID);
             IPluginInfo updaterInfo = mRegistry.getPluginInfo("profileUpdater",
                      updaterClassId);
@@ -296,12 +294,12 @@ public abstract class BasicProfile implements IProfile {
 
             try {
                 updater = (IProfileUpdater)
-                        Class.forName(updaterClass).newInstance(); 
+                        Class.forName(updaterClass).newInstance();
             } catch (Exception e) {
                 // throw Exception
-                CMS.debug("BasicProfile: updater plugin Class.forName " + 
-                    updaterClass + " " + e.toString());
-                throw new EBaseException( e.toString() );
+                CMS.debug("BasicProfile: updater plugin Class.forName " +
+                        updaterClass + " " + e.toString());
+                throw new EBaseException(e.toString());
             }
             IConfigStore updaterConfig = updaterStore.getSubStore(updater_id);
             updater.init(this, updaterConfig);
@@ -325,15 +323,15 @@ public abstract class BasicProfile implements IProfile {
                 String id = (String) st1.nextToken();
 
                 String defaultRoot = id + "." + PROP_DEFAULT;
-                String defaultClassId = policyStore.getString(defaultRoot + "." + 
+                String defaultClassId = policyStore.getString(defaultRoot + "." +
                         PROP_CLASS_ID);
 
                 String constraintRoot = id + "." + PROP_CONSTRAINT;
-                String constraintClassId = 
-                    policyStore.getString(constraintRoot + "." + PROP_CLASS_ID);
+                String constraintClassId =
+                        policyStore.getString(constraintRoot + "." + PROP_CLASS_ID);
 
-                createProfilePolicy(setId, id, defaultClassId, 
-                    constraintClassId, false);
+                createProfilePolicy(setId, id, defaultClassId,
+                        constraintClassId, false);
             }
         }
         CMS.debug("BasicProfile: done init");
@@ -380,20 +378,20 @@ public abstract class BasicProfile implements IProfile {
     }
 
     public String getInput(String name, Locale locale, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         return null;
     }
 
     public void setInput(String name, Locale locale, IRequest request,
-        String value) throws EProfileException {
+            String value) throws EProfileException {
     }
 
     public Enumeration<String> getProfilePolicySetIds() {
         return mPolicySet.keys();
     }
 
-    public void deleteProfilePolicy(String setId, String policyId) 
-        throws EProfileException {
+    public void deleteProfilePolicy(String setId, String policyId)
+            throws EProfileException {
         Vector<ProfilePolicy> policies = mPolicySet.get(setId);
 
         if (policies == null) {
@@ -443,10 +441,10 @@ public abstract class BasicProfile implements IProfile {
                         while (st1.hasMoreTokens()) {
                             String e = st1.nextToken();
 
-                            if (!e.equals(setId)) 
+                            if (!e.equals(setId))
                                 newlist1 = newlist1 + e + ",";
                         }
-                        if (!newlist1.equals("")) 
+                        if (!newlist1.equals(""))
                             newlist1 = newlist1.substring(0, newlist1.length() - 1);
                         policySetSubStore.putString(PROP_POLICY_LIST, newlist1);
                     }
@@ -454,8 +452,8 @@ public abstract class BasicProfile implements IProfile {
                 }
             }
 
-            mConfig.putString("lastModified", 
-               Long.toString(CMS.getCurrentDate().getTime()));
+            mConfig.putString("lastModified",
+                    Long.toString(CMS.getCurrentDate().getTime()));
             mConfig.commit(false);
         } catch (Exception e) {
         }
@@ -496,8 +494,8 @@ public abstract class BasicProfile implements IProfile {
 
             mInputs.remove(inputId);
             mConfig.putString("input." + PROP_INPUT_LIST, newlist);
-            mConfig.putString("lastModified", 
-               Long.toString(CMS.getCurrentDate().getTime()));
+            mConfig.putString("lastModified",
+                    Long.toString(CMS.getCurrentDate().getTime()));
             mConfig.commit(false);
         } catch (Exception e) {
         }
@@ -537,24 +535,23 @@ public abstract class BasicProfile implements IProfile {
 
             mOutputs.remove(outputId);
             mConfig.putString("output." + PROP_OUTPUT_LIST, newlist);
-            mConfig.putString("lastModified", 
-               Long.toString(CMS.getCurrentDate().getTime()));
+            mConfig.putString("lastModified",
+                    Long.toString(CMS.getCurrentDate().getTime()));
             mConfig.commit(false);
         } catch (Exception e) {
         }
     }
 
-    public IProfileOutput createProfileOutput(String id, String outputId, 
-        NameValuePairs nvps)
-        throws EProfileException {
-        return createProfileOutput(id, outputId, nvps, true); 
+    public IProfileOutput createProfileOutput(String id, String outputId,
+            NameValuePairs nvps)
+            throws EProfileException {
+        return createProfileOutput(id, outputId, nvps, true);
     }
 
     public IProfileOutput createProfileOutput(String id, String outputId,
-        NameValuePairs nvps, boolean createConfig)
+            NameValuePairs nvps, boolean createConfig)
 
-
-        throws EProfileException {
+    throws EProfileException {
         IConfigStore outputStore = mConfig.getSubStore("output");
         String output_list = null;
 
@@ -618,7 +615,7 @@ public abstract class BasicProfile implements IProfile {
             String prefix = id + ".";
 
             outputStore.putString(prefix + "name",
-                outputInfo.getName(Locale.getDefault()));
+                    outputInfo.getName(Locale.getDefault()));
             outputStore.putString(prefix + "class_id", outputId);
 
             Enumeration<String> enum1 = nvps.getNames();
@@ -628,17 +625,17 @@ public abstract class BasicProfile implements IProfile {
 
                 outputStore.putString(prefix + "params." + name, nvps.getValue(name));
                 try {
-                   if (output != null) {
-                       output.setConfig(name, nvps.getValue(name));
-                   }
+                    if (output != null) {
+                        output.setConfig(name, nvps.getValue(name));
+                    }
                 } catch (EBaseException e) {
-                   CMS.debug(e.toString());
+                    CMS.debug(e.toString());
                 }
             }
 
             try {
-            mConfig.putString("lastModified", 
-               Long.toString(CMS.getCurrentDate().getTime()));
+                mConfig.putString("lastModified",
+                        Long.toString(CMS.getCurrentDate().getTime()));
                 mConfig.commit(false);
             } catch (EBaseException e) {
                 CMS.debug(e.toString());
@@ -648,15 +645,15 @@ public abstract class BasicProfile implements IProfile {
         return output;
     }
 
-    public IProfileInput createProfileInput(String id, String inputId, 
-        NameValuePairs nvps)
-        throws EProfileException {
-        return createProfileInput(id, inputId, nvps, true); 
+    public IProfileInput createProfileInput(String id, String inputId,
+            NameValuePairs nvps)
+            throws EProfileException {
+        return createProfileInput(id, inputId, nvps, true);
     }
 
     public IProfileInput createProfileInput(String id, String inputId,
-        NameValuePairs nvps, boolean createConfig)
-        throws EProfileException {
+            NameValuePairs nvps, boolean createConfig)
+            throws EProfileException {
         IConfigStore inputStore = mConfig.getSubStore("input");
 
         String input_list = null;
@@ -720,10 +717,10 @@ public abstract class BasicProfile implements IProfile {
             }
             String prefix = id + ".";
 
-            inputStore.putString(prefix + "name", 
-                inputInfo.getName(Locale.getDefault()));
+            inputStore.putString(prefix + "name",
+                    inputInfo.getName(Locale.getDefault()));
             inputStore.putString(prefix + "class_id", inputId);
-            
+
             Enumeration<String> enum1 = nvps.getNames();
 
             while (enum1.hasMoreElements()) {
@@ -731,17 +728,17 @@ public abstract class BasicProfile implements IProfile {
 
                 inputStore.putString(prefix + "params." + name, nvps.getValue(name));
                 try {
-                   if (input != null) {
-                       input.setConfig(name, nvps.getValue(name));
-                   }
+                    if (input != null) {
+                        input.setConfig(name, nvps.getValue(name));
+                    }
                 } catch (EBaseException e) {
-                   CMS.debug(e.toString());
+                    CMS.debug(e.toString());
                 }
             }
 
             try {
-                mConfig.putString("lastModified", 
-                  Long.toString(CMS.getCurrentDate().getTime()));
+                mConfig.putString("lastModified",
+                        Long.toString(CMS.getCurrentDate().getTime()));
                 mConfig.commit(false);
             } catch (EBaseException e) {
                 CMS.debug(e.toString());
@@ -754,33 +751,33 @@ public abstract class BasicProfile implements IProfile {
     /**
      * Creates a profile policy
      */
-    public IProfilePolicy createProfilePolicy(String setId, String id, 
-        String defaultClassId, String constraintClassId)
-        throws EProfileException {
-        return createProfilePolicy(setId, id, defaultClassId, 
+    public IProfilePolicy createProfilePolicy(String setId, String id,
+            String defaultClassId, String constraintClassId)
+            throws EProfileException {
+        return createProfilePolicy(setId, id, defaultClassId,
                 constraintClassId, true);
     }
 
-    public IProfilePolicy createProfilePolicy(String setId, String id, 
-        String defaultClassId, String constraintClassId,
-        boolean createConfig)
-        throws EProfileException {
-        
+    public IProfilePolicy createProfilePolicy(String setId, String id,
+            String defaultClassId, String constraintClassId,
+            boolean createConfig)
+            throws EProfileException {
+
         // String setId ex: policyset.set1
         // String id    Id of policy : examples: p1,p2,p3 
         // String defaultClassId : id of the default plugin ex: validityDefaultImpl
         // String constraintClassId : if of the constraint plugin ex: basicConstraintsExtConstraintImpl
         // boolean createConfig : true : being called from the console. false: being called from server startup code
 
-        Vector<ProfilePolicy> policies =  mPolicySet.get(setId);
+        Vector<ProfilePolicy> policies = mPolicySet.get(setId);
 
         IConfigStore policyStore = mConfig.getSubStore("policyset." + setId);
         if (policies == null) {
             policies = new Vector<ProfilePolicy>();
             mPolicySet.put(setId, policies);
-            if (createConfig) {	
+            if (createConfig) {
                 // re-create policyset.list
-                StringBuffer setlist =new StringBuffer();
+                StringBuffer setlist = new StringBuffer();
                 Enumeration<String> keys = mPolicySet.keys();
 
                 while (keys.hasMoreElements()) {
@@ -794,50 +791,50 @@ public abstract class BasicProfile implements IProfile {
                 mConfig.putString("policyset.list", setlist.toString());
             }
         } else {
-                String ids = null;
+            String ids = null;
 
-                try {
-                    ids = policyStore.getString(PROP_POLICY_LIST, "");
-                } catch (Exception ee) {
-                }
+            try {
+                ids = policyStore.getString(PROP_POLICY_LIST, "");
+            } catch (Exception ee) {
+            }
 
-                if( ids == null ) {
-                    CMS.debug("BasicProfile::createProfilePolicy() - ids is null!" );
-                    return null;
-                }
+            if (ids == null) {
+                CMS.debug("BasicProfile::createProfilePolicy() - ids is null!");
+                return null;
+            }
 
-                StringTokenizer st1 = new StringTokenizer(ids, ",");
-                int appearances = 0;
-                int appearancesTooMany = 0;
-                if (createConfig) 
-                    appearancesTooMany = 1;
-                else
-                    appearancesTooMany = 2;
+            StringTokenizer st1 = new StringTokenizer(ids, ",");
+            int appearances = 0;
+            int appearancesTooMany = 0;
+            if (createConfig)
+                appearancesTooMany = 1;
+            else
+                appearancesTooMany = 2;
 
-                while (st1.hasMoreTokens()) {
-                    String pid = st1.nextToken();
-                    if (pid.equals(id)) {
-                        appearances++;
-                        if (appearances >= appearancesTooMany) {
-                            CMS.debug("WARNING detected duplicate policy id:   " + id + " Profile: "  + mId);
-                            if (createConfig) {
-                                throw new EProfileException("Duplicate policy id: " + id);
-                            }
+            while (st1.hasMoreTokens()) {
+                String pid = st1.nextToken();
+                if (pid.equals(id)) {
+                    appearances++;
+                    if (appearances >= appearancesTooMany) {
+                        CMS.debug("WARNING detected duplicate policy id:   " + id + " Profile: " + mId);
+                        if (createConfig) {
+                            throw new EProfileException("Duplicate policy id: " + id);
                         }
                     }
                 }
+            }
         }
 
         // Now make sure we aren't trying to add a policy that already exists
         IConfigStore policySetStore = mConfig.getSubStore("policyset");
-        String setlist =  null;
+        String setlist = null;
         try {
             setlist = policySetStore.getString("list", "");
         } catch (Exception e) {
         }
         StringTokenizer st = new StringTokenizer(setlist, ",");
 
-        int matches = 0; 
+        int matches = 0;
         while (st.hasMoreTokens()) {
             String sId = (String) st.nextToken();
 
@@ -846,10 +843,10 @@ public abstract class BasicProfile implements IProfile {
                 continue;
             }
             IConfigStore pStore = policySetStore.getSubStore(sId);
-           
+
             String list = null;
             try {
-                list =  pStore.getString(PROP_POLICY_LIST, "");
+                list = pStore.getString(PROP_POLICY_LIST, "");
             } catch (Exception e) {
                 CMS.debug("WARNING, can't get policy id list!");
             }
@@ -862,9 +859,9 @@ public abstract class BasicProfile implements IProfile {
                 String defaultRoot = curId + "." + PROP_DEFAULT;
                 String curDefaultClassId = null;
                 try {
-                    curDefaultClassId =  pStore.getString(defaultRoot + "." +
-                        PROP_CLASS_ID);
-                } catch(Exception e) {
+                    curDefaultClassId = pStore.getString(defaultRoot + "." +
+                            PROP_CLASS_ID);
+                } catch (Exception e) {
                     CMS.debug("WARNING, can't get default plugin id!");
                 }
 
@@ -879,21 +876,20 @@ public abstract class BasicProfile implements IProfile {
                 //Disallow duplicate defaults  with the following exceptions:
                 // noDefaultImpl, genericExtDefaultImpl
 
-                if ((curDefaultClassId.equals(defaultClassId)  && 
-                    !curDefaultClassId.equals(PROP_NO_DEFAULT) && 
-                    !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT)) ) {
+                if ((curDefaultClassId.equals(defaultClassId) &&
+                        !curDefaultClassId.equals(PROP_NO_DEFAULT) && !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT))) {
 
                     matches++;
                     if (createConfig) {
                         if (matches == 1) {
-                              CMS.debug("WARNING attempt to add duplicate Policy "  + defaultClassId + ":" + constraintClassId +
-                                  " Contact System Administrator.");
-                             throw new EProfileException("Attempt to add duplicate Policy : " +  defaultClassId + ":" + constraintClassId);
+                            CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId +
+                                    " Contact System Administrator.");
+                            throw new EProfileException("Attempt to add duplicate Policy : " + defaultClassId + ":" + constraintClassId);
                         }
                     } else {
-                        if( matches > 1) {
-                             CMS.debug("WARNING attempt to add duplicate Policy "  + defaultClassId + ":" + constraintClassId +
-                                  " Contact System Administrator.");
+                        if (matches > 1) {
+                            CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId +
+                                    " Contact System Administrator.");
                         }
                     }
                 }
@@ -919,8 +915,8 @@ public abstract class BasicProfile implements IProfile {
                     Class.forName(defaultClass).newInstance();
         } catch (Exception e) {
             // throw Exception
-            CMS.debug("BasicProfile: default policy " + 
-                defaultClass + " " + e.toString());
+            CMS.debug("BasicProfile: default policy " +
+                    defaultClass + " " + e.toString());
         }
         if (def == null) {
             CMS.debug("BasicProfile: failed to create " + defaultClass);
@@ -931,7 +927,7 @@ public abstract class BasicProfile implements IProfile {
             def.init(this, defStore);
         }
 
-        IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy", 
+        IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy",
                 constraintClassId);
         String constraintClass = conInfo.getClassName();
         IPolicyConstraint constraint = null;
@@ -941,8 +937,8 @@ public abstract class BasicProfile implements IProfile {
                     Class.forName(constraintClass).newInstance();
         } catch (Exception e) {
             // throw Exception
-            CMS.debug("BasicProfile: constraint policy " + 
-                constraintClass + " " + e.toString());
+            CMS.debug("BasicProfile: constraint policy " +
+                    constraintClass + " " + e.toString());
         }
         ProfilePolicy policy = null;
         if (constraint == null) {
@@ -968,21 +964,21 @@ public abstract class BasicProfile implements IProfile {
             } else {
                 policyStore.putString(PROP_POLICY_LIST, list + "," + id);
             }
-            policyStore.putString(id + ".default.name", 
-                defInfo.getName(Locale.getDefault()));
-            policyStore.putString(id + ".default.class_id", 
-                defaultClassId);
-            policyStore.putString(id + ".constraint.name", 
-                conInfo.getName(Locale.getDefault()));
-            policyStore.putString(id + ".constraint.class_id", 
-                constraintClassId);
+            policyStore.putString(id + ".default.name",
+                    defInfo.getName(Locale.getDefault()));
+            policyStore.putString(id + ".default.class_id",
+                    defaultClassId);
+            policyStore.putString(id + ".constraint.name",
+                    conInfo.getName(Locale.getDefault()));
+            policyStore.putString(id + ".constraint.class_id",
+                    constraintClassId);
             try {
-                mConfig.putString("lastModified", 
-                  Long.toString(CMS.getCurrentDate().getTime()));
+                mConfig.putString("lastModified",
+                        Long.toString(CMS.getCurrentDate().getTime()));
                 policyStore.commit(false);
             } catch (EBaseException e) {
-                CMS.debug("BasicProfile: commiting config store " + 
-                    e.toString());
+                CMS.debug("BasicProfile: commiting config store " +
+                        e.toString());
             }
         }
 
@@ -990,7 +986,7 @@ public abstract class BasicProfile implements IProfile {
     }
 
     public IProfilePolicy getProfilePolicy(String setId, String id) {
-        Vector<ProfilePolicy> policies =  mPolicySet.get(setId);
+        Vector<ProfilePolicy> policies = mPolicySet.get(setId);
 
         if (policies == null)
             return null;
@@ -1038,7 +1034,7 @@ public abstract class BasicProfile implements IProfile {
      * Creates request.
      */
     public abstract IRequest[] createRequests(IProfileContext ctx, Locale locale)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Returns the profile description.
@@ -1056,19 +1052,19 @@ public abstract class BasicProfile implements IProfile {
     }
 
     public void populateInput(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         Enumeration<String> ids = getProfileInputIds();
 
         while (ids.hasMoreElements()) {
             String id = (String) ids.nextElement();
-            IProfileInput input = getProfileInput(id); 
+            IProfileInput input = getProfileInput(id);
 
             input.populate(ctx, request);
         }
     }
 
     public Vector<ProfilePolicy> getPolicies(String setId) {
-        Vector<ProfilePolicy> policies =  mPolicySet.get(setId);
+        Vector<ProfilePolicy> policies = mPolicySet.get(setId);
 
         return policies;
     }
@@ -1076,34 +1072,34 @@ public abstract class BasicProfile implements IProfile {
     /**
      * Passes the request to the set of default policies that
      * populate the profile information against the profile.
-     */ 
+     */
     public void populate(IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         String setId = getPolicySetId(request);
         Vector<ProfilePolicy> policies = getPolicies(setId);
-        CMS.debug("BasicProfile: populate() policy setid ="+ setId);
+        CMS.debug("BasicProfile: populate() policy setid =" + setId);
 
         for (int i = 0; i < policies.size(); i++) {
             ProfilePolicy policy = (ProfilePolicy)
-                policies.elementAt(i);
+                    policies.elementAt(i);
 
             policy.getDefault().populate(request);
         }
     }
 
     /**
-     * Passes the request to the set of constraint policies 
+     * Passes the request to the set of constraint policies
      * that validate the request against the profile.
-     */ 
+     */
     public void validate(IRequest request)
-        throws ERejectException {
+            throws ERejectException {
         String setId = getPolicySetId(request);
-        CMS.debug("BasicProfile: validate start on setId="+ setId);
+        CMS.debug("BasicProfile: validate start on setId=" + setId);
         Vector<ProfilePolicy> policies = getPolicies(setId);
 
         for (int i = 0; i < policies.size(); i++) {
             ProfilePolicy policy = (ProfilePolicy)
-                policies.elementAt(i);
+                    policies.elementAt(i);
 
             policy.getConstraint().validate(request);
         }
@@ -1130,24 +1126,24 @@ public abstract class BasicProfile implements IProfile {
 
         for (int i = 0; i < policies.size(); i++) {
             ProfilePolicy policy = (ProfilePolicy)
-                policies.elementAt(i);
+                    policies.elementAt(i);
 
-            v.addElement(policy.getId());	
+            v.addElement(policy.getId());
         }
         return v.elements();
     }
 
     public void execute(IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
      * Signed Audit Log
-     *
+     * 
      * This method is inherited by all extended "BasicProfile"s,
      * and is called to store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
     protected void audit(String msg) {
@@ -1159,20 +1155,20 @@ public abstract class BasicProfile implements IProfile {
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     /**
      * Signed Audit Log Subject ID
-     *
+     * 
      * This method is inherited by all extended "BasicProfile"s,
      * and is called to obtain the "SubjectID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message SubjectID
      */
     protected String auditSubjectID() {
@@ -1202,4 +1198,3 @@ public abstract class BasicProfile implements IProfile {
         return subjectID;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java
index 681f2b4a..cdaddef5 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.common.NameValuePairs;
@@ -28,103 +27,101 @@ import com.netscape.certsrv.profile.IProfileInput;
 import com.netscape.certsrv.profile.IProfileOutput;
 import com.netscape.certsrv.profile.IProfilePolicy;
 
-
 /**
  * This class implements a Certificate Manager enrollment
  * profile for CA Certificates.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class CACertCAEnrollProfile extends CAEnrollProfile 
-   implements IProfileEx {
+public class CACertCAEnrollProfile extends CAEnrollProfile
+        implements IProfileEx {
 
     /**
      * Called after initialization. It populates default
      * policies, inputs, and outputs.
      */
-    public void populate() throws EBaseException
-    { 
+    public void populate() throws EBaseException {
         // create inputs
         NameValuePairs inputParams1 = new NameValuePairs();
-        IProfileInput input1 = 
-          createProfileInput("i1", "certReqInputImpl", inputParams1);
+        IProfileInput input1 =
+                createProfileInput("i1", "certReqInputImpl", inputParams1);
         NameValuePairs inputParams2 = new NameValuePairs();
-        IProfileInput input2 = 
-          createProfileInput("i2", "submitterInfoInputImpl", inputParams2);
+        IProfileInput input2 =
+                createProfileInput("i2", "submitterInfoInputImpl", inputParams2);
 
         // create outputs 
         NameValuePairs outputParams1 = new NameValuePairs();
-        IProfileOutput output1 = 
-          createProfileOutput("o1", "certOutputImpl", outputParams1);
+        IProfileOutput output1 =
+                createProfileOutput("o1", "certOutputImpl", outputParams1);
 
         // create policies
         IProfilePolicy policy1 =
-          createProfilePolicy("set1", "p1",
-            "userSubjectNameDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p1",
+                        "userSubjectNameDefaultImpl", "noConstraintImpl");
         IPolicyDefault def1 = policy1.getDefault();
         IConfigStore defConfig1 = def1.getConfigStore();
         IPolicyConstraint con1 = policy1.getConstraint();
         IConfigStore conConfig1 = con1.getConfigStore();
 
         IProfilePolicy policy2 =
-          createProfilePolicy("set1", "p2",
-            "validityDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p2",
+                        "validityDefaultImpl", "noConstraintImpl");
         IPolicyDefault def2 = policy2.getDefault();
         IConfigStore defConfig2 = def2.getConfigStore();
-        defConfig2.putString("params.range","180");
-        defConfig2.putString("params.startTime","0");
+        defConfig2.putString("params.range", "180");
+        defConfig2.putString("params.startTime", "0");
         IPolicyConstraint con2 = policy2.getConstraint();
         IConfigStore conConfig2 = con2.getConfigStore();
 
         IProfilePolicy policy3 =
-          createProfilePolicy("set1", "p3",
-            "userKeyDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p3",
+                        "userKeyDefaultImpl", "noConstraintImpl");
         IPolicyDefault def3 = policy3.getDefault();
         IConfigStore defConfig3 = def3.getConfigStore();
-        defConfig3.putString("params.keyType","RSA");
-        defConfig3.putString("params.keyMinLength","512");
-        defConfig3.putString("params.keyMaxLength","4096");
+        defConfig3.putString("params.keyType", "RSA");
+        defConfig3.putString("params.keyMinLength", "512");
+        defConfig3.putString("params.keyMaxLength", "4096");
         IPolicyConstraint con3 = policy3.getConstraint();
         IConfigStore conConfig3 = con3.getConfigStore();
 
         IProfilePolicy policy4 =
-          createProfilePolicy("set1", "p4",
-            "signingAlgDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p4",
+                        "signingAlgDefaultImpl", "noConstraintImpl");
         IPolicyDefault def4 = policy4.getDefault();
         IConfigStore defConfig4 = def4.getConfigStore();
-        defConfig4.putString("params.signingAlg","-");
+        defConfig4.putString("params.signingAlg", "-");
         defConfig4.putString("params.signingAlgsAllowed",
-          "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC");
+                "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC");
         IPolicyConstraint con4 = policy4.getConstraint();
         IConfigStore conConfig4 = con4.getConfigStore();
 
         // extensions
         IProfilePolicy policy5 =
-          createProfilePolicy("set1", "p5",
-            "keyUsageExtDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p5",
+                        "keyUsageExtDefaultImpl", "noConstraintImpl");
         IPolicyDefault def5 = policy5.getDefault();
         IConfigStore defConfig5 = def5.getConfigStore();
-        defConfig5.putString("params.keyUsageCritical","true");
-        defConfig5.putString("params.keyUsageCrlSign","true");
-        defConfig5.putString("params.keyUsageDataEncipherment","false");
-        defConfig5.putString("params.keyUsageDecipherOnly","false");
-        defConfig5.putString("params.keyUsageDigitalSignature","true");
-        defConfig5.putString("params.keyUsageEncipherOnly","false");
-        defConfig5.putString("params.keyUsageKeyAgreement","false");
-        defConfig5.putString("params.keyUsageKeyCertSign","true");
-        defConfig5.putString("params.keyUsageKeyEncipherment","false");
-        defConfig5.putString("params.keyUsageNonRepudiation","true");
+        defConfig5.putString("params.keyUsageCritical", "true");
+        defConfig5.putString("params.keyUsageCrlSign", "true");
+        defConfig5.putString("params.keyUsageDataEncipherment", "false");
+        defConfig5.putString("params.keyUsageDecipherOnly", "false");
+        defConfig5.putString("params.keyUsageDigitalSignature", "true");
+        defConfig5.putString("params.keyUsageEncipherOnly", "false");
+        defConfig5.putString("params.keyUsageKeyAgreement", "false");
+        defConfig5.putString("params.keyUsageKeyCertSign", "true");
+        defConfig5.putString("params.keyUsageKeyEncipherment", "false");
+        defConfig5.putString("params.keyUsageNonRepudiation", "true");
         IPolicyConstraint con5 = policy5.getConstraint();
         IConfigStore conConfig5 = con5.getConfigStore();
 
         IProfilePolicy policy6 =
-          createProfilePolicy("set1", "p6",
-            "basicConstraintsExtDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p6",
+                        "basicConstraintsExtDefaultImpl", "noConstraintImpl");
         IPolicyDefault def6 = policy6.getDefault();
         IConfigStore defConfig6 = def6.getConfigStore();
-        defConfig6.putString("params.basicConstraintsPathLen","-1");
-        defConfig6.putString("params.basicConstraintsIsCA","true");
-        defConfig6.putString("params.basicConstraintsPathLen","-1");
+        defConfig6.putString("params.basicConstraintsPathLen", "-1");
+        defConfig6.putString("params.basicConstraintsIsCA", "true");
+        defConfig6.putString("params.basicConstraintsPathLen", "-1");
         IPolicyConstraint con6 = policy6.getConstraint();
         IConfigStore conConfig6 = con6.getConfigStore();
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
index 32cd51b5..aa18acd3 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import java.util.Enumeration;
 
 import netscape.security.x509.X500Name;
@@ -41,27 +40,24 @@ import com.netscape.certsrv.profile.IProfileUpdater;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.RequestStatus;
 
-
 /**
  * This class implements a Certificate Manager enrollment
  * profile.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CAEnrollProfile extends EnrollProfile {
 
-    private final static String
-        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST =
-        "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
-
+    private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST =
+            "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
 
     public CAEnrollProfile() {
         super();
     }
 
     public IAuthority getAuthority() {
-        IAuthority authority = (IAuthority) 
-            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+        IAuthority authority = (IAuthority)
+                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
 
         if (authority == null)
             return null;
@@ -70,17 +66,17 @@ public class CAEnrollProfile extends EnrollProfile {
 
     public X500Name getIssuerName() {
         ICertificateAuthority ca = (ICertificateAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
         X500Name issuerName = ca.getX500Name();
 
         return issuerName;
     }
 
     public void execute(IRequest request)
-        throws EProfileException {
+            throws EProfileException {
 
         long startTime = CMS.getCurrentDate().getTime();
-         
+
         if (!isEnable()) {
             CMS.debug("CAEnrollProfile: Profile Not Enabled");
             throw new EProfileException("Profile Not Enabled");
@@ -91,14 +87,13 @@ public class CAEnrollProfile extends EnrollProfile {
         String auditRequesterID = auditRequesterID(request);
         String auditArchiveID = ILogger.UNIDENTIFIED;
 
-
         String id = request.getRequestId().toString();
         if (id != null) {
             auditArchiveID = id.trim();
         }
 
-        CMS.debug("CAEnrollProfile: execute reqId=" + 
-            request.getRequestId().toString());
+        CMS.debug("CAEnrollProfile: execute reqId=" +
+                request.getRequestId().toString());
         ICertificateAuthority ca = (ICertificateAuthority) getAuthority();
         ICAService caService = (ICAService) ca.getCAService();
 
@@ -113,41 +108,39 @@ public class CAEnrollProfile extends EnrollProfile {
         // do not archive keys for renewal requests
         if ((optionsData != null) && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) {
             PKIArchiveOptions options = (PKIArchiveOptions)
-                toPKIArchiveOptions(optionsData);
+                    toPKIArchiveOptions(optionsData);
 
             if (options != null) {
                 CMS.debug("CAEnrollProfile: execute found " +
-                    "PKIArchiveOptions");
+                        "PKIArchiveOptions");
                 try {
                     IConnector kraConnector = caService.getKRAConnector();
 
                     if (kraConnector == null) {
                         CMS.debug("CAEnrollProfile: KRA connector " +
-                            "not configured");
+                                "not configured");
 
                         auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditArchiveID);
+                                LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+                                auditSubjectID,
+                                ILogger.FAILURE,
+                                auditRequesterID,
+                                auditArchiveID);
 
                         audit(auditMessage);
-                   
+
                     } else {
                         CMS.debug("CAEnrollProfile: execute send request");
                         kraConnector.send(request);
 
-
-                        
                         // check response
                         if (!request.isSuccess()) {
                             auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditArchiveID);
+                                    LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+                                    auditSubjectID,
+                                    ILogger.FAILURE,
+                                    auditRequesterID,
+                                    auditArchiveID);
 
                             audit(auditMessage);
                             throw new ERejectException(
@@ -155,17 +148,16 @@ public class CAEnrollProfile extends EnrollProfile {
                         }
 
                         auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditRequesterID,
-                            auditArchiveID);
+                                LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+                                auditSubjectID,
+                                ILogger.SUCCESS,
+                                auditRequesterID,
+                                auditArchiveID);
 
                         audit(auditMessage);
                     }
                 } catch (Exception e) {
 
-
                     if (e instanceof ERejectException) {
                         throw (ERejectException) e;
                     }
@@ -194,12 +186,12 @@ public class CAEnrollProfile extends EnrollProfile {
         sc.put("profileId", getId());
         String setId = request.getExtDataInString("profileSetId");
         if (setId != null) {
-          sc.put("profileSetId", setId);
+            sc.put("profileSetId", setId);
         }
 
         try {
             theCert = caService.issueX509Cert(info, getId() /* profileId */,
-              id /* requestId */);
+                    id /* requestId */);
         } catch (EBaseException e) {
             CMS.debug(e.toString());
 
@@ -211,24 +203,24 @@ public class CAEnrollProfile extends EnrollProfile {
 
         String initiative = AuditFormat.FROMAGENT
                           + " userID: "
-                          + (String)sc.get(SessionContext.USER_ID);
-        String authMgr = (String)sc.get(SessionContext.AUTH_MANAGER_ID);
+                          + (String) sc.get(SessionContext.USER_ID);
+        String authMgr = (String) sc.get(SessionContext.AUTH_MANAGER_ID);
 
         ILogger logger = CMS.getLogger();
-        if( logger != null ) {
-            logger.log( ILogger.EV_AUDIT, 
-                        ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.FORMAT, 
-                        new Object[] { 
-                            request.getRequestType(), 
-                            request.getRequestId(), 
-                            initiative, 
-                            authMgr, 
-                            "completed", 
-                            theCert.getSubjectDN(), 
-                            "cert issued serial number: 0x" + 
-                            theCert.getSerialNumber().toString(16) + 
-                            " time: " + (endTime - startTime) }
-            );
+        if (logger != null) {
+            logger.log(ILogger.EV_AUDIT,
+                        ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.FORMAT,
+                        new Object[] {
+                                request.getRequestType(),
+                                request.getRequestId(),
+                                initiative,
+                                authMgr,
+                                "completed",
+                                theCert.getSubjectDN(),
+                                "cert issued serial number: 0x" +
+                                        theCert.getSerialNumber().toString(16) +
+                                        " time: " + (endTime - startTime) }
+                    );
         }
 
         request.setRequestStatus(RequestStatus.COMPLETE);
@@ -236,9 +228,9 @@ public class CAEnrollProfile extends EnrollProfile {
         // notifies updater plugins
         Enumeration updaterIds = getProfileUpdaterIds();
         while (updaterIds.hasMoreElements()) {
-           String updaterId = (String)updaterIds.nextElement();
-           IProfileUpdater updater = getProfileUpdater(updaterId);
-           updater.update(request, RequestStatus.COMPLETE); 
+            String updaterId = (String) updaterIds.nextElement();
+            IProfileUpdater updater = getProfileUpdater(updaterId);
+            updater.update(request, RequestStatus.COMPLETE);
         }
 
         // set value for predicate value - checking in getRule
@@ -248,4 +240,3 @@ public class CAEnrollProfile extends EnrollProfile {
             request.setExtData("isEncryptionCert", "false");
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
index 8bc6f190..44d7454e 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -99,21 +98,21 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.cmsutil.util.HMACDigest;
 
-
 /**
  * This class implements a generic enrollment profile.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public abstract class EnrollProfile extends BasicProfile 
-    implements IEnrollProfile {
+public abstract class EnrollProfile extends BasicProfile
+        implements IEnrollProfile {
 
     private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST =
-        "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
+            "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
     private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION =
-        "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
+            "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
 
     private PKIData mCMCData;
+
     public EnrollProfile() {
         super();
     }
@@ -134,11 +133,11 @@ public abstract class EnrollProfile extends BasicProfile
      * Creates request.
      */
     public IRequest[] createRequests(IProfileContext context, Locale locale)
-        throws EProfileException {
+            throws EProfileException {
         EnrollProfileContext ctx = (EnrollProfileContext) context;
 
         // determine how many requests should be created
-        String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE); 
+        String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE);
         String cert_request = ctx.get(CTX_CERT_REQUEST);
         String is_renewal = ctx.get(CTX_RENEWAL);
         Integer renewal_seq_num = 0;
@@ -175,10 +174,9 @@ public abstract class EnrollProfile extends BasicProfile
             if (renewal_seq_num_str != null) {
                 renewal_seq_num = Integer.parseInt(renewal_seq_num_str);
             } else {
-                renewal_seq_num =0;
+                renewal_seq_num = 0;
             }
         }
-                
 
         // populate requests with appropriate content
         IRequest result[] = new IRequest[num_requests];
@@ -186,7 +184,7 @@ public abstract class EnrollProfile extends BasicProfile
         for (int i = 0; i < num_requests; i++) {
             result[i] = createEnrollmentRequest();
             if ((is_renewal != null) && (is_renewal.equals("true"))) {
-                result[i].setExtData(REQUEST_SEQ_NUM,renewal_seq_num);
+                result[i].setExtData(REQUEST_SEQ_NUM, renewal_seq_num);
             } else {
                 result[i].setExtData(REQUEST_SEQ_NUM, Integer.valueOf(i));
             }
@@ -211,32 +209,32 @@ public abstract class EnrollProfile extends BasicProfile
                 48, 92, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5,
                 0, 3, 75, 0, 48, 72, 2, 65, 0, -65, 121, -119, -59, 105, 66,
                 -122, -78, -30, -64, 63, -47, 44, -48, -104, 103, -47, -108,
-                42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86,71, 24,
+                42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86, 71, 24,
                 -104, 78, -31, -75, -128, 90, -92, -34, -51, -125, -13, 80, 101,
                 -78, 39, -119, -38, 117, 28, 67, -19, -71, -124, -85, 105, -53,
-                -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1};
+                -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1 };
         // default values into x509 certinfo. This thing is
         // not serializable by default
         try {
-            info.set(X509CertInfo.VERSION, 
-                new CertificateVersion(CertificateVersion.V3));
-            info.set(X509CertInfo.SERIAL_NUMBER, 
-                new CertificateSerialNumber(new BigInteger("0")));
-            info.set(X509CertInfo.ISSUER, 
-                new CertificateIssuerName(issuerName));
+            info.set(X509CertInfo.VERSION,
+                    new CertificateVersion(CertificateVersion.V3));
+            info.set(X509CertInfo.SERIAL_NUMBER,
+                    new CertificateSerialNumber(new BigInteger("0")));
+            info.set(X509CertInfo.ISSUER,
+                    new CertificateIssuerName(issuerName));
             info.set(X509CertInfo.KEY,
-                new CertificateX509Key(X509Key.parse(new DerValue(dummykey))));
-            info.set(X509CertInfo.SUBJECT, 
-                new CertificateSubjectName(issuerName));
-            info.set(X509CertInfo.VALIDITY, 
-                new CertificateValidity(new Date(), new Date()));
-            info.set(X509CertInfo.ALGORITHM_ID, 
-                new CertificateAlgorithmId(
-                    AlgorithmId.getAlgorithmId("MD5withRSA")));
+                    new CertificateX509Key(X509Key.parse(new DerValue(dummykey))));
+            info.set(X509CertInfo.SUBJECT,
+                    new CertificateSubjectName(issuerName));
+            info.set(X509CertInfo.VALIDITY,
+                    new CertificateValidity(new Date(), new Date()));
+            info.set(X509CertInfo.ALGORITHM_ID,
+                    new CertificateAlgorithmId(
+                            AlgorithmId.getAlgorithmId("MD5withRSA")));
 
             // add default extension container
-            info.set(X509CertInfo.EXTENSIONS, 
-                new CertificateExtensions());
+            info.set(X509CertInfo.EXTENSIONS,
+                    new CertificateExtensions());
         } catch (Exception e) {
             // throw exception - add key to template
             CMS.debug("EnrollProfile: Building X509CertInfo - " + e.toString());
@@ -246,7 +244,7 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     public IRequest createEnrollmentRequest()
-        throws EProfileException {
+            throws EProfileException {
         IRequest req = null;
 
         try {
@@ -270,7 +268,7 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     public abstract void execute(IRequest request)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Perform simple policy set assignment.
@@ -298,7 +296,7 @@ public abstract class EnrollProfile extends BasicProfile
 
         try {
             CertificateSubjectName sn = (CertificateSubjectName)
-                info.get(X509CertInfo.SUBJECT);
+                    info.get(X509CertInfo.SUBJECT);
 
             return sn.toString();
         } catch (Exception e) {
@@ -308,11 +306,11 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     /**
-     * This method is called after the user submits the 
+     * This method is called after the user submits the
      * request from the end-entity page.
      */
     public void submit(IAuthToken token, IRequest request)
-        throws EDeferException, EProfileException {
+            throws EDeferException, EProfileException {
         // Request Submission Logic:
         //
         // if (Authentication Failed) {
@@ -325,18 +323,18 @@ public abstract class EnrollProfile extends BasicProfile
         //   }
         // }
 
-        IAuthority authority = (IAuthority) 
-            getAuthority();
+        IAuthority authority = (IAuthority)
+                getAuthority();
         IRequestQueue queue = authority.getRequestQueue();
 
-            // this profile queues request that is authenticated
-            // by NoAuth
-            try {
-                queue.updateRequest(request);
-            } catch (EBaseException e) {
-                // save request to disk
-                CMS.debug("EnrollProfile: Update request " + e.toString());
-            }
+        // this profile queues request that is authenticated
+        // by NoAuth
+        try {
+            queue.updateRequest(request);
+        } catch (EBaseException e) {
+            // save request to disk
+            CMS.debug("EnrollProfile: Update request " + e.toString());
+        }
 
         if (token == null) {
             CMS.debug("EnrollProfile: auth token is null");
@@ -359,7 +357,7 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     public TaggedRequest[] parseCMC(Locale locale, String certreq)
-        throws EProfileException {
+            throws EProfileException {
         /* cert request must not be null */
         if (certreq == null) {
             CMS.debug("EnrollProfile: parseCMC() certreq null");
@@ -374,15 +372,15 @@ public abstract class EnrollProfile extends BasicProfile
         try {
             byte data[] = CMS.AtoB(creq);
             ByteArrayInputStream cmcBlobIn =
-                new ByteArrayInputStream(data);
-            
+                    new ByteArrayInputStream(data);
+
             org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo)
-            org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
-            org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData)cmcReq.getInterpretedContent();
-             org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
+                    org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
+            org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData) cmcReq.getInterpretedContent();
+            org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
             OBJECT_IDENTIFIER id = ci.getContentType();
             OCTET_STRING content = ci.getContent();
-            
+
             ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
             PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
 
@@ -398,22 +396,22 @@ public abstract class EnrollProfile extends BasicProfile
                 if (numcontrols > 0) {
                     context.put("numOfControls", Integer.valueOf(numcontrols));
                     TaggedAttribute[] attributes = new TaggedAttribute[numcontrols];
-                    for (int i=0; i<numcontrols; i++) {
-                        attributes[i] = (TaggedAttribute)controlSeq.elementAt(i);
+                    for (int i = 0; i < numcontrols; i++) {
+                        attributes[i] = (TaggedAttribute) controlSeq.elementAt(i);
                         OBJECT_IDENTIFIER oid = attributes[i].getType();
                         if (oid.equals(OBJECT_IDENTIFIER.id_cmc_identityProof)) {
-                            boolean valid = verifyIdentityProof(attributes[i], 
-                              reqSeq);
+                            boolean valid = verifyIdentityProof(attributes[i],
+                                    reqSeq);
                             if (!valid) {
-                                SEQUENCE bpids = getRequestBpids(reqSeq); 
+                                SEQUENCE bpids = getRequestBpids(reqSeq);
                                 context.put("identityProof", bpids);
                                 return null;
                             }
                         } else if (oid.equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) {
                             SET vals = attributes[i].getValues();
-                            OCTET_STRING ostr = 
-                              (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(),
-                              ASN1Util.encode(vals.elementAt(0))));
+                            OCTET_STRING ostr =
+                                    (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(),
+                                            ASN1Util.encode(vals.elementAt(0))));
                             randomSeed = ostr.toByteArray();
                         } else {
                             context.put(attributes[i].getType(), attributes[i]);
@@ -421,18 +419,18 @@ public abstract class EnrollProfile extends BasicProfile
                     }
                 }
             }
- 
+
             SEQUENCE otherMsgSeq = pkiData.getOtherMsgSequence();
             int numOtherMsgs = otherMsgSeq.size();
             if (!context.containsKey("numOfOtherMsgs")) {
                 context.put("numOfOtherMsgs", Integer.valueOf(numOtherMsgs));
-                for (int i=0; i<numOtherMsgs; i++) {
-                    OtherMsg omsg =(OtherMsg)(ASN1Util.decode(OtherMsg.getTemplate(),
-                      ASN1Util.encode(otherMsgSeq.elementAt(i))));
-                    context.put("otherMsg"+i, omsg);
+                for (int i = 0; i < numOtherMsgs; i++) {
+                    OtherMsg omsg = (OtherMsg) (ASN1Util.decode(OtherMsg.getTemplate(),
+                            ASN1Util.encode(otherMsgSeq.elementAt(i))));
+                    context.put("otherMsg" + i, omsg);
                 }
             }
-            
+
             int nummsgs = reqSeq.size();
             if (nummsgs > 0) {
                 msgs = new TaggedRequest[reqSeq.size()];
@@ -445,7 +443,7 @@ public abstract class EnrollProfile extends BasicProfile
                             valid = verifyPOPLinkWitness(randomSeed, msgs[i], bpids);
                             if (!valid || bpids.size() > 0) {
                                 context.put("POPLinkWitness", bpids);
-                                return null; 
+                                return null;
                             }
                         }
                     }
@@ -462,7 +460,7 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     private boolean verifyPOPLinkWitness(byte[] randomSeed, TaggedRequest req,
-      SEQUENCE bpids) {
+            SEQUENCE bpids) {
         ISharedToken tokenClass = null;
         boolean sharedSecretFound = true;
         String name = null;
@@ -477,15 +475,15 @@ public abstract class EnrollProfile extends BasicProfile
         }
 
         try {
-            tokenClass = (ISharedToken)Class.forName(name).newInstance();
+            tokenClass = (ISharedToken) Class.forName(name).newInstance();
         } catch (ClassNotFoundException e) {
-            CMS.debug("EnrollProfile: Failed to find class name: "+name);
+            CMS.debug("EnrollProfile: Failed to find class name: " + name);
             sharedSecretFound = false;
         } catch (InstantiationException e) {
-            CMS.debug("EnrollProfile: Failed to instantiate class: "+name);
+            CMS.debug("EnrollProfile: Failed to instantiate class: " + name);
             sharedSecretFound = false;
         } catch (IllegalAccessException e) {
-            CMS.debug("EnrollProfile: Illegal access: "+name);
+            CMS.debug("EnrollProfile: Illegal access: " + name);
             sharedSecretFound = false;
         }
 
@@ -494,7 +492,7 @@ public abstract class EnrollProfile extends BasicProfile
         String sharedSecret = null;
         if (tokenClass != null)
             sharedSecret = tokenClass.getSharedToken(mCMCData);
-        if (req.getType().equals(TaggedRequest.PKCS10)) { 
+        if (req.getType().equals(TaggedRequest.PKCS10)) {
             TaggedCertificationRequest tcr = req.getTcr();
             if (!sharedSecretFound) {
                 bpids.addElement(tcr.getBodyPartID());
@@ -503,25 +501,25 @@ public abstract class EnrollProfile extends BasicProfile
                 CertificationRequest creq = tcr.getCertificationRequest();
                 CertificationRequestInfo cinfo = creq.getInfo();
                 SET attrs = cinfo.getAttributes();
-                for (int j=0; j<attrs.size(); j++) {
-                    Attribute pkcs10Attr = (Attribute)attrs.elementAt(j);
+                for (int j = 0; j < attrs.size(); j++) {
+                    Attribute pkcs10Attr = (Attribute) attrs.elementAt(j);
                     if (pkcs10Attr.getType().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) {
                         SET witnessVal = pkcs10Attr.getValues();
                         if (witnessVal.size() > 0) {
                             try {
                                 OCTET_STRING str =
-                                  (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(),
-                                  ASN1Util.encode(witnessVal.elementAt(0))));
+                                        (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(),
+                                                ASN1Util.encode(witnessVal.elementAt(0))));
                                 bv = str.toByteArray();
                                 return verifyDigest(sharedSecret.getBytes(),
-                                  randomSeed, bv);
+                                        randomSeed, bv);
                             } catch (InvalidBERException ex) {
                                 return false;
                             }
                         }
-                    } 
+                    }
                 }
-  
+
                 return false;
             }
         } else if (req.getType().equals(TaggedRequest.CRMF)) {
@@ -535,14 +533,14 @@ public abstract class EnrollProfile extends BasicProfile
                 for (int i = 0; i < certReq.numControls(); i++) {
                     AVA ava = certReq.controlAt(i);
 
-                    if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { 
+                    if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) {
                         ASN1Value value = ava.getValue();
                         ByteArrayInputStream bis = new ByteArrayInputStream(
-                          ASN1Util.encode(value));
+                                ASN1Util.encode(value));
                         OCTET_STRING ostr = null;
                         try {
                             ostr = (OCTET_STRING)
-                              (new OCTET_STRING.Template()).decode(bis);
+                                    (new OCTET_STRING.Template()).decode(bis);
                             bv = ostr.toByteArray();
                         } catch (Exception e) {
                             bpids.addElement(reqId);
@@ -550,7 +548,7 @@ public abstract class EnrollProfile extends BasicProfile
                         }
 
                         boolean valid = verifyDigest(sharedSecret.getBytes(),
-                          randomSeed, bv);
+                                randomSeed, bv);
                         if (!valid) {
                             bpids.addElement(reqId);
                             return valid;
@@ -569,7 +567,7 @@ public abstract class EnrollProfile extends BasicProfile
             MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
             key = SHA1Digest.digest(sharedSecret);
         } catch (NoSuchAlgorithmException ex) {
-            CMS.debug("EnrollProfile: No such algorithm for this message digest."); 
+            CMS.debug("EnrollProfile: No such algorithm for this message digest.");
             return false;
         }
 
@@ -580,7 +578,7 @@ public abstract class EnrollProfile extends BasicProfile
             hmacDigest.update(text);
             finalDigest = hmacDigest.digest();
         } catch (NoSuchAlgorithmException ex) {
-            CMS.debug("EnrollProfile: No such algorithm for this message digest."); 
+            CMS.debug("EnrollProfile: No such algorithm for this message digest.");
             return false;
         }
 
@@ -589,9 +587,9 @@ public abstract class EnrollProfile extends BasicProfile
             return false;
         }
 
-        for (int j=0; j<bv.length; j++) {
+        for (int j = 0; j < bv.length; j++) {
             if (bv[j] != finalDigest[j]) {
-            CMS.debug("EnrollProfile: The content of two HMAC digest are not the same.");
+                CMS.debug("EnrollProfile: The content of two HMAC digest are not the same.");
                 return false;
             }
         }
@@ -633,23 +631,23 @@ public abstract class EnrollProfile extends BasicProfile
         else {
             ISharedToken tokenClass = null;
             try {
-                tokenClass = (ISharedToken)Class.forName(name).newInstance();
+                tokenClass = (ISharedToken) Class.forName(name).newInstance();
             } catch (ClassNotFoundException e) {
-                CMS.debug("EnrollProfile: Failed to find class name: "+name);
+                CMS.debug("EnrollProfile: Failed to find class name: " + name);
                 return false;
             } catch (InstantiationException e) {
-                CMS.debug("EnrollProfile: Failed to instantiate class: "+name);
+                CMS.debug("EnrollProfile: Failed to instantiate class: " + name);
                 return false;
             } catch (IllegalAccessException e) {
-                CMS.debug("EnrollProfile: Illegal access: "+name);
+                CMS.debug("EnrollProfile: Illegal access: " + name);
                 return false;
             }
- 
+
             String token = tokenClass.getSharedToken(mCMCData);
             OCTET_STRING ostr = null;
             try {
-                ostr = (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(),
-                ASN1Util.encode(vals.elementAt(0))));
+                ostr = (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(),
+                        ASN1Util.encode(vals.elementAt(0))));
             } catch (InvalidBERException e) {
                 CMS.debug("EnrollProfile: Failed to decode the byte value.");
                 return false;
@@ -662,34 +660,34 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     public void fillTaggedRequest(Locale locale, TaggedRequest tagreq, X509CertInfo info,
-        IRequest req)
-        throws EProfileException {
+            IRequest req)
+            throws EProfileException {
         TaggedRequest.Type type = tagreq.getType();
 
-        if (type.equals(TaggedRequest.PKCS10)) { 
+        if (type.equals(TaggedRequest.PKCS10)) {
             try {
-                TaggedCertificationRequest tcr = tagreq.getTcr(); 
-                CertificationRequest p10 = tcr.getCertificationRequest(); 
-                ByteArrayOutputStream ostream = new ByteArrayOutputStream(); 
+                TaggedCertificationRequest tcr = tagreq.getTcr();
+                CertificationRequest p10 = tcr.getCertificationRequest();
+                ByteArrayOutputStream ostream = new ByteArrayOutputStream();
 
-                p10.encode(ostream); 
+                p10.encode(ostream);
                 PKCS10 pkcs10 = new PKCS10(ostream.toByteArray());
 
                 req.setExtData("bodyPartId", tcr.getBodyPartID());
                 fillPKCS10(locale, pkcs10, info, req);
             } catch (Exception e) {
-                CMS.debug("EnrollProfile: fillTaggedRequest " + 
-                    e.toString());
+                CMS.debug("EnrollProfile: fillTaggedRequest " +
+                        e.toString());
             }
-        } else if (type.equals(TaggedRequest.CRMF)) { 
-            CertReqMsg crm = tagreq.getCrm(); 
+        } else if (type.equals(TaggedRequest.CRMF)) {
+            CertReqMsg crm = tagreq.getCrm();
             SessionContext context = SessionContext.getContext();
-            Integer nums = (Integer)(context.get("numOfControls"));
+            Integer nums = (Integer) (context.get("numOfControls"));
 
             // check if the LRA POP Witness Control attribute exists
             if (nums != null && nums.intValue() > 0) {
-                TaggedAttribute attr = 
-                  (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
+                TaggedAttribute attr =
+                        (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
                 if (attr != null) {
                     parseLRAPopWitness(locale, crm, attr);
                 } else {
@@ -708,42 +706,42 @@ public abstract class EnrollProfile extends BasicProfile
         }
     }
 
-    private void parseLRAPopWitness(Locale locale, CertReqMsg crm, 
-      TaggedAttribute attr) throws EProfileException {
+    private void parseLRAPopWitness(Locale locale, CertReqMsg crm,
+            TaggedAttribute attr) throws EProfileException {
         SET vals = attr.getValues();
         boolean donePOP = false;
         INTEGER reqId = null;
         if (vals.size() > 0) {
             LraPopWitness lraPop = null;
             try {
-                lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(),
-                  ASN1Util.encode(vals.elementAt(0))));
+                lraPop = (LraPopWitness) (ASN1Util.decode(LraPopWitness.getTemplate(),
+                        ASN1Util.encode(vals.elementAt(0))));
             } catch (InvalidBERException e) {
                 throw new EProfileException(
-                  CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR"));
+                        CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR"));
             }
 
             SEQUENCE bodyIds = lraPop.getBodyIds();
             reqId = crm.getCertReq().getCertReqId();
 
-            for (int i=0; i<bodyIds.size(); i++) {
-                INTEGER num = (INTEGER)(bodyIds.elementAt(i));
+            for (int i = 0; i < bodyIds.size(); i++) {
+                INTEGER num = (INTEGER) (bodyIds.elementAt(i));
                 if (num.toString().equals(reqId.toString())) {
                     donePOP = true;
-                    CMS.debug("EnrollProfile: skip POP for request: "+reqId.toString()+ " because LRA POP Witness control is found.");
+                    CMS.debug("EnrollProfile: skip POP for request: " + reqId.toString() + " because LRA POP Witness control is found.");
                     break;
                 }
             }
         }
 
         if (!donePOP) {
-            CMS.debug("EnrollProfile: not skip POP for request: "+reqId.toString()+" because this request id is not part of the body list in LRA Pop witness control.");
+            CMS.debug("EnrollProfile: not skip POP for request: " + reqId.toString() + " because this request id is not part of the body list in LRA Pop witness control.");
             verifyPOP(locale, crm);
         }
     }
 
     public CertReqMsg[] parseCRMF(Locale locale, String certreq)
-        throws EProfileException {
+            throws EProfileException {
 
         /* cert request must not be null */
         if (certreq == null) {
@@ -758,10 +756,10 @@ public abstract class EnrollProfile extends BasicProfile
         try {
             byte data[] = CMS.AtoB(creq);
             ByteArrayInputStream crmfBlobIn =
-                new ByteArrayInputStream(data);
+                    new ByteArrayInputStream(data);
             SEQUENCE crmfMsgs = (SEQUENCE)
-                new SEQUENCE.OF_Template(new
-                    CertReqMsg.Template()).decode(crmfBlobIn);
+                    new SEQUENCE.OF_Template(new
+                            CertReqMsg.Template()).decode(crmfBlobIn);
             int nummsgs = crmfMsgs.size();
 
             if (nummsgs <= 0)
@@ -779,17 +777,17 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID =
-        new OBJECT_IDENTIFIER(new long[] {1, 3, 6, 1, 5, 5, 7, 5, 1, 4}
-        );
+            new OBJECT_IDENTIFIER(new long[] { 1, 3, 6, 1, 5, 5, 7, 5, 1, 4 }
+            );
 
-    protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) { 
-        ASN1Value archVal = ava.getValue(); 
+    protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) {
+        ASN1Value archVal = ava.getValue();
         ByteArrayInputStream bis = new ByteArrayInputStream(
-                ASN1Util.encode(archVal)); 
+                ASN1Util.encode(archVal));
         PKIArchiveOptions archOpts = null;
 
-        try { 
-            archOpts = (PKIArchiveOptions) 
+        try {
+            archOpts = (PKIArchiveOptions)
                     (new PKIArchiveOptions.Template()).decode(bis);
         } catch (Exception e) {
             CMS.debug("EnrollProfile: getPKIArchiveOptions " + e.toString());
@@ -801,8 +799,8 @@ public abstract class EnrollProfile extends BasicProfile
         ByteArrayInputStream bis = new ByteArrayInputStream(options);
         PKIArchiveOptions archOpts = null;
 
-        try { 
-            archOpts = (PKIArchiveOptions) 
+        try {
+            archOpts = (PKIArchiveOptions)
                     (new PKIArchiveOptions.Template()).decode(bis);
         } catch (Exception e) {
             CMS.debug("EnrollProfile: toPKIArchiveOptions " + e.toString());
@@ -810,13 +808,13 @@ public abstract class EnrollProfile extends BasicProfile
         return archOpts;
     }
 
-    public byte[] toByteArray(PKIArchiveOptions options) { 
+    public byte[] toByteArray(PKIArchiveOptions options) {
         return ASN1Util.encode(options);
     }
 
     public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg, X509CertInfo info,
-        IRequest req)
-        throws EProfileException {
+            IRequest req)
+            throws EProfileException {
         try {
             CMS.debug("Start parseCertReqMsg ");
             CertRequest certReq = certReqMsg.getCertReq();
@@ -825,12 +823,12 @@ public abstract class EnrollProfile extends BasicProfile
             for (int i = 0; i < certReq.numControls(); i++) {
                 AVA ava = certReq.controlAt(i);
 
-                if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) { 
+                if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) {
                     PKIArchiveOptions opt = getPKIArchiveOptions(ava);
 
                     //req.set(REQUEST_ARCHIVE_OPTIONS, opt);
-                    req.setExtData(REQUEST_ARCHIVE_OPTIONS, 
-                        toByteArray(opt));
+                    req.setExtData(REQUEST_ARCHIVE_OPTIONS,
+                            toByteArray(opt));
                 }
             }
 
@@ -856,7 +854,7 @@ public abstract class EnrollProfile extends BasicProfile
 
             // parse validity
             if (certTemplate.getNotBefore() != null ||
-                certTemplate.getNotAfter() != null) {
+                    certTemplate.getNotAfter() != null) {
                 CMS.debug("EnrollProfile:  requested notBefore: " + certTemplate.getNotBefore());
                 CMS.debug("EnrollProfile:  requested notAfter:  " + certTemplate.getNotAfter());
                 CMS.debug("EnrollProfile:  current CA time:     " + new Date());
@@ -874,7 +872,7 @@ public abstract class EnrollProfile extends BasicProfile
             if (certTemplate.hasSubject()) {
                 Name subjectdn = certTemplate.getSubject();
                 ByteArrayOutputStream subjectEncStream =
-                    new ByteArrayOutputStream();
+                        new ByteArrayOutputStream();
 
                 subjectdn.encode(subjectEncStream);
                 byte[] subjectEnc = subjectEncStream.toByteArray();
@@ -886,18 +884,20 @@ public abstract class EnrollProfile extends BasicProfile
                 req.setExtData(REQUEST_SUBJECT_NAME,
                         new CertificateSubjectName(subject));
                 try {
-                    String subjectCN  = subject.getCommonName();
-                    if (subjectCN  == null) subjectCN  = "";
-                    req.setExtData(REQUEST_SUBJECT_NAME+".cn",  subjectCN);
+                    String subjectCN = subject.getCommonName();
+                    if (subjectCN == null)
+                        subjectCN = "";
+                    req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN);
                 } catch (Exception ee) {
-                    req.setExtData(REQUEST_SUBJECT_NAME+".cn", "");
+                    req.setExtData(REQUEST_SUBJECT_NAME + ".cn", "");
                 }
                 try {
                     String subjectUID = subject.getUserID();
-                    if (subjectUID == null) subjectUID = "";
-                    req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID);
+                    if (subjectUID == null)
+                        subjectUID = "";
+                    req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID);
                 } catch (Exception ee) {
-                    req.setExtData(REQUEST_SUBJECT_NAME+".uid", "");
+                    req.setExtData(REQUEST_SUBJECT_NAME + ".uid", "");
                 }
             }
 
@@ -921,10 +921,10 @@ public abstract class EnrollProfile extends BasicProfile
 
                 for (int j = 0; j < numexts; j++) {
                     org.mozilla.jss.pkix.cert.Extension jssext =
-                        certTemplate.extensionAt(j);
+                            certTemplate.extensionAt(j);
                     boolean isCritical = jssext.getCritical();
                     org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
-                        jssext.getExtnId();
+                            jssext.getExtnId();
                     long[] numbers = jssoid.getNumbers();
                     int[] oidNumbers = new int[numbers.length];
 
@@ -932,17 +932,17 @@ public abstract class EnrollProfile extends BasicProfile
                         oidNumbers[k] = (int) numbers[k];
                     }
                     ObjectIdentifier oid =
-                        new ObjectIdentifier(oidNumbers);
+                            new ObjectIdentifier(oidNumbers);
                     org.mozilla.jss.asn1.OCTET_STRING jssvalue =
-                        jssext.getExtnValue();
+                            jssext.getExtnValue();
                     ByteArrayOutputStream jssvalueout =
-                        new ByteArrayOutputStream();
+                            new ByteArrayOutputStream();
 
                     jssvalue.encode(jssvalueout);
                     byte[] extValue = jssvalueout.toByteArray();
 
                     Extension ext =
-                        new Extension(oid, isCritical, extValue);
+                            new Extension(oid, isCritical, extValue);
 
                     extensions.parseExtension(ext);
                 }
@@ -965,7 +965,7 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     public PKCS10 parsePKCS10(Locale locale, String certreq)
-        throws EProfileException {
+            throws EProfileException {
         /* cert request must not be null */
         if (certreq == null) {
             CMS.debug("EnrollProfile:parsePKCS10() certreq null");
@@ -996,7 +996,7 @@ public abstract class EnrollProfile extends BasicProfile
                     CMS.debug("EnrollProfile: parsePKCS10: use internal token");
                     signToken = cm.getInternalCryptoToken();
                 } else {
-                    CMS.debug("EnrollProfile: parsePKCS10: tokenName="+ tokenName);
+                    CMS.debug("EnrollProfile: parsePKCS10: tokenName=" + tokenName);
                     signToken = cm.getTokenByName(tokenName);
                 }
                 CMS.debug("EnrollProfile: parsePKCS10 setting thread token");
@@ -1021,7 +1021,7 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info, IRequest req)
-        throws EProfileException {
+            throws EProfileException {
         X509Key key = pkcs10.getSubjectPublicKeyInfo();
 
         try {
@@ -1033,18 +1033,20 @@ public abstract class EnrollProfile extends BasicProfile
             req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME,
                     new CertificateSubjectName(pkcs10.getSubjectName()));
             try {
-                String subjectCN  = pkcs10.getSubjectName().getCommonName();
-                if (subjectCN  == null) subjectCN  = "";
-                req.setExtData(REQUEST_SUBJECT_NAME+".cn",  subjectCN);
+                String subjectCN = pkcs10.getSubjectName().getCommonName();
+                if (subjectCN == null)
+                    subjectCN = "";
+                req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN);
             } catch (Exception ee) {
-                req.setExtData(REQUEST_SUBJECT_NAME+".cn", "");
+                req.setExtData(REQUEST_SUBJECT_NAME + ".cn", "");
             }
             try {
                 String subjectUID = pkcs10.getSubjectName().getUserID();
-                if (subjectUID == null) subjectUID = "";
-                req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID);
+                if (subjectUID == null)
+                    subjectUID = "";
+                req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID);
             } catch (Exception ee) {
-                req.setExtData(REQUEST_SUBJECT_NAME+".uid", "");
+                req.setExtData(REQUEST_SUBJECT_NAME + ".uid", "");
             }
 
             info.set(X509CertInfo.KEY, certKey);
@@ -1052,11 +1054,12 @@ public abstract class EnrollProfile extends BasicProfile
             PKCS10Attributes p10Attrs = pkcs10.getAttributes();
             if (p10Attrs != null) {
                 PKCS10Attribute p10Attr = (PKCS10Attribute)
-                    (p10Attrs.getAttribute(CertificateExtensions.NAME));
+                        (p10Attrs.getAttribute(CertificateExtensions.NAME));
                 if (p10Attr != null && p10Attr.getAttributeId().equals(
-                        PKCS9Attribute.EXTENSION_REQUEST_OID)) {                                    CMS.debug("Found PKCS10 extension");
+                        PKCS9Attribute.EXTENSION_REQUEST_OID)) {
+                    CMS.debug("Found PKCS10 extension");
                     Extensions exts0 = (Extensions)
-                        (p10Attr.getAttributeValue());
+                            (p10Attr.getAttributeValue());
                     DerOutputStream extOut = new DerOutputStream();
 
                     exts0.encode(extOut);
@@ -1070,8 +1073,8 @@ public abstract class EnrollProfile extends BasicProfile
                     }
                 } else {
                     CMS.debug("PKCS10 extension Not Found");
-                } 
-            } 
+                }
+            }
 
             CMS.debug("Finish parsePKCS10 - " + pkcs10.getSubjectName());
         } catch (IOException e) {
@@ -1085,60 +1088,58 @@ public abstract class EnrollProfile extends BasicProfile
         }
     }
 
+    // for netkey
+    public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req)
+            throws EProfileException {
 
- // for netkey
-        public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req)
-        throws EProfileException {
+        try {
+            //cfu - is the algorithm going to be replaced by the policy?
+            X509Key key = new X509Key();
+            key.decode(CMS.AtoB(skey));
+
+            info.set(X509CertInfo.KEY, new CertificateX509Key(key));
+            //                      req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
+            //                              new CertificateSubjectName(new
+            //                              X500Name("CN="+sn)));
+            req.setExtData("screenname", sn);
+            // keeping "aoluid" to be backward compatible
+            req.setExtData("aoluid", sn);
+            req.setExtData("uid", sn);
+            CMS.debug("EnrollPrifile: fillNSNKEY(): uid=" + sn);
 
-                try {
-                        //cfu - is the algorithm going to be replaced by the policy?
-                        X509Key key = new  X509Key();
-                        key.decode(CMS.AtoB(skey));
-
-                        info.set(X509CertInfo.KEY, new CertificateX509Key(key));
-                        //                      req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
-                        //                              new CertificateSubjectName(new
-                        //                              X500Name("CN="+sn)));
-                        req.setExtData("screenname", sn);
-                        // keeping "aoluid" to be backward compatible
-                        req.setExtData("aoluid", sn);
-                        req.setExtData("uid", sn);
-                        CMS.debug("EnrollPrifile: fillNSNKEY(): uid="+sn);
-
-                } catch (Exception e) {
-                        CMS.debug("EnrollProfile: fillNSNKEY(): "+e.toString());
+        } catch (Exception e) {
+            CMS.debug("EnrollProfile: fillNSNKEY(): " + e.toString());
             throw new EProfileException(
                     CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-                }
         }
+    }
 
- // for house key
-        public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req)
-        throws EProfileException {
+    // for house key
+    public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req)
+            throws EProfileException {
 
-                try {
-                        //cfu - is the algorithm going to be replaced by the policy?
-                        X509Key key = new  X509Key();
-                        key.decode(CMS.AtoB(skey));
+        try {
+            //cfu - is the algorithm going to be replaced by the policy?
+            X509Key key = new X509Key();
+            key.decode(CMS.AtoB(skey));
 
-                        info.set(X509CertInfo.KEY, new CertificateX509Key(key));
-                        //                      req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
-                        //                              new CertificateSubjectName(new
-                        //                              X500Name("CN="+sn)));
-                        req.setExtData("tokencuid", tcuid);
+            info.set(X509CertInfo.KEY, new CertificateX509Key(key));
+            //                      req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
+            //                              new CertificateSubjectName(new
+            //                              X500Name("CN="+sn)));
+            req.setExtData("tokencuid", tcuid);
 
-                        CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid="+tcuid);
+            CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid=" + tcuid);
 
-                } catch (Exception e) {
-                        CMS.debug("EnrollProfile: fillNSHKEY(): "+e.toString());
+        } catch (Exception e) {
+            CMS.debug("EnrollProfile: fillNSHKEY(): " + e.toString());
             throw new EProfileException(
                     CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-                }
         }
-
+    }
 
     public DerInputStream parseKeyGen(Locale locale, String certreq)
-        throws EProfileException {
+            throws EProfileException {
         byte data[] = CMS.AtoB(certreq);
 
         DerInputStream derIn = new DerInputStream(data);
@@ -1147,8 +1148,8 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     public void fillKeyGen(Locale locale, DerInputStream derIn, X509CertInfo info, IRequest req
-    )
-        throws EProfileException {
+            )
+                    throws EProfileException {
         try {
 
             /* get SPKAC Algorithm & Signature */
@@ -1229,27 +1230,26 @@ public abstract class EnrollProfile extends BasicProfile
     /**
      * Populate input
      * <P>
-     *
-     * (either all "agent" profile cert requests NOT made through a connector,
-     *  or all "EE" profile cert requests NOT made through a connector)
+     * 
+     * (either all "agent" profile cert requests NOT made through a connector, or all "EE" profile cert requests NOT made through a connector)
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a
-     * profile cert request is made (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before approval process)
      * </ul>
+     * 
      * @param ctx profile context
      * @param request the certificate request
      * @exception EProfileException an error related to this profile has
-     * occurred
+     *                occurred
      */
     public void populateInput(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         super.populateInput(ctx, request);
     }
 
     public void populate(IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         super.populate(request);
 
     }
@@ -1259,7 +1259,7 @@ public abstract class EnrollProfile extends BasicProfile
      * that validate the request against the profile.
      */
     public void validate(IRequest request)
-        throws ERejectException {
+            throws ERejectException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditRequesterID = auditRequesterID(request);
@@ -1272,7 +1272,7 @@ public abstract class EnrollProfile extends BasicProfile
 
         try {
             CertificateSubjectName sn = (CertificateSubjectName)
-                info.get(X509CertInfo.SUBJECT);
+                    info.get(X509CertInfo.SUBJECT);
 
             // if the cert subject name is NOT MISSING, retrieve the
             // actual "auditCertificateSubjectName" and "normalize" it
@@ -1348,12 +1348,12 @@ public abstract class EnrollProfile extends BasicProfile
 
     /**
      * Signed Audit Log Requester ID
-     *
+     * 
      * This method is inherited by all extended "EnrollProfile"s,
      * and is called to obtain the "RequesterID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @param request the actual request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -1379,12 +1379,12 @@ public abstract class EnrollProfile extends BasicProfile
 
     /**
      * Signed Audit Log Profile ID
-     *
+     * 
      * This method is inherited by all extended "EnrollProfile"s,
      * and is called to obtain the "ProfileID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message ProfileID
      */
     protected String auditProfileID() {
@@ -1405,7 +1405,7 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     public void verifyPOP(Locale locale, CertReqMsg certReqMsg)
-        throws EProfileException {
+            throws EProfileException {
         CMS.debug("EnrollProfile ::in verifyPOP");
 
         String auditMessage = null;
@@ -1429,32 +1429,31 @@ public abstract class EnrollProfile extends BasicProfile
                 CMS.debug("POP verification using internal token");
                 certReqMsg.verify();
             } else {
-                CMS.debug("POP verification using token:"+ tokenName);
+                CMS.debug("POP verification using token:" + tokenName);
                 verifyToken = cm.getTokenByName(tokenName);
                 certReqMsg.verify(verifyToken);
             }
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-              LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-              auditSubjectID,
-              ILogger.SUCCESS );
-            audit( auditMessage );
+                    LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+                    auditSubjectID,
+                    ILogger.SUCCESS);
+            audit(auditMessage);
         } catch (Exception e) {
 
-            CMS.debug("Failed POP verify! "+e.toString());
+            CMS.debug("Failed POP verify! " + e.toString());
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-              LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-              auditSubjectID,
-              ILogger.FAILURE );
+                    LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+                    auditSubjectID,
+                    ILogger.FAILURE);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
             throw new EProfileException(CMS.getUserMessage(locale,
                         "CMS_POP_VERIFICATION_ERROR"));
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java
index 199aa794..3610520f 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import com.netscape.certsrv.profile.IProfileContext;
 
-
 /**
  * This class implements an enrollment profile context
  * that carries information for request creation.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class EnrollProfileContext extends ProfileContext 
-    implements IProfileContext {
+public class EnrollProfileContext extends ProfileContext
+        implements IProfileContext {
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java
index 147d9c82..7a275b1e 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import java.util.Hashtable;
 
 import com.netscape.certsrv.profile.IProfileContext;
 
-
 /**
  * This class implements the profile context.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileContext implements IProfileContext {
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java
index a0f0ed25..a8a90aef 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import com.netscape.certsrv.profile.IPolicyConstraint;
 import com.netscape.certsrv.profile.IPolicyDefault;
 import com.netscape.certsrv.profile.IProfilePolicy;
 
-
 /**
  * This class implements a profile policy that
  * contains a default policy and a constraint
  * policy.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfilePolicy implements IProfilePolicy {
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java
index f82e7313..ed028cee 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import java.util.Enumeration;
 
 import netscape.security.x509.X500Name;
@@ -35,11 +34,10 @@ import com.netscape.certsrv.request.IRequestListener;
 import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.certsrv.request.RequestStatus;
 
-
 /**
- * This class implements a Registration Manager 
+ * This class implements a Registration Manager
  * enrollment profile.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class RAEnrollProfile extends EnrollProfile {
@@ -49,8 +47,8 @@ public class RAEnrollProfile extends EnrollProfile {
     }
 
     public IAuthority getAuthority() {
-        IAuthority authority = (IAuthority) 
-            CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+        IAuthority authority = (IAuthority)
+                CMS.getSubsystem(CMS.SUBSYSTEM_RA);
 
         if (authority == null)
             return null;
@@ -59,15 +57,14 @@ public class RAEnrollProfile extends EnrollProfile {
 
     public X500Name getIssuerName() {
         IRegistrationAuthority ra = (IRegistrationAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_RA);
         X500Name issuerName = ra.getX500Name();
 
         return issuerName;
     }
 
     public void execute(IRequest request)
-        throws EProfileException {
-
+            throws EProfileException {
 
         if (!isEnable()) {
             CMS.debug("CAEnrollProfile: Profile Not Enabled");
@@ -75,14 +72,13 @@ public class RAEnrollProfile extends EnrollProfile {
         }
 
         IRegistrationAuthority ra =
-            (IRegistrationAuthority) getAuthority();
+                (IRegistrationAuthority) getAuthority();
         IRAService raService = (IRAService) ra.getRAService();
 
         if (raService == null) {
             throw new EProfileException("No RA Service");
         }
 
-
         IRequestQueue queue = ra.getRequestQueue();
 
         // send request to CA
@@ -94,13 +90,13 @@ public class RAEnrollProfile extends EnrollProfile {
             } else {
                 caConnector.send(request);
                 // check response
-                if (!request.isSuccess()) { 
+                if (!request.isSuccess()) {
                     CMS.debug("RAEnrollProfile error talking to CA setting req status to SVC_PENDING");
 
                     request.setRequestStatus(RequestStatus.SVC_PENDING);
 
                     try {
-                       queue.updateRequest(request);
+                        queue.updateRequest(request);
                     } catch (EBaseException e) {
                         CMS.debug("RAEnrollProfile: Update request " + e.toString());
                     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java
index 4a18ff14..f71d8b23 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.common.NameValuePairs;
@@ -28,91 +27,89 @@ import com.netscape.certsrv.profile.IProfileInput;
 import com.netscape.certsrv.profile.IProfileOutput;
 import com.netscape.certsrv.profile.IProfilePolicy;
 
-
 /**
  * This class implements a Certificate Manager enrollment
  * profile for Server Certificates.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class ServerCertCAEnrollProfile extends CAEnrollProfile 
-   implements IProfileEx {
+public class ServerCertCAEnrollProfile extends CAEnrollProfile
+        implements IProfileEx {
 
     /**
      * Called after initialization. It populates default
      * policies, inputs, and outputs.
      */
-    public void populate() throws EBaseException
-    {
+    public void populate() throws EBaseException {
         // create inputs
         NameValuePairs inputParams1 = new NameValuePairs();
         IProfileInput input1 =
-          createProfileInput("i1", "certReqInputImpl", inputParams1);
+                createProfileInput("i1", "certReqInputImpl", inputParams1);
         NameValuePairs inputParams2 = new NameValuePairs();
         IProfileInput input2 =
-          createProfileInput("i2", "submitterInfoInputImpl", inputParams2);
+                createProfileInput("i2", "submitterInfoInputImpl", inputParams2);
 
         // create outputs
         NameValuePairs outputParams1 = new NameValuePairs();
         IProfileOutput output1 =
-          createProfileOutput("o1", "certOutputImpl", outputParams1);
+                createProfileOutput("o1", "certOutputImpl", outputParams1);
 
         IProfilePolicy policy1 =
-          createProfilePolicy("set1", "p1",
-            "userSubjectNameDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p1",
+                        "userSubjectNameDefaultImpl", "noConstraintImpl");
         IPolicyDefault def1 = policy1.getDefault();
         IConfigStore defConfig1 = def1.getConfigStore();
         IPolicyConstraint con1 = policy1.getConstraint();
         IConfigStore conConfig1 = con1.getConfigStore();
 
         IProfilePolicy policy2 =
-          createProfilePolicy("set1", "p2",
-            "validityDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p2",
+                        "validityDefaultImpl", "noConstraintImpl");
         IPolicyDefault def2 = policy2.getDefault();
         IConfigStore defConfig2 = def2.getConfigStore();
-        defConfig2.putString("params.range","180");
-        defConfig2.putString("params.startTime","0");
+        defConfig2.putString("params.range", "180");
+        defConfig2.putString("params.startTime", "0");
         IPolicyConstraint con2 = policy2.getConstraint();
         IConfigStore conConfig2 = con2.getConfigStore();
 
         IProfilePolicy policy3 =
-          createProfilePolicy("set1", "p3",
-            "userKeyDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p3",
+                        "userKeyDefaultImpl", "noConstraintImpl");
         IPolicyDefault def3 = policy3.getDefault();
         IConfigStore defConfig3 = def3.getConfigStore();
-        defConfig3.putString("params.keyType","RSA");
-        defConfig3.putString("params.keyMinLength","512");
-        defConfig3.putString("params.keyMaxLength","4096");
+        defConfig3.putString("params.keyType", "RSA");
+        defConfig3.putString("params.keyMinLength", "512");
+        defConfig3.putString("params.keyMaxLength", "4096");
         IPolicyConstraint con3 = policy3.getConstraint();
         IConfigStore conConfig3 = con3.getConfigStore();
 
         IProfilePolicy policy4 =
-          createProfilePolicy("set1", "p4",
-            "signingAlgDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p4",
+                        "signingAlgDefaultImpl", "noConstraintImpl");
         IPolicyDefault def4 = policy4.getDefault();
         IConfigStore defConfig4 = def4.getConfigStore();
-        defConfig4.putString("params.signingAlg","-");
+        defConfig4.putString("params.signingAlg", "-");
         defConfig4.putString("params.signingAlgsAllowed",
-          "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
+                "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
         IPolicyConstraint con4 = policy4.getConstraint();
         IConfigStore conConfig4 = con4.getConfigStore();
 
-        IProfilePolicy policy5 = 
-          createProfilePolicy("set1", "p5", 
-            "keyUsageExtDefaultImpl", "noConstraintImpl"); 
-        IPolicyDefault def5 = policy5.getDefault(); 
-        IConfigStore defConfig5 = def5.getConfigStore(); 
-        defConfig5.putString("params.keyUsageCritical","true"); 
-        defConfig5.putString("params.keyUsageCrlSign","false"); 
-        defConfig5.putString("params.keyUsageDataEncipherment","true"); 
-        defConfig5.putString("params.keyUsageDecipherOnly","false"); 
-        defConfig5.putString("params.keyUsageDigitalSignature","true"); 
-        defConfig5.putString("params.keyUsageEncipherOnly","false"); 
-        defConfig5.putString("params.keyUsageKeyAgreement","false"); 
-        defConfig5.putString("params.keyUsageKeyCertSign","false"); 
-        defConfig5.putString("params.keyUsageKeyEncipherment","true"); 
-        defConfig5.putString("params.keyUsageNonRepudiation","true"); 
-        IPolicyConstraint con5 = policy5.getConstraint(); 
+        IProfilePolicy policy5 =
+                createProfilePolicy("set1", "p5",
+                        "keyUsageExtDefaultImpl", "noConstraintImpl");
+        IPolicyDefault def5 = policy5.getDefault();
+        IConfigStore defConfig5 = def5.getConfigStore();
+        defConfig5.putString("params.keyUsageCritical", "true");
+        defConfig5.putString("params.keyUsageCrlSign", "false");
+        defConfig5.putString("params.keyUsageDataEncipherment", "true");
+        defConfig5.putString("params.keyUsageDecipherOnly", "false");
+        defConfig5.putString("params.keyUsageDigitalSignature", "true");
+        defConfig5.putString("params.keyUsageEncipherOnly", "false");
+        defConfig5.putString("params.keyUsageKeyAgreement", "false");
+        defConfig5.putString("params.keyUsageKeyCertSign", "false");
+        defConfig5.putString("params.keyUsageKeyEncipherment", "true");
+        defConfig5.putString("params.keyUsageNonRepudiation", "true");
+        IPolicyConstraint con5 = policy5.getConstraint();
         IConfigStore conConfig5 = con5.getConfigStore();
 
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java
index 7d4254bf..34cd4bf5 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.common.NameValuePairs;
@@ -28,94 +27,92 @@ import com.netscape.certsrv.profile.IProfileInput;
 import com.netscape.certsrv.profile.IProfileOutput;
 import com.netscape.certsrv.profile.IProfilePolicy;
 
-
 /**
  * This class implements a Certificate Manager enrollment
  * profile for User Certificates.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class UserCertCAEnrollProfile extends CAEnrollProfile 
-   implements IProfileEx { 
+public class UserCertCAEnrollProfile extends CAEnrollProfile
+        implements IProfileEx {
 
     /**
      * Called after initialization. It populates default
      * policies, inputs, and outputs.
      */
-    public void populate() throws EBaseException
-    {
+    public void populate() throws EBaseException {
         // create inputs
         NameValuePairs inputParams1 = new NameValuePairs();
         IProfileInput input1 =
-          createProfileInput("i1", "keyGenInputImpl", inputParams1);
+                createProfileInput("i1", "keyGenInputImpl", inputParams1);
         NameValuePairs inputParams2 = new NameValuePairs();
         IProfileInput input2 =
-          createProfileInput("i2", "subjectNameInputImpl", inputParams2);
+                createProfileInput("i2", "subjectNameInputImpl", inputParams2);
         NameValuePairs inputParams3 = new NameValuePairs();
         IProfileInput input3 =
-          createProfileInput("i3", "submitterInfoInputImpl", inputParams2);
+                createProfileInput("i3", "submitterInfoInputImpl", inputParams2);
 
         // create outputs
         NameValuePairs outputParams1 = new NameValuePairs();
         IProfileOutput output1 =
-          createProfileOutput("o1", "certOutputImpl", outputParams1);
+                createProfileOutput("o1", "certOutputImpl", outputParams1);
 
         // create policies
         IProfilePolicy policy1 =
-          createProfilePolicy("set1", "p1", 
-            "userSubjectNameDefaultImpl", "noConstraintImpl"); 
-        IPolicyDefault def1 = policy1.getDefault(); 
-        IConfigStore defConfig1 = def1.getConfigStore(); 
-        IPolicyConstraint con1 = policy1.getConstraint(); 
+                createProfilePolicy("set1", "p1",
+                        "userSubjectNameDefaultImpl", "noConstraintImpl");
+        IPolicyDefault def1 = policy1.getDefault();
+        IConfigStore defConfig1 = def1.getConfigStore();
+        IPolicyConstraint con1 = policy1.getConstraint();
         IConfigStore conConfig1 = con1.getConfigStore();
 
         IProfilePolicy policy2 =
-          createProfilePolicy("set1", "p2", 
-            "validityDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def2 = policy2.getDefault(); 
-        IConfigStore defConfig2 = def2.getConfigStore(); 
-        defConfig2.putString("params.range","180");
-        defConfig2.putString("params.startTime","0");
-        IPolicyConstraint con2 = policy2.getConstraint(); 
+                createProfilePolicy("set1", "p2",
+                        "validityDefaultImpl", "noConstraintImpl");
+        IPolicyDefault def2 = policy2.getDefault();
+        IConfigStore defConfig2 = def2.getConfigStore();
+        defConfig2.putString("params.range", "180");
+        defConfig2.putString("params.startTime", "0");
+        IPolicyConstraint con2 = policy2.getConstraint();
         IConfigStore conConfig2 = con2.getConfigStore();
 
         IProfilePolicy policy3 =
-          createProfilePolicy("set1", "p3", 
-            "userKeyDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def3 = policy3.getDefault(); 
-        IConfigStore defConfig3 = def3.getConfigStore(); 
-        defConfig3.putString("params.keyType","RSA");
-        defConfig3.putString("params.keyMinLength","512");
-        defConfig3.putString("params.keyMaxLength","4096");
-        IPolicyConstraint con3 = policy3.getConstraint(); 
+                createProfilePolicy("set1", "p3",
+                        "userKeyDefaultImpl", "noConstraintImpl");
+        IPolicyDefault def3 = policy3.getDefault();
+        IConfigStore defConfig3 = def3.getConfigStore();
+        defConfig3.putString("params.keyType", "RSA");
+        defConfig3.putString("params.keyMinLength", "512");
+        defConfig3.putString("params.keyMaxLength", "4096");
+        IPolicyConstraint con3 = policy3.getConstraint();
         IConfigStore conConfig3 = con3.getConfigStore();
 
         IProfilePolicy policy4 =
-          createProfilePolicy("set1", "p4", 
-            "signingAlgDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def4 = policy4.getDefault(); 
-        IConfigStore defConfig4 = def4.getConfigStore(); 
-        defConfig4.putString("params.signingAlg","-");
+                createProfilePolicy("set1", "p4",
+                        "signingAlgDefaultImpl", "noConstraintImpl");
+        IPolicyDefault def4 = policy4.getDefault();
+        IConfigStore defConfig4 = def4.getConfigStore();
+        defConfig4.putString("params.signingAlg", "-");
         defConfig4.putString("params.signingAlgsAllowed",
-          "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
-        IPolicyConstraint con4 = policy4.getConstraint(); 
+                "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
+        IPolicyConstraint con4 = policy4.getConstraint();
         IConfigStore conConfig4 = con4.getConfigStore();
 
         IProfilePolicy policy5 =
-          createProfilePolicy("set1", "p5",
-            "keyUsageExtDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p5",
+                        "keyUsageExtDefaultImpl", "noConstraintImpl");
         IPolicyDefault def5 = policy5.getDefault();
         IConfigStore defConfig5 = def5.getConfigStore();
-        defConfig5.putString("params.keyUsageCritical","true");
-        defConfig5.putString("params.keyUsageCrlSign","false");
-        defConfig5.putString("params.keyUsageDataEncipherment","false");
-        defConfig5.putString("params.keyUsageDecipherOnly","false");
-        defConfig5.putString("params.keyUsageDigitalSignature","true");
-        defConfig5.putString("params.keyUsageEncipherOnly","false");
-        defConfig5.putString("params.keyUsageKeyAgreement","false");
-        defConfig5.putString("params.keyUsageKeyCertSign","false");
-        defConfig5.putString("params.keyUsageKeyEncipherment","true");
-        defConfig5.putString("params.keyUsageNonRepudiation","true");
+        defConfig5.putString("params.keyUsageCritical", "true");
+        defConfig5.putString("params.keyUsageCrlSign", "false");
+        defConfig5.putString("params.keyUsageDataEncipherment", "false");
+        defConfig5.putString("params.keyUsageDecipherOnly", "false");
+        defConfig5.putString("params.keyUsageDigitalSignature", "true");
+        defConfig5.putString("params.keyUsageEncipherOnly", "false");
+        defConfig5.putString("params.keyUsageKeyAgreement", "false");
+        defConfig5.putString("params.keyUsageKeyCertSign", "false");
+        defConfig5.putString("params.keyUsageKeyEncipherment", "true");
+        defConfig5.putString("params.keyUsageNonRepudiation", "true");
         IPolicyConstraint con5 = policy5.getConstraint();
         IConfigStore conConfig5 = con5.getConfigStore();
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
index 4e4c2f60..30352278 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -40,24 +39,23 @@ import com.netscape.cms.profile.def.BasicConstraintsExtDefault;
 import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.UserExtensionDefault;
 
-
 /**
  * This class implements the basic constraints extension constraint.
  * It checks if the basic constraint in the certificate
  * template satisfies the criteria.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class BasicConstraintsExtConstraint extends EnrollConstraint {
 
-    public static final String CONFIG_CRITICAL = 
-        "basicConstraintsCritical";
-    public static final String CONFIG_IS_CA = 
-        "basicConstraintsIsCA";
-    public static final String CONFIG_MIN_PATH_LEN = 
-        "basicConstraintsMinPathLen";
-    public static final String CONFIG_MAX_PATH_LEN = 
-        "basicConstraintsMaxPathLen";
+    public static final String CONFIG_CRITICAL =
+            "basicConstraintsCritical";
+    public static final String CONFIG_IS_CA =
+            "basicConstraintsIsCA";
+    public static final String CONFIG_MIN_PATH_LEN =
+            "basicConstraintsMinPathLen";
+    public static final String CONFIG_MAX_PATH_LEN =
+            "basicConstraintsMaxPathLen";
 
     public BasicConstraintsExtConstraint() {
         super();
@@ -71,25 +69,25 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
      * Initializes this constraint plugin.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        if (name.equals(CONFIG_CRITICAL)) { 
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-", 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        if (name.equals(CONFIG_CRITICAL)) {
+            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
                     "-",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_IS_CA)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-", 
+            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
                     "-",
                     CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA"));
         } else if (name.equals(CONFIG_MIN_PATH_LEN)) {
-            return new Descriptor(IDescriptor.INTEGER, null, 
+            return new Descriptor(IDescriptor.INTEGER, null,
                     "-1",
                     CMS.getUserMessage(locale, "CMS_PROFILE_MIN_PATH_LEN"));
         } else if (name.equals(CONFIG_MAX_PATH_LEN)) {
-            return new Descriptor(IDescriptor.INTEGER, null, 
+            return new Descriptor(IDescriptor.INTEGER, null,
                     "100",
                     CMS.getUserMessage(locale, "CMS_PROFILE_MAX_PATH_LEN"));
         }
@@ -101,20 +99,20 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
      * during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
         CertificateExtensions exts = null;
 
         try {
             BasicConstraintsExtension ext = (BasicConstraintsExtension)
-                getExtension(PKIXExtensions.BasicConstraints_Id.toString(), 
-                    info); 
+                    getExtension(PKIXExtensions.BasicConstraints_Id.toString(),
+                            info);
 
             if (ext == null) {
                 throw new ERejectException(
                         CMS.getUserMessage(
-                            getLocale(request), 
-                            "CMS_PROFILE_EXTENSION_NOT_FOUND", 
-                            PKIXExtensions.BasicConstraints_Id.toString()));
+                                getLocale(request),
+                                "CMS_PROFILE_EXTENSION_NOT_FOUND",
+                                PKIXExtensions.BasicConstraints_Id.toString()));
             }
 
             // check criticality
@@ -125,10 +123,10 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
 
                 if (critical != ext.isCritical()) {
                     throw new ERejectException(
-                            CMS.getUserMessage(getLocale(request), 
-                                "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+                            CMS.getUserMessage(getLocale(request),
+                                    "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
                 }
-            } 
+            }
             value = getConfig(CONFIG_IS_CA);
             if (!isOptional(value)) {
                 boolean isCA = getBoolean(value);
@@ -136,10 +134,10 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
 
                 if (isCA != extIsCA.booleanValue()) {
                     throw new ERejectException(
-                            CMS.getUserMessage(getLocale(request), 
-                                "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA"));
+                            CMS.getUserMessage(getLocale(request),
+                                    "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA"));
                 }
-            } 
+            }
             value = getConfig(CONFIG_MIN_PATH_LEN);
             if (!isOptional(value)) {
                 int pathLen = getInt(value);
@@ -148,8 +146,8 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
                 if (pathLen > extPathLen.intValue()) {
                     CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " > extPathLen=" + extPathLen);
                     throw new ERejectException(
-                            CMS.getUserMessage(getLocale(request), 
-                                "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH"));
+                            CMS.getUserMessage(getLocale(request),
+                                    "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH"));
                 }
             }
             value = getConfig(CONFIG_MAX_PATH_LEN);
@@ -160,17 +158,17 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
                 if (pathLen < extPathLen.intValue()) {
                     CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " < extPathLen=" + extPathLen);
                     throw new ERejectException(
-                            CMS.getUserMessage(getLocale(request), 
-                                "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH"));
+                            CMS.getUserMessage(getLocale(request),
+                                    "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH"));
                 }
             }
         } catch (IOException e) {
             CMS.debug("BasicConstraintsExt: validate " + e.toString());
             throw new ERejectException(
                     CMS.getUserMessage(
-                        getLocale(request), 
-                        "CMS_PROFILE_EXTENSION_NOT_FOUND", 
-                        PKIXExtensions.BasicConstraints_Id.toString()));
+                            getLocale(request),
+                            "CMS_PROFILE_EXTENSION_NOT_FOUND",
+                            PKIXExtensions.BasicConstraints_Id.toString()));
         }
     }
 
@@ -182,8 +180,8 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
                 getConfig(CONFIG_MAX_PATH_LEN)
             };
 
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT",
                 params);
     }
 
@@ -198,8 +196,7 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
-
+            throws EPropertyException {
 
         if (mConfig.getSubStore("params") == null) {
             CMS.debug("BasicConstraintsExt: mConfig.getSubStore is null");
@@ -208,8 +205,7 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
 
             CMS.debug("BasicConstraintsExt: setConfig name " + name + " value " + value);
 
-            if(name.equals(CONFIG_MAX_PATH_LEN))
-            {
+            if (name.equals(CONFIG_MAX_PATH_LEN)) {
 
                 String minPathLen = getConfig(CONFIG_MIN_PATH_LEN);
 
@@ -217,13 +213,12 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
 
                 int maxLen = getInt(value);
 
-                if(minLen >= maxLen)    {
+                if (minLen >= maxLen) {
                     CMS.debug("BasicConstraintExt:  minPathLen >= maxPathLen!");
 
                     throw new EPropertyException("bad value");
                 }
 
-
             }
             mConfig.getSubStore("params").putString(name, value);
         }
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java
index 9759af73..c0a9758d 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import netscape.security.x509.X509CertImpl;
 
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.ca.ICertificateAuthority;
 
-
 /**
  * This class represents an abstract class for CA enrollment
  * constraint.
@@ -42,7 +40,7 @@ public abstract class CAEnrollConstraint extends EnrollConstraint {
      */
     public X509CertImpl getCACert() {
         ICertificateAuthority ca = (ICertificateAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
         X509CertImpl caCert = ca.getCACert();
 
         return caCert;
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java
index 4d89e739..e118fa21 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.io.IOException;
 import java.util.Date;
 import java.util.Locale;
@@ -38,12 +37,11 @@ import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.UserValidityDefault;
 import com.netscape.cms.profile.def.ValidityDefault;
 
-
 /**
  * This class implements the validity constraint.
  * It checks if the validity in the certificate
  * template is within the CA's validity.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CAValidityConstraint extends CAEnrollConstraint {
@@ -56,7 +54,7 @@ public class CAValidityConstraint extends CAEnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         X509CertImpl caCert = getCACert();
 
@@ -69,7 +67,7 @@ public class CAValidityConstraint extends CAEnrollConstraint {
      * during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
         CMS.debug("CAValidityConstraint: validate start");
         CertificateValidity v = null;
 
@@ -99,15 +97,15 @@ public class CAValidityConstraint extends CAEnrollConstraint {
         }
 
         if (mDefNotBefore != null) {
-            CMS.debug("ValidtyConstraint: notBefore=" + notBefore + 
-                " defNotBefore=" + mDefNotBefore);
+            CMS.debug("ValidtyConstraint: notBefore=" + notBefore +
+                    " defNotBefore=" + mDefNotBefore);
             if (notBefore.before(mDefNotBefore)) {
                 throw new ERejectException(CMS.getUserMessage(
                             getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE"));
             }
         }
-        CMS.debug("ValidtyConstraint: notAfter=" + notAfter + 
-            " defNotAfter=" + mDefNotAfter);
+        CMS.debug("ValidtyConstraint: notAfter=" + notAfter +
+                " defNotAfter=" + mDefNotAfter);
         if (notAfter.after(mDefNotAfter)) {
             throw new ERejectException(CMS.getUserMessage(
                         getLocale(request), "CMS_PROFILE_INVALID_NOT_AFTER"));
@@ -122,8 +120,8 @@ public class CAValidityConstraint extends CAEnrollConstraint {
                 mDefNotAfter.toString()
             };
 
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT",
                 params);
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java
index a03eadcd..40c2153a 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -39,10 +38,9 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This class implements the generic enrollment constraint.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public abstract class EnrollConstraint implements IPolicyConstraint {
@@ -81,7 +79,7 @@ public abstract class EnrollConstraint implements IPolicyConstraint {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (mConfig.getSubStore("params") == null) {
             //
         } else {
@@ -105,46 +103,46 @@ public abstract class EnrollConstraint implements IPolicyConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         mConfig = config;
     }
 
     public IConfigStore getConfigStore() {
         return mConfig;
-    } 
+    }
 
     /**
      * Validates the request. The request is not modified
      * during the validation.
-     *
+     * 
      * @param request enrollment request
      * @param info certificate template
      * @exception ERejectException request is rejected due
-     *        to violation of constraint
+     *                to violation of constraint
      */
     public abstract void validate(IRequest request, X509CertInfo info)
-        throws ERejectException;
+            throws ERejectException;
 
     /**
      * Validates the request. The request is not modified
      * during the validation.
-     *
+     * 
      * The current implementation of this method calls
      * into the subclass's validate(request, info)
      * method for validation checking.
-     *
+     * 
      * @param request request
      * @exception ERejectException request is rejected due
-     *        to violation of constraint
+     *                to violation of constraint
      */
     public void validate(IRequest request)
-        throws ERejectException {
+            throws ERejectException {
         String name = getClass().getName();
 
         name = name.substring(name.lastIndexOf('.') + 1);
         CMS.debug(name + ": validate start");
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
 
         validate(request, info);
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java
index 539f4890..9c8e0478 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.StringTokenizer;
@@ -40,19 +39,18 @@ import com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault;
 import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.UserExtensionDefault;
 
-
 /**
  * This class implements the extended key usage extension constraint.
  * It checks if the extended key usage extension in the certificate
  * template satisfies the criteria.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ExtendedKeyUsageExtConstraint extends EnrollConstraint {
 
     public static final String CONFIG_CRITICAL = "exKeyUsageCritical";
     public static final String CONFIG_OIDS =
-        "exKeyUsageOIDs";
+            "exKeyUsageOIDs";
 
     public ExtendedKeyUsageExtConstraint() {
         super();
@@ -61,20 +59,20 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        if (name.equals(CONFIG_CRITICAL)) { 
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-", 
-                    "-",	
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        if (name.equals(CONFIG_CRITICAL)) {
+            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
+                    "-",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_OIDS)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_OIDS"));
-        }	
+        }
         return null;
     }
 
@@ -83,16 +81,16 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint {
      * during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
         ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension)
-            getExtension(ExtendedKeyUsageExtension.OID, info); 
+                getExtension(ExtendedKeyUsageExtension.OID, info);
 
         if (ext == null) {
             throw new ERejectException(
                     CMS.getUserMessage(
-                        getLocale(request),
-                        "CMS_PROFILE_EXTENSION_NOT_FOUND",
-                        ExtendedKeyUsageExtension.OID));
+                            getLocale(request),
+                            "CMS_PROFILE_EXTENSION_NOT_FOUND",
+                            ExtendedKeyUsageExtension.OID));
         }
 
         // check criticality
@@ -104,10 +102,10 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint {
             if (critical != ext.isCritical()) {
                 throw new ERejectException(
                         CMS.getUserMessage(
-                            getLocale(request),
-                            "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+                                getLocale(request),
+                                "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
             }
-        } 
+        }
 
         // Build local cache of configured OIDs
         Vector mCache = new Vector();
@@ -122,15 +120,15 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint {
         // check OIDs
         Enumeration e = ext.getOIDs();
 
-        while (e.hasMoreElements()) { 
+        while (e.hasMoreElements()) {
             ObjectIdentifier oid = (ObjectIdentifier) e.nextElement();
 
             if (!mCache.contains(oid.toString())) {
                 throw new ERejectException(
                         CMS.getUserMessage(
-                            getLocale(request),
-                            "CMS_PROFILE_OID_NOT_MATCHED",
-                            oid.toString()));
+                                getLocale(request),
+                                "CMS_PROFILE_OID_NOT_MATCHED",
+                                oid.toString()));
             }
         }
     }
@@ -141,7 +139,7 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint {
                 getConfig(CONFIG_OIDS)
             };
 
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_CONSTRAINT_EXTENDED_KEY_EXT_TEXT",
                 params);
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java
index cda51a07..1562fddb 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.Extension;
@@ -37,12 +36,11 @@ import com.netscape.cms.profile.def.EnrollExtDefault;
 import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.UserExtensionDefault;
 
-
 /**
  * This class implements the general extension constraint.
  * It checks if the extension in the certificate
  * template satisfies the criteria.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ExtensionConstraint extends EnrollConstraint {
@@ -57,33 +55,32 @@ public class ExtensionConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
 
         if (mConfig.getSubStore("params") == null) {
             CMS.debug("ExtensionConstraint: mConfig.getSubStore is null");
         } else {
             CMS.debug("ExtensionConstraint: setConfig name=" + name +
-                 " value=" + value);
-
-            if(name.equals(CONFIG_OID))
-            {
-               try {
-                 CMS.checkOID("", value);
-               } catch (Exception e) {
-                   throw new EPropertyException(
-                      CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", value));
-               }
+                    " value=" + value);
+
+            if (name.equals(CONFIG_OID)) {
+                try {
+                    CMS.checkOID("", value);
+                } catch (Exception e) {
+                    throw new EPropertyException(
+                            CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", value));
+                }
             }
             mConfig.getSubStore("params").putString(name, value);
         }
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
             return new Descriptor(IDescriptor.CHOICE, "true,false,-",
                     "-",
@@ -101,16 +98,16 @@ public class ExtensionConstraint extends EnrollConstraint {
      * during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
 
-        Extension ext = getExtension(getConfig(CONFIG_OID), info); 
+        Extension ext = getExtension(getConfig(CONFIG_OID), info);
 
         if (ext == null) {
             throw new ERejectException(
                     CMS.getUserMessage(
-                        getLocale(request),
-                        "CMS_PROFILE_EXTENSION_NOT_FOUND",
-                        getConfig(CONFIG_OID)));
+                            getLocale(request),
+                            "CMS_PROFILE_EXTENSION_NOT_FOUND",
+                            getConfig(CONFIG_OID)));
         }
 
         // check criticality 
@@ -119,12 +116,12 @@ public class ExtensionConstraint extends EnrollConstraint {
         if (!isOptional(value)) {
             boolean critical = getBoolean(value);
 
-            if (critical != ext.isCritical()) { 
+            if (critical != ext.isCritical()) {
                 throw new ERejectException(
                         CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+                                "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
             }
-        } 
+        }
     }
 
     public String getText(Locale locale) {
@@ -133,7 +130,7 @@ public class ExtensionConstraint extends EnrollConstraint {
                 getConfig(CONFIG_OID)
             };
 
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_CONSTRAINT_EXTENSION_TEXT", params);
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java
index 56ec0adf..eb66783e 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.math.BigInteger;
 import java.security.interfaces.DSAParams;
 import java.util.HashMap;
@@ -44,11 +43,10 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.UserKeyDefault;
 
-
 /**
  * This constraint is to check the key type and
  * key length.
- *
+ * 
  * @version $Revision$, $Date$
  */
 @SuppressWarnings("serial")
@@ -57,72 +55,299 @@ public class KeyConstraint extends EnrollConstraint {
     public static final String CONFIG_KEY_TYPE = "keyType"; // (EC, RSA)
     public static final String CONFIG_KEY_PARAMETERS = "keyParameters";
 
-    private static final String[] ecCurves = {"nistp256","nistp384","nistp521","sect163k1","nistk163","sect163r1","sect163r2",
-       "nistb163","sect193r1","sect193r2","sect233k1","nistk233","sect233r1","nistb233","sect239k1","sect283k1","nistk283",
-       "sect283r1","nistb283","sect409k1","nistk409","sect409r1","nistb409","sect571k1","nistk571","sect571r1","nistb571",
-       "secp160k1","secp160r1","secp160r2","secp192k1","secp192r1","nistp192","secp224k1","secp224r1","nistp224","secp256k1",
-       "secp256r1","secp384r1","secp521r1","prime192v1","prime192v2","prime192v3","prime239v1","prime239v2","prime239v3","c2pnb163v1",
-       "c2pnb163v2","c2pnb163v3","c2pnb176v1","c2tnb191v1","c2tnb191v2","c2tnb191v3","c2pnb208w1","c2tnb239v1","c2tnb239v2","c2tnb239v3",
-       "c2pnb272w1","c2pnb304w1","c2tnb359w1","c2pnb368w1","c2tnb431r1","secp112r1","secp112r2","secp128r1","secp128r2","sect113r1","sect113r2",
-       "sect131r1","sect131r2"
+    private static final String[] ecCurves = { "nistp256", "nistp384", "nistp521", "sect163k1", "nistk163", "sect163r1", "sect163r2",
+            "nistb163", "sect193r1", "sect193r2", "sect233k1", "nistk233", "sect233r1", "nistb233", "sect239k1", "sect283k1", "nistk283",
+            "sect283r1", "nistb283", "sect409k1", "nistk409", "sect409r1", "nistb409", "sect571k1", "nistk571", "sect571r1", "nistb571",
+            "secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp192r1", "nistp192", "secp224k1", "secp224r1", "nistp224", "secp256k1",
+            "secp256r1", "secp384r1", "secp521r1", "prime192v1", "prime192v2", "prime192v3", "prime239v1", "prime239v2", "prime239v3", "c2pnb163v1",
+            "c2pnb163v2", "c2pnb163v3", "c2pnb176v1", "c2tnb191v1", "c2tnb191v2", "c2tnb191v3", "c2pnb208w1", "c2tnb239v1", "c2tnb239v2", "c2tnb239v3",
+            "c2pnb272w1", "c2pnb304w1", "c2tnb359w1", "c2pnb368w1", "c2tnb431r1", "secp112r1", "secp112r2", "secp128r1", "secp128r2", "sect113r1", "sect113r2",
+            "sect131r1", "sect131r2"
     };
 
-    private final static HashMap<String,Vector> ecOIDs = new HashMap<String,Vector>();
- 	static
-    {
-       ecOIDs.put( "1.2.840.10045.3.1.7",  new Vector() {{add("nistp256");add("secp256r1");}});
-       ecOIDs.put( "1.3.132.0.34",         new Vector() {{add("nistp384");add("secp384r1");}});
-       ecOIDs.put( "1.3.132.0.35",         new Vector() {{add("nistp521");add("secp521r1");}});
-       ecOIDs.put( "1.3.132.0.1",          new Vector() {{add("sect163k1");add("nistk163");}});
-       ecOIDs.put( "1.3.132.0.2",          new Vector() {{add("sect163r1");}});
-       ecOIDs.put( "1.3.132.0.15",         new Vector() {{add("sect163r2");add("nistb163");}});
-       ecOIDs.put( "1.3.132.0.24",         new Vector() {{add("sect193r1");}});
-       ecOIDs.put( "1.3.132.0.25",         new Vector() {{add("sect193r2");}});
-       ecOIDs.put( "1.3.132.0.26",         new Vector() {{add("sect233k1");add("nistk233");}});
-       ecOIDs.put( "1.3.132.0.27",         new Vector() {{add("sect233r1");add("nistb233");}});
-       ecOIDs.put( "1.3.132.0.3",         new Vector() {{add("sect239k1");}});
-       ecOIDs.put( "1.3.132.0.16",         new Vector() {{add("sect283k1");add("nistk283");}});
-       ecOIDs.put( "1.3.132.0.17",         new Vector() {{add("sect283r1");add("nistb283");}});
-       ecOIDs.put( "1.3.132.0.36",         new Vector() {{add("sect409k1");add("nistk409");}});
-       ecOIDs.put( "1.3.132.0.37",         new Vector() {{add("sect409r1");add("nistb409");}});
-       ecOIDs.put( "1.3.132.0.38",         new Vector() {{add("sect571k1"); add("nistk571");}});
-       ecOIDs.put( "1.3.132.0.39",         new Vector() {{add("sect571r1");add("nistb571");}});
-       ecOIDs.put( "1.3.132.0.9",          new Vector()  {{add("secp160k1");}});
-       ecOIDs.put( "1.3.132.0.8",          new Vector()  {{add("secp160r1");}});
-       ecOIDs.put( "1.3.132.0.30",         new Vector() {{add("secp160r2");}});
-       ecOIDs.put( "1.3.132.0.31",         new Vector() {{add("secp192k1");}});
-       ecOIDs.put( "1.2.840.10045.3.1.1",  new Vector() {{add("secp192r1");add("nistp192");add("prime192v1");}});
-       ecOIDs.put( "1.3.132.0.32",         new Vector() {{add("secp224k1");}});
-       ecOIDs.put( "1.3.132.0.33",         new Vector() {{add("secp224r1");add("nistp224");}});
-       ecOIDs.put( "1.3.132.0.10",         new Vector() {{add("secp256k1");}});
-       ecOIDs.put( "1.2.840.10045.3.1.2",new Vector() {{add("prime192v2");}});
-       ecOIDs.put( "1.2.840.10045.3.1.3",new Vector() {{add("prime192v3");}});
-       ecOIDs.put( "1.2.840.10045.3.1.4",new Vector() {{add("prime239v1");}});
-       ecOIDs.put( "1.2.840.10045.3.1.5",new Vector() {{add("prime239v2");}});
-       ecOIDs.put( "1.2.840.10045.3.1.6",new Vector() {{add("prime239v3");}});
-       ecOIDs.put( "1.2.840.10045.3.0.1",  new Vector() {{add("c2pnb163v1");}});
-       ecOIDs.put( "1.2.840.10045.3.0.2",  new Vector() {{add("c2pnb163v2");}});
-       ecOIDs.put( "1.2.840.10045.3.0.3",  new Vector() {{add("c2pnb163v3");}});
-       ecOIDs.put( "1.2.840.10045.3.0.4",  new Vector() {{add("c2pnb176v1");}});
-       ecOIDs.put( "1.2.840.10045.3.0.5",  new Vector() {{add("c2tnb191v1");}});
-       ecOIDs.put( "1.2.840.10045.3.0.6",  new Vector() {{add("c2tnb191v2");}});
-       ecOIDs.put( "1.2.840.10045.3.0.7",  new Vector() {{add("c2tnb191v3");}});
-       ecOIDs.put( "1.2.840.10045.3.0.10", new Vector() {{add("c2pnb208w1");}});
-       ecOIDs.put( "1.2.840.10045.3.0.11", new Vector() {{add("c2tnb239v1");}});
-       ecOIDs.put( "1.2.840.10045.3.0.12", new Vector() {{add("c2tnb239v2");}});
-       ecOIDs.put( "1.2.840.10045.3.0.13", new Vector() {{add("c2tnb239v3");}});
-       ecOIDs.put( "1.2.840.10045.3.0.16", new Vector() {{add("c2pnb272w1");}});
-       ecOIDs.put( "1.2.840.10045.3.0.17", new Vector() {{add("c2pnb304w1");}});
-       ecOIDs.put( "1.2.840.10045.3.0.19", new Vector() {{add("c2pnb368w1");}});
-       ecOIDs.put( "1.2.840.10045.3.0.20", new Vector() {{add("c2tnb431r1");}});
-       ecOIDs.put( "1.3.132.0.6",          new Vector() {{add("secp112r1");}});
-       ecOIDs.put( "1.3.132.0.7",          new Vector() {{add("secp112r2");}});
-       ecOIDs.put( "1.3.132.0.28",         new Vector() {{add("secp128r1");}});
-       ecOIDs.put( "1.3.132.0.29",         new Vector() {{add("secp128r2");}});
-       ecOIDs.put( "1.3.132.0.4",          new Vector() {{add("sect113r1");}});
-       ecOIDs.put( "1.3.132.0.5",          new Vector() {{add("sect113r2");}});
-       ecOIDs.put( "1.3.132.0.22",         new Vector() {{add("sect131r1");}});
-       ecOIDs.put( "1.3.132.0.23",         new Vector() {{add("sect131r2");}});
+    private final static HashMap<String, Vector> ecOIDs = new HashMap<String, Vector>();
+    static {
+        ecOIDs.put("1.2.840.10045.3.1.7", new Vector() {
+            {
+                add("nistp256");
+                add("secp256r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.34", new Vector() {
+            {
+                add("nistp384");
+                add("secp384r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.35", new Vector() {
+            {
+                add("nistp521");
+                add("secp521r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.1", new Vector() {
+            {
+                add("sect163k1");
+                add("nistk163");
+            }
+        });
+        ecOIDs.put("1.3.132.0.2", new Vector() {
+            {
+                add("sect163r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.15", new Vector() {
+            {
+                add("sect163r2");
+                add("nistb163");
+            }
+        });
+        ecOIDs.put("1.3.132.0.24", new Vector() {
+            {
+                add("sect193r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.25", new Vector() {
+            {
+                add("sect193r2");
+            }
+        });
+        ecOIDs.put("1.3.132.0.26", new Vector() {
+            {
+                add("sect233k1");
+                add("nistk233");
+            }
+        });
+        ecOIDs.put("1.3.132.0.27", new Vector() {
+            {
+                add("sect233r1");
+                add("nistb233");
+            }
+        });
+        ecOIDs.put("1.3.132.0.3", new Vector() {
+            {
+                add("sect239k1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.16", new Vector() {
+            {
+                add("sect283k1");
+                add("nistk283");
+            }
+        });
+        ecOIDs.put("1.3.132.0.17", new Vector() {
+            {
+                add("sect283r1");
+                add("nistb283");
+            }
+        });
+        ecOIDs.put("1.3.132.0.36", new Vector() {
+            {
+                add("sect409k1");
+                add("nistk409");
+            }
+        });
+        ecOIDs.put("1.3.132.0.37", new Vector() {
+            {
+                add("sect409r1");
+                add("nistb409");
+            }
+        });
+        ecOIDs.put("1.3.132.0.38", new Vector() {
+            {
+                add("sect571k1");
+                add("nistk571");
+            }
+        });
+        ecOIDs.put("1.3.132.0.39", new Vector() {
+            {
+                add("sect571r1");
+                add("nistb571");
+            }
+        });
+        ecOIDs.put("1.3.132.0.9", new Vector() {
+            {
+                add("secp160k1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.8", new Vector() {
+            {
+                add("secp160r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.30", new Vector() {
+            {
+                add("secp160r2");
+            }
+        });
+        ecOIDs.put("1.3.132.0.31", new Vector() {
+            {
+                add("secp192k1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.1.1", new Vector() {
+            {
+                add("secp192r1");
+                add("nistp192");
+                add("prime192v1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.32", new Vector() {
+            {
+                add("secp224k1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.33", new Vector() {
+            {
+                add("secp224r1");
+                add("nistp224");
+            }
+        });
+        ecOIDs.put("1.3.132.0.10", new Vector() {
+            {
+                add("secp256k1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.1.2", new Vector() {
+            {
+                add("prime192v2");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.1.3", new Vector() {
+            {
+                add("prime192v3");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.1.4", new Vector() {
+            {
+                add("prime239v1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.1.5", new Vector() {
+            {
+                add("prime239v2");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.1.6", new Vector() {
+            {
+                add("prime239v3");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.1", new Vector() {
+            {
+                add("c2pnb163v1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.2", new Vector() {
+            {
+                add("c2pnb163v2");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.3", new Vector() {
+            {
+                add("c2pnb163v3");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.4", new Vector() {
+            {
+                add("c2pnb176v1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.5", new Vector() {
+            {
+                add("c2tnb191v1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.6", new Vector() {
+            {
+                add("c2tnb191v2");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.7", new Vector() {
+            {
+                add("c2tnb191v3");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.10", new Vector() {
+            {
+                add("c2pnb208w1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.11", new Vector() {
+            {
+                add("c2tnb239v1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.12", new Vector() {
+            {
+                add("c2tnb239v2");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.13", new Vector() {
+            {
+                add("c2tnb239v3");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.16", new Vector() {
+            {
+                add("c2pnb272w1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.17", new Vector() {
+            {
+                add("c2pnb304w1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.19", new Vector() {
+            {
+                add("c2pnb368w1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.20", new Vector() {
+            {
+                add("c2tnb431r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.6", new Vector() {
+            {
+                add("secp112r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.7", new Vector() {
+            {
+                add("secp112r2");
+            }
+        });
+        ecOIDs.put("1.3.132.0.28", new Vector() {
+            {
+                add("secp128r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.29", new Vector() {
+            {
+                add("secp128r2");
+            }
+        });
+        ecOIDs.put("1.3.132.0.4", new Vector() {
+            {
+                add("sect113r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.5", new Vector() {
+            {
+                add("sect113r2");
+            }
+        });
+        ecOIDs.put("1.3.132.0.22", new Vector() {
+            {
+                add("sect131r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.23", new Vector() {
+            {
+                add("sect131r2");
+            }
+        });
     }
 
     private static String[] cfgECCurves = null;
@@ -136,7 +361,7 @@ public class KeyConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
 
         String ecNames = "";
@@ -148,17 +373,17 @@ public class KeyConstraint extends EnrollConstraint {
         CMS.debug("KeyConstraint.init ecNames: " + ecNames);
         if (ecNames != null && ecNames.length() != 0) {
             cfgECCurves = ecNames.split(",");
-       }
+        }
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_KEY_TYPE)) {
             return new Descriptor(IDescriptor.CHOICE, "-,RSA,EC",
                     "RSA",
                     CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE"));
-        }   else if (name.equals(CONFIG_KEY_PARAMETERS)) {
-            return new Descriptor(IDescriptor.STRING,null,"",
-                    CMS.getUserMessage(locale,"CMS_PROFILE_KEY_PARAMETERS"));
+        } else if (name.equals(CONFIG_KEY_PARAMETERS)) {
+            return new Descriptor(IDescriptor.STRING, null, "",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_KEY_PARAMETERS"));
         }
 
         return null;
@@ -169,11 +394,11 @@ public class KeyConstraint extends EnrollConstraint {
      * during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException { 
+            throws ERejectException {
         try {
             CertificateX509Key infokey = (CertificateX509Key)
-                info.get(X509CertInfo.KEY);
-            X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); 
+                    info.get(X509CertInfo.KEY);
+            X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY);
 
             String alg = key.getAlgorithmId().getName().toUpperCase();
             String value = getConfig(CONFIG_KEY_TYPE);
@@ -183,27 +408,27 @@ public class KeyConstraint extends EnrollConstraint {
                 if (!alg.equals(value)) {
                     throw new ERejectException(
                             CMS.getUserMessage(
-                                getLocale(request),
-                                "CMS_PROFILE_KEY_TYPE_NOT_MATCHED", 
-                                value));
+                                    getLocale(request),
+                                    "CMS_PROFILE_KEY_TYPE_NOT_MATCHED",
+                                    value));
                 }
             }
 
             int keySize = 0;
             String ecCurve = "";
 
-            if (alg.equals("RSA")) { 
+            if (alg.equals("RSA")) {
                 keySize = getRSAKeyLen(key);
-            } else if (alg.equals("DSA")) { 
+            } else if (alg.equals("DSA")) {
                 keySize = getDSAKeyLen(key);
-            } else if (alg.equals("EC")) { 
+            } else if (alg.equals("EC")) {
                 //EC key case.
             } else {
-                throw new ERejectException(	
+                throw new ERejectException(
                         CMS.getUserMessage(
-                            getLocale(request),
-                            "CMS_PROFILE_INVALID_KEY_TYPE",
-                            alg));
+                                getLocale(request),
+                                "CMS_PROFILE_INVALID_KEY_TYPE",
+                                alg));
             }
 
             value = getConfig(CONFIG_KEY_PARAMETERS);
@@ -214,9 +439,9 @@ public class KeyConstraint extends EnrollConstraint {
                 if (!alg.equals(keyType) && !isOptional(keyType)) {
                     throw new ERejectException(
                             CMS.getUserMessage(
-                                getLocale(request),
-                                "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
-                                value));
+                                    getLocale(request),
+                                    "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
+                                    value));
                 }
 
                 AlgorithmId algid = key.getAlgorithmId();
@@ -226,14 +451,14 @@ public class KeyConstraint extends EnrollConstraint {
                 //Get raw string representation of alg parameters, will give 
                 //us the curve OID.
 
-                String params =  null;
+                String params = null;
                 if (algid != null) {
                     params = algid.getParametersString();
                 }
 
                 if (params.startsWith("OID.")) {
                     params = params.substring(4);
-                } 
+                }
 
                 CMS.debug("EC key OID: " + params);
                 Vector vect = ecOIDs.get(params);
@@ -245,8 +470,8 @@ public class KeyConstraint extends EnrollConstraint {
 
                     if (!isOptional(keyType)) {
                         //Check the curve parameters only if explicit ECC or not optional
-                        for (int i = 0 ; i < keyParams.length ; i ++) {
-                            String ecParam =  keyParams[i];
+                        for (int i = 0; i < keyParams.length; i++) {
+                            String ecParam = keyParams[i];
                             CMS.debug("keyParams[i]: " + i + " param: " + ecParam);
                             if (vect.contains(ecParam)) {
                                 curveFound = true;
@@ -260,21 +485,21 @@ public class KeyConstraint extends EnrollConstraint {
                 }
 
                 if (!curveFound) {
-                     CMS.debug("KeyConstraint.validate: EC key constrainst failed.");
+                    CMS.debug("KeyConstraint.validate: EC key constrainst failed.");
                     throw new ERejectException(
                             CMS.getUserMessage(
-                                getLocale(request),
-                                "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
-                                value));
+                                    getLocale(request),
+                                    "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
+                                    value));
                 }
 
-            }  else {
-                if ( !arrayContainsString(keyParams,Integer.toString(keySize))) {
-                     throw new ERejectException(
+            } else {
+                if (!arrayContainsString(keyParams, Integer.toString(keySize))) {
+                    throw new ERejectException(
                             CMS.getUserMessage(
-                                getLocale(request),
-                                "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
-                                value));
+                                    getLocale(request),
+                                    "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
+                                    value));
                 }
                 CMS.debug("KeyConstraint.validate: RSA key contraints passed.");
             }
@@ -320,7 +545,7 @@ public class KeyConstraint extends EnrollConstraint {
                 getConfig(CONFIG_KEY_PARAMETERS)
             };
 
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_CONSTRAINT_KEY_TEXT", params);
     }
 
@@ -333,27 +558,27 @@ public class KeyConstraint extends EnrollConstraint {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
 
         CMS.debug("KeyConstraint.setConfig name: " + name + " value: " + value);
         //establish keyType, we don't know which order these params will arrive
         if (name.equals(CONFIG_KEY_TYPE)) {
             keyType = value;
-            if(keyParams.equals(""))
-               return;
+            if (keyParams.equals(""))
+                return;
         }
-        
+
         //establish keyParams
         if (name.equals(CONFIG_KEY_PARAMETERS)) {
             CMS.debug("establish keyParams: " + value);
             keyParams = value;
 
-            if(keyType.equals(""))
+            if (keyType.equals(""))
                 return;
         }
         // All the params we need for validation have been collected, 
         // we don't know which order they will show up
-        if (keyType.length() > 0  && keyParams.length() > 0) {
+        if (keyType.length() > 0 && keyParams.length() > 0) {
             String[] params = keyParams.split(",");
             boolean isECCurve = false;
             int keySize = 0;
@@ -362,47 +587,47 @@ public class KeyConstraint extends EnrollConstraint {
                 if (keyType.equals("EC")) {
                     if (cfgECCurves == null) {
                         //Use the static array as a backup if the config values are not present.
-                        isECCurve = arrayContainsString(ecCurves,params[i]);
+                        isECCurve = arrayContainsString(ecCurves, params[i]);
                     } else {
-                        isECCurve = arrayContainsString(cfgECCurves,params[i]);
+                        isECCurve = arrayContainsString(cfgECCurves, params[i]);
                     }
                     if (isECCurve == false) { //Not a valid EC curve throw exception.
                         keyType = "";
                         keyParams = "";
                         throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", name));
+                                "CMS_INVALID_PROPERTY", name));
                     }
-                }  else {
+                } else {
                     try {
                         keySize = Integer.parseInt(params[i]);
                     } catch (Exception e) {
                         keySize = 0;
                     }
-                    if (keySize <=  0) {
+                    if (keySize <= 0) {
                         keyType = "";
                         keyParams = "";
                         throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", name));
+                                "CMS_INVALID_PROPERTY", name));
                     }
                 }
             }
-       }
-       //Actually set the configuration in the profile
-       super.setConfig(CONFIG_KEY_TYPE, keyType);
-       super.setConfig(CONFIG_KEY_PARAMETERS, keyParams);
+        }
+        //Actually set the configuration in the profile
+        super.setConfig(CONFIG_KEY_TYPE, keyType);
+        super.setConfig(CONFIG_KEY_PARAMETERS, keyParams);
 
-       //Reset the vars for next round.
-       keyType = "";
-       keyParams = "";
+        //Reset the vars for next round.
+        keyType = "";
+        keyParams = "";
     }
 
     private boolean arrayContainsString(String[] array, String value) {
 
         if (array == null || value == null) {
-           return false;
-        } 
+            return false;
+        }
 
-        for (int i = 0 ; i < array.length; i++) {
+        for (int i = 0; i < array.length; i++) {
             if (array[i].equals(value)) {
                 return true;
             }
@@ -411,4 +636,3 @@ public class KeyConstraint extends EnrollConstraint {
         return false;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
index 4a483b43..927c64ec 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.KeyUsageExtension;
@@ -37,25 +36,24 @@ import com.netscape.cms.profile.def.KeyUsageExtDefault;
 import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.UserExtensionDefault;
 
-
 /**
  * This class implements the key usage extension constraint.
  * It checks if the key usage constraint in the certificate
  * template satisfies the criteria.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class KeyUsageExtConstraint extends EnrollConstraint {
 
     public static final String CONFIG_CRITICAL = "keyUsageCritical";
     public static final String CONFIG_DIGITAL_SIGNATURE =
-        "keyUsageDigitalSignature";
+            "keyUsageDigitalSignature";
     public static final String CONFIG_NON_REPUDIATION =
-        "keyUsageNonRepudiation";
+            "keyUsageNonRepudiation";
     public static final String CONFIG_KEY_ENCIPHERMENT =
-        "keyUsageKeyEncipherment";
+            "keyUsageKeyEncipherment";
     public static final String CONFIG_DATA_ENCIPHERMENT =
-        "keyUsageDataEncipherment";
+            "keyUsageDataEncipherment";
     public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement";
     public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign";
     public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign";
@@ -77,12 +75,12 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
 
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
             return new Descriptor(IDescriptor.CHOICE, "true,false,-",
                     "-",
@@ -138,16 +136,16 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
      * during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
-        KeyUsageExtension ext = (KeyUsageExtension) 
-            getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+            throws ERejectException {
+        KeyUsageExtension ext = (KeyUsageExtension)
+                getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
 
         if (ext == null) {
             throw new ERejectException(
                     CMS.getUserMessage(
-                        getLocale(request),
-                        "CMS_PROFILE_EXTENSION_NOT_FOUND",
-                        PKIXExtensions.KeyUsage_Id.toString()));
+                            getLocale(request),
+                            "CMS_PROFILE_EXTENSION_NOT_FOUND",
+                            PKIXExtensions.KeyUsage_Id.toString()));
         }
 
         boolean[] bits = ext.getBits();
@@ -156,10 +154,10 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
         if (!isOptional(value)) {
             boolean critical = getBoolean(value);
 
-            if (critical != ext.isCritical()) { 
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+            if (critical != ext.isCritical()) {
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
             }
         }
         value = getConfig(CONFIG_DIGITAL_SIGNATURE);
@@ -167,99 +165,99 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 0)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED",
+                                value));
+            }
         }
         value = getConfig(CONFIG_NON_REPUDIATION);
         if (!isOptional(value)) {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 1)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED",
+                                value));
+            }
         }
         value = getConfig(CONFIG_KEY_ENCIPHERMENT);
         if (!isOptional(value)) {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 2)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED",
+                                value));
+            }
         }
         value = getConfig(CONFIG_DATA_ENCIPHERMENT);
         if (!isOptional(value)) {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 3)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED",
+                                value));
+            }
         }
         value = getConfig(CONFIG_KEY_AGREEMENT);
         if (!isOptional(value)) {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 4)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED",
+                                value));
+            }
         }
         value = getConfig(CONFIG_KEY_CERTSIGN);
         if (!isOptional(value)) {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 5)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED",
+                                value));
+            }
         }
         value = getConfig(CONFIG_CRL_SIGN);
         if (!isOptional(value)) {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 6)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_CRL_SIGN_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_CRL_SIGN_NOT_MATCHED",
+                                value));
+            }
         }
         value = getConfig(CONFIG_ENCIPHER_ONLY);
         if (!isOptional(value)) {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 7)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED",
+                                value));
+            }
         }
         value = getConfig(CONFIG_DECIPHER_ONLY);
         if (!isOptional(value)) {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 8)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED",
+                                value));
+            }
         }
     }
 
@@ -277,7 +275,7 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
                 getConfig(CONFIG_DECIPHER_ONLY)
             };
 
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_CONSTRAINT_KEY_USAGE_EXT_TEXT", params);
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java
index fe20b766..84336054 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.util.Locale;
 
 import netscape.security.extensions.NSCertTypeExtension;
@@ -36,12 +35,11 @@ import com.netscape.cms.profile.def.NSCertTypeExtDefault;
 import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.UserExtensionDefault;
 
-
 /**
  * This class implements the Netscape certificate type extension constraint.
  * It checks if the Netscape certificate type extension in the certificate
  * template satisfies the criteria.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class NSCertTypeExtConstraint extends EnrollConstraint {
@@ -68,11 +66,11 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
             return new Descriptor(IDescriptor.CHOICE, "true,false,-",
                     "-",
@@ -104,8 +102,8 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
         } else if (name.equals(CONFIG_OBJECT_SIGNING_CA)) {
             return new Descriptor(IDescriptor.CHOICE, "true,false,-",
                     "-",
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_OBJECT_SIGNING_CA"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_OBJECT_SIGNING_CA"));
         }
         return null;
     }
@@ -115,16 +113,16 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
      * during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
         NSCertTypeExtension ext = (NSCertTypeExtension)
-            getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
 
         if (ext == null) {
             throw new ERejectException(
                     CMS.getUserMessage(
-                        getLocale(request),
-                        "CMS_PROFILE_EXTENSION_NOT_FOUND",
-                        NSCertTypeExtension.CertType_Id.toString()));
+                            getLocale(request),
+                            "CMS_PROFILE_EXTENSION_NOT_FOUND",
+                            NSCertTypeExtension.CertType_Id.toString()));
         }
 
         String value = getConfig(CONFIG_CRITICAL);
@@ -132,10 +130,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
         if (!isOptional(value)) {
             boolean critical = getBoolean(value);
 
-            if (critical != ext.isCritical()) { 
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+            if (critical != ext.isCritical()) {
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
             }
         }
         value = getConfig(CONFIG_SSL_CLIENT);
@@ -143,10 +141,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
             boolean bit = getBoolean(value);
 
             if (bit != ext.isSet(0)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED",
-                            value));
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED",
+                                value));
             }
         }
         value = getConfig(CONFIG_SSL_SERVER);
@@ -154,10 +152,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
             boolean bit = getBoolean(value);
 
             if (bit != ext.isSet(1)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_SSL_SERVER_NOT_MATCHED",
-                            value));
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_SSL_SERVER_NOT_MATCHED",
+                                value));
             }
         }
         value = getConfig(CONFIG_EMAIL);
@@ -165,10 +163,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
             boolean bit = getBoolean(value);
 
             if (bit != ext.isSet(2)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_EMAIL_NOT_MATCHED",
-                            value));
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_EMAIL_NOT_MATCHED",
+                                value));
             }
         }
         value = getConfig(CONFIG_OBJECT_SIGNING);
@@ -176,10 +174,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
             boolean bit = getBoolean(value);
 
             if (bit != ext.isSet(3)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED",
-                            value));
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED",
+                                value));
             }
         }
         value = getConfig(CONFIG_SSL_CA);
@@ -187,10 +185,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
             boolean bit = getBoolean(value);
 
             if (bit != ext.isSet(4)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_SSL_CA_NOT_MATCHED",
-                            value));
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_SSL_CA_NOT_MATCHED",
+                                value));
             }
         }
         value = getConfig(CONFIG_EMAIL_CA);
@@ -198,10 +196,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
             boolean bit = getBoolean(value);
 
             if (bit != ext.isSet(5)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_EMAIL_CA_NOT_MATCHED",
-                            value));
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_EMAIL_CA_NOT_MATCHED",
+                                value));
             }
         }
         value = getConfig(CONFIG_OBJECT_SIGNING_CA);
@@ -209,10 +207,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
             boolean bit = getBoolean(value);
 
             if (bit != ext.isSet(6)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED",
-                            value));
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED",
+                                value));
             }
         }
     }
@@ -229,7 +227,7 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
                 getConfig(CONFIG_OBJECT_SIGNING_CA)
             };
 
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_CONSTRAINT_NS_CERT_EXT_TEXT", params);
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java
index 108c32b1..0d81c583 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -34,17 +33,16 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements no constraint.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class NoConstraint implements IPolicyConstraint {
 
     public static final String CONFIG_NAME = "name";
 
-    private IConfigStore mConfig = null; 
+    private IConfigStore mConfig = null;
     private Vector mNames = new Vector();
 
     public Enumeration getConfigNames() {
@@ -56,7 +54,7 @@ public class NoConstraint implements IPolicyConstraint {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
     }
 
     public String getConfig(String name) {
@@ -68,7 +66,7 @@ public class NoConstraint implements IPolicyConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         mConfig = config;
     }
 
@@ -81,11 +79,11 @@ public class NoConstraint implements IPolicyConstraint {
      * during the validation.
      */
     public void validate(IRequest request)
-        throws ERejectException {
+            throws ERejectException {
     }
 
     public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_CONSTRAINT_NO_CONSTRAINT_TEXT");
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java
index 91d5a46a..6dce4e6e 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 import java.util.Locale;
@@ -36,11 +35,10 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.def.NoDefault;
 
-
 /**
  * This class supports renewal grace period, which has two
  * parameters: graceBefore and graceAfter
- *
+ * 
  * @author Christina Fu
  * @version $Revision$, $Date$
  */
@@ -58,20 +56,20 @@ public class RenewGracePeriodConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
-        if ( name.equals(CONFIG_RENEW_GRACE_BEFORE) ||
-            name.equals(CONFIG_RENEW_GRACE_AFTER)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
+            throws EPropertyException {
+        if (name.equals(CONFIG_RENEW_GRACE_BEFORE) ||
+                name.equals(CONFIG_RENEW_GRACE_AFTER)) {
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE +" or "+ CONFIG_RENEW_GRACE_AFTER));
-          }
+                            "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE + " or " + CONFIG_RENEW_GRACE_AFTER));
+            }
         }
         super.setConfig(name, value);
     }
@@ -88,75 +86,74 @@ public class RenewGracePeriodConstraint extends EnrollConstraint {
     }
 
     public void validate(IRequest req, X509CertInfo info)
-        throws ERejectException {
-           String origExpDate_s = req.getExtDataInString("origNotAfter");
-           // probably not for renewal
-           if (origExpDate_s == null) {
-               return;
-           } else {
-               CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing");
-           }
-           CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins");
-           BigInteger origExpDate_BI = new BigInteger(origExpDate_s);
-           Date origExpDate = new Date(origExpDate_BI.longValue());
-           String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE);
-           String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER);
-           int renew_grace_before = 0;
-           int renew_grace_after = 0;
-           BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s);
-           BigInteger renew_grace_after_BI= new BigInteger(renew_grace_after_s);
-
-           // -1 means no limit
-           if (renew_grace_before_s == "")
-               renew_grace_before = -1;
-           else
-               renew_grace_before = Integer.parseInt(renew_grace_before_s);
-
-           if (renew_grace_after_s == "")
-               renew_grace_after = -1;
-           else
-               renew_grace_after = Integer.parseInt(renew_grace_after_s);
-
-           if (renew_grace_before > 0)
-               renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger.valueOf(1000 * 86400));
-           if (renew_grace_after > 0)
-               renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger.valueOf(1000 * 86400));
-
-           Date current = CMS.getCurrentDate();
-           long millisDiff = origExpDate.getTime() - current.getTime();
-           CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + " origExpDate=" + origExpDate.getTime() + " current=" + current.getTime());
-
-           /*
-            * "days", if positive, has to be less than renew_grace_before
-            * "days", if negative, means already past expiration date,
-            *     (abs value) has to be less than renew_grace_after
-            * if renew_grace_before or renew_grace_after are negative
-            *    the one with negative value is ignored
-            */
-           if (millisDiff >= 0) {
-               if ((renew_grace_before>0) && (millisDiff > renew_grace_before_BI.longValue())) {
-                   throw new ERejectException(CMS.getUserMessage(getLocale(req),
-                        "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", 
-                        renew_grace_before+" days before and "+
-                        renew_grace_after+" days after original cert expiration date"));
-               }
-           } else {
-               if ((renew_grace_after > 0) && ((0-millisDiff) > renew_grace_after_BI.longValue())) {
-                   throw new ERejectException(CMS.getUserMessage(getLocale(req),
-                        "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", 
-                        renew_grace_before+" days before and "+
-                        renew_grace_after+" days after original cert expiration date"));
-               }
-           }
+            throws ERejectException {
+        String origExpDate_s = req.getExtDataInString("origNotAfter");
+        // probably not for renewal
+        if (origExpDate_s == null) {
+            return;
+        } else {
+            CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing");
+        }
+        CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins");
+        BigInteger origExpDate_BI = new BigInteger(origExpDate_s);
+        Date origExpDate = new Date(origExpDate_BI.longValue());
+        String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE);
+        String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER);
+        int renew_grace_before = 0;
+        int renew_grace_after = 0;
+        BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s);
+        BigInteger renew_grace_after_BI = new BigInteger(renew_grace_after_s);
+
+        // -1 means no limit
+        if (renew_grace_before_s == "")
+            renew_grace_before = -1;
+        else
+            renew_grace_before = Integer.parseInt(renew_grace_before_s);
+
+        if (renew_grace_after_s == "")
+            renew_grace_after = -1;
+        else
+            renew_grace_after = Integer.parseInt(renew_grace_after_s);
+
+        if (renew_grace_before > 0)
+            renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger.valueOf(1000 * 86400));
+        if (renew_grace_after > 0)
+            renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger.valueOf(1000 * 86400));
+
+        Date current = CMS.getCurrentDate();
+        long millisDiff = origExpDate.getTime() - current.getTime();
+        CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + " origExpDate=" + origExpDate.getTime() + " current=" + current.getTime());
+
+        /*
+         * "days", if positive, has to be less than renew_grace_before
+         * "days", if negative, means already past expiration date,
+         *     (abs value) has to be less than renew_grace_after
+         * if renew_grace_before or renew_grace_after are negative
+         *    the one with negative value is ignored
+         */
+        if (millisDiff >= 0) {
+            if ((renew_grace_before > 0) && (millisDiff > renew_grace_before_BI.longValue())) {
+                throw new ERejectException(CMS.getUserMessage(getLocale(req),
+                        "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD",
+                        renew_grace_before + " days before and " +
+                                renew_grace_after + " days after original cert expiration date"));
+            }
+        } else {
+            if ((renew_grace_after > 0) && ((0 - millisDiff) > renew_grace_after_BI.longValue())) {
+                throw new ERejectException(CMS.getUserMessage(getLocale(req),
+                        "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD",
+                        renew_grace_before + " days before and " +
+                                renew_grace_after + " days after original cert expiration date"));
+            }
+        }
     }
 
-
     public String getText(Locale locale) {
         String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE);
-        String renew_grace_after_s= getConfig(CONFIG_RENEW_GRACE_AFTER);
-        return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", 
-                        renew_grace_before_s+" days before and "+
-                        renew_grace_after_s+" days after original cert expiration date");
+        String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER);
+        return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT",
+                        renew_grace_before_s + " days before and " +
+                                renew_grace_after_s + " days after original cert expiration date");
     }
 
     public boolean isApplicable(IPolicyDefault def) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java
index f570c26e..2c578550 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.util.Locale;
 import java.util.StringTokenizer;
 import java.util.Vector;
@@ -40,12 +39,11 @@ import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.SigningAlgDefault;
 import com.netscape.cms.profile.def.UserSigningAlgDefault;
 
-
 /**
  * This class implements the signing algorithm constraint.
  * It checks if the signing algorithm in the certificate
  * template satisfies the criteria.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class SigningAlgConstraint extends EnrollConstraint {
@@ -69,29 +67,28 @@ public class SigningAlgConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
 
         if (mConfig.getSubStore("params") == null) {
             CMS.debug("SigningAlgConstraint: mConfig.getSubStore is null");
         } else {
-            CMS.debug("SigningAlgConstraint: setConfig name=" + name + 
-                 " value=" + value);
-
-            if(name.equals(CONFIG_ALGORITHMS_ALLOWED))
-            {
-              StringTokenizer st = new StringTokenizer(value, ",");
-              while (st.hasMoreTokens()) {
-                 String v = st.nextToken();
-                 if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) {
-                   throw new EPropertyException(
-                      CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", v));
-                 }
-              }
+            CMS.debug("SigningAlgConstraint: setConfig name=" + name +
+                    " value=" + value);
+
+            if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) {
+                StringTokenizer st = new StringTokenizer(value, ",");
+                while (st.hasMoreTokens()) {
+                    String v = st.nextToken();
+                    if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) {
+                        throw new EPropertyException(
+                                CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", v));
+                    }
+                }
             }
             mConfig.getSubStore("params").putString(name, value);
         }
@@ -101,8 +98,8 @@ public class SigningAlgConstraint extends EnrollConstraint {
         if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) {
             return new Descriptor(IDescriptor.STRING, null,
                     DEF_CONFIG_ALGORITHMS,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED"));
         }
         return null;
     }
@@ -112,13 +109,13 @@ public class SigningAlgConstraint extends EnrollConstraint {
      * during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
         CertificateAlgorithmId algId = null;
 
         try {
             algId = (CertificateAlgorithmId) info.get(X509CertInfo.ALGORITHM_ID);
             AlgorithmId id = (AlgorithmId)
-                algId.get(CertificateAlgorithmId.ALGORITHM);
+                    algId.get(CertificateAlgorithmId.ALGORITHM);
 
             Vector mCache = new Vector();
             StringTokenizer st = new StringTokenizer(
@@ -132,7 +129,7 @@ public class SigningAlgConstraint extends EnrollConstraint {
 
             if (!mCache.contains(id.toString())) {
                 throw new ERejectException(CMS.getUserMessage(
-                            getLocale(request), 
+                            getLocale(request),
                             "CMS_PROFILE_SIGNING_ALGORITHM_NOT_MATCHED", id.toString()));
             }
         } catch (Exception e) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java
index 7ce32f00..477e99b9 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -38,12 +37,11 @@ import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.SubjectNameDefault;
 import com.netscape.cms.profile.def.UserSubjectNameDefault;
 
-
 /**
  * This class implements the subject name constraint.
  * It checks if the subject name in the certificate
  * template satisfies the criteria.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class SubjectNameConstraint extends EnrollConstraint {
@@ -56,13 +54,13 @@ public class SubjectNameConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        if (name.equals(CONFIG_PATTERN)) { 
-            return new Descriptor(IDescriptor.STRING, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        if (name.equals(CONFIG_PATTERN)) {
+            return new Descriptor(IDescriptor.STRING,
                     null, null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME_PATTERN"));
         } else {
@@ -79,18 +77,18 @@ public class SubjectNameConstraint extends EnrollConstraint {
      * during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
         CMS.debug("SubjectNameConstraint: validate start");
         CertificateSubjectName sn = null;
 
         try {
             sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
-            CMS.debug("SubjectNameConstraint: validate cert subject ="+
+            CMS.debug("SubjectNameConstraint: validate cert subject =" +
                          sn.toString());
         } catch (Exception e) {
             throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
         }
         X500Name sn500 = null;
 
@@ -98,31 +96,31 @@ public class SubjectNameConstraint extends EnrollConstraint {
             sn500 = (X500Name) sn.get(CertificateSubjectName.DN_NAME);
         } catch (IOException e) {
             throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
         }
         if (sn500 == null) {
             CMS.debug("SubjectNameConstraint: validate() - sn500 is null");
             throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
         } else {
-            CMS.debug("SubjectNameConstraint: validate() - sn500 "+
-                  CertificateSubjectName.DN_NAME + " = "+
-                  sn500.toString()); 
+            CMS.debug("SubjectNameConstraint: validate() - sn500 " +
+                    CertificateSubjectName.DN_NAME + " = " +
+                    sn500.toString());
         }
         if (!sn500.toString().matches(getConfig(CONFIG_PATTERN))) {
-            CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern "+ getConfig(CONFIG_PATTERN));
+            CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern " + getConfig(CONFIG_PATTERN));
             throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED", 
-                        sn500.toString()));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED",
+                            sn500.toString()));
         }
     }
 
     public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT",
                 getConfig(CONFIG_PATTERN));
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java
index b47e2230..1526686e 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 
@@ -47,53 +46,52 @@ import com.netscape.cms.profile.def.NoDefault;
  * The config param "allowSameKeyRenewal" enables the
  * situation where if the publickey is not unique, and if
  * the subject DN is the same, that is a "renewal".
- *
+ * 
  * Another "feature" that is quoted out of this code is the
  * "revokeDupKeyCert" option, which enables the revocation
  * of certs that bear the same publickey as the enrolling
- * request.  Since this can potentially be abused, it is taken
+ * request. Since this can potentially be abused, it is taken
  * out and preserved in comments to allow future refinement.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UniqueKeyConstraint extends EnrollConstraint {
-	/*
-	public static final String CONFIG_REVOKE_DUPKEY_CERT =
-		"revokeDupKeyCert";
-	boolean mRevokeDupKeyCert = false;
-	*/
-	public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL =
-		"allowSameKeyRenewal";
-	boolean mAllowSameKeyRenewal = false;
+    /*
+    public static final String CONFIG_REVOKE_DUPKEY_CERT =
+    	"revokeDupKeyCert";
+    boolean mRevokeDupKeyCert = false;
+    */
+    public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL =
+            "allowSameKeyRenewal";
+    boolean mAllowSameKeyRenewal = false;
     public ICertificateAuthority mCA = null;
 
-	public UniqueKeyConstraint() {
-		super();
-		/*
-		addConfigName(CONFIG_REVOKE_DUPKEY_CERT);
-		*/
-		addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL);
-	}
+    public UniqueKeyConstraint() {
+        super();
+        /*
+        addConfigName(CONFIG_REVOKE_DUPKEY_CERT);
+        */
+        addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL);
+    }
 
-	public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+    public void init(IProfile profile, IConfigStore config)
+            throws EProfileException {
         super.init(profile, config);
         mCA = (ICertificateAuthority)
-			CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name)
-	{
-		/*
-		if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) {
-			return new Descriptor(IDescriptor.BOOLEAN, null, "false",
-				  CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT"));
-		}
-		*/
-		if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) {
-			return new Descriptor(IDescriptor.BOOLEAN, null, "false",
-				  CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL"));
-		}
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        /*
+        if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) {
+        	return new Descriptor(IDescriptor.BOOLEAN, null, "false",
+        		  CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT"));
+        }
+        */
+        if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) {
+            return new Descriptor(IDescriptor.BOOLEAN, null, "false",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL"));
+        }
         return null;
     }
 
@@ -106,169 +104,170 @@ public class UniqueKeyConstraint extends EnrollConstraint {
      * during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException { 
-		boolean rejected = false;
-		int size = 0;
-		ICertRecordList list;
+            throws ERejectException {
+        boolean rejected = false;
+        int size = 0;
+        ICertRecordList list;
 
-		/*
-		mRevokeDupKeyCert =
- getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT);
-		*/
-		mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL);
+        /*
+        mRevokeDupKeyCert =
+        getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT);
+        */
+        mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL);
 
         try {
             CertificateX509Key infokey = (CertificateX509Key)
-                info.get(X509CertInfo.KEY);
+                    info.get(X509CertInfo.KEY);
             X509Key key = (X509Key)
-				infokey.get(CertificateX509Key.KEY);
+                    infokey.get(CertificateX509Key.KEY);
 
-			// check for key uniqueness
-			byte pub[] = key.getEncoded();
-			String pub_s = escapeBinaryData(pub);
-			String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA +"=" + pub_s + ")";
-			list =
-				(ICertRecordList)
-				mCA.getCertificateRepository().findCertRecordsInList(filter, null, 10);
-			size = list.getSize();
+            // check for key uniqueness
+            byte pub[] = key.getEncoded();
+            String pub_s = escapeBinaryData(pub);
+            String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA + "=" + pub_s + ")";
+            list =
+                    (ICertRecordList)
+                    mCA.getCertificateRepository().findCertRecordsInList(filter, null, 10);
+            size = list.getSize();
 
         } catch (Exception e) {
-                throw new ERejectException(	
+            throw new ERejectException(
                         CMS.getUserMessage(
-                            getLocale(request),
-                            "CMS_PROFILE_INTERNAL_ERROR",e.toString()));
-		}
-
-		/*
-		 * It does not matter if the corresponding cert's status
-		 * is valid or not, we don't want a key that was once
-		 * generated before
-		 */
-		if (size > 0) {
-			CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key.");
-
-		/*
-		    The following code revokes the existing certs that have
-			the same public key as the one submitted for enrollment
-			request.  However, it is not a good idea due to possible
-			abuse.  It is therefore commented out.  It is still
-			however still maintained for possible utilization at later
-			time
-
-			// if configured to revoke duplicated key
-			//    revoke cert
-			if (mRevokeDupKeyCert) {
-				try {
-					Enumeration e = list.getCertRecords(0, size-1);
-					while (e != null && e.hasMoreElements()) {
-						ICertRecord rec = (ICertRecord) e.nextElement();
-						X509CertImpl cert = rec.getCertificate();
-
-						// revoke the cert
-						BigInteger serialNum = cert.getSerialNumber();
-						ICAService service = (ICAService) mCA.getCAService();
-
-						RevokedCertImpl crlEntry = 
-							formCRLEntry(serialNum, RevocationReason.KEY_COMPROMISE);
-						service.revokeCert(crlEntry);
-						CMS.debug("UniqueKeyConstraint: certificate with duplicate publickey revoked successfully");
-					}
-				} catch (Exception ex) {
-					CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert");
-				}
-			} // revoke dupkey cert turned on
-		*/
-
-			if (mAllowSameKeyRenewal == true) {
-				X500Name sjname_in_db = null;
-				X500Name sjname_in_req = null;
-
-				try {
-					// get subject of request
-					CertificateSubjectName subName = 
-						(CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
-
-					if (subName != null) {
-
-						sjname_in_req =
-							(X500Name) subName.get(CertificateSubjectName.DN_NAME);
-						CMS.debug("UniqueKeyConstraint: cert request subject DN ="+ sjname_in_req.toString());
-						Enumeration e = list.getCertRecords(0, size-1);
-						while (e != null && e.hasMoreElements()) {
-							ICertRecord rec = (ICertRecord) e.nextElement();
-							X509CertImpl cert = rec.getCertificate();
-							String certDN =
-								cert.getSubjectDN().toString();
-						CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN ="+ certDN);
-
-							sjname_in_db = new X500Name(certDN);
-
-							if (sjname_in_db.equals(sjname_in_req) == false) {
-								rejected = true;
-								break;
-							} else {
-								rejected = false;
-							}
-						} // while
-					} else { //subName is null
-						rejected = true;
-					}
-				} catch (Exception ex1) {
-					CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: "+ex1.toString());
-					rejected = true;
-				} // try
-
-			} else {
-				rejected = true;
-			}// allowSameKeyRenewal
-		} // (size > 0)
-
-		if (rejected == true) {
-			CMS.debug("UniqueKeyConstraint: rejected");
-			throw new ERejectException(	
-						   CMS.getUserMessage(
-						  getLocale(request),
-						  "CMS_PROFILE_DUPLICATE_KEY"));
-		} else {
-			CMS.debug("UniqueKeyConstraint: approved");
-		}
+                                getLocale(request),
+                                "CMS_PROFILE_INTERNAL_ERROR", e.toString()));
+        }
+
+        /*
+         * It does not matter if the corresponding cert's status
+         * is valid or not, we don't want a key that was once
+         * generated before
+         */
+        if (size > 0) {
+            CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key.");
+
+            /*
+                The following code revokes the existing certs that have
+            	the same public key as the one submitted for enrollment
+            	request.  However, it is not a good idea due to possible
+            	abuse.  It is therefore commented out.  It is still
+            	however still maintained for possible utilization at later
+            	time
+
+            	// if configured to revoke duplicated key
+            	//    revoke cert
+            	if (mRevokeDupKeyCert) {
+            		try {
+            			Enumeration e = list.getCertRecords(0, size-1);
+            			while (e != null && e.hasMoreElements()) {
+            				ICertRecord rec = (ICertRecord) e.nextElement();
+            				X509CertImpl cert = rec.getCertificate();
+
+            				// revoke the cert
+            				BigInteger serialNum = cert.getSerialNumber();
+            				ICAService service = (ICAService) mCA.getCAService();
+
+            				RevokedCertImpl crlEntry = 
+            					formCRLEntry(serialNum, RevocationReason.KEY_COMPROMISE);
+            				service.revokeCert(crlEntry);
+            				CMS.debug("UniqueKeyConstraint: certificate with duplicate publickey revoked successfully");
+            			}
+            		} catch (Exception ex) {
+            			CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert");
+            		}
+            	} // revoke dupkey cert turned on
+            */
+
+            if (mAllowSameKeyRenewal == true) {
+                X500Name sjname_in_db = null;
+                X500Name sjname_in_req = null;
+
+                try {
+                    // get subject of request
+                    CertificateSubjectName subName =
+                            (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
+
+                    if (subName != null) {
+
+                        sjname_in_req =
+                                (X500Name) subName.get(CertificateSubjectName.DN_NAME);
+                        CMS.debug("UniqueKeyConstraint: cert request subject DN =" + sjname_in_req.toString());
+                        Enumeration e = list.getCertRecords(0, size - 1);
+                        while (e != null && e.hasMoreElements()) {
+                            ICertRecord rec = (ICertRecord) e.nextElement();
+                            X509CertImpl cert = rec.getCertificate();
+                            String certDN =
+                                    cert.getSubjectDN().toString();
+                            CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN =" + certDN);
+
+                            sjname_in_db = new X500Name(certDN);
+
+                            if (sjname_in_db.equals(sjname_in_req) == false) {
+                                rejected = true;
+                                break;
+                            } else {
+                                rejected = false;
+                            }
+                        } // while
+                    } else { //subName is null
+                        rejected = true;
+                    }
+                } catch (Exception ex1) {
+                    CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: " + ex1.toString());
+                    rejected = true;
+                } // try
+
+            } else {
+                rejected = true;
+            }// allowSameKeyRenewal
+        } // (size > 0)
+
+        if (rejected == true) {
+            CMS.debug("UniqueKeyConstraint: rejected");
+            throw new ERejectException(
+                           CMS.getUserMessage(
+                                   getLocale(request),
+                                   "CMS_PROFILE_DUPLICATE_KEY"));
+        } else {
+            CMS.debug("UniqueKeyConstraint: approved");
+        }
     }
 
-   /**
+    /**
      * make a CRL entry from a serial number and revocation reason.
+     * 
      * @return a RevokedCertImpl that can be entered in a CRL.
-
-    protected RevokedCertImpl formCRLEntry(
-        BigInteger serialNo, RevocationReason reason)
-        throws EBaseException {
-        CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
-        CRLExtensions crlentryexts = new CRLExtensions();
-
-        try {
-            crlentryexts.set(CRLReasonExtension.NAME, reasonExt);
-        } catch (IOException e) {
-                CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString());
-
-				//            throw new ECMSGWException(
-				//  CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON"));
-
-        }
-        RevokedCertImpl crlentry =
-            new RevokedCertImpl(serialNo, CMS.getCurrentDate(),
-								crlentryexts);
-
-        return crlentry;
-    }
-   */
+     * 
+     *         protected RevokedCertImpl formCRLEntry(
+     *         BigInteger serialNo, RevocationReason reason)
+     *         throws EBaseException {
+     *         CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
+     *         CRLExtensions crlentryexts = new CRLExtensions();
+     * 
+     *         try {
+     *         crlentryexts.set(CRLReasonExtension.NAME, reasonExt);
+     *         } catch (IOException e) {
+     *         CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString());
+     * 
+     *         // throw new ECMSGWException(
+     *         // CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON"));
+     * 
+     *         }
+     *         RevokedCertImpl crlentry =
+     *         new RevokedCertImpl(serialNo, CMS.getCurrentDate(),
+     *         crlentryexts);
+     * 
+     *         return crlentry;
+     *         }
+     */
 
     public String getText(Locale locale) {
         String params[] = {
-/*
-                getConfig(CONFIG_REVOKE_DUPKEY_CERT),
-*/
-             };
+        /*
+                        getConfig(CONFIG_REVOKE_DUPKEY_CERT),
+        */
+        };
 
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_CONSTRAINT_ALLOW_SAME_KEY_RENEWAL_TEXT", params);
     }
 
@@ -285,12 +284,12 @@ public class UniqueKeyConstraint extends EnrollConstraint {
     }
 
     public boolean isApplicable(IPolicyDefault def) {
-		if (def instanceof NoDefault)
-			return true;
+        if (def instanceof NoDefault)
+            return true;
         if (def instanceof UniqueKeyConstraint)
             return true;
 
-		return false;
+        return false;
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java
index 72498d39..04429cc7 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java
@@ -55,13 +55,13 @@ import com.netscape.cms.profile.def.UserSubjectNameDefault;
  * It checks if the subject name in the certificate is
  * unique in the internal database, ie, no two certificates
  * have the same subject name.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UniqueSubjectNameConstraint extends EnrollConstraint {
 
     public static final String CONFIG_KEY_USAGE_EXTENSION_CHECKING =
-        "enableKeyUsageExtensionChecking";
+            "enableKeyUsageExtensionChecking";
     private boolean mKeyUsageExtensionChecking = true;
 
     public UniqueSubjectNameConstraint() {
@@ -69,14 +69,14 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_KEY_USAGE_EXTENSION_CHECKING)) {
             return new Descriptor(IDescriptor.BOOLEAN, null, "true",
-                CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING"));
+                    CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING"));
         }
         return null;
     }
@@ -85,12 +85,12 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
         return null;
     }
 
-     /**
-      * Checks if the key extension in the issued certificate
-      * is the same as the one in the certificate template.
-      */
+    /**
+     * Checks if the key extension in the issued certificate
+     * is the same as the one in the certificate template.
+     */
     private boolean sameKeyUsageExtension(ICertRecord rec,
-        X509CertInfo certInfo) {
+            X509CertInfo certInfo) {
         X509CertImpl impl = rec.getCertificate();
         boolean bits[] = impl.getKeyUsage();
 
@@ -98,7 +98,7 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
 
         try {
             extensions = (CertificateExtensions)
-            certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
         } catch (IOException e) {
         } catch (java.security.cert.CertificateException e) {
         }
@@ -110,9 +110,9 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
         } else {
             try {
                 ext = (KeyUsageExtension) extensions.get(
-                    KeyUsageExtension.class.getSimpleName());
+                        KeyUsageExtension.class.getSimpleName());
             } catch (IOException e) {
-            // extension isn't there.
+                // extension isn't there.
             }
 
             if (ext == null) {
@@ -135,48 +135,47 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
                             return false;
                     }
                 }
-            } 
+            }
         }
-        return true; 
+        return true;
     }
 
-
     /**
      * Validates the request. The request is not modified
      * during the validation.
-     *
-     * Rules are as follows: 
+     * 
+     * Rules are as follows:
      * If the subject name is not unique, then the request will be rejected unless:
      * 1. the certificate is expired or expired_revoked
      * 2. the certificate is revoked and the revocation reason is not "on hold"
      * 3. the keyUsageExtension bits are different and enableKeyUsageExtensionChecking=true (default)
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
         CMS.debug("UniqueSubjectNameConstraint: validate start");
         CertificateSubjectName sn = null;
-        IAuthority authority = (IAuthority)CMS.getSubsystem("ca");
-       
+        IAuthority authority = (IAuthority) CMS.getSubsystem("ca");
+
         mKeyUsageExtensionChecking = getConfigBoolean(CONFIG_KEY_USAGE_EXTENSION_CHECKING);
         ICertificateRepository certdb = null;
         if (authority != null && authority instanceof ICertificateAuthority) {
-            ICertificateAuthority ca = (ICertificateAuthority)authority;
+            ICertificateAuthority ca = (ICertificateAuthority) authority;
             certdb = ca.getCertificateRepository();
         }
-            
+
         try {
             sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
         } catch (Exception e) {
             throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
         }
 
         String certsubjectname = null;
         if (sn == null)
             throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
         else {
             certsubjectname = sn.toString();
             String filter = "x509Cert.subject=" + certsubjectname;
@@ -184,10 +183,10 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
             try {
                 sameSubjRecords = certdb.findCertRecords(filter);
             } catch (EBaseException e) {
-                CMS.debug("UniqueSubjectNameConstraint exception: "+e.toString());
+                CMS.debug("UniqueSubjectNameConstraint exception: " + e.toString());
             }
             while (sameSubjRecords != null && sameSubjRecords.hasMoreElements()) {
-                ICertRecord rec =  sameSubjRecords.nextElement();
+                ICertRecord rec = sameSubjRecords.nextElement();
                 String status = rec.getStatus();
 
                 IRevocationInfo revocationInfo = rec.getRevocationInfo();
@@ -200,7 +199,7 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
                         Enumeration<Extension> enumx = crlExts.getElements();
 
                         while (enumx.hasMoreElements()) {
-                            Extension ext =  enumx.nextElement();
+                            Extension ext = enumx.nextElement();
 
                             if (ext instanceof CRLReasonExtension) {
                                 reason = ((CRLReasonExtension) ext).getReason();
@@ -213,8 +212,8 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
                     continue;
                 }
 
-                if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null && 
-                    (! reason.equals(RevocationReason.CERTIFICATE_HOLD))) {
+                if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null &&
+                        (!reason.equals(RevocationReason.CERTIFICATE_HOLD))) {
                     continue;
                 }
 
@@ -223,20 +222,20 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
                 }
 
                 throw new ERejectException(
-                  CMS.getUserMessage(getLocale(request),
-                  "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE",
-                  certsubjectname));
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE",
+                                certsubjectname));
             }
         }
-	CMS.debug("UniqueSubjectNameConstraint: validate end");
+        CMS.debug("UniqueSubjectNameConstraint: validate end");
     }
 
     public String getText(Locale locale) {
         String params[] = {
-            getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING)
+                getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING)
         };
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT",
                 params);
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java
index 95c32221..53fe471a 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.io.IOException;
 import java.util.Date;
 import java.util.Locale;
@@ -40,12 +39,11 @@ import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.UserValidityDefault;
 import com.netscape.cms.profile.def.ValidityDefault;
 
-
 /**
  * This class implements the validity constraint.
  * It checks if the validity in the certificate
  * template satisfies the criteria.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ValidityConstraint extends EnrollConstraint {
@@ -68,20 +66,20 @@ public class ValidityConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (name.equals(CONFIG_RANGE) ||
-            name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
+                name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) {
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", name));
-          }
+            }
         }
         super.setConfig(name, value);
     }
@@ -108,7 +106,7 @@ public class ValidityConstraint extends EnrollConstraint {
      * during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
         CertificateValidity v = null;
 
         try {
@@ -144,14 +142,14 @@ public class ValidityConstraint extends EnrollConstraint {
 
         long millisDiff = notAfter.getTime() - notBefore.getTime();
         CMS.debug("ValidityConstraint: millisDiff=" + millisDiff + " notAfter=" + notAfter.getTime() + " notBefore=" + notBefore.getTime());
-        long long_days = (millisDiff / 1000 ) / 86400;
-        CMS.debug("ValidityConstraint: long_days: "+long_days);
-        int days = (int)long_days;
-        CMS.debug("ValidityConstraint: days: "+days);
+        long long_days = (millisDiff / 1000) / 86400;
+        CMS.debug("ValidityConstraint: long_days: " + long_days);
+        int days = (int) long_days;
+        CMS.debug("ValidityConstraint: days: " + days);
 
         if (days > Integer.parseInt(getConfig(CONFIG_RANGE))) {
             throw new ERejectException(CMS.getUserMessage(getLocale(request),
-                        "CMS_PROFILE_VALIDITY_OUT_OF_RANGE", 
+                        "CMS_PROFILE_VALIDITY_OUT_OF_RANGE",
                         Integer.toString(days)));
         }
 
@@ -167,7 +165,7 @@ public class ValidityConstraint extends EnrollConstraint {
         if (notBeforeCheckStr == null || notBeforeCheckStr.equals("")) {
             notBeforeCheckStr = "false";
         }
-        notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue(); 
+        notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue();
 
         String notAfterCheckStr = getConfig(CONFIG_CHECK_NOT_AFTER);
         boolean notAfterCheck;
@@ -175,7 +173,7 @@ public class ValidityConstraint extends EnrollConstraint {
         if (notAfterCheckStr == null || notAfterCheckStr.equals("")) {
             notAfterCheckStr = "false";
         }
-        notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue(); 
+        notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue();
 
         String notBeforeGracePeriodStr = getConfig(CONFIG_NOT_BEFORE_GRACE_PERIOD);
         if (notBeforeGracePeriodStr == null || notBeforeGracePeriodStr.equals("")) {
@@ -186,7 +184,7 @@ public class ValidityConstraint extends EnrollConstraint {
         Date current = CMS.getCurrentDate();
         if (notBeforeCheck) {
             if (notBefore.getTime() > (current.getTime() + notBeforeGracePeriod)) {
-                CMS.debug("ValidityConstraint: notBefore (" + notBefore + ") > current + "+
+                CMS.debug("ValidityConstraint: notBefore (" + notBefore + ") > current + " +
                           "gracePeriod (" + new Date(current.getTime() + notBeforeGracePeriod) + ")");
                 throw new ERejectException(CMS.getUserMessage(getLocale(request),
                             "CMS_PROFILE_NOT_BEFORE_AFTER_CURRENT"));
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java
index 6f73cd52..1726ec6b 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -40,11 +39,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy 
+ * This class implements an enrollment default policy
  * that populates Authuority Info Access extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthInfoAccessExtDefault extends EnrollExtDefault {
@@ -89,30 +87,30 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
 
         return num;
     }
- 
+
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         refreshConfigAndValueNames();
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         int num = 0;
         if (name.equals(CONFIG_NUM_ADS)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_AD || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_AD || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
-            }
- 
-          } catch (Exception e) {
+                }
+
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
-          }
-        } 
+            }
+        }
         super.setConfig(name, value);
     }
 
@@ -142,42 +140,42 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
         }
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.startsWith(CONFIG_AD_METHOD)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD"));
         } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) {
-            return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", 
+            return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName",
                     "URIName",
                     CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE"));
         } else if (name.startsWith(CONFIG_AD_LOCATION)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION"));
         } else if (name.startsWith(CONFIG_AD_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE"));
         } else if (name.startsWith(CONFIG_NUM_ADS)) {
             return new Descriptor(IDescriptor.INTEGER, null,
                     "1",
                     CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS"));
-        } 
+        }
         return null;
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_GENERAL_NAMES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES"));
         } else {
@@ -186,45 +184,42 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             AuthInfoAccessExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
-           
             AuthInfoAccessExtension a = new AuthInfoAccessExtension(false);
             ObjectIdentifier oid = a.getExtensionId();
 
             ext = (AuthInfoAccessExtension)
-                        getExtension(oid.toString(), info); 
+                        getExtension(oid.toString(), info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
             }
- 
+
             if (name.equals(VAL_CRITICAL)) {
 
                 ext = (AuthInfoAccessExtension)
                         getExtension(oid.toString(), info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)
-                {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_GENERAL_NAMES)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_GENERAL_NAMES)) {
 
                 ext = (AuthInfoAccessExtension)
                         getExtension(oid.toString(), info);
 
-                if(ext == null)
-                {
+                if (ext == null) {
                     return;
                 }
                 boolean critical = ext.isCritical();
@@ -263,17 +258,17 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
                             GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location);
                             if (interface1 == null)
                                 throw new EPropertyException(CMS.getUserMessage(
-                                  locale, "CMS_INVALID_PROPERTY", locationType));
+                                        locale, "CMS_INVALID_PROPERTY", locationType));
                             gn = new GeneralName(interface1);
                         }
-     
+
                         if (method != null) {
                             try {
-                                ext.addAccessDescription(new ObjectIdentifier(method), gn); 
+                                ext.addAccessDescription(new ObjectIdentifier(method), gn);
                             } catch (NumberFormatException ee) {
-                                CMS.debug("AuthInfoAccessExtDefault: "+ee.toString());
+                                CMS.debug("AuthInfoAccessExtDefault: " + ee.toString());
                                 throw new EPropertyException(CMS.getUserMessage(
-                                  locale, "CMS_PROFILE_DEF_AIA_OID", method));
+                                        locale, "CMS_PROFILE_DEF_AIA_OID", method));
                             }
                         }
                     }
@@ -296,30 +291,29 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         AuthInfoAccessExtension ext = null;
 
-        if (name == null) { 
+        if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         AuthInfoAccessExtension a = new AuthInfoAccessExtension(false);
-            ObjectIdentifier oid = a.getExtensionId();
+        ObjectIdentifier oid = a.getExtensionId();
 
         ext = (AuthInfoAccessExtension)
                     getExtension(oid.toString(), info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
                 CMS.debug("AuthInfoAccessExtDefault: getValue " + e.toString());
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
@@ -336,7 +330,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_GENERAL_NAMES)) { 
+        } else if (name.equals(VAL_GENERAL_NAMES)) {
 
             ext = (AuthInfoAccessExtension)
                     getExtension(oid.toString(), info);
@@ -345,11 +339,11 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
                 return "";
 
             int num = getNumAds();
-	
+
             CMS.debug("AuthInfoAccess num=" + num);
             Vector recs = new Vector();
 
-            for (int i = 0; i < num; i++) { 
+            for (int i = 0; i < num; i++) {
                 NameValuePairs np = new NameValuePairs();
                 AccessDescription des = null;
 
@@ -363,7 +357,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
                     np.add(AD_ENABLE, "false");
                 } else {
                     ObjectIdentifier methodOid = des.getMethod();
-                    GeneralName gn = des.getLocation(); 
+                    GeneralName gn = des.getLocation();
 
                     np.add(AD_METHOD, methodOid.toString());
                     np.add(AD_LOCATION_TYPE, getGeneralNameType(gn));
@@ -402,7 +396,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
             ads.append(getConfig(CONFIG_AD_ENABLE + i));
             ads.append("}");
         }
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT", 
+        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT",
                 getConfig(CONFIG_CRITICAL), ads.toString());
     }
 
@@ -410,14 +404,14 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         AuthInfoAccessExtension ext = createExtension();
 
         addExtension(ext.getExtensionId().toString(), ext, info);
     }
 
     public AuthInfoAccessExtension createExtension() {
-        AuthInfoAccessExtension ext = null; 
+        AuthInfoAccessExtension ext = null;
         int num = getNumAds();
 
         try {
@@ -440,21 +434,21 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
                             String port = CMS.getEENonSSLPort();
                             if (hostname != null && port != null)
                                 // location = "http://"+hostname+":"+port+"/ocsp/ee/ocsp";
-                                location = "http://"+hostname+":"+port+"/ca/ocsp";
+                                location = "http://" + hostname + ":" + port + "/ca/ocsp";
                         }
                     }
 
                     String s = locationType + ":" + location;
                     GeneralNameInterface gn = parseGeneralName(s);
                     if (gn != null) {
-                      ext.addAccessDescription(new ObjectIdentifier(method), 
-                        new GeneralName(gn)); 
+                        ext.addAccessDescription(new ObjectIdentifier(method),
+                                new GeneralName(gn));
                     }
                 }
             }
         } catch (Exception e) {
-            CMS.debug("AuthInfoAccessExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("AuthInfoAccessExtDefault: createExtension " +
+                    e.toString());
         }
 
         return ext;
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java
index a308e2eb..6c0f6e9f 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -35,7 +34,6 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy that
  * populates subject name based on the attribute values
@@ -53,7 +51,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -67,8 +65,8 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         CMS.debug("AuthTokenSubjectNameDefault: begins");
         if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(locale,
@@ -81,18 +79,18 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
                 x500name = new X500Name(value);
                 CMS.debug("AuthTokenSubjectNameDefault: setValue x500name=" + x500name.toString());
             } catch (IOException e) {
-                CMS.debug("AuthTokenSubjectNameDefault: setValue " + 
-                    e.toString());
+                CMS.debug("AuthTokenSubjectNameDefault: setValue " +
+                        e.toString());
                 // failed to build x500 name
             }
             CMS.debug("AuthTokenSubjectNameDefault: setValue name=" + x500name.toString());
             try {
-                info.set(X509CertInfo.SUBJECT, 
-                    new CertificateSubjectName(x500name));
+                info.set(X509CertInfo.SUBJECT,
+                        new CertificateSubjectName(x500name));
             } catch (Exception e) {
                 // failed to insert subject name
-                CMS.debug("AuthTokenSubjectNameDefault: setValue " + 
-                    e.toString());
+                CMS.debug("AuthTokenSubjectNameDefault: setValue " +
+                        e.toString());
             }
         } else {
             throw new EPropertyException(CMS.getUserMessage(locale,
@@ -101,8 +99,8 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         if (name == null)
             throw new EPropertyException("Invalid name " + name);
         if (name.equals(VAL_NAME)) {
@@ -114,8 +112,8 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
                 return sn.toString();
             } catch (Exception e) {
                 // nothing
-                CMS.debug("AuthTokenSubjectNameDefault: getValue " + 
-                    e.toString());
+                CMS.debug("AuthTokenSubjectNameDefault: getValue " +
+                        e.toString());
             }
             throw new EPropertyException(CMS.getUserMessage(locale,
                         "CMS_INVALID_PROPERTY", name));
@@ -126,7 +124,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
     }
 
     public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_DEF_AUTHTOKEN_SUBJECT_NAME");
     }
 
@@ -134,7 +132,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
 
         // authenticate the subject name and populate it
         // to the certinfo
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java
index 869deed2..6ec75990 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -35,12 +34,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates Authority Key Identifier extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
@@ -56,29 +54,29 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.STRING, 
+            return new Descriptor(IDescriptor.STRING,
                     IDescriptor.READONLY, null, CMS.getUserMessage(locale,
-                        "CMS_PROFILE_CRITICAL"));
+                            "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_KEY_ID)) {
-            return new Descriptor(IDescriptor.STRING, 
+            return new Descriptor(IDescriptor.STRING,
                     IDescriptor.READONLY, null, CMS.getUserMessage(locale,
-                        "CMS_PROFILE_KEY_ID"));
+                            "CMS_PROFILE_KEY_ID"));
         } else {
             return null;
         }
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
-        if (name == null) { 
-            throw new EPropertyException(CMS.getUserMessage( 
+            X509CertInfo info, String value)
+            throws EPropertyException {
+        if (name == null) {
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_CRITICAL)) {
@@ -86,40 +84,38 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
         } else if (name.equals(VAL_KEY_ID)) {
             // do nothing for read only value
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
-        if (name == null) { 
-            throw new EPropertyException(CMS.getUserMessage( 
+            X509CertInfo info)
+            throws EPropertyException {
+        if (name == null) {
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
-
         AuthorityKeyIdentifierExtension ext =
                 (AuthorityKeyIdentifierExtension) getExtension(
-                    PKIXExtensions.AuthorityKey_Id.toString(), info);
+                        PKIXExtensions.AuthorityKey_Id.toString(), info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
                 CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString());
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
         if (name.equals(VAL_CRITICAL)) {
-             ext = 
-                (AuthorityKeyIdentifierExtension) getExtension(
-                    PKIXExtensions.AuthorityKey_Id.toString(), info);
+            ext =
+                    (AuthorityKeyIdentifierExtension) getExtension(
+                            PKIXExtensions.AuthorityKey_Id.toString(), info);
 
             if (ext == null) {
                 return null;
@@ -131,8 +127,8 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
             }
         } else if (name.equals(VAL_KEY_ID)) {
             ext =
-                (AuthorityKeyIdentifierExtension) getExtension(
-                    PKIXExtensions.AuthorityKey_Id.toString(), info);
+                    (AuthorityKeyIdentifierExtension) getExtension(
+                            PKIXExtensions.AuthorityKey_Id.toString(), info);
 
             if (ext == null) {
                 // do something here
@@ -147,11 +143,11 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
                 //
                 CMS.debug(e.toString());
             }
-            if (kid == null) 
+            if (kid == null)
                 return "";
             return toHexString(kid.getIdentifier());
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -164,7 +160,7 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         AuthorityKeyIdentifierExtension ext = createExtension(info);
 
         addExtension(PKIXExtensions.AuthorityKey_Id.toString(), ext, info);
@@ -174,9 +170,9 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
         KeyIdentifier kid = null;
         String localKey = getConfig("localKey");
         if (localKey != null && localKey.equals("true")) {
-          kid = getKeyIdentifier(info);
+            kid = getKeyIdentifier(info);
         } else {
-          kid = getCAKeyIdentifier();
+            kid = getCAKeyIdentifier();
         }
 
         if (kid == null)
@@ -186,8 +182,8 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
         try {
             ext = new AuthorityKeyIdentifierExtension(false, kid, null, null);
         } catch (IOException e) {
-            CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " +
+                    e.toString());
         }
         return ext;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java
index 7ab05d75..043cf029 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.X509CertInfo;
@@ -31,11 +30,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that automatically assign request to agent.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AutoAssignDefault extends EnrollDefault {
@@ -48,15 +46,15 @@ public class AutoAssignDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        if (name.equals(CONFIG_ASSIGN_TO)) { 
-            return new Descriptor(IDescriptor.STRING, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        if (name.equals(CONFIG_ASSIGN_TO)) {
+            return new Descriptor(IDescriptor.STRING,
                     null, "admin", CMS.getUserMessage(locale,
-                        "CMS_PROFILE_AUTO_ASSIGN"));
+                            "CMS_PROFILE_AUTO_ASSIGN"));
         } else {
             return null;
         }
@@ -67,29 +65,29 @@ public class AutoAssignDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         return null;
     }
 
     public String getText(Locale locale) {
         return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AUTO_ASSIGN",
-		getConfig(CONFIG_ASSIGN_TO));
+                getConfig(CONFIG_ASSIGN_TO));
     }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         try {
-	    request.setRequestOwner(
-		mapPattern(request, getConfig(CONFIG_ASSIGN_TO)));
+            request.setRequestOwner(
+                    mapPattern(request, getConfig(CONFIG_ASSIGN_TO)));
         } catch (Exception e) {
             // failed to insert subject name
             CMS.debug("AutoAssignDefault: populate " + e.toString());
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java
index 8c5d8094..c442bf57 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates Basic Constraint extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class BasicConstraintsExtDefault extends EnrollExtDefault {
@@ -64,21 +62,21 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_IS_CA)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "true",
                     CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA"));
         } else if (name.equals(CONFIG_PATH_LEN)) {
-            return new Descriptor(IDescriptor.INTEGER, null, 
+            return new Descriptor(IDescriptor.INTEGER, null,
                     "-1",
                     CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN"));
         }
@@ -87,15 +85,15 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_IS_CA)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "true",
                     CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA"));
         } else if (name.equals(VAL_PATH_LEN)) {
-            return new Descriptor(IDescriptor.INTEGER, null, 
+            return new Descriptor(IDescriptor.INTEGER, null,
                     "-1",
                     CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN"));
         } else {
@@ -104,39 +102,37 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             BasicConstraintsExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (BasicConstraintsExtension)
                         getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
 
-            if(ext == null)
-            {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
             }
 
             if (name.equals(VAL_CRITICAL)) {
 
                 ext = (BasicConstraintsExtension)
                         getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
-                boolean val = Boolean.valueOf(value).booleanValue(); 
-
+                boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 ext.setCritical(val);
             } else if (name.equals(VAL_IS_CA)) {
                 ext = (BasicConstraintsExtension)
                         getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 Boolean isCA = Boolean.valueOf(value);
@@ -146,7 +142,7 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
                 ext = (BasicConstraintsExtension)
                         getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 Integer pathLen = Integer.valueOf(value);
@@ -156,8 +152,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
                 throw new EPropertyException("Invalid name " + name);
             }
             replaceExtension(PKIXExtensions.BasicConstraints_Id.toString(),
-                ext, info);
-        } catch (IOException e) { 
+                    ext, info);
+        } catch (IOException e) {
             CMS.debug("BasicConstraintsExtDefault: setValue " + e.toString());
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
@@ -169,35 +165,34 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         try {
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             BasicConstraintsExtension ext = (BasicConstraintsExtension)
                     getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
 
-            if(ext == null)
-            {
+            if (ext == null) {
                 CMS.debug("BasicConstraintsExtDefault: getValue ext is null, populating a new one ");
-             
-                try { 
-                    populate(null,info);
+
+                try {
+                    populate(null, info);
 
                 } catch (EProfileException e) {
                     CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString());
-                     throw new EPropertyException(CMS.getUserMessage(
-                          locale, "CMS_INVALID_PROPERTY", name));
+                    throw new EPropertyException(CMS.getUserMessage(
+                            locale, "CMS_INVALID_PROPERTY", name));
                 }
 
             }
 
             if (name.equals(VAL_CRITICAL)) {
-                    ext = (BasicConstraintsExtension)
-                    getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
+                ext = (BasicConstraintsExtension)
+                        getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
 
                 if (ext == null) {
                     return null;
@@ -208,8 +203,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
                     return "false";
                 }
             } else if (name.equals(VAL_IS_CA)) {
-                    ext = (BasicConstraintsExtension)
-                    getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
+                ext = (BasicConstraintsExtension)
+                        getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
 
                 if (ext == null) {
                     return null;
@@ -218,41 +213,38 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
 
                 return isCA.toString();
             } else if (name.equals(VAL_PATH_LEN)) {
-                    ext = (BasicConstraintsExtension)
-                    getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
+                ext = (BasicConstraintsExtension)
+                        getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
 
                 if (ext == null) {
                     return null;
                 }
                 Integer pathLen = (Integer)
-                    ext.get(BasicConstraintsExtension.PATH_LEN);
-
+                        ext.get(BasicConstraintsExtension.PATH_LEN);
 
                 String pLen = null;
 
                 pLen = pathLen.toString();
-                if(pLen.equals("-2"))
-                {
-                   //This is done for bug 621700.  Profile constraints actually checks for -1
-                   //The low level security class for some reason sets this to -2
-                   //This will allow the request to be approved successfuly by the agent.
+                if (pLen.equals("-2")) {
+                    //This is done for bug 621700.  Profile constraints actually checks for -1
+                    //The low level security class for some reason sets this to -2
+                    //This will allow the request to be approved successfuly by the agent.
 
-                   pLen = "-1";
+                    pLen = "-1";
 
                 }
-               
+
                 CMS.debug("BasicConstriantsExtDefault getValue(pLen) " + pLen);
- 
+
                 return pLen;
 
-                
-            } else { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            } else {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } catch (IOException e) {
             CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -271,11 +263,11 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         BasicConstraintsExtension ext = createExtension();
 
         addExtension(PKIXExtensions.BasicConstraints_Id.toString(), ext,
-            info);
+                info);
     }
 
     public BasicConstraintsExtension createExtension() {
@@ -287,8 +279,7 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
 
         int pathLen = -2;
 
-
-        if(!pathLenStr.equals("") )  {
+        if (!pathLenStr.equals("")) {
 
             pathLen = Integer.valueOf(pathLenStr).intValue();
         }
@@ -296,8 +287,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
         try {
             ext = new BasicConstraintsExtension(isCA, critical, pathLen);
         } catch (Exception e) {
-            CMS.debug("BasicConstraintsExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("BasicConstraintsExtDefault: createExtension " +
+                    e.toString());
             return null;
         }
         ext.setCritical(critical);
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java
index 4b883f7f..872e3296 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -34,12 +33,11 @@ import netscape.security.x509.X509Key;
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.ca.ICertificateAuthority;
 
-
 /**
- * This class implements an abstract CA specific 
+ * This class implements an abstract CA specific
  * Enrollment default. This policy can only be
  * used with CA subsystem.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public abstract class CAEnrollDefault extends EnrollDefault {
@@ -48,8 +46,8 @@ public abstract class CAEnrollDefault extends EnrollDefault {
 
     public KeyIdentifier getKeyIdentifier(X509CertInfo info) {
         try {
-            CertificateX509Key ckey = (CertificateX509Key) 
-              info.get(X509CertInfo.KEY);
+            CertificateX509Key ckey = (CertificateX509Key)
+                    info.get(X509CertInfo.KEY);
             X509Key key = (X509Key) ckey.get(CertificateX509Key.KEY);
             MessageDigest md = MessageDigest.getInstance("SHA-1");
 
@@ -59,35 +57,35 @@ public abstract class CAEnrollDefault extends EnrollDefault {
             return new KeyIdentifier(hash);
         } catch (IOException e) {
             CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
-                e.toString());
+                    e.toString());
         } catch (CertificateException e) {
             CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
-                e.toString());
+                    e.toString());
         } catch (NoSuchAlgorithmException e) {
             CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
-                e.toString());
+                    e.toString());
         }
         return null;
     }
 
     public KeyIdentifier getCAKeyIdentifier() {
         ICertificateAuthority ca = (ICertificateAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
         X509CertImpl caCert = ca.getCACert();
         if (caCert == null) {
-          // during configuration, we dont have the CA certificate
-          return null;
+            // during configuration, we dont have the CA certificate
+            return null;
         }
         X509Key key = (X509Key) caCert.getPublicKey();
 
         SubjectKeyIdentifierExtension subjKeyIdExt =
-            (SubjectKeyIdentifierExtension)
-             caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString());
+                (SubjectKeyIdentifierExtension)
+                caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString());
         if (subjKeyIdExt != null) {
             try {
-              KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get(
-                 SubjectKeyIdentifierExtension.KEY_ID);
-              return keyId;
+                KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get(
+                        SubjectKeyIdentifierExtension.KEY_ID);
+                return keyId;
             } catch (IOException e) {
             }
         }
@@ -101,7 +99,7 @@ public abstract class CAEnrollDefault extends EnrollDefault {
             return new KeyIdentifier(hash);
         } catch (NoSuchAlgorithmException e) {
             CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
-                e.toString());
+                    e.toString());
         }
         return null;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java
index 8bf4c75f..e3b834ce 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.text.ParsePosition;
 import java.text.SimpleDateFormat;
@@ -39,7 +38,6 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements a CA signing cert enrollment default policy
  * that populates a server-side configurable validity
@@ -49,11 +47,11 @@ import com.netscape.certsrv.request.IRequest;
 public class CAValidityDefault extends EnrollDefault {
     public static final String CONFIG_RANGE = "range";
     public static final String CONFIG_START_TIME = "startTime";
-    public static final String CONFIG_BYPASS_CA_NOTAFTER= "bypassCAnotafter";
+    public static final String CONFIG_BYPASS_CA_NOTAFTER = "bypassCAnotafter";
 
     public static final String VAL_NOT_BEFORE = "notBefore";
     public static final String VAL_NOT_AFTER = "notAfter";
-    public static final String VAL_BYPASS_CA_NOTAFTER= "bypassCAnotafter";
+    public static final String VAL_BYPASS_CA_NOTAFTER = "bypassCAnotafter";
 
     public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss";
 
@@ -72,28 +70,28 @@ public class CAValidityDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         mCA = (ICertificateAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (name.equals(CONFIG_RANGE)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_RANGE));
-          }
+            }
         } else if (name.equals(CONFIG_START_TIME)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
-          }
+            }
         }
         super.setConfig(name, value);
     }
@@ -101,16 +99,16 @@ public class CAValidityDefault extends EnrollDefault {
     public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_RANGE)) {
             return new Descriptor(IDescriptor.STRING,
-                    null, 
+                    null,
                     "2922", /* 8 years */
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_VALIDITY_RANGE"));
+                            "CMS_PROFILE_VALIDITY_RANGE"));
         } else if (name.equals(CONFIG_START_TIME)) {
             return new Descriptor(IDescriptor.STRING,
-                    null, 
+                    null,
                     "60", /* 1 minute */
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_VALIDITY_START_TIME"));
+                            "CMS_PROFILE_VALIDITY_START_TIME"));
         } else if (name.equals(CONFIG_BYPASS_CA_NOTAFTER)) {
             return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
@@ -138,21 +136,21 @@ public class CAValidityDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
-        if (name == null) { 
+            X509CertInfo info, String value)
+            throws EPropertyException {
+        if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
-        if (value == null || value.equals("")) { 
+        if (value == null || value.equals("")) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
-        CMS.debug("CAValidityDefault: setValue name= "+ name);
+        CMS.debug("CAValidityDefault: setValue name= " + name);
 
         if (name.equals(VAL_NOT_BEFORE)) {
-            SimpleDateFormat formatter = 
-                new SimpleDateFormat(DATE_FORMAT);
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
             ParsePosition pos = new ParsePosition(0);
             Date date = formatter.parse(value, pos);
             CertificateValidity validity = null;
@@ -161,15 +159,15 @@ public class CAValidityDefault extends EnrollDefault {
                 validity = (CertificateValidity)
                         info.get(X509CertInfo.VALIDITY);
                 validity.set(CertificateValidity.NOT_BEFORE,
-                    date);
+                        date);
             } catch (Exception e) {
                 CMS.debug("CAValidityDefault: setValue " + e.toString());
                 throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else if (name.equals(VAL_NOT_AFTER)) {
-            SimpleDateFormat formatter = 
-                new SimpleDateFormat(DATE_FORMAT);
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
             ParsePosition pos = new ParsePosition(0);
             Date date = formatter.parse(value, pos);
             CertificateValidity validity = null;
@@ -178,7 +176,7 @@ public class CAValidityDefault extends EnrollDefault {
                 validity = (CertificateValidity)
                         info.get(X509CertInfo.VALIDITY);
                 validity.set(CertificateValidity.NOT_AFTER,
-                    date);
+                        date);
             } catch (Exception e) {
                 CMS.debug("CAValidityDefault: setValue " + e.toString());
                 throw new EPropertyException(CMS.getUserMessage(
@@ -186,23 +184,23 @@ public class CAValidityDefault extends EnrollDefault {
             }
         } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) {
             boolean bypassCAvalidity = Boolean.valueOf(value).booleanValue();
-            CMS.debug("CAValidityDefault: setValue: bypassCAvalidity="+ bypassCAvalidity);
+            CMS.debug("CAValidityDefault: setValue: bypassCAvalidity=" + bypassCAvalidity);
 
             BasicConstraintsExtension ext = (BasicConstraintsExtension)
                     getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
 
-            if(ext == null)  {
+            if (ext == null) {
                 CMS.debug("CAValidityDefault: setValue: this default cannot be applied to non-CA cert.");
                 return;
             }
             try {
                 Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA);
-                if(isCA.booleanValue() != true)  {
+                if (isCA.booleanValue() != true) {
                     CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert.");
                     return;
                 }
             } catch (Exception e) {
-                CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."+ e.toString());
+                CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert." + e.toString());
                 return;
             }
 
@@ -210,7 +208,7 @@ public class CAValidityDefault extends EnrollDefault {
             Date notAfter = null;
             try {
                 validity = (CertificateValidity)
-                    info.get(X509CertInfo.VALIDITY);
+                        info.get(X509CertInfo.VALIDITY);
                 notAfter = (Date) validity.get(CertificateValidity.NOT_AFTER);
             } catch (Exception e) {
                 CMS.debug("CAValidityDefault: setValue " + e.toString());
@@ -220,7 +218,7 @@ public class CAValidityDefault extends EnrollDefault {
 
             // not to exceed CA's expiration
             Date caNotAfter =
-                mCA.getSigningUnit().getCertImpl().getNotAfter();
+                    mCA.getSigningUnit().getCertImpl().getNotAfter();
 
             if (notAfter.after(caNotAfter)) {
                 if (bypassCAvalidity == false) {
@@ -232,7 +230,7 @@ public class CAValidityDefault extends EnrollDefault {
             }
             try {
                 validity.set(CertificateValidity.NOT_AFTER,
-                    notAfter);
+                        notAfter);
             } catch (Exception e) {
                 CMS.debug("CAValidityDefault: setValue " + e.toString());
                 throw new EPropertyException(CMS.getUserMessage(
@@ -243,19 +241,19 @@ public class CAValidityDefault extends EnrollDefault {
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
- 
+
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException { 
+            X509CertInfo info)
+            throws EPropertyException {
 
         if (name == null)
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
 
-        CMS.debug("CAValidityDefault: getValue: name= "+ name);
+        CMS.debug("CAValidityDefault: getValue: name= " + name);
         if (name.equals(VAL_NOT_BEFORE)) {
-            SimpleDateFormat formatter = 
-                new SimpleDateFormat(DATE_FORMAT);
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
             CertificateValidity validity = null;
 
             try {
@@ -269,8 +267,8 @@ public class CAValidityDefault extends EnrollDefault {
                         locale, "CMS_INVALID_PROPERTY", name));
             }
         } else if (name.equals(VAL_NOT_AFTER)) {
-            SimpleDateFormat formatter = 
-                new SimpleDateFormat(DATE_FORMAT);
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
             CertificateValidity validity = null;
 
             try {
@@ -298,19 +296,19 @@ public class CAValidityDefault extends EnrollDefault {
                 getConfig(CONFIG_BYPASS_CA_NOTAFTER)
             };
 
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY",  params);
+        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params);
     }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
 
         // always + 60 seconds
         String startTimeStr = getConfig(CONFIG_START_TIME);
         try {
-          startTimeStr = mapPattern(request, startTimeStr);
+            startTimeStr = mapPattern(request, startTimeStr);
         } catch (IOException e) {
             CMS.debug("CAValidityDefault: populate " + e.toString());
         }
@@ -325,7 +323,7 @@ public class CAValidityDefault extends EnrollDefault {
         try {
             String rangeStr = getConfig(CONFIG_RANGE);
             rangeStr = mapPattern(request, rangeStr);
-            notAfterVal = notBefore.getTime() + 
+            notAfterVal = notBefore.getTime() +
                     (mDefault * Integer.parseInt(rangeStr));
         } catch (Exception e) {
             // configured value is not correct
@@ -335,8 +333,8 @@ public class CAValidityDefault extends EnrollDefault {
         }
         Date notAfter = new Date(notAfterVal);
 
-        CertificateValidity validity = 
-            new CertificateValidity(notBefore, notAfter);
+        CertificateValidity validity =
+                new CertificateValidity(notBefore, notAfter);
 
         try {
             info.set(X509CertInfo.VALIDITY, validity);
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java
index 5a551033..a95ec6b7 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -45,12 +44,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a CRL Distribution points extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
@@ -84,32 +82,31 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         refreshConfigAndValueNames();
     }
 
-     public void setConfig(String name, String value)
-        throws EPropertyException {
+    public void setConfig(String name, String value)
+            throws EPropertyException {
         int num = 0;
         if (name.equals(CONFIG_NUM_POINTS)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_POINTS || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_POINTS || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
-          }
+            }
         }
         super.setConfig(name, value);
     }
 
-
     public Enumeration<String> getConfigNames() {
         refreshConfigAndValueNames();
         return super.getConfigNames();
@@ -147,39 +144,39 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
             }
         }
 
-        if (num >= MAX_NUM_POINTS) 
+        if (num >= MAX_NUM_POINTS)
             num = DEF_NUM_POINTS;
 
         return num;
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        if (name.equals(CONFIG_CRITICAL)) { 
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        if (name.equals(CONFIG_CRITICAL)) {
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.startsWith(CONFIG_POINT_TYPE)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE"));
         } else if (name.startsWith(CONFIG_POINT_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME"));
         } else if (name.startsWith(CONFIG_REASONS)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_REASONS"));
         } else if (name.startsWith(CONFIG_ISSUER_TYPE)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE"));
         } else if (name.startsWith(CONFIG_ISSUER_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME"));
         } else if (name.startsWith(CONFIG_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
         } else if (name.startsWith(CONFIG_NUM_POINTS)) {
@@ -193,12 +190,12 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) { 
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+        if (name.equals(VAL_CRITICAL)) {
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS"));
         } else {
@@ -207,47 +204,45 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             CRLDistributionPointsExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (CRLDistributionPointsExtension)
                         getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
-                            info);
+                                info);
 
-            if(ext == null)  {
-                populate(locale,info); 
+            if (ext == null) {
+                populate(locale, info);
             }
 
             if (name.equals(VAL_CRITICAL)) {
                 ext = (CRLDistributionPointsExtension)
-                        getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), 
-                            info);
+                        getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
+                                info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)
-                {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
                 ext = (CRLDistributionPointsExtension)
-                        getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), 
-                            info);
+                        getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
+                                info);
 
-                if(ext == null)
-                {
+                if (ext == null) {
                     return;
                 }
                 Vector<NameValuePairs> v = parseRecords(value);
                 int size = v.size();
-              
+
                 boolean critical = ext.isCritical();
                 int i = 0;
 
@@ -285,7 +280,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
                         if (issuerType != null)
                             addIssuer(locale, cdp, issuerType, issuerValue);
 
-                            // this is the first distribution point
+                        // this is the first distribution point
                         if (i == 0) {
                             ext = new CRLDistributionPointsExtension(cdp);
                             ext.setCritical(critical);
@@ -295,51 +290,51 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
                     }
                 }
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             replaceExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
-                ext, info);
+                    ext, info);
         } catch (EProfileException e) {
-            CMS.debug("CRLDistributionPointsExtDefault: setValue " + 
-                e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            CMS.debug("CRLDistributionPointsExtDefault: setValue " +
+                    e.toString());
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type,
-        String value) throws EPropertyException {
+            String value) throws EPropertyException {
         try {
             if (value == null || value.length() == 0)
                 return;
-        
+
             if (type.equals(RELATIVETOISSUER)) {
                 cdp.setRelativeName(new RDN(value));
             } else if (isGeneralNameType(type)) {
                 GeneralNames gen = new GeneralNames();
-                gen.addElement(parseGeneralName(type,value));
+                gen.addElement(parseGeneralName(type, value));
                 cdp.setFullName(gen);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", type));
             }
         } catch (IOException e) {
-            CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + 
-                e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " +
+                    e.toString());
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", type));
         } catch (GeneralNamesException e) {
-            CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + 
-                e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " +
+                    e.toString());
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", type));
         }
     }
 
     private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type,
-        String value) throws EPropertyException {
+            String value) throws EPropertyException {
         if (value == null || value.length() == 0)
             return;
         try {
@@ -349,20 +344,20 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
                 gen.addElement(parseGeneralName(type, value));
                 cdp.setCRLIssuer(gen);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", type));
             }
         } catch (IOException e) {
-            CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + 
-                e.toString());
+            CMS.debug("CRLDistributionPointsExtDefault: addIssuer " +
+                    e.toString());
         } catch (GeneralNamesException e) {
-            CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + 
-                e.toString());
+            CMS.debug("CRLDistributionPointsExtDefault: addIssuer " +
+                    e.toString());
         }
     }
 
-    private void addReasons(Locale locale, CRLDistributionPoint cdp, String type, 
-        String value) throws EPropertyException {
+    private void addReasons(Locale locale, CRLDistributionPoint cdp, String type,
+            String value) throws EPropertyException {
         if (value == null || value.length() == 0)
             return;
         if (type.equals(REASONS)) {
@@ -376,7 +371,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
 
                     if (r == null) {
                         CMS.debug("CRLDistributeionPointsExtDefault: addReasons Unknown reason: " + s);
-                        throw new EPropertyException(CMS.getUserMessage( 
+                        throw new EPropertyException(CMS.getUserMessage(
                                     locale, "CMS_INVALID_PROPERTY", s));
                     } else {
                         reasonBits |= r.getBitMask();
@@ -384,47 +379,46 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
                 }
 
                 if (reasonBits != 0) {
-                    BitArray ba = new BitArray(8, new byte[] {reasonBits}
-                        );
+                    BitArray ba = new BitArray(8, new byte[] { reasonBits }
+                            );
 
                     cdp.setReasons(ba);
                 }
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", type));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         CRLDistributionPointsExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         ext = (CRLDistributionPointsExtension)
                     getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
-                        info);
+                            info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(locale,info);
+                populate(locale, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (CRLDistributionPointsExtension)
-                    getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
+                            info);
 
             if (ext == null) {
                 return null;
@@ -434,10 +428,10 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { 
+        } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
             ext = (CRLDistributionPointsExtension)
-                    getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
+                            info);
 
             if (ext == null)
                 return "";
@@ -451,7 +445,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
                 NameValuePairs pairs = null;
 
                 if (i < ext.getNumPoints()) {
-                    CRLDistributionPoint p = ext.getPointAt(i); 
+                    CRLDistributionPoint p = ext.getPointAt(i);
                     GeneralNames gns = p.getFullName();
 
                     pairs = buildGeneralNames(gns, p);
@@ -461,10 +455,10 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
                     recs.addElement(pairs);
                 }
             }
-                
+
             return buildRecords(recs);
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -482,7 +476,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
     }
 
     protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p)
-        throws EPropertyException {
+            throws EPropertyException {
 
         NameValuePairs pairs = new NameValuePairs();
 
@@ -551,14 +545,14 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
         if (reasons != null) {
             byte[] b = reasons.toByteArray();
             Reason[] reasonArray = Reason.bitArrayToReasonArray(b);
-    
+
             for (int i = 0; i < reasonArray.length; i++) {
                 if (sb.length() > 0)
                     sb.append(",");
                 sb.append(reasonArray[i].getName());
             }
         }
- 
+
         return sb.toString();
     }
 
@@ -589,8 +583,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
             sb.append(getConfig(CONFIG_ENABLE + i));
             sb.append("}");
         }
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT",
                 getConfig(CONFIG_CRITICAL),
                 sb.toString());
     }
@@ -599,29 +593,30 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     private void populate(Locale locale, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         CRLDistributionPointsExtension ext = createExtension(locale);
 
         if (ext == null)
             return;
         addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
-            ext, info);
+                ext, info);
     }
+
     /**
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         CRLDistributionPointsExtension ext = createExtension(request);
 
         if (ext == null)
             return;
-        addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), 
-            ext, info);
+        addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
+                ext, info);
     }
 
     public CRLDistributionPointsExtension createExtension(IRequest request) {
-        CRLDistributionPointsExtension ext = null; 
+        CRLDistributionPointsExtension ext = null;
         int num = 0;
 
         try {
@@ -631,8 +626,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
             for (int i = 0; i < num; i++) {
                 CRLDistributionPoint cdp = new CRLDistributionPoint();
 
-                String enable = getConfig(CONFIG_ENABLE + i); 
-                String pointType = getConfig(CONFIG_POINT_TYPE + i); 
+                String enable = getConfig(CONFIG_ENABLE + i);
+                String pointType = getConfig(CONFIG_POINT_TYPE + i);
                 String pointName = getConfig(CONFIG_POINT_NAME + i);
                 String reasons = getConfig(CONFIG_REASONS + i);
                 String issuerType = getConfig(CONFIG_ISSUER_TYPE + i);
@@ -644,7 +639,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
                     if (issuerType != null)
                         addIssuer(getLocale(request), cdp, issuerType, issuerName);
                     if (reasons != null)
-                      addReasons(getLocale(request), cdp, REASONS, reasons);
+                        addReasons(getLocale(request), cdp, REASONS, reasons);
 
                     if (i == 0) {
                         ext = new CRLDistributionPointsExtension(cdp);
@@ -656,7 +651,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
             }
         } catch (Exception e) {
             CMS.debug("CRLDistribtionPointsExtDefault: createExtension " +
-                e.toString());
+                    e.toString());
             CMS.debug(e);
         }
 
@@ -698,7 +693,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
             }
         } catch (Exception e) {
             CMS.debug("CRLDistribtionPointsExtDefault: createExtension " +
-                e.toString());
+                    e.toString());
             CMS.debug(e);
         }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java
index 63a4d303..4949c2ca 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java
@@ -1,4 +1,3 @@
-
 // --- BEGIN COPYRIGHT BLOCK ---
 // This program is free software; you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
@@ -18,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -52,7 +50,7 @@ import com.netscape.certsrv.request.IRequest;
  * This class implements an enrollment default policy
  * that populates a policy mappings extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CertificatePoliciesExtDefault extends EnrollExtDefault {
@@ -122,33 +120,32 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
 
         refreshConfigAndValueNames();
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         int num = 0;
         if (name.equals(CONFIG_POLICY_NUM)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_POLICIES || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_POLICIES || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM));
-          }
+            }
         }
         super.setConfig(name, value);
     }
 
-
     public Enumeration<String> getConfigNames() {
         refreshConfigAndValueNames();
         return super.getConfigNames();
@@ -166,22 +163,22 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
         int numQualifiers = getNumQualifiers();
 
         addConfigName(CONFIG_POLICY_NUM);
-        
+
         for (int i = 0; i < num; i++) {
-            addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID);
-            addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE);
-            for (int j=0; j<numQualifiers; j++) {
-                addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE);
-                addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE);
-                addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE);
-                addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG);
-                addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS);
-                addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT);
+            addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID);
+            addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE);
+            for (int j = 0; j < numQualifiers; j++) {
+                addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE);
+                addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE);
+                addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE);
+                addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG);
+                addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS);
+                addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT);
             }
         }
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
 
         if (name.equals(CONFIG_CRITICAL)) {
             return new Descriptor(IDescriptor.BOOLEAN, null,
@@ -189,16 +186,16 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.indexOf(CONFIG_POLICY_ID) >= 0) {
             return new Descriptor(IDescriptor.STRING, null,
-              null,
-              CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID"));
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID"));
         } else if (name.indexOf(CONFIG_CPSURI_ENABLE) >= 0) {
             return new Descriptor(IDescriptor.BOOLEAN, null,
-              "false",
-              CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE"));
+                    "false",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE"));
         } else if (name.indexOf(CONFIG_USERNOTICE_ENABLE) >= 0) {
             return new Descriptor(IDescriptor.BOOLEAN, null,
-              "false",
-              CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE"));
+                    "false",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE"));
         } else if (name.indexOf(CONFIG_POLICY_ENABLE) >= 0) {
             return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
@@ -225,8 +222,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
                     CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_CPSURI"));
         } else if (name.indexOf(CONFIG_POLICY_NUM) >= 0) {
             return new Descriptor(IDescriptor.INTEGER, null,
-                   "5",
-                   CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES"));
+                    "5",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES"));
         }
         return null;
     }
@@ -234,7 +231,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
     public IDescriptor getValueDescriptor(Locale locale, String name) {
 
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_POLICY_QUALIFIERS)) {
@@ -253,126 +250,126 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
             int index = token.indexOf(":");
             if (index <= 0)
                 throw new EPropertyException(CMS.getUserMessage(
-                  "CMS_INVALID_PROPERTY", token));
+                        "CMS_INVALID_PROPERTY", token));
             String name = token.substring(0, index);
             String val = "";
-            if ((token.length()-1) > index) {
-                val = token.substring(index+1);
+            if ((token.length() - 1) > index) {
+                val = token.substring(index + 1);
             }
             table.put(name, val);
-        }        
-    
+        }
+
         return table;
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             CertificatePoliciesExtension ext = null;
 
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
             if (name.equals(VAL_CRITICAL)) {
                 ext = (CertificatePoliciesExtension)
-                        getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), 
-                            info);
+                        getExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
+                                info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_POLICY_QUALIFIERS)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_POLICY_QUALIFIERS)) {
                 ext = (CertificatePoliciesExtension)
-                        getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), 
-                            info);
-                
+                        getExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
+                                info);
+
                 Hashtable<String, String> h = buildRecords(value);
 
-                String numStr = (String)h.get(CONFIG_POLICY_NUM);
+                String numStr = (String) h.get(CONFIG_POLICY_NUM);
                 int size = Integer.parseInt(numStr);
 
                 Vector<CertificatePolicyInfo> certificatePolicies = new Vector<CertificatePolicyInfo>();
                 for (int i = 0; i < size; i++) {
-                    String enable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE);
+                    String enable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE);
                     CertificatePolicyInfo cinfo = null;
                     if (enable != null && enable.equals("true")) {
-                        String policyId = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID);
+                        String policyId = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID);
 
-                        if (policyId == null || policyId.length() == 0) 
-                            throw new EPropertyException(CMS.getUserMessage( 
+                        if (policyId == null || policyId.length() == 0)
+                            throw new EPropertyException(CMS.getUserMessage(
                                         locale, "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID"));
                         CertificatePolicyId cpolicyId = getPolicyId(policyId);
 
-                        String qualifersNum = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM);
+                        String qualifersNum = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM);
                         PolicyQualifiers policyQualifiers = new PolicyQualifiers();
                         int num = 0;
                         if (qualifersNum != null && qualifersNum.length() > 0)
                             num = Integer.parseInt(qualifersNum);
-                        for (int j=0; j<num; j++) {
-                            String cpsuriEnable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE);
-                            String usernoticeEnable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE);
+                        for (int j = 0; j < num; j++) {
+                            String cpsuriEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE);
+                            String usernoticeEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE);
                             if (cpsuriEnable != null && cpsuriEnable.equals("true")) {
-                                String cpsuri = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE);
+                                String cpsuri = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE);
                                 netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri);
                                 if (qualifierInfo != null)
-                                  policyQualifiers.add(qualifierInfo);
+                                    policyQualifiers.add(qualifierInfo);
                             } else if (usernoticeEnable != null && enable.equals("true")) {
-                                String org = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG);
-                                String noticenumbers = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS);
-                                String explicitText = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT);
+                                String org = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG);
+                                String noticenumbers = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS);
+                                String explicitText = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT);
                                 netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org,
-                                  noticenumbers, explicitText);
+                                        noticenumbers, explicitText);
                                 if (qualifierInfo != null)
-                                  policyQualifiers.add(qualifierInfo);
+                                    policyQualifiers.add(qualifierInfo);
                             }
                         }
 
                         if (policyQualifiers.size() <= 0) {
                             cinfo =
-                              new CertificatePolicyInfo(cpolicyId);
+                                    new CertificatePolicyInfo(cpolicyId);
                         } else {
                             cinfo =
-                              new CertificatePolicyInfo(cpolicyId, policyQualifiers);
+                                    new CertificatePolicyInfo(cpolicyId, policyQualifiers);
                         }
                         if (cinfo != null)
-                          certificatePolicies.addElement(cinfo);
+                            certificatePolicies.addElement(cinfo);
                     }
                 }
 
                 ext.set(CertificatePoliciesExtension.INFOS, certificatePolicies);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             replaceExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
-                ext, info);
+                    ext, info);
         } catch (EProfileException e) {
             CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } catch (IOException e) {
             CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
-	public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+    public String getValue(String name, Locale locale,
+            X509CertInfo info)
+            throws EPropertyException {
         CertificatePoliciesExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (CertificatePoliciesExtension)
-                    getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
+                            info);
 
             if (ext == null) {
                 return null;
@@ -382,10 +379,10 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_POLICY_QUALIFIERS)) { 
+        } else if (name.equals(VAL_POLICY_QUALIFIERS)) {
             ext = (CertificatePoliciesExtension)
-                    getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
+                            info);
 
             if (ext == null)
                 return "";
@@ -396,14 +393,14 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
             sb.append(":");
             sb.append(num_policies);
             sb.append("\n");
-            
-            Vector<CertificatePolicyInfo> infos ;
+
+            Vector<CertificatePolicyInfo> infos;
             try {
                 @SuppressWarnings("unchecked")
-                Vector<CertificatePolicyInfo> certPolicyInfos = (Vector<CertificatePolicyInfo>)ext.get(CertificatePoliciesExtension.INFOS); 
+                Vector<CertificatePolicyInfo> certPolicyInfos = (Vector<CertificatePolicyInfo>) ext.get(CertificatePoliciesExtension.INFOS);
                 infos = certPolicyInfos;
             } catch (IOException ee) {
-                infos  =null;
+                infos = null;
             }
 
             for (int i = 0; i < num_policies; i++) {
@@ -411,70 +408,70 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
                 String policyId = "";
                 String policyEnable = "false";
                 PolicyQualifiers qualifiers = null;
-                if (infos.size() > 0) { 
-                    CertificatePolicyInfo cinfo = 
-                         infos.elementAt(0);
-                
-                    CertificatePolicyId id1 = cinfo.getPolicyIdentifier();               
+                if (infos.size() > 0) {
+                    CertificatePolicyInfo cinfo =
+                            infos.elementAt(0);
+
+                    CertificatePolicyId id1 = cinfo.getPolicyIdentifier();
                     policyId = id1.getIdentifier().toString();
                     policyEnable = "true";
                     qualifiers = cinfo.getPolicyQualifiers();
                     if (qualifiers != null)
-                      qSize = qualifiers.size();
+                        qSize = qualifiers.size();
                     infos.removeElementAt(0);
                 }
-                sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE);
+                sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE);
                 sb.append(":");
                 sb.append(policyEnable);
                 sb.append("\n");
-                sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID);
+                sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID);
                 sb.append(":");
                 sb.append(policyId);
                 sb.append("\n");
-          
+
                 if (qSize == 0) {
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM);
                     sb.append(":");
                     sb.append(DEF_NUM_QUALIFIERS);
                     sb.append("\n");
                 } else {
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM);
                     sb.append(":");
                     sb.append(qSize);
                     sb.append("\n");
                 }
                 if (qSize == 0) {
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_CPSURI_ENABLE);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_CPSURI_ENABLE);
                     sb.append(":");
                     sb.append("false");
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_CPSURI_VALUE);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_CPSURI_VALUE);
                     sb.append(":");
                     sb.append("");
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_ENABLE);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ENABLE);
                     sb.append(":");
                     sb.append("false");
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_ORG);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ORG);
                     sb.append(":");
                     sb.append("");
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_NUMBERS);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_NUMBERS);
                     sb.append(":");
                     sb.append("");
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_TEXT);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_TEXT);
                     sb.append(":");
                     sb.append("");
                     sb.append("\n");
                 }
 
-                for (int j=0; j<qSize; j++) {
+                for (int j = 0; j < qSize; j++) {
                     netscape.security.x509.PolicyQualifierInfo qinfo = qualifiers.getInfoAt(j);
                     ObjectIdentifier oid = qinfo.getId();
                     Qualifier qualifier = qinfo.getQualifier();
-                        
+
                     String cpsuriEnable = "false";
                     String usernoticeEnable = "false";
                     String cpsuri = "";
@@ -484,16 +481,16 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
 
                     if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_CPS.toString())) {
                         cpsuriEnable = "true";
-                        CPSuri content = (CPSuri)qualifier;
-                        cpsuri = content.getURI(); 
+                        CPSuri content = (CPSuri) qualifier;
+                        cpsuri = content.getURI();
                     } else if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE.toString())) {
                         usernoticeEnable = "true";
-                        UserNotice content = (UserNotice)qualifier;
+                        UserNotice content = (UserNotice) qualifier;
                         NoticeReference ref = content.getNoticeReference();
                         if (ref != null) {
                             org = ref.getOrganization().getText();
                             int[] nums = ref.getNumbers();
-                            for (int k=0; k<nums.length; k++) {
+                            for (int k = 0; k < nums.length; k++) {
                                 if (k != 0) {
                                     noticeNum.append(",");
                                     noticeNum.append(nums[k]);
@@ -506,27 +503,27 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
                             explicitText = displayText.getText();
                     }
 
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE);
                     sb.append(":");
                     sb.append(cpsuriEnable);
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE);
                     sb.append(":");
                     sb.append(cpsuri);
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE);
                     sb.append(":");
                     sb.append(usernoticeEnable);
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG);
                     sb.append(":");
                     sb.append(org);
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS);
                     sb.append(":");
                     sb.append(noticeNum.toString());
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT);
                     sb.append(":");
                     sb.append(explicitText);
                     sb.append("\n");
@@ -534,7 +531,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
             } // end of for loop
             return sb.toString();
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -552,7 +549,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
             sb.append(",");
             for (int i = 0; i < num; i++) {
                 sb.append("{");
-                IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX+i);
+                IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + i);
                 String enable = substore.getString(CONFIG_POLICY_ENABLE, "");
                 sb.append(POLICY_ID_ENABLE + ":");
                 sb.append(enable);
@@ -562,18 +559,18 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
                 sb.append(policyId);
                 sb.append(",");
                 String qualifiersNum = substore.getString(CONFIG_POLICY_QUALIFIERS_NUM, "");
-                sb.append(CONFIG_POLICY_QUALIFIERS_NUM+":");
+                sb.append(CONFIG_POLICY_QUALIFIERS_NUM + ":");
                 sb.append(qualifiersNum);
                 sb.append(",");
-                for (int j=0; j<num1; j++) {
-                    IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1+j);
+                for (int j = 0; j < num1; j++) {
+                    IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1 + j);
                     sb.append("{");
                     String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE, "");
                     sb.append(POLICY_QUALIFIER_CPSURI_ENABLE + ":");
                     sb.append(cpsuriEnable);
                     sb.append(",");
                     String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE, "");
-                    sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE+ ":");
+                    sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE + ":");
                     sb.append(usernoticeEnable);
                     sb.append(",");
                     String org = substore1.getString(CONFIG_USERNOTICE_ORG, "");
@@ -596,9 +593,9 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
                 sb.append("}");
             }
             sb.append("}");
-            return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT", 
-                getConfig(CONFIG_CRITICAL), sb.toString());
+            return CMS.getUserMessage(locale,
+                    "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT",
+                    getConfig(CONFIG_CRITICAL), sb.toString());
         } catch (Exception e) {
             return "";
         }
@@ -608,72 +605,72 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         CertificatePoliciesExtension ext = createExtension();
 
         if (ext == null)
             return;
-        addExtension(PKIXExtensions.CertificatePolicies_Id.toString(), 
-            ext, info);
+        addExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
+                ext, info);
     }
 
-    public CertificatePoliciesExtension createExtension() 
-      throws EProfileException {
-        CertificatePoliciesExtension ext = null; 
+    public CertificatePoliciesExtension createExtension()
+            throws EProfileException {
+        CertificatePoliciesExtension ext = null;
 
         try {
             boolean critical = getConfigBoolean(CONFIG_CRITICAL);
             Vector<CertificatePolicyInfo> certificatePolicies = new Vector<CertificatePolicyInfo>();
             int num = getNumPolicies();
-            CMS.debug("CertificatePoliciesExtension: createExtension: number of policies="+num);
+            CMS.debug("CertificatePoliciesExtension: createExtension: number of policies=" + num);
             IConfigStore config = getConfigStore();
 
-            for (int i = 0; i < num; i++) { 
+            for (int i = 0; i < num; i++) {
                 IConfigStore basesubstore = config.getSubStore("params");
-                IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX+i);
+                IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + i);
                 String enable = substore.getString(CONFIG_POLICY_ENABLE);
 
-                CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "+i+" enable="+enable);
+                CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + i + " enable=" + enable);
                 if (enable != null && enable.equals("true")) {
                     String policyId = substore.getString(CONFIG_POLICY_ID);
                     CertificatePolicyId cpolicyId = getPolicyId(policyId);
-                    CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "+i+" policyId="+policyId);
+                    CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + i + " policyId=" + policyId);
                     int qualifierNum = getNumQualifiers();
                     PolicyQualifiers policyQualifiers = new PolicyQualifiers();
-                    for (int j=0; j<qualifierNum; j++) {
-                        IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1+j);
+                    for (int j = 0; j < qualifierNum; j++) {
+                        IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1 + j);
                         String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE);
                         String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE);
 
                         if (cpsuriEnable != null && cpsuriEnable.equals("true")) {
                             String cpsuri = substore1.getString(CONFIG_CPSURI_VALUE, "");
-                            netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); 
+                            netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri);
                             if (qualifierInfo != null)
-                              policyQualifiers.add(qualifierInfo);
-                        } else if (usernoticeEnable != null && 
+                                policyQualifiers.add(qualifierInfo);
+                        } else if (usernoticeEnable != null &&
                                      usernoticeEnable.equals("true")) {
 
                             String org = substore1.getString(CONFIG_USERNOTICE_ORG);
                             String noticenumbers = substore1.getString(CONFIG_USERNOTICE_NUMBERS);
                             String explicitText = substore1.getString(CONFIG_USERNOTICE_TEXT);
                             netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org,
-                              noticenumbers, explicitText);
+                                    noticenumbers, explicitText);
                             if (qualifierInfo != null)
                                 policyQualifiers.add(qualifierInfo);
                         }
                     }
-                
+
                     CertificatePolicyInfo info = null;
                     if (policyQualifiers.size() <= 0) {
-                        info = 
-                          new CertificatePolicyInfo(cpolicyId);
+                        info =
+                                new CertificatePolicyInfo(cpolicyId);
                     } else {
-                        info = 
-                          new CertificatePolicyInfo(cpolicyId, policyQualifiers);
+                        info =
+                                new CertificatePolicyInfo(cpolicyId, policyQualifiers);
                     }
-             
+
                     if (info != null)
-                      certificatePolicies.addElement(info);
+                        certificatePolicies.addElement(info);
                 }
             }
 
@@ -683,51 +680,51 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
         } catch (EProfileException e) {
             throw e;
         } catch (Exception e) {
-            CMS.debug("CertificatePoliciesExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("CertificatePoliciesExtDefault: createExtension " +
+                    e.toString());
         }
 
         return ext;
     }
 
-    private CertificatePolicyId getPolicyId (String policyId) throws EPropertyException {
+    private CertificatePolicyId getPolicyId(String policyId) throws EPropertyException {
         if (policyId == null || policyId.length() == 0)
             throw new EPropertyException(CMS.getUserMessage(
-              "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID"));
+                    "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID"));
 
         CertificatePolicyId cpolicyId = null;
         try {
             cpolicyId = new CertificatePolicyId(
-              ObjectIdentifier.getObjectIdentifier(policyId));
+                    ObjectIdentifier.getObjectIdentifier(policyId));
             return cpolicyId;
         } catch (Exception e) {
             throw new EPropertyException(CMS.getUserMessage(
-              "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", policyId));
+                    "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", policyId));
         }
     }
 
     private netscape.security.x509.PolicyQualifierInfo createCPSuri(String uri) throws EPropertyException {
-        if (uri == null || uri.length() == 0) 
+        if (uri == null || uri.length() == 0)
             throw new EPropertyException(CMS.getUserMessage(
-              "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI"));
+                    "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI"));
 
-        CPSuri cpsURI = new CPSuri(uri); 
+        CPSuri cpsURI = new CPSuri(uri);
         netscape.security.x509.PolicyQualifierInfo policyQualifierInfo2 =
-          new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI);
- 
+                new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI);
+
         return policyQualifierInfo2;
     }
 
-    private netscape.security.x509.PolicyQualifierInfo createUserNotice(String organization, 
-      String noticeText, String noticeNums) throws EPropertyException {
-   
-        if ((organization == null || organization.length() == 0) && 
-          (noticeNums == null || noticeNums.length() == 0) &&
-          (noticeText == null || noticeText.length() == 0))
+    private netscape.security.x509.PolicyQualifierInfo createUserNotice(String organization,
+            String noticeText, String noticeNums) throws EPropertyException {
+
+        if ((organization == null || organization.length() == 0) &&
+                (noticeNums == null || noticeNums.length() == 0) &&
+                (noticeText == null || noticeText.length() == 0))
             return null;
 
         DisplayText explicitText = null;
-        if (noticeText != null && noticeText.length() > 0) 
+        if (noticeText != null && noticeText.length() > 0)
             explicitText = new DisplayText(DisplayText.tag_VisibleString, noticeText);
 
         int nums[] = null;
@@ -753,7 +750,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
         DisplayText orgName = null;
         if (organization != null && organization.length() > 0) {
             orgName =
-              new DisplayText(DisplayText.tag_VisibleString, organization);
+                    new DisplayText(DisplayText.tag_VisibleString, organization);
         }
 
         NoticeReference noticeReference = null;
@@ -763,10 +760,10 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
 
         UserNotice userNotice = null;
         if (explicitText != null || noticeReference != null) {
-            userNotice = new UserNotice (noticeReference, explicitText);
+            userNotice = new UserNotice(noticeReference, explicitText);
 
             netscape.security.x509.PolicyQualifierInfo policyQualifierInfo1 =
-              new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice);
+                    new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice);
             return policyQualifierInfo1;
         }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java
index f3b68594..d30f971d 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java
@@ -37,7 +37,7 @@ import com.netscape.certsrv.request.IRequest;
  * This class implements an enrollment default policy
  * that populates a Netscape comment extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CertificateVersionDefault extends EnrollExtDefault {
@@ -54,11 +54,11 @@ public class CertificateVersionDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_VERSION)) {
             return new Descriptor(IDescriptor.INTEGER, null,
                     "3",
@@ -69,14 +69,14 @@ public class CertificateVersionDefault extends EnrollExtDefault {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (name.equals(CONFIG_VERSION)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_VERSION));
-          }
+            }
         }
         super.setConfig(name, value);
     }
@@ -92,32 +92,32 @@ public class CertificateVersionDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
 
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
-            if (name.equals(VAL_VERSION)) { 
+            if (name.equals(VAL_VERSION)) {
                 if (value == null || value.equals(""))
-                    throw new EPropertyException(name+" cannot be empty");
+                    throw new EPropertyException(name + " cannot be empty");
                 else {
-                    int version = Integer.valueOf(value).intValue()-1;
-         
+                    int version = Integer.valueOf(value).intValue() - 1;
+
                     if (version == CertificateVersion.V1)
                         info.set(X509CertInfo.VERSION,
-                          new CertificateVersion(CertificateVersion.V1));
+                                new CertificateVersion(CertificateVersion.V1));
                     else if (version == CertificateVersion.V2)
                         info.set(X509CertInfo.VERSION,
-                          new CertificateVersion(CertificateVersion.V2));
+                                new CertificateVersion(CertificateVersion.V2));
                     else if (version == CertificateVersion.V3)
                         info.set(X509CertInfo.VERSION,
-                          new CertificateVersion(CertificateVersion.V3));
+                                new CertificateVersion(CertificateVersion.V3));
                 }
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } catch (IOException e) {
@@ -128,30 +128,30 @@ public class CertificateVersionDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
-        if (name.equals(VAL_VERSION)) { 
+        if (name.equals(VAL_VERSION)) {
             CertificateVersion v = null;
-            try { 
-                v = (CertificateVersion)info.get(
-                  X509CertInfo.VERSION);
+            try {
+                v = (CertificateVersion) info.get(
+                        X509CertInfo.VERSION);
             } catch (Exception e) {
             }
 
             if (v == null)
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
             int version = v.compare(0);
-   
-            return ""+(version+1);
+
+            return "" + (version + 1);
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -168,26 +168,26 @@ public class CertificateVersionDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         String v = getConfig(CONFIG_VERSION);
-        int version = Integer.valueOf(v).intValue()-1;
-         
+        int version = Integer.valueOf(v).intValue() - 1;
+
         try {
             if (version == CertificateVersion.V1)
                 info.set(X509CertInfo.VERSION,
-                  new CertificateVersion(CertificateVersion.V1));
+                        new CertificateVersion(CertificateVersion.V1));
             else if (version == CertificateVersion.V2)
                 info.set(X509CertInfo.VERSION,
-                  new CertificateVersion(CertificateVersion.V2));
+                        new CertificateVersion(CertificateVersion.V2));
             else if (version == CertificateVersion.V3)
                 info.set(X509CertInfo.VERSION,
-                  new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
             else {
                 throw new EProfileException(CMS.getUserMessage(
-                  getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_VERSION));
+                        getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_VERSION));
             }
         } catch (IOException e) {
         } catch (CertificateException e) {
-        } 
+        }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java
index 239765ab..855cd92c 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java
@@ -60,10 +60,9 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This class implements an enrollment default policy.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDefault {
@@ -99,7 +98,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (mConfig.getSubStore("params") == null) {
             //
         } else {
@@ -120,19 +119,18 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         mConfig = config;
     }
 
     /**
      * Retrieves the localizable description of this policy.
-     *
+     * 
      * @param locale locale of the end user
      * @return localized description of this default policy
      */
     public abstract String getText(Locale locale);
 
-
     public IConfigStore getConfigStore() {
         return mConfig;
     }
@@ -147,60 +145,60 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
 
     /**
      * Populates attributes into the certificate template.
-     *
+     * 
      * @param request enrollment request
      * @param info certificate template
-     * @exception EProfileException  failed to populate attributes
-     *     into request
+     * @exception EProfileException failed to populate attributes
+     *                into request
      */
     public abstract void populate(IRequest request, X509CertInfo info)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Sets values from the approval page into certificate template.
-     *
+     * 
      * @param name name of the attribute
      * @param locale user locale
      * @param info certificate template
      * @param value attribute value
-     * @exception EProfileException  failed to set attributes
-     *     into request
+     * @exception EProfileException failed to set attributes
+     *                into request
      */
-    public abstract void setValue(String name, Locale locale, 
-        X509CertInfo info, String value)
-        throws EPropertyException;
+    public abstract void setValue(String name, Locale locale,
+            X509CertInfo info, String value)
+            throws EPropertyException;
 
     /**
      * Retrieves certificate template values and returns them to
      * the approval page.
-     *
+     * 
      * @param name name of the attribute
      * @param locale user locale
      * @param info certificate template
-     * @exception EProfileException  failed to get attributes
-     *     from request
+     * @exception EProfileException failed to get attributes
+     *                from request
      */
-    public abstract String getValue(String name, Locale locale, 
-        X509CertInfo info)
-        throws EPropertyException;
+    public abstract String getValue(String name, Locale locale,
+            X509CertInfo info)
+            throws EPropertyException;
 
     /**
      * Populates the request with this policy default.
-     *
+     * 
      * The current implementation extracts enrollment specific attributes
      * and calls the populate() method of the subclass.
-     *
+     * 
      * @param request request to be populated
      * @exception EProfileException failed to populate
      */
     public void populate(IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         String name = getClass().getName();
 
         name = name.substring(name.lastIndexOf('.') + 1);
         CMS.debug(name + ": populate start");
         X509CertInfo info =
-            request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
 
         populate(request, info);
 
@@ -222,21 +220,21 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
 
     /**
      * Sets the value of the given value property by name.
-     *
+     * 
      * The current implementation extracts enrollment specific attributes
      * and calls the setValue() method of the subclass.
-     *
+     * 
      * @param name name of property
      * @param locale locale of the end user
      * @param request request
      * @param value value to be set in the given request
      * @exception EPropertyException failed to set property
      */
-    public void setValue(String name, Locale locale, IRequest request, 
-        String value)
-        throws EPropertyException {
+    public void setValue(String name, Locale locale, IRequest request,
+            String value)
+            throws EPropertyException {
         X509CertInfo info =
-            request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
 
         setValue(name, locale, info, value);
 
@@ -246,19 +244,19 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
     /**
      * Retrieves the value of the given value
      * property by name.
-     *
+     * 
      * The current implementation extracts enrollment specific attributes
      * and calls the getValue() method of the subclass.
-     *
+     * 
      * @param name name of property
      * @param locale locale of the end user
      * @param request request
      * @exception EPropertyException failed to get property
      */
     public String getValue(String name, Locale locale, IRequest request)
-        throws EPropertyException {
+            throws EPropertyException {
         X509CertInfo info =
-            request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
 
         String value = getValue(name, locale, info);
         request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info);
@@ -279,8 +277,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
     }
 
     protected void refreshConfigAndValueNames() {
-         mConfigNames.removeAllElements();
-         mValueNames.removeAllElements();
+        mConfigNames.removeAllElements();
+        mValueNames.removeAllElements();
     }
 
     protected void deleteExtension(String name, X509CertInfo info) {
@@ -294,7 +292,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
             Enumeration<String> e = exts.getNames();
 
             while (e.hasMoreElements()) {
-                String n =  e.nextElement();
+                String n = e.nextElement();
                 Extension ext = (Extension) exts.get(n);
 
                 if (ext.getExtensionId().toString().equals(name)) {
@@ -336,18 +334,18 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
     }
 
     protected void addExtension(String name, Extension ext, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         if (ext == null) {
             throw new EProfileException("extension not found");
         }
         CertificateExtensions exts = null;
 
-        Extension alreadyPresentExtension = getExtension(name,info);
+        Extension alreadyPresentExtension = getExtension(name, info);
 
         if (alreadyPresentExtension != null) {
             String eName = ext.toString();
             CMS.debug("EnrollDefault.addExtension: duplicate extension attempted! Name:  " + eName);
-            throw new EProfileException(CMS.getUserMessage("CMS_PROFILE_DUPLICATE_EXTENSION",eName));
+            throw new EProfileException(CMS.getUserMessage("CMS_PROFILE_DUPLICATE_EXTENSION", eName));
         }
 
         try {
@@ -367,7 +365,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
     }
 
     protected void replaceExtension(String name, Extension ext, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         deleteExtension(name, info);
         addExtension(name, ext, info);
     }
@@ -392,65 +390,62 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
         return getInt(getConfig(value));
     }
 
-    protected boolean isGeneralNameValid(String name)
-    {
+    protected boolean isGeneralNameValid(String name) {
         if (name == null)
-           return false;
+            return false;
         int pos = name.indexOf(':');
         if (pos == -1)
-          return false;
+            return false;
         String nameType = name.substring(0, pos).trim();
         String nameValue = name.substring(pos + 1).trim();
         if (nameValue.equals(""))
-           return false;
+            return false;
         return true;
     }
 
     protected GeneralNameInterface parseGeneralName(String name)
-        throws IOException {
+            throws IOException {
         int pos = name.indexOf(':');
         if (pos == -1)
-          return null;
+            return null;
         String nameType = name.substring(0, pos).trim();
         String nameValue = name.substring(pos + 1).trim();
         return parseGeneralName(nameType, nameValue);
     }
 
-    protected boolean isGeneralNameType(String nameType) 
-    {
+    protected boolean isGeneralNameType(String nameType) {
         if (nameType.equalsIgnoreCase("RFC822Name")) {
-          return true;
+            return true;
         }
         if (nameType.equalsIgnoreCase("DNSName")) {
-          return true;
+            return true;
         }
         if (nameType.equalsIgnoreCase("x400")) {
-          return true;
+            return true;
         }
         if (nameType.equalsIgnoreCase("DirectoryName")) {
-          return true;
+            return true;
         }
         if (nameType.equalsIgnoreCase("EDIPartyName")) {
-          return true;
+            return true;
         }
         if (nameType.equalsIgnoreCase("URIName")) {
-          return true;
+            return true;
         }
         if (nameType.equalsIgnoreCase("IPAddress")) {
-          return true;
+            return true;
         }
         if (nameType.equalsIgnoreCase("OIDName")) {
-          return true;
+            return true;
         }
         if (nameType.equalsIgnoreCase("OtherName")) {
-          return true;
+            return true;
         }
         return false;
     }
 
     protected GeneralNameInterface parseGeneralName(String nameType, String nameValue)
-        throws IOException 
-    {
+            throws IOException {
         if (nameType.equalsIgnoreCase("RFC822Name")) {
             return new RFC822Name(nameValue);
         }
@@ -458,7 +453,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
             return new DNSName(nameValue);
         }
         if (nameType.equalsIgnoreCase("x400")) {
-             // XXX
+            // XXX
         }
         if (nameType.equalsIgnoreCase("DirectoryName")) {
             return new X500Name(nameValue);
@@ -476,153 +471,153 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
                 StringTokenizer st = new StringTokenizer(nameValue, "/");
                 String addr = st.nextToken();
                 String netmask = st.nextToken();
-                CMS.debug("addr:" + addr +" netmask: "+netmask);
+                CMS.debug("addr:" + addr + " netmask: " + netmask);
                 return new IPAddressName(addr, netmask);
-             } else {
+            } else {
                 return new IPAddressName(nameValue);
-             }
+            }
         }
         if (nameType.equalsIgnoreCase("OIDName")) {
             try {
-              // check if OID
-              ObjectIdentifier oid = new ObjectIdentifier(nameValue);
+                // check if OID
+                ObjectIdentifier oid = new ObjectIdentifier(nameValue);
             } catch (Exception e) {
-              return null;
+                return null;
             }
             return new OIDName(nameValue);
-        } 
+        }
         if (nameType.equals("OtherName")) {
             if (nameValue == null || nameValue.length() == 0)
                 nameValue = " ";
             if (nameValue.startsWith("(PrintableString)")) {
-              // format: OtherName: (PrintableString)oid,value
-              int pos0 = nameValue.indexOf(')');
-              int pos1 = nameValue.indexOf(',');
-              if (pos1 == -1)
-                return null;
-              String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
-              String on_value = nameValue.substring(pos1 + 1).trim();
-              if (isValidOID(on_oid)) {
-                return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_PrintableString, on_value);
-              } else {
-                return null;
-              }
+                // format: OtherName: (PrintableString)oid,value
+                int pos0 = nameValue.indexOf(')');
+                int pos1 = nameValue.indexOf(',');
+                if (pos1 == -1)
+                    return null;
+                String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
+                String on_value = nameValue.substring(pos1 + 1).trim();
+                if (isValidOID(on_oid)) {
+                    return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_PrintableString, on_value);
+                } else {
+                    return null;
+                }
             } else if (nameValue.startsWith("(KerberosName)")) {
                 // Syntax: (KerberosName)Realm|NameType|NameString(s)
-              int pos0 = nameValue.indexOf(')');
-              int pos1 = nameValue.indexOf('|');
-              int pos2 = nameValue.lastIndexOf('|');
-              String realm = nameValue.substring(pos0 + 1, pos1).trim();
-              String name_type = nameValue.substring(pos1 + 1, pos2).trim();
-              String name_strings = nameValue.substring(pos2 + 1).trim();
-              Vector<String> strings = new Vector<String>();
-              StringTokenizer st = new StringTokenizer(name_strings, ",");
-              while (st.hasMoreTokens()) {
-                     strings.addElement(st.nextToken());
-              }
-              KerberosName name = new KerberosName(realm, 
-                    Integer.parseInt(name_type), strings);
-              // krb5 OBJECT IDENTIFIER ::= { iso (1)
-              //                    org (3)
-              //                    dod (6)
-              //                    internet (1)
-              //                    security (5)
-              //                    kerberosv5 (2) }
-              // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 }
-              return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME,
-                       name.toByteArray());
+                int pos0 = nameValue.indexOf(')');
+                int pos1 = nameValue.indexOf('|');
+                int pos2 = nameValue.lastIndexOf('|');
+                String realm = nameValue.substring(pos0 + 1, pos1).trim();
+                String name_type = nameValue.substring(pos1 + 1, pos2).trim();
+                String name_strings = nameValue.substring(pos2 + 1).trim();
+                Vector<String> strings = new Vector<String>();
+                StringTokenizer st = new StringTokenizer(name_strings, ",");
+                while (st.hasMoreTokens()) {
+                    strings.addElement(st.nextToken());
+                }
+                KerberosName name = new KerberosName(realm,
+                        Integer.parseInt(name_type), strings);
+                // krb5 OBJECT IDENTIFIER ::= { iso (1)
+                //                    org (3)
+                //                    dod (6)
+                //                    internet (1)
+                //                    security (5)
+                //                    kerberosv5 (2) }
+                // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 }
+                return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME,
+                        name.toByteArray());
             } else if (nameValue.startsWith("(IA5String)")) {
-              int pos0 = nameValue.indexOf(')');
-              int pos1 = nameValue.indexOf(',');
-              if (pos1 == -1)
-                return null;
-              String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
-              String on_value = nameValue.substring(pos1 + 1).trim();
-              if (isValidOID(on_oid)) {
-                return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_IA5String, on_value);
-              } else {
-                return null;
-              }
+                int pos0 = nameValue.indexOf(')');
+                int pos1 = nameValue.indexOf(',');
+                if (pos1 == -1)
+                    return null;
+                String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
+                String on_value = nameValue.substring(pos1 + 1).trim();
+                if (isValidOID(on_oid)) {
+                    return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_IA5String, on_value);
+                } else {
+                    return null;
+                }
             } else if (nameValue.startsWith("(UTF8String)")) {
-              int pos0 = nameValue.indexOf(')');
-              int pos1 = nameValue.indexOf(',');
-              if (pos1 == -1)
-                return null;
-              String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
-              String on_value = nameValue.substring(pos1 + 1).trim();
-              if (isValidOID(on_oid)) {
-                return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_UTF8String, on_value);
-              } else {
-                return null;
-              }
+                int pos0 = nameValue.indexOf(')');
+                int pos1 = nameValue.indexOf(',');
+                if (pos1 == -1)
+                    return null;
+                String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
+                String on_value = nameValue.substring(pos1 + 1).trim();
+                if (isValidOID(on_oid)) {
+                    return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_UTF8String, on_value);
+                } else {
+                    return null;
+                }
             } else if (nameValue.startsWith("(BMPString)")) {
-              int pos0 = nameValue.indexOf(')');
-              int pos1 = nameValue.indexOf(',');
-              if (pos1 == -1)
-                return null;
-              String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
-              String on_value = nameValue.substring(pos1 + 1).trim();
-              if (isValidOID(on_oid)) {
-                return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_BMPString, on_value);
-              } else {
-                return null;
-              }
+                int pos0 = nameValue.indexOf(')');
+                int pos1 = nameValue.indexOf(',');
+                if (pos1 == -1)
+                    return null;
+                String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
+                String on_value = nameValue.substring(pos1 + 1).trim();
+                if (isValidOID(on_oid)) {
+                    return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_BMPString, on_value);
+                } else {
+                    return null;
+                }
             } else if (nameValue.startsWith("(Any)")) {
-              int pos0 = nameValue.indexOf(')');
-              int pos1 = nameValue.indexOf(',');
-              if (pos1 == -1)
-                return null;
-              String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
-              String on_value = nameValue.substring(pos1 + 1).trim();
-              if (isValidOID(on_oid)) {
-                CMS.debug("OID: " + on_oid + " Value:" + on_value);
-                return new OtherName(new ObjectIdentifier(on_oid), getBytes(on_value));
-              } else {
-                CMS.debug("Invalid OID " + on_oid);
-                return null;
-              }
+                int pos0 = nameValue.indexOf(')');
+                int pos1 = nameValue.indexOf(',');
+                if (pos1 == -1)
+                    return null;
+                String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
+                String on_value = nameValue.substring(pos1 + 1).trim();
+                if (isValidOID(on_oid)) {
+                    CMS.debug("OID: " + on_oid + " Value:" + on_value);
+                    return new OtherName(new ObjectIdentifier(on_oid), getBytes(on_value));
+                } else {
+                    CMS.debug("Invalid OID " + on_oid);
+                    return null;
+                }
             } else {
-               return null;
+                return null;
             }
         }
         return null;
     }
 
-/**
- * Converts string containing pairs of characters in the range of '0' 
- * to '9', 'a' to 'f' to an array of bytes such that each pair of 
- * characters in the string represents an individual byte
- */
+    /**
+     * Converts string containing pairs of characters in the range of '0'
+     * to '9', 'a' to 'f' to an array of bytes such that each pair of
+     * characters in the string represents an individual byte
+     */
     public byte[] getBytes(String string) {
-      if (string == null)
-        return null;
-      int stringLength = string.length();
-      if ((stringLength == 0) || ((stringLength % 2) != 0))
-        return null;
-      byte[] bytes = new byte[ (stringLength / 2) ];
-      for (int i = 0, b = 0; i < stringLength; i += 2, ++b) {
-        String nextByte = string.substring(i, (i + 2));
-        bytes[b] = (byte)Integer.parseInt(nextByte, 0x10);
-      } 
-      return bytes;
+        if (string == null)
+            return null;
+        int stringLength = string.length();
+        if ((stringLength == 0) || ((stringLength % 2) != 0))
+            return null;
+        byte[] bytes = new byte[(stringLength / 2)];
+        for (int i = 0, b = 0; i < stringLength; i += 2, ++b) {
+            String nextByte = string.substring(i, (i + 2));
+            bytes[b] = (byte) Integer.parseInt(nextByte, 0x10);
+        }
+        return bytes;
     }
 
     /**
      * Check if a object identifier in string form is valid,
      * that is a string in the form n.n.n.n and der encode and decode-able.
+     * 
      * @param oid object identifier string.
      * @return true if the oid is valid
      */
-    public boolean isValidOID(String oid)
-    {
-         ObjectIdentifier v = null;
+    public boolean isValidOID(String oid) {
+        ObjectIdentifier v = null;
         try {
             v = ObjectIdentifier.getObjectIdentifier(oid);
         } catch (Exception e) {
-           return false;
+            return false;
         }
         if (v == null)
-           return false;
+            return false;
 
         // if the OID isn't valid (ex. n.n) the error isn't caught til
         // encoding time leaving a bad request in the request queue.
@@ -632,7 +627,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
             derOut.putOID(v);
             new ObjectIdentifier(new DerInputStream(derOut.toByteArray()));
         } catch (Exception e) {
-           return false;
+            return false;
         }
         return true;
     }
@@ -641,7 +636,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
         StringBuffer sb = new StringBuffer();
 
         for (int i = 0; i < recs.size(); i++) {
-            NameValuePairs pairs =  recs.elementAt(i);
+            NameValuePairs pairs = recs.elementAt(i);
 
             sb.append("Record #");
             sb.append(i);
@@ -658,7 +653,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
                 sb.append("\r\n");
             }
             sb.append("\r\n");
-		
+
         }
         return sb.toString();
     }
@@ -670,15 +665,15 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
         NameValuePairs nvps = null;
 
         while (st.hasMoreTokens()) {
-            String token =  st.nextToken();
+            String token = st.nextToken();
 
             if (token.equals("Record #" + num)) {
                 CMS.debug("parseRecords: Record" + num);
                 nvps = new NameValuePairs();
                 v.addElement(nvps);
                 try {
-                    token =  st.nextToken();
-                } catch (NoSuchElementException e) { 
+                    token = st.nextToken();
+                } catch (NoSuchElementException e) {
                     v.removeElementAt(num);
                     CMS.debug(e.toString());
                     return v;
@@ -688,7 +683,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
 
             if (nvps == null)
                 throw new EPropertyException("Bad Input Format");
-       
+
             int pos = token.indexOf(":");
 
             if (pos <= 0) {
@@ -706,8 +701,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
         return v;
     }
 
-    protected String getGeneralNameType(GeneralName gn) 
-        throws EPropertyException {
+    protected String getGeneralNameType(GeneralName gn)
+            throws EPropertyException {
         int type = gn.getType();
 
         if (type == GeneralNameInterface.NAME_RFC822)
@@ -762,17 +757,17 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
     }
 
     public String toGeneralNameString(GeneralNameInterface gn) {
-        int type = gn.getType(); 
+        int type = gn.getType();
         // Sun's General Name is not consistent, so we need
         // to do a special case for directory string
         if (type == GeneralNameInterface.NAME_DIRECTORY) {
-            return "DirectoryName: " +  gn.toString();
+            return "DirectoryName: " + gn.toString();
         }
         return gn.toString();
     }
 
     protected String mapPattern(IRequest request, String pattern)
-      throws IOException {
+            throws IOException {
         Pattern p = new Pattern(pattern);
         IAttrSet attrSet = null;
         if (request != null) {
@@ -781,30 +776,32 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
         return p.substitute2("request", attrSet);
     }
 
-    protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape)
-    {
+    protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) {
         StringBuffer result = new StringBuffer();
 
         // Do we need to escape any characters
         for (int i = 0; i < v.length(); i++) {
             int c = v.charAt(i);
             if (c == ',' || c == '=' || c == '+' || c == '<' ||
-                c == '>' || c == '#' || c == ';' || c == '\r' ||
-                c == '\n' || c == '\\' || c == '"') {
-                if ((c == 0x5c) && ((i+1) < v.length())) {
-                    int nextC = v.charAt(i+1);
+                    c == '>' || c == '#' || c == ';' || c == '\r' ||
+                    c == '\n' || c == '\\' || c == '"') {
+                if ((c == 0x5c) && ((i + 1) < v.length())) {
+                    int nextC = v.charAt(i + 1);
                     if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' ||
                                         nextC == '<' || nextC == '>' || nextC == '#' ||
                                         nextC == ';' || nextC == '\r' || nextC == '\n' ||
                                         nextC == '\\' || nextC == '"')) {
-                        if (doubleEscape) result.append('\\');
+                        if (doubleEscape)
+                            result.append('\\');
                     } else {
                         result.append('\\');
-                        if (doubleEscape) result.append('\\');
+                        if (doubleEscape)
+                            result.append('\\');
                     }
                 } else {
                     result.append('\\');
-                    if (doubleEscape) result.append('\\');
+                    if (doubleEscape)
+                        result.append('\\');
                 }
             }
             if (c == '\r') {
@@ -812,10 +809,10 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
             } else if (c == '\n') {
                 result.append("0A");
             } else {
-                result.append((char)c);
+                result.append((char) c);
             }
         }
         return result;
     }
- 
+
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java
index 7cf2a359..24f79cde 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java
@@ -17,14 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
-
-
 /**
- * This class implements an enrollment extension 
+ * This class implements an enrollment extension
  * default policy that extension into the certificate
  * template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public abstract class EnrollExtDefault extends EnrollDefault {
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java
index 62d21cc8..15dec541 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.StringTokenizer;
@@ -35,12 +34,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates Extended Key Usage extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
@@ -60,17 +58,17 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_OIDS)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_OIDS"));
         }
@@ -91,51 +89,49 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         ExtendedKeyUsageExtension ext = null;
 
-
         ext = (ExtendedKeyUsageExtension)
                     getExtension(ExtendedKeyUsageExtension.OID, info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
-        } 
-        if (name == null) { 
+        }
+        if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_CRITICAL)) {
             ext = (ExtendedKeyUsageExtension)
-                    getExtension(ExtendedKeyUsageExtension.OID, info); 
-            boolean val = Boolean.valueOf(value).booleanValue(); 
+                    getExtension(ExtendedKeyUsageExtension.OID, info);
+            boolean val = Boolean.valueOf(value).booleanValue();
 
-            if(ext == null) {
+            if (ext == null) {
                 return;
             }
-            ext.setCritical(val);	    
+            ext.setCritical(val);
         } else if (name.equals(VAL_OIDS)) {
             ext = (ExtendedKeyUsageExtension)
                     getExtension(ExtendedKeyUsageExtension.OID, info);
             //		ext.deleteAllOIDs();
             StringTokenizer st = new StringTokenizer(value, ",");
 
-            if(ext == null) {
+            if (ext == null) {
                 return;
             }
             while (st.hasMoreTokens()) {
                 String oid = st.nextToken();
 
-                ext.addOID(new ObjectIdentifier(oid));	
+                ext.addOID(new ObjectIdentifier(oid));
             }
         } else {
             throw new EPropertyException(CMS.getUserMessage(
@@ -151,8 +147,8 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
@@ -160,23 +156,21 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
 
         ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension)
                 getExtension(ExtendedKeyUsageExtension.OID, info);
-       
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (ExtendedKeyUsageExtension)
-                getExtension(ExtendedKeyUsageExtension.OID, info);
+                    getExtension(ExtendedKeyUsageExtension.OID, info);
 
             if (ext == null) {
                 return null;
@@ -188,20 +182,20 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
             }
         } else if (name.equals(VAL_OIDS)) {
             ext = (ExtendedKeyUsageExtension)
-                getExtension(ExtendedKeyUsageExtension.OID, info);
+                    getExtension(ExtendedKeyUsageExtension.OID, info);
             StringBuffer sb = new StringBuffer();
-            if(ext == null) {
+            if (ext == null) {
                 return "";
             }
             Enumeration e = ext.getOIDs();
 
             while (e.hasMoreElements()) {
                 ObjectIdentifier oid = (ObjectIdentifier)
-                    e.nextElement();
+                        e.nextElement();
 
                 if (!sb.toString().equals("")) {
                     sb.append(",");
-                }	
+                }
                 sb.append(oid.toString());
             }
             return sb.toString();
@@ -213,11 +207,11 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
 
     public String getText(Locale locale) {
         String params[] = {
-                getConfig(CONFIG_CRITICAL), 
+                getConfig(CONFIG_CRITICAL),
                 getConfig(CONFIG_OIDS)
             };
 
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_DEF_EXTENDED_KEY_EXT", params);
     }
 
@@ -225,20 +219,20 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         ExtendedKeyUsageExtension ext = createExtension();
 
         addExtension(ExtendedKeyUsageExtension.OID, ext, info);
     }
 
     public ExtendedKeyUsageExtension createExtension() {
-        ExtendedKeyUsageExtension ext = null; 
+        ExtendedKeyUsageExtension ext = null;
 
         try {
             ext = new ExtendedKeyUsageExtension();
         } catch (Exception e) {
             CMS.debug("ExtendedKeyUsageExtDefault: createExtension " +
-                e.toString());
+                    e.toString());
         }
         if (ext == null)
             return null;
@@ -250,7 +244,7 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
         while (st.hasMoreTokens()) {
             String oid = st.nextToken();
 
-            ext.addOID(new ObjectIdentifier(oid));	
+            ext.addOID(new ObjectIdentifier(oid));
         }
         return ext;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java
index 13af0426..d5ac9247 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -42,12 +41,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates Freshest CRL extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class FreshestCRLExtDefault extends EnrollExtDefault {
@@ -61,8 +59,8 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
     public static final String CONFIG_ENABLE = "freshestCRLPointEnable_";
 
     public static final String VAL_CRITICAL = "freshestCRLCritical";
-    public static final String VAL_CRL_DISTRIBUTION_POINTS = 
-        "freshestCRLPointsValue";
+    public static final String VAL_CRL_DISTRIBUTION_POINTS =
+            "freshestCRLPointsValue";
 
     private static final String POINT_TYPE = "Point Type";
     private static final String POINT_NAME = "Point Name";
@@ -78,12 +76,11 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         refreshConfigAndValueNames();
     }
 
-    
     protected int getNumPoints() {
         int num = DEF_NUM_POINTS;
         String val = getConfig(CONFIG_NUM_POINTS);
@@ -103,26 +100,25 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         int num = 0;
         if (name.equals(CONFIG_NUM_POINTS)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_POINTS || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_POINTS || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
-          }
+            }
         }
         super.setConfig(name, value);
     }
 
-
     public Enumeration<String> getConfigNames() {
         refreshConfigAndValueNames();
         return super.getConfigNames();
@@ -149,47 +145,47 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
 
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        if (name.equals(CONFIG_CRITICAL)) { 
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        if (name.equals(CONFIG_CRITICAL)) {
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.startsWith(CONFIG_POINT_TYPE)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE"));
         } else if (name.startsWith(CONFIG_POINT_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME"));
         } else if (name.startsWith(CONFIG_ISSUER_TYPE)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE"));
         } else if (name.startsWith(CONFIG_ISSUER_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME"));
         } else if (name.startsWith(CONFIG_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
         } else if (name.startsWith(CONFIG_NUM_POINTS)) {
             return new Descriptor(IDescriptor.INTEGER, null,
-                   "1",
-                   CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS"));
+                    "1",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS"));
         } else {
             return null;
         }
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) { 
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+        if (name.equals(VAL_CRITICAL)) {
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS"));
         } else {
@@ -198,39 +194,39 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             FreshestCRLExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (FreshestCRLExtension)
                         getExtension(FreshestCRLExtension.OID,
-                            info);
+                                info);
 
-            if(ext == null)  {
-                populate(locale,info);
+            if (ext == null) {
+                populate(locale, info);
             }
-            
+
             if (name.equals(VAL_CRITICAL)) {
                 ext = (FreshestCRLExtension)
-                        getExtension(FreshestCRLExtension.OID, 
-                            info);
+                        getExtension(FreshestCRLExtension.OID,
+                                info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
                 ext = (FreshestCRLExtension)
-                        getExtension(FreshestCRLExtension.OID, 
-                            info);
+                        getExtension(FreshestCRLExtension.OID,
+                                info);
 
                 Vector<NameValuePairs> v = parseRecords(value);
                 int size = v.size();
-              
+
                 boolean critical = ext.isCritical();
                 int i = 0;
 
@@ -266,7 +262,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
                         if (issuerType != null)
                             addIssuer(locale, cdp, issuerType, issuerValue);
 
-                            // this is the first distribution point
+                        // this is the first distribution point
                         if (i == 0) {
                             ext = new FreshestCRLExtension(cdp);
                             ext.setCritical(critical);
@@ -276,100 +272,99 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
                     }
                 }
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             replaceExtension(PKIXExtensions.FreshestCRL_Id.toString(),
-                ext, info);
+                    ext, info);
         } catch (EProfileException e) {
-            CMS.debug("FreshestCRLExtDefault: setValue " + 
-                e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            CMS.debug("FreshestCRLExtDefault: setValue " +
+                    e.toString());
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type,
-        String value) throws EPropertyException {
+            String value) throws EPropertyException {
         try {
             if (value == null || value.length() == 0)
                 return;
-        
+
             if (isGeneralNameType(type)) {
                 GeneralNames gen = new GeneralNames();
 
-                gen.addElement(parseGeneralName(type,value));
+                gen.addElement(parseGeneralName(type, value));
                 cdp.setFullName(gen);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", type));
             }
         } catch (IOException e) {
-            CMS.debug("FreshestCRLExtDefault: addCRLPoint " + 
-                e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            CMS.debug("FreshestCRLExtDefault: addCRLPoint " +
+                    e.toString());
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", type));
         } catch (GeneralNamesException e) {
-            CMS.debug("FreshestCRLExtDefault: addCRLPoint " + 
-                e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            CMS.debug("FreshestCRLExtDefault: addCRLPoint " +
+                    e.toString());
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", type));
         }
     }
 
     private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type,
-        String value) throws EPropertyException {
+            String value) throws EPropertyException {
         if (value == null || value.length() == 0)
             return;
         try {
             if (isGeneralNameType(type)) {
                 GeneralNames gen = new GeneralNames();
 
-                gen.addElement(parseGeneralName(type,value));
+                gen.addElement(parseGeneralName(type, value));
                 cdp.setCRLIssuer(gen);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", type));
             }
         } catch (IOException e) {
-            CMS.debug("FreshestCRLExtDefault: addIssuer " + 
-                e.toString());
+            CMS.debug("FreshestCRLExtDefault: addIssuer " +
+                    e.toString());
         } catch (GeneralNamesException e) {
-            CMS.debug("FreshestCRLExtDefault: addIssuer " + 
-                e.toString());
+            CMS.debug("FreshestCRLExtDefault: addIssuer " +
+                    e.toString());
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         FreshestCRLExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         ext = (FreshestCRLExtension)
                     getExtension(FreshestCRLExtension.OID,
-                        info);
-        if(ext == null)
-        {
+                            info);
+        if (ext == null) {
             try {
-                populate(locale,info);
+                populate(locale, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (FreshestCRLExtension)
-                    getExtension(FreshestCRLExtension.OID, 
-                        info);
+                    getExtension(FreshestCRLExtension.OID,
+                            info);
 
             if (ext == null) {
                 return null;
@@ -379,10 +374,10 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { 
+        } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
             ext = (FreshestCRLExtension)
-                    getExtension(FreshestCRLExtension.OID, 
-                        info);
+                    getExtension(FreshestCRLExtension.OID,
+                            info);
 
             if (ext == null)
                 return "";
@@ -395,7 +390,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
                 NameValuePairs pairs = null;
 
                 if (i < ext.getNumPoints()) {
-                    CRLDistributionPoint p = ext.getPointAt(i); 
+                    CRLDistributionPoint p = ext.getPointAt(i);
                     GeneralNames gns = p.getFullName();
 
                     pairs = buildGeneralNames(gns, p);
@@ -404,10 +399,10 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
                 }
                 recs.addElement(pairs);
             }
-                
+
             return buildRecords(recs);
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -424,7 +419,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
     }
 
     protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p)
-        throws EPropertyException {
+            throws EPropertyException {
 
         NameValuePairs pairs = new NameValuePairs();
 
@@ -495,8 +490,8 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
             sb.append(getConfig(CONFIG_ENABLE + i));
             sb.append("}");
         }
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_DEF_FRESHEST_CRL_EXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_DEF_FRESHEST_CRL_EXT",
                 getConfig(CONFIG_CRITICAL),
                 sb.toString());
     }
@@ -505,7 +500,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         FreshestCRLExtension ext = createExtension(request);
 
         if (ext == null)
@@ -519,14 +514,14 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
 
         try {
             boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-                        ext.setCritical(critical);
+            ext.setCritical(critical);
 
             num = getNumPoints();
             for (int i = 0; i < num; i++) {
                 CRLDistributionPoint cdp = new CRLDistributionPoint();
 
-                String enable = getConfig(CONFIG_ENABLE + i); 
-                String pointType = getConfig(CONFIG_POINT_TYPE + i); 
+                String enable = getConfig(CONFIG_ENABLE + i);
+                String pointType = getConfig(CONFIG_POINT_TYPE + i);
                 String pointName = getConfig(CONFIG_POINT_NAME + i);
                 String issuerType = getConfig(CONFIG_ISSUER_TYPE + i);
                 String issuerName = getConfig(CONFIG_ISSUER_NAME + i);
@@ -537,12 +532,12 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
                     if (issuerType != null)
                         addIssuer(getLocale(request), cdp, issuerType, issuerName);
 
-                        ext.addPoint(cdp);
+                    ext.addPoint(cdp);
                 }
             }
         } catch (Exception e) {
             CMS.debug("FreshestCRLExtDefault: createExtension " +
-                e.toString());
+                    e.toString());
         }
 
         return ext;
@@ -552,7 +547,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     private void populate(Locale locale, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         FreshestCRLExtension ext = createExtension(locale);
 
         if (ext == null)
@@ -589,7 +584,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
             }
         } catch (Exception e) {
             CMS.debug("FreshestCRLExtDefault: createExtension " +
-                e.toString());
+                    e.toString());
         }
 
         return ext;
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java
index 4051f31a..1797091b 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.util.Locale;
 
 import netscape.security.util.DerOutputStream;
@@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a Netscape comment extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class GenericExtDefault extends EnrollExtDefault {
@@ -62,13 +60,13 @@ public class GenericExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_OID)) {
@@ -86,7 +84,7 @@ public class GenericExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_DATA)) {
@@ -99,13 +97,13 @@ public class GenericExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             Extension ext = null;
 
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -114,28 +112,28 @@ public class GenericExtDefault extends EnrollExtDefault {
             ext = (Extension)
                         getExtension(oid.toString(), info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
             }
 
             if (name.equals(VAL_CRITICAL)) {
                 ext = (Extension)
                         getExtension(oid.toString(), info);
-                if (ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 boolean val = Boolean.valueOf(value).booleanValue();
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_DATA)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_DATA)) {
                 ext = (Extension)
                         getExtension(oid.toString(), info);
-                if (ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 byte data[] = getBytes(value);
-		ext.setExtensionValue(data);
+                ext.setExtensionValue(data);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -146,12 +144,12 @@ public class GenericExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         Extension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
@@ -160,14 +158,13 @@ public class GenericExtDefault extends EnrollExtDefault {
         ext = (Extension)
                     getExtension(oid.toString(), info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
@@ -185,7 +182,7 @@ public class GenericExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_DATA)) { 
+        } else if (name.equals(VAL_DATA)) {
 
             ext = (Extension)
                     getExtension(oid.toString(), info);
@@ -197,17 +194,17 @@ public class GenericExtDefault extends EnrollExtDefault {
 
             if (data == null)
                 return "";
-   
+
             return toStr(data);
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
         String params[] = {
-                getConfig(CONFIG_CRITICAL), 
+                getConfig(CONFIG_CRITICAL),
                 getConfig(CONFIG_OID),
                 getConfig(CONFIG_DATA)
             };
@@ -218,10 +215,10 @@ public class GenericExtDefault extends EnrollExtDefault {
     public String toStr(byte data[]) {
         StringBuffer b = new StringBuffer();
         for (int i = 0; i < data.length; i++) {
-           if ((data[i] & 0xff) < 16) {
-              b.append("0");
-           }
-           b.append(Integer.toString((int)(data[i] & 0xff), 0x10));
+            if ((data[i] & 0xff) < 16) {
+                b.append("0");
+            }
+            b.append(Integer.toString((int) (data[i] & 0xff), 0x10));
         }
         return b.toString();
     }
@@ -230,14 +227,14 @@ public class GenericExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         Extension ext = createExtension(request);
 
         addExtension(ext.getExtensionId().toString(), ext, info);
     }
 
     public Extension createExtension(IRequest request) {
-        Extension ext = null; 
+        Extension ext = null;
 
         try {
             boolean critical = getConfigBoolean(CONFIG_CRITICAL);
@@ -250,13 +247,13 @@ public class GenericExtDefault extends EnrollExtDefault {
                 data = getBytes(mapPattern(request, getConfig(CONFIG_DATA)));
             }
 
-	    DerOutputStream out = new DerOutputStream();
+            DerOutputStream out = new DerOutputStream();
             out.putOctetString(data);
 
             ext = new Extension(oid, critical, out.toByteArray());
         } catch (Exception e) {
-            CMS.debug("GenericExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("GenericExtDefault: createExtension " +
+                    e.toString());
         }
         return ext;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java
index 5bb8abd4..16a7ac40 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.X509CertInfo;
@@ -31,11 +30,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that shows an image in the approval page.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ImageDefault extends EnrollDefault {
@@ -50,7 +48,7 @@ public class ImageDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -68,12 +66,12 @@ public class ImageDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
     }
 
     public String getValue(String name, Locale locale, IRequest request)
-        throws EPropertyException {
+            throws EPropertyException {
 
         if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
@@ -89,19 +87,19 @@ public class ImageDefault extends EnrollDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException { 
+            X509CertInfo info)
+            throws EPropertyException {
         return null;
     }
 
     public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE" );
+        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE");
     }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java
index c6bbc7f7..97cfb3ff 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.math.BigInteger;
 import java.util.Locale;
 
@@ -34,10 +33,9 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an inhibit Any-Policy extension
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
@@ -61,31 +59,31 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
             return new Descriptor(IDescriptor.BOOLEAN, null, "true",
-              CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
+                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.startsWith(CONFIG_SKIP_CERTS)) {
             return new Descriptor(IDescriptor.INTEGER, null, "0",
-              CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS"));
+                    CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS"));
         } else {
             return null;
         }
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (name.equals(CONFIG_SKIP_CERTS)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_SKIP_CERTS));
-          }
+            }
         }
         super.setConfig(name, value);
     }
@@ -93,36 +91,36 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
             return new Descriptor(IDescriptor.BOOLEAN, null, "true",
-              CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
+                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_SKIP_CERTS)) {
             return new Descriptor(IDescriptor.INTEGER, null, "0",
-              CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS"));
+                    CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS"));
         } else {
             return null;
         }
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             InhibitAnyPolicyExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (InhibitAnyPolicyExtension)
-              getExtension(InhibitAnyPolicyExtension.OID, info);
+                    getExtension(InhibitAnyPolicyExtension.OID, info);
 
-            if(ext == null)  {
-                populate(null,info);
-            } 
+            if (ext == null) {
+                populate(null, info);
+            }
 
             if (name.equals(VAL_CRITICAL)) {
                 ext = (InhibitAnyPolicyExtension)
-                  getExtension(InhibitAnyPolicyExtension.OID, info);
+                        getExtension(InhibitAnyPolicyExtension.OID, info);
 
                 if (ext == null) {
                     // it is ok, the extension is never populated or delted
@@ -133,7 +131,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
                 ext.setCritical(critical);
             } else if (name.equals(VAL_SKIP_CERTS)) {
                 ext = (InhibitAnyPolicyExtension)
-                  getExtension(InhibitAnyPolicyExtension.OID, info);
+                        getExtension(InhibitAnyPolicyExtension.OID, info);
 
                 if (ext == null) {
                     // it is ok, the extension is never populated or delted
@@ -150,48 +148,47 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
                     BigInteger l = new BigInteger(value);
                     num = new BigInt(l);
                 } catch (Exception e) {
-                    throw new EPropertyException(CMS.getUserMessage( 
-                        locale, "CMS_INVALID_PROPERTY", name));
+                    throw new EPropertyException(CMS.getUserMessage(
+                            locale, "CMS_INVALID_PROPERTY", name));
                 }
                 ext = new InhibitAnyPolicyExtension(critical,
-                  num);
+                        num);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
             replaceExtension(InhibitAnyPolicyExtension.OID, ext, info);
         } catch (EProfileException e) {
             CMS.debug("InhibitAnyPolicyExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
-                 locale, "CMS_INVALID_PROPERTY", name));
+            throw new EPropertyException(CMS.getUserMessage(
+                    locale, "CMS_INVALID_PROPERTY", name));
         }
 
         InhibitAnyPolicyExtension ext =
-          (InhibitAnyPolicyExtension)
-          getExtension(InhibitAnyPolicyExtension.OID, info);
+                (InhibitAnyPolicyExtension)
+                getExtension(InhibitAnyPolicyExtension.OID, info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
             } catch (EProfileException e) {
                 throw new EPropertyException(CMS.getUserMessage(
-                  locale, "CMS_INVALID_PROPERTY", name));
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (InhibitAnyPolicyExtension)
-              getExtension(InhibitAnyPolicyExtension.OID, info);
+                    getExtension(InhibitAnyPolicyExtension.OID, info);
 
             if (ext == null) {
                 return null;
@@ -203,17 +200,17 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
             }
         } else if (name.equals(VAL_SKIP_CERTS)) {
             ext = (InhibitAnyPolicyExtension)
-              getExtension(InhibitAnyPolicyExtension.OID, info);
+                    getExtension(InhibitAnyPolicyExtension.OID, info);
             if (ext == null) {
                 return null;
             }
 
             BigInt n = ext.getSkipCerts();
-            return ""+n.toInt();
+            return "" + n.toInt();
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
-              locale, "CMS_INVALID_PROPERTY", name));
-       }
+            throw new EPropertyException(CMS.getUserMessage(
+                    locale, "CMS_INVALID_PROPERTY", name));
+        }
     }
 
     /*
@@ -221,20 +218,20 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
      * a profile
      */
     public String getText(Locale locale) {
-	StringBuffer sb = new StringBuffer();
+        StringBuffer sb = new StringBuffer();
         sb.append(SKIP_CERTS + ":");
         sb.append(getConfig(CONFIG_SKIP_CERTS));
 
-        return CMS.getUserMessage(locale, 
-          "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT", 
-          getConfig(CONFIG_CRITICAL), sb.toString());
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT",
+                getConfig(CONFIG_CRITICAL), sb.toString());
     }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         InhibitAnyPolicyExtension ext = null;
 
         ext = createExtension(request);
@@ -242,7 +239,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
     }
 
     public InhibitAnyPolicyExtension createExtension(IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         InhibitAnyPolicyExtension ext = null;
 
         boolean critical = Boolean.valueOf(
@@ -259,7 +256,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
                 val = new BigInt(b);
             } catch (NumberFormatException e) {
                 throw new EProfileException(
-                CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS"));
+                        CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS"));
             }
 
             try {
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java
index 40bd4876..e2355dc6 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -39,12 +38,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a issuer alternative name extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class IssuerAltNameExtDefault extends EnrollExtDefault {
@@ -67,25 +65,25 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_TYPE)) {
             return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName",
                     "RFC822Name",
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_ISSUER_ALT_NAME_TYPE"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_ISSUER_ALT_NAME_TYPE"));
         } else if (name.equals(CONFIG_PATTERN)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN"));
         } else {
             return null;
         }
@@ -93,11 +91,11 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_GENERAL_NAMES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES"));
         } else {
@@ -106,13 +104,13 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             IssuerAlternativeNameExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -120,20 +118,19 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
                         (IssuerAlternativeNameExtension)
                         getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
 
-            if(ext == null)
-            {
+            if (ext == null) {
                 try {
-                    populate(null,info);
+                    populate(null, info);
 
                 } catch (EProfileException e) {
-                     throw new EPropertyException(CMS.getUserMessage(
-                          locale, "CMS_INVALID_PROPERTY", name));
+                    throw new EPropertyException(CMS.getUserMessage(
+                            locale, "CMS_INVALID_PROPERTY", name));
                 }
 
             }
- 
+
             if (name.equals(VAL_CRITICAL)) {
-                ext = 
+                ext =
                         (IssuerAlternativeNameExtension)
                         getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
 
@@ -145,7 +142,7 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
 
                 ext.setCritical(critical);
             } else if (name.equals(VAL_GENERAL_NAMES)) {
-                ext = 
+                ext =
                         (IssuerAlternativeNameExtension)
                         getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
 
@@ -166,34 +163,34 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
 
                     GeneralNameInterface n = parseGeneralName(gname);
                     if (n != null) {
-                      gn.addElement(n);
+                        gn.addElement(n);
                     }
                 }
                 ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
             replaceExtension(
-                PKIXExtensions.IssuerAlternativeName_Id.toString(),
-                ext, info);
+                    PKIXExtensions.IssuerAlternativeName_Id.toString(),
+                    ext, info);
         } catch (IOException e) {
             CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } catch (EProfileException e) {
             CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         try {
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -201,23 +198,22 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
                     (IssuerAlternativeNameExtension)
                     getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
 
-            if(ext == null)
-            {
+            if (ext == null) {
 
                 try {
-                    populate(null,info);
+                    populate(null, info);
 
                 } catch (EProfileException e) {
-                     throw new EPropertyException(CMS.getUserMessage(
-                          locale, "CMS_INVALID_PROPERTY", name));
+                    throw new EPropertyException(CMS.getUserMessage(
+                            locale, "CMS_INVALID_PROPERTY", name));
                 }
 
             }
 
             if (name.equals(VAL_CRITICAL)) {
-                ext = 
-                    (IssuerAlternativeNameExtension)
-                    getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
+                ext =
+                        (IssuerAlternativeNameExtension)
+                        getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
 
                 if (ext == null) {
                     return null;
@@ -228,16 +224,15 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
                     return "false";
                 }
             } else if (name.equals(VAL_GENERAL_NAMES)) {
-                ext = 
-                    (IssuerAlternativeNameExtension)
-                    getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
-                if(ext == null)
-                {
+                ext =
+                        (IssuerAlternativeNameExtension)
+                        getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
+                if (ext == null) {
                     return "";
                 }
 
                 GeneralNames names = (GeneralNames)
-                    ext.get(IssuerAlternativeNameExtension.ISSUER_NAME);
+                        ext.get(IssuerAlternativeNameExtension.ISSUER_NAME);
                 StringBuffer sb = new StringBuffer();
                 Enumeration<GeneralNameInterface> e = names.elements();
 
@@ -246,17 +241,17 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
 
                     if (!sb.toString().equals("")) {
                         sb.append("\r\n");
-                    }	
+                    }
                     sb.append(toGeneralNameString(gn));
                 }
                 return sb.toString();
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } catch (IOException e) {
-            CMS.debug("IssuerAltNameExtDefault: getValue " + 
-                e.toString());
+            CMS.debug("IssuerAltNameExtDefault: getValue " +
+                    e.toString());
         }
         return null;
     }
@@ -275,7 +270,7 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         IssuerAlternativeNameExtension ext = null;
 
         try {
@@ -284,35 +279,35 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
         } catch (IOException e) {
             CMS.debug("IssuerAltNameExtDefault: populate " + e.toString());
         }
-        addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), 
-            ext, info);
+        addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(),
+                ext, info);
     }
 
-    public IssuerAlternativeNameExtension createExtension(IRequest request) 
-        throws IOException {
-        IssuerAlternativeNameExtension ext = null; 
+    public IssuerAlternativeNameExtension createExtension(IRequest request)
+            throws IOException {
+        IssuerAlternativeNameExtension ext = null;
 
         try {
             ext = new IssuerAlternativeNameExtension();
         } catch (Exception e) {
             CMS.debug(e.toString());
-            throw new IOException( e.toString() );
+            throw new IOException(e.toString());
         }
         boolean critical = Boolean.valueOf(
-                getConfig(CONFIG_CRITICAL)).booleanValue(); 
+                getConfig(CONFIG_CRITICAL)).booleanValue();
         String pattern = getConfig(CONFIG_PATTERN);
 
         if (!pattern.equals("")) {
-            GeneralNames gn = new GeneralNames(); 
+            GeneralNames gn = new GeneralNames();
 
             String gname = "";
 
-            if(request != null)  {
+            if (request != null) {
                 gname = mapPattern(request, pattern);
             }
 
             gn.addElement(parseGeneralName(
-                    getConfig(CONFIG_TYPE) + ":" + gname)); 
+                    getConfig(CONFIG_TYPE) + ":" + gname));
             ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn);
         }
         ext.setCritical(critical);
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java
index c8ed9281..1bfda9ad 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -34,25 +33,24 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a Key Usage extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class KeyUsageExtDefault extends EnrollExtDefault {
 
     public static final String CONFIG_CRITICAL = "keyUsageCritical";
-    public static final String CONFIG_DIGITAL_SIGNATURE = 
-        "keyUsageDigitalSignature";
-    public static final String CONFIG_NON_REPUDIATION = 
-        "keyUsageNonRepudiation";
-    public static final String CONFIG_KEY_ENCIPHERMENT = 
-        "keyUsageKeyEncipherment";
-    public static final String CONFIG_DATA_ENCIPHERMENT = 
-        "keyUsageDataEncipherment";
+    public static final String CONFIG_DIGITAL_SIGNATURE =
+            "keyUsageDigitalSignature";
+    public static final String CONFIG_NON_REPUDIATION =
+            "keyUsageNonRepudiation";
+    public static final String CONFIG_KEY_ENCIPHERMENT =
+            "keyUsageKeyEncipherment";
+    public static final String CONFIG_DATA_ENCIPHERMENT =
+            "keyUsageDataEncipherment";
     public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement";
     public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign";
     public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign";
@@ -60,14 +58,14 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
     public static final String CONFIG_DECIPHER_ONLY = "keyUsageDecipherOnly";
 
     public static final String VAL_CRITICAL = "keyUsageCritical";
-    public static final String VAL_DIGITAL_SIGNATURE = 
-        "keyUsageDigitalSignature";
-    public static final String VAL_NON_REPUDIATION = 
-        "keyUsageNonRepudiation";
-    public static final String VAL_KEY_ENCIPHERMENT = 
-        "keyUsageKeyEncipherment";
-    public static final String VAL_DATA_ENCIPHERMENT = 
-        "keyUsageDataEncipherment";
+    public static final String VAL_DIGITAL_SIGNATURE =
+            "keyUsageDigitalSignature";
+    public static final String VAL_NON_REPUDIATION =
+            "keyUsageNonRepudiation";
+    public static final String VAL_KEY_ENCIPHERMENT =
+            "keyUsageKeyEncipherment";
+    public static final String VAL_DATA_ENCIPHERMENT =
+            "keyUsageDataEncipherment";
     public static final String VAL_KEY_AGREEMENT = "keyUsageKeyAgreement";
     public static final String VAL_KEY_CERTSIGN = "keyUsageKeyCertSign";
     public static final String VAL_CRL_SIGN = "keyUsageCrlSign";
@@ -100,21 +98,21 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE"));
         } else if (name.equals(CONFIG_NON_REPUDIATION)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION"));
         } else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) {
@@ -152,15 +150,15 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_DIGITAL_SIGNATURE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE"));
         } else if (name.equals(VAL_NON_REPUDIATION)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION"));
         } else if (name.equals(VAL_KEY_ENCIPHERMENT)) {
@@ -197,158 +195,157 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             KeyUsageExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); 
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
 
             }
-             
+
             if (name.equals(VAL_CRITICAL)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                boolean val = Boolean.valueOf(value).booleanValue(); 
+                boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 ext.setCritical(val);
-            } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { 
+            } else if (name.equals(VAL_DIGITAL_SIGNATURE)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.DIGITAL_SIGNATURE, val);
             } else if (name.equals(VAL_NON_REPUDIATION)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.NON_REPUDIATION, val);
             } else if (name.equals(VAL_KEY_ENCIPHERMENT)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.KEY_ENCIPHERMENT, val);
             } else if (name.equals(VAL_DATA_ENCIPHERMENT)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.DATA_ENCIPHERMENT, val);
             } else if (name.equals(VAL_KEY_AGREEMENT)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.KEY_AGREEMENT, val);
             } else if (name.equals(VAL_KEY_CERTSIGN)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.KEY_CERTSIGN, val);
             } else if (name.equals(VAL_CRL_SIGN)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.CRL_SIGN, val);
             } else if (name.equals(VAL_ENCIPHER_ONLY)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.ENCIPHER_ONLY, val);
             } else if (name.equals(VAL_DECIPHER_ONLY)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.DECIPHER_ONLY, val);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             replaceExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info);
         } catch (IOException e) {
             CMS.debug("KeyUsageExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } catch (EProfileException e) {
             CMS.debug("KeyUsageExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         try {
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             KeyUsageExtension ext = (KeyUsageExtension)
                     getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
 
-            if(ext == null)
-            {
+            if (ext == null) {
                 try {
-                    populate(null,info);
+                    populate(null, info);
 
                 } catch (EProfileException e) {
-                     throw new EPropertyException(CMS.getUserMessage(
-                          locale, "CMS_INVALID_PROPERTY", name));
+                    throw new EPropertyException(CMS.getUserMessage(
+                            locale, "CMS_INVALID_PROPERTY", name));
                 }
 
             }
 
             if (name.equals(VAL_CRITICAL)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
 
                 if (ext == null) {
                     return null;
@@ -360,117 +357,117 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
                 }
             } else if (name.equals(VAL_DIGITAL_SIGNATURE)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
 
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.DIGITAL_SIGNATURE);
+                        ext.get(KeyUsageExtension.DIGITAL_SIGNATURE);
 
                 return val.toString();
             } else if (name.equals(VAL_NON_REPUDIATION)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.NON_REPUDIATION);
+                        ext.get(KeyUsageExtension.NON_REPUDIATION);
 
                 return val.toString();
             } else if (name.equals(VAL_KEY_ENCIPHERMENT)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.KEY_ENCIPHERMENT);
+                        ext.get(KeyUsageExtension.KEY_ENCIPHERMENT);
 
                 return val.toString();
             } else if (name.equals(VAL_DATA_ENCIPHERMENT)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.DATA_ENCIPHERMENT);
+                        ext.get(KeyUsageExtension.DATA_ENCIPHERMENT);
 
                 return val.toString();
             } else if (name.equals(VAL_KEY_AGREEMENT)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.KEY_AGREEMENT);
+                        ext.get(KeyUsageExtension.KEY_AGREEMENT);
 
                 return val.toString();
             } else if (name.equals(VAL_KEY_CERTSIGN)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.KEY_CERTSIGN);
+                        ext.get(KeyUsageExtension.KEY_CERTSIGN);
 
                 return val.toString();
             } else if (name.equals(VAL_CRL_SIGN)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.CRL_SIGN);
+                        ext.get(KeyUsageExtension.CRL_SIGN);
 
                 return val.toString();
             } else if (name.equals(VAL_ENCIPHER_ONLY)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.ENCIPHER_ONLY);
+                        ext.get(KeyUsageExtension.ENCIPHER_ONLY);
 
                 return val.toString();
             } else if (name.equals(VAL_DECIPHER_ONLY)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.DECIPHER_ONLY);
+                        ext.get(KeyUsageExtension.DECIPHER_ONLY);
 
                 return val.toString();
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } catch (IOException e) {
             CMS.debug("KeyUsageExtDefault: getValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
         String params[] = {
-                getConfig(CONFIG_CRITICAL), 
-                getConfig(CONFIG_DIGITAL_SIGNATURE), 
-                getConfig(CONFIG_NON_REPUDIATION), 
-                getConfig(CONFIG_KEY_ENCIPHERMENT), 
-                getConfig(CONFIG_DATA_ENCIPHERMENT), 
-                getConfig(CONFIG_KEY_AGREEMENT), 
-                getConfig(CONFIG_KEY_CERTSIGN), 
-                getConfig(CONFIG_CRL_SIGN), 
-                getConfig(CONFIG_ENCIPHER_ONLY), 
+                getConfig(CONFIG_CRITICAL),
+                getConfig(CONFIG_DIGITAL_SIGNATURE),
+                getConfig(CONFIG_NON_REPUDIATION),
+                getConfig(CONFIG_KEY_ENCIPHERMENT),
+                getConfig(CONFIG_DATA_ENCIPHERMENT),
+                getConfig(CONFIG_KEY_AGREEMENT),
+                getConfig(CONFIG_KEY_CERTSIGN),
+                getConfig(CONFIG_CRL_SIGN),
+                getConfig(CONFIG_ENCIPHER_ONLY),
                 getConfig(CONFIG_DECIPHER_ONLY)
             };
 
@@ -482,14 +479,14 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         KeyUsageExtension ext = createKeyUsageExtension();
 
         addExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info);
     }
 
     public KeyUsageExtension createKeyUsageExtension() {
-        KeyUsageExtension ext = null; 
+        KeyUsageExtension ext = null;
         boolean[] bits = new boolean[KeyUsageExtension.NBITS];
 
         boolean critical = getConfigBoolean(CONFIG_CRITICAL);
@@ -506,8 +503,8 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
         try {
             ext = new KeyUsageExtension(critical, bits);
         } catch (Exception e) {
-            CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " + 
-                e.toString());
+            CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " +
+                    e.toString());
         }
         return ext;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java
index 01e92d6a..cc96f3e9 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a Netscape comment extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class NSCCommentExtDefault extends EnrollExtDefault {
@@ -60,13 +58,13 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_COMMENT)) {
@@ -80,7 +78,7 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_COMMENT)) {
@@ -93,13 +91,13 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             NSCCommentExtension ext = null;
 
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -108,8 +106,8 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
             ext = (NSCCommentExtension)
                         getExtension(oid.toString(), info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
             }
 
             if (name.equals(VAL_CRITICAL)) {
@@ -118,27 +116,27 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
                         getExtension(oid.toString(), info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if (ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_COMMENT)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_COMMENT)) {
 
                 ext = (NSCCommentExtension)
                         getExtension(oid.toString(), info);
 
-                if (ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 boolean critical = ext.isCritical();
 
                 if (value == null || value.equals(""))
                     ext = new NSCCommentExtension(critical, "");
-                    //                    throw new EPropertyException(name+" cannot be empty");
+                //                    throw new EPropertyException(name+" cannot be empty");
                 else
                     ext = new NSCCommentExtension(critical, value);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -151,12 +149,12 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         NSCCommentExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
@@ -165,14 +163,13 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
         ext = (NSCCommentExtension)
                     getExtension(oid.toString(), info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
@@ -190,7 +187,7 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_COMMENT)) { 
+        } else if (name.equals(VAL_COMMENT)) {
 
             ext = (NSCCommentExtension)
                     getExtension(oid.toString(), info);
@@ -202,17 +199,17 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
 
             if (comment == null)
                 comment = "";
-   
+
             return comment;
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
         String params[] = {
-                getConfig(CONFIG_CRITICAL), 
+                getConfig(CONFIG_CRITICAL),
                 getConfig(CONFIG_COMMENT)
             };
 
@@ -223,14 +220,14 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         NSCCommentExtension ext = createExtension();
 
         addExtension(ext.getExtensionId().toString(), ext, info);
     }
 
     public NSCCommentExtension createExtension() {
-        NSCCommentExtension ext = null; 
+        NSCCommentExtension ext = null;
 
         try {
             boolean critical = getConfigBoolean(CONFIG_CRITICAL);
@@ -241,8 +238,8 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
             else
                 ext = new NSCCommentExtension(critical, comment);
         } catch (Exception e) {
-            CMS.debug("NSCCommentExtension: createExtension " + 
-                e.toString());
+            CMS.debug("NSCCommentExtension: createExtension " +
+                    e.toString());
         }
         return ext;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java
index e3438ccf..0677ef69 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.security.cert.CertificateException;
 import java.util.Locale;
 
@@ -33,12 +32,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a Netscape Certificate Type extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class NSCertTypeExtDefault extends EnrollExtDefault {
@@ -83,11 +81,11 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
             return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
@@ -127,7 +125,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_SSL_CLIENT)) {
@@ -135,7 +133,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT"));
         } else if (name.equals(VAL_SSL_SERVER)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER"));
         } else if (name.equals(VAL_EMAIL)) {
@@ -155,7 +153,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA"));
         } else if (name.equals(VAL_OBJECT_SIGNING_CA)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA"));
         } else {
@@ -164,8 +162,8 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             NSCertTypeExtension ext = null;
 
@@ -174,12 +172,11 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
-
             ext = (NSCertTypeExtension)
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
 
-            if(ext == null) {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
 
             }
             if (name.equals(VAL_CRITICAL)) {
@@ -187,69 +184,69 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)  {
-                    return ;
+                if (ext == null) {
+                    return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_SSL_CLIENT)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_SSL_CLIENT)) {
                 ext = (NSCertTypeExtension)
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if(ext == null)  {
-                    return ;
+                if (ext == null) {
+                    return;
                 }
                 Boolean val = Boolean.valueOf(value);
 
                 ext.set(NSCertTypeExtension.SSL_CLIENT, val);
-            } else if (name.equals(VAL_SSL_SERVER)) { 
+            } else if (name.equals(VAL_SSL_SERVER)) {
                 ext = (NSCertTypeExtension)
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if(ext == null)  {
-                    return ;
+                if (ext == null) {
+                    return;
                 }
                 Boolean val = Boolean.valueOf(value);
 
                 ext.set(NSCertTypeExtension.SSL_SERVER, val);
-            } else if (name.equals(VAL_EMAIL)) { 
+            } else if (name.equals(VAL_EMAIL)) {
                 ext = (NSCertTypeExtension)
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if(ext == null)  {
-                    return ;
+                if (ext == null) {
+                    return;
                 }
                 Boolean val = Boolean.valueOf(value);
 
                 ext.set(NSCertTypeExtension.EMAIL, val);
-            } else if (name.equals(VAL_OBJECT_SIGNING)) { 
+            } else if (name.equals(VAL_OBJECT_SIGNING)) {
                 ext = (NSCertTypeExtension)
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if(ext == null)  {
-                    return ;
+                if (ext == null) {
+                    return;
                 }
                 Boolean val = Boolean.valueOf(value);
 
                 ext.set(NSCertTypeExtension.OBJECT_SIGNING, val);
-            } else if (name.equals(VAL_SSL_CA)) { 
+            } else if (name.equals(VAL_SSL_CA)) {
                 ext = (NSCertTypeExtension)
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if(ext == null)  {
-                    return ;
+                if (ext == null) {
+                    return;
                 }
                 Boolean val = Boolean.valueOf(value);
 
                 ext.set(NSCertTypeExtension.SSL_CA, val);
-            } else if (name.equals(VAL_EMAIL_CA)) { 
+            } else if (name.equals(VAL_EMAIL_CA)) {
                 ext = (NSCertTypeExtension)
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if(ext == null)  {
-                    return ;
+                if (ext == null) {
+                    return;
                 }
                 Boolean val = Boolean.valueOf(value);
 
                 ext.set(NSCertTypeExtension.EMAIL_CA, val);
-            } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { 
+            } else if (name.equals(VAL_OBJECT_SIGNING_CA)) {
                 ext = (NSCertTypeExtension)
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if(ext == null)  {
-                    return ;
+                if (ext == null) {
+                    return;
                 }
                 Boolean val = Boolean.valueOf(value);
 
@@ -266,31 +263,30 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         try {
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             NSCertTypeExtension ext = (NSCertTypeExtension)
                     getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
 
-            if(ext == null)
-            {
+            if (ext == null) {
                 try {
-                    populate(null,info);
+                    populate(null, info);
 
                 } catch (EProfileException e) {
-                     throw new EPropertyException(CMS.getUserMessage(
-                          locale, "CMS_INVALID_PROPERTY", name));
+                    throw new EPropertyException(CMS.getUserMessage(
+                            locale, "CMS_INVALID_PROPERTY", name));
                 }
 
             }
             if (name.equals(VAL_CRITICAL)) {
                 ext = (NSCertTypeExtension)
-                    getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
 
                 if (ext == null) {
                     return null;
@@ -300,63 +296,63 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
                 } else {
                     return "false";
                 }
-            } else if (name.equals(VAL_SSL_CLIENT)) { 
+            } else if (name.equals(VAL_SSL_CLIENT)) {
                 ext = (NSCertTypeExtension)
-                    getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CLIENT);
 
                 return val.toString();
-            } else if (name.equals(VAL_SSL_SERVER)) { 
+            } else if (name.equals(VAL_SSL_SERVER)) {
                 ext = (NSCertTypeExtension)
-                    getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_SERVER);
 
                 return val.toString();
-            } else if (name.equals(VAL_EMAIL)) { 
+            } else if (name.equals(VAL_EMAIL)) {
                 ext = (NSCertTypeExtension)
-                    getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL);
 
                 return val.toString();
-            } else if (name.equals(VAL_OBJECT_SIGNING)) { 
+            } else if (name.equals(VAL_OBJECT_SIGNING)) {
                 ext = (NSCertTypeExtension)
-                    getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean) ext.get(NSCertTypeExtension.OBJECT_SIGNING);
 
                 return val.toString();
-            } else if (name.equals(VAL_SSL_CA)) { 
+            } else if (name.equals(VAL_SSL_CA)) {
                 ext = (NSCertTypeExtension)
-                    getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CA);
 
                 return val.toString();
-            } else if (name.equals(VAL_EMAIL_CA)) { 
+            } else if (name.equals(VAL_EMAIL_CA)) {
                 ext = (NSCertTypeExtension)
-                    getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL_CA);
 
                 return val.toString();
-            } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { 
+            } else if (name.equals(VAL_OBJECT_SIGNING_CA)) {
                 ext = (NSCertTypeExtension)
-                    getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
@@ -364,7 +360,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
 
                 return val.toString();
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } catch (CertificateException e) {
@@ -375,13 +371,13 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
 
     public String getText(Locale locale) {
         String params[] = {
-                getConfig(CONFIG_CRITICAL), 
-                getConfig(CONFIG_SSL_CLIENT), 
-                getConfig(CONFIG_SSL_SERVER), 
-                getConfig(CONFIG_EMAIL), 
-                getConfig(CONFIG_OBJECT_SIGNING), 
-                getConfig(CONFIG_SSL_CA), 
-                getConfig(CONFIG_EMAIL_CA), 
+                getConfig(CONFIG_CRITICAL),
+                getConfig(CONFIG_SSL_CLIENT),
+                getConfig(CONFIG_SSL_SERVER),
+                getConfig(CONFIG_EMAIL),
+                getConfig(CONFIG_OBJECT_SIGNING),
+                getConfig(CONFIG_SSL_CA),
+                getConfig(CONFIG_EMAIL_CA),
                 getConfig(CONFIG_OBJECT_SIGNING_CA)
             };
 
@@ -393,14 +389,14 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         NSCertTypeExtension ext = createExtension();
 
         addExtension(NSCertTypeExtension.CertType_Id.toString(), ext, info);
     }
 
     public NSCertTypeExtension createExtension() {
-        NSCertTypeExtension ext = null; 
+        NSCertTypeExtension ext = null;
         boolean[] bits = new boolean[NSCertTypeExtension.NBITS];
 
         boolean critical = getConfigBoolean(CONFIG_CRITICAL);
@@ -415,8 +411,8 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
         try {
             ext = new NSCertTypeExtension(critical, bits);
         } catch (Exception e) {
-            CMS.debug("NSCertTypeExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("NSCertTypeExtDefault: createExtension " +
+                    e.toString());
         }
         return ext;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java
index 7776238a..c513c332 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -41,25 +40,24 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a name constraint extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class NameConstraintsExtDefault extends EnrollExtDefault {
 
     public static final String CONFIG_CRITICAL = "nameConstraintsCritical";
-    public static final String CONFIG_NUM_PERMITTED_SUBTREES = 
-        "nameConstraintsNumPermittedSubtrees";
+    public static final String CONFIG_NUM_PERMITTED_SUBTREES =
+            "nameConstraintsNumPermittedSubtrees";
     public static final String CONFIG_PERMITTED_MIN_VAL = "nameConstraintsPermittedSubtreeMinValue_";
     public static final String CONFIG_PERMITTED_MAX_VAL = "nameConstraintsPermittedSubtreeMaxValue_";
     public static final String CONFIG_PERMITTED_NAME_CHOICE = "nameConstraintsPermittedSubtreeNameChoice_";
     public static final String CONFIG_PERMITTED_NAME_VAL = "nameConstraintsPermittedSubtreeNameValue_";
     public static final String CONFIG_PERMITTED_ENABLE = "nameConstraintsPermittedSubtreeEnable_";
-    
+
     public static final String CONFIG_NUM_EXCLUDED_SUBTREES = "nameConstraintsNumExcludedSubtrees";
     public static final String CONFIG_EXCLUDED_MIN_VAL = "nameConstraintsExcludedSubtreeMinValue_";
     public static final String CONFIG_EXCLUDED_MAX_VAL = "nameConstraintsExcludedSubtreeMaxValue_";
@@ -87,7 +85,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         refreshConfigAndValueNames();
 
@@ -128,41 +126,40 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
         return num;
     }
 
-     public void setConfig(String name, String value)
-        throws EPropertyException {
+    public void setConfig(String name, String value)
+            throws EPropertyException {
         int num = 0;
         if (name.equals(CONFIG_NUM_PERMITTED_SUBTREES)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES));
-          }
-        } else if(name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) {
+            }
+        } else if (name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) {
 
             try {
-              num = Integer.parseInt(value);
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES));
-          }
+            }
         }
         super.setConfig(name, value);
     }
 
-
     public Enumeration<String> getConfigNames() {
         refreshConfigAndValueNames();
         return super.getConfigNames();
@@ -203,50 +200,49 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
 
     }
 
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.startsWith(CONFIG_PERMITTED_MIN_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MIN_VAL"));
         } else if (name.startsWith(CONFIG_PERMITTED_MAX_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MAX_VAL"));
         } else if (name.startsWith(CONFIG_PERMITTED_NAME_CHOICE)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_CHOICE"));
         } else if (name.startsWith(CONFIG_PERMITTED_NAME_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_VAL"));
         } else if (name.startsWith(CONFIG_PERMITTED_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
         } else if (name.startsWith(CONFIG_EXCLUDED_MIN_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MIN_VAL"));
         } else if (name.startsWith(CONFIG_EXCLUDED_MAX_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MAX_VAL"));
         } else if (name.startsWith(CONFIG_EXCLUDED_NAME_CHOICE)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_CHOICE"));
         } else if (name.startsWith(CONFIG_EXCLUDED_NAME_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_VAL"));
         } else if (name.startsWith(CONFIG_EXCLUDED_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
         } else if (name.startsWith(CONFIG_NUM_EXCLUDED_SUBTREES)) {
@@ -255,23 +251,23 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
                     CMS.getUserMessage(locale, "CMS_PROFILE_NUM_EXCLUDED_SUBTREES"));
         } else if (name.startsWith(CONFIG_NUM_PERMITTED_SUBTREES)) {
             return new Descriptor(IDescriptor.INTEGER, null,
-                   "1",
-                   CMS.getUserMessage(locale, "CMS_PROFILE_NUM_PERMITTED_SUBTREES"));
+                    "1",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_PERMITTED_SUBTREES"));
         }
         return null;
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_PERMITTED_SUBTREES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_SUBTREES"));
         } else if (name.equals(VAL_EXCLUDED_SUBTREES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_SUBTREES"));
         } else {
@@ -280,21 +276,21 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             NameConstraintsExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (NameConstraintsExtension)
                         getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
             }
 
             if (name.equals(VAL_CRITICAL)) {
@@ -302,19 +298,19 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
                         getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_PERMITTED_SUBTREES)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_PERMITTED_SUBTREES)) {
                 ext = (NameConstraintsExtension)
                         getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 if ((value == null) || (value.equals("null")) || (value.equals(""))) {
-                    CMS.debug("NameConstraintsExtDefault:setValue : " + 
+                    CMS.debug("NameConstraintsExtDefault:setValue : " +
                               "blank value for permitted subtrees ... returning");
                     return;
                 }
@@ -323,17 +319,17 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
 
                 Vector<GeneralSubtree> permittedSubtrees = createSubtrees(locale, v);
 
-                ext.set(NameConstraintsExtension.PERMITTED_SUBTREES, 
-                    new GeneralSubtrees(permittedSubtrees));
+                ext.set(NameConstraintsExtension.PERMITTED_SUBTREES,
+                        new GeneralSubtrees(permittedSubtrees));
             } else if (name.equals(VAL_EXCLUDED_SUBTREES)) {
                 ext = (NameConstraintsExtension)
                         getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 if ((value == null) || (value.equals("null")) || (value.equals(""))) {
-                    CMS.debug("NameConstraintsExtDefault:setValue : " + 
+                    CMS.debug("NameConstraintsExtDefault:setValue : " +
                               "blank value for excluded subtrees ... returning");
                     return;
                 }
@@ -341,21 +337,21 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
 
                 Vector<GeneralSubtree> excludedSubtrees = createSubtrees(locale, v);
 
-                ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES, 
-                    new GeneralSubtrees(excludedSubtrees));
+                ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES,
+                        new GeneralSubtrees(excludedSubtrees));
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             replaceExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info);
         } catch (IOException e) {
             CMS.debug("NameConstraintsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } catch (EProfileException e) {
             CMS.debug("NameConstraintsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -385,16 +381,16 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
                 } else if (name1.equals(MAX_VALUE)) {
                     maxS = nvps.getValue(name1);
                 }
-            } 
+            }
 
             if (choice == null || choice.length() == 0) {
                 throw new EPropertyException(CMS.getUserMessage(locale,
                             "CMS_PROFILE_GENERAL_NAME_NOT_FOUND"));
             }
-                 
+
             if (val == null)
                 val = "";
-                   
+
             int min = 0;
             int max = -1;
 
@@ -410,7 +406,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
                 gnI = parseGeneralName(choice + ":" + val);
             } catch (IOException e) {
                 CMS.debug("NameConstraintsExtDefault: createSubtress " +
-                    e.toString());
+                        e.toString());
             }
 
             if (gnI != null) {
@@ -423,32 +419,31 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
                     gn, min, max);
 
             subtrees.addElement(subtree);
-        } 
+        }
 
         return subtrees;
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         NameConstraintsExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         ext = (NameConstraintsExtension)
-                    getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); 
+                    getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
@@ -465,7 +460,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_PERMITTED_SUBTREES)) { 
+        } else if (name.equals(VAL_PERMITTED_SUBTREES)) {
             ext = (NameConstraintsExtension)
                     getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
 
@@ -475,19 +470,19 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
             GeneralSubtrees subtrees = null;
 
             try {
-                subtrees = (GeneralSubtrees) 
+                subtrees = (GeneralSubtrees)
                         ext.get(NameConstraintsExtension.PERMITTED_SUBTREES);
             } catch (IOException e) {
                 CMS.debug("NameConstraintExtDefault: getValue " + e.toString());
             }
 
-            if( subtrees == null ) {
-                CMS.debug( "NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!" );
-                throw new EPropertyException( "subtrees is null" );
+            if (subtrees == null) {
+                CMS.debug("NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!");
+                throw new EPropertyException("subtrees is null");
             }
 
             return getSubtreesInfo(ext, subtrees);
-        } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { 
+        } else if (name.equals(VAL_EXCLUDED_SUBTREES)) {
             ext = (NameConstraintsExtension)
                     getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
 
@@ -497,26 +492,26 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
             GeneralSubtrees subtrees = null;
 
             try {
-                subtrees = (GeneralSubtrees) 
+                subtrees = (GeneralSubtrees)
                         ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
             } catch (IOException e) {
                 CMS.debug("NameConstraintExtDefault: getValue " + e.toString());
             }
 
-            if( subtrees == null ) {
-                CMS.debug( "NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!" );
-                throw new EPropertyException( "subtrees is null" );
+            if (subtrees == null) {
+                CMS.debug("NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!");
+                throw new EPropertyException("subtrees is null");
             }
 
             return getSubtreesInfo(ext, subtrees);
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
-    private String getSubtreesInfo(NameConstraintsExtension ext, 
-        GeneralSubtrees subtrees) throws EPropertyException {
+    private String getSubtreesInfo(NameConstraintsExtension ext,
+            GeneralSubtrees subtrees) throws EPropertyException {
         Vector<GeneralSubtree> trees = subtrees.getSubtrees();
         int size = trees.size();
 
@@ -526,8 +521,8 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
             GeneralSubtree tree = (GeneralSubtree) trees.elementAt(i);
 
             GeneralName gn = tree.getGeneralName();
-            String type = getGeneralNameType(gn); 
-            int max = tree.getMaxValue(); 
+            String type = getGeneralNameType(gn);
+            int max = tree.getMaxValue();
             int min = tree.getMinValue();
 
             NameValuePairs pairs = new NameValuePairs();
@@ -540,7 +535,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
 
             recs.addElement(pairs);
         }
- 
+
         return buildRecords(recs);
     }
 
@@ -583,8 +578,8 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
             sb.append(getConfig(CONFIG_EXCLUDED_MAX_VAL + i));
             sb.append("}");
         }
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT",
                 getConfig(CONFIG_CRITICAL), sb.toString());
     }
 
@@ -592,14 +587,14 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         NameConstraintsExtension ext = createExtension();
 
         addExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info);
     }
 
     public NameConstraintsExtension createExtension() {
-        NameConstraintsExtension ext = null; 
+        NameConstraintsExtension ext = null;
 
         try {
             int num = getNumPermitted();
@@ -637,18 +632,18 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
                 }
             }
 
-            ext = new NameConstraintsExtension(critical, 
+            ext = new NameConstraintsExtension(critical,
                         new GeneralSubtrees(v), new GeneralSubtrees(v1));
         } catch (Exception e) {
-            CMS.debug("NameConstraintsExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("NameConstraintsExtDefault: createExtension " +
+                    e.toString());
         }
 
         return ext;
     }
 
-    private GeneralSubtree createSubtree(String choice, String value, 
-        String minS, String maxS) {
+    private GeneralSubtree createSubtree(String choice, String value,
+            String minS, String maxS) {
         GeneralName gn = null;
         GeneralNameInterface gnI = null;
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java
index 283f5083..8197d3de 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -32,13 +31,12 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements no default policy.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class NoDefault implements IPolicyDefault { 
+public class NoDefault implements IPolicyDefault {
 
     public static final String PROP_NAME = "name";
 
@@ -55,7 +53,7 @@ public class NoDefault implements IPolicyDefault {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
     }
 
     public String getDefaultConfig(String name) {
@@ -67,7 +65,7 @@ public class NoDefault implements IPolicyDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         mConfig = config;
     }
 
@@ -79,7 +77,7 @@ public class NoDefault implements IPolicyDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     public Enumeration getValueNames() {
@@ -90,9 +88,9 @@ public class NoDefault implements IPolicyDefault {
         return null;
     }
 
-    public void setValue(String name, Locale locale, IRequest request, 
-        String value)
-        throws EPropertyException {
+    public void setValue(String name, Locale locale, IRequest request,
+            String value)
+            throws EPropertyException {
     }
 
     public String getValue(String name, Locale locale, IRequest request) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java
index 28a25a6e..382f3cec 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.util.Locale;
 
 import netscape.security.extensions.OCSPNoCheckExtension;
@@ -32,12 +31,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates an OCSP No Check extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class OCSPNoCheckExtDefault extends EnrollExtDefault {
@@ -53,13 +51,13 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else {
@@ -69,7 +67,7 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else {
@@ -78,70 +76,67 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
-        if (name == null) { 
-            throw new EPropertyException(CMS.getUserMessage( 
+            X509CertInfo info, String value)
+            throws EPropertyException {
+        if (name == null) {
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         OCSPNoCheckExtension ext = (OCSPNoCheckExtension)
                 getExtension(OCSPNoCheckExtension.OID, info);
 
-
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (OCSPNoCheckExtension)
-                getExtension(OCSPNoCheckExtension.OID, info);
+                    getExtension(OCSPNoCheckExtension.OID, info);
             boolean val = Boolean.valueOf(value).booleanValue();
 
-            if(ext == null)  {
-               return;
+            if (ext == null) {
+                return;
             }
             ext.setCritical(val);
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         OCSPNoCheckExtension ext = (OCSPNoCheckExtension)
                 getExtension(OCSPNoCheckExtension.OID, info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (OCSPNoCheckExtension)
-                getExtension(OCSPNoCheckExtension.OID, info);
+                    getExtension(OCSPNoCheckExtension.OID, info);
 
             if (ext == null) {
                 return null;
@@ -152,7 +147,7 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault {
                 return "false";
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -166,20 +161,20 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         OCSPNoCheckExtension ext = createExtension();
 
         addExtension(OCSPNoCheckExtension.OID, ext, info);
     }
 
     public OCSPNoCheckExtension createExtension() {
-        OCSPNoCheckExtension ext = null; 
+        OCSPNoCheckExtension ext = null;
 
         try {
             ext = new OCSPNoCheckExtension();
         } catch (Exception e) {
             CMS.debug("OCSPNoCheckExtDefault:  createExtension " +
-                e.toString());
+                    e.toString());
             return null;
         }
         boolean critical = getConfigBoolean(CONFIG_CRITICAL);
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java
index 9a36f0cd..db9b95a0 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a policy constraints extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PolicyConstraintsExtDefault extends EnrollExtDefault {
@@ -64,17 +62,17 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_REQ_EXPLICIT_POLICY)) {
-            return new Descriptor(IDescriptor.INTEGER, null, 
+            return new Descriptor(IDescriptor.INTEGER, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY"));
         } else if (name.equals(CONFIG_INHIBIT_POLICY_MAPPING)) {
@@ -87,11 +85,11 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) {
-            return new Descriptor(IDescriptor.INTEGER, null, 
+            return new Descriptor(IDescriptor.INTEGER, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY"));
         } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) {
@@ -103,104 +101,103 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             PolicyConstraintsExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (PolicyConstraintsExtension)
                         getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
-                            info);
+                                info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
             }
 
             if (name.equals(VAL_CRITICAL)) {
                 ext = (PolicyConstraintsExtension)
-                        getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), 
-                            info);
+                        getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
+                                info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) {
                 ext = (PolicyConstraintsExtension)
-                        getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), 
-                            info);
-               
-                if(ext == null)  {
+                        getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
+                                info);
+
+                if (ext == null) {
                     return;
-                } 
+                }
                 Integer num = new Integer(value);
 
                 ext.set(PolicyConstraintsExtension.REQUIRE, num);
-            } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { 
+            } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) {
                 ext = (PolicyConstraintsExtension)
-                        getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), 
-                            info);
+                        getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
+                                info);
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 Integer num = new Integer(value);
 
                 ext.set(PolicyConstraintsExtension.INHIBIT, num);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             replaceExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
-                ext, info);
+                    ext, info);
         } catch (EProfileException e) {
             CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } catch (IOException e) {
             CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         PolicyConstraintsExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         ext = (PolicyConstraintsExtension)
                     getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
-                        info);
-        if(ext == null)
-        {
+                            info);
+        if (ext == null) {
 
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (PolicyConstraintsExtension)
-                    getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
+                            info);
 
             if (ext == null) {
                 return null;
@@ -210,10 +207,10 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { 
+        } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) {
             ext = (PolicyConstraintsExtension)
-                    getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
+                            info);
 
             if (ext == null)
                 return "";
@@ -223,8 +220,8 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
             return "" + num;
         } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) {
             ext = (PolicyConstraintsExtension)
-                    getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
+                            info);
 
             if (ext == null)
                 return "";
@@ -233,15 +230,15 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
 
             return "" + num;
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
         String params[] = {
-                getConfig(CONFIG_CRITICAL), 
-                getConfig(CONFIG_REQ_EXPLICIT_POLICY), 
+                getConfig(CONFIG_CRITICAL),
+                getConfig(CONFIG_REQ_EXPLICIT_POLICY),
                 getConfig(CONFIG_INHIBIT_POLICY_MAPPING)
             };
 
@@ -252,17 +249,17 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         PolicyConstraintsExtension ext = createExtension();
 
         if (ext == null)
             return;
-        addExtension(PKIXExtensions.PolicyConstraints_Id.toString(), 
-            ext, info);
+        addExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
+                ext, info);
     }
 
     public PolicyConstraintsExtension createExtension() {
-        PolicyConstraintsExtension ext = null; 
+        PolicyConstraintsExtension ext = null;
 
         try {
             boolean critical = getConfigBoolean(CONFIG_CRITICAL);
@@ -281,8 +278,8 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
             }
             ext = new PolicyConstraintsExtension(critical, reqNum, inhibitNum);
         } catch (Exception e) {
-            CMS.debug("PolicyConstraintsExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("PolicyConstraintsExtDefault: createExtension " +
+                    e.toString());
         }
 
         return ext;
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java
index 05899e2c..183ef87b 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -40,12 +39,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a policy mappings extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PolicyMappingsExtDefault extends EnrollExtDefault {
@@ -85,27 +83,27 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         refreshConfigAndValueNames();
     }
 
-     public void setConfig(String name, String value)
-        throws EPropertyException {
+    public void setConfig(String name, String value)
+            throws EPropertyException {
         int num = 0;
         if (name.equals(CONFIG_NUM_POLICY_MAPPINGS)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_MAPPINGS || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_MAPPINGS || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS));
-          }
+            }
         }
         super.setConfig(name, value);
     }
@@ -132,7 +130,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
         }
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
             return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
@@ -151,8 +149,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
                     CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
         } else if (name.startsWith(CONFIG_NUM_POLICY_MAPPINGS)) {
             return new Descriptor(IDescriptor.INTEGER, null,
-                   "1",
-                   CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICY_MAPPINGS"));
+                    "1",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICY_MAPPINGS"));
         }
 
         return null;
@@ -160,7 +158,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_DOMAINS)) {
@@ -172,43 +170,43 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             PolicyMappingsExtension ext = null;
 
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (PolicyMappingsExtension)
                         getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
-                            info);
+                                info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
 
             }
 
             if (name.equals(VAL_CRITICAL)) {
                 ext = (PolicyMappingsExtension)
-                        getExtension(PKIXExtensions.PolicyMappings_Id.toString(), 
-                            info);
+                        getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
+                                info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_DOMAINS)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_DOMAINS)) {
                 ext = (PolicyMappingsExtension)
-                        getExtension(PKIXExtensions.PolicyMappings_Id.toString(), 
-                            info);
-               
-                if(ext == null)  {
+                        getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
+                                info);
+
+                if (ext == null) {
                     return;
-                } 
+                }
                 Vector<NameValuePairs> v = parseRecords(value);
                 int size = v.size();
 
@@ -232,12 +230,12 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
                             enable = nvps.getValue(name1);
                         }
                     }
-                   
+
                     if (enable != null && enable.equals("true")) {
-                        if (issuerPolicyId == null || 
-                            issuerPolicyId.length() == 0 || subjectPolicyId == null ||
-                            subjectPolicyId.length() == 0) 
-                            throw new EPropertyException(CMS.getUserMessage( 
+                        if (issuerPolicyId == null ||
+                                issuerPolicyId.length() == 0 || subjectPolicyId == null ||
+                                subjectPolicyId.length() == 0)
+                            throw new EPropertyException(CMS.getUserMessage(
                                         locale, "CMS_PROFILE_POLICY_ID_NOT_FOUND"));
                         CertificatePolicyMap map = new CertificatePolicyMap(
                                 new CertificatePolicyId(new ObjectIdentifier(issuerPolicyId)),
@@ -248,52 +246,51 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
                 }
                 ext.set(PolicyMappingsExtension.MAP, policyMaps);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             replaceExtension(PKIXExtensions.PolicyMappings_Id.toString(),
-                ext, info);
+                    ext, info);
         } catch (EProfileException e) {
             CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } catch (IOException e) {
             CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         PolicyMappingsExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         ext = (PolicyMappingsExtension)
                     getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
-                        info);
-        if(ext == null)
-        {
+                            info);
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (PolicyMappingsExtension)
-                    getExtension(PKIXExtensions.PolicyMappings_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
+                            info);
 
             if (ext == null) {
                 return null;
@@ -303,10 +300,10 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_DOMAINS)) { 
+        } else if (name.equals(VAL_DOMAINS)) {
             ext = (PolicyMappingsExtension)
-                    getExtension(PKIXExtensions.PolicyMappings_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
+                            info);
 
             if (ext == null)
                 return "";
@@ -314,7 +311,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
             int num_mappings = getNumMappings();
 
             Enumeration<CertificatePolicyMap> maps = ext.getMappings();
-         
+
             int num = 0;
             StringBuffer sb = new StringBuffer();
 
@@ -323,12 +320,12 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
             for (int i = 0; i < num_mappings; i++) {
                 NameValuePairs pairs = new NameValuePairs();
 
-                if (maps.hasMoreElements()) { 
-                    CertificatePolicyMap map = 
-                        (CertificatePolicyMap) maps.nextElement();
-                
+                if (maps.hasMoreElements()) {
+                    CertificatePolicyMap map =
+                            (CertificatePolicyMap) maps.nextElement();
+
                     CertificatePolicyId i1 = map.getIssuerIdentifier();
-                    CertificatePolicyId s1 = map.getSubjectIdentifier();               
+                    CertificatePolicyId s1 = map.getSubjectIdentifier();
 
                     pairs.add(ISSUER_POLICY_ID, i1.getIdentifier().toString());
                     pairs.add(SUBJECT_POLICY_ID, s1.getIdentifier().toString());
@@ -337,14 +334,14 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
                     pairs.add(ISSUER_POLICY_ID, "");
                     pairs.add(SUBJECT_POLICY_ID, "");
                     pairs.add(POLICY_ID_ENABLE, "false");
-			
+
                 }
                 recs.addElement(pairs);
-            }    
- 
+            }
+
             return buildRecords(recs);
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -368,8 +365,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
             sb.append(getConfig(CONFIG_ENABLE + i));
             sb.append("}");
         }
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT",
                 getConfig(CONFIG_CRITICAL), sb.toString());
     }
 
@@ -377,24 +374,24 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         PolicyMappingsExtension ext = createExtension();
 
         if (ext == null)
             return;
-        addExtension(PKIXExtensions.PolicyMappings_Id.toString(), 
-            ext, info);
+        addExtension(PKIXExtensions.PolicyMappings_Id.toString(),
+                ext, info);
     }
 
     public PolicyMappingsExtension createExtension() {
-        PolicyMappingsExtension ext = null; 
+        PolicyMappingsExtension ext = null;
 
         try {
             boolean critical = getConfigBoolean(CONFIG_CRITICAL);
             Vector<CertificatePolicyMap> policyMaps = new Vector<CertificatePolicyMap>();
             int num = getNumMappings();
 
-            for (int i = 0; i < num; i++) { 
+            for (int i = 0; i < num; i++) {
                 String enable = getConfig(CONFIG_ENABLE + i);
 
                 if (enable != null && enable.equals("true")) {
@@ -420,8 +417,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
 
             ext = new PolicyMappingsExtension(critical, policyMaps);
         } catch (Exception e) {
-            CMS.debug("PolicyMappingsExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("PolicyMappingsExtDefault: createExtension " +
+                    e.toString());
         }
 
         return ext;
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java
index f1a71ff9..20285567 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.text.ParsePosition;
 import java.text.SimpleDateFormat;
 import java.util.Date;
@@ -37,12 +36,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a Private Key Usage Period extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
@@ -70,13 +68,13 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_START_TIME)) {
@@ -93,28 +91,28 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (name.equals(CONFIG_START_TIME)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage( 
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
+                throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
-          }
+            }
         } else if (name.equals(CONFIG_DURATION)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage( 
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
+                throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_DURATION));
-          }
+            }
         }
         super.setConfig(name, value);
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_NOT_BEFORE)) {
@@ -131,13 +129,13 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             PrivateKeyUsageExtension ext = null;
 
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -146,8 +144,8 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
             ext = (PrivateKeyUsageExtension)
                         getExtension(oid.toString(), info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
             }
 
             if (name.equals(VAL_CRITICAL)) {
@@ -156,38 +154,38 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
                         getExtension(oid.toString(), info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if (ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_NOT_BEFORE)) { 
-                SimpleDateFormat formatter = 
-                  new SimpleDateFormat(DATE_FORMAT); 
-                ParsePosition pos = new ParsePosition(0); 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_NOT_BEFORE)) {
+                SimpleDateFormat formatter =
+                        new SimpleDateFormat(DATE_FORMAT);
+                ParsePosition pos = new ParsePosition(0);
                 Date date = formatter.parse(value, pos);
 
                 ext = (PrivateKeyUsageExtension)
                         getExtension(oid.toString(), info);
 
-                if (ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 ext.set(PrivateKeyUsageExtension.NOT_BEFORE, date);
-            } else if (name.equals(VAL_NOT_AFTER)) { 
-                SimpleDateFormat formatter = 
-                  new SimpleDateFormat(DATE_FORMAT); 
-                ParsePosition pos = new ParsePosition(0); 
+            } else if (name.equals(VAL_NOT_AFTER)) {
+                SimpleDateFormat formatter =
+                        new SimpleDateFormat(DATE_FORMAT);
+                ParsePosition pos = new ParsePosition(0);
                 Date date = formatter.parse(value, pos);
 
                 ext = (PrivateKeyUsageExtension)
                         getExtension(oid.toString(), info);
 
-                if (ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 ext.set(PrivateKeyUsageExtension.NOT_AFTER, date);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -200,12 +198,12 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         PrivateKeyUsageExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
@@ -214,14 +212,13 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
         ext = (PrivateKeyUsageExtension)
                     getExtension(oid.toString(), info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
@@ -239,9 +236,9 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_NOT_BEFORE)) { 
-            SimpleDateFormat formatter = 
-               new SimpleDateFormat(DATE_FORMAT);
+        } else if (name.equals(VAL_NOT_BEFORE)) {
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
 
             ext = (PrivateKeyUsageExtension)
                     getExtension(oid.toString(), info);
@@ -250,9 +247,9 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
                 return "";
 
             return formatter.format(ext.getNotBefore());
-        } else if (name.equals(VAL_NOT_AFTER)) { 
-            SimpleDateFormat formatter = 
-               new SimpleDateFormat(DATE_FORMAT);
+        } else if (name.equals(VAL_NOT_AFTER)) {
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
 
             ext = (PrivateKeyUsageExtension)
                     getExtension(oid.toString(), info);
@@ -262,14 +259,14 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
 
             return formatter.format(ext.getNotAfter());
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
         String params[] = {
-                getConfig(CONFIG_CRITICAL), 
+                getConfig(CONFIG_CRITICAL),
                 getConfig(CONFIG_START_TIME),
                 getConfig(CONFIG_DURATION)
             };
@@ -281,14 +278,14 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         PrivateKeyUsageExtension ext = createExtension();
 
         addExtension(ext.getExtensionId().toString(), ext, info);
     }
 
     public PrivateKeyUsageExtension createExtension() {
-        PrivateKeyUsageExtension ext = null; 
+        PrivateKeyUsageExtension ext = null;
 
         try {
             boolean critical = getConfigBoolean(CONFIG_CRITICAL);
@@ -296,12 +293,12 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
             // always + 60 seconds 
             String startTimeStr = getConfig(CONFIG_START_TIME);
 
-            if (startTimeStr == null || startTimeStr.equals("")) { 
-              startTimeStr = "60"; 
-            } 
-            int startTime = Integer.parseInt(startTimeStr); 
-            Date notBefore = new Date(CMS.getCurrentDate().getTime() + 
-               (1000 * startTime)); 
+            if (startTimeStr == null || startTimeStr.equals("")) {
+                startTimeStr = "60";
+            }
+            int startTime = Integer.parseInt(startTimeStr);
+            Date notBefore = new Date(CMS.getCurrentDate().getTime() +
+                    (1000 * startTime));
             long notAfterVal = 0;
 
             notAfterVal = notBefore.getTime() +
@@ -309,10 +306,10 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
             Date notAfter = new Date(notAfterVal);
 
             ext = new PrivateKeyUsageExtension(notBefore, notAfter);
-            ext.setCritical(critical); 
+            ext.setCritical(critical);
         } catch (Exception e) {
-            CMS.debug("PrivateKeyUsagePeriodExt: createExtension " + 
-                e.toString());
+            CMS.debug("PrivateKeyUsagePeriodExt: createExtension " +
+                    e.toString());
         }
         return ext;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java
index 4bca9350..11da93fc 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.AlgorithmId;
@@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a signing algorithm
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class SigningAlgDefault extends EnrollDefault {
@@ -47,8 +45,8 @@ public class SigningAlgDefault extends EnrollDefault {
     public static final String CONFIG_ALGORITHM = "signingAlg";
 
     public static final String VAL_ALGORITHM = "signingAlg";
-    public static final String DEF_CONFIG_ALGORITHMS = 
-      "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA";
+    public static final String DEF_CONFIG_ALGORITHMS =
+            "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA";
 
     public SigningAlgDefault() {
         super();
@@ -57,7 +55,7 @@ public class SigningAlgDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -68,41 +66,39 @@ public class SigningAlgDefault extends EnrollDefault {
                     CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM"));
         } else {
             return null;
-        } 
+        }
     }
 
-    public String getSigningAlg()
-    {
-      String signingAlg = getConfig(CONFIG_ALGORITHM);
-      // if specified, use the specified one. Otherwise, pick
-      // the best selection for the user
-      if (signingAlg == null || signingAlg.equals("") ||
-          signingAlg.equals("-")) {
-        // best pick for the user
-        ICertificateAuthority ca = (ICertificateAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-        return ca.getDefaultAlgorithm();
-      } else {
-        return signingAlg;
-      }
+    public String getSigningAlg() {
+        String signingAlg = getConfig(CONFIG_ALGORITHM);
+        // if specified, use the specified one. Otherwise, pick
+        // the best selection for the user
+        if (signingAlg == null || signingAlg.equals("") ||
+                signingAlg.equals("-")) {
+            // best pick for the user
+            ICertificateAuthority ca = (ICertificateAuthority)
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+            return ca.getDefaultAlgorithm();
+        } else {
+            return signingAlg;
+        }
     }
 
-    public String getDefSigningAlgorithms()
-    {
-      StringBuffer allowed = new StringBuffer();
-      ICertificateAuthority ca = (ICertificateAuthority)
+    public String getDefSigningAlgorithms() {
+        StringBuffer allowed = new StringBuffer();
+        ICertificateAuthority ca = (ICertificateAuthority)
                 CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-      String algos[] = ca.getCASigningAlgorithms();
-      for (int i = 0; i < algos.length; i++) {
-        if (allowed.length()== 0) {
-          allowed.append(algos[i]);
-        } else {
-          allowed.append(",");
-          allowed.append(algos[i]);
+        String algos[] = ca.getCASigningAlgorithms();
+        for (int i = 0; i < algos.length; i++) {
+            if (allowed.length() == 0) {
+                allowed.append(algos[i]);
+            } else {
+                allowed.append(",");
+                allowed.append(algos[i]);
+            }
         }
-      }
-      return allowed.toString();
-    } 
+        return allowed.toString();
+    }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_ALGORITHM)) {
@@ -115,31 +111,31 @@ public class SigningAlgDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
-        if (name == null) { 
-            throw new EPropertyException(CMS.getUserMessage( 
+            X509CertInfo info, String value)
+            throws EPropertyException {
+        if (name == null) {
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_ALGORITHM)) {
             try {
                 info.set(X509CertInfo.ALGORITHM_ID,
-                    new CertificateAlgorithmId(
-                        AlgorithmId.getAlgorithmId(value)));
+                        new CertificateAlgorithmId(
+                                AlgorithmId.getAlgorithmId(value)));
             } catch (Exception e) {
                 CMS.debug("SigningAlgDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException { 
+            X509CertInfo info)
+            throws EPropertyException {
 
         if (name == null)
             throw new EPropertyException("Invalid name " + name);
@@ -151,23 +147,23 @@ public class SigningAlgDefault extends EnrollDefault {
                 algId = (CertificateAlgorithmId)
                         info.get(X509CertInfo.ALGORITHM_ID);
                 AlgorithmId id = (AlgorithmId)
-                    algId.get(CertificateAlgorithmId.ALGORITHM);
+                        algId.get(CertificateAlgorithmId.ALGORITHM);
 
                 return id.toString();
             } catch (Exception e) {
                 CMS.debug("SigningAlgDefault: getValue " + e.toString());
             }
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
     }
 
     public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM", 
+        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM",
                 getSigningAlg());
     }
 
@@ -175,11 +171,11 @@ public class SigningAlgDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         try {
             info.set(X509CertInfo.ALGORITHM_ID,
-                new CertificateAlgorithmId(
-                    AlgorithmId.getAlgorithmId(getSigningAlg())));
+                    new CertificateAlgorithmId(
+                            AlgorithmId.getAlgorithmId(getSigningAlg())));
         } catch (Exception e) {
             CMS.debug("SigningAlgDefault: populate " + e.toString());
         }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
index 8adc94dc..7713e114 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -42,12 +41,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a subject alternative name extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class SubjectAltNameExtDefault extends EnrollExtDefault {
@@ -90,70 +88,69 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
         }
 
         if (num >= MAX_NUM_GN)
-           num = DEF_NUM_GN;
+            num = DEF_NUM_GN;
         return num;
     }
- 
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
 
-        super.init(profile,config);
-        refreshConfigAndValueNames();  
+        super.init(profile, config);
+        refreshConfigAndValueNames();
         // migrate old parameters to new parameters
         String old_type = null;
         String old_pattern = null;
         IConfigStore paramConfig = config.getSubStore("params");
         try {
-          if (paramConfig != null) {
-            old_type = paramConfig.getString(CONFIG_OLD_TYPE);
-          }
+            if (paramConfig != null) {
+                old_type = paramConfig.getString(CONFIG_OLD_TYPE);
+            }
         } catch (EBaseException e) {
-          // nothing to do here
+            // nothing to do here
         }
         CMS.debug("SubjectAltNameExtDefault: Upgrading old_type=" +
                 old_type);
         try {
-          if (paramConfig != null) {
-            old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN);
-          }
+            if (paramConfig != null) {
+                old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN);
+            }
         } catch (EBaseException e) {
-          // nothing to do here
+            // nothing to do here
         }
         CMS.debug("SubjectAltNameExtDefault: Upgrading old_pattern=" +
                 old_pattern);
-        if (old_type != null && old_pattern != null)  {
-           CMS.debug("SubjectAltNameExtDefault: Upgrading");
-           try {
-             paramConfig.putString(CONFIG_NUM_GNS, "1");
-             paramConfig.putString(CONFIG_GN_ENABLE + "0", "true");
-             paramConfig.putString(CONFIG_TYPE + "0", old_type);
-             paramConfig.putString(CONFIG_PATTERN + "0", old_pattern);
-             paramConfig.remove(CONFIG_OLD_TYPE);
-             paramConfig.remove(CONFIG_OLD_PATTERN);
-             profile.getConfigStore().commit(true);
-           } catch (Exception e) {
-             CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e);
-           }
+        if (old_type != null && old_pattern != null) {
+            CMS.debug("SubjectAltNameExtDefault: Upgrading");
+            try {
+                paramConfig.putString(CONFIG_NUM_GNS, "1");
+                paramConfig.putString(CONFIG_GN_ENABLE + "0", "true");
+                paramConfig.putString(CONFIG_TYPE + "0", old_type);
+                paramConfig.putString(CONFIG_PATTERN + "0", old_pattern);
+                paramConfig.remove(CONFIG_OLD_TYPE);
+                paramConfig.remove(CONFIG_OLD_PATTERN);
+                profile.getConfigStore().commit(true);
+            } catch (Exception e) {
+                CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e);
+            }
         }
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         int num = 0;
         if (name.equals(CONFIG_NUM_GNS)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_GN || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_GN || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS));
-          }
+            }
         }
         super.setConfig(name, value);
     }
@@ -173,29 +170,29 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
         int num = getNumGNs();
         addConfigName(CONFIG_NUM_GNS);
         for (int i = 0; i < num; i++) {
-        addConfigName(CONFIG_TYPE + i);
-        addConfigName(CONFIG_PATTERN + i);
-        addConfigName(CONFIG_GN_ENABLE + i);
+            addConfigName(CONFIG_TYPE + i);
+            addConfigName(CONFIG_PATTERN + i);
+            addConfigName(CONFIG_GN_ENABLE + i);
         }
     }
-    
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.startsWith(CONFIG_TYPE)) {
             return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName",
                     "RFC822Name",
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE"));
         } else if (name.startsWith(CONFIG_PATTERN)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN"));
         } else if (name.startsWith(CONFIG_GN_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_GN_ENABLE"));
         } else if (name.startsWith(CONFIG_NUM_GNS)) {
@@ -209,11 +206,11 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_GENERAL_NAMES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES"));
         } else {
@@ -222,13 +219,13 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             SubjectAlternativeNameExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -236,12 +233,12 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
                         (SubjectAlternativeNameExtension)
                         getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
 
-            if(ext == null)  {
-                populate(null,info);
-            } 
+            if (ext == null) {
+                populate(null, info);
+            }
 
             if (name.equals(VAL_CRITICAL)) {
-                ext = 
+                ext =
                         (SubjectAlternativeNameExtension)
                         getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
 
@@ -253,7 +250,7 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
 
                 ext.setCritical(critical);
             } else if (name.equals(VAL_GENERAL_NAMES)) {
-                ext = 
+                ext =
                         (SubjectAlternativeNameExtension)
                         getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
 
@@ -278,41 +275,41 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
                     }
                     GeneralNameInterface n = parseGeneralName(gname);
                     if (n != null) {
-                      gn.addElement(n);
+                        gn.addElement(n);
                     }
                 }
                 if (gn.size() == 0) {
-                   CMS.debug("GN size is zero");
-                   deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
+                    CMS.debug("GN size is zero");
+                    deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
                     return;
                 } else {
-                   CMS.debug("GN size is non zero (" + gn.size() + ")");
-                  ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn);
+                    CMS.debug("GN size is non zero (" + gn.size() + ")");
+                    ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn);
                 }
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
             replaceExtension(
-                PKIXExtensions.SubjectAlternativeName_Id.toString(),
-                ext, info);
+                    PKIXExtensions.SubjectAlternativeName_Id.toString(),
+                    ext, info);
         } catch (IOException e) {
             CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } catch (EProfileException e) {
             CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         try {
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -320,22 +317,21 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
                     (SubjectAlternativeNameExtension)
                     getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
 
-            if(ext == null)
-            {
+            if (ext == null) {
                 try {
-                    populate(null,info);
+                    populate(null, info);
 
                 } catch (EProfileException e) {
-                     throw new EPropertyException(CMS.getUserMessage(
-                          locale, "CMS_INVALID_PROPERTY", name));
+                    throw new EPropertyException(CMS.getUserMessage(
+                            locale, "CMS_INVALID_PROPERTY", name));
                 }
 
             }
 
             if (name.equals(VAL_CRITICAL)) {
-                ext = 
-                    (SubjectAlternativeNameExtension)
-                    getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
+                ext =
+                        (SubjectAlternativeNameExtension)
+                        getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
 
                 if (ext == null) {
                     return null;
@@ -346,15 +342,15 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
                     return "false";
                 }
             } else if (name.equals(VAL_GENERAL_NAMES)) {
-                ext = 
-                    (SubjectAlternativeNameExtension)
-                    getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
+                ext =
+                        (SubjectAlternativeNameExtension)
+                        getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
 
                 GeneralNames names = (GeneralNames)
-                    ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+                        ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
                 StringBuffer sb = new StringBuffer();
                 Enumeration<GeneralNameInterface> e = names.elements();
 
@@ -369,12 +365,12 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
                 }
                 return sb.toString();
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } catch (IOException e) {
-            CMS.debug("SubjectAltNameExtDefault: getValue " + 
-                e.toString());
+            CMS.debug("SubjectAltNameExtDefault: getValue " +
+                    e.toString());
         }
         return null;
     }
@@ -388,20 +384,21 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
         String numGNs = getConfig(CONFIG_NUM_GNS);
         int num = getNumGNs();
 
-        for (int i= 0; i< num; i++) {
+        for (int i = 0; i < num; i++) {
             sb.append("Record #");
             sb.append(i);
             sb.append("{");
             sb.append(GN_PATTERN + ":");
             sb.append(getConfig(CONFIG_PATTERN + i));
             sb.append(",");
-            sb.append(GN_TYPE +":");
-            sb.append(getConfig(CONFIG_TYPE +i));
+            sb.append(GN_TYPE + ":");
+            sb.append(getConfig(CONFIG_TYPE + i));
             sb.append(",");
             sb.append(GN_ENABLE + ":");
             sb.append(getConfig(CONFIG_GN_ENABLE + i));
             sb.append("}");
-        };
+        }
+        ;
 
         return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", getConfig(CONFIG_CRITICAL), sb.toString());
     }
@@ -410,7 +407,7 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         SubjectAlternativeNameExtension ext = null;
 
         try {
@@ -421,15 +418,15 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
             CMS.debug("SubjectAltNameExtDefault: populate " + e.toString());
         }
         if (ext != null) {
-        addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), 
-            ext, info);
+            addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(),
+                    ext, info);
         } else {
             CMS.debug("SubjectAltNameExtDefault: populate sees no extension.  get out");
         }
     }
 
     public SubjectAlternativeNameExtension createExtension(IRequest request)
-        throws IOException {
+            throws IOException {
         SubjectAlternativeNameExtension ext = null;
         int num = getNumGNs();
 
@@ -438,11 +435,11 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
 
         GeneralNames gn = new GeneralNames();
         int count = 0; // # of actual gnames
-        for (int i=0; i< num; i++) {
-        String enable = getConfig(CONFIG_GN_ENABLE +i);
+        for (int i = 0; i < num; i++) {
+            String enable = getConfig(CONFIG_GN_ENABLE + i);
             if (enable != null && enable.equals("true")) {
-                CMS.debug("SubjectAltNameExtDefault: createExtension i=" +i);
-                
+                CMS.debug("SubjectAltNameExtDefault: createExtension i=" + i);
+
                 String pattern = getConfig(CONFIG_PATTERN + i);
                 if (pattern == null || pattern.equals("")) {
                     pattern = " ";
@@ -453,28 +450,28 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
 
                     // cfu - see if this is server-generated (e.g. UUID4)
                     // to use this feature, use $server.source$ in pattern
-                    String source = getConfig(CONFIG_SOURCE +i); 
+                    String source = getConfig(CONFIG_SOURCE + i);
                     String type = getConfig(CONFIG_TYPE + i);
                     if ((source != null) && (!source.equals(""))) {
                         if (type.equalsIgnoreCase("OtherName")) {
-                            CMS.debug("SubjectAlternativeNameExtension: using "+
-                               source+ " as gn");
+                            CMS.debug("SubjectAlternativeNameExtension: using " +
+                                    source + " as gn");
                             if (source.equals(CONFIG_SOURCE_UUID4)) {
-                              UUID randUUID = UUID.randomUUID();
-                              // call the mapPattern that does server-side gen
-                              // request is not used, but needed for the substitute
-                              // function
-                              gname = mapPattern(randUUID.toString(), request, pattern);
+                                UUID randUUID = UUID.randomUUID();
+                                // call the mapPattern that does server-side gen
+                                // request is not used, but needed for the substitute
+                                // function
+                                gname = mapPattern(randUUID.toString(), request, pattern);
                             } else { //expand more server-gen types here
-                              CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: "+source+". Supported: UUID4");
-                              continue;
+                                CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: " + source + ". Supported: UUID4");
+                                continue;
                             }
                         } else {
-                              CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName");
-                              continue;
+                            CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName");
+                            continue;
                         }
                     } else {
-                        if (request != null)  {
+                        if (request != null) {
                             gname = mapPattern(request, pattern);
                         }
                     }
@@ -483,11 +480,11 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
                         CMS.debug("gname is empty, not added");
                         continue;
                     }
-                    CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" +gname);
+                    CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" + gname);
 
                     GeneralNameInterface n = parseGeneralName(type + ":" + gname);
 
-                    CMS.debug("adding gname: "+gname);
+                    CMS.debug("adding gname: " + gname);
                     if (n != null) {
                         CMS.debug("SubjectAlternativeNameExtension: n not null");
                         gn.addElement(n);
@@ -496,26 +493,26 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
                         CMS.debug("SubjectAlternativeNameExtension: n null");
                     }
                 }
-           }
+            }
         } //for
 
         if (count != 0) {
-          try {
-            ext = new SubjectAlternativeNameExtension();
-          } catch (Exception e) {
-            CMS.debug(e.toString());
-            throw new IOException( e.toString() );
-          }
-          ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn);
-          ext.setCritical(critical);
+            try {
+                ext = new SubjectAlternativeNameExtension();
+            } catch (Exception e) {
+                CMS.debug(e.toString());
+                throw new IOException(e.toString());
+            }
+            ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn);
+            ext.setCritical(critical);
         } else {
-          CMS.debug("count is 0");
-        } 
+            CMS.debug("count is 0");
+        }
         return ext;
     }
 
-    public String mapPattern(IRequest request, String pattern) 
-        throws IOException {
+    public String mapPattern(IRequest request, String pattern)
+            throws IOException {
         Pattern p = new Pattern(pattern);
         IAttrSet attrSet = null;
         if (request != null) {
@@ -525,8 +522,8 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
     }
 
     // for server-side generated values
-    public String mapPattern(String val, IRequest request, String pattern) 
-        throws IOException {
+    public String mapPattern(String val, IRequest request, String pattern)
+            throws IOException {
         Pattern p = new Pattern(pattern);
         IAttrSet attrSet = null;
         if (request != null) {
@@ -535,7 +532,7 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
         try {
             attrSet.set("source", val);
         } catch (Exception e) {
-            CMS.debug("SubjectAlternativeNameExtension: mapPattern source "+e.toString());
+            CMS.debug("SubjectAlternativeNameExtension: mapPattern source " + e.toString());
         }
 
         return p.substitute("server", attrSet);
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java
index 04ae8da3..29562123 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java
@@ -46,7 +46,7 @@ import com.netscape.certsrv.request.IRequest;
  * This class implements an enrollment default policy
  * that populates a subject directory attributes extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
@@ -71,7 +71,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         refreshConfigAndValueNames();
     }
@@ -95,26 +95,25 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         int num = 0;
         if (name.equals(DEF_NUM_ATTRS)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_ATTRS || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_ATTRS || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS));
-          }
+            }
         }
         super.setConfig(name, value);
     }
 
-
     public Enumeration<String> getConfigNames() {
         refreshConfigAndValueNames();
         return super.getConfigNames();
@@ -136,43 +135,43 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
         }
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        if (name.equals(CONFIG_CRITICAL)) { 
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        if (name.equals(CONFIG_CRITICAL)) {
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.startsWith(CONFIG_ATTR_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS"));
         } else if (name.startsWith(CONFIG_ATTR_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_NAME"));
         } else if (name.startsWith(CONFIG_PATTERN)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_VALUE"));
         } else if (name.startsWith(CONFIG_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
         } else if (name.startsWith(CONFIG_NUM_ATTRS)) {
             return new Descriptor(IDescriptor.INTEGER, null,
                     "1",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); 
-        }  
+                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS"));
+        }
 
         return null;
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) { 
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+        if (name.equals(VAL_CRITICAL)) {
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_ATTR)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_SUBJDIR_ATTRS"));
         } else {
@@ -181,55 +180,53 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             SubjectDirAttributesExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (SubjectDirAttributesExtension)
-              getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-              info);
+                    getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+                            info);
 
             if (name.equals(VAL_CRITICAL)) {
                 ext = (SubjectDirAttributesExtension)
-                  getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-                  info);
+                        getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+                                info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)
-                {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_ATTR)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_ATTR)) {
                 ext = (SubjectDirAttributesExtension)
-                  getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-                  info);
+                        getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+                                info);
 
-                if(ext == null)
-                {
+                if (ext == null) {
                     return;
                 }
                 Vector<NameValuePairs> v = parseRecords(value);
                 int size = v.size();
-              
+
                 boolean critical = ext.isCritical();
 
                 X500NameAttrMap map = X500NameAttrMap.getDefault();
                 Vector<Attribute> attrV = new Vector<Attribute>();
-                for (int i=0; i < size; i++) {
+                for (int i = 0; i < size; i++) {
                     NameValuePairs nvps = v.elementAt(i);
                     Enumeration<String> names = nvps.getNames();
                     String attrName = null;
                     String attrValue = null;
                     String enable = "false";
                     while (names.hasMoreElements()) {
-                        String name1 =  names.nextElement();
+                        String name1 = names.nextElement();
 
                         if (name1.equals(ATTR_NAME)) {
                             attrName = nvps.getValue(name1);
@@ -241,8 +238,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
                     }
 
                     if (enable.equals("true")) {
-                        AttributeConfig attributeConfig =  
-                          new AttributeConfig(attrName, attrValue); 
+                        AttributeConfig attributeConfig =
+                                new AttributeConfig(attrName, attrValue);
                         Attribute attr = attributeConfig.mAttribute;
                         if (attr != null)
                             attrV.addElement(attr);
@@ -256,43 +253,43 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
                 } else
                     return;
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             replaceExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-                ext, info);
+                    ext, info);
         } catch (EProfileException e) {
-            CMS.debug("SubjectDirAttributesExtDefault: setValue " + 
-                e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            CMS.debug("SubjectDirAttributesExtDefault: setValue " +
+                    e.toString());
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } catch (IOException e) {
-            CMS.debug("SubjectDirAttributesExtDefault: setValue " + 
-                e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            CMS.debug("SubjectDirAttributesExtDefault: setValue " +
+                    e.toString());
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         SubjectDirAttributesExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         ext = (SubjectDirAttributesExtension)
-          getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-          info);
+                getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+                        info);
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (SubjectDirAttributesExtension)
-              getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), 
-              info);
+                    getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+                            info);
 
             if (ext == null) {
                 return null;
@@ -302,10 +299,10 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_ATTR)) { 
+        } else if (name.equals(VAL_ATTR)) {
             ext = (SubjectDirAttributesExtension)
-              getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), 
-              info);
+                    getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+                            info);
 
             if (ext == null)
                 return "";
@@ -315,42 +312,42 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
             Vector<NameValuePairs> recs = new Vector<NameValuePairs>();
             int num = getNumAttrs();
             Enumeration<Attribute> e = ext.getAttributesList();
-            CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList="+e);
-            int i=0;
+            CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList=" + e);
+            int i = 0;
 
             while (e.hasMoreElements()) {
                 NameValuePairs pairs = new NameValuePairs();
                 pairs.add(ENABLE, "true");
                 Attribute attr = e.nextElement();
-                CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute="+attr);
+                CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute=" + attr);
                 ObjectIdentifier oid = attr.getOid();
-                CMS.debug("SubjectDirAttributesExtDefault: getValue: oid="+oid);
-   
+                CMS.debug("SubjectDirAttributesExtDefault: getValue: oid=" + oid);
+
                 String vv = map.getName(oid);
 
-                if (vv != null) 
+                if (vv != null)
                     pairs.add(ATTR_NAME, vv);
                 else
                     pairs.add(ATTR_NAME, oid.toString());
                 Enumeration<String> v = attr.getValues();
-                
+
                 // just support single value for now
                 StringBuffer ss = new StringBuffer();
                 while (v.hasMoreElements()) {
                     if (ss.length() == 0)
-                        ss.append((String)(v.nextElement()));
+                        ss.append((String) (v.nextElement()));
                     else {
                         ss.append(",");
-                        ss.append((String)(v.nextElement()));
+                        ss.append((String) (v.nextElement()));
                     }
                 }
 
-                pairs .add(ATTR_VALUE, ss.toString());
+                pairs.add(ATTR_VALUE, ss.toString());
                 recs.addElement(pairs);
                 i++;
             }
-                
-            for (;i < num; i++) {
+
+            for (; i < num; i++) {
                 NameValuePairs pairs = new NameValuePairs();
                 pairs.add(ENABLE, "false");
                 pairs.add(ATTR_NAME, "GENERATIONQUALIFIER");
@@ -360,7 +357,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
 
             return buildRecords(recs);
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -383,8 +380,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
             sb.append(getConfig(CONFIG_ENABLE + i));
             sb.append("}");
         }
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT",
                 getConfig(CONFIG_CRITICAL),
                 sb.toString());
     }
@@ -393,32 +390,32 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         SubjectDirAttributesExtension ext = createExtension(request);
 
         if (ext == null)
             return;
 
-        addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), 
-            ext, info);
+        addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+                ext, info);
     }
 
     public SubjectDirAttributesExtension createExtension(IRequest request)
-      throws EProfileException {
-        SubjectDirAttributesExtension ext = null; 
+            throws EProfileException {
+        SubjectDirAttributesExtension ext = null;
         int num = 0;
 
         boolean critical = getConfigBoolean(CONFIG_CRITICAL);
 
         num = getNumAttrs();
-         
+
         AttributeConfig attributeConfig = null;
         Vector<Attribute> attrs = new Vector<Attribute>();
         for (int i = 0; i < num; i++) {
-            String enable = getConfig(CONFIG_ENABLE + i); 
+            String enable = getConfig(CONFIG_ENABLE + i);
             if (enable != null && enable.equals("true")) {
                 String attrName = getConfig(CONFIG_ATTR_NAME + i);
-                String pattern = getConfig(CONFIG_PATTERN + i); 
+                String pattern = getConfig(CONFIG_PATTERN + i);
                 if (pattern == null || pattern.equals(""))
                     pattern = " ";
 
@@ -427,8 +424,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
                 int lastpos = pattern.lastIndexOf("$");
                 String attrValue = pattern;
                 if (!pattern.equals("") && startpos != -1 &&
-                  startpos == 0 && lastpos != -1 &&
-                  lastpos == (pattern.length()-1)) {
+                        startpos == 0 && lastpos != -1 &&
+                        lastpos == (pattern.length() - 1)) {
                     if (request != null) {
                         try {
                             attrValue = mapPattern(request, pattern);
@@ -436,7 +433,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
                             throw new EProfileException(e.toString());
                         }
                     }
-                } 
+                }
                 try {
                     attributeConfig = new AttributeConfig(attrName, attrValue);
                 } catch (EPropertyException e) {
@@ -454,7 +451,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
             attrs.copyInto(attrList);
             try {
                 ext =
-                  new SubjectDirAttributesExtension(attrList, critical);
+                        new SubjectDirAttributesExtension(attrList, critical);
             } catch (IOException e) {
                 throw new EProfileException(e.toString());
             }
@@ -470,50 +467,49 @@ class AttributeConfig {
     protected Attribute mAttribute = null;
 
     public AttributeConfig(String attrName, String attrValue)
-      throws EPropertyException {
+            throws EPropertyException {
         X500NameAttrMap map = X500NameAttrMap.getDefault();
-     
+
         if (attrName == null || attrName.length() == 0) {
             throw new EPropertyException(
-              CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName));
+                    CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName));
         }
- 
+
         if (attrValue == null || attrValue.length() == 0) {
             throw new EPropertyException(
-              CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue));
+                    CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue));
         }
 
         try {
             mAttributeOID = new ObjectIdentifier(attrName);
         } catch (Exception e) {
-            CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: "+ attrName);
+            CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: " + attrName);
         }
 
         if (mAttributeOID == null) {
             mAttributeOID = map.getOid(attrName);
             if (mAttributeOID == null)
                 throw new EPropertyException(
-                  CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", attrName));
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", attrName));
             try {
                 checkValue(mAttributeOID, attrValue);
             } catch (IOException e) {
                 throw new EPropertyException(CMS.getUserMessage(
-                  "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage()));
+                        "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage()));
             }
         }
 
-
         try {
-            mAttribute = new Attribute(mAttributeOID, 
-              str2MultiValues(attrValue));
+            mAttribute = new Attribute(mAttributeOID,
+                    str2MultiValues(attrValue));
         } catch (IOException e) {
             throw new EPropertyException(CMS.getUserMessage(
-              "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage()));
+                    "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage()));
         }
     }
 
-    private static void checkValue(ObjectIdentifier oid, String val) 
-      throws IOException {
+    private static void checkValue(ObjectIdentifier oid, String val)
+            throws IOException {
         AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(oid);
         DerValue derval;
 
@@ -527,7 +523,7 @@ class AttributeConfig {
         while (tokenizer.hasMoreTokens()) {
             v.addElement(tokenizer.nextToken());
         }
- 
+
         return v;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java
index 8a3f2afc..afc5f1f9 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -40,11 +39,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy 
+ * This class implements an enrollment default policy
  * that populates Subject Info Access extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
@@ -87,29 +85,29 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
 
         return num;
     }
- 
+
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         refreshConfigAndValueNames();
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         int num = 0;
         if (name.equals(CONFIG_NUM_ADS)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_AD || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_AD || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
-          }
+            }
         }
         super.setConfig(name, value);
     }
@@ -137,28 +135,28 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
         }
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.startsWith(CONFIG_AD_METHOD)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD"));
         } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) {
-            return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", 
+            return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName",
                     "URIName",
                     CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE"));
         } else if (name.startsWith(CONFIG_AD_LOCATION)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION"));
         } else if (name.startsWith(CONFIG_AD_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE"));
-        }  else if (name.startsWith(CONFIG_NUM_ADS)) {
+        } else if (name.startsWith(CONFIG_NUM_ADS)) {
             return new Descriptor(IDescriptor.INTEGER, null,
                     "1",
                     CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS"));
@@ -168,11 +166,11 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_GENERAL_NAMES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES"));
         } else {
@@ -181,45 +179,42 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             SubjectInfoAccessExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
-           
             SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false);
             ObjectIdentifier oid = a.getExtensionId();
 
             ext = (SubjectInfoAccessExtension)
-                        getExtension(oid.toString(), info); 
+                        getExtension(oid.toString(), info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
             }
- 
+
             if (name.equals(VAL_CRITICAL)) {
 
                 ext = (SubjectInfoAccessExtension)
                         getExtension(oid.toString(), info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)
-                {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_GENERAL_NAMES)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_GENERAL_NAMES)) {
 
                 ext = (SubjectInfoAccessExtension)
                         getExtension(oid.toString(), info);
 
-                if(ext == null)
-                {
+                if (ext == null) {
                     return;
                 }
                 boolean critical = ext.isCritical();
@@ -258,17 +253,17 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
                             GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location);
                             if (interface1 == null)
                                 throw new EPropertyException(CMS.getUserMessage(
-                                  locale, "CMS_INVALID_PROPERTY", locationType));
+                                        locale, "CMS_INVALID_PROPERTY", locationType));
                             gn = new GeneralName(interface1);
                         }
-     
+
                         if (method != null) {
                             try {
-                                ext.addAccessDescription(new ObjectIdentifier(method), gn); 
+                                ext.addAccessDescription(new ObjectIdentifier(method), gn);
                             } catch (NumberFormatException ee) {
-                                CMS.debug("SubjectInfoAccessExtDefault: "+ee.toString());
+                                CMS.debug("SubjectInfoAccessExtDefault: " + ee.toString());
                                 throw new EPropertyException(CMS.getUserMessage(
-                                  locale, "CMS_PROFILE_DEF_SIA_OID", method));
+                                        locale, "CMS_PROFILE_DEF_SIA_OID", method));
                             }
                         }
                     }
@@ -291,30 +286,29 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         SubjectInfoAccessExtension ext = null;
 
-        if (name == null) { 
+        if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false);
-            ObjectIdentifier oid = a.getExtensionId();
+        ObjectIdentifier oid = a.getExtensionId();
 
         ext = (SubjectInfoAccessExtension)
                     getExtension(oid.toString(), info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
                 CMS.debug("SubjectInfoAccessExtDefault: getValue " + e.toString());
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
@@ -331,7 +325,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_GENERAL_NAMES)) { 
+        } else if (name.equals(VAL_GENERAL_NAMES)) {
 
             ext = (SubjectInfoAccessExtension)
                     getExtension(oid.toString(), info);
@@ -340,11 +334,11 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
                 return "";
 
             int num = getNumAds();
-	
+
             CMS.debug("SubjectInfoAccess num=" + num);
             Vector recs = new Vector();
 
-            for (int i = 0; i < num; i++) { 
+            for (int i = 0; i < num; i++) {
                 NameValuePairs np = new NameValuePairs();
                 AccessDescription des = null;
 
@@ -358,7 +352,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
                     np.add(AD_ENABLE, "false");
                 } else {
                     ObjectIdentifier methodOid = des.getMethod();
-                    GeneralName gn = des.getLocation(); 
+                    GeneralName gn = des.getLocation();
 
                     np.add(AD_METHOD, methodOid.toString());
                     np.add(AD_LOCATION_TYPE, getGeneralNameType(gn));
@@ -397,7 +391,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
             ads.append(getConfig(CONFIG_AD_ENABLE + i));
             ads.append("}");
         }
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT", 
+        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT",
                 getConfig(CONFIG_CRITICAL), ads.toString());
     }
 
@@ -405,14 +399,14 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         SubjectInfoAccessExtension ext = createExtension();
 
         addExtension(ext.getExtensionId().toString(), ext, info);
     }
 
     public SubjectInfoAccessExtension createExtension() {
-        SubjectInfoAccessExtension ext = null; 
+        SubjectInfoAccessExtension ext = null;
         int num = getNumAds();
 
         try {
@@ -434,21 +428,21 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
                             String hostname = CMS.getEENonSSLHost();
                             String port = CMS.getEENonSSLPort();
                             if (hostname != null && port != null)
-                                location = "http://"+hostname+":"+port+"/ocsp";
+                                location = "http://" + hostname + ":" + port + "/ocsp";
                         }
                     }
 
                     String s = locationType + ":" + location;
                     GeneralNameInterface gn = parseGeneralName(s);
                     if (gn != null) {
-                      ext.addAccessDescription(new ObjectIdentifier(method), 
-                        new GeneralName(gn)); 
+                        ext.addAccessDescription(new ObjectIdentifier(method),
+                                new GeneralName(gn));
                     }
                 }
             }
         } catch (Exception e) {
-            CMS.debug("SubjectInfoAccessExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("SubjectInfoAccessExtDefault: createExtension " +
+                    e.toString());
         }
 
         return ext;
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java
index d8b09f5d..9476e45f 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -39,12 +38,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a subject key identifier extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
@@ -61,19 +59,19 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.STRING, 
-                    IDescriptor.READONLY, 
+            return new Descriptor(IDescriptor.STRING,
+                    IDescriptor.READONLY,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_KEY_ID)) {
-            return new Descriptor(IDescriptor.STRING, 
-                    IDescriptor.READONLY, 
+            return new Descriptor(IDescriptor.STRING,
+                    IDescriptor.READONLY,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID"));
         } else {
@@ -82,8 +80,8 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
@@ -99,8 +97,8 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
@@ -108,24 +106,23 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
 
         SubjectKeyIdentifierExtension ext =
                 (SubjectKeyIdentifierExtension) getExtension(
-                    PKIXExtensions.SubjectKey_Id.toString(), info);
+                        PKIXExtensions.SubjectKey_Id.toString(), info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
 
         if (name.equals(VAL_CRITICAL)) {
-            ext = 
-                (SubjectKeyIdentifierExtension) getExtension(
-                    PKIXExtensions.SubjectKey_Id.toString(), info);
+            ext =
+                    (SubjectKeyIdentifierExtension) getExtension(
+                            PKIXExtensions.SubjectKey_Id.toString(), info);
 
             if (ext == null) {
                 return null;
@@ -136,9 +133,9 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
                 return "false";
             }
         } else if (name.equals(VAL_KEY_ID)) {
-            ext = 
-                (SubjectKeyIdentifierExtension) getExtension(
-                    PKIXExtensions.SubjectKey_Id.toString(), info);
+            ext =
+                    (SubjectKeyIdentifierExtension) getExtension(
+                            PKIXExtensions.SubjectKey_Id.toString(), info);
 
             if (ext == null) {
                 return null;
@@ -149,11 +146,11 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
                 kid = (KeyIdentifier)
                         ext.get(SubjectKeyIdentifierExtension.KEY_ID);
             } catch (IOException e) {
-                CMS.debug( "SubjectKeyIdentifierExtDefault::getValue() - " +
-                           "kid is null!" );
-                throw new EPropertyException( CMS.getUserMessage( locale,
+                CMS.debug("SubjectKeyIdentifierExtDefault::getValue() - " +
+                           "kid is null!");
+                throw new EPropertyException(CMS.getUserMessage(locale,
                                                                   "CMS_INVALID_PROPERTY",
-                                                                  name ) );
+                                                                  name));
             }
             return toHexString(kid.getIdentifier());
         } else {
@@ -170,7 +167,7 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         SubjectKeyIdentifierExtension ext = createExtension(info);
 
         addExtension(PKIXExtensions.SubjectKey_Id.toString(), ext, info);
@@ -184,36 +181,36 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
             return null;
         }
         SubjectKeyIdentifierExtension ext = null;
-        
+
         boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue();
 
         try {
             ext = new SubjectKeyIdentifierExtension(critical, kid.getIdentifier());
         } catch (IOException e) {
-            CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " +
+                    e.toString());
             //
         }
         return ext;
     }
 
-    public KeyIdentifier getKeyIdentifier(X509CertInfo info) { 
-        try { 
-            CertificateX509Key infokey = (CertificateX509Key) 
-                info.get(X509CertInfo.KEY);
+    public KeyIdentifier getKeyIdentifier(X509CertInfo info) {
+        try {
+            CertificateX509Key infokey = (CertificateX509Key)
+                    info.get(X509CertInfo.KEY);
             X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY);
             MessageDigest md = MessageDigest.getInstance("SHA-1");
 
-            md.update(key.getKey()); 
+            md.update(key.getKey());
             byte[] hash = md.digest();
 
             return new KeyIdentifier(hash);
         } catch (NoSuchAlgorithmException e) {
-            CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + 
-                e.toString());
+            CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " +
+                    e.toString());
         } catch (Exception e) {
-            CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + 
-                e.toString());
+            CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " +
+                    e.toString());
         }
         return null;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java
index 9f404e89..479219b8 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates server-side configurable subject name
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class SubjectNameDefault extends EnrollDefault {
@@ -55,15 +53,15 @@ public class SubjectNameDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        if (name.equals(CONFIG_NAME)) { 
-            return new Descriptor(IDescriptor.STRING, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        if (name.equals(CONFIG_NAME)) {
+            return new Descriptor(IDescriptor.STRING,
                     null, "CN=TEST", CMS.getUserMessage(locale,
-                        "CMS_PROFILE_SUBJECT_NAME"));
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else {
             return null;
         }
@@ -72,18 +70,18 @@ public class SubjectNameDefault extends EnrollDefault {
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_NAME)) {
             return new Descriptor(IDescriptor.STRING, null, null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_SUBJECT_NAME"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else {
             return null;
         }
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -100,25 +98,25 @@ public class SubjectNameDefault extends EnrollDefault {
             }
             CMS.debug("SubjectNameDefault: setValue name=" + x500name.toString());
             try {
-                info.set(X509CertInfo.SUBJECT, 
-                    new CertificateSubjectName(x500name));
+                info.set(X509CertInfo.SUBJECT,
+                        new CertificateSubjectName(x500name));
             } catch (Exception e) {
                 // failed to insert subject name
                 CMS.debug("SubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -133,18 +131,18 @@ public class SubjectNameDefault extends EnrollDefault {
             } catch (Exception e) {
                 // nothing
                 CMS.debug("SubjectNameDefault: getValue " + e.toString());
-		
+
             }
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME", 
+        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME",
                 getConfig(CONFIG_NAME));
     }
 
@@ -152,13 +150,13 @@ public class SubjectNameDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         X500Name name = null;
 
         String subjectName = null;
 
         try {
-          subjectName = mapPattern(request, getConfig(CONFIG_NAME));
+            subjectName = mapPattern(request, getConfig(CONFIG_NAME));
         } catch (IOException e) {
             CMS.debug("SubjectNameDefault: mapPattern " + e.toString());
         }
@@ -176,8 +174,8 @@ public class SubjectNameDefault extends EnrollDefault {
             // failed to build x500 name
         }
         try {
-            info.set(X509CertInfo.SUBJECT, 
-                new CertificateSubjectName(name));
+            info.set(X509CertInfo.SUBJECT,
+                    new CertificateSubjectName(name));
         } catch (Exception e) {
             // failed to insert subject name
             CMS.debug("SubjectNameDefault: populate " + e.toString());
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java
index c834eee1..46a78c73 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.CertificateExtensions;
@@ -34,12 +33,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a user-supplied extension
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UserExtensionDefault extends EnrollExtDefault {
@@ -57,11 +55,11 @@ public class UserExtensionDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_OID)) {
             return new Descriptor(IDescriptor.STRING, null,
                     "Comment Here...",
@@ -83,16 +81,16 @@ public class UserExtensionDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         // Nothing to do for read-only values
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
-        if (name == null) { 
-            throw new EPropertyException(CMS.getUserMessage( 
+            X509CertInfo info)
+            throws EPropertyException {
+        if (name == null) {
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_OID)) {
@@ -104,7 +102,7 @@ public class UserExtensionDefault extends EnrollExtDefault {
             }
             return ext.getExtensionId().toString();
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -117,22 +115,22 @@ public class UserExtensionDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         CertificateExtensions inExts = null;
         String oid = getConfig(CONFIG_OID);
 
         inExts = request.getExtDataInCertExts(IEnrollProfile.REQUEST_EXTENSIONS);
         if (inExts == null)
-          return; 
+            return;
         Extension ext = getExtension(getConfig(CONFIG_OID), inExts);
         if (ext == null) {
-          CMS.debug("UserExtensionDefault: no user ext supplied for "+ oid);
-          return;
+            CMS.debug("UserExtensionDefault: no user ext supplied for " + oid);
+            return;
         }
 
         // user supplied the ext that's allowed, replace the def set by system
         deleteExtension(oid, info);
-        CMS.debug("UserExtensionDefault: using user supplied ext for "+ oid);
+        CMS.debug("UserExtensionDefault: using user supplied ext for " + oid);
         addExtension(oid, ext, info);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java
index 1cff57df..b1dc9d11 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.ByteArrayInputStream;
 import java.math.BigInteger;
 import java.security.interfaces.DSAParams;
@@ -40,12 +39,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a user supplied key
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UserKeyDefault extends EnrollDefault {
@@ -62,24 +60,24 @@ public class UserKeyDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_KEY)) {
-            return new Descriptor(IDescriptor.STRING, 
-                    IDescriptor.READONLY, 
+            return new Descriptor(IDescriptor.STRING,
+                    IDescriptor.READONLY,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_KEY"));
         } else if (name.equals(VAL_LEN)) {
             return new Descriptor(IDescriptor.STRING,
-                    IDescriptor.READONLY, 
+                    IDescriptor.READONLY,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_KEY_LEN"));
         } else if (name.equals(VAL_TYPE)) {
             return new Descriptor(IDescriptor.STRING,
-                    IDescriptor.READONLY, 
+                    IDescriptor.READONLY,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE"));
         } else {
@@ -88,15 +86,15 @@ public class UserKeyDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         // this default rule is readonly
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
-        if (name == null) { 
+            X509CertInfo info)
+            throws EPropertyException {
+        if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
@@ -116,7 +114,7 @@ public class UserKeyDefault extends EnrollDefault {
                         ck.get(CertificateX509Key.KEY);
             } catch (Exception e) {
                 // nothing
-            } 
+            }
             if (k == null) {
                 throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_PROFILE_KEY_NOT_FOUND"));
@@ -139,7 +137,7 @@ public class UserKeyDefault extends EnrollDefault {
             } catch (Exception e) {
                 // nothing
             }
-            if (k == null) { 
+            if (k == null) {
                 throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_PROFILE_KEY_NOT_FOUND"));
             }
@@ -171,12 +169,12 @@ public class UserKeyDefault extends EnrollDefault {
             } catch (Exception e) {
                 // nothing
             }
-            if (k == null) { 
+            if (k == null) {
                 throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_PROFILE_KEY_NOT_FOUND"));
             }
-            return k.getAlgorithm() + " - " + 
-                k.getAlgorithmId().getOID().toString();
+            return k.getAlgorithm() + " - " +
+                    k.getAlgorithmId().getOID().toString();
         } else {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
@@ -217,7 +215,7 @@ public class UserKeyDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         CertificateX509Key certKey = null;
         // authenticate the certificate key, and move
         // the key from request into x509 certinfo
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java
index 07e6c77e..4aeed6ba 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.ByteArrayInputStream;
 import java.util.Locale;
 
@@ -35,12 +34,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a user-supplied signing algorithm
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UserSigningAlgDefault extends EnrollDefault {
@@ -53,30 +51,30 @@ public class UserSigningAlgDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_ALG_ID)) {
-            return new Descriptor(IDescriptor.STRING, 
+            return new Descriptor(IDescriptor.STRING,
                     IDescriptor.READONLY, null,
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_SIGNING_ALGORITHM"));
+                            "CMS_PROFILE_SIGNING_ALGORITHM"));
         } else {
             return null;
         }
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         // this default rule is readonly
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
@@ -88,7 +86,7 @@ public class UserSigningAlgDefault extends EnrollDefault {
                 algID = (CertificateAlgorithmId)
                         info.get(X509CertInfo.ALGORITHM_ID);
                 AlgorithmId id = (AlgorithmId)
-                    algID.get(CertificateAlgorithmId.ALGORITHM);
+                        algID.get(CertificateAlgorithmId.ALGORITHM);
 
                 return id.toString();
             } catch (Exception e) {
@@ -109,7 +107,7 @@ public class UserSigningAlgDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         CertificateAlgorithmId certAlg = null;
         // authenticate the certificate key, and move
         // the key from request into x509 certinfo
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java
index f589b654..65456e25 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -35,12 +34,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a user-supplied subject name
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UserSubjectNameDefault extends EnrollDefault {
@@ -53,7 +51,7 @@ public class UserSubjectNameDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -67,8 +65,8 @@ public class UserSubjectNameDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
@@ -84,12 +82,12 @@ public class UserSubjectNameDefault extends EnrollDefault {
             }
             CMS.debug("SubjectNameDefault: setValue name=" + x500name);
             try {
-                info.set(X509CertInfo.SUBJECT, 
-                    new CertificateSubjectName(x500name));
+                info.set(X509CertInfo.SUBJECT,
+                        new CertificateSubjectName(x500name));
             } catch (Exception e) {
                 // failed to insert subject name
                 CMS.debug("UserSubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else {
@@ -99,10 +97,10 @@ public class UserSubjectNameDefault extends EnrollDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
-        if (name == null) { 
-            throw new EPropertyException(CMS.getUserMessage( 
+            X509CertInfo info)
+            throws EPropertyException {
+        if (name == null) {
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -115,10 +113,10 @@ public class UserSubjectNameDefault extends EnrollDefault {
             } catch (Exception e) {
                 // nothing
             }
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -131,7 +129,7 @@ public class UserSubjectNameDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         // authenticate the subject name and populate it
         // to the certinfo
         try {
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java
index 2d79b192..3fadb81f 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.ByteArrayInputStream;
 import java.util.Date;
 import java.util.Locale;
@@ -35,12 +34,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a user-supplied validity
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UserValidityDefault extends EnrollDefault {
@@ -55,13 +53,13 @@ public class UserValidityDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_NOT_BEFORE)) {
-            return new Descriptor(IDescriptor.STRING, 
+            return new Descriptor(IDescriptor.STRING,
                     IDescriptor.READONLY,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE"));
@@ -76,16 +74,16 @@ public class UserValidityDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         // this default rule is readonly
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
-        if (name == null) { 
-            throw new EPropertyException(CMS.getUserMessage( 
+            X509CertInfo info)
+            throws EPropertyException {
+        if (name == null) {
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NOT_BEFORE)) {
@@ -93,32 +91,32 @@ public class UserValidityDefault extends EnrollDefault {
 
             try {
                 validity = (CertificateValidity)
-                   info.get(X509CertInfo.VALIDITY);
+                        info.get(X509CertInfo.VALIDITY);
                 Date notBefore = (Date)
-                    validity.get(CertificateValidity.NOT_BEFORE);
+                        validity.get(CertificateValidity.NOT_BEFORE);
 
                 return notBefore.toString();
             } catch (Exception e) {
                 CMS.debug("UserValidityDefault: getValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else if (name.equals(VAL_NOT_AFTER)) {
             try {
                 CertificateValidity validity = null;
                 validity = (CertificateValidity)
-                   info.get(X509CertInfo.VALIDITY);
+                        info.get(X509CertInfo.VALIDITY);
                 Date notAfter = (Date)
-                    validity.get(CertificateValidity.NOT_AFTER);
+                        validity.get(CertificateValidity.NOT_AFTER);
 
                 return notAfter.toString();
             } catch (Exception e) {
                 CMS.debug("UserValidityDefault: getValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -131,7 +129,7 @@ public class UserValidityDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         CertificateValidity certValidity = null;
         // authenticate the certificate key, and move
         // the key from request into x509 certinfo
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java
index 6e9b08ab..ad06400f 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.text.ParsePosition;
 import java.text.SimpleDateFormat;
@@ -36,12 +35,11 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an enrollment default policy
  * that populates a server-side configurable validity
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ValidityDefault extends EnrollDefault {
@@ -64,26 +62,26 @@ public class ValidityDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (name.equals(CONFIG_RANGE)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_RANGE));
-          }
+            }
         } else if (name.equals(CONFIG_START_TIME)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
-          }
+            }
         }
         super.setConfig(name, value);
     }
@@ -91,16 +89,16 @@ public class ValidityDefault extends EnrollDefault {
     public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_RANGE)) {
             return new Descriptor(IDescriptor.STRING,
-                    null, 
+                    null,
                     "2922",
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_VALIDITY_RANGE"));
+                            "CMS_PROFILE_VALIDITY_RANGE"));
         } else if (name.equals(CONFIG_START_TIME)) {
             return new Descriptor(IDescriptor.STRING,
-                    null, 
+                    null,
                     "60", /* 1 minute */
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_VALIDITY_START_TIME"));
+                            "CMS_PROFILE_VALIDITY_START_TIME"));
         } else {
             return null;
         }
@@ -119,19 +117,19 @@ public class ValidityDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
-        if (name == null) { 
+            X509CertInfo info, String value)
+            throws EPropertyException {
+        if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
-        if (value == null || value.equals("")) { 
+        if (value == null || value.equals("")) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NOT_BEFORE)) {
-            SimpleDateFormat formatter = 
-                new SimpleDateFormat(DATE_FORMAT);
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
             ParsePosition pos = new ParsePosition(0);
             Date date = formatter.parse(value, pos);
             CertificateValidity validity = null;
@@ -140,15 +138,15 @@ public class ValidityDefault extends EnrollDefault {
                 validity = (CertificateValidity)
                         info.get(X509CertInfo.VALIDITY);
                 validity.set(CertificateValidity.NOT_BEFORE,
-                    date);
+                        date);
             } catch (Exception e) {
                 CMS.debug("ValidityDefault: setValue " + e.toString());
                 throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else if (name.equals(VAL_NOT_AFTER)) {
-            SimpleDateFormat formatter = 
-                new SimpleDateFormat(DATE_FORMAT);
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
             ParsePosition pos = new ParsePosition(0);
             Date date = formatter.parse(value, pos);
             CertificateValidity validity = null;
@@ -157,7 +155,7 @@ public class ValidityDefault extends EnrollDefault {
                 validity = (CertificateValidity)
                         info.get(X509CertInfo.VALIDITY);
                 validity.set(CertificateValidity.NOT_AFTER,
-                    date);
+                        date);
             } catch (Exception e) {
                 CMS.debug("ValidityDefault: setValue " + e.toString());
                 throw new EPropertyException(CMS.getUserMessage(
@@ -170,16 +168,16 @@ public class ValidityDefault extends EnrollDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException { 
+            X509CertInfo info)
+            throws EPropertyException {
 
         if (name == null)
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
 
         if (name.equals(VAL_NOT_BEFORE)) {
-            SimpleDateFormat formatter = 
-                new SimpleDateFormat(DATE_FORMAT);
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
             CertificateValidity validity = null;
 
             try {
@@ -192,8 +190,8 @@ public class ValidityDefault extends EnrollDefault {
             }
             throw new EPropertyException("Invalid valie");
         } else if (name.equals(VAL_NOT_AFTER)) {
-            SimpleDateFormat formatter = 
-                new SimpleDateFormat(DATE_FORMAT);
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
             CertificateValidity validity = null;
 
             try {
@@ -214,7 +212,7 @@ public class ValidityDefault extends EnrollDefault {
     }
 
     public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", 
+        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY",
                 getConfig(CONFIG_RANGE));
     }
 
@@ -222,11 +220,11 @@ public class ValidityDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         // always + 60 seconds
         String startTimeStr = getConfig(CONFIG_START_TIME);
         try {
-          startTimeStr = mapPattern(request, startTimeStr);
+            startTimeStr = mapPattern(request, startTimeStr);
         } catch (IOException e) {
             CMS.debug("ValidityDefault: populate " + e.toString());
         }
@@ -241,7 +239,7 @@ public class ValidityDefault extends EnrollDefault {
         try {
             String rangeStr = getConfig(CONFIG_RANGE);
             rangeStr = mapPattern(request, rangeStr);
-            notAfterVal = notBefore.getTime() + 
+            notAfterVal = notBefore.getTime() +
                     (mDefault * Integer.parseInt(rangeStr));
         } catch (Exception e) {
             // configured value is not correct
@@ -250,8 +248,8 @@ public class ValidityDefault extends EnrollDefault {
                         getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE));
         }
         Date notAfter = new Date(notAfterVal);
-        CertificateValidity validity = 
-            new CertificateValidity(notBefore, notAfter);
+        CertificateValidity validity =
+                new CertificateValidity(notBefore, notAfter);
 
         try {
             info.set(X509CertInfo.VALIDITY, validity);
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java
index c8beca2f..6b5ab6bc 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java
@@ -37,19 +37,19 @@ import com.netscape.certsrv.request.IRequest;
  * This class implements an enrollment default policy
  * that populates server-side configurable subject name
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class nsHKeySubjectNameDefault extends EnrollDefault {
 
-	public static final String PROP_PARAMS = "params";
+    public static final String PROP_PARAMS = "params";
     public static final String CONFIG_DNPATTERN = "dnpattern";
 
     public static final String VAL_NAME = "name";
 
     /* default dn pattern if left blank or not set in the config */
-    protected static String DEFAULT_DNPATTERN = 
-        "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US";
+    protected static String DEFAULT_DNPATTERN =
+            "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US";
 
     protected IConfigStore mParamsConfig;
 
@@ -61,43 +61,43 @@ public class nsHKeySubjectNameDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-		CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name="+ name);
-        if (name.equals(CONFIG_DNPATTERN)) { 
-            return new Descriptor(IDescriptor.STRING, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name=" + name);
+        if (name.equals(CONFIG_DNPATTERN)) {
+            return new Descriptor(IDescriptor.STRING,
                     null, null, CMS.getUserMessage(locale,
-                        "CMS_PROFILE_SUBJECT_NAME"));
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else {
             return null;
         }
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
-		CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name="+name);
+        CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name=" + name);
 
         if (name.equals(VAL_NAME)) {
             return new Descriptor(IDescriptor.STRING,
-				null,
-				null,
-				CMS.getUserMessage(locale, 
-					"CMS_PROFILE_SUBJECT_NAME"));
+                    null,
+                    null,
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else {
             return null;
         }
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
 
-			CMS.debug("nsHKeySubjectNameDefault: in setValue, value="+value);
+        CMS.debug("nsHKeySubjectNameDefault: in setValue, value=" + value);
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -111,26 +111,26 @@ public class nsHKeySubjectNameDefault extends EnrollDefault {
             }
             CMS.debug("nsHKeySubjectNameDefault: setValue name=" + x500name);
             try {
-                info.set(X509CertInfo.SUBJECT, 
-                    new CertificateSubjectName(x500name));
+                info.set(X509CertInfo.SUBJECT,
+                        new CertificateSubjectName(x500name));
             } catch (Exception e) {
                 // failed to insert subject name
                 CMS.debug("nsHKeySubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
-		CMS.debug("nsHKeySubjectNameDefault: in getValue, name="+name);
+            X509CertInfo info)
+            throws EPropertyException {
+        CMS.debug("nsHKeySubjectNameDefault: in getValue, name=" + name);
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -145,19 +145,19 @@ public class nsHKeySubjectNameDefault extends EnrollDefault {
             } catch (Exception e) {
                 // nothing
                 CMS.debug("nsHKeySubjectNameDefault: getValue " + e.toString());
-		
+
             }
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
-		CMS.debug("nsHKeySubjectNameDefault: in getText");
-        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", 
+        CMS.debug("nsHKeySubjectNameDefault: in getText");
+        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
                 getConfig(CONFIG_DNPATTERN));
     }
 
@@ -165,15 +165,15 @@ public class nsHKeySubjectNameDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         X500Name name = null;
-		CMS.debug("nsHKeySubjectNameDefault: in populate");
+        CMS.debug("nsHKeySubjectNameDefault: in populate");
 
         try {
-			String subjectName = getSubjectName(request);
-			CMS.debug("subjectName=" + subjectName);
-			if (subjectName == null || subjectName.equals(""))
-				return;
+            String subjectName = getSubjectName(request);
+            CMS.debug("subjectName=" + subjectName);
+            if (subjectName == null || subjectName.equals(""))
+                return;
 
             name = new X500Name(subjectName);
         } catch (IOException e) {
@@ -184,32 +184,32 @@ public class nsHKeySubjectNameDefault extends EnrollDefault {
             // failed to build x500 name
         }
         try {
-            info.set(X509CertInfo.SUBJECT, 
-                new CertificateSubjectName(name));
+            info.set(X509CertInfo.SUBJECT,
+                    new CertificateSubjectName(name));
         } catch (Exception e) {
             // failed to insert subject name
             CMS.debug("nsHKeySubjectNameDefault: populate " + e.toString());
         }
     }
 
-	private String getSubjectName(IRequest request)
-		throws EProfileException, IOException {
+    private String getSubjectName(IRequest request)
+            throws EProfileException, IOException {
+
+        CMS.debug("nsHKeySubjectNameDefault: in getSubjectName");
 
-		CMS.debug("nsHKeySubjectNameDefault: in getSubjectName");
+        String pattern = getConfig(CONFIG_DNPATTERN);
+        if (pattern == null || pattern.equals("")) {
+            pattern = " ";
+        }
 
-		String pattern = getConfig(CONFIG_DNPATTERN);
-		if (pattern == null || pattern.equals("")) {
-			pattern = " ";
-		}
-		
-		String sbjname = "";
+        String sbjname = "";
 
-		if (request != null)  {
-			CMS.debug("pattern = "+pattern);
-			sbjname = mapPattern(request, pattern);
-			CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done");
-		}
+        if (request != null) {
+            CMS.debug("pattern = " + pattern);
+            sbjname = mapPattern(request, pattern);
+            CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done");
+        }
 
-		return sbjname;
-	}
+        return sbjname;
+    }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java
index 3a1d1c6e..6e36302e 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java
@@ -45,13 +45,13 @@ import com.netscape.certsrv.request.IRequest;
  * This class implements an enrollment default policy
  * that populates server-side configurable subject name
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class nsNKeySubjectNameDefault extends EnrollDefault {
 
-	public static final String PROP_LDAP = "ldap";
-	public static final String PROP_PARAMS = "params";
+    public static final String PROP_LDAP = "ldap";
+    public static final String PROP_PARAMS = "params";
     public static final String CONFIG_DNPATTERN = "dnpattern";
     public static final String CONFIG_LDAP_STRING_ATTRS = "ldapStringAttributes";
     public static final String CONFIG_LDAP_HOST = "ldap.ldapconn.host";
@@ -64,20 +64,20 @@ public class nsNKeySubjectNameDefault extends EnrollDefault {
 
     public static final String VAL_NAME = "name";
 
-    public static final String CONFIG_LDAP_VERS = 
-      "2,3";
+    public static final String CONFIG_LDAP_VERS =
+            "2,3";
 
     /* default dn pattern if left blank or not set in the config */
-    protected static String DEFAULT_DNPATTERN = 
-        "CN=$request.aoluid$, E=$request.mail$";
+    protected static String DEFAULT_DNPATTERN =
+            "CN=$request.aoluid$, E=$request.mail$";
 
     /* ldap configuration sub-store */
-	boolean mInitialized = false;
+    boolean mInitialized = false;
     protected IConfigStore mInstConfig;
     protected IConfigStore mLdapConfig;
     protected IConfigStore mParamsConfig;
 
-	    /* ldap base dn */
+    /* ldap base dn */
     protected String mBaseDN = null;
 
     /* factory of anonymous ldap connections */
@@ -90,104 +90,104 @@ public class nsNKeySubjectNameDefault extends EnrollDefault {
     public nsNKeySubjectNameDefault() {
         super();
         addConfigName(CONFIG_DNPATTERN);
-		addConfigName(CONFIG_LDAP_STRING_ATTRS);
+        addConfigName(CONFIG_LDAP_STRING_ATTRS);
         addConfigName(CONFIG_LDAP_HOST);
         addConfigName(CONFIG_LDAP_PORT);
         addConfigName(CONFIG_LDAP_SEC_CONN);
         addConfigName(CONFIG_LDAP_VER);
         addConfigName(CONFIG_LDAP_BASEDN);
-		addConfigName(CONFIG_LDAP_MIN_CONN);
-		addConfigName(CONFIG_LDAP_MAX_CONN);
+        addConfigName(CONFIG_LDAP_MIN_CONN);
+        addConfigName(CONFIG_LDAP_MAX_CONN);
 
         addValueName(CONFIG_DNPATTERN);
-		addValueName(CONFIG_LDAP_STRING_ATTRS);
+        addValueName(CONFIG_LDAP_STRING_ATTRS);
         addValueName(CONFIG_LDAP_HOST);
         addValueName(CONFIG_LDAP_PORT);
         addValueName(CONFIG_LDAP_SEC_CONN);
         addValueName(CONFIG_LDAP_VER);
         addValueName(CONFIG_LDAP_BASEDN);
-		addValueName(CONFIG_LDAP_MIN_CONN);
-		addValueName(CONFIG_LDAP_MAX_CONN);
+        addValueName(CONFIG_LDAP_MIN_CONN);
+        addValueName(CONFIG_LDAP_MAX_CONN);
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
-		mInstConfig = config;
+            throws EProfileException {
+        mInstConfig = config;
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-		CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name="+ name);
-        if (name.equals(CONFIG_DNPATTERN)) { 
-            return new Descriptor(IDescriptor.STRING, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name=" + name);
+        if (name.equals(CONFIG_DNPATTERN)) {
+            return new Descriptor(IDescriptor.STRING,
                     null, null, CMS.getUserMessage(locale,
-                        "CMS_PROFILE_SUBJECT_NAME"));
-		} else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) {
-            return new Descriptor(IDescriptor.STRING, 
-								  null,
-								  null,
-								  CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS"));
-		} else if (name.equals(CONFIG_LDAP_HOST)) {
-            return new Descriptor(IDescriptor.STRING, 
-								  null,
-								  null,
-								  CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_HOST_NAME"));
-		} else if (name.equals(CONFIG_LDAP_PORT)) {
-            return new Descriptor(IDescriptor.STRING, 
-								  null,
-								  null,
-								  CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_PORT_NUMBER"));
-		} else if (name.equals(CONFIG_LDAP_SEC_CONN)) {
+                            "CMS_PROFILE_SUBJECT_NAME"));
+        } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) {
+            return new Descriptor(IDescriptor.STRING,
+                                  null,
+                                  null,
+                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS"));
+        } else if (name.equals(CONFIG_LDAP_HOST)) {
+            return new Descriptor(IDescriptor.STRING,
+                                  null,
+                                  null,
+                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_HOST_NAME"));
+        } else if (name.equals(CONFIG_LDAP_PORT)) {
+            return new Descriptor(IDescriptor.STRING,
+                                  null,
+                                  null,
+                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_PORT_NUMBER"));
+        } else if (name.equals(CONFIG_LDAP_SEC_CONN)) {
             return new Descriptor(IDescriptor.BOOLEAN,
-								  null, 
-								  "false",
-								  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN"));
-		} else if (name.equals(CONFIG_LDAP_VER)) {
+                                  null,
+                                  "false",
+                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN"));
+        } else if (name.equals(CONFIG_LDAP_VER)) {
             return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS,
                     "3",
                     CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_VERSION"));
-		} else if (name.equals(CONFIG_LDAP_BASEDN)) {
-            return new Descriptor(IDescriptor.STRING, 
-								  null,
-								  null,
-								  CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_BASEDN"));
-		} else if (name.equals(CONFIG_LDAP_MIN_CONN)) {
-            return new Descriptor(IDescriptor.STRING, 
-								  null,
-								  null,
-								  CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_MIN_CONN"));
-		} else if (name.equals(CONFIG_LDAP_MAX_CONN)) {
-            return new Descriptor(IDescriptor.STRING, 
-								  null,
-								  null,
-								  CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_MAX_CONN"));
+        } else if (name.equals(CONFIG_LDAP_BASEDN)) {
+            return new Descriptor(IDescriptor.STRING,
+                                  null,
+                                  null,
+                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_BASEDN"));
+        } else if (name.equals(CONFIG_LDAP_MIN_CONN)) {
+            return new Descriptor(IDescriptor.STRING,
+                                  null,
+                                  null,
+                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_MIN_CONN"));
+        } else if (name.equals(CONFIG_LDAP_MAX_CONN)) {
+            return new Descriptor(IDescriptor.STRING,
+                                  null,
+                                  null,
+                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_MAX_CONN"));
         } else {
             return null;
         }
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
-		CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name="+name);
+        CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name=" + name);
 
         if (name.equals(VAL_NAME)) {
             return new Descriptor(IDescriptor.STRING,
-				null,
-				null,
-				CMS.getUserMessage(locale, 
-					"CMS_PROFILE_SUBJECT_NAME"));
+                    null,
+                    null,
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else {
             return null;
         }
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
 
-			CMS.debug("nsNKeySubjectNameDefault: in setValue, value="+value);
+        CMS.debug("nsNKeySubjectNameDefault: in setValue, value=" + value);
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -201,26 +201,26 @@ public class nsNKeySubjectNameDefault extends EnrollDefault {
             }
             CMS.debug("nsNKeySubjectNameDefault: setValue name=" + x500name);
             try {
-                info.set(X509CertInfo.SUBJECT, 
-                    new CertificateSubjectName(x500name));
+                info.set(X509CertInfo.SUBJECT,
+                        new CertificateSubjectName(x500name));
             } catch (Exception e) {
                 // failed to insert subject name
                 CMS.debug("nsNKeySubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
-		CMS.debug("nsNKeySubjectNameDefault: in getValue, name="+name);
+            X509CertInfo info)
+            throws EPropertyException {
+        CMS.debug("nsNKeySubjectNameDefault: in getValue, name=" + name);
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -235,79 +235,80 @@ public class nsNKeySubjectNameDefault extends EnrollDefault {
             } catch (Exception e) {
                 // nothing
                 CMS.debug("nsNKeySubjectNameDefault: getValue " + e.toString());
-		
+
             }
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
-		CMS.debug("nsNKeySubjectNameDefault: in getText");
-        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", 
+        CMS.debug("nsNKeySubjectNameDefault: in getText");
+        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
                 getConfig(CONFIG_DNPATTERN));
     }
 
-	public void ldapInit()
-	    throws EProfileException {
-		if (mInitialized == true) return;
-
-		CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin");
-
-		try {
-			// cfu - XXX do more error handling here later
-			/* initialize ldap server configuration */
-			mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS);
-			mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP);
-			mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null);
-			mConnFactory = CMS.getLdapAnonConnFactory();
-			mConnFactory.init(mLdapConfig);
-
-			/* initialize dn pattern */
-			String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null);
-
-			if (pattern == null || pattern.length() == 0) 
-				pattern = DEFAULT_DNPATTERN;
-
-			/* initialize ldap string attribute list */
-			String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null);
-
-			if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) {
-				StringTokenizer pAttrs = 
-					new StringTokenizer(ldapStringAttrs, ",", false);
-
-				mLdapStringAttrs = new String[pAttrs.countTokens()];
-
-				for (int i = 0; i < mLdapStringAttrs.length; i++) {
-					mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim();
-				}
-			}
-			CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done");
-			mInitialized = true;
-		} catch (Exception e) {
-			CMS.debug("nsNKeySubjectNameDefault: ldapInit(): "+e.toString());
-			// throw EProfileException...
-            throw new EProfileException("ldap init failure: "+e.toString());
-		}
-	}
+    public void ldapInit()
+            throws EProfileException {
+        if (mInitialized == true)
+            return;
+
+        CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin");
+
+        try {
+            // cfu - XXX do more error handling here later
+            /* initialize ldap server configuration */
+            mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS);
+            mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP);
+            mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null);
+            mConnFactory = CMS.getLdapAnonConnFactory();
+            mConnFactory.init(mLdapConfig);
+
+            /* initialize dn pattern */
+            String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null);
+
+            if (pattern == null || pattern.length() == 0)
+                pattern = DEFAULT_DNPATTERN;
+
+            /* initialize ldap string attribute list */
+            String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null);
+
+            if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) {
+                StringTokenizer pAttrs =
+                        new StringTokenizer(ldapStringAttrs, ",", false);
+
+                mLdapStringAttrs = new String[pAttrs.countTokens()];
+
+                for (int i = 0; i < mLdapStringAttrs.length; i++) {
+                    mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim();
+                }
+            }
+            CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done");
+            mInitialized = true;
+        } catch (Exception e) {
+            CMS.debug("nsNKeySubjectNameDefault: ldapInit(): " + e.toString());
+            // throw EProfileException...
+            throw new EProfileException("ldap init failure: " + e.toString());
+        }
+    }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         X500Name name = null;
-		CMS.debug("nsNKeySubjectNameDefault: in populate");
-		ldapInit();
+        CMS.debug("nsNKeySubjectNameDefault: in populate");
+        ldapInit();
         try {
-			// cfu - this goes to ldap
-			String subjectName = getSubjectName(request);
-			CMS.debug("subjectName=" + subjectName);
-			if (subjectName == null || subjectName.equals(""))
-				return;
+            // cfu - this goes to ldap
+            String subjectName = getSubjectName(request);
+            CMS.debug("subjectName=" + subjectName);
+            if (subjectName == null || subjectName.equals(""))
+                return;
 
             name = new X500Name(subjectName);
         } catch (IOException e) {
@@ -318,55 +319,55 @@ public class nsNKeySubjectNameDefault extends EnrollDefault {
             // failed to build x500 name
         }
         try {
-            info.set(X509CertInfo.SUBJECT, 
-                new CertificateSubjectName(name));
+            info.set(X509CertInfo.SUBJECT,
+                    new CertificateSubjectName(name));
         } catch (Exception e) {
             // failed to insert subject name
             CMS.debug("nsNKeySubjectNameDefault: populate " + e.toString());
         }
     }
 
-	private String getSubjectName(IRequest request)
-		throws EProfileException, IOException {
+    private String getSubjectName(IRequest request)
+            throws EProfileException, IOException {
 
-		CMS.debug("nsNKeySubjectNameDefault: in getSubjectName");
+        CMS.debug("nsNKeySubjectNameDefault: in getSubjectName");
 
-		String pattern = getConfig(CONFIG_DNPATTERN);
-		if (pattern == null || pattern.equals("")) {
-			pattern = " ";
-		}
-		
-		LDAPConnection conn = null;
+        String pattern = getConfig(CONFIG_DNPATTERN);
+        if (pattern == null || pattern.equals("")) {
+            pattern = " ";
+        }
+
+        LDAPConnection conn = null;
         String userdn = null;
-		String sbjname = "";
-		// get DN from ldap to fill request
-		try {
-			if (mConnFactory == null) {
+        String sbjname = "";
+        // get DN from ldap to fill request
+        try {
+            if (mConnFactory == null) {
                 conn = null;
                 CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no LDAP connection");
                 throw new EProfileException("no LDAP connection");
             } else {
                 conn = mConnFactory.getConn();
-                if( conn == null ) {
-                    CMS.debug( "nsNKeySubjectNameDefault::getSubjectName() - " +
-                               "no LDAP connection" );
-                    throw new EProfileException( "no LDAP connection" );
+                if (conn == null) {
+                    CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " +
+                               "no LDAP connection");
+                    throw new EProfileException("no LDAP connection");
                 }
                 CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got LDAP connection");
             }
 
-			if (request != null)  {
-				CMS.debug("pattern = "+pattern);
-				sbjname = mapPattern(request, pattern);
-				CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done");
-			} else {
-                CMS.debug( "nsNKeySubjectNameDefault::getSubjectName() - " +
-                           "request is null!" );
-                throw new EProfileException( "request is null" );
-			}
-			// retrieve the attributes
+            if (request != null) {
+                CMS.debug("pattern = " + pattern);
+                sbjname = mapPattern(request, pattern);
+                CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done");
+            } else {
+                CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " +
+                           "request is null!");
+                throw new EProfileException("request is null");
+            }
+            // retrieve the attributes
             // get user dn.
-			CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = "+ mBaseDN);
+            CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + mBaseDN);
             LDAPSearchResults res = conn.search(mBaseDN,
                     LDAPv2.SCOPE_SUB, "(aoluid=" + request.getExtDataInString("aoluid") + ")", null, false);
 
@@ -378,42 +379,43 @@ public class nsNKeySubjectNameDefault extends EnrollDefault {
                 CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): screen name does not exist");
                 throw new EProfileException("screenname does not exist");
             }
-			CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = "+request.getExtDataInString("aoluid"));;
-
-			LDAPEntry entry = null;
-			CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with "+ mLdapStringAttrs.length +" attributes");
-			LDAPSearchResults results = 
-				conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", 
-							mLdapStringAttrs, false);
-
-			if (!results.hasMoreElements()) {
-				CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes");
-				throw new EProfileException("no ldap attributes found");
-			}
-			entry = results.next();
-			// set attrs into request
+            CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = " + request.getExtDataInString("aoluid"));
+            ;
+
+            LDAPEntry entry = null;
+            CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with " + mLdapStringAttrs.length + " attributes");
+            LDAPSearchResults results =
+                    conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*",
+                            mLdapStringAttrs, false);
+
+            if (!results.hasMoreElements()) {
+                CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes");
+                throw new EProfileException("no ldap attributes found");
+            }
+            entry = results.next();
+            // set attrs into request
             for (int i = 0; i < mLdapStringAttrs.length; i++) {
-               LDAPAttribute la =
-				   entry.getAttribute(mLdapStringAttrs[i]);
-			   if (la != null) {
-				   String[] sla = la.getStringValueArray();
-				   			CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: "+sla[0]);
-				   request.setExtData(mLdapStringAttrs[i], sla[0]);
-			   }
+                LDAPAttribute la =
+                        entry.getAttribute(mLdapStringAttrs[i]);
+                if (la != null) {
+                    String[] sla = la.getStringValueArray();
+                    CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: " + sla[0]);
+                    request.setExtData(mLdapStringAttrs[i], sla[0]);
+                }
             }
-			CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request");
-		} catch (Exception e) {
-			CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): "+e.toString());
-            throw new EProfileException("getSubjectName() failure: "+e.toString());
-		} finally {
-			try {
-				if (conn != null)
-					mConnFactory.returnConn(conn);
-			} catch  (Exception e) {
-				throw new EProfileException("nsNKeySubjectNameDefault: getSubjectName(): connection return failure");
-			}
-		}
-		return sbjname;
-
-	}
+            CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request");
+        } catch (Exception e) {
+            CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): " + e.toString());
+            throw new EProfileException("getSubjectName() failure: " + e.toString());
+        } finally {
+            try {
+                if (conn != null)
+                    mConnFactory.returnConn(conn);
+            } catch (Exception e) {
+                throw new EProfileException("nsNKeySubjectNameDefault: getSubjectName(): connection return failure");
+            }
+        }
+        return sbjname;
+
+    }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java
index 030470b3..77fa417f 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java
@@ -37,7 +37,7 @@ import com.netscape.certsrv.request.IRequest;
  * This class implements an enrollment default policy
  * that populates server-side configurable subject name
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
@@ -49,7 +49,7 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
 
     /* default dn pattern if left blank or not set in the config */
     protected static String DEFAULT_DNPATTERN =
-	"Token Key Device - $request.tokencuid$";
+            "Token Key Device - $request.tokencuid$";
 
     protected IConfigStore mParamsConfig;
 
@@ -61,43 +61,43 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-	CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name="+ name);
-        if (name.equals(CONFIG_DNPATTERN)) { 
-            return new Descriptor(IDescriptor.STRING, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name=" + name);
+        if (name.equals(CONFIG_DNPATTERN)) {
+            return new Descriptor(IDescriptor.STRING,
                     null, null, CMS.getUserMessage(locale,
-                        "CMS_PROFILE_SUBJECT_NAME"));
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else {
             return null;
         }
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
-	CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name="+name);
+        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name=" + name);
 
         if (name.equals(VAL_NAME)) {
             return new Descriptor(IDescriptor.STRING,
-				null,
-				null,
-				CMS.getUserMessage(locale, 
-					"CMS_PROFILE_SUBJECT_NAME"));
+                    null,
+                    null,
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else {
             return null;
         }
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
 
-	CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value="+value);
+        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value=" + value);
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -111,27 +111,26 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
             }
             CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue name=" + x500name);
             try {
-                info.set(X509CertInfo.SUBJECT, 
-                    new CertificateSubjectName(x500name));
+                info.set(X509CertInfo.SUBJECT,
+                        new CertificateSubjectName(x500name));
             } catch (Exception e) {
                 // failed to insert subject name
                 CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException
-    {
-	CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name="+name);
+            X509CertInfo info)
+            throws EPropertyException {
+        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name=" + name);
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -146,19 +145,19 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
             } catch (Exception e) {
                 // nothing
                 CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue " + e.toString());
-		
+
             }
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
-	CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText");
-        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", 
+        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText");
+        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
                 getConfig(CONFIG_DNPATTERN));
     }
 
@@ -166,15 +165,15 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         X500Name name = null;
-	CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate");
+        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate");
 
         try {
-	    String subjectName = getSubjectName(request);
+            String subjectName = getSubjectName(request);
             CMS.debug("subjectName=" + subjectName);
             if (subjectName == null || subjectName.equals(""))
-		return;
+                return;
 
             name = new X500Name(subjectName);
         } catch (IOException e) {
@@ -185,8 +184,8 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
             // failed to build x500 name
         }
         try {
-            info.set(X509CertInfo.SUBJECT, 
-                new CertificateSubjectName(name));
+            info.set(X509CertInfo.SUBJECT,
+                    new CertificateSubjectName(name));
         } catch (Exception e) {
             // failed to insert subject name
             CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + e.toString());
@@ -194,23 +193,23 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
     }
 
     private String getSubjectName(IRequest request)
-	throws EProfileException, IOException {
+            throws EProfileException, IOException {
 
-	CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName");
+        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName");
 
-	String pattern = getConfig(CONFIG_DNPATTERN);
-	if (pattern == null || pattern.equals("")) {
-	    pattern = " ";
-	}
-		
-	String sbjname = "";
+        String pattern = getConfig(CONFIG_DNPATTERN);
+        if (pattern == null || pattern.equals("")) {
+            pattern = " ";
+        }
 
-	if (request != null)  {
-	    CMS.debug("pattern = "+pattern);
-	    sbjname = mapPattern(request, pattern);
-	    CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done");
-	}
+        String sbjname = "";
+
+        if (request != null) {
+            CMS.debug("pattern = " + pattern);
+            sbjname = mapPattern(request, pattern);
+            CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done");
+        }
 
-	    return sbjname;
+        return sbjname;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java
index ac98a0cb..8f975941 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java
@@ -45,7 +45,7 @@ import com.netscape.certsrv.request.IRequest;
  * This class implements an enrollment default policy
  * that populates server-side configurable subject name
  * into the certificate template.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
@@ -66,12 +66,12 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
 
     public static final String VAL_NAME = "name";
 
-    public static final String CONFIG_LDAP_VERS = 
-      "2,3";
+    public static final String CONFIG_LDAP_VERS =
+            "2,3";
 
     /* default dn pattern if left blank or not set in the config */
-    protected static String DEFAULT_DNPATTERN = 
-        "CN=$request.uid$, E=$request.mail$";
+    protected static String DEFAULT_DNPATTERN =
+            "CN=$request.uid$, E=$request.mail$";
 
     /* ldap configuration sub-store */
     boolean mldapInitialized = false;
@@ -118,93 +118,93 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         mInstConfig = config;
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name="+ name);
-        if (name.equals(CONFIG_DNPATTERN)) { 
-            return new Descriptor(IDescriptor.STRING, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name=" + name);
+        if (name.equals(CONFIG_DNPATTERN)) {
+            return new Descriptor(IDescriptor.STRING,
                     null, null, CMS.getUserMessage(locale,
-                        "CMS_PROFILE_SUBJECT_NAME"));
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) {
-            return new Descriptor(IDescriptor.STRING, 
-                null,
-                null,
-                CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS"));
+            return new Descriptor(IDescriptor.STRING,
+                    null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS"));
         } else if (name.equals(CONFIG_LDAP_ENABLE)) {
-            return new Descriptor(IDescriptor.STRING, 
-                null,
-                null,
-                CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_ENABLE"));
+            return new Descriptor(IDescriptor.STRING,
+                    null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_ENABLE"));
         } else if (name.equals(CONFIG_LDAP_SEARCH_NAME)) {
-            return new Descriptor(IDescriptor.STRING, 
-                null,
-                null,
-                CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME"));
+            return new Descriptor(IDescriptor.STRING,
+                    null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME"));
         } else if (name.equals(CONFIG_LDAP_HOST)) {
-            return new Descriptor(IDescriptor.STRING, 
-                null,
-                null,
-                CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME"));
+            return new Descriptor(IDescriptor.STRING,
+                    null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME"));
         } else if (name.equals(CONFIG_LDAP_PORT)) {
-            return new Descriptor(IDescriptor.STRING, 
-                null,
-                null,
-                CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER"));
+            return new Descriptor(IDescriptor.STRING,
+                    null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER"));
         } else if (name.equals(CONFIG_LDAP_SEC_CONN)) {
             return new Descriptor(IDescriptor.BOOLEAN,
-                null, 
-                "false",
-                CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN"));
+                    null,
+                    "false",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN"));
         } else if (name.equals(CONFIG_LDAP_VER)) {
             return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS,
                     "3",
                     CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_VERSION"));
         } else if (name.equals(CONFIG_LDAP_BASEDN)) {
-            return new Descriptor(IDescriptor.STRING, 
-                null,
-                null,
-                CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_BASEDN"));
+            return new Descriptor(IDescriptor.STRING,
+                    null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_BASEDN"));
         } else if (name.equals(CONFIG_LDAP_MIN_CONN)) {
-            return new Descriptor(IDescriptor.STRING, 
-                null,
-                null,
-            CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN"));
+            return new Descriptor(IDescriptor.STRING,
+                    null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN"));
         } else if (name.equals(CONFIG_LDAP_MAX_CONN)) {
-            return new Descriptor(IDescriptor.STRING, 
-                null,
-                null,
-                CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN"));
+            return new Descriptor(IDescriptor.STRING,
+                    null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN"));
         } else {
             return null;
         }
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
-        CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name="+name);
+        CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name=" + name);
 
         if (name.equals(VAL_NAME)) {
             return new Descriptor(IDescriptor.STRING,
-                null,
-                null,
-                CMS.getUserMessage(locale, 
-                  "CMS_PROFILE_SUBJECT_NAME"));
+                    null,
+                    null,
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else {
             return null;
         }
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
 
-        CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value="+value);
+        CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value=" + value);
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -218,26 +218,26 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
             }
             CMS.debug("nsTokenUserKeySubjectNameDefault: setValue name=" + x500name);
             try {
-                info.set(X509CertInfo.SUBJECT, 
-                    new CertificateSubjectName(x500name));
+                info.set(X509CertInfo.SUBJECT,
+                        new CertificateSubjectName(x500name));
             } catch (Exception e) {
                 // failed to insert subject name
                 CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
-        CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name="+name);
+            X509CertInfo info)
+            throws EPropertyException {
+        CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name=" + name);
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -254,76 +254,77 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
                 CMS.debug("nsTokenUserKeySubjectNameDefault: getValue " + e.toString());
 
             }
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
         CMS.debug("nsTokenUserKeySubjectNameDefault: in getText");
-        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", 
+        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
                 getConfig(CONFIG_DNPATTERN));
     }
 
     public void ldapInit()
-        throws EProfileException {
-        if (mldapInitialized == true) return;
+            throws EProfileException {
+        if (mldapInitialized == true)
+            return;
 
         CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): begin");
 
         try {
-          // cfu - XXX do more error handling here later
-          /* initialize ldap server configuration */
-          mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS);
-          mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP);
-          mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE,
-            false);
-          if (mldapEnabled == false)
-            return;
+            // cfu - XXX do more error handling here later
+            /* initialize ldap server configuration */
+            mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS);
+            mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP);
+            mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE,
+                    false);
+            if (mldapEnabled == false)
+                return;
 
-          mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null);
-          mConnFactory = CMS.getLdapAnonConnFactory();
-          mConnFactory.init(mLdapConfig);
+            mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null);
+            mConnFactory = CMS.getLdapAnonConnFactory();
+            mConnFactory.init(mLdapConfig);
 
-          /* initialize dn pattern */
-          String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null);
+            /* initialize dn pattern */
+            String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null);
 
-          if (pattern == null || pattern.length() == 0) 
-              pattern = DEFAULT_DNPATTERN;
+            if (pattern == null || pattern.length() == 0)
+                pattern = DEFAULT_DNPATTERN;
 
-          /* initialize ldap string attribute list */
-          String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null);
+            /* initialize ldap string attribute list */
+            String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null);
 
-          if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) {
-            StringTokenizer pAttrs = 
-                new StringTokenizer(ldapStringAttrs, ",", false);
+            if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) {
+                StringTokenizer pAttrs =
+                        new StringTokenizer(ldapStringAttrs, ",", false);
 
-            mLdapStringAttrs = new String[pAttrs.countTokens()];
+                mLdapStringAttrs = new String[pAttrs.countTokens()];
 
-            for (int i = 0; i < mLdapStringAttrs.length; i++) {
-                mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim();
+                for (int i = 0; i < mLdapStringAttrs.length; i++) {
+                    mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim();
+                }
             }
-          }
-          CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done");
-          mldapInitialized = true;
+            CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done");
+            mldapInitialized = true;
         } catch (Exception e) {
-          CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): "+e.toString());
-          // throw EProfileException...
-          throw new EProfileException("ldap init failure: "+e.toString());
+            CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): " + e.toString());
+            // throw EProfileException...
+            throw new EProfileException("ldap init failure: " + e.toString());
         }
-      }
+    }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         X500Name name = null;
         CMS.debug("nsTokenUserKeySubjectNameDefault: in populate");
-ldapInit();
+        ldapInit();
         try {
             // cfu - this goes to ldap
             String subjectName = getSubjectName(request);
@@ -340,8 +341,8 @@ ldapInit();
             // failed to build x500 name
         }
         try {
-            info.set(X509CertInfo.SUBJECT, 
-                new CertificateSubjectName(name));
+            info.set(X509CertInfo.SUBJECT,
+                    new CertificateSubjectName(name));
         } catch (Exception e) {
             // failed to insert subject name
             CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + e.toString());
@@ -349,7 +350,7 @@ ldapInit();
     }
 
     private String getSubjectName(IRequest request)
-        throws EProfileException, IOException {
+            throws EProfileException, IOException {
 
         CMS.debug("nsTokenUserKeySubjectNameDefault: in getSubjectName");
 
@@ -360,10 +361,10 @@ ldapInit();
         String sbjname = "";
 
         if (mldapInitialized == false) {
-            if (request != null)  {
-              CMS.debug("pattern = "+pattern);
-              sbjname = mapPattern(request, pattern);
-              CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done");
+            if (request != null) {
+                CMS.debug("pattern = " + pattern);
+                sbjname = mapPattern(request, pattern);
+                CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done");
             }
             return sbjname;
         }
@@ -384,34 +385,34 @@ ldapInit();
                 throw new EProfileException("no LDAP connection");
             } else {
                 conn = mConnFactory.getConn();
-                if( conn == null ) {
-                    CMS.debug( "nsTokenUserKeySubjectNameDefault::getSubjectName() - " +
-                               "no LDAP connection" );
-                    throw new EProfileException( "no LDAP connection" );
+                if (conn == null) {
+                    CMS.debug("nsTokenUserKeySubjectNameDefault::getSubjectName() - " +
+                               "no LDAP connection");
+                    throw new EProfileException("no LDAP connection");
                 }
                 CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got LDAP connection");
             }
             // retrieve the attributes
             // get user dn.
-            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = "+ mBaseDN);
+            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + mBaseDN);
             LDAPSearchResults res = conn.search(mBaseDN,
-                    LDAPv2.SCOPE_SUB, "("+ searchName + "=" + request.getExtDataInString("uid") + ")", null, false);
+                    LDAPv2.SCOPE_SUB, "(" + searchName + "=" + request.getExtDataInString("uid") + ")", null, false);
 
             if (res.hasMoreElements()) {
                 LDAPEntry entry = res.next();
 
                 userdn = entry.getDN();
             } else {// put into property file later - cfu
-                CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "+ searchName + " does not exist");
+                CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + searchName + " does not exist");
                 throw new EProfileException("id does not exist");
             }
-            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for "+searchName + " = "+request.getExtDataInString("uid"));
+            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for " + searchName + " = " + request.getExtDataInString("uid"));
 
             LDAPEntry entry = null;
-            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with "+ mLdapStringAttrs.length +" attributes");
-            LDAPSearchResults results = 
-            conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", 
-            mLdapStringAttrs, false);
+            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with " + mLdapStringAttrs.length + " attributes");
+            LDAPSearchResults results =
+                    conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*",
+                            mLdapStringAttrs, false);
 
             if (!results.hasMoreElements()) {
                 CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): no attributes");
@@ -420,28 +421,28 @@ ldapInit();
             entry = results.next();
             // set attrs into request
             for (int i = 0; i < mLdapStringAttrs.length; i++) {
-               LDAPAttribute la =
-                   entry.getAttribute(mLdapStringAttrs[i]);
-               if (la != null) {
-                   String[] sla = la.getStringValueArray();
-                   CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: "+mLdapStringAttrs[i]+
-                       "=" + escapeValueRfc1779(sla[0], false).toString());
-                       request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString());
-               }
+                LDAPAttribute la =
+                        entry.getAttribute(mLdapStringAttrs[i]);
+                if (la != null) {
+                    String[] sla = la.getStringValueArray();
+                    CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: " + mLdapStringAttrs[i] +
+                            "=" + escapeValueRfc1779(sla[0], false).toString());
+                    request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString());
+                }
             }
-            CMS.debug("pattern = "+pattern);
-			sbjname = mapPattern(request, pattern);
-			CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done");
+            CMS.debug("pattern = " + pattern);
+            sbjname = mapPattern(request, pattern);
+            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done");
             CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): attributes set in request");
 
         } catch (Exception e) {
-            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "+e.toString());
-            throw new EProfileException("getSubjectName() failure: "+e.toString());
+            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + e.toString());
+            throw new EProfileException("getSubjectName() failure: " + e.toString());
         } finally {
             try {
                 if (conn != null)
                     mConnFactory.returnConn(conn);
-            } catch  (Exception e) {
+            } catch (Exception e) {
                 throw new EProfileException("nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure");
             }
         }
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java
index d067f1e6..77d4b1ce 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.X509CertInfo;
@@ -35,23 +34,21 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This class implements the certificate request input.
  * This input populates 2 main fields to the enrollment page:
  * 1/ Certificate Request Type, 2/ Certificate Request
  * <p>
  * 
- * This input usually is used by an enrollment profile for
- * certificate requests.
- *
+ * This input usually is used by an enrollment profile for certificate requests.
+ * 
  * @version $Revision$, $Date$
  */
-public class CMCCertReqInput extends EnrollInput implements IProfileInput { 
-    public static final String VAL_CERT_REQUEST_TYPE = 
-        EnrollProfile.CTX_CERT_REQUEST_TYPE;
+public class CMCCertReqInput extends EnrollInput implements IProfileInput {
+    public static final String VAL_CERT_REQUEST_TYPE =
+            EnrollProfile.CTX_CERT_REQUEST_TYPE;
     public static final String VAL_CERT_REQUEST =
-        EnrollProfile.CTX_CERT_REQUEST;
+            EnrollProfile.CTX_CERT_REQUEST;
 
     public EnrollProfile mEnrollProfile = null;
 
@@ -63,7 +60,7 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
 
         mEnrollProfile = (EnrollProfile) profile;
@@ -87,22 +84,22 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         String cert_request = ctx.get(VAL_CERT_REQUEST);
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
 
         TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request);
 
         if (msgs == null) {
-            return; 
+            return;
         }
         // This profile only handle the first request in CRMF
         Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
         if (seqNum == null) {
-           throw new EProfileException(
-            CMS.getUserMessage(getLocale(request),
-                "CMS_PROFILE_UNKNOWN_SEQ_NUM")); 
+            throw new EProfileException(
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
         }
 
         mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request);
@@ -118,8 +115,8 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput {
             return new Descriptor(IDescriptor.CERT_REQUEST, null,
                     null,
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_INPUT_CERT_REQ"));
-        } 
+                            "CMS_PROFILE_INPUT_CERT_REQ"));
+        }
         return null;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java
index 12a4f549..0b7e9f07 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import netscape.security.pkcs.PKCS10;
@@ -38,23 +37,21 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This class implements the certificate request input.
  * This input populates 2 main fields to the enrollment page:
  * 1/ Certificate Request Type, 2/ Certificate Request
  * <p>
  * 
- * This input usually is used by an enrollment profile for
- * certificate requests.
- *
+ * This input usually is used by an enrollment profile for certificate requests.
+ * 
  * @version $Revision$, $Date$
  */
-public class CertReqInput extends EnrollInput implements IProfileInput { 
-    public static final String VAL_CERT_REQUEST_TYPE = 
-        EnrollProfile.CTX_CERT_REQUEST_TYPE;
+public class CertReqInput extends EnrollInput implements IProfileInput {
+    public static final String VAL_CERT_REQUEST_TYPE =
+            EnrollProfile.CTX_CERT_REQUEST_TYPE;
     public static final String VAL_CERT_REQUEST =
-        EnrollProfile.CTX_CERT_REQUEST;
+            EnrollProfile.CTX_CERT_REQUEST;
 
     public EnrollProfile mEnrollProfile = null;
 
@@ -67,7 +64,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
 
         mEnrollProfile = (EnrollProfile) profile;
@@ -91,19 +88,19 @@ public class CertReqInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         String cert_request_type = ctx.get(VAL_CERT_REQUEST_TYPE);
         String cert_request = ctx.get(VAL_CERT_REQUEST);
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
 
         if (cert_request_type == null) {
-            CMS.debug("CertReqInput: populate - invalid cert request type " + 
-                "");
+            CMS.debug("CertReqInput: populate - invalid cert request type " +
+                    "");
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", 
-                        ""));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
+                            ""));
         }
 
         if (cert_request_type.equals(EnrollProfile.REQ_TYPE_PKCS10)) {
@@ -114,7 +111,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput {
                             getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
             }
 
-            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);	
+            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);
         } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) {
             DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), cert_request);
 
@@ -138,7 +135,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput {
             Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
 
             mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request
-            );
+                    );
         } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) {
             TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request);
 
@@ -148,21 +145,21 @@ public class CertReqInput extends EnrollInput implements IProfileInput {
             }
             // This profile only handle the first request in CRMF
             Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
-            if (seqNum == null) { 
-                throw new EProfileException( 
-                   CMS.getUserMessage(getLocale(request), 
-                   "CMS_PROFILE_UNKNOWN_SEQ_NUM")); 
+            if (seqNum == null) {
+                throw new EProfileException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
             }
 
             mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request);
         } else {
             // error
-            CMS.debug("CertReqInput: populate - invalid cert request type " + 
-                cert_request_type);
+            CMS.debug("CertReqInput: populate - invalid cert request type " +
+                    cert_request_type);
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", 
-                        cert_request_type));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
+                            cert_request_type));
         }
         request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
     }
@@ -176,12 +173,12 @@ public class CertReqInput extends EnrollInput implements IProfileInput {
             return new Descriptor(IDescriptor.CERT_REQUEST_TYPE, null,
                     null,
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_INPUT_CERT_REQ_TYPE"));
+                            "CMS_PROFILE_INPUT_CERT_REQ_TYPE"));
         } else if (name.equals(VAL_CERT_REQUEST)) {
             return new Descriptor(IDescriptor.CERT_REQUEST, null,
                     null,
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_INPUT_CERT_REQ"));
+                            "CMS_PROFILE_INPUT_CERT_REQ"));
         }
         return null;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java
index b887807c..18b9ecf5 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import netscape.security.pkcs.PKCS10;
@@ -37,26 +36,24 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This class implements the dual key generation input.
- * This input populates parameters to the enrollment 
- * pages so that a CRMF request containing 2 certificate 
+ * This input populates parameters to the enrollment
+ * pages so that a CRMF request containing 2 certificate
  * requests will be generated.
  * <p>
- *
- * This input can only be used with Netscape 7.x or later
- * clients.
+ * 
+ * This input can only be used with Netscape 7.x or later clients.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class DualKeyGenInput extends EnrollInput implements IProfileInput { 
+public class DualKeyGenInput extends EnrollInput implements IProfileInput {
 
-    public static final String VAL_KEYGEN_REQUEST_TYPE = 
-        EnrollProfile.CTX_CERT_REQUEST_TYPE;
-    public static final String VAL_KEYGEN_REQUEST = 
-        EnrollProfile.CTX_CERT_REQUEST;
+    public static final String VAL_KEYGEN_REQUEST_TYPE =
+            EnrollProfile.CTX_CERT_REQUEST_TYPE;
+    public static final String VAL_KEYGEN_REQUEST =
+            EnrollProfile.CTX_CERT_REQUEST;
 
     public EnrollProfile mEnrollProfile = null;
 
@@ -69,7 +66,7 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         mEnrollProfile = (EnrollProfile) profile;
     }
@@ -92,29 +89,29 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE);
         String keygen_request = ctx.get(VAL_KEYGEN_REQUEST);
 
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
 
         if (keygen_request_type == null) {
             CMS.debug("DualKeyGenInput: populate - invalid cert request type " +
-                "");
+                    "");
             throw new EProfileException(
                     CMS.getUserMessage(getLocale(request),
-                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
-                        ""));
+                            "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
+                            ""));
         }
         if (keygen_request_type.startsWith("pkcs10")) {
             PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
 
-            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);	
+            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);
         } else if (keygen_request_type.startsWith("keygen")) {
             DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request);
 
-            mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);	
+            mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);
         } else if (keygen_request_type.startsWith("crmf")) {
             CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request);
 
@@ -128,20 +125,20 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput {
             // This profile only handle the first request in CRMF
             Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
 
-            if (seqNum == null) { 
-                throw new EProfileException( 
-                    CMS.getUserMessage(getLocale(request), 
-                    "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
+            if (seqNum == null) {
+                throw new EProfileException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
             }
 
             mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request);
         } else {
             // error
-            CMS.debug("DualKeyGenInput: populate - " + 
-                "invalid cert request type " + keygen_request_type);
+            CMS.debug("DualKeyGenInput: populate - " +
+                    "invalid cert request type " + keygen_request_type);
             throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request), 
-                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", 
+                        getLocale(request),
+                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
                         keygen_request_type));
         }
         request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java
index 1eaf476b..db394578 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -41,16 +40,15 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This class implements the base enrollment input.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public abstract class EnrollInput implements IProfileInput { 
+public abstract class EnrollInput implements IProfileInput {
 
     private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION =
-        "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
+            "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
 
     protected IConfigStore mConfig = null;
     protected Vector mValueNames = new Vector();
@@ -58,12 +56,12 @@ public abstract class EnrollInput implements IProfileInput {
     protected IProfile mProfile = null;
 
     protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
- 
+
     /**
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         mConfig = config;
         mProfile = profile;
     }
@@ -74,17 +72,17 @@ public abstract class EnrollInput implements IProfileInput {
 
     /**
      * Populates the request with this policy default.
-     *
+     * 
      * @param ctx profile context
      * @param request request
      * @exception EProfileException failed to populate
      */
     public abstract void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves the localizable name of this policy.
-     *
+     * 
      * @param locale user locale
      * @return localized input name
      */
@@ -92,7 +90,7 @@ public abstract class EnrollInput implements IProfileInput {
 
     /**
      * Retrieves the localizable description of this policy.
-     *
+     * 
      * @param locale user locale
      * @return localized input description
      */
@@ -101,14 +99,13 @@ public abstract class EnrollInput implements IProfileInput {
     /**
      * Retrieves the descriptor of the given value
      * property by name.
-     *
+     * 
      * @param locale user locale
      * @param name property name
      * @return descriptor of the property
      */
     public abstract IDescriptor getValueDescriptor(Locale locale, String name);
 
-
     public void addValueName(String name) {
         mValueNames.addElement(name);
     }
@@ -129,7 +126,7 @@ public abstract class EnrollInput implements IProfileInput {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (mConfig.getSubStore("params") == null) {
             //
         } else {
@@ -141,7 +138,7 @@ public abstract class EnrollInput implements IProfileInput {
         try {
             if (mConfig == null) {
                 return null;
-	    }
+            }
             if (mConfig.getSubStore("params") != null) {
                 return mConfig.getSubStore("params").getString(name);
             }
@@ -155,7 +152,7 @@ public abstract class EnrollInput implements IProfileInput {
     }
 
     public String getValue(String name, Locale locale, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         return request.getExtDataInString(name);
     }
 
@@ -163,7 +160,7 @@ public abstract class EnrollInput implements IProfileInput {
      * Sets the value of the given value parameter by name.
      */
     public void setValue(String name, Locale locale, IRequest request,
-        String value) throws EPropertyException {
+            String value) throws EPropertyException {
         request.setExtData(name, value);
     }
 
@@ -181,16 +178,16 @@ public abstract class EnrollInput implements IProfileInput {
         return null;
     }
 
-    public void verifyPOP(Locale locale, CertReqMsg certReqMsg) 
-        throws EProfileException {
-        CMS.debug("EnrollInput ::in verifyPOP"); 
+    public void verifyPOP(Locale locale, CertReqMsg certReqMsg)
+            throws EProfileException {
+        CMS.debug("EnrollInput ::in verifyPOP");
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
-        if (!certReqMsg.hasPop()) { 
+        if (!certReqMsg.hasPop()) {
             CMS.debug("CertReqMsg has not POP, return");
-            return; 
+            return;
         }
         ProofOfPossession pop = certReqMsg.getPop();
         ProofOfPossession.Type popType = pop.getType();
@@ -202,8 +199,8 @@ public abstract class EnrollInput implements IProfileInput {
 
         try {
             if (CMS.getConfigStore().getBoolean("cms.skipPOPVerify", false)) {
-              CMS.debug("skipPOPVerify on, return");
-              return;
+                CMS.debug("skipPOPVerify on, return");
+                return;
             }
             CMS.debug("POP verification begins:");
             CryptoManager cm = CryptoManager.getInstance();
@@ -214,42 +211,42 @@ public abstract class EnrollInput implements IProfileInput {
                 CMS.debug("POP verification using internal token");
                 certReqMsg.verify();
             } else {
-                CMS.debug("POP verification using token:"+ tokenName);
+                CMS.debug("POP verification using token:" + tokenName);
                 verifyToken = cm.getTokenByName(tokenName);
                 certReqMsg.verify(verifyToken);
             }
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-              LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-              auditSubjectID,
-              ILogger.SUCCESS );
-            audit( auditMessage );
+                    LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+                    auditSubjectID,
+                    ILogger.SUCCESS);
+            audit(auditMessage);
         } catch (Exception e) {
 
-            CMS.debug("Failed POP verify! "+e.toString());
+            CMS.debug("Failed POP verify! " + e.toString());
             CMS.debug(e);
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-              LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-              auditSubjectID,
-              ILogger.FAILURE );
+                    LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+                    auditSubjectID,
+                    ILogger.FAILURE);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
-            throw new EProfileException(CMS.getUserMessage(locale, 
+            throw new EProfileException(CMS.getUserMessage(locale,
                         "CMS_POP_VERIFICATION_ERROR"));
         }
     }
 
     /**
      * Signed Audit Log
-     *
+     * 
      * This method is inherited by all extended "CMSServlet"s,
      * and is called to store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
     protected void audit(String msg) {
@@ -261,20 +258,20 @@ public abstract class EnrollInput implements IProfileInput {
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     /**
      * Signed Audit Log Subject ID
-     *
+     * 
      * This method is inherited by all extended "CMSServlet"s,
      * and is called to obtain the "SubjectID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message SubjectID
      */
     protected String auditSubjectID() {
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java
index 70ede1e2..41a0ff1f 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.io.BufferedInputStream;
 import java.net.URL;
 import java.net.URLConnection;
@@ -34,15 +33,14 @@ import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements the image
  * input that collects a picture.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class FileSigningInput extends EnrollInput implements IProfileInput { 
+public class FileSigningInput extends EnrollInput implements IProfileInput {
 
     public static final String URL = "file_signing_url";
     public static final String TEXT = "file_signing_text";
@@ -59,7 +57,7 @@ public class FileSigningInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -77,13 +75,12 @@ public class FileSigningInput extends EnrollInput implements IProfileInput {
         return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT");
     }
 
-    public String toHexString(byte data[]) 
-    {
+    public String toHexString(byte data[]) {
         StringBuffer sb = new StringBuffer();
         for (int i = 0; i < data.length; i++) {
             int v = data[i] & 0xff;
             if (v <= 9) {
-              sb.append("0");
+                sb.append("0");
             }
             sb.append(Integer.toHexString(v));
         }
@@ -94,36 +91,36 @@ public class FileSigningInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         request.setExtData(TEXT, ctx.get(TEXT));
         request.setExtData(URL, ctx.get(URL));
         request.setExtData(DIGEST_TYPE, "SHA256");
- 
+
         try {
-          // retrieve file and calculate the hash
-          URL url = new URL(ctx.get(URL));
-          URLConnection c = url.openConnection();
-          c.setAllowUserInteraction(false);
-          c.setDoInput(true);
-          c.setDoOutput(false);
-          c.setUseCaches(false);
-          c.connect();
-          int len = c.getContentLength();
-          request.setExtData(SIZE, Integer.toString(len));
-  	  BufferedInputStream is = new BufferedInputStream(c.getInputStream());
-          byte data[] = new byte[len];
-          is.read(data, 0, len);
-          is.close();
+            // retrieve file and calculate the hash
+            URL url = new URL(ctx.get(URL));
+            URLConnection c = url.openConnection();
+            c.setAllowUserInteraction(false);
+            c.setDoInput(true);
+            c.setDoOutput(false);
+            c.setUseCaches(false);
+            c.connect();
+            int len = c.getContentLength();
+            request.setExtData(SIZE, Integer.toString(len));
+            BufferedInputStream is = new BufferedInputStream(c.getInputStream());
+            byte data[] = new byte[len];
+            is.read(data, 0, len);
+            is.close();
 
-          // calculate digest
-          MessageDigest digester = MessageDigest.getInstance("SHA256");
-          byte digest[] = digester.digest(data);
-          request.setExtData(DIGEST, toHexString(digest));
-        } catch (Exception e) { 
-               CMS.debug("FileSigningInput populate failure " + e);
-               throw new EProfileException( 
-                  CMS.getUserMessage(getLocale(request), 
-                  "CMS_PROFILE_FILE_NOT_FOUND"));
+            // calculate digest
+            MessageDigest digester = MessageDigest.getInstance("SHA256");
+            byte digest[] = digester.digest(data);
+            request.setExtData(DIGEST, toHexString(digest));
+        } catch (Exception e) {
+            CMS.debug("FileSigningInput populate failure " + e);
+            throw new EProfileException(
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_FILE_NOT_FOUND"));
         }
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java
index 5aa85e0e..029e497f 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -32,14 +31,13 @@ import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements a generic input.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class GenericInput extends EnrollInput implements IProfileInput { 
+public class GenericInput extends EnrollInput implements IProfileInput {
 
     public static final String CONFIG_NUM = "gi_num";
     public static final String CONFIG_DISPLAY_NAME = "gi_display_name";
@@ -49,12 +47,12 @@ public class GenericInput extends EnrollInput implements IProfileInput {
     public static final int DEF_NUM = 5;
 
     public GenericInput() {
-      int num = getNum();
-      for (int i = 0; i < num; i++) {
-        addConfigName(CONFIG_PARAM_NAME + i);
-        addConfigName(CONFIG_DISPLAY_NAME + i);
-        addConfigName(CONFIG_ENABLE + i);
-      }
+        int num = getNum();
+        for (int i = 0; i < num; i++) {
+            addConfigName(CONFIG_PARAM_NAME + i);
+            addConfigName(CONFIG_DISPLAY_NAME + i);
+            addConfigName(CONFIG_ENABLE + i);
+        }
     }
 
     protected int getNum() {
@@ -75,7 +73,7 @@ public class GenericInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -97,48 +95,48 @@ public class GenericInput extends EnrollInput implements IProfileInput {
      * Returns selected value names based on the configuration.
      */
     public Enumeration getValueNames() {
-         Vector v = new Vector();
-         int num = getNum();
-         for (int i = 0; i < num; i++) {
-             String enable = getConfig(CONFIG_ENABLE + i);
-             if (enable != null && enable.equals("true")) {
-               v.addElement(getConfig(CONFIG_PARAM_NAME + i));
-             }
-         }
-         return v.elements();
+        Vector v = new Vector();
+        int num = getNum();
+        for (int i = 0; i < num; i++) {
+            String enable = getConfig(CONFIG_ENABLE + i);
+            if (enable != null && enable.equals("true")) {
+                v.addElement(getConfig(CONFIG_PARAM_NAME + i));
+            }
+        }
+        return v.elements();
     }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         int num = getNum();
         for (int i = 0; i < num; i++) {
-             String enable = getConfig(CONFIG_ENABLE + i);
-             if (enable != null && enable.equals("true")) {
+            String enable = getConfig(CONFIG_ENABLE + i);
+            if (enable != null && enable.equals("true")) {
                 String param = getConfig(CONFIG_PARAM_NAME + i);
                 request.setExtData(param, ctx.get(param));
-             }
+            }
         }
     }
 
     public IDescriptor getConfigDescriptor(Locale locale, String name) {
         int num = getNum();
         for (int i = 0; i < num; i++) {
-          if (name.equals(CONFIG_PARAM_NAME + i)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") + i);
-          } else if (name.equals(CONFIG_DISPLAY_NAME + i)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_GI_DISPLAY_NAME") + i);
-          } else if (name.equals(CONFIG_ENABLE + i)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i);
-          }
+            if (name.equals(CONFIG_PARAM_NAME + i)) {
+                return new Descriptor(IDescriptor.STRING, null,
+                        null,
+                        CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") + i);
+            } else if (name.equals(CONFIG_DISPLAY_NAME + i)) {
+                return new Descriptor(IDescriptor.STRING, null,
+                        null,
+                        CMS.getUserMessage(locale, "CMS_PROFILE_GI_DISPLAY_NAME") + i);
+            } else if (name.equals(CONFIG_ENABLE + i)) {
+                return new Descriptor(IDescriptor.BOOLEAN, null,
+                        "false",
+                        CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i);
+            }
         } // for
         return null;
     }
@@ -150,12 +148,12 @@ public class GenericInput extends EnrollInput implements IProfileInput {
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         int num = getNum();
         for (int i = 0; i < num; i++) {
-             String param = getConfig(CONFIG_PARAM_NAME + i);
-             if (param != null && param.equals(name)) {
-               return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    getConfig(CONFIG_DISPLAY_NAME + i));
-             }
+            String param = getConfig(CONFIG_PARAM_NAME + i);
+            if (param != null && param.equals(name)) {
+                return new Descriptor(IDescriptor.STRING, null,
+                        null,
+                        getConfig(CONFIG_DISPLAY_NAME + i));
+            }
         }
         return null;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java
index 265b958d..30570b56 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.apps.CMS;
@@ -30,15 +29,14 @@ import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements the image
  * input that collects a picture.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class ImageInput extends EnrollInput implements IProfileInput { 
+public class ImageInput extends EnrollInput implements IProfileInput {
 
     public static final String IMAGE_URL = "image_url";
 
@@ -50,7 +48,7 @@ public class ImageInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -72,7 +70,7 @@ public class ImageInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         request.setExtData(IMAGE_URL, ctx.get(IMAGE_URL));
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java
index 00c0ffcf..c2b3cf0d 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import netscape.security.pkcs.PKCS10;
@@ -38,25 +37,23 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This class implements the key generation input that
  * populates parameters to the enrollment page for
  * key generation.
  * <p>
- *
- * This input normally is used with user-based or
- * non certificate request profile.
+ * 
+ * This input normally is used with user-based or non certificate request profile.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class KeyGenInput extends EnrollInput implements IProfileInput { 
+public class KeyGenInput extends EnrollInput implements IProfileInput {
 
-    public static final String VAL_KEYGEN_REQUEST_TYPE = 
-        EnrollProfile.CTX_CERT_REQUEST_TYPE;
-    public static final String VAL_KEYGEN_REQUEST = 
-        EnrollProfile.CTX_CERT_REQUEST;
+    public static final String VAL_KEYGEN_REQUEST_TYPE =
+            EnrollProfile.CTX_CERT_REQUEST_TYPE;
+    public static final String VAL_KEYGEN_REQUEST =
+            EnrollProfile.CTX_CERT_REQUEST;
 
     public EnrollProfile mEnrollProfile = null;
 
@@ -69,7 +66,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         mEnrollProfile = (EnrollProfile) profile;
     }
@@ -92,20 +89,20 @@ public class KeyGenInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE);
         String keygen_request = ctx.get(VAL_KEYGEN_REQUEST);
 
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
 
         if (keygen_request_type == null) {
             CMS.debug("KeyGenInput: populate - invalid cert request type " +
-                "");
+                    "");
             throw new EProfileException(
                     CMS.getUserMessage(getLocale(request),
-                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
-                        ""));
+                            "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
+                            ""));
         }
         if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) {
             PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
@@ -115,7 +112,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput {
                             getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
             }
 
-            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);	
+            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);
         } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) {
             DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request);
 
@@ -124,7 +121,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput {
                             getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
             }
 
-            mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);	
+            mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);
         } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) {
             CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request);
 
@@ -149,17 +146,17 @@ public class KeyGenInput extends EnrollInput implements IProfileInput {
             // This profile only handle the first request in CRMF
             Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
 
-            if (seqNum == null) { 
-                   throw new EProfileException( 
-                    CMS.getUserMessage(getLocale(request), 
-                    "CMS_PROFILE_UNKNOWN_SEQ_NUM")); 
+            if (seqNum == null) {
+                throw new EProfileException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
             }
 
             mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request);
         } else {
             // error
             CMS.debug("DualKeyGenInput: populate - " +
-                "invalid cert request type " + keygen_request_type);
+                    "invalid cert request type " + keygen_request_type);
             throw new EProfileException(CMS.getUserMessage(
                         getLocale(request),
                         "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java
index dce75c15..542a2c94 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.apps.CMS;
@@ -30,15 +29,14 @@ import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements the serial number input
  * for renewal
  * <p>
- *
- * @author Christina Fu 
+ * 
+ * @author Christina Fu
  */
-public class SerialNumRenewInput extends EnrollInput implements IProfileInput { 
+public class SerialNumRenewInput extends EnrollInput implements IProfileInput {
 
     public static final String SERIAL_NUM = "serial_num";
 
@@ -50,7 +48,7 @@ public class SerialNumRenewInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -72,7 +70,7 @@ public class SerialNumRenewInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         //
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java
index 4a8f6050..a12351f8 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -37,11 +36,10 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This plugin accepts subject DN from end user.
  */
-public class SubjectDNInput extends EnrollInput implements IProfileInput { 
+public class SubjectDNInput extends EnrollInput implements IProfileInput {
 
     public static final String VAL_SUBJECT = "subject";
 
@@ -52,7 +50,7 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -70,37 +68,36 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput {
         return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT");
     }
 
-
     public String getConfig(String name) {
-	String config = super.getConfig(name);
-	if (config == null || config.equals(""))
-		return "true";
-	return config;
+        String config = super.getConfig(name);
+        if (config == null || config.equals(""))
+            return "true";
+        return config;
     }
 
     /**
      * Returns selected value names based on the configuration.
      */
     public Enumeration<String> getValueNames() {
-         Vector<String> v = new Vector<String>();
-         v.addElement(VAL_SUBJECT);
-         return v.elements();
+        Vector<String> v = new Vector<String>();
+        v.addElement(VAL_SUBJECT);
+        return v.elements();
     }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
         String subjectName = "";
 
         subjectName = ctx.get(VAL_SUBJECT);
         if (subjectName.equals("")) {
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
         }
         X500Name name = null;
 
@@ -108,10 +105,10 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput {
             name = new X500Name(subjectName);
         } catch (Exception e) {
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName));
         }
-        parseSubjectName(name, info, request);	
+        parseSubjectName(name, info, request);
         request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
     }
 
@@ -133,13 +130,13 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput {
     }
 
     protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req)
-        throws EProfileException {
+            throws EProfileException {
         try {
             req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME,
                     new CertificateSubjectName(subj));
         } catch (Exception e) {
-            CMS.debug("SubjectNameInput: parseSubject Name " + 
-                e.toString());
+            CMS.debug("SubjectNameInput: parseSubject Name " +
+                    e.toString());
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java
index 15f906f9..55ede138 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -37,20 +36,18 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This class implements the subject name input
  * that populates text fields to the enrollment
  * page so that distinguished name parameters
  * can be collected from the user.
  * <p>
- * The collected parameters could be used for
- * fomulating the subject name in the certificate.
+ * The collected parameters could be used for fomulating the subject name in the certificate.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class SubjectNameInput extends EnrollInput implements IProfileInput { 
+public class SubjectNameInput extends EnrollInput implements IProfileInput {
 
     public static final String CONFIG_UID = "sn_uid";
     public static final String CONFIG_EMAIL = "sn_e";
@@ -88,7 +85,7 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -106,101 +103,100 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput {
         return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT");
     }
 
-
     public String getConfig(String name) {
-	String config = super.getConfig(name);
-	if (config == null || config.equals(""))
-		return "true";
-	return config;
+        String config = super.getConfig(name);
+        if (config == null || config.equals(""))
+            return "true";
+        return config;
     }
 
     /**
      * Returns selected value names based on the configuration.
      */
     public Enumeration getValueNames() {
-         Vector v = new Vector();
-         String c_uid = getConfig(CONFIG_UID);
-         if (c_uid == null || c_uid.equals("")) {
-             v.addElement(VAL_UID); // default case
-         } else {
-           if (c_uid.equals("true")) {
-             v.addElement(VAL_UID);
-           }
-         }
-         String c_email = getConfig(CONFIG_EMAIL);
-         if (c_email == null || c_email.equals("")) {
-             v.addElement(VAL_EMAIL);
-         } else {
-           if (c_email.equals("true")) {
-             v.addElement(VAL_EMAIL);
-           }
-         }
-         String c_cn = getConfig(CONFIG_CN);
-         if (c_cn == null || c_cn.equals("")) {
-           v.addElement(VAL_CN);
-         } else {
-           if (c_cn.equals("true")) {
-             v.addElement(VAL_CN);
-	   }
-	 }
-         String c_ou3 = getConfig(CONFIG_OU3);
-         if (c_ou3 == null || c_ou3.equals("")) {
-           v.addElement(VAL_OU3);
-	 } else {
-           if (c_ou3.equals("true")) {
-           	v.addElement(VAL_OU3);
-	   }
-         }
-         String c_ou2 = getConfig(CONFIG_OU2);
-         if (c_ou2 == null || c_ou2.equals("")) {
-           v.addElement(VAL_OU2);
-	 } else {
-           if (c_ou2.equals("true")) {
-           	v.addElement(VAL_OU2);
-	   }
-         }
-         String c_ou1 = getConfig(CONFIG_OU1);
-         if (c_ou1 == null || c_ou1.equals("")) {
-           v.addElement(VAL_OU1);
-	 } else {
-           if (c_ou1.equals("true")) {
-           	v.addElement(VAL_OU1);
-	   }
-         }
-         String c_ou = getConfig(CONFIG_OU);
-         if (c_ou == null || c_ou.equals("")) {
-           v.addElement(VAL_OU);
-	 } else {
-           if (c_ou.equals("true")) {
-           	v.addElement(VAL_OU);
-	   }
-         }
-         String c_o = getConfig(CONFIG_O);
-         if (c_o == null || c_o.equals("")) {
-           v.addElement(VAL_O);
-	 } else {
-           if (c_o.equals("true")) {
-             v.addElement(VAL_O);
-	   }
-         }
-         String c_c = getConfig(CONFIG_C);
-         if (c_c == null || c_c.equals("")) {
-           v.addElement(VAL_C);
-         } else {
-           if (c_c.equals("true")) {
-             v.addElement(VAL_C);
-	   }
-         }
-         return v.elements();
+        Vector v = new Vector();
+        String c_uid = getConfig(CONFIG_UID);
+        if (c_uid == null || c_uid.equals("")) {
+            v.addElement(VAL_UID); // default case
+        } else {
+            if (c_uid.equals("true")) {
+                v.addElement(VAL_UID);
+            }
+        }
+        String c_email = getConfig(CONFIG_EMAIL);
+        if (c_email == null || c_email.equals("")) {
+            v.addElement(VAL_EMAIL);
+        } else {
+            if (c_email.equals("true")) {
+                v.addElement(VAL_EMAIL);
+            }
+        }
+        String c_cn = getConfig(CONFIG_CN);
+        if (c_cn == null || c_cn.equals("")) {
+            v.addElement(VAL_CN);
+        } else {
+            if (c_cn.equals("true")) {
+                v.addElement(VAL_CN);
+            }
+        }
+        String c_ou3 = getConfig(CONFIG_OU3);
+        if (c_ou3 == null || c_ou3.equals("")) {
+            v.addElement(VAL_OU3);
+        } else {
+            if (c_ou3.equals("true")) {
+                v.addElement(VAL_OU3);
+            }
+        }
+        String c_ou2 = getConfig(CONFIG_OU2);
+        if (c_ou2 == null || c_ou2.equals("")) {
+            v.addElement(VAL_OU2);
+        } else {
+            if (c_ou2.equals("true")) {
+                v.addElement(VAL_OU2);
+            }
+        }
+        String c_ou1 = getConfig(CONFIG_OU1);
+        if (c_ou1 == null || c_ou1.equals("")) {
+            v.addElement(VAL_OU1);
+        } else {
+            if (c_ou1.equals("true")) {
+                v.addElement(VAL_OU1);
+            }
+        }
+        String c_ou = getConfig(CONFIG_OU);
+        if (c_ou == null || c_ou.equals("")) {
+            v.addElement(VAL_OU);
+        } else {
+            if (c_ou.equals("true")) {
+                v.addElement(VAL_OU);
+            }
+        }
+        String c_o = getConfig(CONFIG_O);
+        if (c_o == null || c_o.equals("")) {
+            v.addElement(VAL_O);
+        } else {
+            if (c_o.equals("true")) {
+                v.addElement(VAL_O);
+            }
+        }
+        String c_c = getConfig(CONFIG_C);
+        if (c_c == null || c_c.equals("")) {
+            v.addElement(VAL_C);
+        } else {
+            if (c_c.equals("true")) {
+                v.addElement(VAL_C);
+            }
+        }
+        return v.elements();
     }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
         String subjectName = "";
 
         String uid = ctx.get(VAL_UID);
@@ -270,8 +266,8 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput {
         }
         if (subjectName.equals("")) {
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
         }
         X500Name name = null;
 
@@ -279,10 +275,10 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput {
             name = new X500Name(subjectName);
         } catch (Exception e) {
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName));
         }
-        parseSubjectName(name, info, request);	
+        parseSubjectName(name, info, request);
         request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
     }
 
@@ -374,13 +370,13 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput {
     }
 
     protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req)
-        throws EProfileException {
+            throws EProfileException {
         try {
             req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME,
                     new CertificateSubjectName(subj));
         } catch (Exception e) {
-            CMS.debug("SubjectNameInput: parseSubject Name " + 
-                e.toString());
+            CMS.debug("SubjectNameInput: parseSubject Name " +
+                    e.toString());
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java
index 52df2d41..984706f4 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.apps.CMS;
@@ -30,16 +29,15 @@ import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements the submitter information
- * input that collects certificate requestor's 
+ * input that collects certificate requestor's
  * information such as name, email and phone.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class SubmitterInfoInput extends EnrollInput implements IProfileInput { 
+public class SubmitterInfoInput extends EnrollInput implements IProfileInput {
 
     public static final String NAME = "requestor_name";
     public static final String EMAIL = "requestor_email";
@@ -55,7 +53,7 @@ public class SubmitterInfoInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -77,7 +75,7 @@ public class SubmitterInfoInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         //
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java
index 64988fed..3c606789 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.X509CertInfo;
@@ -33,19 +32,17 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This class implements the certificate request input from TPS.
  * This input populates 2 main fields to the enrollment "page":
  * 1/ token cuid, 2/ publickey
  * <p>
  * 
- * This input usually is used by an enrollment profile for
- * certificate requests coming from TPS.
- *
+ * This input usually is used by an enrollment profile for certificate requests coming from TPS.
+ * 
  * @version $Revision$, $Date$
  */
-public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { 
+public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput {
     public static final String VAL_TOKEN_CUID = "tokencuid";
     public static final String VAL_PUBLIC_KEY = "publickey";
 
@@ -60,7 +57,7 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
 
         mEnrollProfile = (EnrollProfile) profile;
@@ -80,66 +77,65 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput {
         return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT");
     }
 
-	/*
-	 * Pretty print token cuid
-	 */
-	public String toPrettyPrint(String cuid)
-	{
-		if (cuid == null)
-			return null;
-
-		if (cuid.length() != 20)
-			return null;
-
-		StringBuffer sb = new StringBuffer();
-		for (int i=0; i < cuid.length(); i++) {
-			if (i == 4 || i == 8 || i == 12 || i == 16) {
-				sb.append("-");
-			}
-			sb.append(cuid.charAt(i));
-		}
-		return sb.toString();
-	}
+    /*
+     * Pretty print token cuid
+     */
+    public String toPrettyPrint(String cuid) {
+        if (cuid == null)
+            return null;
+
+        if (cuid.length() != 20)
+            return null;
+
+        StringBuffer sb = new StringBuffer();
+        for (int i = 0; i < cuid.length(); i++) {
+            if (i == 4 || i == 8 || i == 12 || i == 16) {
+                sb.append("-");
+            }
+            sb.append(cuid.charAt(i));
+        }
+        return sb.toString();
+    }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         String tcuid = ctx.get(VAL_TOKEN_CUID);
-		// pretty print tcuid
-		String prettyPrintCuid = toPrettyPrint(tcuid);
-		if (prettyPrintCuid == null) {
+        // pretty print tcuid
+        String prettyPrintCuid = toPrettyPrint(tcuid);
+        if (prettyPrintCuid == null) {
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", 
-                        ""));
-		}
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_TOKENKEY_NO_TOKENCUID",
+                            ""));
+        }
 
-		request.setExtData("pretty_print_tokencuid", prettyPrintCuid);
+        request.setExtData("pretty_print_tokencuid", prettyPrintCuid);
 
         String pk = ctx.get(VAL_PUBLIC_KEY);
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
 
         if (tcuid == null) {
-            CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " + 
-                "");
+            CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " +
+                    "");
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", 
-                        ""));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_TOKENKEY_NO_TOKENCUID",
+                            ""));
         }
         if (pk == null) {
-            CMS.debug("nsHKeyCertReqInput: populate - public key not found " + 
-                "");
+            CMS.debug("nsHKeyCertReqInput: populate - public key not found " +
+                    "");
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", 
-                        ""));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY",
+                            ""));
         }
 
-		mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request);	
+        mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request);
         request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
     }
 
@@ -152,12 +148,12 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput {
             return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID"));
+                            "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID"));
         } else if (name.equals(VAL_PUBLIC_KEY)) {
             return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK"));
+                            "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK"));
         }
         return null;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java
index 58984c6c..19679868 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.X509CertInfo;
@@ -33,19 +32,17 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This class implements the certificate request input from TPS.
  * This input populates 2 main fields to the enrollment "page":
  * 1/ id, 2/ publickey
  * <p>
  * 
- * This input usually is used by an enrollment profile for
- * certificate requests coming from TPS.
- *
+ * This input usually is used by an enrollment profile for certificate requests coming from TPS.
+ * 
  * @version $Revision$, $Date$
  */
-public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { 
+public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput {
     public static final String VAL_SN = "screenname";
     public static final String VAL_PUBLIC_KEY = "publickey";
 
@@ -60,7 +57,7 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
 
         mEnrollProfile = (EnrollProfile) profile;
@@ -84,30 +81,30 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         String sn = ctx.get(VAL_SN);
         String pk = ctx.get(VAL_PUBLIC_KEY);
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
 
         if (sn == null) {
-            CMS.debug("nsNKeyCertReqInput: populate - id not found " + 
-                "");
+            CMS.debug("nsNKeyCertReqInput: populate - id not found " +
+                    "");
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_TOKENKEY_NO_ID", 
-                        ""));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_TOKENKEY_NO_ID",
+                            ""));
         }
         if (pk == null) {
-            CMS.debug("nsNKeyCertReqInput: populate - public key not found " + 
-                "");
+            CMS.debug("nsNKeyCertReqInput: populate - public key not found " +
+                    "");
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", 
-                        ""));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY",
+                            ""));
         }
 
-		mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request);	
+        mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request);
         request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
     }
 
@@ -120,12 +117,12 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput {
             return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID"));
+                            "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID"));
         } else if (name.equals(VAL_PUBLIC_KEY)) {
             return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK"));
+                            "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK"));
         }
         return null;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java
index 999bdc67..2253460b 100644
--- a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.output;
 
-
 import java.io.ByteArrayOutputStream;
 import java.security.cert.X509Certificate;
 import java.util.Locale;
@@ -45,14 +44,13 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This class implements the output plugin that outputs
  * CMMF response for the issued certificate.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class CMMFOutput extends EnrollOutput implements IProfileOutput { 
+public class CMMFOutput extends EnrollOutput implements IProfileOutput {
 
     public static final String VAL_PRETTY_CERT = "pretty_cert";
     public static final String VAL_CMMF_RESPONSE = "cmmf_response";
@@ -66,7 +64,7 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -88,7 +86,7 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
@@ -99,61 +97,61 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput {
         if (name.equals(VAL_PRETTY_CERT)) {
             return new Descriptor(IDescriptor.PRETTY_PRINT, null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_OUTPUT_CERT_PP"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_OUTPUT_CERT_PP"));
         } else if (name.equals(VAL_CMMF_RESPONSE)) {
             return new Descriptor(IDescriptor.PRETTY_PRINT, null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_OUTPUT_CMMF_B64"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_OUTPUT_CMMF_B64"));
         }
         return null;
     }
 
     public String getValue(String name, Locale locale, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         if (name.equals(VAL_PRETTY_CERT)) {
             X509CertImpl cert = request.getExtDataInCert(
                     EnrollProfile.REQUEST_ISSUED_CERT);
-            ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); 
+            ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert);
 
             return prettyCert.toString(locale);
         } else if (name.equals(VAL_CMMF_RESPONSE)) {
             try {
-              X509CertImpl cert = request.getExtDataInCert(
-                    EnrollProfile.REQUEST_ISSUED_CERT);
-              if (cert == null)
-                  return null;
-            
-              ICertificateAuthority ca = (ICertificateAuthority)
-                   CMS.getSubsystem("ca");
-              CertificateChain cachain = ca.getCACertChain(); 
-              X509Certificate[] cacerts = cachain.getChain();
-
-              byte[][] caPubs = new byte[cacerts.length][];
-
-              for (int j = 0; j < cacerts.length; j++)  {
-                caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded();
-              }   
-
-              CertRepContent certRepContent = null;
-              certRepContent = new CertRepContent(caPubs);
-
-              PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); 
-              CertifiedKeyPair certifiedKP = 
-                new CertifiedKeyPair(new CertOrEncCert(cert.getEncoded())); 
-              CertResponse resp = 
-                new CertResponse(new INTEGER(request.getRequestId().toString()), 
-                 status, certifiedKP);
-              certRepContent.addCertResponse(resp);
-
-              ByteArrayOutputStream certRepOut = new ByteArrayOutputStream(); 
-              certRepContent.encode(certRepOut); 
-              byte[] certRepBytes = certRepOut.toByteArray();
-
-              return CMS.BtoA(certRepBytes); 
+                X509CertImpl cert = request.getExtDataInCert(
+                        EnrollProfile.REQUEST_ISSUED_CERT);
+                if (cert == null)
+                    return null;
+
+                ICertificateAuthority ca = (ICertificateAuthority)
+                        CMS.getSubsystem("ca");
+                CertificateChain cachain = ca.getCACertChain();
+                X509Certificate[] cacerts = cachain.getChain();
+
+                byte[][] caPubs = new byte[cacerts.length][];
+
+                for (int j = 0; j < cacerts.length; j++) {
+                    caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded();
+                }
+
+                CertRepContent certRepContent = null;
+                certRepContent = new CertRepContent(caPubs);
+
+                PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted);
+                CertifiedKeyPair certifiedKP =
+                        new CertifiedKeyPair(new CertOrEncCert(cert.getEncoded()));
+                CertResponse resp =
+                        new CertResponse(new INTEGER(request.getRequestId().toString()),
+                                status, certifiedKP);
+                certRepContent.addCertResponse(resp);
+
+                ByteArrayOutputStream certRepOut = new ByteArrayOutputStream();
+                certRepContent.encode(certRepOut);
+                byte[] certRepBytes = certRepOut.toByteArray();
+
+                return CMS.BtoA(certRepBytes);
             } catch (Exception e) {
-               return null;
+                return null;
             }
         } else {
             return null;
diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java
index 7a2631da..1293c055 100644
--- a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.output;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.X509CertImpl;
@@ -34,14 +33,13 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This class implements the pretty print certificate output
  * that displays the issued certificate in a pretty print format.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class CertOutput extends EnrollOutput implements IProfileOutput { 
+public class CertOutput extends EnrollOutput implements IProfileOutput {
     public static final String VAL_PRETTY_CERT = "pretty_cert";
     public static final String VAL_B64_CERT = "b64_cert";
 
@@ -54,7 +52,7 @@ public class CertOutput extends EnrollOutput implements IProfileOutput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -76,7 +74,7 @@ public class CertOutput extends EnrollOutput implements IProfileOutput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
@@ -87,25 +85,25 @@ public class CertOutput extends EnrollOutput implements IProfileOutput {
         if (name.equals(VAL_PRETTY_CERT)) {
             return new Descriptor(IDescriptor.PRETTY_PRINT, null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_OUTPUT_CERT_PP"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_OUTPUT_CERT_PP"));
         } else if (name.equals(VAL_B64_CERT)) {
             return new Descriptor(IDescriptor.PRETTY_PRINT, null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_OUTPUT_CERT_B64"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_OUTPUT_CERT_B64"));
         }
         return null;
     }
 
     public String getValue(String name, Locale locale, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         if (name.equals(VAL_PRETTY_CERT)) {
             X509CertImpl cert = request.getExtDataInCert(
                     EnrollProfile.REQUEST_ISSUED_CERT);
             if (cert == null)
                 return null;
-            ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); 
+            ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert);
 
             return prettyCert.toString(locale);
         } else if (name.equals(VAL_B64_CERT)) {
@@ -113,7 +111,7 @@ public class CertOutput extends EnrollOutput implements IProfileOutput {
                     EnrollProfile.REQUEST_ISSUED_CERT);
             if (cert == null)
                 return null;
-            return CMS.getEncodedCert(cert); 
+            return CMS.getEncodedCert(cert);
         } else {
             return null;
         }
diff --git a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java
index 5e3f077b..25a4b490 100644
--- a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.output;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -31,22 +30,21 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements the basic enrollment output.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public abstract class EnrollOutput implements IProfileOutput { 
+public abstract class EnrollOutput implements IProfileOutput {
     private IConfigStore mConfig = null;
     private Vector<String> mValueNames = new Vector<String>();
     protected Vector<String> mConfigNames = new Vector<String>();
- 
+
     /**
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         mConfig = config;
     }
 
@@ -60,28 +58,27 @@ public abstract class EnrollOutput implements IProfileOutput {
 
     /**
      * Populates the request with this policy default.
-     *
+     * 
      * @param ctx profile context
      * @param request request
      * @exception EProfileException failed to populate
      */
     public abstract void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves the descriptor of the given value
      * parameter by name.
-     *
+     * 
      * @param locale user locale
      * @param name property name
      * @return property descriptor
      */
     public abstract IDescriptor getValueDescriptor(Locale locale, String name);
 
-
     /**
      * Retrieves the localizable name of this policy.
-     *
+     * 
      * @param locale user locale
      * @return output policy name
      */
@@ -89,7 +86,7 @@ public abstract class EnrollOutput implements IProfileOutput {
 
     /**
      * Retrieves the localizable description of this policy.
-     *
+     * 
      * @param locale user locale
      * @return output policy description
      */
@@ -103,7 +100,7 @@ public abstract class EnrollOutput implements IProfileOutput {
     }
 
     public String getValue(String name, Locale locale, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         return request.getExtDataInString(name);
     }
 
@@ -111,7 +108,7 @@ public abstract class EnrollOutput implements IProfileOutput {
      * Sets the value of the given value parameter by name.
      */
     public void setValue(String name, Locale locale, IRequest request,
-        String value) throws EPropertyException {
+            String value) throws EPropertyException {
         request.setExtData(name, value);
     }
 
@@ -124,7 +121,7 @@ public abstract class EnrollOutput implements IProfileOutput {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
     }
 
     public String getConfig(String name) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java b/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java
index 65718481..0e01e15d 100644
--- a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java
+++ b/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.output;
 
-
 import java.io.ByteArrayOutputStream;
 import java.security.cert.X509Certificate;
 import java.util.Locale;
@@ -42,14 +41,13 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This class implements the output plugin that outputs
  * PKCS7 for the issued certificate.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class PKCS7Output extends EnrollOutput implements IProfileOutput { 
+public class PKCS7Output extends EnrollOutput implements IProfileOutput {
 
     public static final String VAL_PRETTY_CERT = "pretty_cert";
     public static final String VAL_PKCS7 = "pkcs7";
@@ -63,7 +61,7 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -85,7 +83,7 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
@@ -96,61 +94,61 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput {
         if (name.equals(VAL_PRETTY_CERT)) {
             return new Descriptor(IDescriptor.PRETTY_PRINT, null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_OUTPUT_CERT_PP"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_OUTPUT_CERT_PP"));
         } else if (name.equals(VAL_PKCS7)) {
             return new Descriptor(IDescriptor.PRETTY_PRINT, null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_OUTPUT_PKCS7_B64"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_OUTPUT_PKCS7_B64"));
         }
         return null;
     }
 
     public String getValue(String name, Locale locale, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         if (name.equals(VAL_PRETTY_CERT)) {
             X509CertImpl cert = request.getExtDataInCert(
                     EnrollProfile.REQUEST_ISSUED_CERT);
             if (cert == null)
-                  return null;
-            ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); 
+                return null;
+            ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert);
 
             return prettyCert.toString(locale);
         } else if (name.equals(VAL_PKCS7)) {
 
             try {
-              X509CertImpl cert = request.getExtDataInCert(
-                    EnrollProfile.REQUEST_ISSUED_CERT);
-              if (cert == null)
-                  return null;
-            
-              ICertificateAuthority ca = (ICertificateAuthority)
-                   CMS.getSubsystem("ca");
-              CertificateChain cachain = ca.getCACertChain(); 
-              X509Certificate[] cacerts = cachain.getChain();
-
-              X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; 
-              int m = 1, n = 0;
-
-              for (; n < cacerts.length; m++, n++) {
-                userChain[m] = (X509CertImpl) cacerts[n];
-              }
-
-              userChain[0] = cert;
-              PKCS7 p7 = new PKCS7(new AlgorithmId[0], 
-                  new ContentInfo(new byte[0]), 
-                  userChain, 
-                  new SignerInfo[0]); 
-              ByteArrayOutputStream bos = new ByteArrayOutputStream();
-
-              p7.encodeSignedData(bos); 
-              byte[] p7Bytes = bos.toByteArray(); 
-              String p7Str = CMS.BtoA(p7Bytes);
-
-              return p7Str;
+                X509CertImpl cert = request.getExtDataInCert(
+                        EnrollProfile.REQUEST_ISSUED_CERT);
+                if (cert == null)
+                    return null;
+
+                ICertificateAuthority ca = (ICertificateAuthority)
+                        CMS.getSubsystem("ca");
+                CertificateChain cachain = ca.getCACertChain();
+                X509Certificate[] cacerts = cachain.getChain();
+
+                X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
+                int m = 1, n = 0;
+
+                for (; n < cacerts.length; m++, n++) {
+                    userChain[m] = (X509CertImpl) cacerts[n];
+                }
+
+                userChain[0] = cert;
+                PKCS7 p7 = new PKCS7(new AlgorithmId[0],
+                        new ContentInfo(new byte[0]),
+                        userChain,
+                        new SignerInfo[0]);
+                ByteArrayOutputStream bos = new ByteArrayOutputStream();
+
+                p7.encodeSignedData(bos);
+                byte[] p7Bytes = bos.toByteArray();
+                String p7Str = CMS.BtoA(p7Bytes);
+
+                return p7Str;
             } catch (Exception e) {
-              return "";
+                return "";
             }
         } else {
             return null;
diff --git a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java
index 90aa40a1..6bf03f43 100644
--- a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.output;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.X509CertImpl;
@@ -33,14 +32,13 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This class implements the output plugin that outputs
  * DER for the issued certificate for token keys
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { 
+public class nsNKeyOutput extends EnrollOutput implements IProfileOutput {
 
     public static final String VAL_DER = "der";
 
@@ -52,7 +50,7 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -74,7 +72,7 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
@@ -85,24 +83,24 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput {
         if (name.equals(VAL_DER)) {
             return new Descriptor("der_b64", null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_OUTPUT_DER_B64"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_OUTPUT_DER_B64"));
         }
         return null;
     }
 
     public String getValue(String name, Locale locale, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         if (name.equals(VAL_DER)) {
 
             try {
-              X509CertImpl cert = request.getExtDataInCert(
-                    EnrollProfile.REQUEST_ISSUED_CERT);
-              if (cert == null)
-                  return null;
-			  return CMS.BtoA(cert.getEncoded());
+                X509CertImpl cert = request.getExtDataInCert(
+                        EnrollProfile.REQUEST_ISSUED_CERT);
+                if (cert == null)
+                    return null;
+                return CMS.BtoA(cert.getEncoded());
             } catch (Exception e) {
-              return "";
+                return "";
             }
         } else {
             return null;
diff --git a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java
index 69803421..928e36c2 100644
--- a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java
+++ b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java
@@ -58,7 +58,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
     private Vector mValueNames = new Vector();
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
-        "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
     private final static String SIGNED_AUDIT_PASSWORD_VALUE = "********";
     private final static String SIGNED_AUDIT_EMPTY_NAME_VALUE_PAIR = "Unknown";
     private final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;";
@@ -67,8 +67,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
     public SubsystemGroupUpdater() {
     }
 
-    public void init(IProfile profile, IConfigStore config) 
-      throws EProfileException {
+    public void init(IProfile profile, IConfigStore config)
+            throws EProfileException {
         mConfig = config;
         mProfile = profile;
         mEnrollProfile = (EnrollProfile) profile;
@@ -82,8 +82,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
         return null;
     }
 
-    public void setConfig(String name, String value) 
-      throws EPropertyException {
+    public void setConfig(String name, String value)
+            throws EPropertyException {
         if (mConfig.getSubStore("params") == null) {
             //
         } else {
@@ -108,8 +108,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
         return mConfig;
     }
 
-    public void update(IRequest req, RequestStatus status) 
-      throws EProfileException {
+    public void update(IRequest req, RequestStatus status)
+            throws EProfileException {
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -124,33 +124,34 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
             return;
 
         IConfigStore mainConfig = CMS.getConfigStore();
-        
-        int num=0;
+
+        int num = 0;
         try {
             num = mainConfig.getInteger("subsystem.count", 0);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
 
         String requestor_name = "subsystem";
         try {
-          requestor_name = req.getExtDataInString("requestor_name");
+            requestor_name = req.getExtDataInString("requestor_name");
         } catch (Exception e1) {
-          // ignore
+            // ignore
         }
 
         // i.e. tps-1.2.3.4-4
         String id = requestor_name;
- 
+
         num++;
         mainConfig.putInteger("subsystem.count", num);
-   
+
         try {
             mainConfig.commit(false);
         } catch (Exception e) {
         }
         String auditParams = "Scope;;users+Operation;;OP_ADD+source;;SubsystemGroupUpdater" +
-                             "+Resource;;"+ id +
+                             "+Resource;;" + id +
                              "+fullname;;" + id +
                              "+state;;1" +
                              "+userType;;agentType+email;;<null>+password;;<null>+phone;;<null>";
@@ -196,8 +197,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
             }
 
             auditParams = "Scope;;certs+Operation;;OP_ADD+source;;SubsystemGroupUpdater" +
-                             "+Resource;;"+ id +
-                             "+cert;;"+ b64;
+                             "+Resource;;" + id +
+                             "+cert;;" + b64;
 
             system.addUserCert(user);
             CMS.debug("SubsystemGroupUpdater update: successfully add the user certificate");
@@ -216,7 +217,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
                                    ILogger.FAILURE,
                                    auditParams);
                 audit(auditMessage);
-                throw new EProfileException(e.toString()); 
+                throw new EProfileException(e.toString());
             }
         } catch (Exception e) {
             CMS.debug("UpdateSubsystemGroup: update addUser " + e.toString());
@@ -232,17 +233,17 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
         IGroup group = null;
         String groupName = "Subsystem Group";
         auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;SubsystemGroupUpdater" +
-                      "+Resource;;"+ groupName; 
+                      "+Resource;;" + groupName;
 
         try {
             group = system.getGroupFromName(groupName);
-            
+
             auditParams += "+user;;";
             Enumeration members = group.getMemberNames();
             while (members.hasMoreElements()) {
                 auditParams += (String) members.nextElement();
                 if (members.hasMoreElements()) {
-                    auditParams +=",";         
+                    auditParams += ",";
                 }
             }
 
@@ -287,10 +288,10 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     private String auditSubjectID() {
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java
index aea489e3..e76571db 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java
@@ -20,7 +20,6 @@
 
 package com.netscape.cms.publish.mappers;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -49,7 +48,6 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.publish.ECompSyntaxErr;
 import com.netscape.certsrv.request.IRequest;
 
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -60,13 +58,15 @@ import com.netscape.certsrv.request.IRequest;
  * subject name, extension or request attributes.
  * <p>
  * 
- * The syntax is 
+ * The syntax is
+ * 
  * <pre>
  *     avaPattern := constant-value | 
  *                   "$subj" "." attrName [ "." attrNumber ] | 
  *                   "$req" "." [ prefix .] attrName [ "." attrNumber ] | 
- *                   "$ext" "." extName [ "." nameType ] [ "." attrNumber ] 
+ *                   "$ext" "." extName [ "." nameType ] [ "." attrNumber ]
  * </pre>
+ * 
  * <pre>
  * Example: <i>$ext.SubjectAlternativeName.RFC822Name.1</i>
  * cert subjectAltName is rfc822Name: jjames@mcom.com
@@ -77,9 +77,9 @@ import com.netscape.certsrv.request.IRequest;
  *     The first rfc822name value in the subjAltName extension.  <br>
  * <p>
  * </pre>
- * If a request attribute or subject DN component does not exist,
- * the attribute is skipped.
- *
+ * 
+ * If a request attribute or subject DN component does not exist, the attribute is skipped.
+ * 
  * @version $Revision$, $Date$
  */
 class AVAPattern {
@@ -101,12 +101,12 @@ class AVAPattern {
             "EDIName",
             "URIName",
             "IPAddress",
-            "OIDName"};
+            "OIDName" };
 
     private static final char[] endChars = new char[] { '+', ',' };
 
-    private static final LdapV3DNStrConverter mLdapDNStrConverter = 
-        new LdapV3DNStrConverter();
+    private static final LdapV3DNStrConverter mLdapDNStrConverter =
+            new LdapV3DNStrConverter();
 
     /* the list of request attributes needed by this AVA  */
     protected String[] mReqAttrs = null;
@@ -140,7 +140,7 @@ class AVAPattern {
     /////////////
 
     public AVAPattern(String component)
-        throws ELdapException {
+            throws ELdapException {
         if (component == null || component.length() == 0) {
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component));
         }
@@ -148,13 +148,13 @@ class AVAPattern {
         parse(new PushbackReader(new StringReader(component)));
     }
 
-    public AVAPattern(PushbackReader in) 
-        throws ELdapException {
+    public AVAPattern(PushbackReader in)
+            throws ELdapException {
         parse(in);
     }
 
     private void parse(PushbackReader in)
-        throws ELdapException {
+            throws ELdapException {
         int c;
 
         // skip spaces
@@ -169,7 +169,7 @@ class AVAPattern {
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
         }
 
-        if (c == -1) { 
+        if (c == -1) {
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
         }
 
@@ -189,9 +189,9 @@ class AVAPattern {
 
             if (c == 'r') {
                 try {
-                    if (in.read() != 'e' || 
-                        in.read() != 'q' || 
-                        in.read() != '.') {
+                    if (in.read() != 'e' ||
+                            in.read() != 'q' ||
+                            in.read() != '.') {
                         throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "expecting $req in ava pattern"));
                     }
@@ -204,10 +204,10 @@ class AVAPattern {
                 //System.out.println("---- mtype $req");
             } else if (c == 's') {
                 try {
-                    if (in.read() != 'u' || 
-                        in.read() != 'b' || 
-                        in.read() != 'j' || 
-                        in.read() != '.') {
+                    if (in.read() != 'u' ||
+                            in.read() != 'b' ||
+                            in.read() != 'j' ||
+                            in.read() != '.') {
                         throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "expecting $subj in ava pattern"));
                     }
@@ -220,9 +220,9 @@ class AVAPattern {
                 //System.out.println("----- mtype $subj");
             } else if (c == 'e') {
                 try {
-                    if (in.read() != 'x' || 
-                        in.read() != 't' || 
-                        in.read() != '.') {
+                    if (in.read() != 'x' ||
+                            in.read() != 't' ||
+                            in.read() != '.') {
                         throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "expecting $ext in ava pattern"));
                     }
@@ -235,7 +235,7 @@ class AVAPattern {
                 //System.out.println("----- mtype $ext");
             } else {
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                            "unknown keyword. expecting $subj $ext or $req.")); 
+                            "unknown keyword. expecting $subj $ext or $req."));
             }
 
             // get request attribute or
@@ -245,14 +245,14 @@ class AVAPattern {
             StringBuffer valueBuf = new StringBuffer();
 
             try {
-                while ((c = in.read()) != ',' && 
-                    c != -1 && c != '.' && c != '+') {
+                while ((c = in.read()) != ',' &&
+                        c != -1 && c != '.' && c != '+') {
                     //System.out.println("mValue read "+(char)c);
                     valueBuf.append((char) c);
                 }
 
                 if (c == '+' || c == ',') { // either ',' or '+'
-                    in.unread(c);           // pushback last , or + 
+                    in.unread(c); // pushback last , or + 
                 }
             } catch (IOException e) {
                 throw new ELdapException(
@@ -260,7 +260,7 @@ class AVAPattern {
             }
 
             mValue = valueBuf.toString().trim();
-            if (mValue.length() == 0) { 
+            if (mValue.length() == 0) {
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                             "$subj $ext or $req attribute name expected"));
             }
@@ -272,13 +272,13 @@ class AVAPattern {
 
                 try {
                     while ((c = in.read()) != ',' && c != -1 && c != '.'
-                        && c != '+') {
+                            && c != '+') {
                         //System.out.println("mElement read "+(char)c);
                         attrNumberBuf.append((char) c);
                     }
 
                     if (c == ',' || c == '+') { // either ','  or '+'
-                        in.unread(c);           // pushback last , or +
+                        in.unread(c); // pushback last , or +
                     }
                 } catch (IOException e) {
                     throw new ELdapException(
@@ -304,7 +304,7 @@ class AVAPattern {
                     } else {
                         throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "Invalid format in nth element " +
-                                    "$req $ext or $subj"));
+                                            "$req $ext or $subj"));
                     }
 
                     // get nth request attribute .
@@ -313,14 +313,14 @@ class AVAPattern {
 
                         try {
                             while ((c = in.read()) != ',' &&
-                                c != -1 && c != '+') {
+                                    c != -1 && c != '+') {
                                 //System.out.println("mElement read "+
                                 //                   (char)c);
                                 attrNumberBuf1.append((char) c);
                             }
 
-                            if (c != -1) {     // either ',' or '+'
-                                in.unread(c);  // pushback last , or +
+                            if (c != -1) { // either ',' or '+'
+                                in.unread(c); // pushback last , or +
                             }
                         } catch (IOException ex) {
                             throw new ELdapException(
@@ -328,18 +328,18 @@ class AVAPattern {
                         }
 
                         String attrNumber1 =
-                            attrNumberBuf1.toString().trim();
+                                attrNumberBuf1.toString().trim();
 
                         if (attrNumber1.length() == 0) {
                             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "nth element $req or $ext expected"));
                         }
 
-                        try { 
-                            mElement = Integer.parseInt(attrNumber1) - 1; 
+                        try {
+                            mElement = Integer.parseInt(attrNumber1) - 1;
                         } catch (NumberFormatException ex) {
                             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                         "Invalid format in nth element " +
-                                        "$req or $ext."));
+                                                "$req or $ext."));
                         }
                     }
                 }
@@ -361,7 +361,7 @@ class AVAPattern {
                 }
 
                 if (c == '+' || c == ',') { // either ',' or '+'
-                    in.unread(c);           // pushback last , or + 
+                    in.unread(c); // pushback last , or + 
                 }
             } catch (IOException e) {
                 throw new ELdapException(
@@ -383,9 +383,9 @@ class AVAPattern {
     }
 
     public String formAVA(IRequest req,
-        X500Name subject,
-        CertificateExtensions extensions)
-        throws ELdapException {
+            X500Name subject,
+            CertificateExtensions extensions)
+            throws ELdapException {
         if (TYPE_CONSTANT.equals(mType)) {
             return mValue;
         }
@@ -393,7 +393,7 @@ class AVAPattern {
         if (TYPE_SUBJ.equals(mType)) {
             String dn = subject.toString();
 
-            if (mTestDN != null) { 
+            if (mTestDN != null) {
                 dn = mTestDN;
             }
 
@@ -410,8 +410,8 @@ class AVAPattern {
                 for (int j = 0; j < avas.length; j++) {
                     String[] exploded = explodeAVA(avas[j]);
 
-                    if (exploded[0].equalsIgnoreCase(mValue) && 
-                        ++nFound == mElement) {
+                    if (exploded[0].equalsIgnoreCase(mValue) &&
+                            ++nFound == mElement) {
                         value = exploded[1];
                         break;
                     }
@@ -431,10 +431,10 @@ class AVAPattern {
 
                 for (int i = 0; i < extensions.size(); i++) {
                     Extension ext = (Extension)
-                        extensions.elementAt(i);
+                            extensions.elementAt(i);
 
                     String extName =
-                        OIDMap.getName(ext.getExtensionId());
+                            OIDMap.getName(ext.getExtensionId());
 
                     int index = extName.lastIndexOf(".");
 
@@ -450,9 +450,9 @@ class AVAPattern {
                                 SubjectAlternativeNameExtension.class.getSimpleName())) {
                             try {
                                 GeneralNames subjectNames = (GeneralNames)
-                                    ((SubjectAlternativeNameExtension)
+                                        ((SubjectAlternativeNameExtension)
                                         ext).get(
-                                        SubjectAlternativeNameExtension.SUBJECT_NAME);
+                                                SubjectAlternativeNameExtension.SUBJECT_NAME);
 
                                 if (subjectNames.size() == 0) {
                                     break;
@@ -461,11 +461,10 @@ class AVAPattern {
                                 int j = 0;
 
                                 for (Enumeration<GeneralNameInterface> n =
-                                        subjectNames.elements();
-                                    n.hasMoreElements();) {
+                                        subjectNames.elements(); n.hasMoreElements();) {
 
                                     GeneralName gn = (GeneralName)
-                                        n.nextElement();
+                                            n.nextElement();
 
                                     String gname = gn.toString();
 
@@ -476,7 +475,7 @@ class AVAPattern {
                                     }
 
                                     String gType =
-                                        gname.substring(0, index);
+                                            gname.substring(0, index);
 
                                     if (mGNType != null) {
                                         if (mGNType.equalsIgnoreCase(gType)) {
@@ -497,12 +496,12 @@ class AVAPattern {
                                         j++;
                                     }
                                 }
-                            } catch (IOException e) { 
+                            } catch (IOException e) {
                                 CMS.debug(
-                                    "AVAPattern: Publishing attr not formed " +
-                                    "from extension " +
-                                    "-- no attr : " +
-                                    mValue);
+                                        "AVAPattern: Publishing attr not formed " +
+                                                "from extension " +
+                                                "-- no attr : " +
+                                                mValue);
                             }
                         }
                     }
@@ -510,10 +509,10 @@ class AVAPattern {
             }
 
             CMS.debug(
-                "AVAPattern: Publishing:attr not formed " +
-                "from extension " +
-                "-- no attr : " +
-                mValue);
+                    "AVAPattern: Publishing:attr not formed " +
+                            "from extension " +
+                            "-- no attr : " +
+                            mValue);
 
             return null;
         }
@@ -522,8 +521,7 @@ class AVAPattern {
             // mPrefix and mValue are looked up case-insensitive
             String reqAttr = req.getExtDataInString(mPrefix, mValue);
             if (reqAttr == null) {
-                throw new
-                        ELdapException(
+                throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_NO_REQUEST", mValue, ""));
             }
 
@@ -550,10 +548,10 @@ class AVAPattern {
     }
 
     /**
-     * Explode RDN into AVAs. 
-     * Does not handle escaped '+' 
+     * Explode RDN into AVAs.
+     * Does not handle escaped '+'
      * Java ldap library does not yet support multiple avas per rdn.
-     * If RDN is malformed returns empty array. 
+     * If RDN is malformed returns empty array.
      */
     public static String[] explodeRDN(String rdn) {
         int plus = rdn.indexOf('+');
@@ -578,7 +576,7 @@ class AVAPattern {
     }
 
     /**
-     * Explode AVA into name and value. 
+     * Explode AVA into name and value.
      * Does not handle escaped '='
      * If AVA is malformed empty array is returned.
      */
@@ -593,4 +591,3 @@ class AVAPattern {
                 ava.substring(equals + 1).trim() };
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java
index 3cf1bca8..36814344 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.io.IOException;
 import java.security.cert.X509Certificate;
 import java.util.Locale;
@@ -48,20 +47,19 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapMapper;
 import com.netscape.certsrv.request.IRequest;
 
-
-/** 
+/**
  * Maps a request to an entry in the LDAP server.
  * Takes a dnPattern to form the baseDN from the request attributes
- * and certificate subject name.Do a base search for the entry 
+ * and certificate subject name.Do a base search for the entry
  * in the directory to publish the cert or crl.
  * The restriction of this mapper is that the ldap dn components must
  * be part of certificate subject name or request attributes or constant.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
-    protected static final String PROP_DNPATTERN = "dnPattern";  
-    protected static final String PROP_CREATECA = "createCAEntry";  
+    protected static final String PROP_DNPATTERN = "dnPattern";
+    protected static final String PROP_CREATECA = "createCAEntry";
     protected String mDnPattern = null;
     protected boolean mCreateCAEntry = true;
 
@@ -79,13 +77,13 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
     protected String[] mCertAttrs = null;
 
     /* default dn pattern if left blank or not set in the config */
-    public static final String DEFAULT_DNPATTERN = 
-        "UID=$req.HTTP_PARAMS.UID,  OU=people, O=$subj.o, C=$subj.c";
+    public static final String DEFAULT_DNPATTERN =
+            "UID=$req.HTTP_PARAMS.UID,  OU=people, O=$subj.o, C=$subj.c";
 
-    /** 
+    /**
      * Constructor.
-     *
-     * @param dnPattern The base DN. 
+     * 
+     * @param dnPattern The base DN.
      */
     public LdapCaSimpleMap(String dnPattern) {
         try {
@@ -93,7 +91,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
         }
-		
+
     }
 
     /**
@@ -105,11 +103,11 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
     public String[] getExtendedPluginInfo(Locale locale) {
         String params[] = {
                 "dnPattern;string;Describes how to form the Ldap Subject name in" +
-                " the directory.  Example 1:  'uid=CertMgr, o=Fedora'.  Example 2:" +
-                " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + 
-                "$req means: take the attribute from the request. " + 
-                "$subj means: take the attribute from the certificate subject name. " + 
-                "$ext means: take the attribute from the certificate extension",
+                        " the directory.  Example 1:  'uid=CertMgr, o=Fedora'.  Example 2:" +
+                        " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " +
+                        "$req means: take the attribute from the request. " +
+                        "$subj means: take the attribute from the certificate subject name. " +
+                        "$ext means: take the attribute from the certificate extension",
                 "createCAEntry;boolean;If checked, CA entry will be created automatically",
                 IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-casimplemapper",
                 IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the LDAP DN of the entry to publish to"
@@ -122,11 +120,11 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         return mConfig;
     }
 
-    /** 
+    /**
      * for initializing from config store.
      */
-    public void init(IConfigStore config) 
-        throws EBaseException {
+    public void init(IConfigStore config)
+            throws EBaseException {
         mConfig = config;
         String dnPattern = mConfig.getString(PROP_DNPATTERN);
 
@@ -138,12 +136,12 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
      * common initialization routine.
      */
     protected void init(String dnPattern)
-        throws EBaseException {
-        if (mInited) 
+            throws EBaseException {
+        if (mInited)
             return;
 
         mDnPattern = dnPattern;
-        if (mDnPattern == null || mDnPattern.length() == 0) 
+        if (mDnPattern == null || mDnPattern.length() == 0)
             mDnPattern = DEFAULT_DNPATTERN;
         try {
             mPattern = new MapDNPattern(mDnPattern);
@@ -151,7 +149,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
             String[] mCertAttrs = mPattern.getCertAttrs();
         } catch (ELdapException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern, e.toString()));
-            throw new EBaseException("falied to init with pattern " + 
+            throw new EBaseException("falied to init with pattern " +
                     dnPattern + " " + e);
         }
 
@@ -162,12 +160,12 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
      * Maps a X500 subject name to LDAP entry.
      * Uses DN pattern to form a DN for a LDAP base search.
      * 
-     * @param conn	the LDAP connection.
-     * @param obj   the object to map.
+     * @param conn the LDAP connection.
+     * @param obj the object to map.
      * @exception ELdapException if any LDAP exceptions occured.
-     */ 
+     */
     public String map(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return map(conn, null, obj);
     }
 
@@ -175,13 +173,13 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
      * Maps a X500 subject name to LDAP entry.
      * Uses DN pattern to form a DN for a LDAP base search.
      * 
-     * @param conn	the LDAP connection.
-     * @param req  	the request to map.
-     * @param obj   the object to map.
+     * @param conn the LDAP connection.
+     * @param req the request to map.
+     * @param obj the object to map.
      * @exception ELdapException if any LDAP exceptions occured.
-     */ 
+     */
     public String map(LDAPConnection conn, IRequest req, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         if (conn == null)
             return null;
         String dn = null;
@@ -204,26 +202,26 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
             String[] attrs = new String[] { LDAPv3.NO_ATTRS };
 
             log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:"
-                + filter + " scope: base");
+                    + filter + " scope: base");
 
-            LDAPSearchResults results = 
-                conn.search(dn, scope, filter, attrs, false);
+            LDAPSearchResults results =
+                    conn.search(dn, scope, filter, attrs, false);
             LDAPEntry entry = results.next();
 
             if (results.hasMoreElements()) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn,
-                        ((req == null) ? "" : req.getRequestId().toString()))); 
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn,
+                                ((req == null) ? "" : req.getRequestId().toString())));
                 throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", 
-                            ((req == null) ? "" : req.getRequestId().toString()))); 
+                        CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY",
+                                ((req == null) ? "" : req.getRequestId().toString())));
             }
             if (entry != null)
                 return entry.getDN();
             else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn,
-                        ((req == null) ? "" : req.getRequestId().toString())));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn,
+                                ((req == null) ? "" : req.getRequestId().toString())));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND",
                             "null entry"));
             }
@@ -232,7 +230,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT && mCreateCAEntry) {
                 try {
@@ -246,8 +244,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
                     } else {
                         log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED1"));
                     }
-                    throw new
-                        ELdapException(CMS.getUserMessage("CMS_LDAP_CREATE_CA_FAILED", dn));
+                    throw new ELdapException(CMS.getUserMessage("CMS_LDAP_CREATE_CA_FAILED", dn));
                 }
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, e.toString()));
@@ -260,19 +257,19 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     private void createCAEntry(LDAPConnection conn, String dn)
-        throws LDAPException {
+            throws LDAPException {
         LDAPAttributeSet attrs = new LDAPAttributeSet();
         // OID 2.5.6.16
-        String caOc[] = new String[] {"top", 
-                "person", 
-                "organizationalPerson", 
-                "inetOrgPerson"}; 
-		   
-        String oOc[] = {"top", 
-                "organization"};
-        String oiOc[] = {"top", 
-                "organizationalunit"};
-		   
+        String caOc[] = new String[] { "top",
+                "person",
+                "organizationalPerson",
+                "inetOrgPerson" };
+
+        String oOc[] = { "top",
+                "organization" };
+        String oiOc[] = { "top",
+                "organizationalunit" };
+
         DN dnobj = new DN(dn);
         String attrval[] = dnobj.explodeDN(true);
 
@@ -286,6 +283,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
 
     /**
      * form a dn from component in the request and cert subject name
+     * 
      * @param req The request
      * @param obj The certificate or crl
      */
@@ -296,13 +294,13 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             X509Certificate cert = (X509Certificate) obj;
 
-            subjectDN = 
+            subjectDN =
                     (X500Name) ((X509Certificate) cert).getSubjectDN();
 
             CMS.debug("LdapCaSimpleMap: cert subject dn:" + subjectDN.toString());
             X509CertInfo info = (X509CertInfo)
-                ((X509CertImpl) cert).get(
-                    X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                    ((X509CertImpl) cert).get(
+                            X509CertImpl.NAME + "." + X509CertImpl.INFO);
 
             certExt = (CertificateExtensions) info.get(
                         CertificateExtensions.NAME);
@@ -316,12 +314,12 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
             try {
                 X509CRLImpl crl = (X509CRLImpl) obj;
 
-                subjectDN = 
+                subjectDN =
                         (X500Name) ((X509CRLImpl) crl).getIssuerDN();
 
                 CMS.debug("LdapCaSimpleMap: crl issuer dn: " +
-                    subjectDN.toString());
-            }catch (ClassCastException ex) {
+                        subjectDN.toString());
+            } catch (ClassCastException ex) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED",
                         ((req == null) ? "" : req.getRequestId().toString())));
                 return null;
@@ -332,9 +330,9 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
 
             return dn;
         } catch (ELdapException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("PUBLISH_CANT_FORM_DN",
-                    ((req == null) ? "" : req.getRequestId().toString()), e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("PUBLISH_CANT_FORM_DN",
+                            ((req == null) ? "" : req.getRequestId().toString()), e.toString()));
             throw new EBaseException("falied to form dn for request: " +
                     ((req == null) ? "" : req.getRequestId().toString()) + " " + e);
         }
@@ -362,9 +360,9 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             if (mDnPattern == null) {
                 v.addElement(PROP_DNPATTERN + "=");
-            }else {
+            } else {
                 v.addElement(PROP_DNPATTERN + "=" +
-                    mConfig.getString(PROP_DNPATTERN));
+                        mConfig.getString(PROP_DNPATTERN));
             }
             v.addElement(PROP_CREATECA + "=" + mConfig.getBoolean(PROP_CREATECA, true));
         } catch (Exception e) {
@@ -374,8 +372,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapCaSimpleMapper: " + msg);
+                "LdapCaSimpleMapper: " + msg);
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java
index 17c562ce..2373e3c6 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.security.cert.CRLException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
@@ -34,9 +33,8 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapMapper;
 import com.netscape.certsrv.request.IRequest;
 
-
-/** 
- * Maps a X509 certificate to a LDAP entry using AVAs in the certificate's 
+/**
+ * Maps a X509 certificate to a LDAP entry using AVAs in the certificate's
  * subject name to form the ldap search dn and filter.
  * Takes a optional root search dn.
  * The DN comps are used to form a LDAP entry to begin a subtree search.
@@ -45,11 +43,11 @@ import com.netscape.certsrv.request.IRequest;
  * If the baseDN is null and none of the DN comps matched, it is an error.
  * If none of the DN comps and filter comps matched, it is an error.
  * If just the filter comps is null, a base search is performed.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class LdapCertCompsMap 
-    extends LdapDNCompsMap implements ILdapMapper {
+public class LdapCertCompsMap
+        extends LdapDNCompsMap implements ILdapMapper {
     ILogger mLogger = CMS.getLogger();
 
     public LdapCertCompsMap() {
@@ -57,9 +55,9 @@ public class LdapCertCompsMap
         // via configuration
     }
 
-    /** 
+    /**
      * Constructor.
-     *
+     * 
      * The DN comps are used to form a LDAP entry to begin a subtree search.
      * The filter comps are used to form a search filter for the subtree.
      * If none of the DN comps matched, baseDN is used for the subtree.
@@ -67,12 +65,12 @@ public class LdapCertCompsMap
      * If none of the DN comps and filter comps matched, it is an error.
      * If just the filter comps is null, a base search is performed.
      * 
-     * @param baseDN The base DN. 
+     * @param baseDN The base DN.
      * @param dnComps Components to form the LDAP base dn for search.
      * @param filterComps Components to form the LDAP search filter.
      */
     public LdapCertCompsMap(String baseDN, ObjectIdentifier[] dnComps,
-        ObjectIdentifier[] filterComps) {
+            ObjectIdentifier[] filterComps) {
         init(baseDN, dnComps, filterComps);
     }
 
@@ -99,20 +97,20 @@ public class LdapCertCompsMap
     /**
      * constructor using non-standard certificate attribute.
      */
-    public LdapCertCompsMap(String certAttr, String baseDN, 
-        ObjectIdentifier[] dnComps,
-        ObjectIdentifier[] filterComps) {
+    public LdapCertCompsMap(String certAttr, String baseDN,
+            ObjectIdentifier[] dnComps,
+            ObjectIdentifier[] filterComps) {
         super(certAttr, baseDN, dnComps, filterComps);
     }
 
     protected void init(String baseDN, ObjectIdentifier[] dnComps,
-        ObjectIdentifier[] filterComps) {
+            ObjectIdentifier[] filterComps) {
         super.init(baseDN, dnComps, filterComps);
     }
 
     /**
      * Maps a certificate to LDAP entry.
-     * Uses DN components and filter components to form a DN and 
+     * Uses DN components and filter components to form a DN and
      * filter for a LDAP search.
      * If the formed DN is null the baseDN will be used.
      * If the formed DN is null and baseDN is null an error is thrown.
@@ -123,16 +121,16 @@ public class LdapCertCompsMap
      * @param obj - the X509Certificate.
      */
     public String
-    map(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            map(LDAPConnection conn, Object obj)
+                    throws ELdapException {
         if (conn == null)
             return null;
         try {
             X509Certificate cert = (X509Certificate) obj;
             String result = null;
             // form dn and filter for search.
-            X500Name subjectDN = 
-                (X500Name) ((X509Certificate) cert).getSubjectDN();
+            X500Name subjectDN =
+                    (X500Name) ((X509Certificate) cert).getSubjectDN();
 
             CMS.debug("LdapCertCompsMap: " + subjectDN.toString());
 
@@ -148,8 +146,8 @@ public class LdapCertCompsMap
             try {
                 X509CRLImpl crl = (X509CRLImpl) obj;
                 String result = null;
-                X500Name issuerDN = 
-                    (X500Name) ((X509CRLImpl) crl).getIssuerDN();
+                X500Name issuerDN =
+                        (X500Name) ((X509CRLImpl) crl).getIssuerDN();
 
                 CMS.debug("LdapCertCompsMap: " + issuerDN.toString());
 
@@ -168,14 +166,13 @@ public class LdapCertCompsMap
     }
 
     public String map(LDAPConnection conn, IRequest req, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return map(conn, obj);
     }
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapCertCompsMap: " + msg);
+                "LdapCertCompsMap: " + msg);
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java
index 7eded9cd..a1f79a48 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.security.cert.X509Certificate;
 import java.util.Locale;
 import java.util.Vector;
@@ -41,11 +40,10 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapMapper;
 import com.netscape.certsrv.request.IRequest;
 
-
-/** 
+/**
  * Maps a X509 certificate to a LDAP entry by using the subject name
  * of the certificate as the LDAP entry DN.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
@@ -64,7 +62,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     public void init(IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         if (mInited == true)
             return;
         mConfig = config;
@@ -74,9 +72,9 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-mapper-certexactmapper",
+                        ";configuration-ldappublish-mapper-certexactmapper",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Literally uses the subject name of the certificate as the DN to publish to"
+                        ";Literally uses the subject name of the certificate as the DN to publish to"
             };
 
         return params;
@@ -95,7 +93,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
 
         return v;
     }
-	
+
     public Vector<String> getInstanceParams() {
         Vector<String> v = new Vector<String>();
 
@@ -103,15 +101,15 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     /**
-     * Finds the entry for the certificate by looking for the cert 
+     * Finds the entry for the certificate by looking for the cert
      * subject name in the subject name attribute.
      * 
      * @param conn - the LDAP connection.
      * @param obj - the X509Certificate.
-     */ 
+     */
     public String
-    map(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            map(LDAPConnection conn, Object obj)
+                    throws ELdapException {
         if (conn == null)
             return null;
 
@@ -120,7 +118,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             X509Certificate cert = (X509Certificate) obj;
 
-            subjectDN = 
+            subjectDN =
                     (X500Name) ((X509Certificate) cert).getSubjectDN();
 
             CMS.debug("LdapCertExactMap: cert subject dn:" + subjectDN.toString());
@@ -128,12 +126,12 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
             try {
                 X509CRLImpl crl = (X509CRLImpl) obj;
 
-                subjectDN = 
+                subjectDN =
                         (X500Name) ((X509CRLImpl) crl).getIssuerDN();
 
                 CMS.debug("LdapCertExactMap: crl issuer dn: " +
-                    subjectDN.toString());
-            }catch (ClassCastException ex) {
+                        subjectDN.toString());
+            } catch (ClassCastException ex) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
                 return null;
             }
@@ -141,19 +139,19 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             boolean hasCert = false;
             boolean hasSubjectName = false;
-            String[] attrs = new String[] { LDAPv3.NO_ATTRS }; 
+            String[] attrs = new String[] { LDAPv3.NO_ATTRS };
 
             log(ILogger.LL_INFO, "Searching for " + subjectDN.toString());
 
-            LDAPSearchResults results = 
-                conn.search(subjectDN.toString(), LDAPv2.SCOPE_BASE, 
-                    "(objectclass=*)", attrs, false);
-							
+            LDAPSearchResults results =
+                    conn.search(subjectDN.toString(), LDAPv2.SCOPE_BASE,
+                            "(objectclass=*)", attrs, false);
+
             LDAPEntry entry = results.next();
 
             if (results.hasMoreElements()) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString()));
             }
             if (entry != null) {
                 log(ILogger.LL_INFO, "entry found");
@@ -165,7 +163,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", e.toString()));
@@ -190,14 +188,13 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     public String map(LDAPConnection conn, IRequest req, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return map(conn, obj);
     }
 
     private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, 
-            "LdapCertExactMap: " + msg);
+        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
+                "LdapCertExactMap: " + msg);
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java
index 42db2b27..e12606b2 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.security.cert.X509Certificate;
 import java.util.Locale;
 import java.util.Vector;
@@ -41,11 +40,10 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapMapper;
 import com.netscape.certsrv.request.IRequest;
 
-
-/** 
+/**
  * Maps a X509 certificate to a LDAP entry by finding an LDAP entry
  * which has an attribute whose contents are equal to the cert subject name.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
@@ -64,8 +62,9 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
 
     /**
      * constructs a certificate subject name mapper with search base.
-     * @param searchBase the dn to start searching for the certificate 
-     * subject name.
+     * 
+     * @param searchBase the dn to start searching for the certificate
+     *            subject name.
      */
     public LdapCertSubjMap(String searchBase) {
         if (searchBase == null)
@@ -82,10 +81,10 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
      * @param certSubjNameAttr attribute for certificate subject names.
      * @param certAttr attribute to find certificate.
      */
-    public LdapCertSubjMap(String searchBase, 
-        String certSubjNameAttr, String certAttr) {
-        if (searchBase == null || 
-            certSubjNameAttr == null || certAttr == null) 
+    public LdapCertSubjMap(String searchBase,
+            String certSubjNameAttr, String certAttr) {
+        if (searchBase == null ||
+                certSubjNameAttr == null || certAttr == null)
             throw new IllegalArgumentException(
                     "a null argument to constructor " + this.getClass().getName());
         mCertSubjNameAttr = certSubjNameAttr;
@@ -93,10 +92,10 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
         mInited = true;
     }
 
-    public LdapCertSubjMap(String searchBase, 
-        String certSubjNameAttr, String certAttr, boolean useAllEntries) {
-        if (searchBase == null || 
-            certSubjNameAttr == null || certAttr == null) 
+    public LdapCertSubjMap(String searchBase,
+            String certSubjNameAttr, String certAttr, boolean useAllEntries) {
+        if (searchBase == null ||
+                certSubjNameAttr == null || certAttr == null)
             throw new IllegalArgumentException(
                     "a null argument to constructor " + this.getClass().getName());
         mCertSubjNameAttr = certSubjNameAttr;
@@ -128,15 +127,15 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
                 "searchBase;string;Base DN to search from",
                 "useAllEntries;boolean;Use all entries for publishing",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-mapper-certsubjmapper",
+                        ";configuration-ldappublish-mapper-certsubjmapper",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This plugin assumes you want to publish to an LDAP entry which has " +
-                "an attribute whose contents are equal to the cert subject name"
+                        ";This plugin assumes you want to publish to an LDAP entry which has " +
+                        "an attribute whose contents are equal to the cert subject name"
             };
 
         return params;
     }
-	
+
     public Vector<String> getInstanceParams() {
         Vector<String> v = new Vector<String>();
 
@@ -159,7 +158,7 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     public void init(IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         if (mInited == true)
             return;
         mConfig = config;
@@ -171,15 +170,15 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     /**
-     * Finds the entry for the certificate by looking for the cert 
+     * Finds the entry for the certificate by looking for the cert
      * subject name in the subject name attribute.
      * 
      * @param conn - the LDAP connection.
      * @param obj - the X509Certificate.
-     */ 
+     */
     public String
-    map(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            map(LDAPConnection conn, Object obj)
+                    throws ELdapException {
         if (conn == null)
             return null;
         X500Name subjectDN = null;
@@ -187,7 +186,7 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             X509Certificate cert = (X509Certificate) obj;
 
-            subjectDN = 
+            subjectDN =
                     (X500Name) ((X509Certificate) cert).getSubjectDN();
 
             CMS.debug("LdapCertSubjMap: cert subject dn:" + subjectDN.toString());
@@ -195,12 +194,12 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
             try {
                 X509CRLImpl crl = (X509CRLImpl) obj;
 
-                subjectDN = 
+                subjectDN =
                         (X500Name) ((X509CRLImpl) crl).getIssuerDN();
 
                 CMS.debug("LdapCertSubjMap: crl issuer dn: " +
-                    subjectDN.toString());
-            }catch (ClassCastException ex) {
+                        subjectDN.toString());
+            } catch (ClassCastException ex) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
                 return null;
             }
@@ -208,20 +207,20 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             boolean hasCert = false;
             boolean hasSubjectName = false;
-            String[] attrs = new String[] { LDAPv3.NO_ATTRS }; 
+            String[] attrs = new String[] { LDAPv3.NO_ATTRS };
 
             log(ILogger.LL_INFO, "search " + mSearchBase +
-                " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr);
+                    " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr);
+
+            LDAPSearchResults results =
+                    conn.search(mSearchBase, LDAPv2.SCOPE_SUB,
+                            "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false);
 
-            LDAPSearchResults results = 
-                conn.search(mSearchBase, LDAPv2.SCOPE_SUB, 
-                    "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false);
-							
             LDAPEntry entry = results.next();
 
             if (results.hasMoreElements()) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString()));
             }
             if (entry != null) {
                 log(ILogger.LL_INFO, "entry found");
@@ -233,11 +232,11 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
             }
         }
@@ -259,12 +258,12 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     public String map(LDAPConnection conn, IRequest req, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return map(conn, obj);
     }
 
     public Vector<String> mapAll(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         Vector<String> v = new Vector<String>();
 
         if (conn == null)
@@ -282,20 +281,20 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             boolean hasCert = false;
             boolean hasSubjectName = false;
-            String[] attrs = new String[] { LDAPv3.NO_ATTRS }; 
+            String[] attrs = new String[] { LDAPv3.NO_ATTRS };
 
             log(ILogger.LL_INFO, "search " + mSearchBase +
-                " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr);
+                    " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr);
+
+            LDAPSearchResults results =
+                    conn.search(mSearchBase, LDAPv2.SCOPE_SUB,
+                            "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false);
 
-            LDAPSearchResults results = 
-                conn.search(mSearchBase, LDAPv2.SCOPE_SUB, 
-                    "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false);
-			
             while (results.hasMoreElements()) {
                 LDAPEntry entry = results.next();
                 String dn = entry.getDN();
                 v.addElement(dn);
-                CMS.debug("LdapCertSubjMap: dn="+dn);
+                CMS.debug("LdapCertSubjMap: dn=" + dn);
             }
             CMS.debug("LdapCertSubjMap: Number of entries: " + v.size());
         } catch (LDAPException e) {
@@ -303,11 +302,11 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
             }
         }
@@ -316,13 +315,13 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     public Vector<String> mapAll(LDAPConnection conn, IRequest req, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return mapAll(conn, obj);
     }
 
     private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, 
-            "LdapCertSubjMap: " + msg);
+        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
+                "LdapCertSubjMap: " + msg);
     }
 
     /**
@@ -344,4 +343,3 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java
index 40283e98..4451706a 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.security.cert.CRLException;
 import java.util.Vector;
 
@@ -32,16 +31,15 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapMapper;
 import com.netscape.certsrv.request.IRequest;
 
-
-/** 
- * Default crl mapper. 
+/**
+ * Default crl mapper.
  * maps the crl to a ldap entry by using components in the issuer name
  * to find the CA's entry.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class LdapCrlIssuerCompsMap 
-    extends LdapDNCompsMap implements ILdapMapper {
+public class LdapCrlIssuerCompsMap
+        extends LdapDNCompsMap implements ILdapMapper {
     ILogger mLogger = CMS.getLogger();
 
     public LdapCrlIssuerCompsMap() {
@@ -49,9 +47,9 @@ public class LdapCrlIssuerCompsMap
         // via configuration
     }
 
-    /** 
+    /**
      * Constructor.
-     *
+     * 
      * The DN comps are used to form a LDAP entry to begin a subtree search.
      * The filter comps are used to form a search filter for the subtree.
      * If none of the DN comps matched, baseDN is used for the subtree.
@@ -59,21 +57,21 @@ public class LdapCrlIssuerCompsMap
      * If none of the DN comps and filter comps matched, it is an error.
      * If just the filter comps is null, a base search is performed.
      * 
-     * @param baseDN The base DN. 
+     * @param baseDN The base DN.
      * @param dnComps Components to form the LDAP base dn for search.
      * @param filterComps Components to form the LDAP search filter.
      */
     public LdapCrlIssuerCompsMap(String baseDN, ObjectIdentifier[] dnComps,
-        ObjectIdentifier[] filterComps) {
+            ObjectIdentifier[] filterComps) {
         init(baseDN, dnComps, filterComps);
     }
 
     /**
      * constructor using non-standard certificate attribute.
      */
-    public LdapCrlIssuerCompsMap(String crlAttr, String baseDN, 
-        ObjectIdentifier[] dnComps,
-        ObjectIdentifier[] filterComps) {
+    public LdapCrlIssuerCompsMap(String crlAttr, String baseDN,
+            ObjectIdentifier[] dnComps,
+            ObjectIdentifier[] filterComps) {
         super(crlAttr, baseDN, dnComps, filterComps);
     }
 
@@ -99,14 +97,14 @@ public class LdapCrlIssuerCompsMap
     }
 
     protected void init(String baseDN, ObjectIdentifier[] dnComps,
-        ObjectIdentifier[] filterComps) {
+            ObjectIdentifier[] filterComps) {
         //mLdapAttr = LdapCrlPublisher.LDAP_CRL_ATTR;
         super.init(baseDN, dnComps, filterComps);
     }
 
     /**
      * Maps a crl to LDAP entry.
-     * Uses issuer DN components and filter components to form a DN and 
+     * Uses issuer DN components and filter components to form a DN and
      * filter for a LDAP search.
      * If the formed DN is null the baseDN will be used.
      * If the formed DN is null and baseDN is null an error is thrown.
@@ -116,18 +114,18 @@ public class LdapCrlIssuerCompsMap
      * @param conn - the LDAP connection.
      * @param obj - the X509Certificate.
      * @return the result. LdapCertMapResult is also used for CRL.
-     */ 
+     */
     public String
-    map(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            map(LDAPConnection conn, Object obj)
+                    throws ELdapException {
         if (conn == null)
             return null;
         X509CRLImpl crl = (X509CRLImpl) obj;
 
         try {
             String result = null;
-            X500Name issuerDN = 
-                (X500Name) ((X509CRLImpl) crl).getIssuerDN();
+            X500Name issuerDN =
+                    (X500Name) ((X509CRLImpl) crl).getIssuerDN();
 
             CMS.debug("LdapCrlIssuerCompsMap: " + issuerDN.toString());
 
@@ -136,14 +134,14 @@ public class LdapCrlIssuerCompsMap
             result = super.map(conn, issuerDN, crlbytes);
             return result;
         } catch (CRLException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", e.toString()));
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", e.toString()));
         }
     }
 
     public String map(LDAPConnection conn, IRequest req, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return map(conn, obj);
     }
 
@@ -152,8 +150,7 @@ public class LdapCrlIssuerCompsMap
      */
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapCrlCompsMap: " + msg);
+                "LdapCrlCompsMap: " + msg);
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java
index a9df7dae..e2457b88 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -46,8 +45,7 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapPlugin;
 
-
-/** 
+/**
  * Maps a Subject name to an entry in the LDAP server.
  * subject name to form the ldap search dn and filter.
  * Takes a optional root search dn.
@@ -57,11 +55,11 @@ import com.netscape.certsrv.publish.ILdapPlugin;
  * If the baseDN is null and none of the DN comps matched, it is an error.
  * If none of the DN comps and filter comps matched, it is an error.
  * If just the filter comps is null, a base search is performed.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class LdapDNCompsMap 
-    implements ILdapPlugin, IExtendedPluginInfo {
+public class LdapDNCompsMap
+        implements ILdapPlugin, IExtendedPluginInfo {
     //protected String mLdapAttr = null;
     protected String mBaseDN = null;
     protected ObjectIdentifier[] mDnComps = null;
@@ -71,9 +69,9 @@ public class LdapDNCompsMap
     private boolean mInited = false;
     protected IConfigStore mConfig = null;
 
-    /** 
+    /**
      * Constructor.
-     *
+     * 
      * The DN comps are used to form a LDAP entry to begin a subtree search.
      * The filter comps are used to form a search filter for the subtree.
      * If none of the DN comps matched, baseDN is used for the subtree.
@@ -81,13 +79,13 @@ public class LdapDNCompsMap
      * If none of the DN comps and filter comps matched, it is an error.
      * If just the filter comps is null, a base search is performed.
      * 
-     * @param baseDN The base DN. 
+     * @param baseDN The base DN.
      * @param dnComps Components to form the LDAP base dn for search.
      * @param filterComps Components to form the LDAP search filter.
      */
-    public LdapDNCompsMap(String ldapAttr, String baseDN, 
-        ObjectIdentifier[] dnComps,
-        ObjectIdentifier[] filterComps) {
+    public LdapDNCompsMap(String ldapAttr, String baseDN,
+            ObjectIdentifier[] dnComps,
+            ObjectIdentifier[] filterComps) {
         //mLdapAttr = ldapAttr;
         init(baseDN, dnComps, filterComps);
     }
@@ -102,17 +100,17 @@ public class LdapDNCompsMap
         return mConfig;
     }
 
-    /** 
+    /**
      * for initializing from config store.
      */
-    public void init(IConfigStore config) 
-        throws EBaseException {
+    public void init(IConfigStore config)
+            throws EBaseException {
         mConfig = config;
         String baseDN = mConfig.getString("baseDN");
-        ObjectIdentifier[] dnComps = 
-            getCompsFromString(mConfig.getString("dnComps"));
-        ObjectIdentifier[] filterComps = 
-            getCompsFromString(mConfig.getString("filterComps"));
+        ObjectIdentifier[] dnComps =
+                getCompsFromString(mConfig.getString("dnComps"));
+        ObjectIdentifier[] filterComps =
+                getCompsFromString(mConfig.getString("filterComps"));
 
         init(baseDN, dnComps, filterComps);
     }
@@ -131,12 +129,12 @@ public class LdapDNCompsMap
                 "dnComps;string;Comma-separated list of attributes to put in the DN",
                 "filterComps;string;Comma-separated list of attributes to form the filter",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-mapper-dncompsmapper",
+                        ";configuration-ldappublish-mapper-dncompsmapper",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";More complex mapper. Used when there is not enough information " +
-                "in the cert request to form the complete LDAP DN. Using this " +
-                "plugin, you can specify additional LDAP filters to narrow down the " +
-                "search"
+                        ";More complex mapper. Used when there is not enough information " +
+                        "in the cert request to form the complete LDAP DN. Using this " +
+                        "plugin, you can specify additional LDAP filters to narrow down the " +
+                        "search"
             };
 
         return s;
@@ -163,14 +161,14 @@ public class LdapDNCompsMap
             if (mDnComps == null) {
                 v.addElement("dnComps=");
             } else {
-                v.addElement("dnComps=" + 
-                    mConfig.getString("dnComps"));
+                v.addElement("dnComps=" +
+                        mConfig.getString("dnComps"));
             }
             if (mFilterComps == null) {
                 v.addElement("filterComps=");
             } else {
-                v.addElement("filterComps=" + 
-                    mConfig.getString("filterComps"));
+                v.addElement("filterComps=" +
+                        mConfig.getString("filterComps"));
             }
         } catch (Exception e) {
         }
@@ -181,8 +179,8 @@ public class LdapDNCompsMap
      * common initialization routine.
      */
     protected void init(String baseDN, ObjectIdentifier[] dnComps,
-        ObjectIdentifier[] filterComps) {
-        if (mInited) 
+            ObjectIdentifier[] filterComps) {
+        if (mInited)
             return;
 
         mBaseDN = baseDN;
@@ -191,36 +189,36 @@ public class LdapDNCompsMap
         if (filterComps != null)
             mFilterComps = (ObjectIdentifier[]) filterComps.clone();
 
-            // log debug info.
+        // log debug info.
         for (int i = 0; i < mDnComps.length; i++) {
             CMS.debug(
-                "LdapDNCompsMap: dnComp " + X500NameAttrMap.getDefault().getName(mDnComps[i]));
+                    "LdapDNCompsMap: dnComp " + X500NameAttrMap.getDefault().getName(mDnComps[i]));
         }
         for (int i = 0; i < mFilterComps.length; i++) {
             CMS.debug("LdapDNCompsMap: filterComp " +
-                X500NameAttrMap.getDefault().getName(mFilterComps[i]));
+                    X500NameAttrMap.getDefault().getName(mFilterComps[i]));
         }
         mInited = true;
     }
 
     /**
      * Maps a X500 subject name to LDAP entry.
-     * Uses DN components and filter components to form a DN and 
+     * Uses DN components and filter components to form a DN and
      * filter for a LDAP search.
      * If the formed DN is null the baseDN will be used.
      * If the formed DN is null and baseDN is null an error is thrown.
      * If the filter is null a base search is performed.
      * If both are null an error is thrown.
      * 
-     * @param conn	the LDAP connection.
-     * @param x500name  	the dn to map.
-     * @param obj 	the object
+     * @param conn the LDAP connection.
+     * @param x500name the dn to map.
+     * @param obj the object
      * @exception ELdapException if any LDAP exceptions occured.
      * @return the DN of the entry.
-     */ 
-    public String map(LDAPConnection conn, X500Name x500name, 
-        byte[] obj)
-        throws ELdapException {
+     */
+    public String map(LDAPConnection conn, X500Name x500name,
+            byte[] obj)
+            throws ELdapException {
         try {
             if (conn == null)
                 return null;
@@ -240,11 +238,11 @@ public class LdapDNCompsMap
                 //		x500name.toString()); 
                 // }
                 if (mBaseDN == null) {
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("PUBLISH_NO_BASE"));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("PUBLISH_NO_BASE"));
                     throw new ELdapException(
-                            CMS.getUserMessage("CMS_LDAP_NO_DN_COMPS_AND_BASEDN", 
-                                x500name.toString()));
+                            CMS.getUserMessage("CMS_LDAP_NO_DN_COMPS_AND_BASEDN",
+                                    x500name.toString()));
                 }
                 dn = mBaseDN;
             }
@@ -261,23 +259,23 @@ public class LdapDNCompsMap
             attrs = new String[] { LDAPv3.NO_ATTRS };
 
             log(ILogger.LL_INFO, "searching for " + dn + " " + filter + " " +
-                ((scope == LDAPv2.SCOPE_SUB) ? "sub" : "base"));
+                    ((scope == LDAPv2.SCOPE_SUB) ? "sub" : "base"));
 
-            LDAPSearchResults results = 
-                conn.search(dn, scope, filter, attrs, false);
+            LDAPSearchResults results =
+                    conn.search(dn, scope, filter, attrs, false);
             LDAPEntry entry = results.next();
 
             if (results.hasMoreElements()) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", x500name.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", 
-                            x500name.toString())); 
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", x500name.toString()));
+                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY",
+                            x500name.toString()));
             }
             if (entry != null) {
                 return entry.getDN();
             } else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", "", x500name.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", "", x500name.toString()));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND",
                             "null entry"));
             }
@@ -286,11 +284,11 @@ public class LdapDNCompsMap
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
             }
         }
@@ -298,15 +296,16 @@ public class LdapDNCompsMap
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapDNCompsMap: " + msg);
+                "LdapDNCompsMap: " + msg);
     }
 
     /**
      * form a dn and filter from component in the cert subject name
+     * 
      * @param subjName subject name
      */
     public String[] formDNandFilter(X500Name subjName)
-        throws ELdapException {
+            throws ELdapException {
         Vector<RDN> dnRdns = new Vector<RDN>();
         SearchFilter filter = new SearchFilter();
         X500NameAttrMap attrMap = X500NameAttrMap.getDefault();
@@ -328,16 +327,16 @@ public class LdapDNCompsMap
                             DerValue val = ava.getValue();
                             AVA newAVA = new AVA(mailOid, val);
                             RDN newRDN = new RDN(new AVA[] { newAVA }
-                                );
+                                    );
 
-                            CMS.debug( 
-                                "LdapDNCompsMap: Converted " + rdn.toLdapDNString() + " to " +
-                                newRDN.toLdapDNString() + " in DN");
+                            CMS.debug(
+                                    "LdapDNCompsMap: Converted " + rdn.toLdapDNString() + " to " +
+                                            newRDN.toLdapDNString() + " in DN");
                             rdn = newRDN;
                         }
                         dnRdns.addElement(rdn);
                         CMS.debug(
-                            "LdapDNCompsMap: adding dn comp " + rdn.toLdapDNString());
+                                "LdapDNCompsMap: adding dn comp " + rdn.toLdapDNString());
                         break;
                     }
                 }
@@ -348,13 +347,13 @@ public class LdapDNCompsMap
                             AVA newAVA = new AVA(mailOid, val);
 
                             CMS.debug(
-                                "LdapDNCompsMap: Converted " + ava.toLdapDNString() + " to " +
-                                newAVA.toLdapDNString() + " in filter");
+                                    "LdapDNCompsMap: Converted " + ava.toLdapDNString() + " to " +
+                                            newAVA.toLdapDNString() + " in filter");
                             ava = newAVA;
                         }
                         filter.addElement(ava.toLdapDNString());
                         CMS.debug(
-                            "LdapDNCompsMap: adding filter comp " + ava.toLdapDNString());
+                                "LdapDNCompsMap: adding filter comp " + ava.toLdapDNString());
                         break;
                     }
                 }
@@ -363,14 +362,14 @@ public class LdapDNCompsMap
                 // return to caller to decide.
                 if (dnRdns.size() != 0) {
                     dnStr = new X500Name(dnRdns).toLdapDNString();
-                } 
+                }
                 if (filter.size() != 0) {
                     filterStr = filter.toFilterString();
                 }
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("PUBLISH_FROM_SUBJ_TO_DN", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("PUBLISH_FROM_SUBJ_TO_DN", e.toString()));
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FORM_DN_COMPS_FAILED", e.toString()));
         }
 
@@ -386,12 +385,13 @@ public class LdapDNCompsMap
     }
 
     /**
-     * class for forming search filters for ldap searching from 
+     * class for forming search filters for ldap searching from
      * name=value components. components are anded.
      */
 
     public static class SearchFilter extends Vector<Object> {
         private static final long serialVersionUID = 4210302171279891828L;
+
         public String toFilterString() {
             StringBuffer buf = new StringBuffer();
 
@@ -412,21 +412,22 @@ public class LdapDNCompsMap
     }
 
     /**
-     * useful routine for parsing components given as string to 
-     * arrays of objectidentifiers. 
-     * The string is expected to be comma separated AVA attribute names. 
+     * useful routine for parsing components given as string to
+     * arrays of objectidentifiers.
+     * The string is expected to be comma separated AVA attribute names.
      * For example, "uid,cn,o,ou". Attribute names are case insensitive.
+     * 
      * @param val the string specifying the comps
      * @exception ELdapException if any error occurs.
      */
     public static ObjectIdentifier[] getCompsFromString(String val)
-        throws ELdapException {
+            throws ELdapException {
         StringTokenizer tokens;
         ObjectIdentifier[] comps;
         String attr;
         ObjectIdentifier oid;
 
-        if (val == null || val.length() == 0) 
+        if (val == null || val.length() == 0)
             return new ObjectIdentifier[0];
 
         tokens = new StringTokenizer(val, ", \t\n\r");
@@ -439,7 +440,7 @@ public class LdapDNCompsMap
         while (tokens.hasMoreTokens()) {
             attr = tokens.nextToken().trim();
             // mail -> E hack to look for E in subject names.
-            if (attr.equalsIgnoreCase("mail")) 
+            if (attr.equalsIgnoreCase("mail"))
                 attr = "E";
             oid = X500NameAttrMap.getDefault().getOid(attr);
             if (oid != null) {
@@ -453,4 +454,3 @@ public class LdapDNCompsMap
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java
index e3c2fa1b..c82d978e 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java
@@ -20,7 +20,6 @@
 
 package com.netscape.cms.publish.mappers;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -56,35 +55,32 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapMapper;
 import com.netscape.certsrv.request.IRequest;
 
-
 //////////////////////
 // class definition //
 //////////////////////
 
-/** 
+/**
  * Maps a request to an entry in the LDAP server.
  * Takes a dnPattern to form the baseDN from the
  * request attributes and certificate subject name.
  * Does a base search for the entry in the directory
- * to publish the cert or crl.  The restriction of
+ * to publish the cert or crl. The restriction of
  * this mapper is that the ldap dn components must
  * be part of certificate subject name or request
- * attributes or constant.  The difference of this
- * mapper and LdapSimpleMap is that if the  ldap
+ * attributes or constant. The difference of this
+ * mapper and LdapSimpleMap is that if the ldap
  * entry is not found, it has the option to create
  * the ldap entry given the dn and attributes
  * formulated.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class LdapEnhancedMap
-    implements ILdapMapper, IExtendedPluginInfo {
+        implements ILdapMapper, IExtendedPluginInfo {
     ////////////////////////
     // default parameters //
     ////////////////////////
 
-
-
     //////////////////////////////////////
     // local LdapEnhancedMap parameters //
     //////////////////////////////////////
@@ -107,7 +103,7 @@ public class LdapEnhancedMap
     ////////////////////////////
 
     /* mapper plug-in fields */
-    protected static final String PROP_DNPATTERN = "dnPattern";  
+    protected static final String PROP_DNPATTERN = "dnPattern";
     protected static final String PROP_CREATE = "createEntry";
     // the object class of the entry to be created. xxxx not done yet  
     protected static final String PROP_OBJCLASS = "objectClass";
@@ -145,9 +141,9 @@ public class LdapEnhancedMap
 
     /* miscellaneous constants local to this mapper plug-in */
     // default dn pattern if left blank or not set in the config
-    public static final String DEFAULT_DNPATTERN = 
-        "UID=$req.HTTP_PARAMS.UID, " +
-        "OU=people, O=$subj.o, C=$subj.c";
+    public static final String DEFAULT_DNPATTERN =
+            "UID=$req.HTTP_PARAMS.UID, " +
+                    "OU=people, O=$subj.o, C=$subj.c";
     private static final int MAX_ATTRS = 10;
     protected static final int DEFAULT_ATTRNUM = 1;
 
@@ -159,8 +155,6 @@ public class LdapEnhancedMap
     // IExtendedPluginInfo parameters //
     ////////////////////////////////////
 
-
-
     ///////////////////////
     // Logger parameters //
     ///////////////////////
@@ -185,14 +179,14 @@ public class LdapEnhancedMap
      * common initialization routine.
      */
     protected void init(String dnPattern)
-        throws EBaseException {
+            throws EBaseException {
         if (mInited) {
             return;
         }
 
         mDnPattern = dnPattern;
         if (mDnPattern == null ||
-            mDnPattern.length() == 0) {
+                mDnPattern.length() == 0) {
             mDnPattern = DEFAULT_DNPATTERN;
         }
 
@@ -202,11 +196,11 @@ public class LdapEnhancedMap
             String[] mCertAttrs = mPattern.getCertAttrs();
         } catch (ELdapException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT",
-                    dnPattern, e.toString()));
+                    CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT",
+                            dnPattern, e.toString()));
             throw new EBaseException(
-                    "falied to init with pattern " + 
-                    dnPattern + " " + e);
+                    "falied to init with pattern " +
+                            dnPattern + " " + e);
         }
 
         mInited = true;
@@ -214,43 +208,44 @@ public class LdapEnhancedMap
 
     /**
      * form a dn from component in the request and cert subject name
+     * 
      * @param req The request
      * @param obj The certificate or crl
      */
     private String formDN(IRequest req, Object obj)
-        throws EBaseException {
+            throws EBaseException {
         CertificateExtensions certExt = null;
         X500Name subjectDN = null;
 
         try {
             X509Certificate cert = (X509Certificate) obj;
 
-            subjectDN = 
+            subjectDN =
                     (X500Name) ((X509Certificate) cert).getSubjectDN();
             CMS.debug(
-                "LdapEnhancedMap: cert subject dn:" +
-                subjectDN.toString());
+                    "LdapEnhancedMap: cert subject dn:" +
+                            subjectDN.toString());
 
             //certExt = (CertificateExtensions)
             //          ((X509CertImpl)cert).get(
             //              X509CertInfo.EXTENSIONS);
             X509CertInfo info = (X509CertInfo)
-                ((X509CertImpl) cert).get(
-                    X509CertImpl.NAME +
-                    "." +
-                    X509CertImpl.INFO);
+                    ((X509CertImpl) cert).get(
+                            X509CertImpl.NAME +
+                                    "." +
+                                    X509CertImpl.INFO);
 
             certExt = (CertificateExtensions)
                     info.get(CertificateExtensions.NAME);
         } catch (java.security.cert.CertificateParsingException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
+                    CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
+                    CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
         } catch (java.security.cert.CertificateException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
+                    CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
         } catch (ClassCastException e) {
 
             try {
@@ -260,14 +255,14 @@ public class LdapEnhancedMap
                         ((X509CRLImpl) crl).getIssuerDN();
 
                 CMS.debug(
-                    "LdapEnhancedMap: crl issuer dn: " +
+                        "LdapEnhancedMap: crl issuer dn: " +
 
-                    subjectDN.toString());
+                        subjectDN.toString());
             } catch (ClassCastException ex) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED",
-                        ((req == null) ? ""
-                            : req.getRequestId().toString())));
+                        CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED",
+                                ((req == null) ? ""
+                                        : req.getRequestId().toString())));
                 return null;
             }
         }
@@ -289,26 +284,26 @@ public class LdapEnhancedMap
             return dn;
         } catch (ELdapException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("PUBLISH_CANT_FORM_DN",
-                    ((req == null) ? ""
-                        : req.getRequestId().toString()), e.toString()));
+                    CMS.getLogMessage("PUBLISH_CANT_FORM_DN",
+                            ((req == null) ? ""
+                                    : req.getRequestId().toString()), e.toString()));
 
             throw new EBaseException(
                     "failed to form dn for request: " +
-                    ((req == null) ? ""
-                        : req.getRequestId().toString()) +
-                    " " + e);
+                            ((req == null) ? ""
+                                    : req.getRequestId().toString()) +
+                            " " + e);
         }
     }
 
     private void createEntry(LDAPConnection conn, String dn)
-        throws LDAPException {
+            throws LDAPException {
         LDAPAttributeSet attrs = new LDAPAttributeSet();
 
         // OID 2.5.6.16
-        String caOc[] = { "top", 
-                "person", 
-                "organizationalPerson", 
+        String caOc[] = { "top",
+                "person",
+                "organizationalPerson",
                 "inetOrgPerson" };
 
         DN dnobj = new DN(dn);
@@ -319,10 +314,10 @@ public class LdapEnhancedMap
         attrs.add(new LDAPAttribute("objectclass", caOc));
 
         for (int i = 0; i < mNumAttrs; i++) {
-            if (mLdapNames[i] != null && 
-                !mLdapNames[i].trim().equals("") &&
-                mLdapValues[i] != null &&
-                !mLdapValues[i].trim().equals("")) {
+            if (mLdapNames[i] != null &&
+                    !mLdapNames[i].trim().equals("") &&
+                    mLdapValues[i] != null &&
+                    !mLdapValues[i].trim().equals("")) {
                 attrs.add(new LDAPAttribute(mLdapNames[i],
                         mLdapValues[i]));
             }
@@ -337,14 +332,14 @@ public class LdapEnhancedMap
     // ILdapMapper methods //
     /////////////////////////
 
-    /** 
+    /**
      * for initializing from config store.
-     *
+     * 
      * implementation for extended
      * ILdapPlugin interface method
      */
-    public void init(IConfigStore config) 
-        throws EBaseException {
+    public void init(IConfigStore config)
+            throws EBaseException {
         mConfig = config;
 
         mDnPattern = mConfig.getString(PROP_DNPATTERN,
@@ -364,16 +359,16 @@ public class LdapEnhancedMap
         for (int i = 0; i < mNumAttrs; i++) {
             mLdapNames[i] =
                     mConfig.getString(PROP_ATTR_NAME +
-                        Integer.toString(i),
-                        "");
+                            Integer.toString(i),
+                            "");
 
             mLdapPatterns[i] =
                     mConfig.getString(PROP_ATTR_PATTERN +
-                        Integer.toString(i),
-                        "");
+                            Integer.toString(i),
+                            "");
 
             if (mLdapPatterns[i] != null &&
-                !mLdapPatterns[i].trim().equals("")) {
+                    !mLdapPatterns[i].trim().equals("")) {
                 mPatterns[i] = new AVAPattern(mLdapPatterns[i]);
             }
         }
@@ -381,7 +376,7 @@ public class LdapEnhancedMap
         init(mDnPattern);
     }
 
-    /** 
+    /**
      * implementation for extended
      * ILdapPlugin interface method
      */
@@ -407,34 +402,34 @@ public class LdapEnhancedMap
         try {
             if (mDnPattern == null) {
                 v.addElement(PROP_DNPATTERN + "=");
-            }else {
+            } else {
                 v.addElement(PROP_DNPATTERN + "=" +
-                    mConfig.getString(PROP_DNPATTERN));
+                        mConfig.getString(PROP_DNPATTERN));
             }
 
             v.addElement(PROP_CREATE + "=" +
-                mConfig.getBoolean(PROP_CREATE,
-                    true));
+                    mConfig.getBoolean(PROP_CREATE,
+                            true));
 
             v.addElement(PROP_ATTRNUM + "=" +
-                mConfig.getInteger(PROP_ATTRNUM,
-                    DEFAULT_NUM_ATTRS));
+                    mConfig.getInteger(PROP_ATTRNUM,
+                            DEFAULT_NUM_ATTRS));
 
             for (int i = 0; i < mNumAttrs; i++) {
                 if (mLdapNames[i] != null) {
                     v.addElement(PROP_ATTR_NAME + i +
-                        "=" + mLdapNames[i]);
+                            "=" + mLdapNames[i]);
                 } else {
                     v.addElement(PROP_ATTR_NAME + i +
-                        "=");
+                            "=");
                 }
 
                 if (mLdapPatterns[i] != null) {
                     v.addElement(PROP_ATTR_PATTERN + i +
-                        "=" + mLdapPatterns[i]);
+                            "=" + mLdapPatterns[i]);
                 } else {
                     v.addElement(PROP_ATTR_PATTERN + i +
-                        "=");
+                            "=");
                 }
             }
         } catch (Exception e) {
@@ -447,12 +442,12 @@ public class LdapEnhancedMap
      * Maps an X500 subject name to an LDAP entry.
      * Uses DN pattern to form a DN for an LDAP base search.
      * 
-     * @param     conn            the LDAP connection.
-     * @param     obj             the object to map.
-     * @exception ELdapException  if any LDAP exceptions occurred.
-     */ 
+     * @param conn the LDAP connection.
+     * @param obj the object to map.
+     * @exception ELdapException if any LDAP exceptions occurred.
+     */
     public String map(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return map(conn, null, obj);
     }
 
@@ -460,13 +455,13 @@ public class LdapEnhancedMap
      * Maps an X500 subject name to an LDAP entry.
      * Uses DN pattern to form a DN for an LDAP base search.
      * 
-     * @param     conn            the LDAP connection.
-     * @param     req             the request to map.
-     * @param     obj             the object to map.
-     * @exception ELdapException  if any LDAP exceptions occurred.
-     */ 
+     * @param conn the LDAP connection.
+     * @param req the request to map.
+     * @param obj the object to map.
+     * @exception ELdapException if any LDAP exceptions occurred.
+     */
     public String map(LDAPConnection conn, IRequest req, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         if (conn == null) {
             return null;
         }
@@ -477,7 +472,7 @@ public class LdapEnhancedMap
             dn = formDN(req, obj);
             if (dn == null) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_DN_NOT_FORMED"));
+                        CMS.getLogMessage("PUBLISH_DN_NOT_FORMED"));
 
                 String s1 = "";
 
@@ -494,9 +489,9 @@ public class LdapEnhancedMap
             String[] attrs = new String[] { LDAPv3.NO_ATTRS };
 
             log(ILogger.LL_INFO,
-                "searching for dn: " +
-                dn + " filter:" +
-                filter + " scope: base");
+                    "searching for dn: " +
+                            dn + " filter:" +
+                            filter + " scope: base");
 
             LDAPSearchResults results = conn.search(dn,
                     scope,
@@ -508,27 +503,27 @@ public class LdapEnhancedMap
 
             if (results.hasMoreElements()) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY",
-                        dn + 
-                        ((req == null) ? ""
-                            : req.getRequestId().toString()))); 
+                        CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY",
+                                dn +
+                                        ((req == null) ? ""
+                                                : req.getRequestId().toString())));
 
                 throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", 
-                            ((req == null) ? ""
-                                : req.getRequestId().toString()))); 
+                        CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY",
+                                ((req == null) ? ""
+                                        : req.getRequestId().toString())));
             }
 
             if (entry != null) {
                 return entry.getDN();
             } else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND",
-                        dn +
-                        ((req == null) ? ""
-                            : req.getRequestId().toString())));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND",
+                                dn +
+                                        ((req == null) ? ""
+                                                : req.getRequestId().toString())));
 
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", 
+                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND",
                             "null entry"));
             }
         } catch (LDAPException e) {
@@ -536,48 +531,48 @@ public class LdapEnhancedMap
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
 
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else if (e.getLDAPResultCode() ==
-                LDAPException.NO_SUCH_OBJECT && mCreateEntry) {
+                    LDAPException.NO_SUCH_OBJECT && mCreateEntry) {
 
                 try {
                     createEntry(conn, dn);
 
                     log(ILogger.LL_INFO,
-                        "Entry " +
-                        dn +
-                        " Created");
+                            "Entry " +
+                                    dn +
+                                    " Created");
 
                     return dn;
                 } catch (LDAPException e1) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION",
-                            dn,
-                            e.toString()));
+                            CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION",
+                                    dn,
+                                    e.toString()));
 
                     log(ILogger.LL_FAILURE,
-                        "Entry is not created. " +
-                        "This may because there are " +
-                        "entries in the directory " +
-                        "hierachy not exit.");
+                            "Entry is not created. " +
+                                    "This may because there are " +
+                                    "entries in the directory " +
+                                    "hierachy not exit.");
 
                     throw new ELdapException(
                             CMS.getUserMessage("CMS_LDAP_CREATE_ENTRY", dn));
                 }
             } else {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION",
-                        dn,
-                        e.toString()));
+                        CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION",
+                                dn,
+                                e.toString()));
 
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
             }
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT",
-                    e.toString()));
+                    CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT",
+                            e.toString()));
 
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
         }
@@ -591,46 +586,46 @@ public class LdapEnhancedMap
         Vector<String> v = new Vector<String>();
 
         v.addElement(PROP_DNPATTERN +
-            ";string;Describes how to form the Ldap " +
-            "Subject name in the directory.  " +
-            "Example 1:  'uid=CertMgr, o=Fedora'.  " +
-            "Example 2:  'uid=$req.HTTP_PARAMS.uid, " +
-            "E=$ext.SubjectAlternativeName.RFC822Name, " +
-            "ou=$subj.ou'. " + 
-            "$req means: take the attribute from the " +
-            "request. " + 
-            "$subj means: take the attribute from the " +
-            "certificate subject name. " + 
-            "$ext means: take the attribute from the " +
-            "certificate extension");
+                ";string;Describes how to form the Ldap " +
+                "Subject name in the directory.  " +
+                "Example 1:  'uid=CertMgr, o=Fedora'.  " +
+                "Example 2:  'uid=$req.HTTP_PARAMS.uid, " +
+                "E=$ext.SubjectAlternativeName.RFC822Name, " +
+                "ou=$subj.ou'. " +
+                "$req means: take the attribute from the " +
+                "request. " +
+                "$subj means: take the attribute from the " +
+                "certificate subject name. " +
+                "$ext means: take the attribute from the " +
+                "certificate extension");
         v.addElement(PROP_CREATE +
-            ";boolean;If checked, An entry will be " +
-            "created automatically");
+                ";boolean;If checked, An entry will be " +
+                "created automatically");
         v.addElement(PROP_ATTRNUM +
-            ";string;How many attributes to add.");
+                ";string;How many attributes to add.");
         v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-ldappublish-mapper-enhancedmapper");
+                ";configuration-ldappublish-mapper-enhancedmapper");
         v.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Describes how to form the LDAP DN of the " +
-            "entry to publish to");
+                ";Describes how to form the LDAP DN of the " +
+                "entry to publish to");
 
         for (int i = 0; i < MAX_ATTRS; i++) {
             v.addElement(PROP_ATTR_NAME +
-                Integer.toString(i) +
-                ";string;" +
-                "The name of LDAP attribute " +
-                "to be added. e.g. mail");
+                    Integer.toString(i) +
+                    ";string;" +
+                    "The name of LDAP attribute " +
+                    "to be added. e.g. mail");
             v.addElement(PROP_ATTR_PATTERN +
-                Integer.toString(i) +
-                ";string;" +
-                "How to create the LDAP attribute value. " +
-                "e.g. $req.HTTP_PARAMS.csrRequestorEmail, " +
-                "$subj.E or " +
-                "$ext.SubjectAlternativeName.RFC822Name");
+                    Integer.toString(i) +
+                    ";string;" +
+                    "How to create the LDAP attribute value. " +
+                    "e.g. $req.HTTP_PARAMS.csrRequestorEmail, " +
+                    "$subj.E or " +
+                    "$ext.SubjectAlternativeName.RFC822Name");
         }
 
         String params[] =
-            com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
+                com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
 
         return params;
     }
@@ -641,7 +636,6 @@ public class LdapEnhancedMap
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapEnhancedMapper: " + msg);
+                "LdapEnhancedMapper: " + msg);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java
index 192b1d30..58bc06b2 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.io.IOException;
 import java.security.cert.X509Certificate;
 import java.util.Locale;
@@ -45,19 +44,18 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapMapper;
 import com.netscape.certsrv.request.IRequest;
 
-
-/** 
+/**
  * Maps a request to an entry in the LDAP server.
  * Takes a dnPattern to form the baseDN from the request attributes
- * and certificate subject name.Do a base search for the entry 
+ * and certificate subject name.Do a base search for the entry
  * in the directory to publish the cert or crl.
  * The restriction of this mapper is that the ldap dn components must
  * be part of certificate subject name or request attributes or constant.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
-    protected static final String PROP_DNPATTERN = "dnPattern";  
+    protected static final String PROP_DNPATTERN = "dnPattern";
     protected String mDnPattern = null;
 
     private ILogger mLogger = CMS.getLogger();
@@ -74,13 +72,13 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
     protected String[] mCertAttrs = null;
 
     /* default dn pattern if left blank or not set in the config */
-    public static final String DEFAULT_DNPATTERN = 
-        "UID=$req.HTTP_PARAMS.UID,  OU=people, O=$subj.o, C=$subj.c";
+    public static final String DEFAULT_DNPATTERN =
+            "UID=$req.HTTP_PARAMS.UID,  OU=people, O=$subj.o, C=$subj.c";
 
-    /** 
+    /**
      * Constructor.
-     *
-     * @param dnPattern The base DN. 
+     * 
+     * @param dnPattern The base DN.
      */
     public LdapSimpleMap(String dnPattern) {
         try {
@@ -88,7 +86,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
         }
-		
+
     }
 
     /**
@@ -100,11 +98,11 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
     public String[] getExtendedPluginInfo(Locale locale) {
         String params[] = {
                 "dnPattern;string;Describes how to form the Ldap Subject name in" +
-                " the directory.  Example 1:  'uid=CertMgr, o=Fedora'.  Example 2:" +
-                " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + 
-                "$req means: take the attribute from the request. " + 
-                "$subj means: take the attribute from the certificate subject name. " + 
-                "$ext means: take the attribute from the certificate extension",
+                        " the directory.  Example 1:  'uid=CertMgr, o=Fedora'.  Example 2:" +
+                        " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " +
+                        "$req means: take the attribute from the request. " +
+                        "$subj means: take the attribute from the certificate subject name. " +
+                        "$ext means: take the attribute from the certificate extension",
                 IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-simplemapper",
                 IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the LDAP DN of the entry to publish to"
             };
@@ -116,11 +114,11 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         return mConfig;
     }
 
-    /** 
+    /**
      * for initializing from config store.
      */
-    public void init(IConfigStore config) 
-        throws EBaseException {
+    public void init(IConfigStore config)
+            throws EBaseException {
         mConfig = config;
         String dnPattern = mConfig.getString(PROP_DNPATTERN);
 
@@ -131,12 +129,12 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
      * common initialization routine.
      */
     protected void init(String dnPattern)
-        throws EBaseException {
-        if (mInited) 
+            throws EBaseException {
+        if (mInited)
             return;
 
         mDnPattern = dnPattern;
-        if (mDnPattern == null || mDnPattern.length() == 0) 
+        if (mDnPattern == null || mDnPattern.length() == 0)
             mDnPattern = DEFAULT_DNPATTERN;
         try {
             mPattern = new MapDNPattern(mDnPattern);
@@ -145,7 +143,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         } catch (ELdapException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT",
                     dnPattern, e.toString()));
-            throw new EBaseException("falied to init with pattern " + 
+            throw new EBaseException("falied to init with pattern " +
                     dnPattern + " " + e);
         }
 
@@ -156,12 +154,12 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
      * Maps a X500 subject name to LDAP entry.
      * Uses DN pattern to form a DN for a LDAP base search.
      * 
-     * @param conn	the LDAP connection.
-     * @param obj   the object to map.
+     * @param conn the LDAP connection.
+     * @param obj the object to map.
      * @exception ELdapException if any LDAP exceptions occured.
-     */ 
+     */
     public String map(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return map(conn, null, obj);
     }
 
@@ -169,13 +167,13 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
      * Maps a X500 subject name to LDAP entry.
      * Uses DN pattern to form a DN for a LDAP base search.
      * 
-     * @param conn	the LDAP connection.
-     * @param req  	the request to map.
-     * @param obj   the object to map.
+     * @param conn the LDAP connection.
+     * @param req the request to map.
+     * @param obj the object to map.
      * @exception ELdapException if any LDAP exceptions occured.
-     */ 
+     */
     public String map(LDAPConnection conn, IRequest req, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         if (conn == null)
             return null;
         String dn = null;
@@ -198,22 +196,22 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
             String[] attrs = new String[] { LDAPv3.NO_ATTRS };
 
             log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:"
-                + filter + " scope: base");
+                    + filter + " scope: base");
 
-            LDAPSearchResults results = 
-                conn.search(dn, scope, filter, attrs, false);
+            LDAPSearchResults results =
+                    conn.search(dn, scope, filter, attrs, false);
             LDAPEntry entry = results.next();
 
             if (results.hasMoreElements()) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" : req.getRequestId().toString()))); 
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", 
-                            ((req == null) ? "" : req.getRequestId().toString()))); 
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" : req.getRequestId().toString())));
+                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY",
+                            ((req == null) ? "" : req.getRequestId().toString())));
             }
             if (entry != null)
                 return entry.getDN();
             else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" : req.getRequestId().toString())));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" : req.getRequestId().toString())));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND",
                             "null entry"));
             }
@@ -224,7 +222,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "", e.toString()));
@@ -238,6 +236,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
 
     /**
      * form a dn from component in the request and cert subject name
+     * 
      * @param req The request
      * @param obj The certificate or crl
      */
@@ -249,15 +248,15 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             X509Certificate cert = (X509Certificate) obj;
 
-            subjectDN = 
+            subjectDN =
                     (X500Name) ((X509Certificate) cert).getSubjectDN();
 
             CMS.debug("LdapSimpleMap: cert subject dn:" + subjectDN.toString());
             //certExt = (CertificateExtensions)
             //        ((X509CertImpl)cert).get(X509CertInfo.EXTENSIONS);
             X509CertInfo info = (X509CertInfo)
-                ((X509CertImpl) cert).get(
-                    X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                    ((X509CertImpl) cert).get(
+                            X509CertImpl.NAME + "." + X509CertImpl.INFO);
 
             certExt = (CertificateExtensions) info.get(
                         CertificateExtensions.NAME);
@@ -271,15 +270,15 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
             try {
                 X509CRLImpl crl = (X509CRLImpl) obj;
 
-                subjectDN = 
+                subjectDN =
                         (X500Name) ((X509CRLImpl) crl).getIssuerDN();
 
                 CMS.debug("LdapSimpleMap: crl issuer dn: " +
-                    subjectDN.toString());
-            }catch (ClassCastException ex) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", 
-                        ((req == null) ? "" : req.getRequestId().toString())));
+                        subjectDN.toString());
+            } catch (ClassCastException ex) {
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED",
+                                ((req == null) ? "" : req.getRequestId().toString())));
                 return null;
             }
         }
@@ -315,9 +314,9 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             if (mDnPattern == null) {
                 v.addElement(PROP_DNPATTERN + "=");
-            }else {
+            } else {
                 v.addElement(PROP_DNPATTERN + "=" +
-                    mConfig.getString(PROP_DNPATTERN));
+                        mConfig.getString(PROP_DNPATTERN));
             }
         } catch (Exception e) {
         }
@@ -326,8 +325,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapSimpleMapper: " + msg);
+                "LdapSimpleMapper: " + msg);
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java
index 667a7c5a..79d64054 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.io.IOException;
 import java.io.PushbackReader;
 import java.io.StringReader;
@@ -42,26 +41,26 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.publish.ECompSyntaxErr;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * class for parsing a DN pattern used to construct a ldap dn from 
- * request attributes and cert subject name.<p>
+ * class for parsing a DN pattern used to construct a ldap dn from
+ * request attributes and cert subject name.
+ * <p>
+ * 
+ * dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and request attributes . If empty or not set, the certificate subject name will be used as the ldap dn.
+ * <p>
  * 
- * dnpattern is a string representing a ldap dn pattern to formulate from 
- * the certificate subject name attributes and request attributes . 
- * If empty or not set, the certificate subject name 
- * will be used as the ldap dn. <p>
+ * The syntax is
  * 
- * The syntax is 
  * <pre>
- *		dnPattern := rdnPattern *[ "," rdnPattern ]
- *		rdnPattern := avaPattern *[ "+" avaPattern ]
+ * 	dnPattern := rdnPattern *[ "," rdnPattern ]
+ * 	rdnPattern := avaPattern *[ "+" avaPattern ]
  * 		avaPattern := name "=" value | 
- *				      name "=" "$subj" "." attrName [ "." attrNumber ] | 
- *				      name "=" "$ext" "." extName [ "." nameType ] [ "." attrNumber ] 
- *				      name "=" "$req" "." attrName [ "." attrNumber ] | 
- *				 	  "$rdn" "." number
+ * 			      name "=" "$subj" "." attrName [ "." attrNumber ] | 
+ * 			      name "=" "$ext" "." extName [ "." nameType ] [ "." attrNumber ] 
+ * 			      name "=" "$req" "." attrName [ "." attrNumber ] | 
+ * 			 	  "$rdn" "." number
  * </pre>
+ * 
  * <pre>
  * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i>
  * cert subject name: dn:  CN=Certificate Manager, OU=people, O=mcom.com
@@ -72,7 +71,7 @@ import com.netscape.certsrv.request.IRequest;
  * <p>
  * note: Subordinate ca enrollment will use ca mapper. Use predicate
  * to distinguish the ca itself and the subordinates.
- *
+ * 
  * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, OU=people, , O=mcom.com</i>
  * cert subject name: dn:  UID=jjames, OU=IS, OU=people, , O=mcom.com
  * request attributes: uid: cmanager 
@@ -97,10 +96,9 @@ import com.netscape.certsrv.request.IRequest;
  *     O = the string mcom.com. <br>
  * <p>
  * </pre>
- * If an request attribute or subject DN component does not exist,
- * the attribute is skipped. There is potential risk that a wrong dn
- * will be mapped into.
- *
+ * 
+ * If an request attribute or subject DN component does not exist, the attribute is skipped. There is potential risk that a wrong dn will be mapped into.
+ * 
  * @version $Revision$, $Date$
  */
 class MapAVAPattern {
@@ -120,11 +118,11 @@ class MapAVAPattern {
             "EDIName",
             "URIName",
             "IPAddress",
-            "OIDName"};
+            "OIDName" };
     private static final char[] endChars = new char[] { '+', ',' };
 
-    private static final LdapV3DNStrConverter mLdapDNStrConverter = 
-        new LdapV3DNStrConverter();
+    private static final LdapV3DNStrConverter mLdapDNStrConverter =
+            new LdapV3DNStrConverter();
 
     /* the list of request attributes needed by this AVA  */
     protected String[] mReqAttrs = null;
@@ -136,7 +134,7 @@ class MapAVAPattern {
     protected String mType = null;
 
     /* the attribute in the AVA pair */
-    protected String mAttr = null; 
+    protected String mAttr = null;
 
     /* value - could be name of a request  attribute or 
      * cert subject dn attribute. */
@@ -154,19 +152,19 @@ class MapAVAPattern {
     protected String mTestDN = null;
 
     public MapAVAPattern(String component)
-        throws ELdapException {
-        if (component == null || component.length() == 0) 
+            throws ELdapException {
+        if (component == null || component.length() == 0)
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component));
         parse(new PushbackReader(new StringReader(component)));
     }
 
-    public MapAVAPattern(PushbackReader in) 
-        throws ELdapException {
+    public MapAVAPattern(PushbackReader in)
+            throws ELdapException {
         parse(in);
     }
 
     private void parse(PushbackReader in)
-        throws ELdapException {
+            throws ELdapException {
         int c;
 
         // mark ava beginning.
@@ -182,19 +180,19 @@ class MapAVAPattern {
         } catch (IOException e) {
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
         }
-        if (c == -1) 
+        if (c == -1)
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
 
-            // $rdn "." number syntax. 
+        // $rdn "." number syntax. 
 
         if (c == '$') {
             //System.out.println("$rdn syntax");
             mType = TYPE_RDN;
             try {
-                if (in.read() != 'r' || 
-                    in.read() != 'd' || 
-                    in.read() != 'n' || 
-                    in.read() != '.') 
+                if (in.read() != 'r' ||
+                        in.read() != 'd' ||
+                        in.read() != 'n' ||
+                        in.read() != '.')
                     throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn"));
             } catch (IOException e) {
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn"));
@@ -216,7 +214,7 @@ class MapAVAPattern {
 
             String rdnNumber = rdnNumberBuf.toString().trim();
 
-            if (rdnNumber.length() == 0) 
+            if (rdnNumber.length() == 0)
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$rdn number not set in ava pattern"));
             try {
                 mElement = Integer.parseInt(rdnNumber) - 1;
@@ -231,15 +229,15 @@ class MapAVAPattern {
         // read name 
         //System.out.println("reading name");
 
-        StringBuffer attrBuf = new StringBuffer(); 
+        StringBuffer attrBuf = new StringBuffer();
 
         try {
             while (c != '=' && c != -1 && c != ',' && c != '+') {
                 attrBuf.append((char) c);
                 c = in.read();
                 //System.out.println("name read "+(char)c);
-            } 
-            if (c == ',' || c == '+') 
+            }
+            if (c == ',' || c == '+')
                 in.unread(c);
         } catch (IOException e) {
             throw new ELdapException(
@@ -248,11 +246,11 @@ class MapAVAPattern {
         if (c != '=')
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Missing \"=\" in ava pattern"));
 
-            // read value 
-            //System.out.println("reading value");
+        // read value 
+        //System.out.println("reading value");
 
-            // skip spaces 
-            //System.out.println("skip spaces for value");
+        // skip spaces 
+        //System.out.println("skip spaces for value");
         try {
             while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces2 read "+(char)c);
                 ;
@@ -261,7 +259,7 @@ class MapAVAPattern {
             throw new ELdapException(
                     CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
         }
-        if (c == -1) 
+        if (c == -1)
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "no value after = in ava pattern"));
 
         if (c == '$') {
@@ -273,14 +271,14 @@ class MapAVAPattern {
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
             }
-            if (c == -1) 
+            if (c == -1)
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                             "expecting $subj or $req in ava pattern"));
             if (c == 'r') {
                 try {
-                    if (in.read() != 'e' || 
-                        in.read() != 'q' || 
-                        in.read() != '.') 
+                    if (in.read() != 'e' ||
+                            in.read() != 'q' ||
+                            in.read() != '.')
                         throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "expecting $req in ava pattern"));
                 } catch (IOException e) {
@@ -291,10 +289,10 @@ class MapAVAPattern {
                 //System.out.println("---- mtype $req");
             } else if (c == 's') {
                 try {
-                    if (in.read() != 'u' || 
-                        in.read() != 'b' || 
-                        in.read() != 'j' || 
-                        in.read() != '.') 
+                    if (in.read() != 'u' ||
+                            in.read() != 'b' ||
+                            in.read() != 'j' ||
+                            in.read() != '.')
                         throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "expecting $subj in ava pattern"));
                 } catch (IOException e) {
@@ -305,10 +303,10 @@ class MapAVAPattern {
                 //System.out.println("----- mtype $subj");
             } else if (c == 'e') {
                 try {
-                    if (in.read() != 'x' || 
-                        in.read() != 't' || 
-                        in.read() != '.') 
-                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", 
+                    if (in.read() != 'x' ||
+                            in.read() != 't' ||
+                            in.read() != '.')
+                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "expecting $ext in ava pattern"));
                 } catch (IOException e) {
                     throw new ELdapException(
@@ -318,16 +316,16 @@ class MapAVAPattern {
                 //System.out.println("----- mtype $ext");
             } else {
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                            "unknown keyword. expecting $subj $ext or $req.")); 
+                            "unknown keyword. expecting $subj $ext or $req."));
             }
 
             // get request attr name of subject dn pattern from above. 
             String attrName = attrBuf.toString().trim();
 
             //System.out.println("----- attrName "+attrName);
-            if (attrName.length() == 0) 
+            if (attrName.length() == 0)
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "attribute name expected"));
-            mAttr = attrName;		
+            mAttr = attrName;
 
             /*
              try { 
@@ -346,8 +344,8 @@ class MapAVAPattern {
             StringBuffer valueBuf = new StringBuffer();
 
             try {
-                while ((c = in.read()) != ',' && 
-                    c != -1 && c != '.' && c != '+') {
+                while ((c = in.read()) != ',' &&
+                        c != -1 && c != '.' && c != '+') {
                     //System.out.println("mValue read "+(char)c);
                     valueBuf.append((char) c);
                 }
@@ -359,31 +357,31 @@ class MapAVAPattern {
             }
 
             mValue = valueBuf.toString().trim();
-            if (mValue.length() == 0) 
+            if (mValue.length() == 0)
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                             "$subj or $req attribute name expected"));
-                //System.out.println("----- mValue "+mValue);
+            //System.out.println("----- mValue "+mValue);
 
-                // get nth dn xxx not nth request attribute .
+            // get nth dn xxx not nth request attribute .
             if (c == '.') {
                 StringBuffer attrNumberBuf = new StringBuffer();
 
                 try {
                     while ((c = in.read()) != ',' && c != -1 && c != '.'
-                        && c != '+') {
+                            && c != '+') {
                         //System.out.println("mElement read "+(char)c);
                         attrNumberBuf.append((char) c);
                     }
                     if (c == ',' || c == '+') // either ','  or '+'
-                        in.unread(c);  // pushback last , or +
+                        in.unread(c); // pushback last , or +
                 } catch (IOException e) {
                     throw new ELdapException(
                             CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
                 }
                 String attrNumber = attrNumberBuf.toString().trim();
 
-                if (attrNumber.length() == 0) 
-                    throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", 
+                if (attrNumber.length() == 0)
+                    throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                 "nth element $req $ext or $subj expected"));
                 try {
                     mElement = Integer.parseInt(attrNumber) - 1;
@@ -393,11 +391,11 @@ class MapAVAPattern {
                         mValue = attrNumber;
                     } else if (TYPE_EXT.equals(mType)) {
                         mGNType = attrNumber;
-                    } else 
-                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", 
+                    } else
+                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "Invalid format in nth element $req $ext or $subj"));
 
-                        // get nth request attribute .
+                    // get nth request attribute .
                     if (c == '.') {
                         StringBuffer attrNumberBuf1 = new StringBuffer();
 
@@ -407,22 +405,22 @@ class MapAVAPattern {
                                 attrNumberBuf1.append((char) c);
                             }
                             if (c != -1) // either ',' or '+'
-                                in.unread(c);  // pushback last , or +
+                                in.unread(c); // pushback last , or +
                         } catch (IOException ex) {
                             throw new ELdapException(
                                     CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", ex.toString()));
                         }
                         String attrNumber1 = attrNumberBuf1.toString().trim();
 
-                        if (attrNumber1.length() == 0) 
-                            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", 
+                        if (attrNumber1.length() == 0)
+                            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                         "nth element $req expected"));
-                        try { 
-                            mElement = Integer.parseInt(attrNumber1) - 1; 
+                        try {
+                            mElement = Integer.parseInt(attrNumber1) - 1;
                         } catch (NumberFormatException ex) {
                             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                         "Invalid format in nth element $req."));
-					
+
                         }
                     }
                 }
@@ -438,8 +436,8 @@ class MapAVAPattern {
             valueBuf.append((char) c);
             // read forward to get attribute value
             try {
-                while ((c = in.read()) != ',' && 
-                    c != -1) {
+                while ((c = in.read()) != ',' &&
+                        c != -1) {
                     valueBuf.append((char) c);
                 }
                 if (c == '+' || c == ',') { // either ',' or '+'
@@ -449,8 +447,8 @@ class MapAVAPattern {
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
             }
-            try { 
-                AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf); 
+            try {
+                AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf);
 
                 mValue = ava.toLdapDNString();
                 //System.out.println("----- mValue "+mValue);
@@ -461,19 +459,19 @@ class MapAVAPattern {
     }
 
     public String formAVA(IRequest req, X500Name subject, CertificateExtensions extensions)
-        throws ELdapException {
+            throws ELdapException {
         if (TYPE_CONSTANT.equals(mType))
             return mValue;
 
         if (TYPE_RDN.equals(mType)) {
             String dn = subject.toString();
 
-            if (mTestDN != null) 
+            if (mTestDN != null)
                 dn = mTestDN;
-                //System.out.println("AVAPattern Using dn "+mTestDN);
+            //System.out.println("AVAPattern Using dn "+mTestDN);
             String[] rdns = LDAPDN.explodeDN(dn, false);
 
-            if (mElement >= rdns.length) 
+            if (mElement >= rdns.length)
                 return null;
             return rdns[mElement];
         }
@@ -481,9 +479,9 @@ class MapAVAPattern {
         if (TYPE_SUBJ.equals(mType)) {
             String dn = subject.toString();
 
-            if (mTestDN != null) 
+            if (mTestDN != null)
                 dn = mTestDN;
-                //System.out.println("AVAPattern Using dn "+mTestDN);
+            //System.out.println("AVAPattern Using dn "+mTestDN);
             String[] rdns = LDAPDN.explodeDN(dn, false);
             String value = null;
             int nFound = -1;
@@ -494,8 +492,8 @@ class MapAVAPattern {
                 for (int j = 0; j < avas.length; j++) {
                     String[] exploded = explodeAVA(avas[j]);
 
-                    if (exploded[0].equalsIgnoreCase(mValue) && 
-                        ++nFound == mElement) {
+                    if (exploded[0].equalsIgnoreCase(mValue) &&
+                            ++nFound == mElement) {
                         value = exploded[1];
                         break;
                     }
@@ -503,10 +501,10 @@ class MapAVAPattern {
             }
             if (value == null) {
                 CMS.debug(
-                    "MapAVAPattern: attr " + mAttr + 
-                    " not formed from: cert subject " +
-                    dn +
-                    "-- no subject component : " + mValue);
+                        "MapAVAPattern: attr " + mAttr +
+                                " not formed from: cert subject " +
+                                dn +
+                                "-- no subject component : " + mValue);
                 return null;
             }
             return mAttr + "=" + value;
@@ -516,21 +514,19 @@ class MapAVAPattern {
             if (extensions != null) {
                 for (int i = 0; i < extensions.size(); i++) {
                     Extension ext = (Extension)
-                        extensions.elementAt(i);
+                            extensions.elementAt(i);
                     String extName = OIDMap.getName(ext.getExtensionId());
                     int index = extName.lastIndexOf(".");
 
                     if (index != -1)
                         extName = extName.substring(index + 1);
-                    if (
-                        extName.equals(mValue)) {
+                    if (extName.equals(mValue)) {
                         // Check the extensions one by one.
                         // For now, just give subjectAltName as an example.
-                        if
-                        (mValue.equalsIgnoreCase(SubjectAlternativeNameExtension.class.getSimpleName())) {
+                        if (mValue.equalsIgnoreCase(SubjectAlternativeNameExtension.class.getSimpleName())) {
                             try {
                                 GeneralNames subjectNames = (GeneralNames)
-                                    ((SubjectAlternativeNameExtension) ext).get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+                                        ((SubjectAlternativeNameExtension) ext).get(SubjectAlternativeNameExtension.SUBJECT_NAME);
 
                                 if (subjectNames.size() == 0)
                                     break;
@@ -541,7 +537,8 @@ class MapAVAPattern {
                                     String gname = gn.toString();
 
                                     index = gname.indexOf(":");
-                                    if (index == -1) break;
+                                    if (index == -1)
+                                        break;
                                     String gType = gname.substring(0, index);
 
                                     if (mGNType != null) {
@@ -563,18 +560,18 @@ class MapAVAPattern {
                                         j++;
                                     }
                                 }
-                            } catch (IOException e) { 
+                            } catch (IOException e) {
                                 CMS.debug(
-                                    "MapAVAPattern: Publishing attr not formed from extension." +
-                                    "-- no attr : " + mValue);
+                                        "MapAVAPattern: Publishing attr not formed from extension." +
+                                                "-- no attr : " + mValue);
                             }
                         }
                     }
                 }
             }
             CMS.debug(
-                "MapAVAPattern: Publishing:attr not formed from extension " +
-                "-- no attr : " + mValue);
+                    "MapAVAPattern: Publishing:attr not formed from extension " +
+                            "-- no attr : " + mValue);
 
             return null;
         }
@@ -583,8 +580,7 @@ class MapAVAPattern {
             // mPrefix and mValue are looked up case-insensitive
             String reqAttr = req.getExtDataInString(mPrefix, mValue);
             if (reqAttr == null) {
-                throw new
-                        ELdapException(CMS.getUserMessage("CMS_LDAP_NO_REQUEST",
+                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_REQUEST",
                         mValue, mAttr));
             }
             return mAttr + "=" + reqAttr;
@@ -608,20 +604,20 @@ class MapAVAPattern {
     }
 
     /**
-     * Explode RDN into AVAs. 
-     * Does not handle escaped '+' 
+     * Explode RDN into AVAs.
+     * Does not handle escaped '+'
      * Java ldap library does not yet support multiple avas per rdn.
-     * If RDN is malformed returns empty array. 
+     * If RDN is malformed returns empty array.
      */
     public static String[] explodeRDN(String rdn) {
         int plus = rdn.indexOf('+');
 
-        if (plus == -1) 
+        if (plus == -1)
             return new String[] { rdn };
         Vector<String> avas = new Vector<String>();
         StringTokenizer token = new StringTokenizer(rdn, "+");
 
-        while (token.hasMoreTokens()) 
+        while (token.hasMoreTokens())
             avas.addElement(token.nextToken());
         String[] theAvas = new String[avas.size()];
 
@@ -630,17 +626,16 @@ class MapAVAPattern {
     }
 
     /**
-     * Explode AVA into name and value. 
+     * Explode AVA into name and value.
      * Does not handle escaped '='
      * If AVA is malformed empty array is returned.
      */
     public static String[] explodeAVA(String ava) {
         int equals = ava.indexOf('=');
 
-        if (equals == -1) 
+        if (equals == -1)
             return null;
         return new String[] {
-                ava.substring(0, equals).trim(), ava.substring(equals + 1).trim()};
+                ava.substring(0, equals).trim(), ava.substring(equals + 1).trim() };
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java
index 5de5e3dd..463c9e4d 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.io.IOException;
 import java.io.PushbackReader;
 import java.io.StringReader;
@@ -31,25 +30,25 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * class for parsing a DN pattern used to construct a ldap dn from 
- * request attributes and cert subject name.<p>
+ * class for parsing a DN pattern used to construct a ldap dn from
+ * request attributes and cert subject name.
+ * <p>
  * 
- * dnpattern is a string representing a ldap dn pattern to formulate from 
- * the certificate subject name attributes and request attributes . 
- * If empty or not set, the certificate subject name 
- * will be used as the ldap dn. <p>
+ * dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and request attributes . If empty or not set, the certificate subject name will be used as the ldap dn.
+ * <p>
+ * 
+ * The syntax is
  * 
- * The syntax is 
  * <pre>
- *		dnPattern := rdnPattern *[ "," rdnPattern ]
- *		rdnPattern := avaPattern *[ "+" avaPattern ]
+ * 	dnPattern := rdnPattern *[ "," rdnPattern ]
+ * 	rdnPattern := avaPattern *[ "+" avaPattern ]
  * 		avaPattern := name "=" value | 
- *				      name "=" "$subj" "." attrName [ "." attrNumber ] | 
- *				      name "=" "$req" "." attrName [ "." attrNumber ] | 
- *	    		 	  "$rdn" "." number
+ * 			      name "=" "$subj" "." attrName [ "." attrNumber ] | 
+ * 			      name "=" "$req" "." attrName [ "." attrNumber ] | 
+ *     		 	  "$rdn" "." number
  * </pre>
+ * 
  * <pre>
  * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i>
  * cert subject name: dn:  CN=Certificate Manager, OU=people, O=mcom.com
@@ -60,7 +59,7 @@ import com.netscape.certsrv.request.IRequest;
  * <p>
  * note: Subordinate ca enrollment will use ca mapper. Use predicate
  * to distinguish the ca itself and the subordinates.
- *
+ * 
  * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com</i>
  * cert subject name: dn:  UID=jjames, OU=IS, O=people, , O=mcom.com
  * request attributes: uid: cmanager 
@@ -73,10 +72,9 @@ import com.netscape.certsrv.request.IRequest;
  *     O = the string people, mcom.com. <br>
  * <p>
  * </pre>
- * If an request attribute or subject DN component does not exist,
- * the attribute is skipped. There is potential risk that a wrong dn
- * will be mapped into.
- *
+ * 
+ * If an request attribute or subject DN component does not exist, the attribute is skipped. There is potential risk that a wrong dn will be mapped into.
+ * 
  * @version $Revision$, $Date$
  */
 public class MapDNPattern {
@@ -95,16 +93,17 @@ public class MapDNPattern {
 
     protected String mTestDN = null;
 
-    /** 
+    /**
      * Construct a DN pattern by parsing a pattern string.
+     * 
      * @param pattern the DN pattern
-     * @exception EBaseException If parsing error occurs. 
+     * @exception EBaseException If parsing error occurs.
      */
     public MapDNPattern(String pattern)
-        throws ELdapException {
+            throws ELdapException {
         if (pattern == null || pattern.equals("")) {
             CMS.debug(
-                "MapDNPattern: null pattern");			
+                    "MapDNPattern: null pattern");
         } else {
             mPatternString = pattern;
             PushbackReader in = new PushbackReader(new StringReader(pattern));
@@ -113,13 +112,13 @@ public class MapDNPattern {
         }
     }
 
-    public MapDNPattern(PushbackReader in) 
-        throws ELdapException {
+    public MapDNPattern(PushbackReader in)
+            throws ELdapException {
         parse(in);
     }
 
     private void parse(PushbackReader in)
-        throws ELdapException {
+            throws ELdapException {
         Vector<MapRDNPattern> rdnPatterns = new Vector<MapRDNPattern>();
         MapRDNPattern rdnPattern = null;
         int lastChar = -1;
@@ -133,8 +132,7 @@ public class MapDNPattern {
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
             }
-        }
-        while (lastChar == ',');
+        } while (lastChar == ',');
 
         mRDNPatterns = new MapRDNPattern[rdnPatterns.size()];
         rdnPatterns.copyInto(mRDNPatterns);
@@ -144,8 +142,8 @@ public class MapDNPattern {
         for (int i = 0; i < mRDNPatterns.length; i++) {
             String[] rdnAttrs = mRDNPatterns[i].getReqAttrs();
 
-            if (rdnAttrs != null && rdnAttrs.length > 0) 
-                for (int j = 0; j < rdnAttrs.length; j++) 
+            if (rdnAttrs != null && rdnAttrs.length > 0)
+                for (int j = 0; j < rdnAttrs.length; j++)
                     reqAttrs.addElement(rdnAttrs[j]);
         }
         mReqAttrs = new String[reqAttrs.size()];
@@ -156,8 +154,8 @@ public class MapDNPattern {
         for (int i = 0; i < mRDNPatterns.length; i++) {
             String[] rdnAttrs = mRDNPatterns[i].getCertAttrs();
 
-            if (rdnAttrs != null && rdnAttrs.length > 0) 
-                for (int j = 0; j < rdnAttrs.length; j++) 
+            if (rdnAttrs != null && rdnAttrs.length > 0)
+                for (int j = 0; j < rdnAttrs.length; j++)
                     certAttrs.addElement(rdnAttrs[j]);
         }
         mCertAttrs = new String[certAttrs.size()];
@@ -166,12 +164,13 @@ public class MapDNPattern {
 
     /**
      * Form a Ldap v3 DN string from a request and a cert subject name.
+     * 
      * @param req the request for (un)publish
      * @param subject the subjectDN of the certificate
-     * @return Ldap v3 DN string to use for base ldap search. 
+     * @return Ldap v3 DN string to use for base ldap search.
      */
     public String formDN(IRequest req, X500Name subject, CertificateExtensions ext)
-        throws ELdapException {
+            throws ELdapException {
         StringBuffer formedDN = new StringBuffer();
 
         for (int i = 0; i < mRDNPatterns.length; i++) {
@@ -180,11 +179,11 @@ public class MapDNPattern {
             String rdn = mRDNPatterns[i].formRDN(req, subject, ext);
 
             if (rdn != null && rdn.length() != 0) {
-                    if (formedDN.length() != 0) 
-                        formedDN.append(",");
-                    formedDN.append(rdn);
+                if (formedDN.length() != 0)
+                    formedDN.append(",");
+                formedDN.append(rdn);
             } else {
-		throw new ELdapException("pattern not matched");
+                throw new ELdapException("pattern not matched");
             }
         }
         return formedDN.toString();
@@ -198,4 +197,3 @@ public class MapDNPattern {
         return (String[]) mCertAttrs.clone();
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java
index 65091000..fafa660a 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.io.IOException;
 import java.io.PushbackReader;
 import java.io.StringReader;
@@ -30,25 +29,25 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * class for parsing a DN pattern used to construct a ldap dn from 
- * request attributes and cert subject name.<p>
+ * class for parsing a DN pattern used to construct a ldap dn from
+ * request attributes and cert subject name.
+ * <p>
  * 
- * dnpattern is a string representing a ldap dn pattern to formulate from 
- * the certificate subject name attributes and request attributes . 
- * If empty or not set, the certificate subject name 
- * will be used as the ldap dn. <p>
+ * dnpattern is a string representing a ldap dn pattern to formulate from the certificate subject name attributes and request attributes . If empty or not set, the certificate subject name will be used as the ldap dn.
+ * <p>
+ * 
+ * The syntax is
  * 
- * The syntax is 
  * <pre>
- *		dnPattern := rdnPattern *[ "," rdnPattern ]
- *		rdnPattern := avaPattern *[ "+" avaPattern ]
+ * 	dnPattern := rdnPattern *[ "," rdnPattern ]
+ * 	rdnPattern := avaPattern *[ "+" avaPattern ]
  * 		avaPattern := name "=" value | 
- *				      name "=" "$subj" "." attrName [ "." attrNumber ] | 
- *				      name "=" "$req" "." attrName [ "." attrNumber ] | 
- *				 	  "$rdn" "." number
+ * 			      name "=" "$subj" "." attrName [ "." attrNumber ] | 
+ * 			      name "=" "$req" "." attrName [ "." attrNumber ] | 
+ * 			 	  "$rdn" "." number
  * </pre>
+ * 
  * <pre>
  * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i>
  * cert subject name: dn:  CN=Certificate Manager, OU=people, O=mcom.com
@@ -59,7 +58,7 @@ import com.netscape.certsrv.request.IRequest;
  * <p>
  * note: Subordinate ca enrollment will use ca mapper. Use predicate
  * to distinguish the ca itself and the subordinates.
- *
+ * 
  * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com</i>
  * cert subject name: dn:  UID=jjames, OU=IS, O=people, , O=mcom.com
  * request attributes: uid: cmanager 
@@ -72,10 +71,9 @@ import com.netscape.certsrv.request.IRequest;
  *     O = the string people, mcom.com. <br>
  * <p>
  * </pre>
- * If an request attribute or subject DN component does not exist,
- * the attribute is skipped.There is potential risk that a wrong dn
- * will be mapped into.
- *
+ * 
+ * If an request attribute or subject DN component does not exist, the attribute is skipped.There is potential risk that a wrong dn will be mapped into.
+ * 
  * @version $Revision$, $Date$
  */
 class MapRDNPattern {
@@ -94,16 +92,17 @@ class MapRDNPattern {
 
     protected String mTestDN = null;
 
-    /** 
+    /**
      * Construct a DN pattern by parsing a pattern string.
+     * 
      * @param pattenr the DN pattern
-     * @exception ELdapException If parsing error occurs. 
+     * @exception ELdapException If parsing error occurs.
      */
     public MapRDNPattern(String pattern)
-        throws ELdapException {
+            throws ELdapException {
         if (pattern == null || pattern.equals("")) {
             CMS.debug(
-                "MapDNPattern: null pattern");			
+                    "MapDNPattern: null pattern");
         } else {
             mPatternString = pattern;
             PushbackReader in = new PushbackReader(new StringReader(pattern));
@@ -113,15 +112,15 @@ class MapRDNPattern {
     }
 
     /**
-     * Construct a DN pattern from a input stream of pattern 
+     * Construct a DN pattern from a input stream of pattern
      */
-    public MapRDNPattern(PushbackReader in) 
-        throws ELdapException {
+    public MapRDNPattern(PushbackReader in)
+            throws ELdapException {
         parse(in);
     }
 
     private void parse(PushbackReader in)
-        throws ELdapException {
+            throws ELdapException {
         //System.out.println("_________ begin rdn _________");
         Vector<MapAVAPattern> avaPatterns = new Vector<MapAVAPattern>();
         MapAVAPattern avaPattern = null;
@@ -135,18 +134,17 @@ class MapRDNPattern {
             //" mAttr "+avaPattern.mAttr+
             //" mValue "+avaPattern.mValue+
             //" mElement "+avaPattern.mElement);
-            try { 
-                lastChar = in.read(); 
+            try {
+                lastChar = in.read();
             } catch (IOException e) {
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
             }
-        }
-        while (lastChar == '+');
+        } while (lastChar == '+');
 
         if (lastChar != -1) {
             try {
-                in.unread(lastChar);	// pushback last , 
+                in.unread(lastChar); // pushback last , 
             } catch (IOException e) {
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
@@ -161,7 +159,7 @@ class MapRDNPattern {
         for (int i = 0; i < mAVAPatterns.length; i++) {
             String avaAttr = mAVAPatterns[i].getReqAttr();
 
-            if (avaAttr == null || avaAttr.length() == 0) 
+            if (avaAttr == null || avaAttr.length() == 0)
                 continue;
             reqAttrs.addElement(avaAttr);
         }
@@ -173,7 +171,7 @@ class MapRDNPattern {
         for (int i = 0; i < mAVAPatterns.length; i++) {
             String avaAttr = mAVAPatterns[i].getCertAttr();
 
-            if (avaAttr == null || avaAttr.length() == 0) 
+            if (avaAttr == null || avaAttr.length() == 0)
                 continue;
             certAttrs.addElement(avaAttr);
         }
@@ -183,16 +181,17 @@ class MapRDNPattern {
 
     /**
      * Form a Ldap v3 DN string from a request and a cert subject name.
+     * 
      * @param req the request for (un)publish
      * @param subject the subjectDN of the certificate
-     * @return Ldap v3 DN string to use for base ldap search. 
+     * @return Ldap v3 DN string to use for base ldap search.
      */
     public String formRDN(IRequest req, X500Name subject, CertificateExtensions ext)
-        throws ELdapException {
+            throws ELdapException {
         StringBuffer formedRDN = new StringBuffer();
 
         for (int i = 0; i < mAVAPatterns.length; i++) {
-            if (mTestDN != null) 
+            if (mTestDN != null)
                 mAVAPatterns[i].mTestDN = mTestDN;
             String ava = mAVAPatterns[i].formAVA(req, subject, ext);
 
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java
index b1d10902..cddc589b 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.util.Locale;
 import java.util.Vector;
 
@@ -30,10 +29,9 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.publish.ILdapMapper;
 import com.netscape.certsrv.request.IRequest;
 
-
-/** 
+/**
  * No Map
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class NoMap implements ILdapMapper, IExtendedPluginInfo {
@@ -56,14 +54,14 @@ public class NoMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     public IConfigStore getConfigStore() {
-         return mConfig;
+        return mConfig;
     }
 
-    /** 
+    /**
      * for initializing from config store.
      */
-    public void init(IConfigStore config) 
-        throws EBaseException {
+    public void init(IConfigStore config)
+            throws EBaseException {
         mConfig = config;
     }
 
@@ -71,17 +69,17 @@ public class NoMap implements ILdapMapper, IExtendedPluginInfo {
      * Maps a X500 subject name to LDAP entry.
      * Uses DN pattern to form a DN for a LDAP base search.
      * 
-     * @param conn	the LDAP connection.
-     * @param obj   the object to map.
+     * @param conn the LDAP connection.
+     * @param obj the object to map.
      * @exception ELdapException if any LDAP exceptions occured.
-     */ 
+     */
     public String map(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return null;
     }
 
     public String map(LDAPConnection conn, IRequest req, Object obj)
-         throws ELdapException {
+            throws ELdapException {
         return null;
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java
index f0154e44..aa49225c 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileOutputStream;
@@ -47,10 +46,10 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapPublisher;
 
-/** 
+/**
  * This publisher writes certificate and CRL into
  * a directory.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
@@ -74,10 +73,10 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
     protected String mLinkExt = null;
     protected int mZipLevel = 9;
 
-    public void setIssuingPointId(String crlIssuingPointId)
-    {
+    public void setIssuingPointId(String crlIssuingPointId) {
         mCrlIssuingPointId = crlIssuingPointId;
     }
+
     /**
      * Returns the implementation name.
      */
@@ -99,14 +98,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
                 PROP_DER + ";boolean;Store certificates or CRLs into *.der files.",
                 PROP_B64 + ";boolean;Store certificates or CRLs into *.b64 files.",
                 PROP_GMT + ";choice(LocalTime,GMT);Use local time or GMT to time stamp CRL file name with CRL's 'thisUpdate' field.",
-                PROP_LNK + ";boolean;Generate link to the latest binary CRL. It requires '"+PROP_DER+"' to be enabled.",
+                PROP_LNK + ";boolean;Generate link to the latest binary CRL. It requires '" + PROP_DER + "' to be enabled.",
                 PROP_EXT + ";string;Name extension used by link to the latest CRL. Default name extension is 'der'.",
                 PROP_ZIP + ";boolean;Generate compressed CRLs.",
                 PROP_LEV + ";choice(0,1,2,3,4,5,6,7,8,9);Set compression level from 0 to 9.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-publisher-filepublisher",
+                        ";configuration-ldappublish-publisher-filepublisher",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64."
+                        ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64."
             };
 
         return params;
@@ -139,14 +138,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
         try {
             if (mTimeStamp == null || (!mTimeStamp.equals("GMT")))
                 mTimeStamp = "LocalTime";
-            v.addElement(PROP_DIR+"=" + dir);
-            v.addElement(PROP_DER+"=" + mConfig.getBoolean(PROP_DER,true));
-            v.addElement(PROP_B64+"=" + mConfig.getBoolean(PROP_B64,false));
-            v.addElement(PROP_GMT+"=" + mTimeStamp);
-            v.addElement(PROP_LNK+"=" + mConfig.getBoolean(PROP_LNK,false));
-            v.addElement(PROP_EXT+"=" + ext);
-            v.addElement(PROP_ZIP+"=" + mConfig.getBoolean(PROP_ZIP,false));
-            v.addElement(PROP_LEV+"=" + mZipLevel);
+            v.addElement(PROP_DIR + "=" + dir);
+            v.addElement(PROP_DER + "=" + mConfig.getBoolean(PROP_DER, true));
+            v.addElement(PROP_B64 + "=" + mConfig.getBoolean(PROP_B64, false));
+            v.addElement(PROP_GMT + "=" + mTimeStamp);
+            v.addElement(PROP_LNK + "=" + mConfig.getBoolean(PROP_LNK, false));
+            v.addElement(PROP_EXT + "=" + ext);
+            v.addElement(PROP_ZIP + "=" + mConfig.getBoolean(PROP_ZIP, false));
+            v.addElement(PROP_LEV + "=" + mZipLevel);
         } catch (Exception e) {
         }
         return v;
@@ -158,14 +157,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
     public Vector<String> getDefaultParams() {
         Vector<String> v = new Vector<String>();
 
-        v.addElement(PROP_DIR+"=");
-        v.addElement(PROP_DER+"=true");
-        v.addElement(PROP_B64+"=false");
-        v.addElement(PROP_GMT+"=LocalTime");
-        v.addElement(PROP_LNK+"=false");
-        v.addElement(PROP_EXT+"=");
-        v.addElement(PROP_ZIP+"=false");
-        v.addElement(PROP_LEV+"=9");
+        v.addElement(PROP_DIR + "=");
+        v.addElement(PROP_DER + "=true");
+        v.addElement(PROP_B64 + "=false");
+        v.addElement(PROP_GMT + "=LocalTime");
+        v.addElement(PROP_LNK + "=false");
+        v.addElement(PROP_EXT + "=");
+        v.addElement(PROP_ZIP + "=false");
+        v.addElement(PROP_LEV + "=9");
         return v;
     }
 
@@ -193,7 +192,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
         }
 
         // convert to forward slash
-        dir = dir.replace('\\', '/'); 
+        dir = dir.replace('\\', '/');
         config.putString(PROP_DIR, dir);
 
         File dirCheck = new File(dir);
@@ -209,7 +208,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
             } catch (Exception e) {
                 throw new RuntimeException("Invalid Instance Dir " + e);
             }
-            dirCheck = new File(mInstanceRoot + 
+            dirCheck = new File(mInstanceRoot +
                         File.separator + dir);
             if (dirCheck.isDirectory()) {
                 mDir = mInstanceRoot + File.separator + dir;
@@ -224,7 +223,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
     }
 
     private String[] getCrlNamePrefix(X509CRL crl, boolean useGMT) {
-        String[] namePrefix = {"crl", "crl"};
+        String[] namePrefix = { "crl", "crl" };
 
         if (mCrlIssuingPointId != null && mCrlIssuingPointId.length() != 0) {
             namePrefix[0] = mCrlIssuingPointId;
@@ -232,10 +231,11 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
         }
         java.text.SimpleDateFormat format = new java.text.SimpleDateFormat("yyyyMMdd-HHmmss");
         TimeZone tz = TimeZone.getTimeZone("GMT");
-        if (useGMT) format.setTimeZone(tz);
+        if (useGMT)
+            format.setTimeZone(tz);
         String timeStamp = format.format(crl.getThisUpdate()).toString();
         namePrefix[0] += "-" + timeStamp;
-        if (((netscape.security.x509.X509CRLImpl)crl).isDeltaCRL()) {
+        if (((netscape.security.x509.X509CRLImpl) crl).isDeltaCRL()) {
             namePrefix[0] += "-delta";
             namePrefix[1] += "-delta";
         }
@@ -243,23 +243,23 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
         return namePrefix;
     }
 
-    private void createLink(String linkName,  String fileName) {
+    private void createLink(String linkName, String fileName) {
         String cmd = "ln -s " + fileName + " " + linkName + ".new";
         if (com.netscape.cmsutil.util.Utils.exec(cmd)) {
             File oldLink = new File(linkName + ".old");
-            if (oldLink.exists()) {     // remove old link if exists
+            if (oldLink.exists()) { // remove old link if exists
                 oldLink.delete();
             }
             File link = new File(linkName);
-            if (link.exists()) {        // current link becomes an old link 
+            if (link.exists()) { // current link becomes an old link 
                 link.renameTo(new File(linkName + ".old"));
             }
             File newLink = new File(linkName + ".new");
-            if (newLink.exists()) {     // new link becomes current link
+            if (newLink.exists()) { // new link becomes current link
                 newLink.renameTo(new File(linkName));
             }
             oldLink = new File(linkName + ".old");
-            if (oldLink.exists()) {     // remove a new old link
+            if (oldLink.exists()) { // remove a new old link
                 oldLink.delete();
             }
         } else {
@@ -270,38 +270,36 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
     /**
      * Publishs a object to the ldap directory.
      * 
-     * @param conn a Ldap connection 
-     *        (null if LDAP publishing is not enabled)
+     * @param conn a Ldap connection
+     *            (null if LDAP publishing is not enabled)
      * @param dn dn of the ldap entry to publish cert
-     *        (null if LDAP publishing is not enabled)
+     *            (null if LDAP publishing is not enabled)
      * @param object object to publish
-     *        (java.security.cert.X509Certificate or,
-     *         java.security.cert.X509CRL)
+     *            (java.security.cert.X509Certificate or,
+     *            java.security.cert.X509CRL)
      */
     public void publish(LDAPConnection conn, String dn, Object object)
-        throws ELdapException {
+            throws ELdapException {
         CMS.debug("FileBasedPublisher: publish");
         try {
             if (object instanceof X509Certificate) {
                 X509Certificate cert = (X509Certificate) object;
                 BigInteger sno = cert.getSerialNumber();
                 String name = mDir +
-                    File.separator + "cert-" + 
-                    sno.toString();
-                if (mDerAttr)
-                {
+                        File.separator + "cert-" +
+                        sno.toString();
+                if (mDerAttr) {
                     String fileName = name + ".der";
                     FileOutputStream fos = new FileOutputStream(fileName);
                     fos.write(cert.getEncoded());
                     fos.close();
                 }
-                if (mB64Attr)
-                {
+                if (mB64Attr) {
                     String fileName = name + ".b64";
                     FileOutputStream fos = new FileOutputStream(fileName);
                     ByteArrayOutputStream output = new ByteArrayOutputStream();
                     Base64OutputStream b64 =
-                        new Base64OutputStream(new PrintStream(new FilterOutputStream(output)));
+                            new Base64OutputStream(new PrintStream(new FilterOutputStream(output)));
                     b64.write(cert.getEncoded());
                     b64.flush();
                     (new PrintStream(fos)).print(output.toString("8859_1"));
@@ -314,7 +312,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
                 String tempFile = baseName + ".temp";
                 FileOutputStream fos;
                 ZipOutputStream zos;
-                byte [] encodedArray = null;
+                byte[] encodedArray = null;
                 File destFile = null;
                 String destName = null;
                 File renameFile = null;
@@ -325,16 +323,16 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
                     fos.write(encodedArray);
                     fos.close();
                     if (mZipCRL) {
-                        zos = new ZipOutputStream(new FileOutputStream(baseName+".zip"));
+                        zos = new ZipOutputStream(new FileOutputStream(baseName + ".zip"));
                         zos.setLevel(mZipLevel);
-                        zos.putNextEntry(new ZipEntry(baseName+".der"));
+                        zos.putNextEntry(new ZipEntry(baseName + ".der"));
                         zos.write(encodedArray, 0, encodedArray.length);
                         zos.closeEntry();
                         zos.close();
                     }
                     destName = baseName + ".der";
                     destFile = new File(destName);
-                
+
                     if (destFile.exists())
                         destFile.delete();
                     renameFile = new File(tempFile);
@@ -348,58 +346,57 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
                             linkExt += "der";
                         }
                         String linkName = mDir + File.separator + namePrefix[1] + linkExt;
-                        createLink(linkName,  destName);
+                        createLink(linkName, destName);
                         if (mZipCRL) {
                             linkName = mDir + File.separator + namePrefix[1] + ".zip";
-                            createLink(linkName,  baseName+".zip");
+                            createLink(linkName, baseName + ".zip");
                         }
                     }
                 }
-                
+
                 // output base64 file
-                if(mB64Attr==true)
-                {
-                if (encodedArray ==null)
-                    encodedArray = crl.getEncoded();
-                   
-                ByteArrayOutputStream os = new ByteArrayOutputStream();
-
-                 fos = new FileOutputStream(tempFile);
-                fos.write(com.netscape.osutil.OSUtil.BtoA(encodedArray).getBytes());
-                fos.close();
-                destName = baseName + ".b64";
-                destFile = new File(destName);
-                
-                if(destFile.exists())
-                    destFile.delete();
-                renameFile = new File(tempFile);
-                renameFile.renameTo(destFile);
-                }          
+                if (mB64Attr == true) {
+                    if (encodedArray == null)
+                        encodedArray = crl.getEncoded();
+
+                    ByteArrayOutputStream os = new ByteArrayOutputStream();
+
+                    fos = new FileOutputStream(tempFile);
+                    fos.write(com.netscape.osutil.OSUtil.BtoA(encodedArray).getBytes());
+                    fos.close();
+                    destName = baseName + ".b64";
+                    destFile = new File(destName);
+
+                    if (destFile.exists())
+                        destFile.delete();
+                    renameFile = new File(tempFile);
+                    renameFile.renameTo(destFile);
+                }
             }
         } catch (IOException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
         } catch (CertificateEncodingException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
         } catch (CRLException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
         }
     }
 
     /**
      * Unpublishs a object to the ldap directory.
-     *
+     * 
      * @param conn the Ldap connection
-     *        (null if LDAP publishing is not enabled)
+     *            (null if LDAP publishing is not enabled)
      * @param dn dn of the ldap entry to unpublish cert
-     *        (null if LDAP publishing is not enabled)
-     * @param object object to unpublish 
-     *        (java.security.cert.X509Certificate)
+     *            (null if LDAP publishing is not enabled)
+     * @param object object to unpublish
+     *            (java.security.cert.X509Certificate)
      */
     public void unpublish(LDAPConnection conn, String dn, Object object)
-        throws ELdapException {
+            throws ELdapException {
         CMS.debug("FileBasedPublisher: unpublish");
         String name = mDir + File.separator;
         String fileName;
@@ -425,13 +422,15 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
         f = new File(fileName);
         f.delete();
     }
-   /**
+
+    /**
      * returns the Der attribute where it'll be published.
      */
     public boolean getDerAttr() {
         return mDerAttr;
     }
-   /**
+
+    /**
      * returns the B64 attribute where it'll be published.
      */
     public boolean getB64Attr() {
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java
index 4727a690..ac1d2602 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.Locale;
@@ -42,14 +41,13 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapPublisher;
 
-
-/** 
- * Interface for publishing a CA certificate to 
- *
+/**
+ * Interface for publishing a CA certificate to
+ * 
  * @version $Revision$, $Date$
  */
-public class LdapCaCertPublisher 
-    implements ILdapPublisher, IExtendedPluginInfo {
+public class LdapCaCertPublisher
+        implements ILdapPublisher, IExtendedPluginInfo {
     public static final String LDAP_CACERT_ATTR = "caCertificate;binary";
     public static final String LDAP_CA_OBJECTCLASS = "pkiCA";
     public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary";
@@ -64,7 +62,6 @@ public class LdapCaCertPublisher
     private boolean mInited = false;
     protected IConfigStore mConfig = null;
     private String mcrlIssuingPointId;
-    
 
     /**
      * constructor constructs default values.
@@ -76,13 +73,13 @@ public class LdapCaCertPublisher
         String s[] = {
                 "caCertAttr;string;Name of Ldap attribute in which to store certificate",
                 "caObjectClass;string;The name of the objectclasses which should be " +
-                "added to this entry, if they do not already exist. This can be " +
-                "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
+                        "added to this entry, if they do not already exist. This can be " +
+                        "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-publisher-cacertpublisher",
+                        ";configuration-ldappublish-publisher-cacertpublisher",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This plugin knows how to publish the CA cert to " +
-                "'certificateAuthority' and 'pkiCA' -type entries"
+                        ";This plugin knows how to publish the CA cert to " +
+                        "'certificateAuthority' and 'pkiCA' -type entries"
             };
 
         return s;
@@ -117,12 +114,12 @@ public class LdapCaCertPublisher
     }
 
     public void init(IConfigStore config)
-        throws EBaseException {
-        if (mInited) 
+            throws EBaseException {
+        if (mInited)
             return;
         mConfig = config;
         mCaCertAttr = mConfig.getString("caCertAttr", LDAP_CACERT_ATTR);
-        mCaObjectclass = mConfig.getString("caObjectClass", 
+        mCaObjectclass = mConfig.getString("caObjectClass",
                     LDAP_CA_OBJECTCLASS);
         mObjAdded = mConfig.getString("caObjectClassAdded", "");
         mObjDeleted = mConfig.getString("caObjectClassDeleted", "");
@@ -155,12 +152,13 @@ public class LdapCaCertPublisher
      * Adds the cert to the multi-valued certificate attribute as a
      * DER encoded binary blob. Does not check if cert already exists.
      * Converts the class to certificateAuthority.
+     * 
      * @param conn the LDAP connection
      * @param dn dn of the entry to publish the certificate
-     * @param certObj the certificate  object.
+     * @param certObj the certificate object.
      */
     public void publish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
         if (conn == null) {
             log(ILogger.LL_INFO, "LdapCaCertPublisher: no LDAP connection");
             return;
@@ -176,31 +174,30 @@ public class LdapCaCertPublisher
         // see if we should create local connection
         LDAPConnection altConn = null;
         try {
-          String host = mConfig.getString("host", null);
-          String port = mConfig.getString("port", null);
-          if (host != null && port != null) {
-            int portVal = Integer.parseInt(port);
-            int version = Integer.parseInt(mConfig.getString("version", "2"));
-            String cert_nick = mConfig.getString("clientCertNickname", null);
-            LDAPSSLSocketFactoryExt sslSocket = null;
-            if (cert_nick != null) {
-                sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+            String host = mConfig.getString("host", null);
+            String port = mConfig.getString("port", null);
+            if (host != null && port != null) {
+                int portVal = Integer.parseInt(port);
+                int version = Integer.parseInt(mConfig.getString("version", "2"));
+                String cert_nick = mConfig.getString("clientCertNickname", null);
+                LDAPSSLSocketFactoryExt sslSocket = null;
+                if (cert_nick != null) {
+                    sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+                }
+                String mgr_dn = mConfig.getString("bindDN", null);
+                String mgr_pwd = mConfig.getString("bindPWD", null);
+
+                altConn = CMS.getBoundConnection(host, portVal,
+                        version,
+                        sslSocket, mgr_dn, mgr_pwd);
+                conn = altConn;
             }
-            String mgr_dn = mConfig.getString("bindDN", null);
-            String mgr_pwd = mConfig.getString("bindPWD", null);
-
-            altConn = CMS.getBoundConnection(host, portVal,
-               version,
-               sslSocket, mgr_dn, mgr_pwd);
-            conn = altConn;
-          }
         } catch (LDAPException e) {
-          CMS.debug("Failed to create alt connection " + e);
+            CMS.debug("Failed to create alt connection " + e);
         } catch (EBaseException e) {
-          CMS.debug("Failed to create alt connection " + e);
+            CMS.debug("Failed to create alt connection " + e);
         }
 
-
         if (!(certObj instanceof X509Certificate))
             throw new IllegalArgumentException("Illegal arg to publish");
 
@@ -210,40 +207,40 @@ public class LdapCaCertPublisher
             byte[] certEnc = cert.getEncoded();
 
             /* search for attribute names to determine existence of attributes */
-            LDAPSearchResults res = 
-                conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", 
-                    new String[] { LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true);
+            LDAPSearchResults res =
+                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+                            new String[] { LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true);
             LDAPEntry entry = res.next();
             LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR);
             LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR);
 
             /* search for objectclass and caCert values */
-            LDAPSearchResults res1 = 
-                conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", 
-                    new String[] { "objectclass", mCaCertAttr }, false);
+            LDAPSearchResults res1 =
+                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+                            new String[] { "objectclass", mCaCertAttr }, false);
             LDAPEntry entry1 = res1.next();
             LDAPAttribute ocs = entry1.getAttribute("objectclass");
             LDAPAttribute certs = entry1.getAttribute(mCaCertAttr);
 
-            boolean hasCert = 
-                LdapUserCertPublisher.ByteValueExists(certs, certEnc);
+            boolean hasCert =
+                    LdapUserCertPublisher.ByteValueExists(certs, certEnc);
 
             LDAPModificationSet modSet = new LDAPModificationSet();
 
             if (hasCert) {
                 log(ILogger.LL_INFO, "publish: CA " + dn + " already has Cert");
-            }  else {
+            } else {
                 /*
                  fix for 360458 - if no cert, use add, if has cert but
                  not equal, use replace
                  */
                 if (certs == null) {
-                    modSet.add(LDAPModification.ADD, 
-                        new LDAPAttribute(mCaCertAttr, certEnc));
+                    modSet.add(LDAPModification.ADD,
+                            new LDAPAttribute(mCaCertAttr, certEnc));
                     log(ILogger.LL_INFO, "CA cert added");
                 } else {
-                    modSet.add(LDAPModification.REPLACE, 
-                        new LDAPAttribute(mCaCertAttr, certEnc));
+                    modSet.add(LDAPModification.REPLACE,
+                            new LDAPAttribute(mCaCertAttr, certEnc));
                     log(ILogger.LL_INFO, "CA cert replaced");
                 }
             }
@@ -251,22 +248,22 @@ public class LdapCaCertPublisher
             String[] oclist = mCaObjectclass.split(",");
 
             boolean attrsAdded = false;
-            for (int i=0; i < oclist.length; i++) {
+            for (int i = 0; i < oclist.length; i++) {
                 String oc = oclist[i].trim();
                 boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc);
                 if (!hasoc) {
                     log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn);
                     modSet.add(LDAPModification.ADD,
-                        new LDAPAttribute("objectclass", oc));
+                            new LDAPAttribute("objectclass", oc));
 
                     if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) {
                         // add MUST attributes
-                        if (arls == null) 
+                        if (arls == null)
                             modSet.add(LDAPModification.ADD,
-                                new LDAPAttribute(LDAP_ARL_ATTR, ""));
+                                    new LDAPAttribute(LDAP_ARL_ATTR, ""));
                         if (crls == null)
                             modSet.add(LDAPModification.ADD,
-                                new LDAPAttribute(LDAP_CRL_ATTR, ""));
+                                    new LDAPAttribute(LDAP_CRL_ATTR, ""));
                         attrsAdded = true;
                     }
                 }
@@ -275,15 +272,15 @@ public class LdapCaCertPublisher
             // delete objectclasses that have been deleted from config
             String[] delList = mObjDeleted.split(",");
             if (delList.length > 0) {
-                for (int i=0; i< delList.length; i++) {
+                for (int i = 0; i < delList.length; i++) {
                     String deloc = delList[i].trim();
                     boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc);
                     boolean match = false;
-                    for (int j=0; j< oclist.length; j++) {
+                    for (int j = 0; j < oclist.length; j++) {
                         if ((oclist[j].trim()).equals(deloc)) {
                             match = true;
                             break;
-                        } 
+                        }
                     }
                     if (!match && hasoc) {
                         log(ILogger.LL_INFO, "deleting CA objectclass " + deloc + " from " + dn);
@@ -294,7 +291,7 @@ public class LdapCaCertPublisher
             }
 
             // reset mObjAdded and mObjDeleted, if needed
-            if ((!mObjAdded.equals("")) || (!mObjDeleted.equals(""))) { 
+            if ((!mObjAdded.equals("")) || (!mObjDeleted.equals(""))) {
                 mObjAdded = "";
                 mObjDeleted = "";
                 mConfig.putString("caObjectClassAdded", "");
@@ -305,8 +302,9 @@ public class LdapCaCertPublisher
                     log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted");
                 }
             }
-                    
-            if (modSet.size() > 0) conn.modify(dn, modSet); 
+
+            if (modSet.size() > 0)
+                conn.modify(dn, modSet);
         } catch (CertificateEncodingException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", dn));
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
@@ -315,20 +313,20 @@ public class LdapCaCertPublisher
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString()));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CACERT_ERROR", e.toString()));
             }
         } finally {
-          if (altConn != null) {
-             try {
-                altConn.disconnect();
-             } catch (LDAPException e) {
-                // safely ignored
-             }
-          }
+            if (altConn != null) {
+                try {
+                    altConn.disconnect();
+                } catch (LDAPException e) {
+                    // safely ignored
+                }
+            }
         }
 
         return;
@@ -340,7 +338,7 @@ public class LdapCaCertPublisher
      * objectclass.
      */
     public void unpublish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
         if (!(certObj instanceof X509Certificate))
             throw new IllegalArgumentException("Illegal arg to publish");
 
@@ -355,16 +353,16 @@ public class LdapCaCertPublisher
         try {
             byte[] certEnc = cert.getEncoded();
 
-            LDAPSearchResults res = 
-                conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", 
-                    new String[] { mCaCertAttr, "objectclass" }, false);
+            LDAPSearchResults res =
+                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+                            new String[] { mCaCertAttr, "objectclass" }, false);
 
             LDAPEntry entry = res.next();
             LDAPAttribute certs = entry.getAttribute(mCaCertAttr);
             LDAPAttribute ocs = entry.getAttribute("objectclass");
 
-            boolean hasCert = 
-                LdapUserCertPublisher.ByteValueExists(certs, certEnc);
+            boolean hasCert =
+                    LdapUserCertPublisher.ByteValueExists(certs, certEnc);
 
             if (!hasCert) {
                 log(ILogger.LL_INFO, "unpublish: " + dn + " has not cert already");
@@ -376,22 +374,22 @@ public class LdapCaCertPublisher
             LDAPModificationSet modSet = new LDAPModificationSet();
 
             modSet.add(LDAPModification.DELETE,
-                new LDAPAttribute(mCaCertAttr, certEnc));
+                    new LDAPAttribute(mCaCertAttr, certEnc));
             if (certs.size() == 1) {
                 // if last ca cert, remove oc also.
 
-                String[]  oclist = mCaObjectclass.split(",");
-                for (int i =0 ; i < oclist.length; i++) {
+                String[] oclist = mCaObjectclass.split(",");
+                for (int i = 0; i < oclist.length; i++) {
                     String oc = oclist[i].trim();
-                    boolean hasOC =  LdapUserCertPublisher.StringValueExists(ocs, oc);
+                    boolean hasOC = LdapUserCertPublisher.StringValueExists(ocs, oc);
                     if (hasOC) {
                         log(ILogger.LL_INFO, "unpublish: deleting CA oc" + oc + " from " + dn);
                         modSet.add(LDAPModification.DELETE,
-                            new LDAPAttribute("objectclass", oc));
+                                new LDAPAttribute("objectclass", oc));
                     }
-                } 
+                }
             }
-            conn.modify(dn, modSet); 
+            conn.modify(dn, modSet);
         } catch (CertificateEncodingException e) {
             CMS.debug("LdapCaCertPublisher: unpublish: Cannot decode cert for " + dn);
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
@@ -400,7 +398,7 @@ public class LdapCaCertPublisher
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
@@ -415,7 +413,7 @@ public class LdapCaCertPublisher
      */
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapCaPublisher: " + msg);
+                "LdapCaPublisher: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java
index 50cfd7c5..791b8acc 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
@@ -44,12 +43,11 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapPublisher;
 
-
-/** 
- * Interface for mapping a X509 certificate to a LDAP entry 
+/**
+ * Interface for mapping a X509 certificate to a LDAP entry
  * Publishes a certificate as binary and its subject name.
- * there is one subject name value for each certificate. 
- *
+ * there is one subject name value for each certificate.
+ * 
  * @version $Revision$, $Date$
  */
 public class LdapCertSubjPublisher implements ILdapPublisher {
@@ -97,19 +95,19 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
     }
 
     public void init(IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         if (mInited)
             return;
         mConfig = config;
-        mCertAttr = mConfig.getString("certAttr", 
+        mCertAttr = mConfig.getString("certAttr",
                     LdapUserCertPublisher.LDAP_USERCERT_ATTR);
-        mSubjNameAttr = mConfig.getString("certSubjectName", 
+        mSubjNameAttr = mConfig.getString("certSubjectName",
                     LDAP_CERTSUBJNAME_ATTR);
         mInited = true;
     }
 
     /**
-     * constrcutor using specified certificate attribute and 
+     * constrcutor using specified certificate attribute and
      * certificate subject name attribute.
      */
     public LdapCertSubjPublisher(String certAttr, String subjNameAttr) {
@@ -138,15 +136,16 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
      * Adds the cert to the multi-valued certificate attribute as a
      * DER encoded binary blob. Does not check if cert already exists.
      * Then adds the subject name of the cert to the subject name attribute.
+     * 
      * @param conn the LDAP connection
      * @param dn dn of the entry to publish the certificate
-     * @param certObj the certificate  object.
-     * @exception ELdapException if cert or subject name already exists, 
-     * 				if cert encoding fails, if getting cert subject name fails.
-     *			Use ELdapException.getException() to find underlying exception.
+     * @param certObj the certificate object.
+     * @exception ELdapException if cert or subject name already exists,
+     *                if cert encoding fails, if getting cert subject name fails.
+     *                Use ELdapException.getException() to find underlying exception.
      */
     public void publish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
         if (conn == null) {
             log(ILogger.LL_INFO, "LdapCertSubjPublisher: no LDAP connection");
             return;
@@ -162,9 +161,9 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
             byte[] certEnc = cert.getEncoded();
             String subjName = ((X500Name) cert.getSubjectDN()).toLdapDNString();
 
-            LDAPSearchResults res = 
-                conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", 
-                    new String[] { mCertAttr, mSubjNameAttr }, false);
+            LDAPSearchResults res =
+                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+                            new String[] { mCertAttr, mSubjNameAttr }, false);
 
             LDAPEntry entry = res.next();
             LDAPAttribute certs = entry.getAttribute(mCertAttr);
@@ -177,14 +176,14 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
 
             // check if has subject name already.
             if (subjnames != null) {
-                hasSubjname = 
+                hasSubjname =
                         LdapUserCertPublisher.StringValueExists(subjnames, subjName);
             }
 
             // if has both, done.
             if (hasCert && hasSubjname) {
-                log(ILogger.LL_INFO, 
-                    "publish: " + subjName + " already has cert & subject name");
+                log(ILogger.LL_INFO,
+                        "publish: " + subjName + " already has cert & subject name");
                 return;
             }
 
@@ -193,14 +192,14 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
 
             if (!hasCert) {
                 log(ILogger.LL_INFO, "publish: adding cert to " + subjName);
-                modSet.add(LDAPModification.ADD, 
-                    new LDAPAttribute(mCertAttr, certEnc)); 
+                modSet.add(LDAPModification.ADD,
+                        new LDAPAttribute(mCertAttr, certEnc));
             }
             // add subject name if not already there.
             if (!hasSubjname) {
                 log(ILogger.LL_INFO, "publish: adding " + subjName + " to " + dn);
-                modSet.add(LDAPModification.ADD, 
-                    new LDAPAttribute(mSubjNameAttr, subjName)); 
+                modSet.add(LDAPModification.ADD,
+                        new LDAPAttribute(mSubjNameAttr, subjName));
             }
             conn.modify(dn, modSet);
         } catch (CertificateEncodingException e) {
@@ -211,7 +210,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString()));
@@ -230,7 +229,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
      * with the same subject name.
      */
     public void unpublish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
         if (!(certObj instanceof X509Certificate))
             throw new IllegalArgumentException("Illegal arg to publish");
 
@@ -242,9 +241,9 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
 
             byte[] certEnc = cert.getEncoded();
 
-            LDAPSearchResults res = 
-                conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", 
-                    new String[] { mCertAttr, mSubjNameAttr }, false);
+            LDAPSearchResults res =
+                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+                            new String[] { mCertAttr, mSubjNameAttr }, false);
 
             LDAPEntry entry = res.next();
             LDAPAttribute certs = entry.getAttribute(mCertAttr);
@@ -266,8 +265,8 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
                     try {
                         X509CertImpl certval = new X509CertImpl(val);
                         // XXX use some sort of X500name equals function here.
-                        String subjnam = 
-                            ((X500Name) certval.getSubjectDN()).toLdapDNString();
+                        String subjnam =
+                                ((X500Name) certval.getSubjectDN()).toLdapDNString();
 
                         if (subjnam.equalsIgnoreCase(subjName)) {
                             hasAnotherCert = true;
@@ -275,25 +274,25 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
                     } catch (CertificateEncodingException e) {
                         // ignore this certificate.
                         CMS.debug(
-                            "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
+                                "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
                     } catch (CertificateException e) {
                         // ignore this certificate.
                         CMS.debug(
-                            "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
+                                "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
                     }
                 }
             }
 
             // check if doesn't have subject name already.
             if (subjnames != null) {
-                hasSubjname = 
+                hasSubjname =
                         LdapUserCertPublisher.StringValueExists(subjnames, subjName);
             }
 
             // if doesn't have both, done.
             if (!hasCert && !hasSubjname) {
-                log(ILogger.LL_INFO, 
-                    "unpublish: " + subjName + " already has not cert & subjname");
+                log(ILogger.LL_INFO,
+                        "unpublish: " + subjName + " already has not cert & subjname");
                 return;
             }
 
@@ -301,19 +300,19 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
             LDAPModificationSet modSet = new LDAPModificationSet();
 
             if (hasCert) {
-                log(ILogger.LL_INFO, 
-                    "unpublish: deleting cert " + subjName + " from " + dn);
+                log(ILogger.LL_INFO,
+                        "unpublish: deleting cert " + subjName + " from " + dn);
                 modSet.add(LDAPModification.DELETE,
-                    new LDAPAttribute(mCertAttr, certEnc));
+                        new LDAPAttribute(mCertAttr, certEnc));
             }
             // delete subject name if no other cert has the same name.
             if (hasSubjname && !hasAnotherCert) {
-                log(ILogger.LL_INFO, 
-                    "unpublish: deleting subject name " + subjName + " from " + dn);
+                log(ILogger.LL_INFO,
+                        "unpublish: deleting subject name " + subjName + " from " + dn);
                 modSet.add(LDAPModification.DELETE,
-                    new LDAPAttribute(mSubjNameAttr, subjName));
+                        new LDAPAttribute(mSubjNameAttr, subjName));
             }
-            conn.modify(dn, modSet); 
+            conn.modify(dn, modSet);
         } catch (CertificateEncodingException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
@@ -325,7 +324,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
@@ -337,7 +336,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapCertSubjPublisher: " + msg);
+                "LdapCertSubjPublisher: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
index e4a7e0b7..152a1efb 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.util.Locale;
 import java.util.Vector;
 
@@ -39,15 +38,14 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapPublisher;
 
-
-/** 
+/**
  * module for publishing a cross certificate pair to ldap
  * crossCertificatePair attribute
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class LdapCertificatePairPublisher 
-    implements ILdapPublisher, IExtendedPluginInfo {
+public class LdapCertificatePairPublisher
+        implements ILdapPublisher, IExtendedPluginInfo {
     public static final String LDAP_CROSS_CERT_PAIR_ATTR = "crossCertificatePair;binary";
     public static final String LDAP_CA_OBJECTCLASS = "pkiCA";
     public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary";
@@ -73,13 +71,13 @@ public class LdapCertificatePairPublisher
         String s[] = {
                 "crossCertPairAttr;string;Name of Ldap attribute in which to store cross certificates",
                 "caObjectClass;string;The name of the objectclasses which should be " +
-                "added to this entry, if they do not already exist. This can be " +
-                "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
+                        "added to this entry, if they do not already exist. This can be " +
+                        "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-publisher-crosscertpairpublisher",
+                        ";configuration-ldappublish-publisher-crosscertpairpublisher",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This plugin knows how to publish the CA cert to " +
-                "'certificateAuthority' and 'pkiCA' -type entries"
+                        ";This plugin knows how to publish the CA cert to " +
+                        "'certificateAuthority' and 'pkiCA' -type entries"
             };
 
         return s;
@@ -118,12 +116,12 @@ public class LdapCertificatePairPublisher
     }
 
     public void init(IConfigStore config)
-        throws EBaseException {
-        if (mInited) 
+            throws EBaseException {
+        if (mInited)
             return;
         mConfig = config;
         mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR);
-        mCaObjectclass = mConfig.getString("caObjectClass", 
+        mCaObjectclass = mConfig.getString("caObjectClass",
                     LDAP_CA_OBJECTCLASS);
         mObjAdded = mConfig.getString("caObjectClassAdded", "");
         mObjDeleted = mConfig.getString("caObjectClassDeleted", "");
@@ -154,26 +152,28 @@ public class LdapCertificatePairPublisher
 
     /**
      * publish a certificatePair
-     *    -should not be called from listeners.
+     * -should not be called from listeners.
+     * 
      * @param conn the LDAP connection
      * @param dn dn of the entry to publish the XcertificatePair
-     * @param pair the Xcertificate bytes  object.
+     * @param pair the Xcertificate bytes object.
      */
     public synchronized void publish(LDAPConnection conn, String dn, Object pair)
-        throws ELdapException {
+            throws ELdapException {
         publish(conn, dn, (byte[]) pair);
     }
 
     /**
      * publish a certificatePair
-     *    -should not be called from listeners.
+     * -should not be called from listeners.
+     * 
      * @param conn the LDAP connection
      * @param dn dn of the entry to publish the XcertificatePair
      * @param pair the cross cert bytes
      */
     public synchronized void publish(LDAPConnection conn, String dn,
-        byte[] pair)
-        throws ELdapException {
+            byte[] pair)
+            throws ELdapException {
 
         if (conn == null) {
             log(ILogger.LL_INFO, "LdapCertificatePairPublisher: no LDAP connection");
@@ -189,17 +189,17 @@ public class LdapCertificatePairPublisher
         try {
             // search for attributes to determine if they exist
             LDAPSearchResults res =
-                conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
-                    new String[] { LDAP_CACERT_ATTR, LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true);
+                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+                            new String[] { LDAP_CACERT_ATTR, LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true);
             LDAPEntry entry = res.next();
             LDAPAttribute certs = entry.getAttribute(LDAP_CACERT_ATTR);
             LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR);
             LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR);
 
             // search for objectclass and crosscertpair attributes and values
-            LDAPSearchResults res1 = 
-                conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", 
-                    new String[] { "objectclass", mCrossCertPairAttr }, false);
+            LDAPSearchResults res1 =
+                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+                            new String[] { "objectclass", mCrossCertPairAttr }, false);
             LDAPEntry entry1 = res1.next();
             LDAPAttribute ocs = entry1.getAttribute("objectclass");
             LDAPAttribute certPairs = entry1.getAttribute("crosscertificatepair;binary");
@@ -207,53 +207,53 @@ public class LdapCertificatePairPublisher
             LDAPModificationSet modSet = new LDAPModificationSet();
 
             boolean hasCert = LdapUserCertPublisher.ByteValueExists(certPairs, pair);
-            if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) { 
+            if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) {
                 CMS.debug("LdapCertificatePairPublisher: cross cert pair bytes exist in publishing directory, do not publish again.");
                 return;
             }
             if (hasCert) {
                 log(ILogger.LL_INFO, "publish: CA " + dn + " already has cross cert pair bytes");
             } else {
-                modSet.add(LDAPModification.ADD, 
-                    new LDAPAttribute(mCrossCertPairAttr, pair));
+                modSet.add(LDAPModification.ADD,
+                        new LDAPAttribute(mCrossCertPairAttr, pair));
                 log(ILogger.LL_INFO, "cross cert pair published with dn=" + dn);
             }
 
             String[] oclist = mCaObjectclass.split(",");
 
             boolean attrsAdded = false;
-            for (int i=0; i < oclist.length; i++) {
+            for (int i = 0; i < oclist.length; i++) {
                 String oc = oclist[i].trim();
                 boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc);
                 if (!hasoc) {
                     log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn);
                     modSet.add(LDAPModification.ADD,
-                        new LDAPAttribute("objectclass", oc));
+                            new LDAPAttribute("objectclass", oc));
 
                     if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) {
                         // add MUST attributes
-                        if (arls == null) 
+                        if (arls == null)
                             modSet.add(LDAPModification.ADD,
-                                new LDAPAttribute(LDAP_ARL_ATTR, ""));
+                                    new LDAPAttribute(LDAP_ARL_ATTR, ""));
                         if (crls == null)
                             modSet.add(LDAPModification.ADD,
-                                new LDAPAttribute(LDAP_CRL_ATTR, ""));
+                                    new LDAPAttribute(LDAP_CRL_ATTR, ""));
                         if (certs == null)
-                            modSet.add(LDAPModification.ADD, 
-                                new LDAPAttribute(LDAP_CACERT_ATTR, ""));
+                            modSet.add(LDAPModification.ADD,
+                                    new LDAPAttribute(LDAP_CACERT_ATTR, ""));
                         attrsAdded = true;
                     }
                 }
-            } 
+            }
 
             // delete objectclasses that have been deleted from config
             String[] delList = mObjDeleted.split(",");
             if (delList.length > 0) {
-                for (int i=0; i< delList.length; i++) {
+                for (int i = 0; i < delList.length; i++) {
                     String deloc = delList[i].trim();
                     boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc);
                     boolean match = false;
-                    for (int j=0; j< oclist.length; j++) {
+                    for (int j = 0; j < oclist.length; j++) {
                         if ((oclist[j].trim()).equals(deloc)) {
                             match = true;
                             break;
@@ -280,14 +280,15 @@ public class LdapCertificatePairPublisher
                 }
             }
 
-            if (modSet.size() > 0) conn.modify(dn, modSet); 
+            if (modSet.size() > 0)
+                conn.modify(dn, modSet);
             CMS.debug("LdapCertificatePairPublisher: in publish() just published");
         } catch (LDAPException e) {
             if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString()));
@@ -301,7 +302,7 @@ public class LdapCertificatePairPublisher
      * unsupported
      */
     public void unpublish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
         CMS.debug("LdapCertificatePairPublisher: unpublish() is unsupported in this revision");
     }
 
@@ -310,7 +311,7 @@ public class LdapCertificatePairPublisher
      */
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapCertificatePairPublisher: " + msg);
+                "LdapCertificatePairPublisher: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
index 22dc1294..07b62e90 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.security.cert.CRLException;
 import java.security.cert.X509CRL;
 import java.util.Locale;
@@ -42,9 +41,8 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapPublisher;
 
-
 /**
- * For publishing master or global CRL. 
+ * For publishing master or global CRL.
  * Publishes (replaces) the CRL in the CA's LDAP entry.
  * 
  * @version $Revision$, $Date$
@@ -82,14 +80,14 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
         String[] params = {
                 "crlAttr;string;Name of Ldap attribute in which to store the CRL",
                 "crlObjectClass;string;The name of the objectclasses which should be " +
-                "added to this entry, if they do not already exist. This can be a comma-" +
-                "separated list such as 'certificationAuthority,certificationAuthority-V2' " +
-                "(if using RFC 2256) or 'pkiCA, deltaCRL' (if using RFC 4523)",
+                        "added to this entry, if they do not already exist. This can be a comma-" +
+                        "separated list such as 'certificationAuthority,certificationAuthority-V2' " +
+                        "(if using RFC 2256) or 'pkiCA, deltaCRL' (if using RFC 4523)",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-publisher-crlpublisher",
+                        ";configuration-ldappublish-publisher-crlpublisher",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This plugin knows how to publish CRL's to " +
-                "'certificateAuthority' and 'pkiCA' -type entries"
+                        ";This plugin knows how to publish CRL's to " +
+                        "'certificateAuthority' and 'pkiCA' -type entries"
             };
 
         return params;
@@ -115,14 +113,14 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
         return mConfig;
     }
 
-    public void init(IConfigStore config) 
-        throws EBaseException {
+    public void init(IConfigStore config)
+            throws EBaseException {
         if (mInited)
             return;
         mConfig = config;
         mCrlAttr = mConfig.getString("crlAttr", LDAP_CRL_ATTR);
         mCrlObjectClass = mConfig.getString("crlObjectClass",
-            LDAP_CRL_OBJECTCLASS);
+                LDAP_CRL_OBJECTCLASS);
         mObjAdded = mConfig.getString("crlObjectClassAdded", "");
         mObjDeleted = mConfig.getString("crlObjectClassDeleted", "");
 
@@ -146,7 +144,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
      * CRL's are published as a DER encoded blob.
      */
     public void publish(LDAPConnection conn, String dn, Object crlObj)
-        throws ELdapException {
+            throws ELdapException {
         if (conn == null) {
             log(ILogger.LL_INFO, "publish CRL: no LDAP connection");
             return;
@@ -162,28 +160,28 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
         // see if we should create local connection
         LDAPConnection altConn = null;
         try {
-          String host = mConfig.getString("host", null);
-          String port = mConfig.getString("port", null);
-          if (host != null && port != null) {
-            int portVal = Integer.parseInt(port);
-            int version = Integer.parseInt(mConfig.getString("version", "2"));
-            String cert_nick = mConfig.getString("clientCertNickname", null);
-            LDAPSSLSocketFactoryExt sslSocket = null;
-            if (cert_nick != null) {
-                sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+            String host = mConfig.getString("host", null);
+            String port = mConfig.getString("port", null);
+            if (host != null && port != null) {
+                int portVal = Integer.parseInt(port);
+                int version = Integer.parseInt(mConfig.getString("version", "2"));
+                String cert_nick = mConfig.getString("clientCertNickname", null);
+                LDAPSSLSocketFactoryExt sslSocket = null;
+                if (cert_nick != null) {
+                    sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+                }
+                String mgr_dn = mConfig.getString("bindDN", null);
+                String mgr_pwd = mConfig.getString("bindPWD", null);
+
+                altConn = CMS.getBoundConnection(host, portVal,
+                        version,
+                        sslSocket, mgr_dn, mgr_pwd);
+                conn = altConn;
             }
-            String mgr_dn = mConfig.getString("bindDN", null);
-            String mgr_pwd = mConfig.getString("bindPWD", null);
-
-            altConn = CMS.getBoundConnection(host, portVal,
-               version,
-               sslSocket, mgr_dn, mgr_pwd);
-            conn = altConn;
-          }
         } catch (LDAPException e) {
-          CMS.debug("Failed to create alt connection " + e);
+            CMS.debug("Failed to create alt connection " + e);
         } catch (EBaseException e) {
-          CMS.debug("Failed to create alt connection " + e);
+            CMS.debug("Failed to create alt connection " + e);
         }
 
         try {
@@ -194,10 +192,10 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
             LDAPSearchResults res = null;
             if (mCrlAttr.equals(LDAP_CRL_ATTR)) {
                 res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
-                    new String[] { LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true);
+                        new String[] { LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true);
             } else {
                 res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
-                    new String[] { LDAP_CRL_ATTR, LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true);
+                        new String[] { LDAP_CRL_ATTR, LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true);
             }
 
             LDAPEntry entry = res.next();
@@ -216,26 +214,26 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
 
             String[] oclist = mCrlObjectClass.split(",");
             boolean attrsAdded = false;
-            for (int i=0; i < oclist.length; i++) {
+            for (int i = 0; i < oclist.length; i++) {
                 String oc = oclist[i].trim();
                 boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc);
                 if (!hasoc) {
                     log(ILogger.LL_INFO, "adding CRL objectclass " + oc + " to " + dn);
                     modSet.add(LDAPModification.ADD,
-                        new LDAPAttribute("objectclass", oc));
+                            new LDAPAttribute("objectclass", oc));
 
                     if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) {
                         // add MUST attributes
                         if (arls == null)
                             modSet.add(LDAPModification.ADD,
-                                new LDAPAttribute(LDAP_ARL_ATTR, ""));
+                                    new LDAPAttribute(LDAP_ARL_ATTR, ""));
                         if (certs == null)
                             modSet.add(LDAPModification.ADD,
-                                new LDAPAttribute(LDAP_CACERT_ATTR, ""));
+                                    new LDAPAttribute(LDAP_CACERT_ATTR, ""));
 
-                        if ((crls == null) && (!mCrlAttr.equals(LDAP_CRL_ATTR))) 
+                        if ((crls == null) && (!mCrlAttr.equals(LDAP_CRL_ATTR)))
                             modSet.add(LDAPModification.ADD,
-                                new LDAPAttribute(LDAP_CRL_ATTR, ""));
+                                    new LDAPAttribute(LDAP_CRL_ATTR, ""));
                         attrsAdded = true;
                     }
                 }
@@ -246,11 +244,11 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
             // delete objectclasses that have been deleted from config
             String[] delList = mObjDeleted.split(",");
             if (delList.length > 0) {
-                for (int i=0; i< delList.length; i++) {
+                for (int i = 0; i < delList.length; i++) {
                     String deloc = delList[i].trim();
                     boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc);
                     boolean match = false;
-                    for (int j=0; j< oclist.length; j++) {
+                    for (int j = 0; j < oclist.length; j++) {
                         if ((oclist[j].trim()).equals(deloc)) {
                             match = true;
                             break;
@@ -275,7 +273,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
                 } catch (Exception e) {
                     log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted");
                 }
-            }  
+            }
 
             conn.modify(dn, modSet);
         } catch (CRLException e) {
@@ -286,31 +284,31 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString()));
             }
         } finally {
-          if (altConn != null) {
-             try {
-                altConn.disconnect();
-             } catch (LDAPException e) {
-                // safely ignored
-             }
-          }
+            if (altConn != null) {
+                try {
+                    altConn.disconnect();
+                } catch (LDAPException e) {
+                    // safely ignored
+                }
+            }
         }
 
     }
 
     /**
-     * There shouldn't be a need to call this. 
-     * CRLs are always replaced but this is implemented anyway in case 
+     * There shouldn't be a need to call this.
+     * CRLs are always replaced but this is implemented anyway in case
      * there is ever a reason to remove a global CRL.
      */
     public void unpublish(LDAPConnection conn, String dn, Object crlObj)
-        throws ELdapException {
+            throws ELdapException {
         try {
             byte[] crlEnc = ((X509CRL) crlObj).getEncoded();
 
@@ -320,7 +318,6 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
             } catch (EBaseException e) {
             }
 
-
             LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
                     "(objectclass=*)", new String[] { mCrlAttr, "objectclass" }, false);
             LDAPEntry e = res.next();
@@ -330,21 +327,21 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
             LDAPModificationSet modSet = new LDAPModificationSet();
 
             boolean hasOC = false;
-            boolean hasCRL = 
-                LdapUserCertPublisher.ByteValueExists(crls, crlEnc);
+            boolean hasCRL =
+                    LdapUserCertPublisher.ByteValueExists(crls, crlEnc);
 
             if (hasCRL) {
-                modSet.add(LDAPModification.DELETE, 
-                    new LDAPAttribute(mCrlAttr, crlEnc));
+                modSet.add(LDAPModification.DELETE,
+                        new LDAPAttribute(mCrlAttr, crlEnc));
             }
-          
+
             String[] oclist = mCrlObjectClass.split(",");
-            for (int i=0; i < oclist.length; i++) {
+            for (int i = 0; i < oclist.length; i++) {
                 String oc = oclist[i].trim();
                 if (LdapUserCertPublisher.StringValueExists(ocs, oc)) {
                     log(ILogger.LL_INFO, "unpublish: deleting CRL object class " + oc + " from " + dn);
-                    modSet.add(LDAPModification.DELETE, 
-                        new LDAPAttribute("objectClass", oc));
+                    modSet.add(LDAPModification.DELETE,
+                            new LDAPAttribute("objectClass", oc));
                     hasOC = true;
                 }
             }
@@ -353,7 +350,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
                 conn.modify(dn, modSet);
             } else {
                 log(ILogger.LL_INFO,
-                    "unpublish: " + dn + " already has not CRL");
+                        "unpublish: " + dn + " already has not CRL");
             }
         } catch (CRLException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
@@ -363,7 +360,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
@@ -375,6 +372,6 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapCrlPublisher: " + msg);
+                "LdapCrlPublisher: " + msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java
index f4dcbb3c..ee2bff33 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CertificateEncodingException;
@@ -51,10 +50,9 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapPublisher;
 
-
-/** 
- * Interface for mapping a X509 certificate to a LDAP entry 
- *
+/**
+ * Interface for mapping a X509 certificate to a LDAP entry
+ * 
  * @version $Revision$, $Date$
  */
 public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPluginInfo {
@@ -82,9 +80,9 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
         String[] params = {
                 "certAttr;string;LDAP attribute in which to store the certificate",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-publisher-usercertpublisher",
+                        ";configuration-ldappublish-publisher-usercertpublisher",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This plugin knows how to publish user certificates"
+                        ";This plugin knows how to publish user certificates"
             };
 
         return params;
@@ -110,7 +108,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
     }
 
     public void init(IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         if (mInited)
             return;
         mConfig = config;
@@ -130,10 +128,10 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
      * 
      * @param conn the LDAP connection
      * @param dn dn of the entry to publish the certificate
-     * @param certObj the certificate  object.
+     * @param certObj the certificate object.
      */
     public void publish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
         if (conn == null)
             return;
 
@@ -147,7 +145,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
             byte[] certEnc = cert.getEncoded();
 
             // check if cert already exists.
-            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, 
+            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
                     "(objectclass=*)", new String[] { mCertAttr }, false);
             LDAPEntry entry = res.next();
             LDAPAttribute attr = getModificationAttribute(entry.getAttribute(mCertAttr), certEnc);
@@ -160,7 +158,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
             // publish 
             LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr);
 
-            conn.modify(dn, mod); 
+            conn.modify(dn, mod);
         } catch (CertificateEncodingException e) {
             CMS.debug("LdapEncryptCertPublisher: error in publish: " + e.toString());
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
@@ -169,7 +167,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
@@ -180,12 +178,12 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
     }
 
     /**
-     * unpublish a user certificate 
+     * unpublish a user certificate
      * deletes the certificate from the list of certificates.
      * does not check if certificate is already there.
      */
     public void unpublish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
         if (!(certObj instanceof X509Certificate))
             throw new IllegalArgumentException("Illegal arg to publish");
 
@@ -195,7 +193,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
             byte[] certEnc = cert.getEncoded();
 
             // check if cert already deleted.
-            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, 
+            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
                     "(objectclass=*)", new String[] { mCertAttr }, false);
             LDAPEntry entry = res.next();
 
@@ -207,7 +205,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
             LDAPModification mod = new LDAPModification(LDAPModification.DELETE,
                     new LDAPAttribute(mCertAttr, certEnc));
 
-            conn.modify(dn, mod); 
+            conn.modify(dn, mod);
         } catch (CertificateEncodingException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
@@ -216,7 +214,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
@@ -228,11 +226,11 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapUserCertPublisher: " + msg);
+                "LdapUserCertPublisher: " + msg);
     }
 
     public LDAPAttribute getModificationAttribute(
-        LDAPAttribute attr, byte[] bval) {
+            LDAPAttribute attr, byte[] bval) {
 
         LDAPAttribute at = new LDAPAttribute(attr.getName(), bval);
         // determine if the given cert is a signing or an encryption
@@ -248,7 +246,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
         }
 
         @SuppressWarnings("unchecked")
-		Enumeration<byte[]> vals = attr.getByteValues();
+        Enumeration<byte[]> vals = attr.getByteValues();
         byte[] val = null;
 
         while (vals.hasMoreElements()) {
@@ -258,12 +256,12 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
 
                 log(ILogger.LL_INFO, "Checking " + cert);
                 if (CMS.isEncryptionCert(thisCert) &&
-                    CMS.isEncryptionCert(cert)) {
+                        CMS.isEncryptionCert(cert)) {
                     // skip
                     log(ILogger.LL_INFO, "SKIP ENCRYPTION " + cert);
                     revokeCert(cert);
                 } else if (CMS.isSigningCert(thisCert) &&
-                    CMS.isSigningCert(cert)) {
+                        CMS.isSigningCert(cert)) {
                     // skip
                     log(ILogger.LL_INFO, "SKIP SIGNING " + cert);
                     revokeCert(cert);
@@ -278,8 +276,8 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
     }
 
     private RevokedCertImpl formCRLEntry(
-        BigInteger serialNo, RevocationReason reason)
-        throws EBaseException {
+            BigInteger serialNo, RevocationReason reason)
+            throws EBaseException {
         CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
         CRLExtensions crlentryexts = new CRLExtensions();
 
@@ -291,13 +289,13 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
         }
         RevokedCertImpl crlentry =
-            new RevokedCertImpl(serialNo, new Date(), crlentryexts);
+                new RevokedCertImpl(serialNo, new Date(), crlentryexts);
 
         return crlentry;
     }
 
     private void revokeCert(X509CertImpl cert)
-        throws EBaseException { 
+            throws EBaseException {
         try {
             if (mConfig.getBoolean(PROP_REVOKE_CERT, true) == false) {
                 return;
@@ -308,7 +306,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
         BigInteger serialNum = cert.getSerialNumber();
         // need to revoke certificate also
         ICertificateAuthority ca = (ICertificateAuthority)
-            CMS.getSubsystem("ca");
+                CMS.getSubsystem("ca");
         ICAService service = (ICAService) ca.getCAService();
         RevokedCertImpl crlEntry = formCRLEntry(
                 serialNum, RevocationReason.KEY_COMPROMISE);
@@ -324,7 +322,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
             return false;
         }
         @SuppressWarnings("unchecked")
-		Enumeration<byte[]> vals = attr.getByteValues();
+        Enumeration<byte[]> vals = attr.getByteValues();
         byte[] val = null;
 
         while (vals.hasMoreElements()) {
@@ -344,7 +342,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
             return false;
         }
         @SuppressWarnings("unchecked")
-		Enumeration<String> vals = attr.getStringValues();
+        Enumeration<String> vals = attr.getStringValues();
         String val = null;
 
         while (vals.hasMoreElements()) {
@@ -357,4 +355,3 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
index f612d005..aa1a7ef7 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
@@ -43,10 +42,9 @@ import com.netscape.certsrv.logging.AuditFormat;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapPublisher;
 
-
-/** 
- * Interface for mapping a X509 certificate to a LDAP entry 
- *
+/**
+ * Interface for mapping a X509 certificate to a LDAP entry
+ * 
  * @version $Revision$, $Date$
  */
 public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInfo {
@@ -72,9 +70,9 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
         String[] params = {
                 "certAttr;string;LDAP attribute in which to store the certificate",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-publisher-usercertpublisher",
+                        ";configuration-ldappublish-publisher-usercertpublisher",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This plugin knows how to publish user certificates"
+                        ";This plugin knows how to publish user certificates"
             };
 
         return params;
@@ -100,7 +98,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
     }
 
     public void init(IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         if (mInited)
             return;
         mConfig = config;
@@ -119,10 +117,10 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
      * 
      * @param conn the LDAP connection
      * @param dn dn of the entry to publish the certificate
-     * @param certObj the certificate  object.
+     * @param certObj the certificate object.
      */
     public void publish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
         if (conn == null)
             return;
 
@@ -130,28 +128,28 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
         // see if we should create local connection
         LDAPConnection altConn = null;
         try {
-  	  String host = mConfig.getString("host", null);
-	  String port = mConfig.getString("port", null);
-          if (host != null && port != null) {
-            int portVal = Integer.parseInt(port);
-	    int version = Integer.parseInt(mConfig.getString("version", "2"));
-	    String cert_nick = mConfig.getString("clientCertNickname", null);
-            LDAPSSLSocketFactoryExt sslSocket = null;
-            if (cert_nick != null) {
-                sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+            String host = mConfig.getString("host", null);
+            String port = mConfig.getString("port", null);
+            if (host != null && port != null) {
+                int portVal = Integer.parseInt(port);
+                int version = Integer.parseInt(mConfig.getString("version", "2"));
+                String cert_nick = mConfig.getString("clientCertNickname", null);
+                LDAPSSLSocketFactoryExt sslSocket = null;
+                if (cert_nick != null) {
+                    sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+                }
+                String mgr_dn = mConfig.getString("bindDN", null);
+                String mgr_pwd = mConfig.getString("bindPWD", null);
+
+                altConn = CMS.getBoundConnection(host, portVal,
+                        version,
+                        sslSocket, mgr_dn, mgr_pwd);
+                conn = altConn;
             }
-	    String mgr_dn = mConfig.getString("bindDN", null);
-	    String mgr_pwd = mConfig.getString("bindPWD", null);
-
-            altConn = CMS.getBoundConnection(host, portVal,
-               version, 
-	       sslSocket, mgr_dn, mgr_pwd); 
-            conn = altConn;
-          }
         } catch (LDAPException e) {
-	  CMS.debug("Failed to create alt connection " + e);
+            CMS.debug("Failed to create alt connection " + e);
         } catch (EBaseException e) {
-	  CMS.debug("Failed to create alt connection " + e);
+            CMS.debug("Failed to create alt connection " + e);
         }
 
         if (!(certObj instanceof X509Certificate))
@@ -169,7 +167,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
             byte[] certEnc = cert.getEncoded();
 
             // check if cert already exists.
-            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, 
+            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
                     "(objectclass=*)", new String[] { mCertAttr }, false);
             LDAPEntry entry = res.next();
 
@@ -181,23 +179,23 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
             // publish 
             LDAPModification mod = null;
             if (deleteCert) {
-               mod = new LDAPModification(LDAPModification.REPLACE,
-                    new LDAPAttribute(mCertAttr, certEnc));
+                mod = new LDAPModification(LDAPModification.REPLACE,
+                        new LDAPAttribute(mCertAttr, certEnc));
             } else {
-               mod = new LDAPModification(LDAPModification.ADD,
-                    new LDAPAttribute(mCertAttr, certEnc));
+                mod = new LDAPModification(LDAPModification.ADD,
+                        new LDAPAttribute(mCertAttr, certEnc));
             }
 
-            conn.modify(dn, mod); 
+            conn.modify(dn, mod);
 
             // log a successful message to the "transactions" log
-            mLogger.log( ILogger.EV_AUDIT,
+            mLogger.log(ILogger.EV_AUDIT,
                          ILogger.S_LDAP,
                          ILogger.LL_INFO,
                          AuditFormat.LDAP_PUBLISHED_FORMAT,
                          new Object[] { "LdapUserCertPublisher",
                                         cert.getSerialNumber().toString(16),
-                                        cert.getSubjectDN() } );
+                                        cert.getSubjectDN() });
         } catch (CertificateEncodingException e) {
             CMS.debug("LdapUserCertPublisher: error in publish: " + e.toString());
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
@@ -206,31 +204,31 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString()));
             }
         } finally {
-          if (altConn != null) {
-             try {
-		altConn.disconnect();
-             } catch (LDAPException e) {
-                // safely ignored
-             }
-          }
+            if (altConn != null) {
+                try {
+                    altConn.disconnect();
+                } catch (LDAPException e) {
+                    // safely ignored
+                }
+            }
         }
         return;
     }
 
     /**
-     * unpublish a user certificate 
+     * unpublish a user certificate
      * deletes the certificate from the list of certificates.
      * does not check if certificate is already there.
      */
     public void unpublish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
 
         boolean disableUnpublish = false;
         try {
@@ -239,8 +237,8 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
         }
 
         if (disableUnpublish) {
-           CMS.debug("UserCertPublisher: disable unpublish");
-           return;
+            CMS.debug("UserCertPublisher: disable unpublish");
+            return;
         }
 
         if (!(certObj instanceof X509Certificate))
@@ -252,7 +250,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
             byte[] certEnc = cert.getEncoded();
 
             // check if cert already deleted.
-            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, 
+            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
                     "(objectclass=*)", new String[] { mCertAttr }, false);
             LDAPEntry entry = res.next();
 
@@ -264,7 +262,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
             LDAPModification mod = new LDAPModification(LDAPModification.DELETE,
                     new LDAPAttribute(mCertAttr, certEnc));
 
-            conn.modify(dn, mod); 
+            conn.modify(dn, mod);
         } catch (CertificateEncodingException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
@@ -273,7 +271,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR"));
@@ -285,7 +283,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapUserCertPublisher: " + msg);
+                "LdapUserCertPublisher: " + msg);
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java
index ad37a666..551bb4d6 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.io.DataInputStream;
 import java.io.IOException;
 import java.io.OutputStream;
@@ -42,11 +41,10 @@ import com.netscape.certsrv.publish.ILdapPublisher;
 import com.netscape.cmsutil.http.HttpRequest;
 import com.netscape.cmsutil.http.JssSSLSocketFactory;
 
-
-/** 
+/**
  * This publisher writes certificate and CRL into
  * a directory.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
@@ -86,9 +84,9 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
                 PROP_NICK + ";string;Nickname of cert used for client authentication",
                 PROP_CLIENT_AUTH_ENABLE + ";boolean;Client Authentication enabled",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-publisher-ocsppublisher",
+                        ";configuration-ldappublish-publisher-ocsppublisher",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Publishes CRLs to a Online Certificate Status Manager, an OCSP responder provided by CMS."
+                        ";Publishes CRLs to a Online Certificate Status Manager, an OCSP responder provided by CMS."
             };
 
         return params;
@@ -146,11 +144,10 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
             nickname = config.getString("ca.subsystem.nickname", "");
             String tokenname = config.getString("ca.subsystem.tokenname", "");
             if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
-                nickname = tokenname+":"+nickname;
+                nickname = tokenname + ":" + nickname;
         } catch (Exception e) {
         }
 
-
         v.addElement(PROP_HOST + "=");
         v.addElement(PROP_PORT + "=");
         v.addElement(PROP_PATH + "=/ocsp/agent/ocsp/addCRL");
@@ -178,45 +175,44 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
         return mConfig;
     }
 
-    protected Socket Connect(String host, boolean secure, JssSSLSocketFactory factory) 
-    {
-            Socket socket = null;
-               StringTokenizer st = new StringTokenizer(host, " ");
-               while (st.hasMoreTokens()) {
-                  String hp = st.nextToken(); // host:port
-                  StringTokenizer st1 = new StringTokenizer(hp, ":");
-                  String h = st1.nextToken();
-                  int p = Integer.parseInt(st1.nextToken());
-                  try {
-                     if (secure) {
-                        socket = factory.makeSocket(h, p);
-                     } else {
-                        socket = new Socket(h, p);
-                     }
-                     return socket;
-                  }  catch (Exception e) {
-                  }
-                  try {
-                     Thread.sleep(5000); // 5 seconds delay
-                  }  catch (Exception e) {
-                  }
-               }
-               return null;
+    protected Socket Connect(String host, boolean secure, JssSSLSocketFactory factory) {
+        Socket socket = null;
+        StringTokenizer st = new StringTokenizer(host, " ");
+        while (st.hasMoreTokens()) {
+            String hp = st.nextToken(); // host:port
+            StringTokenizer st1 = new StringTokenizer(hp, ":");
+            String h = st1.nextToken();
+            int p = Integer.parseInt(st1.nextToken());
+            try {
+                if (secure) {
+                    socket = factory.makeSocket(h, p);
+                } else {
+                    socket = new Socket(h, p);
+                }
+                return socket;
+            } catch (Exception e) {
+            }
+            try {
+                Thread.sleep(5000); // 5 seconds delay
+            } catch (Exception e) {
+            }
+        }
+        return null;
     }
 
     /**
      * Publishs a object to the ldap directory.
      * 
-     * @param conn a Ldap connection 
-     *        (null if LDAP publishing is not enabled)
+     * @param conn a Ldap connection
+     *            (null if LDAP publishing is not enabled)
      * @param dn dn of the ldap entry to publish cert
-     *        (null if LDAP publishing is not enabled)
+     *            (null if LDAP publishing is not enabled)
      * @param object object to publish
-     *        (java.security.cert.X509Certificate or,
-     *         java.security.cert.X509CRL)
+     *            (java.security.cert.X509Certificate or,
+     *            java.security.cert.X509CRL)
      */
     public synchronized void publish(LDAPConnection conn, String dn, Object object)
-        throws ELdapException {
+            throws ELdapException {
         try {
             if (!(object instanceof X509CRL))
                 return;
@@ -226,18 +222,18 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
 
             // open the connection and prepare it to POST
             boolean secure = true;
-	 
+
             String host = mHost;
             int port = Integer.parseInt(mPort);
             String path = mPath;
 
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_INFO, "OCSPPublisher: " + 
-                "Host='" + host + "' Port='" + port + 
-                "' URL='" + path + "'");
-            CMS.debug("OCSPPublisher: " + 
-                "Host='" + host + "' Port='" + port + 
-                "' URL='" + path + "'");
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_INFO, "OCSPPublisher: " +
+                            "Host='" + host + "' Port='" + port +
+                            "' URL='" + path + "'");
+            CMS.debug("OCSPPublisher: " +
+                    "Host='" + host + "' Port='" + port +
+                    "' URL='" + path + "'");
 
             StringBuffer query = new StringBuffer();
             query.append("crl=");
@@ -256,23 +252,23 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
             }
 
             if (mHost != null && mHost.indexOf(' ') != -1) {
-               // support failover hosts configuration
-               // host parameter can be
-               // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2"
-               do {
-                   socket = Connect(mHost, secure, factory);
-               } while (socket == null);
+                // support failover hosts configuration
+                // host parameter can be
+                // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2"
+                do {
+                    socket = Connect(mHost, secure, factory);
+                } while (socket == null);
             } else {
-              if (secure) {
-                socket = factory.makeSocket(host, port);
-              } else {
-                socket = new Socket(host, port);
-              }
+                if (secure) {
+                    socket = factory.makeSocket(host, port);
+                } else {
+                    socket = new Socket(host, port);
+                }
             }
 
-            if( socket == null ) {
-                CMS.debug( "OCSPPublisher::publish() - socket is null!" );
-                throw new ELdapException( "socket is null" );
+            if (socket == null) {
+                CMS.debug("OCSPPublisher::publish() - socket is null!");
+                throw new ELdapException("socket is null");
             }
 
             // use HttpRequest and POST
@@ -283,17 +279,17 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
             httpReq.setHeader("Connection", "Keep-Alive");
 
             httpReq.setHeader("Content-Type",
-                "application/x-www-form-urlencoded");
+                    "application/x-www-form-urlencoded");
             httpReq.setHeader("Content-Transfer-Encoding", "7bit");
 
-            httpReq.setHeader("Content-Length", 
-                Integer.toString(query.length()));
+            httpReq.setHeader("Content-Length",
+                    Integer.toString(query.length()));
             httpReq.setContent(query.toString());
             OutputStream os = socket.getOutputStream();
             OutputStreamWriter outputStreamWriter = new OutputStreamWriter(os, "UTF8");
 
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_INFO, "OCSPPublisher: start sending CRL");
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_INFO, "OCSPPublisher: start sending CRL");
             long startTime = CMS.getCurrentDate().getTime();
             CMS.debug("OCSPPublisher: start CRL sending startTime=" + startTime);
             httpReq.write(outputStreamWriter);
@@ -301,8 +297,8 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
             CMS.debug("OCSPPublisher: done CRL sending endTime=" + endTime + " diff=" + (endTime - startTime));
 
             // Read the response
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_INFO, "OCSPPublisher: start getting response");
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_INFO, "OCSPPublisher: start getting response");
             DataInputStream dis = new DataInputStream(socket.getInputStream());
             String nextline;
             String line = "";
@@ -321,40 +317,40 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
             }
             dis.close();
             if (status) {
-                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                    ILogger.LL_INFO, "OCSPPublisher: successful");
+                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                        ILogger.LL_INFO, "OCSPPublisher: successful");
             } else {
-                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                    ILogger.LL_INFO, "OCSPPublisher: failed - " + error);
+                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                        ILogger.LL_INFO, "OCSPPublisher: failed - " + error);
             }
-				
+
         } catch (IOException e) {
             CMS.debug("OCSPPublisher: publish failed " + e.toString());
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
         } catch (CRLException e) {
             CMS.debug("OCSPPublisher: publish failed " + e.toString());
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
         } catch (Exception e) {
             CMS.debug("OCSPPublisher: publish failed " + e.toString());
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
         }
     }
 
     /**
      * Unpublishs a object to the ldap directory.
-     *
+     * 
      * @param conn the Ldap connection
-     *        (null if LDAP publishing is not enabled)
+     *            (null if LDAP publishing is not enabled)
      * @param dn dn of the ldap entry to unpublish cert
-     *        (null if LDAP publishing is not enabled)
-     * @param object object to unpublish 
-     *        (java.security.cert.X509Certificate)
+     *            (null if LDAP publishing is not enabled)
+     * @param object object to unpublish
+     *            (java.security.cert.X509Certificate)
      */
     public void unpublish(LDAPConnection conn, String dn, Object object)
-        throws ELdapException {
+            throws ELdapException {
         // NOT USED
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java b/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java
index d5717aad..5bd34228 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStream;
@@ -29,10 +28,9 @@ import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.Vector;
 
-
 /**
  * Publisher utility class.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class Utils {
@@ -104,9 +102,10 @@ public class Utils {
         }
         return true;
     }
-    
+
     /**
      * strips out double quotes around String parameter
+     * 
      * @param s the string potentially bracketed with double quotes
      * @return string stripped of surrounding double quotes
      */
diff --git a/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java b/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java
index b48af995..089793bb 100644
--- a/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java
+++ b/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.request;
 
-
 import java.util.Vector;
 
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestScheduler;
 
-
 /**
  * This class represents a request scheduler that prioritizes
  * the threads based on the request processing order.
@@ -37,7 +35,7 @@ public class RequestScheduler implements IRequestScheduler {
 
     /**
      * Request entered the request queue processing.
-     *
+     * 
      * @param r request
      */
     public synchronized void requestIn(IRequest r) {
@@ -51,10 +49,10 @@ public class RequestScheduler implements IRequestScheduler {
 
     /**
      * Request exited the request queue processing.
-     *
+     * 
      * @param r request
      */
-    public synchronized void requestOut(IRequest r) { 
+    public synchronized void requestOut(IRequest r) {
         Thread current = Thread.currentThread();
         Thread first = (Thread) mRequestThreads.elementAt(0);
 
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java b/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java
index df7f02bc..cdd86cca 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java
@@ -20,7 +20,6 @@
 
 package com.netscape.cms.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -37,7 +36,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTest;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -51,13 +49,11 @@ import com.netscape.certsrv.selftests.ISelfTestSubsystem;
  * @version $Revision$, $Date$
  */
 public abstract class ASelfTest
-    implements ISelfTest {
+        implements ISelfTest {
     ////////////////////////
     // default parameters //
     ////////////////////////
 
-
-
     //////////////////////////
     // ISelfTest parameters //
     //////////////////////////
@@ -75,8 +71,6 @@ public abstract class ASelfTest
     // default methods //
     /////////////////////
 
-
-
     ///////////////////////
     // ISelfTest methods //
     ///////////////////////
@@ -85,18 +79,18 @@ public abstract class ASelfTest
      * Initializes this subsystem with the configuration store
      * associated with this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
     public void initSelfTest(ISelfTestSubsystem subsystem,
-        String instanceName,
-        IConfigStore parameters)
-        throws EDuplicateSelfTestException,
+            String instanceName,
+            IConfigStore parameters)
+            throws EDuplicateSelfTestException,
             EInvalidSelfTestException,
             EMissingSelfTestException {
         // store individual self test class values for this instance
@@ -108,9 +102,9 @@ public abstract class ASelfTest
             instanceName = instanceName.trim();
         } else {
             mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                CMS.getLogMessage(
-                    "SELFTESTS_PARAMETER_WAS_NULL",
-                    SELF_TEST_NAME));
+                    CMS.getLogMessage(
+                            "SELFTESTS_PARAMETER_WAS_NULL",
+                            SELF_TEST_NAME));
 
             throw new EMissingSelfTestException();
         }
@@ -124,14 +118,14 @@ public abstract class ASelfTest
         mConfig = parameters.getSubStore(pluginPath);
 
         if ((mConfig != null) &&
-            (mConfig.getName() != null) &&
-            (mConfig.getName() != "")) {
+                (mConfig.getName() != null) &&
+                (mConfig.getName() != "")) {
             mPrefix = mConfig.getName().trim();
         } else {
             mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                CMS.getLogMessage(
-                    "SELFTESTS_PARAMETER_WAS_NULL",
-                    SELF_TEST_NAME));
+                    CMS.getLogMessage(
+                            "SELFTESTS_PARAMETER_WAS_NULL",
+                            SELF_TEST_NAME));
 
             throw new EMissingSelfTestException();
         }
@@ -142,11 +136,11 @@ public abstract class ASelfTest
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public abstract void startupSelfTest()
-        throws ESelfTestException;
+            throws ESelfTestException;
 
     /**
      * Stops this subsystem. The subsystem may call shutdownSelfTest
@@ -159,7 +153,7 @@ public abstract class ASelfTest
      * Returns the name associated with this self test. This method may
      * return null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
     public String getSelfTestName() {
@@ -170,7 +164,7 @@ public abstract class ASelfTest
      * Returns the root configuration storage (self test parameters)
      * associated with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
     public IConfigStore getSelfTestConfigStore() {
@@ -181,7 +175,7 @@ public abstract class ASelfTest
      * Retrieves description associated with an individual self test.
      * This method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
@@ -190,11 +184,10 @@ public abstract class ASelfTest
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
     public abstract void runSelfTest(ILogEventListener logger)
-        throws ESelfTestException;
+            throws ESelfTestException;
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java b/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java
index cf3338ef..c9c12bb4 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java
@@ -20,8 +20,6 @@
 
 package com.netscape.cms.selftests.ca;
 
-
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -44,8 +42,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 import com.netscape.cms.selftests.ASelfTest;
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -59,30 +55,23 @@ import com.netscape.cms.selftests.ASelfTest;
  * @version $Revision$, $Date$
  */
 public class CAPresence
-extends ASelfTest
-{
+        extends ASelfTest {
     ////////////////////////
     // default parameters //
     ////////////////////////
 
-
-
     ///////////////////////////
     // CAPresence parameters //
     ///////////////////////////
 
     // parameter information
     public static final String PROP_CA_SUB_ID = "CaSubId";
-    private String mCaSubId                   = null;
-
-
+    private String mCaSubId = null;
 
     /////////////////////
     // default methods //
     /////////////////////
 
-
-
     ////////////////////////
     // CAPresence methods //
     ////////////////////////
@@ -91,51 +80,50 @@ extends ASelfTest
      * Initializes this subsystem with the configuration store
      * associated with this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    public void initSelfTest( ISelfTestSubsystem subsystem,
+    public void initSelfTest(ISelfTestSubsystem subsystem,
                               String instanceName,
-                              IConfigStore parameters )
-    throws EDuplicateSelfTestException,
-           EInvalidSelfTestException,
-           EMissingSelfTestException
-    {
-        super.initSelfTest( subsystem, instanceName, parameters );
+                              IConfigStore parameters)
+            throws EDuplicateSelfTestException,
+            EInvalidSelfTestException,
+            EMissingSelfTestException {
+        super.initSelfTest(subsystem, instanceName, parameters);
 
         // retrieve mandatory parameter(s)
         try {
-            mCaSubId = mConfig.getString( PROP_CA_SUB_ID );
-            if( mCaSubId != null ) {
+            mCaSubId = mConfig.getString(PROP_CA_SUB_ID);
+            if (mCaSubId != null) {
                 mCaSubId = mCaSubId.trim();
             } else {
-                mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                         CMS.getLogMessage(
-                                        "SELFTESTS_MISSING_VALUES",
-                                        getSelfTestName(),
-                                        mPrefix
-                                      + "."
-                                      + PROP_CA_SUB_ID ) );
+                                                "SELFTESTS_MISSING_VALUES",
+                                                getSelfTestName(),
+                                                mPrefix
+                                                        + "."
+                                                        + PROP_CA_SUB_ID));
 
-                throw new EMissingSelfTestException( PROP_CA_SUB_ID );
+                throw new EMissingSelfTestException(PROP_CA_SUB_ID);
             }
-        } catch( EBaseException e ) {
-            mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+        } catch (EBaseException e) {
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage(
-                                    "SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(),
-                                    mPrefix
-                                  + "."
-                                  + PROP_CA_SUB_ID ) );
+                                            "SELFTESTS_MISSING_NAME",
+                                            getSelfTestName(),
+                                            mPrefix
+                                                    + "."
+                                                    + PROP_CA_SUB_ID));
 
-            throw new EMissingSelfTestException( mPrefix,
+            throw new EMissingSelfTestException(mPrefix,
                                                  PROP_CA_SUB_ID,
-                                                 null );
+                                                 null);
         }
 
         // retrieve optional parameter(s)
@@ -143,145 +131,132 @@ extends ASelfTest
         return;
     }
 
-
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-    throws ESelfTestException
-    {
+            throws ESelfTestException {
         return;
     }
 
-
     /**
      * Stops this subsystem. The subsystem may call shutdownSelfTest
      * anytime after initialization.
      * <P>
      */
-    public void shutdownSelfTest()
-    {
+    public void shutdownSelfTest() {
         return;
     }
 
-
     /**
      * Returns the name associated with this self test. This method may
      * return null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
-    public String getSelfTestName()
-    {
+    public String getSelfTestName() {
         return super.getSelfTestName();
     }
 
-
     /**
      * Returns the root configuration storage (self test parameters)
      * associated with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
-    public IConfigStore getSelfTestConfigStore()
-    {
+    public IConfigStore getSelfTestConfigStore() {
         return super.getSelfTestConfigStore();
     }
 
-
     /**
      * Retrieves description associated with an individual self test.
      * This method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
-    public String getSelfTestDescription( Locale locale )
-    {
-        return CMS.getUserMessage( locale,
-                                   "CMS_SELFTESTS_CA_PRESENCE_DESCRIPTION" );
+    public String getSelfTestDescription(Locale locale) {
+        return CMS.getUserMessage(locale,
+                                   "CMS_SELFTESTS_CA_PRESENCE_DESCRIPTION");
     }
 
-
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
-    public void runSelfTest( ILogEventListener logger )
-    throws ESelfTestException
-    {
+    public void runSelfTest(ILogEventListener logger)
+            throws ESelfTestException {
         String logMessage = null;
         ICertificateAuthority ca = null;
         X509CertImpl caCert = null;
         X509Key caPubKey = null;
 
-        ca = ( ICertificateAuthority ) CMS.getSubsystem( mCaSubId );
+        ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId);
 
-        if( ca == null ) {
+        if (ca == null) {
             // log that the CA is not installed
-            logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
 
-            throw new ESelfTestException( logMessage );
+            throw new ESelfTestException(logMessage);
         } else {
             // Retrieve the CA certificate
             caCert = ca.getCACert();
 
-            if( caCert == null ) {
+            if (caCert == null) {
                 // log that the CA is not yet initialized
-                logMessage = CMS.getLogMessage( 
+                logMessage = CMS.getLogMessage(
                              "SELFTESTS_CA_IS_NOT_INITIALIZED",
-                             getSelfTestName() );
+                             getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // Retrieve the CA certificate public key
             try {
-                caPubKey = ( X509Key ) caCert.get( X509CertImpl.PUBLIC_KEY );
+                caPubKey = (X509Key) caCert.get(X509CertImpl.PUBLIC_KEY);
 
-                if( caPubKey == null ) {
+                if (caPubKey == null) {
                     // log that something is seriously wrong with the CA
-                    logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_CORRUPT",
-                                                    getSelfTestName() );
+                    logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_CORRUPT",
+                                                    getSelfTestName());
 
-                    mSelfTestSubsystem.log( logger,
-                                            logMessage );
+                    mSelfTestSubsystem.log(logger,
+                                            logMessage);
 
-                    throw new ESelfTestException( logMessage );
+                    throw new ESelfTestException(logMessage);
                 }
-            } catch( CertificateParsingException e ) {
+            } catch (CertificateParsingException e) {
                 // log that something is seriously wrong with the CA
-                mSelfTestSubsystem.log( logger,
-                                        e.toString() );
+                mSelfTestSubsystem.log(logger,
+                                        e.toString());
 
-                throw new ESelfTestException( e.toString() );
+                throw new ESelfTestException(e.toString());
             }
 
             // log that the CA is present
-            logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
         }
 
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java b/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java
index cff35ce5..9325208f 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java
@@ -20,8 +20,6 @@
 
 package com.netscape.cms.selftests.ca;
 
-
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -44,14 +42,12 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 import com.netscape.cms.selftests.ASelfTest;
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
 
 /**
- * This class implements a self test to check the validity of the CA. 
+ * This class implements a self test to check the validity of the CA.
  * <P>
  * 
  * @author mharmsen
@@ -59,30 +55,23 @@ import com.netscape.cms.selftests.ASelfTest;
  * @version $Revision$, $Date$
  */
 public class CAValidity
-extends ASelfTest
-{
+        extends ASelfTest {
     ////////////////////////
     // default parameters //
     ////////////////////////
 
-
-
     ///////////////////////////
     // CAValidity parameters //
     ///////////////////////////
 
     // parameter information
     public static final String PROP_CA_SUB_ID = "CaSubId";
-    private String mCaSubId                   = null;
-
-
+    private String mCaSubId = null;
 
     /////////////////////
     // default methods //
     /////////////////////
 
-
-
     ////////////////////////
     // CAValidity methods //
     ////////////////////////
@@ -91,51 +80,50 @@ extends ASelfTest
      * Initializes this subsystem with the configuration store
      * associated with this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    public void initSelfTest( ISelfTestSubsystem subsystem,
+    public void initSelfTest(ISelfTestSubsystem subsystem,
                               String instanceName,
-                              IConfigStore parameters )
-    throws EDuplicateSelfTestException,
-           EInvalidSelfTestException,
-           EMissingSelfTestException
-    {
-        super.initSelfTest( subsystem, instanceName, parameters );
+                              IConfigStore parameters)
+            throws EDuplicateSelfTestException,
+            EInvalidSelfTestException,
+            EMissingSelfTestException {
+        super.initSelfTest(subsystem, instanceName, parameters);
 
         // retrieve mandatory parameter(s)
         try {
-            mCaSubId = mConfig.getString( PROP_CA_SUB_ID );
-            if( mCaSubId != null ) {
+            mCaSubId = mConfig.getString(PROP_CA_SUB_ID);
+            if (mCaSubId != null) {
                 mCaSubId = mCaSubId.trim();
             } else {
-                mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                         CMS.getLogMessage(
-                                        "SELFTESTS_MISSING_VALUES",
-                                        getSelfTestName(),
-                                        mPrefix
-                                      + "."
-                                      + PROP_CA_SUB_ID ) );
+                                                "SELFTESTS_MISSING_VALUES",
+                                                getSelfTestName(),
+                                                mPrefix
+                                                        + "."
+                                                        + PROP_CA_SUB_ID));
 
-                throw new EMissingSelfTestException( PROP_CA_SUB_ID );
+                throw new EMissingSelfTestException(PROP_CA_SUB_ID);
             }
-        } catch( EBaseException e ) {
-            mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+        } catch (EBaseException e) {
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage(
-                                    "SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(),
-                                    mPrefix
-                                  + "."
-                                  + PROP_CA_SUB_ID ) );
+                                            "SELFTESTS_MISSING_NAME",
+                                            getSelfTestName(),
+                                            mPrefix
+                                                    + "."
+                                                    + PROP_CA_SUB_ID));
 
-            throw new EMissingSelfTestException( mPrefix,
+            throw new EMissingSelfTestException(mPrefix,
                                                  PROP_CA_SUB_ID,
-                                                 null );
+                                                 null);
         }
 
         // retrieve optional parameter(s)
@@ -143,145 +131,132 @@ extends ASelfTest
         return;
     }
 
-
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-    throws ESelfTestException
-    {
+            throws ESelfTestException {
         return;
     }
 
-
     /**
      * Stops this subsystem. The subsystem may call shutdownSelfTest
      * anytime after initialization.
      * <P>
      */
-    public void shutdownSelfTest()
-    {
+    public void shutdownSelfTest() {
         return;
     }
 
-
     /**
      * Returns the name associated with this self test. This method may
      * return null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
-    public String getSelfTestName()
-    {
+    public String getSelfTestName() {
         return super.getSelfTestName();
     }
 
-
     /**
      * Returns the root configuration storage (self test parameters)
      * associated with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
-    public IConfigStore getSelfTestConfigStore()
-    {
+    public IConfigStore getSelfTestConfigStore() {
         return super.getSelfTestConfigStore();
     }
 
-
     /**
      * Retrieves description associated with an individual self test.
      * This method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
-    public String getSelfTestDescription( Locale locale )
-    {
-        return CMS.getUserMessage( locale,
-                                   "CMS_SELFTESTS_CA_VALIDITY_DESCRIPTION" );
+    public String getSelfTestDescription(Locale locale) {
+        return CMS.getUserMessage(locale,
+                                   "CMS_SELFTESTS_CA_VALIDITY_DESCRIPTION");
     }
 
-
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
-    public void runSelfTest( ILogEventListener logger )
-    throws ESelfTestException
-    {
+    public void runSelfTest(ILogEventListener logger)
+            throws ESelfTestException {
         String logMessage = null;
         ICertificateAuthority ca = null;
         X509CertImpl caCert = null;
 
-        ca = ( ICertificateAuthority ) CMS.getSubsystem( mCaSubId );
+        ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId);
 
-        if( ca == null ) {
+        if (ca == null) {
             // log that the CA is not installed
-            logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
 
-            throw new ESelfTestException( logMessage );
+            throw new ESelfTestException(logMessage);
         } else {
             // Retrieve the CA certificate
             caCert = ca.getCACert();
 
-            if( caCert == null ) {
+            if (caCert == null) {
                 // log that the CA is not yet initialized
-                logMessage = CMS.getLogMessage( 
+                logMessage = CMS.getLogMessage(
                              "SELFTESTS_CA_IS_NOT_INITIALIZED",
-                             getSelfTestName() );
+                             getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // Retrieve the CA validity period
             try {
                 caCert.checkValidity();
-            } catch( CertificateNotYetValidException e ) {
+            } catch (CertificateNotYetValidException e) {
                 // log that the CA is not yet valid
-                logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_YET_VALID",
-                                                getSelfTestName() );
+                logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_YET_VALID",
+                                                getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
-            } catch( CertificateExpiredException e ) {
+                throw new ESelfTestException(logMessage);
+            } catch (CertificateExpiredException e) {
                 // log that the CA is expired
-                logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_EXPIRED",
-                                                getSelfTestName() );
+                logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_EXPIRED",
+                                                getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // log that the CA is valid
-            logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_VALID",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_VALID",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
         }
 
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java b/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
index b3388d9e..57afffdf 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
@@ -20,8 +20,6 @@
 
 package com.netscape.cms.selftests.common;
 
-
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -39,8 +37,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 import com.netscape.cms.selftests.ASelfTest;
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -50,33 +46,26 @@ import com.netscape.cms.selftests.ASelfTest;
  * of the subsystem
  * <P>
  * 
- * @version $Revision: $, $Date:  $
+ * @version $Revision: $, $Date: $
  */
 public class SystemCertsVerification
-extends ASelfTest
-{
+        extends ASelfTest {
     ////////////////////////
     // default parameters //
     ////////////////////////
 
-
-
     ///////////////////////////
     // SystemCertsVerification parameters //
     ///////////////////////////
 
     // parameter information
     public static final String PROP_SUB_ID = "SubId";
-    private String mSubId                   = null;
-
-
+    private String mSubId = null;
 
     /////////////////////
     // default methods //
     /////////////////////
 
-
-
     ////////////////////////
     // SystemCertsVerification methods //
     ////////////////////////
@@ -85,51 +74,50 @@ extends ASelfTest
      * Initializes this subsystem with the configuration store
      * associated with this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    public void initSelfTest( ISelfTestSubsystem subsystem,
+    public void initSelfTest(ISelfTestSubsystem subsystem,
                               String instanceName,
-                              IConfigStore parameters )
-    throws EDuplicateSelfTestException,
-           EInvalidSelfTestException,
-           EMissingSelfTestException
-    {
-        super.initSelfTest( subsystem, instanceName, parameters );
+                              IConfigStore parameters)
+            throws EDuplicateSelfTestException,
+            EInvalidSelfTestException,
+            EMissingSelfTestException {
+        super.initSelfTest(subsystem, instanceName, parameters);
 
         // retrieve mandatory parameter(s)
         try {
-            mSubId = mConfig.getString( PROP_SUB_ID );
-            if( mSubId != null ) {
+            mSubId = mConfig.getString(PROP_SUB_ID);
+            if (mSubId != null) {
                 mSubId = mSubId.trim();
             } else {
-                mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                         CMS.getLogMessage(
-                                        "SELFTESTS_MISSING_VALUES",
-                                        getSelfTestName(),
-                                        mPrefix
-                                      + "."
-                                      + PROP_SUB_ID ) );
+                                                "SELFTESTS_MISSING_VALUES",
+                                                getSelfTestName(),
+                                                mPrefix
+                                                        + "."
+                                                        + PROP_SUB_ID));
 
-                throw new EMissingSelfTestException( PROP_SUB_ID );
+                throw new EMissingSelfTestException(PROP_SUB_ID);
             }
-        } catch( EBaseException e ) {
-            mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+        } catch (EBaseException e) {
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage(
-                                    "SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(),
-                                    mPrefix
-                                  + "."
-                                  + PROP_SUB_ID ) );
+                                            "SELFTESTS_MISSING_NAME",
+                                            getSelfTestName(),
+                                            mPrefix
+                                                    + "."
+                                                    + PROP_SUB_ID));
 
-            throw new EMissingSelfTestException( mPrefix,
+            throw new EMissingSelfTestException(mPrefix,
                                                  PROP_SUB_ID,
-                                                 null );
+                                                 null);
         }
 
         // retrieve optional parameter(s)
@@ -137,102 +125,89 @@ extends ASelfTest
         return;
     }
 
-
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-    throws ESelfTestException
-    {
+            throws ESelfTestException {
         return;
     }
 
-
     /**
      * Stops this subsystem. The subsystem may call shutdownSelfTest
      * anytime after initialization.
      * <P>
      */
-    public void shutdownSelfTest()
-    {
+    public void shutdownSelfTest() {
         return;
     }
 
-
     /**
      * Returns the name associated with this self test. This method may
      * return null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
-    public String getSelfTestName()
-    {
+    public String getSelfTestName() {
         return super.getSelfTestName();
     }
 
-
     /**
      * Returns the root configuration storage (self test parameters)
      * associated with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
-    public IConfigStore getSelfTestConfigStore()
-    {
+    public IConfigStore getSelfTestConfigStore() {
         return super.getSelfTestConfigStore();
     }
 
-
     /**
      * Retrieves description associated with an individual self test.
      * This method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
-    public String getSelfTestDescription( Locale locale )
-    {
-        return CMS.getUserMessage( locale,
-                                   "CMS_SELFTESTS_SYSTEM_CERTS_VERIFICATION_DESCRIPTION" );
+    public String getSelfTestDescription(Locale locale) {
+        return CMS.getUserMessage(locale,
+                                   "CMS_SELFTESTS_SYSTEM_CERTS_VERIFICATION_DESCRIPTION");
     }
 
-
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
-    public void runSelfTest( ILogEventListener logger )
-    throws ESelfTestException
-    {
+    public void runSelfTest(ILogEventListener logger)
+            throws ESelfTestException {
         String logMessage = null;
         boolean rc = false;
 
         rc = CMS.verifySystemCerts();
         if (rc == true) {
-            logMessage = CMS.getLogMessage( "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS",
-                                                getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS",
+                                                getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                        logMessage );
+            mSelfTestSubsystem.log(logger,
+                                        logMessage);
         } else {
-            logMessage = CMS.getLogMessage( "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
-            throw new ESelfTestException( logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
+            throw new ESelfTestException(logMessage);
         }
 
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java b/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java
index 52255e24..01f5609b 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java
@@ -20,8 +20,6 @@
 
 package com.netscape.cms.selftests.kra;
 
-
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -41,8 +39,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 import com.netscape.cms.selftests.ASelfTest;
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -56,30 +52,23 @@ import com.netscape.cms.selftests.ASelfTest;
  * @version $Revision$, $Date$
  */
 public class KRAPresence
-extends ASelfTest
-{
+        extends ASelfTest {
     ////////////////////////
     // default parameters //
     ////////////////////////
 
-
-
     ///////////////////////////
     // KRAPresence parameters //
     ///////////////////////////
 
     // parameter information
     public static final String PROP_KRA_SUB_ID = "SubId";
-    private String mSubId                   = null;
-
-
+    private String mSubId = null;
 
     /////////////////////
     // default methods //
     /////////////////////
 
-
-
     ////////////////////////
     // KRAPresence methods //
     ////////////////////////
@@ -88,51 +77,50 @@ extends ASelfTest
      * Initializes this subsystem with the configuration store
      * associated with this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    public void initSelfTest( ISelfTestSubsystem subsystem,
+    public void initSelfTest(ISelfTestSubsystem subsystem,
                               String instanceName,
-                              IConfigStore parameters )
-    throws EDuplicateSelfTestException,
-           EInvalidSelfTestException,
-           EMissingSelfTestException
-    {
-        super.initSelfTest( subsystem, instanceName, parameters );
+                              IConfigStore parameters)
+            throws EDuplicateSelfTestException,
+            EInvalidSelfTestException,
+            EMissingSelfTestException {
+        super.initSelfTest(subsystem, instanceName, parameters);
 
         // retrieve mandatory parameter(s)
         try {
-            mSubId = mConfig.getString( PROP_KRA_SUB_ID );
-            if( mSubId != null ) {
+            mSubId = mConfig.getString(PROP_KRA_SUB_ID);
+            if (mSubId != null) {
                 mSubId = mSubId.trim();
             } else {
-                mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                         CMS.getLogMessage(
-                                        "SELFTESTS_MISSING_VALUES",
-                                        getSelfTestName(),
-                                        mPrefix
-                                      + "."
-                                      + PROP_KRA_SUB_ID ) );
+                                                "SELFTESTS_MISSING_VALUES",
+                                                getSelfTestName(),
+                                                mPrefix
+                                                        + "."
+                                                        + PROP_KRA_SUB_ID));
 
-                throw new EMissingSelfTestException( PROP_KRA_SUB_ID );
+                throw new EMissingSelfTestException(PROP_KRA_SUB_ID);
             }
-        } catch( EBaseException e ) {
-            mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+        } catch (EBaseException e) {
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage(
-                                    "SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(),
-                                    mPrefix
-                                  + "."
-                                  + PROP_KRA_SUB_ID ) );
+                                            "SELFTESTS_MISSING_NAME",
+                                            getSelfTestName(),
+                                            mPrefix
+                                                    + "."
+                                                    + PROP_KRA_SUB_ID));
 
-            throw new EMissingSelfTestException( mPrefix,
+            throw new EMissingSelfTestException(mPrefix,
                                                  PROP_KRA_SUB_ID,
-                                                 null );
+                                                 null);
         }
 
         // retrieve optional parameter(s)
@@ -140,137 +128,124 @@ extends ASelfTest
         return;
     }
 
-
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-    throws ESelfTestException
-    {
+            throws ESelfTestException {
         return;
     }
 
-
     /**
      * Stops this subsystem. The subsystem may call shutdownSelfTest
      * anytime after initialization.
      * <P>
      */
-    public void shutdownSelfTest()
-    {
+    public void shutdownSelfTest() {
         return;
     }
 
-
     /**
      * Returns the name associated with this self test. This method may
      * return null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
-    public String getSelfTestName()
-    {
+    public String getSelfTestName() {
         return super.getSelfTestName();
     }
 
-
     /**
      * Returns the root configuration storage (self test parameters)
      * associated with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
-    public IConfigStore getSelfTestConfigStore()
-    {
+    public IConfigStore getSelfTestConfigStore() {
         return super.getSelfTestConfigStore();
     }
 
-
     /**
      * Retrieves description associated with an individual self test.
      * This method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
-    public String getSelfTestDescription( Locale locale )
-    {
-        return CMS.getUserMessage( locale,
-                                   "CMS_SELFTESTS_KRA_PRESENCE_DESCRIPTION" );
+    public String getSelfTestDescription(Locale locale) {
+        return CMS.getUserMessage(locale,
+                                   "CMS_SELFTESTS_KRA_PRESENCE_DESCRIPTION");
     }
 
-
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
-    public void runSelfTest( ILogEventListener logger )
-    throws ESelfTestException
-    {
+    public void runSelfTest(ILogEventListener logger)
+            throws ESelfTestException {
         String logMessage = null;
         IKeyRecoveryAuthority kra = null;
         org.mozilla.jss.crypto.X509Certificate kraCert = null;
         PublicKey kraPubKey = null;
 
-        kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( mSubId );
+        kra = (IKeyRecoveryAuthority) CMS.getSubsystem(mSubId);
 
-        if( kra == null ) {
+        if (kra == null) {
             // log that the KRA is not installed
-            logMessage = CMS.getLogMessage( "SELFTESTS_KRA_IS_NOT_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_NOT_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
 
-            throw new ESelfTestException( logMessage );
+            throw new ESelfTestException(logMessage);
         } else {
             // Retrieve the KRA certificate
             kraCert = kra.getTransportCert();
 
-            if( kraCert == null ) {
+            if (kraCert == null) {
                 // log that the RA is not yet initialized
-                logMessage = CMS.getLogMessage( 
+                logMessage = CMS.getLogMessage(
                              "SELFTESTS_KRA_IS_NOT_INITIALIZED",
-                             getSelfTestName() );
+                             getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // Retrieve the KRA certificate public key
-            kraPubKey = ( PublicKey ) kraCert.getPublicKey();
+            kraPubKey = (PublicKey) kraCert.getPublicKey();
 
-            if( kraPubKey == null ) {
+            if (kraPubKey == null) {
                 // log that something is seriously wrong with the KRA
-                logMessage = CMS.getLogMessage( "SELFTESTS_KRA_IS_CORRUPT",
-                                                getSelfTestName() );
+                logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_CORRUPT",
+                                                getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // log that the KRA is present
-            logMessage = CMS.getLogMessage( "SELFTESTS_KRA_IS_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
         }
 
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java
index 507148bd..c862362a 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java
@@ -20,8 +20,6 @@
 
 package com.netscape.cms.selftests.ocsp;
 
-
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -45,8 +43,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 import com.netscape.cms.selftests.ASelfTest;
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -60,30 +56,23 @@ import com.netscape.cms.selftests.ASelfTest;
  * @version $Revision$, $Date$
  */
 public class OCSPPresence
-extends ASelfTest
-{
+        extends ASelfTest {
     ////////////////////////
     // default parameters //
     ////////////////////////
 
-
-
     /////////////////////////////
     // OCSPPresence parameters //
     /////////////////////////////
 
     // parameter information
     public static final String PROP_OCSP_SUB_ID = "OcspSubId";
-    private String mOcspSubId                   = null;
-
-
+    private String mOcspSubId = null;
 
     /////////////////////
     // default methods //
     /////////////////////
 
-
-
     //////////////////////////
     // OCSPPresence methods //
     //////////////////////////
@@ -92,51 +81,50 @@ extends ASelfTest
      * Initializes this subsystem with the configuration store
      * associated with this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    public void initSelfTest( ISelfTestSubsystem subsystem,
+    public void initSelfTest(ISelfTestSubsystem subsystem,
                               String instanceName,
-                              IConfigStore parameters )
-    throws EDuplicateSelfTestException,
-           EInvalidSelfTestException,
-           EMissingSelfTestException
-    {
-        super.initSelfTest( subsystem, instanceName, parameters );
+                              IConfigStore parameters)
+            throws EDuplicateSelfTestException,
+            EInvalidSelfTestException,
+            EMissingSelfTestException {
+        super.initSelfTest(subsystem, instanceName, parameters);
 
         // retrieve mandatory parameter(s)
         try {
-            mOcspSubId = mConfig.getString( PROP_OCSP_SUB_ID );
-            if( mOcspSubId != null ) {
+            mOcspSubId = mConfig.getString(PROP_OCSP_SUB_ID);
+            if (mOcspSubId != null) {
                 mOcspSubId = mOcspSubId.trim();
             } else {
-                mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                         CMS.getLogMessage(
-                                        "SELFTESTS_MISSING_VALUES",
-                                        getSelfTestName(),
-                                        mPrefix
-                                      + "."
-                                      + PROP_OCSP_SUB_ID ) );
+                                                "SELFTESTS_MISSING_VALUES",
+                                                getSelfTestName(),
+                                                mPrefix
+                                                        + "."
+                                                        + PROP_OCSP_SUB_ID));
 
-                throw new EMissingSelfTestException( PROP_OCSP_SUB_ID );
+                throw new EMissingSelfTestException(PROP_OCSP_SUB_ID);
             }
-        } catch( EBaseException e ) {
-            mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+        } catch (EBaseException e) {
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage(
-                                    "SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(),
-                                    mPrefix
-                                  + "."
-                                  + PROP_OCSP_SUB_ID ) );
+                                            "SELFTESTS_MISSING_NAME",
+                                            getSelfTestName(),
+                                            mPrefix
+                                                    + "."
+                                                    + PROP_OCSP_SUB_ID));
 
-            throw new EMissingSelfTestException( mPrefix,
+            throw new EMissingSelfTestException(mPrefix,
                                                  PROP_OCSP_SUB_ID,
-                                                 null );
+                                                 null);
         }
 
         // retrieve optional parameter(s)
@@ -144,162 +132,149 @@ extends ASelfTest
         return;
     }
 
-
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-    throws ESelfTestException
-    {
+            throws ESelfTestException {
         return;
     }
 
-
     /**
      * Stops this subsystem. The subsystem may call shutdownSelfTest
      * anytime after initialization.
      * <P>
      */
-    public void shutdownSelfTest()
-    {
+    public void shutdownSelfTest() {
         return;
     }
 
-
     /**
      * Returns the name associated with this self test. This method may
      * return null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
-    public String getSelfTestName()
-    {
+    public String getSelfTestName() {
         return super.getSelfTestName();
     }
 
-
     /**
      * Returns the root configuration storage (self test parameters)
      * associated with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
-    public IConfigStore getSelfTestConfigStore()
-    {
+    public IConfigStore getSelfTestConfigStore() {
         return super.getSelfTestConfigStore();
     }
 
-
     /**
      * Retrieves description associated with an individual self test.
      * This method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
-    public String getSelfTestDescription( Locale locale )
-    {
-        return CMS.getUserMessage( locale,
-                                   "CMS_SELFTESTS_OCSP_PRESENCE_DESCRIPTION" );
+    public String getSelfTestDescription(Locale locale) {
+        return CMS.getUserMessage(locale,
+                                   "CMS_SELFTESTS_OCSP_PRESENCE_DESCRIPTION");
     }
 
-
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
-    public void runSelfTest( ILogEventListener logger )
-    throws ESelfTestException
-    {
+    public void runSelfTest(ILogEventListener logger)
+            throws ESelfTestException {
         String logMessage = null;
         IOCSPAuthority ocsp = null;
         ISigningUnit ocspSigningUnit = null;
         X509CertImpl ocspCert = null;
         X509Key ocspPubKey = null;
 
-        ocsp = ( IOCSPAuthority ) CMS.getSubsystem( mOcspSubId );
+        ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId);
 
-        if( ocsp == null ) {
+        if (ocsp == null) {
             // log that the OCSP is not installed
-            logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
 
-            throw new ESelfTestException( logMessage );
+            throw new ESelfTestException(logMessage);
         } else {
             // Retrieve the OCSP signing unit
             ocspSigningUnit = ocsp.getSigningUnit();
 
-            if( ocspSigningUnit == null ) {
+            if (ocspSigningUnit == null) {
                 // log that the OCSP is not yet initialized
-                logMessage = CMS.getLogMessage( 
+                logMessage = CMS.getLogMessage(
                              "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
-                             getSelfTestName() );
-  
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
-  
-                throw new ESelfTestException( logMessage );
+                             getSelfTestName());
+
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
+
+                throw new ESelfTestException(logMessage);
             }
 
             // Retrieve the OCSP certificate
             ocspCert = ocspSigningUnit.getCertImpl();
 
-            if( ocspCert == null ) {
+            if (ocspCert == null) {
                 // log that the OCSP is not yet initialized
-                logMessage = CMS.getLogMessage( 
+                logMessage = CMS.getLogMessage(
                              "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
-                             getSelfTestName() );
-  
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
-  
-                throw new ESelfTestException( logMessage );
+                             getSelfTestName());
+
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
+
+                throw new ESelfTestException(logMessage);
             }
 
             // Retrieve the OCSP certificate public key
             try {
-                ocspPubKey = ( X509Key )
-                             ocspCert.get( X509CertImpl.PUBLIC_KEY );
+                ocspPubKey = (X509Key)
+                             ocspCert.get(X509CertImpl.PUBLIC_KEY);
 
-                if( ocspPubKey == null ) {
+                if (ocspPubKey == null) {
                     // log that something is seriously wrong with the OCSP
-                    logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_CORRUPT",
-                                                    getSelfTestName() );
+                    logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_CORRUPT",
+                                                    getSelfTestName());
 
-                    mSelfTestSubsystem.log( logger,
-                                            logMessage );
+                    mSelfTestSubsystem.log(logger,
+                                            logMessage);
 
-                    throw new ESelfTestException( logMessage );
+                    throw new ESelfTestException(logMessage);
                 }
-            } catch( CertificateParsingException e ) {
+            } catch (CertificateParsingException e) {
                 // log that something is seriously wrong with the OCSP
-                mSelfTestSubsystem.log( logger,
-                                        e.toString() );
+                mSelfTestSubsystem.log(logger,
+                                        e.toString());
 
-                throw new ESelfTestException( e.toString() );
+                throw new ESelfTestException(e.toString());
             }
 
             // log that the OCSP is present
-            logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
         }
 
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java
index e6516b2a..47874682 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java
@@ -20,8 +20,6 @@
 
 package com.netscape.cms.selftests.ocsp;
 
-
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -45,14 +43,12 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 import com.netscape.cms.selftests.ASelfTest;
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
 
 /**
- * This class implements a self test to check the validity of the OCSP. 
+ * This class implements a self test to check the validity of the OCSP.
  * <P>
  * 
  * @author mharmsen
@@ -60,30 +56,23 @@ import com.netscape.cms.selftests.ASelfTest;
  * @version $Revision$, $Date$
  */
 public class OCSPValidity
-extends ASelfTest
-{
+        extends ASelfTest {
     ////////////////////////
     // default parameters //
     ////////////////////////
 
-
-
     /////////////////////////////
     // OCSPValidity parameters //
     /////////////////////////////
 
     // parameter information
     public static final String PROP_OCSP_SUB_ID = "OcspSubId";
-    private String mOcspSubId                   = null;
-
-
+    private String mOcspSubId = null;
 
     /////////////////////
     // default methods //
     /////////////////////
 
-
-
     //////////////////////////
     // OCSPValidity methods //
     //////////////////////////
@@ -92,51 +81,50 @@ extends ASelfTest
      * Initializes this subsystem with the configuration store
      * associated with this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    public void initSelfTest( ISelfTestSubsystem subsystem,
+    public void initSelfTest(ISelfTestSubsystem subsystem,
                               String instanceName,
-                              IConfigStore parameters )
-    throws EDuplicateSelfTestException,
-           EInvalidSelfTestException,
-           EMissingSelfTestException
-    {
-        super.initSelfTest( subsystem, instanceName, parameters );
+                              IConfigStore parameters)
+            throws EDuplicateSelfTestException,
+            EInvalidSelfTestException,
+            EMissingSelfTestException {
+        super.initSelfTest(subsystem, instanceName, parameters);
 
         // retrieve mandatory parameter(s)
         try {
-            mOcspSubId = mConfig.getString( PROP_OCSP_SUB_ID );
-            if( mOcspSubId != null ) {
+            mOcspSubId = mConfig.getString(PROP_OCSP_SUB_ID);
+            if (mOcspSubId != null) {
                 mOcspSubId = mOcspSubId.trim();
             } else {
-                mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                         CMS.getLogMessage(
-                                        "SELFTESTS_MISSING_VALUES",
-                                        getSelfTestName(),
-                                        mPrefix
-                                      + "."
-                                      + PROP_OCSP_SUB_ID ) );
+                                                "SELFTESTS_MISSING_VALUES",
+                                                getSelfTestName(),
+                                                mPrefix
+                                                        + "."
+                                                        + PROP_OCSP_SUB_ID));
 
-                throw new EMissingSelfTestException( PROP_OCSP_SUB_ID );
+                throw new EMissingSelfTestException(PROP_OCSP_SUB_ID);
             }
-        } catch( EBaseException e ) {
-            mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+        } catch (EBaseException e) {
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage(
-                                    "SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(),
-                                    mPrefix
-                                  + "."
-                                  + PROP_OCSP_SUB_ID ) );
+                                            "SELFTESTS_MISSING_NAME",
+                                            getSelfTestName(),
+                                            mPrefix
+                                                    + "."
+                                                    + PROP_OCSP_SUB_ID));
 
-            throw new EMissingSelfTestException( mPrefix,
+            throw new EMissingSelfTestException(mPrefix,
                                                  PROP_OCSP_SUB_ID,
-                                                 null );
+                                                 null);
         }
 
         // retrieve optional parameter(s)
@@ -144,162 +132,149 @@ extends ASelfTest
         return;
     }
 
-
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-    throws ESelfTestException
-    {
+            throws ESelfTestException {
         return;
     }
 
-
     /**
      * Stops this subsystem. The subsystem may call shutdownSelfTest
      * anytime after initialization.
      * <P>
      */
-    public void shutdownSelfTest()
-    {
+    public void shutdownSelfTest() {
         return;
     }
 
-
     /**
      * Returns the name associated with this self test. This method may
      * return null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
-    public String getSelfTestName()
-    {
+    public String getSelfTestName() {
         return super.getSelfTestName();
     }
 
-
     /**
      * Returns the root configuration storage (self test parameters)
      * associated with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
-    public IConfigStore getSelfTestConfigStore()
-    {
+    public IConfigStore getSelfTestConfigStore() {
         return super.getSelfTestConfigStore();
     }
 
-
     /**
      * Retrieves description associated with an individual self test.
      * This method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
-    public String getSelfTestDescription( Locale locale )
-    {
-        return CMS.getUserMessage( locale,
-                                   "CMS_SELFTESTS_OCSP_VALIDITY_DESCRIPTION" );
+    public String getSelfTestDescription(Locale locale) {
+        return CMS.getUserMessage(locale,
+                                   "CMS_SELFTESTS_OCSP_VALIDITY_DESCRIPTION");
     }
 
-
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
-    public void runSelfTest( ILogEventListener logger )
-    throws ESelfTestException
-    {
+    public void runSelfTest(ILogEventListener logger)
+            throws ESelfTestException {
         String logMessage = null;
         IOCSPAuthority ocsp = null;
         ISigningUnit ocspSigningUnit = null;
         X509CertImpl ocspCert = null;
 
-        ocsp = ( IOCSPAuthority ) CMS.getSubsystem( mOcspSubId );
+        ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId);
 
-        if( ocsp == null ) {
+        if (ocsp == null) {
             // log that the OCSP is not installed
-            logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
 
-            throw new ESelfTestException( logMessage );
+            throw new ESelfTestException(logMessage);
         } else {
             // Retrieve the OCSP signing unit
             ocspSigningUnit = ocsp.getSigningUnit();
 
-            if( ocspSigningUnit == null ) {
+            if (ocspSigningUnit == null) {
                 // log that the OCSP is not yet initialized
-                logMessage = CMS.getLogMessage( 
+                logMessage = CMS.getLogMessage(
                              "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
-                             getSelfTestName() );
-  
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
-  
-                throw new ESelfTestException( logMessage );
+                             getSelfTestName());
+
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
+
+                throw new ESelfTestException(logMessage);
             }
 
             // Retrieve the OCSP certificate
             ocspCert = ocspSigningUnit.getCertImpl();
 
-            if( ocspCert == null ) {
+            if (ocspCert == null) {
                 // log that the OCSP is not yet initialized
-                logMessage = CMS.getLogMessage( 
+                logMessage = CMS.getLogMessage(
                              "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
-                             getSelfTestName() );
+                             getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // Retrieve the OCSP validity period
             try {
                 ocspCert.checkValidity();
-            } catch( CertificateNotYetValidException e ) {
+            } catch (CertificateNotYetValidException e) {
                 // log that the OCSP is not yet valid
                 logMessage = CMS.getLogMessage(
                                  "SELFTESTS_OCSP_IS_NOT_YET_VALID",
-                                 getSelfTestName() );
+                                 getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
-            } catch( CertificateExpiredException e ) {
+                throw new ESelfTestException(logMessage);
+            } catch (CertificateExpiredException e) {
                 // log that the OCSP is expired
-                logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_EXPIRED",
-                                                getSelfTestName() );
+                logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_EXPIRED",
+                                                getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // log that the OCSP is valid
-            logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_VALID",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_VALID",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
         }
 
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java b/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java
index 1a8b4c3e..9790bf61 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java
@@ -20,8 +20,6 @@
 
 package com.netscape.cms.selftests.ra;
 
-
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -41,8 +39,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 import com.netscape.cms.selftests.ASelfTest;
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -50,6 +46,7 @@ import com.netscape.cms.selftests.ASelfTest;
 /**
  * This class implements a self test to check for RA presence.
  * <P>
+ * 
  * <PRE>
  * NOTE:  This self-test is for Registration Authorities prior to
  *        Netscape Certificate Management System 7.0.  It does NOT
@@ -65,30 +62,23 @@ import com.netscape.cms.selftests.ASelfTest;
  * @version $Revision$, $Date$
  */
 public class RAPresence
-extends ASelfTest
-{
+        extends ASelfTest {
     ////////////////////////
     // default parameters //
     ////////////////////////
 
-
-
     ///////////////////////////
     // RAPresence parameters //
     ///////////////////////////
 
     // parameter information
     public static final String PROP_RA_SUB_ID = "RaSubId";
-    private String mRaSubId                   = null;
-
-
+    private String mRaSubId = null;
 
     /////////////////////
     // default methods //
     /////////////////////
 
-
-
     ////////////////////////
     // RAPresence methods //
     ////////////////////////
@@ -97,51 +87,50 @@ extends ASelfTest
      * Initializes this subsystem with the configuration store
      * associated with this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    public void initSelfTest( ISelfTestSubsystem subsystem,
+    public void initSelfTest(ISelfTestSubsystem subsystem,
                               String instanceName,
-                              IConfigStore parameters )
-    throws EDuplicateSelfTestException,
-           EInvalidSelfTestException,
-           EMissingSelfTestException
-    {
-        super.initSelfTest( subsystem, instanceName, parameters );
+                              IConfigStore parameters)
+            throws EDuplicateSelfTestException,
+            EInvalidSelfTestException,
+            EMissingSelfTestException {
+        super.initSelfTest(subsystem, instanceName, parameters);
 
         // retrieve mandatory parameter(s)
         try {
-            mRaSubId = mConfig.getString( PROP_RA_SUB_ID );
-            if( mRaSubId != null ) {
+            mRaSubId = mConfig.getString(PROP_RA_SUB_ID);
+            if (mRaSubId != null) {
                 mRaSubId = mRaSubId.trim();
             } else {
-                mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                         CMS.getLogMessage(
-                                        "SELFTESTS_MISSING_VALUES",
-                                        getSelfTestName(),
-                                        mPrefix
-                                      + "."
-                                      + PROP_RA_SUB_ID ) );
+                                                "SELFTESTS_MISSING_VALUES",
+                                                getSelfTestName(),
+                                                mPrefix
+                                                        + "."
+                                                        + PROP_RA_SUB_ID));
 
-                throw new EMissingSelfTestException( PROP_RA_SUB_ID );
+                throw new EMissingSelfTestException(PROP_RA_SUB_ID);
             }
-        } catch( EBaseException e ) {
-            mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+        } catch (EBaseException e) {
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage(
-                                    "SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(),
-                                    mPrefix
-                                  + "."
-                                  + PROP_RA_SUB_ID ) );
+                                            "SELFTESTS_MISSING_NAME",
+                                            getSelfTestName(),
+                                            mPrefix
+                                                    + "."
+                                                    + PROP_RA_SUB_ID));
 
-            throw new EMissingSelfTestException( mPrefix,
+            throw new EMissingSelfTestException(mPrefix,
                                                  PROP_RA_SUB_ID,
-                                                 null );
+                                                 null);
         }
 
         // retrieve optional parameter(s)
@@ -149,137 +138,124 @@ extends ASelfTest
         return;
     }
 
-
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-    throws ESelfTestException
-    {
+            throws ESelfTestException {
         return;
     }
 
-
     /**
      * Stops this subsystem. The subsystem may call shutdownSelfTest
      * anytime after initialization.
      * <P>
      */
-    public void shutdownSelfTest()
-    {
+    public void shutdownSelfTest() {
         return;
     }
 
-
     /**
      * Returns the name associated with this self test. This method may
      * return null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
-    public String getSelfTestName()
-    {
+    public String getSelfTestName() {
         return super.getSelfTestName();
     }
 
-
     /**
      * Returns the root configuration storage (self test parameters)
      * associated with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
-    public IConfigStore getSelfTestConfigStore()
-    {
+    public IConfigStore getSelfTestConfigStore() {
         return super.getSelfTestConfigStore();
     }
 
-
     /**
      * Retrieves description associated with an individual self test.
      * This method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
-    public String getSelfTestDescription( Locale locale )
-    {
-        return CMS.getUserMessage( locale,
-                                   "CMS_SELFTESTS_RA_PRESENCE_DESCRIPTION" );
+    public String getSelfTestDescription(Locale locale) {
+        return CMS.getUserMessage(locale,
+                                   "CMS_SELFTESTS_RA_PRESENCE_DESCRIPTION");
     }
 
-
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
-    public void runSelfTest( ILogEventListener logger )
-    throws ESelfTestException
-    {
+    public void runSelfTest(ILogEventListener logger)
+            throws ESelfTestException {
         String logMessage = null;
         IRegistrationAuthority ra = null;
         org.mozilla.jss.crypto.X509Certificate raCert = null;
         PublicKey raPubKey = null;
 
-        ra = ( IRegistrationAuthority ) CMS.getSubsystem( mRaSubId );
+        ra = (IRegistrationAuthority) CMS.getSubsystem(mRaSubId);
 
-        if( ra == null ) {
+        if (ra == null) {
             // log that the RA is not installed
-            logMessage = CMS.getLogMessage( "SELFTESTS_RA_IS_NOT_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_NOT_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
 
-            throw new ESelfTestException( logMessage );
+            throw new ESelfTestException(logMessage);
         } else {
             // Retrieve the RA certificate
             raCert = ra.getRACert();
 
-            if( raCert == null ) {
+            if (raCert == null) {
                 // log that the RA is not yet initialized
-                logMessage = CMS.getLogMessage( 
+                logMessage = CMS.getLogMessage(
                              "SELFTESTS_RA_IS_NOT_INITIALIZED",
-                             getSelfTestName() );
+                             getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // Retrieve the RA certificate public key
-            raPubKey = ( PublicKey ) raCert.getPublicKey();
+            raPubKey = (PublicKey) raCert.getPublicKey();
 
-            if( raPubKey == null ) {
+            if (raPubKey == null) {
                 // log that something is seriously wrong with the RA
-                logMessage = CMS.getLogMessage( "SELFTESTS_RA_IS_CORRUPT",
-                                                getSelfTestName() );
+                logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_CORRUPT",
+                                                getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // log that the RA is present
-            logMessage = CMS.getLogMessage( "SELFTESTS_RA_IS_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
         }
 
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java b/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
index ba0ae3cb..a1298727 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
@@ -20,8 +20,6 @@
 
 package com.netscape.cms.selftests.tks;
 
-
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -42,8 +40,6 @@ import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 import com.netscape.cms.selftests.ASelfTest;
 import com.netscape.symkey.SessionKey;
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -58,46 +54,43 @@ import com.netscape.symkey.SessionKey;
  * @version $Revision$, $Date$
  */
 public class TKSKnownSessionKey
-extends ASelfTest
-{
+        extends ASelfTest {
     // parameter information
     public static final String PROP_TKS_SUB_ID = "TksSubId";
-    private String mTksSubId      = null;
-    private String mToken         = null;
-    private String mUseSoftToken  = null;
-    private String mKeyName       = null;
-    private byte[] mKeyInfo       = null;
+    private String mTksSubId = null;
+    private String mToken = null;
+    private String mUseSoftToken = null;
+    private String mKeyName = null;
+    private byte[] mKeyInfo = null;
     private byte[] mCardChallenge = null;
     private byte[] mHostChallenge = null;
-    private byte[] mCUID          = null;
-    private byte[] mMacKey        = null;
-    private byte[] mSessionKey    = null;
-
+    private byte[] mCUID = null;
+    private byte[] mMacKey = null;
+    private byte[] mSessionKey = null;
 
     /**
      * Initializes this subsystem with the configuration store
      * associated with this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    public void initSelfTest (ISelfTestSubsystem subsystem,
+    public void initSelfTest(ISelfTestSubsystem subsystem,
                               String instanceName,
                               IConfigStore parameters)
-    throws EDuplicateSelfTestException,
-           EInvalidSelfTestException,
-           EMissingSelfTestException
-    {
+            throws EDuplicateSelfTestException,
+            EInvalidSelfTestException,
+            EMissingSelfTestException {
         ISubsystem tks = null;
         IConfigStore tksConfig = null;
         String logMessage = null;
 
-        super.initSelfTest( subsystem, instanceName, parameters );
+        super.initSelfTest(subsystem, instanceName, parameters);
 
         mTksSubId = getConfigString(PROP_TKS_SUB_ID);
         mToken = getConfigString("token");
@@ -128,34 +121,34 @@ extends ASelfTest
         if (defKeySetMacKey == null) {
             CMS.debug("TKSKnownSessionKey: invalid mac key");
             CMS.debug("TKSKnownSessionKey self test FAILED");
-            mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage("SELFTESTS_INVALID_VALUES",
-                                    getSelfTestName(), mPrefix + "." + "macKey"));
-            throw new EInvalidSelfTestException (mPrefix, "macKey", null);
+                                            getSelfTestName(), mPrefix + "." + "macKey"));
+            throw new EInvalidSelfTestException(mPrefix, "macKey", null);
         }
-     
+
         try {
             mSessionKey = getConfigByteArray("sessionKey", 16);
         } catch (EMissingSelfTestException e) {
             if (mSessionKey == null) {
-                mSessionKey = SessionKey.ComputeSessionKey (mToken, mKeyName,
+                mSessionKey = SessionKey.ComputeSessionKey(mToken, mKeyName,
                                                             mCardChallenge, mHostChallenge,
                                                             mKeyInfo, mCUID, mMacKey, mUseSoftToken, null, null);
                 if (mSessionKey == null || mSessionKey.length != 16) {
-                    mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
+                    mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                             CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
-                                            getSelfTestName(), mPrefix + ".sessionKey"));
-                    throw new EMissingSelfTestException ("sessionKey");
+                                                    getSelfTestName(), mPrefix + ".sessionKey"));
+                    throw new EMissingSelfTestException("sessionKey");
                 }
                 String sessionKey = SpecialEncode(mSessionKey);
                 mConfig.putString("sessionKey", sessionKey);
                 try {
                     CMS.getConfigStore().commit(true);
                 } catch (EBaseException be) {
-                    mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
+                    mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                             CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
-                                            getSelfTestName(), mPrefix + ".sessionKey"));
-                    throw new EMissingSelfTestException ("sessionKey");
+                                                    getSelfTestName(), mPrefix + ".sessionKey"));
+                    throw new EMissingSelfTestException("sessionKey");
                 }
             }
         }
@@ -163,9 +156,7 @@ extends ASelfTest
         return;
     }
 
-
-    private String SpecialEncode (byte data[])
-    {
+    private String SpecialEncode(byte data[]) {
         StringBuffer sb = new StringBuffer();
 
         for (int i = 0; i < data.length; i++) {
@@ -179,9 +170,7 @@ extends ASelfTest
         return sb.toString();
     }
 
-
-    private String getConfigString (String name) throws EMissingSelfTestException
-    {
+    private String getConfigString(String name) throws EMissingSelfTestException {
         String value = null;
 
         try {
@@ -189,123 +178,109 @@ extends ASelfTest
             if (value != null) {
                 value = value.trim();
             } else {
-                mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
+                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                         CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
-                                        getSelfTestName(), mPrefix + "." + name));
-                throw new EMissingSelfTestException (name);
+                                                getSelfTestName(), mPrefix + "." + name));
+                throw new EMissingSelfTestException(name);
             }
         } catch (EBaseException e) {
-            mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage("SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(), mPrefix + "." + name));
-            throw new EMissingSelfTestException (mPrefix, name, null);
+                                            getSelfTestName(), mPrefix + "." + name));
+            throw new EMissingSelfTestException(mPrefix, name, null);
         }
 
         return value;
     }
 
-
-    private byte[] getConfigByteArray (String name, int size) throws EMissingSelfTestException,
-                                                                     EInvalidSelfTestException
-    {
+    private byte[] getConfigByteArray(String name, int size) throws EMissingSelfTestException,
+                                                                     EInvalidSelfTestException {
         String stringValue = getConfigString(name);
 
         byte byteValue[] = com.netscape.cmsutil.util.Utils.SpecialDecode(stringValue);
         if (byteValue == null) {
-            mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage("SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(), mPrefix + "." + name));
-            throw new EMissingSelfTestException (name);
+                                            getSelfTestName(), mPrefix + "." + name));
+            throw new EMissingSelfTestException(name);
         }
         if (byteValue.length != size) {
-            mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage("SELFTESTS_INVALID_VALUES",
-                                    getSelfTestName(), mPrefix + "." + name));
-            throw new EInvalidSelfTestException (mPrefix, name, stringValue);
+                                            getSelfTestName(), mPrefix + "." + name));
+            throw new EInvalidSelfTestException(mPrefix, name, stringValue);
         }
 
         return byteValue;
     }
 
-
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-    throws ESelfTestException
-    {
+            throws ESelfTestException {
         return;
     }
 
-
     /**
      * Stops this subsystem. The subsystem may call shutdownSelfTest
      * anytime after initialization.
      * <P>
      */
-    public void shutdownSelfTest()
-    {
+    public void shutdownSelfTest() {
         return;
     }
 
-
     /**
      * Returns the name associated with this self test. This method may
      * return null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
-    public String getSelfTestName()
-    {
+    public String getSelfTestName() {
         return super.getSelfTestName();
     }
 
-
     /**
      * Returns the root configuration storage (self test parameters)
      * associated with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
-    public IConfigStore getSelfTestConfigStore()
-    {
+    public IConfigStore getSelfTestConfigStore() {
         return super.getSelfTestConfigStore();
     }
 
-
     /**
      * Retrieves description associated with an individual self test.
      * This method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
-    public String getSelfTestDescription( Locale locale )
-    {
-        return CMS.getUserMessage (locale, "CMS_SELFTESTS_TKS_PRESENCE_DESCRIPTION");
+    public String getSelfTestDescription(Locale locale) {
+        return CMS.getUserMessage(locale, "CMS_SELFTESTS_TKS_PRESENCE_DESCRIPTION");
     }
 
-
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
-    public void runSelfTest (ILogEventListener logger)
-    throws ESelfTestException
-    {
+    public void runSelfTest(ILogEventListener logger)
+            throws ESelfTestException {
         String logMessage = null;
         String keySet = "defKeySet";
 
-        byte[] sessionKey = SessionKey.ComputeSessionKey (mToken, mKeyName,
+        byte[] sessionKey = SessionKey.ComputeSessionKey(mToken, mKeyName,
                                                           mCardChallenge, mHostChallenge,
                                                           mKeyInfo, mCUID, mMacKey, mUseSoftToken, keySet, null);
 
@@ -314,12 +289,12 @@ extends ASelfTest
         if (sessionKey == null) {
             CMS.debug("TKSKnownSessionKey: generated no session key");
             CMS.debug("TKSKnownSessionKey self test FAILED");
-            logMessage = CMS.getLogMessage ("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName());
-            mSelfTestSubsystem.log (logger, logMessage);
-            throw new ESelfTestException( logMessage );
-        } else {  
-            logMessage = CMS.getLogMessage ("SELFTESTS_TKS_SUCCEEDED", getSelfTestName(), getSelfTestName());
-            mSelfTestSubsystem.log (logger, logMessage);
+            logMessage = CMS.getLogMessage("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new ESelfTestException(logMessage);
+        } else {
+            logMessage = CMS.getLogMessage("SELFTESTS_TKS_SUCCEEDED", getSelfTestName(), getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
             CMS.debug("TKSKnownSessionKey self test SUCCEEDED");
         }
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java
index 4737e2f7..29088fc2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -45,10 +44,9 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
 
-
 /**
  * Manage Access Control List configuration
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ACLAdminServlet extends AdminServlet {
@@ -64,7 +62,7 @@ public class ACLAdminServlet extends AdminServlet {
     private IAuthzManager mAuthzMgr = null;
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_ACL =
-        "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3";
 
     /**
      * Constructs servlet.
@@ -74,17 +72,18 @@ public class ACLAdminServlet extends AdminServlet {
         mUG = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
     }
 
-   /**
-     * initialize the servlet. 
+    /**
+     * initialize the servlet.
      * <ul>
      * <li>http.param OP_TYPE = OP_SEARCH,
      * <li>http.param OP_SCOPE - the scope of the request operation:
-     *  <ul><LI>"impl" ACL implementations
-     *      <LI>"acls" ACL rules
-     *      <LI>"evaluatorTypes" ACL evaluators.
-     *  </ul>
+     * <ul>
+     * <LI>"impl" ACL implementations
+     * <LI>"acls" ACL rules
+     * <LI>"evaluatorTypes" ACL evaluators.
      * </ul>
-     *
+     * </ul>
+     * 
      * @param config servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig config) throws ServletException {
@@ -99,24 +98,24 @@ public class ACLAdminServlet extends AdminServlet {
         return INFO;
     }
 
-   /**
+    /**
      * Process the HTTP request.
-     *
+     * 
      * @param req the object holding the request information
      * @param resp the object holding the response information
      */
 
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
 
         String scope = super.getParameter(req, Constants.OP_SCOPE);
         String op = super.getParameter(req, Constants.OP_TYPE);
 
         if (op == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL"));
-            sendResponse(ERROR, 
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                null, resp);
+            sendResponse(ERROR,
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+                    null, resp);
             return;
         }
 
@@ -126,8 +125,8 @@ public class ACLAdminServlet extends AdminServlet {
             super.authenticate(req);
         } catch (IOException e) {
             log(ILogger.LL_SECURITY, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"));
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"),
-                null, resp);
+            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -141,8 +140,8 @@ public class ACLAdminServlet extends AdminServlet {
         } catch (Exception e) {
             log(ILogger.LL_FAILURE, e.toString());
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -152,9 +151,9 @@ public class ACLAdminServlet extends AdminServlet {
             if (op.equals(OpDef.OP_SEARCH)) {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR, 
-                      CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_ACL)) {
@@ -171,8 +170,8 @@ public class ACLAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                      CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_ACL)) {
@@ -183,8 +182,8 @@ public class ACLAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                      CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_ACL)) {
@@ -195,8 +194,8 @@ public class ACLAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                      CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_ACL_IMPLS)) {
@@ -207,8 +206,8 @@ public class ACLAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                      CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_ACL_IMPLS)) {
@@ -218,38 +217,38 @@ public class ACLAdminServlet extends AdminServlet {
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE"));
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                        null, resp);
                 return;
             }
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, e.toString());
             sendResponse(ERROR, e.toString(getLocale(req)),
-                null, resp);
+                    null, resp);
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE, e.toString());
             log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 2");
 
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+                    null, resp);
             return;
         }
 
         log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 3");
 
         sendResponse(ERROR,
-            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
-            null, resp);
+                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+                null, resp);
         return;
     }
 
     /**
      * list acls resources by name
      */
-    private void listResources(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, IOException,
+    private void listResources(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException, IOException,
             EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -260,7 +259,7 @@ public class ACLAdminServlet extends AdminServlet {
             ACL acl = (ACL) res.nextElement();
             String desc = acl.getDescription();
 
-            if (desc == null) 
+            if (desc == null)
                 params.add(acl.getName(), "");
             else
                 params.add(acl.getName(), desc);
@@ -272,8 +271,8 @@ public class ACLAdminServlet extends AdminServlet {
     /**
      * get acls information for a resource
      */
-    private void getResourceACL(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, IOException,
+    private void getResourceACL(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException, IOException,
             EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -283,8 +282,8 @@ public class ACLAdminServlet extends AdminServlet {
         if (resourceId == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -295,7 +294,7 @@ public class ACLAdminServlet extends AdminServlet {
 
             StringBuffer rights = new StringBuffer();
 
-			if (rightsEnum.hasMoreElements()) {
+            if (rightsEnum.hasMoreElements()) {
                 while (rightsEnum.hasMoreElements()) {
                     if (rights.length() != 0) {
                         rights.append(",");
@@ -332,8 +331,8 @@ public class ACLAdminServlet extends AdminServlet {
         } else {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_RESOURCE_NOT_FOUND"));
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req),"CMS_ACL_RESOURCE_NOT_FOUND"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ACL_RESOURCE_NOT_FOUND"),
+                    null, resp);
             return;
         }
     }
@@ -341,19 +340,19 @@ public class ACLAdminServlet extends AdminServlet {
     /**
      * modify acls information for a resource
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring
-     * Access Control List (ACL) information
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring Access Control List (ACL) information
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private void updateResources(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, IOException,
+    private void updateResources(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException, IOException,
             EBaseException {
 
         String auditMessage = null;
@@ -378,15 +377,15 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
             // get resource acls
             String resourceACLs = super.getParameter(req, Constants.PR_ACI);
             String rights = super.getParameter(req, Constants.PR_ACL_RIGHTS);
-            String desc = super.getParameter(req, Constants.PR_ACL_DESC); 
+            String desc = super.getParameter(req, Constants.PR_ACL_DESC);
 
             try {
                 mAuthzMgr.updateACLs(resourceId, rights, resourceACLs, desc);
@@ -417,8 +416,8 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_ACL_UPDATE_FAIL"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ACL_UPDATE_FAIL"),
+                        null, resp);
                 return;
             }
             // } catch( EBaseException eAudit1 ) {
@@ -459,18 +458,18 @@ public class ACLAdminServlet extends AdminServlet {
             //     throw eAudit3;
         }
     }
-	
+
     /**
      * list access evaluators by types and class paths
      */
-    private void listACLsEvaluators(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, IOException,
+    private void listACLsEvaluators(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException, IOException,
             EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration<IAccessEvaluator> res = mAuthzMgr.aclEvaluatorElements();
 
         while (res.hasMoreElements()) {
-            IAccessEvaluator evaluator =  res.nextElement();
+            IAccessEvaluator evaluator = res.nextElement();
 
             // params.add(evaluator.getType(), evaluator.getDescription());
             params.add(evaluator.getType(), evaluator.getClass().getName());
@@ -480,18 +479,18 @@ public class ACLAdminServlet extends AdminServlet {
     }
 
     private void listACLsEvaluatorTypes(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException, IOException,
+            HttpServletResponse resp) throws ServletException, IOException,
             EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration<IAccessEvaluator> res = mAuthzMgr.aclEvaluatorElements();
 
         while (res.hasMoreElements()) {
-            IAccessEvaluator evaluator =  res.nextElement();
+            IAccessEvaluator evaluator = res.nextElement();
             String[] operators = evaluator.getSupportedOperators();
             StringBuffer str = new StringBuffer();
 
             for (int i = 0; i < operators.length; i++) {
-                if (str.length() > 0) 
+                if (str.length() > 0)
                     str.append(",");
                 str.append(operators[i]);
             }
@@ -505,22 +504,22 @@ public class ACLAdminServlet extends AdminServlet {
     /**
      * add access evaluators
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring
-     * Access Control List (ACL) information
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring Access Control List (ACL) information
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of this ACL evaluator's
-     * substore
+     *            substore
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void addACLsEvaluator(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addACLsEvaluator(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -543,8 +542,8 @@ public class ACLAdminServlet extends AdminServlet {
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -560,9 +559,9 @@ public class ACLAdminServlet extends AdminServlet {
             String classPath = super.getParameter(req, Constants.PR_ACL_CLASS);
 
             IConfigStore destStore =
-                mConfig.getSubStore(PROP_EVAL);
+                    mConfig.getSubStore(PROP_EVAL);
             IConfigStore mStore =
-                destStore.getSubStore(ScopeDef.SC_ACL_IMPLS);
+                    destStore.getSubStore(ScopeDef.SC_ACL_IMPLS);
 
             // Does the class exist?
             Class<?> newImpl = null;
@@ -584,17 +583,16 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_ACL_CLASS_LOAD_FAIL"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ACL_CLASS_LOAD_FAIL"),
+                        null, resp);
                 return;
             }
 
             // is the class an IAccessEvaluator?
             try {
-                if
-                (Class.forName("com.netscape.certsrv.evaluators.IAccessEvaluator").isAssignableFrom(newImpl) == false) {
+                if (Class.forName("com.netscape.certsrv.evaluators.IAccessEvaluator").isAssignableFrom(newImpl) == false) {
                     String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" +
-                        classPath;
+                            classPath;
 
                     log(ILogger.LL_FAILURE, errMsg);
 
@@ -608,13 +606,13 @@ public class ACLAdminServlet extends AdminServlet {
                     audit(auditMessage);
 
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ACL_ILL_CLASS"),
+                            null, resp);
                     return;
                 }
             } catch (Exception e) {
                 String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" +
-                    classPath;
+                        classPath;
 
                 log(ILogger.LL_FAILURE, errMsg);
 
@@ -628,8 +626,8 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ACL_ILL_CLASS"),
+                        null, resp);
                 return;
             }
 
@@ -653,8 +651,8 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ACL_COMMIT_FAIL"),
+                        null, resp);
                 return;
             }
 
@@ -676,8 +674,8 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_ACL_INST_CLASS_FAIL"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ACL_INST_CLASS_FAIL"),
+                        null, resp);
                 return;
             }
 
@@ -743,21 +741,21 @@ public class ACLAdminServlet extends AdminServlet {
     /**
      * remove access evaluators
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring
-     * Access Control List (ACL) information
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring Access Control List (ACL) information
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of this ACL evaluator's
-     * substore
+     *            substore
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void deleteACLsEvaluator(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) throws ServletException, 
+    private synchronized void deleteACLsEvaluator(HttpServletRequest req,
+            HttpServletResponse resp, String scope) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -782,8 +780,8 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -803,8 +801,8 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_ACL_EVAL_NOT_FOUND"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ACL_EVAL_NOT_FOUND"),
+                        null, resp);
                 return;
             }
 
@@ -814,9 +812,9 @@ public class ACLAdminServlet extends AdminServlet {
 
             try {
                 IConfigStore destStore =
-                    mConfig.getSubStore(PROP_EVAL);
+                        mConfig.getSubStore(PROP_EVAL);
                 IConfigStore mStore =
-                    destStore.getSubStore(ScopeDef.SC_ACL_IMPLS);
+                        destStore.getSubStore(ScopeDef.SC_ACL_IMPLS);
 
                 mStore.removeSubStore(id);
             } catch (Exception eeee) {
@@ -838,8 +836,8 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ACL_COMMIT_FAIL"),
+                        null, resp);
                 return;
             }
 
@@ -892,11 +890,11 @@ public class ACLAdminServlet extends AdminServlet {
             //     throw eAudit3;
         }
     }
-	
+
     /**
      * Searchs for certificate requests.
      */
-    
+
     /*
      private void getACLs(HttpServletRequest req, 
      HttpServletResponse resp) throws ServletException, IOException,
@@ -922,7 +920,6 @@ public class ACLAdminServlet extends AdminServlet {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
-            level, "ACLAdminServlet: " + msg);
+                level, "ACLAdminServlet: " + msg);
     }
-}    
-
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java
index 2024e496..a36c859d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for the remote admin.
- *
+ * 
  * @version $Revision$, $Date$
  * @see java.util.ListResourceBundle
  */
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
index 0f2a6ec7..5b3a8c5a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.DataOutputStream;
 import java.io.IOException;
@@ -56,32 +55,31 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
 import com.netscape.cms.servlet.base.UserInfo;
 
-
 /**
  * A class represents an administration servlet that
  * is responsible to serve administrative
  * operation such as configuration parameter updates.
- *
+ * 
  * Since each administration servlet needs to perform
  * authentication information parsing and response
  * formulation, it makes sense to encapsulate the
  * commonalities into this class.
- *
+ * 
  * By extending this serlvet, the subclass does not
  * need to re-implement the request parsing code
  * (i.e. authentication information parsing).
- *
+ * 
  * If a subsystem needs to expose configuration
  * parameters management, it should create an
  * administration servlet (i.e. CAAdminServlet)
  * and register it to RemoteAdmin subsystem.
- *
+ * 
  * <code>
  * public class CAAdminServlet extends AdminServlet {
  *   ...
  * }
  * </code>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AdminServlet extends HttpServlet {
@@ -117,8 +115,8 @@ public class AdminServlet extends HttpServlet {
     public final static String AUTHZ_SRC_TYPE = "sourceType";
     public final static String AUTHZ_SRC_LDAP = "ldap";
     public final static String AUTHZ_SRC_XML = "web.xml";
-    public static final String CERT_ATTR = 
-        "javax.servlet.request.X509Certificate";
+    public static final String CERT_ATTR =
+            "javax.servlet.request.X509Certificate";
 
     public final static String SIGNED_AUDIT_SCOPE = "Scope";
     public final static String SIGNED_AUDIT_OPERATION = "Operation";
@@ -130,19 +128,19 @@ public class AdminServlet extends HttpServlet {
     public final static String SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER = "+";
 
     private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
-        "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
+            "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
     private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
+            "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
     private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL =
-        "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
+            "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
     private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
+            "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
     private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
-        "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
+            "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
     private final static String CERTUSERDB =
-        IAuthSubsystem.CERTUSERDB_AUTHMGR_ID;
+            IAuthSubsystem.CERTUSERDB_AUTHMGR_ID;
     private final static String PASSWDUSERDB =
-        IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID;
+            IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID;
 
     /**
      * Constructs generic administration servlet.
@@ -204,45 +202,44 @@ public class AdminServlet extends HttpServlet {
         }
     }
 
-    public void outputHttpParameters(HttpServletRequest httpReq)
-    {
+    public void outputHttpParameters(HttpServletRequest httpReq) {
         CMS.debug("AdminServlet:service() uri = " + httpReq.getRequestURI());
         Enumeration paramNames = httpReq.getParameterNames();
         while (paramNames.hasMoreElements()) {
-            String pn = (String)paramNames.nextElement();
+            String pn = (String) paramNames.nextElement();
             // added this facility so that password can be hidden,
             // all sensitive parameters should be prefixed with 
             // __ (double underscores); however, in the event that
             // a security parameter slips through, we perform multiple
             // additional checks to insure that it is NOT displayed
-            if( pn.startsWith("__")                         ||
-                pn.endsWith("password")                     ||
-                pn.endsWith("passwd")                       ||
-                pn.endsWith("pwd")                          ||
-                pn.equalsIgnoreCase("admin_password_again") ||
-                pn.equalsIgnoreCase("directoryManagerPwd")  ||
-                pn.equalsIgnoreCase("bindpassword")         ||
-                pn.equalsIgnoreCase("bindpwd")              ||
-                pn.equalsIgnoreCase("passwd")               ||
-                pn.equalsIgnoreCase("password")             ||
-                pn.equalsIgnoreCase("pin")                  ||
-                pn.equalsIgnoreCase("pwd")                  ||
-                pn.equalsIgnoreCase("pwdagain")             ||
-                pn.equalsIgnoreCase("uPasswd") ) {
-               CMS.debug("AdminServlet::service() param name='" + pn +
-                         "' value='(sensitive)'" );
+            if (pn.startsWith("__") ||
+                    pn.endsWith("password") ||
+                    pn.endsWith("passwd") ||
+                    pn.endsWith("pwd") ||
+                    pn.equalsIgnoreCase("admin_password_again") ||
+                    pn.equalsIgnoreCase("directoryManagerPwd") ||
+                    pn.equalsIgnoreCase("bindpassword") ||
+                    pn.equalsIgnoreCase("bindpwd") ||
+                    pn.equalsIgnoreCase("passwd") ||
+                    pn.equalsIgnoreCase("password") ||
+                    pn.equalsIgnoreCase("pin") ||
+                    pn.equalsIgnoreCase("pwd") ||
+                    pn.equalsIgnoreCase("pwdagain") ||
+                    pn.equalsIgnoreCase("uPasswd")) {
+                CMS.debug("AdminServlet::service() param name='" + pn +
+                         "' value='(sensitive)'");
             } else {
-               CMS.debug("AdminServlet::service() param name='" + pn +
-                         "' value='" + httpReq.getParameter(pn) + "'" );
+                CMS.debug("AdminServlet::service() param name='" + pn +
+                         "' value='" + httpReq.getParameter(pn) + "'");
             }
         }
     }
-                                                                                
+
     /**
      * Serves HTTP admin request.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         boolean running_state = CMS.isInRunningState();
 
         if (!running_state)
@@ -250,7 +247,7 @@ public class AdminServlet extends HttpServlet {
                     "CMS server is not ready to serve.");
 
         if (CMS.debugOn()) {
-          outputHttpParameters(req);
+            outputHttpParameters(req);
         }
     }
 
@@ -277,15 +274,12 @@ public class AdminServlet extends HttpServlet {
      * Authenticates to the identity scope with the given
      * userid and password via identity manager.
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication
-     * fails (in case of SSL-client auth, only webserver env can pick up the
-     * SSL violation; CMS authMgr can pick up cert mis-match, so this event
-     * is used)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication
-     * succeeded
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication fails (in case of SSL-client auth, only webserver env can pick up the SSL violation; CMS authMgr can pick up cert mis-match, so this event is used)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication succeeded
      * </ul>
+     * 
      * @exception IOException an input/output error has occurred
      */
     protected void authenticate(HttpServletRequest req) throws
@@ -307,12 +301,12 @@ public class AdminServlet extends HttpServlet {
                 // do nothing for now.
             }
             IAuthSubsystem auth = (IAuthSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
             X509Certificate cert = null;
 
             if (authType.equals("sslclientauth")) {
                 X509Certificate[] allCerts =
-                    (X509Certificate[]) req.getAttribute(CERT_ATTR);
+                        (X509Certificate[]) req.getAttribute(CERT_ATTR);
 
                 if (allCerts == null || allCerts.length == 0) {
                     // store a message in the signed audit log file
@@ -362,10 +356,9 @@ public class AdminServlet extends HttpServlet {
                     mServletID));
             try {
                 if (authType.equals("sslclientauth")) {
-                    IAuthManager
-                        authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
+                    IAuthManager authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
                     IAuthCredentials authCreds =
-                        getAuthCreds(authMgr, cert);
+                            getAuthCreds(authMgr, cert);
 
                     token = (AuthToken) authMgr.authenticate(authCreds);
                 } else {
@@ -441,9 +434,9 @@ public class AdminServlet extends HttpServlet {
 
                 if (tuserid == null) {
                     mLogger.log(
-                        ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN",
-                            tuserid));
+                            ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                            CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN",
+                                    tuserid));
 
                     if (authType.equals("sslclientauth")) {
                         // store a message in the signed audit log file
@@ -477,9 +470,9 @@ public class AdminServlet extends HttpServlet {
 
                 if (user == null) {
                     mLogger.log(
-                        ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND",
-                            tuserid));
+                            ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                            CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND",
+                                    tuserid));
 
                     if (authType.equals("sslclientauth")) {
                         // store a message in the signed audit log file
@@ -515,7 +508,7 @@ public class AdminServlet extends HttpServlet {
                 sessionContext.put(SessionContext.USER, user);
             } catch (EUsrGrpException e) {
                 mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString()));
 
                 if (authType.equals("sslclientauth")) {
                     // store a message in the signed audit log file
@@ -595,8 +588,8 @@ public class AdminServlet extends HttpServlet {
     }
 
     public static AuthCredentials getAuthCreds(
-        IAuthManager authMgr, X509Certificate clientCert)
-        throws EBaseException {
+            IAuthManager authMgr, X509Certificate clientCert)
+            throws EBaseException {
         // get credentials from http parameters.
         String[] reqCreds = authMgr.getRequiredCreds();
         AuthCredentials creds = new AuthCredentials();
@@ -606,8 +599,8 @@ public class AdminServlet extends HttpServlet {
 
             if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) {
                 // cert could be null;
-                creds.set(reqCred, new X509Certificate[] { clientCert}
-                );
+                creds.set(reqCred, new X509Certificate[] { clientCert }
+                        );
             }
         }
         return creds;
@@ -616,15 +609,13 @@ public class AdminServlet extends HttpServlet {
     /**
      * Authorize must occur after Authenticate
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization
-     * has failed
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization
-     * is successful
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a
-     * role (in current CMS that's when one accesses a role port)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CMS that's when one accesses a role port)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @return the authorization token
      */
@@ -779,15 +770,15 @@ public class AdminServlet extends HttpServlet {
 
     /**
      * Sends response.
-     *
+     * 
      * @param returnCode return code
      * @param errorMsg localized error message
      * @param params result parameters
      * @param resp HTTP servlet response
      */
     protected void sendResponse(int returnCode, String errorMsg,
-        NameValuePairs params, HttpServletResponse resp)
-        throws IOException {
+            NameValuePairs params, HttpServletResponse resp)
+            throws IOException {
         ByteArrayOutputStream bos = new ByteArrayOutputStream();
         DataOutputStream dos = new DataOutputStream(bos);
 
@@ -806,8 +797,8 @@ public class AdminServlet extends HttpServlet {
                     String value = java.net.URLEncoder.encode((String)
                             params.getValue(name));
 
-                    buf.append(java.net.URLEncoder.encode(name) + 
-                        "=" + value);
+                    buf.append(java.net.URLEncoder.encode(name) +
+                            "=" + value);
                     if (e.hasMoreElements())
                         buf.append("&");
                 }
@@ -858,8 +849,8 @@ public class AdminServlet extends HttpServlet {
      * Generic configuration store get operation.
      */
     protected synchronized void getConfig(
-        IConfigStore config, HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            IConfigStore config, HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration e = req.getParameterNames();
@@ -876,8 +867,8 @@ public class AdminServlet extends HttpServlet {
             if (name.equals(Constants.OP_SCOPE))
                 continue;
 
-                //System.out.println(name);
-                //System.out.println(name+","+config.getString(name));
+            //System.out.println(name);
+            //System.out.println(name+","+config.getString(name));
             params.add(name, config.getString(name));
         }
         sendResponse(SUCCESS, null, params, resp);
@@ -889,8 +880,8 @@ public class AdminServlet extends HttpServlet {
      * calling this, and commit changes after this call.
      */
     protected synchronized void setConfig(
-        IConfigStore config, HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            IConfigStore config, HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration e = req.getParameterNames();
@@ -906,8 +897,8 @@ public class AdminServlet extends HttpServlet {
                 continue;
             if (name.equals(Constants.OP_SCOPE))
                 continue;
-                // XXX Need validation...
-                // XXX what if update failed
+            // XXX Need validation...
+            // XXX what if update failed
             config.putString(name, req.getParameter(name));
         }
         commit(true);
@@ -918,8 +909,8 @@ public class AdminServlet extends HttpServlet {
      * Lists configuration store.
      */
     protected synchronized void listConfig(
-        IConfigStore config, HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            IConfigStore config, HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         Enumeration e = config.getPropertyNames();
         NameValuePairs params = new NameValuePairs();
@@ -938,14 +929,14 @@ public class AdminServlet extends HttpServlet {
     public boolean authorize(IAuthToken token) throws EBaseException {
         String mGroupNames[] = { "Administrators" };
         boolean mAnd = true;
-	
+
         try {
             String userid = token.getInString("userid");
 
             if (userid == null) {
                 mLogger.log(
-                    ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid));
+                        ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                        CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid));
                 return false;
             }
 
@@ -955,8 +946,8 @@ public class AdminServlet extends HttpServlet {
 
             if (user == null) {
                 mLogger.log(
-                    ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid));
+                        ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                        CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid));
                 return false;
             }
 
@@ -973,9 +964,9 @@ public class AdminServlet extends HttpServlet {
                 for (int i = 0; i < mGroupNames.length; i++) {
                     if (!mUG.isMemberOf(user, mGroupNames[i])) {
                         mLogger.log(
-                            ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                            CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid,
-                                mGroupNames[i]));
+                                ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                                CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid,
+                                        mGroupNames[i]));
                         return false;
                     }
                 }
@@ -984,9 +975,9 @@ public class AdminServlet extends HttpServlet {
                 for (int i = 0; i < mGroupNames.length; i++) {
                     if (mUG.isMemberOf(user, mGroupNames[i])) {
                         mLogger.log(ILogger.EV_SYSTEM,
-                            ILogger.S_OTHER, ILogger.LL_INFO,
-                            CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid,
-                                mGroupNames[i]));
+                                ILogger.S_OTHER, ILogger.LL_INFO,
+                                CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid,
+                                        mGroupNames[i]));
                         return true;
                     }
                 }
@@ -998,24 +989,24 @@ public class AdminServlet extends HttpServlet {
                     groups.append(mGroupNames[j]);
                 }
                 mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString()));
+                        ILogger.LL_FAILURE,
+                        CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString()));
                 return false;
             }
         } catch (EUsrGrpException e) {
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString()));
             return false;
         }
     }
 
     /**
      * FileConfigStore functionality
-     *
+     * 
      * The original config file is moved to <filename>.<date>.
      * Commits the current properties to the configuration file.
      * <P>
-     *
+     * 
      * @param createBackup true if a backup file should be created
      */
     protected void commit(boolean createBackup) throws EBaseException {
@@ -1026,16 +1017,16 @@ public class AdminServlet extends HttpServlet {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN,
-            level, "AdminServlet: " + msg);
+                level, "AdminServlet: " + msg);
     }
 
     /**
      * Signed Audit Log
-     *
+     * 
      * This method is inherited by all extended admin servlets
      * and is called to store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
     protected void audit(String msg) {
@@ -1047,20 +1038,20 @@ public class AdminServlet extends HttpServlet {
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     /**
      * Signed Audit Log Subject ID
-     *
+     * 
      * This method is inherited by all extended "CMSServlet"s,
      * and is called to obtain the "SubjectID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message SubjectID
      */
     protected String auditSubjectID() {
@@ -1092,13 +1083,13 @@ public class AdminServlet extends HttpServlet {
 
     /**
      * Signed Audit Parameters
-     *
+     * 
      * This method is inherited by all extended admin servlets and
      * is called to extract parameters from the HttpServletRequest
      * and return a string of name;;value pairs separated by a '+'
      * if more than one name;;value pair exists.
      * <P>
-     *
+     * 
      * @param req HTTP servlet request
      * @return a delimited string of one or more delimited name/value pairs
      */
@@ -1176,22 +1167,22 @@ public class AdminServlet extends HttpServlet {
                     //     case-insensitive "password", "pwd", and "passwd"
                     //     name fields, and hide any password values:
                     //
- /* "password" */   if( name.equals( Constants.PASSWORDTYPE )             ||
-                        name.equals( Constants.TYPE_PASSWORD )            ||
-                        name.equals( Constants.PR_USER_PASSWORD )         ||
-                        name.equals( Constants.PT_OLD_PASSWORD )          ||
-                        name.equals( Constants.PT_NEW_PASSWORD )          ||
-                        name.equals( Constants.PT_DIST_STORE )            ||
-                        name.equals( Constants.PT_DIST_EMAIL )            ||
- /* "pwd" */            name.equals( Constants.PR_AUTH_ADMIN_PWD )        ||
-    // ignore this one  name.equals( Constants.PR_BINDPWD_PROMPT )        ||
-                        name.equals( Constants.PR_DIRECTORY_MANAGER_PWD ) ||
-                        name.equals( Constants.PR_OLD_AGENT_PWD )         ||
-                        name.equals( Constants.PR_AGENT_PWD )             ||
-                        name.equals( Constants.PT_PUBLISH_PWD )           ||
- /* "passwd" */         name.equals( Constants.PR_BIND_PASSWD )           ||
-                        name.equals( Constants.PR_BIND_PASSWD_AGAIN )     ||
-                        name.equals( Constants.PR_TOKEN_PASSWD ) ) {
+                    /* "password" */if (name.equals(Constants.PASSWORDTYPE) ||
+                            name.equals(Constants.TYPE_PASSWORD) ||
+                            name.equals(Constants.PR_USER_PASSWORD) ||
+                            name.equals(Constants.PT_OLD_PASSWORD) ||
+                            name.equals(Constants.PT_NEW_PASSWORD) ||
+                            name.equals(Constants.PT_DIST_STORE) ||
+                            name.equals(Constants.PT_DIST_EMAIL) ||
+                            /* "pwd" */name.equals(Constants.PR_AUTH_ADMIN_PWD) ||
+                            // ignore this one  name.equals( Constants.PR_BINDPWD_PROMPT )        ||
+                            name.equals(Constants.PR_DIRECTORY_MANAGER_PWD) ||
+                            name.equals(Constants.PR_OLD_AGENT_PWD) ||
+                            name.equals(Constants.PR_AGENT_PWD) ||
+                            name.equals(Constants.PT_PUBLISH_PWD) ||
+                            /* "passwd" */name.equals(Constants.PR_BIND_PASSWD) ||
+                            name.equals(Constants.PR_BIND_PASSWD_AGAIN) ||
+                            name.equals(Constants.PR_TOKEN_PASSWD)) {
 
                         // hide password value
                         parameters += name
@@ -1216,14 +1207,14 @@ public class AdminServlet extends HttpServlet {
 
     /**
      * Signed Audit Groups
-     *
+     * 
      * This method is called to extract all "groups" associated
      * with the "auditSubjectID()".
      * <P>
-     *
+     * 
      * @param SubjectID string containing the signed audit log message SubjectID
      * @return a delimited string of groups associated
-     *      with the "auditSubjectID()"
+     *         with the "auditSubjectID()"
      */
     private String auditGroups(String SubjectID) {
         // if no signed audit object exists, bail
@@ -1232,7 +1223,7 @@ public class AdminServlet extends HttpServlet {
         }
 
         if ((SubjectID == null) ||
-            (SubjectID.equals(ILogger.UNIDENTIFIED))) {
+                (SubjectID.equals(ILogger.UNIDENTIFIED))) {
             return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         }
 
@@ -1250,7 +1241,7 @@ public class AdminServlet extends HttpServlet {
             IGroup group = (IGroup) groups.nextElement();
 
             if (group.isMember(SubjectID) == true) {
-                if (membersString.length()!=0) {
+                if (membersString.length() != 0) {
                     membersString.append(", ");
                 }
 
@@ -1258,7 +1249,7 @@ public class AdminServlet extends HttpServlet {
             }
         }
 
-        if (membersString.length()!= 0) {
+        if (membersString.length() != 0) {
             return membersString.toString();
         } else {
             return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -1266,7 +1257,8 @@ public class AdminServlet extends HttpServlet {
     }
 
     protected NameValuePairs convertStringArrayToNVPairs(String[] s) {
-        if (s == null) return null;
+        if (s == null)
+            return null;
         NameValuePairs nvps = new NameValuePairs();
         int i;
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java
index 4a7329c9..ceffb7c2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -46,13 +45,12 @@ import com.netscape.certsrv.common.ScopeDef;
 import com.netscape.certsrv.ldap.ILdapAuthInfo;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * A class representing an administration servlet for the
- * Authentication Management subsystem.  This servlet is responsible
+ * Authentication Management subsystem. This servlet is responsible
  * to serve configuration requests for the Auths Management subsystem.
  * 
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthAdminServlet extends AdminServlet {
@@ -64,13 +62,13 @@ public class AuthAdminServlet extends AdminServlet {
     private final static String INFO = "AuthAdminServlet";
     private IAuthSubsystem mAuths = null;
 
-    private final static String PW_PASSWORD_CACHE_ADD = 
-        "PASSWORD_CACHE_ADD";
+    private final static String PW_PASSWORD_CACHE_ADD =
+            "PASSWORD_CACHE_ADD";
     private final static String VIEW = ";" + Constants.VIEW;
     private final static String EDIT = ";" + Constants.EDIT;
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_AUTH =
-        "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3";
 
     public AuthAdminServlet() {
         super();
@@ -88,18 +86,18 @@ public class AuthAdminServlet extends AdminServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
      * retrieve extended plugin info such as brief description, type info
      * from policy, authentication,
-     *   need to add: listener, mapper and publishing plugins
+     * need to add: listener, mapper and publishing plugins
      * --- same as policy, should we move this into extendedpluginhelper?
      */
     private void getExtendedPluginInfo(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
@@ -110,7 +108,7 @@ public class AuthAdminServlet extends AdminServlet {
         String implName = id.substring(colon + 1);
 
         NameValuePairs params =
-            getExtendedPluginInfo(getLocale(req), implType, implName);
+                getExtendedPluginInfo(getLocale(req), implType, implName);
 
         sendResponse(SUCCESS, null, params, resp);
     }
@@ -142,7 +140,7 @@ public class AuthAdminServlet extends AdminServlet {
      * Serves HTTP admin request.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
 
         String scope = req.getParameter(Constants.OP_SCOPE);
@@ -150,22 +148,22 @@ public class AuthAdminServlet extends AdminServlet {
 
         if (op == null) {
             //System.out.println("SRVLT_INVALID_PROTOCOL");
-            sendResponse(ERROR, 
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                null, resp);
+            sendResponse(ERROR,
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+                    null, resp);
             return;
         }
 
         // if it is not authentication, that means it is for CSC admin ping.
         // the best way to do is to define another protocol for ping and move
         // it to the generic servlet which is admin servlet.
-        if (!op.equals(OpDef.OP_AUTH)) { 
+        if (!op.equals(OpDef.OP_AUTH)) {
             if (scope.equals(ScopeDef.SC_AUTH)) {
                 String id = req.getParameter(Constants.RS_ID);
 
                 // for CSC admin ping only
                 if (op.equals(OpDef.OP_READ) &&
-                    id.equals(Constants.RS_ID_CONFIG)) {
+                        id.equals(Constants.RS_ID_CONFIG)) {
 
                     // no need to authenticate this. if we're alive, return true.
                     NameValuePairs params = new NameValuePairs();
@@ -176,8 +174,8 @@ public class AuthAdminServlet extends AdminServlet {
                 } else {
                     //System.out.println("SRVLT_INVALID_OP_TYPE");
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
+                            null, resp);
                     return;
                 }
             }
@@ -186,7 +184,7 @@ public class AuthAdminServlet extends AdminServlet {
         try {
             if (op.equals(OpDef.OP_AUTH)) {
                 if (scope.equals(ScopeDef.SC_AUTHTYPE)) {
-                    IConfigStore configStore = CMS.getConfigStore(); 
+                    IConfigStore configStore = CMS.getConfigStore();
                     String val = configStore.getString("authType", "pwd");
                     NameValuePairs params = new NameValuePairs();
 
@@ -196,8 +194,8 @@ public class AuthAdminServlet extends AdminServlet {
                 }
             }
         } catch (Exception e) {
-            sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
-                null, resp);
+            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
+                    null, resp);
             return;
         }
         // for the rest					
@@ -209,8 +207,8 @@ public class AuthAdminServlet extends AdminServlet {
             }
         } catch (IOException e) {
             //System.out.println("SRVLT_FAIL_AUTHS");
-            sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
-                null, resp);
+            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -223,8 +221,8 @@ public class AuthAdminServlet extends AdminServlet {
                         mOp = "read";
                         if ((mToken = super.authorize(req)) == null) {
                             sendResponse(ERROR,
-                              CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
+                                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                    null, resp);
                             return;
                         }
                         getExtendedPluginInfo(req, resp);
@@ -238,8 +236,8 @@ public class AuthAdminServlet extends AdminServlet {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                          CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
@@ -249,17 +247,17 @@ public class AuthAdminServlet extends AdminServlet {
                         listAuthMgrInsts(req, resp);
                         return;
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else if (op.equals(OpDef.OP_READ)) {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                          CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
@@ -269,17 +267,17 @@ public class AuthAdminServlet extends AdminServlet {
                         getInstConfig(req, resp);
                         return;
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else if (op.equals(OpDef.OP_ADD)) {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                          CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
@@ -289,17 +287,17 @@ public class AuthAdminServlet extends AdminServlet {
                         addAuthMgrInst(req, resp, scope);
                         return;
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else if (op.equals(OpDef.OP_DELETE)) {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                          CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
@@ -309,17 +307,17 @@ public class AuthAdminServlet extends AdminServlet {
                         delAuthMgrInst(req, resp, scope);
                         return;
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else if (op.equals(OpDef.OP_MODIFY)) {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                          CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) {
@@ -328,18 +326,18 @@ public class AuthAdminServlet extends AdminServlet {
                     }
                 } else {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                            null, resp);
                     return;
                 }
-            } 
+            }
         } catch (EBaseException e) {
             sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
             return;
-        } 
+        }
         sendResponse(ERROR,
-            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
-            null, resp);
+                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+                null, resp);
         return;
     }
 
@@ -356,23 +354,23 @@ public class AuthAdminServlet extends AdminServlet {
     /**
      * Add authentication manager plug-in
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
-     * authentication
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of this authentication
-     * manager's substore
+     *            manager's substore
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    
-	private synchronized void addAuthMgrPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+
+    private synchronized void addAuthMgrPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -394,8 +392,8 @@ public class AuthAdminServlet extends AdminServlet {
 
                 //System.out.println("SRVLT_NULL_RS_ID");
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
             // is the manager id unique?
@@ -410,8 +408,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(),
-                    null, resp);
+                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(),
+                        null, resp);
                 return;
             }
 
@@ -428,13 +426,13 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"),
+                        null, resp);
                 return;
             }
 
             if (classPath.equals("com.netscape.cmscore.authentication.PasswdUserDBAuthentication") ||
-                classPath.equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) {
+                    classPath.equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) {
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
                             LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
@@ -445,17 +443,17 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
                 return;
             }
 
             IConfigStore destStore =
-                mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
+                    mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
             IConfigStore instancesConfig =
-                destStore.getSubStore(scope);
+                    destStore.getSubStore(scope);
 
             // Does the class exist?
-            
+
             Class<IAuthManager> newImpl = null;
 
             try {
@@ -473,8 +471,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"),
+                        null, resp);
                 return;
             } catch (IllegalArgumentException e) {
                 // store a message in the signed audit log file
@@ -487,8 +485,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"),
+                        null, resp);
                 return;
             }
 
@@ -505,8 +503,8 @@ public class AuthAdminServlet extends AdminServlet {
                     audit(auditMessage);
 
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_CLASS"),
+                            null, resp);
                     return;
                 }
             } catch (NullPointerException e) { // unlikely, only if newImpl null.
@@ -520,8 +518,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_CLASS"),
+                        null, resp);
                 return;
             }
 
@@ -544,8 +542,8 @@ public class AuthAdminServlet extends AdminServlet {
 
                 //System.out.println("SRVLT_FAIL_COMMIT");
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
@@ -553,8 +551,8 @@ public class AuthAdminServlet extends AdminServlet {
             AuthMgrPlugin plugin = new AuthMgrPlugin(id, classPath);
 
             mAuths.getPlugins().put(id, plugin);
-            mAuths.log(ILogger.LL_INFO, 
-                CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id));
+            mAuths.log(ILogger.LL_INFO,
+                    CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id));
 
             NameValuePairs params = new NameValuePairs();
 
@@ -611,22 +609,22 @@ public class AuthAdminServlet extends AdminServlet {
     /**
      * Add authentication manager instance
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
-     * authentication
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of this authentication
-     * manager's substore
+     *            manager's substore
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void addAuthMgrInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addAuthMgrInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -647,8 +645,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -664,8 +662,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_MGR_INST_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_MGR_INST_ID"),
+                        null, resp);
                 return;
             }
 
@@ -685,21 +683,21 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MISSING_PARAMS"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_MISSING_PARAMS"),
+                        null, resp);
                 return;
             }
 
             // prevent agent & admin creation.
             if (implname.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) ||
-                implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
+                    implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
             }
 
             // check if implementation exists.
             AuthMgrPlugin plugin =
-                (AuthMgrPlugin) mAuths.getPlugins().get(implname);
+                    (AuthMgrPlugin) mAuths.getPlugins().get(implname);
 
             if (plugin == null) {
                 // store a message in the signed audit log file
@@ -712,8 +710,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(),
-                    null, resp);
+                        new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(),
+                        null, resp);
                 return;
             }
 
@@ -723,9 +721,9 @@ public class AuthAdminServlet extends AdminServlet {
             String[] configParams = mAuths.getConfigParams(implname);
 
             IConfigStore destStore =
-                mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
+                    mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
             IConfigStore instancesConfig =
-                destStore.getSubStore(scope);
+                    destStore.getSubStore(scope);
             IConfigStore substore = instancesConfig.makeSubStore(id);
 
             if (configParams != null) {
@@ -765,8 +763,8 @@ public class AuthAdminServlet extends AdminServlet {
                 // cleanup
                 instancesConfig.removeSubStore(id);
                 sendResponse(ERROR,
-                    new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             } catch (InstantiationException e) {
                 // store a message in the signed audit log file
@@ -780,8 +778,8 @@ public class AuthAdminServlet extends AdminServlet {
 
                 instancesConfig.removeSubStore(id);
                 sendResponse(ERROR,
-                    new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             } catch (IllegalAccessException e) {
                 // store a message in the signed audit log file
@@ -795,8 +793,8 @@ public class AuthAdminServlet extends AdminServlet {
 
                 instancesConfig.removeSubStore(id);
                 sendResponse(ERROR,
-                    new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             }
 
@@ -835,16 +833,16 @@ public class AuthAdminServlet extends AdminServlet {
                 // clean up.
                 instancesConfig.removeSubStore(id);
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
             // inited and commited ok. now add manager instance to list.
             mAuths.add(id, authMgrInst);
 
-            mAuths.log(ILogger.LL_INFO, 
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id));
+            mAuths.log(ILogger.LL_INFO,
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id));
 
             NameValuePairs params = new NameValuePairs();
 
@@ -900,8 +898,8 @@ public class AuthAdminServlet extends AdminServlet {
         }
     }
 
-    private synchronized void listAuthMgrPlugins(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listAuthMgrPlugins(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -909,8 +907,8 @@ public class AuthAdminServlet extends AdminServlet {
 
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
-            AuthMgrPlugin value = (AuthMgrPlugin) 
-                mAuths.getPlugins().get(name);
+            AuthMgrPlugin value = (AuthMgrPlugin)
+                    mAuths.getPlugins().get(name);
 
             if (value.isVisible()) {
                 params.add(name, value.getClassPath() + EDIT);
@@ -920,14 +918,13 @@ public class AuthAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void listAuthMgrInsts(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listAuthMgrInsts(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
 
-        for (Enumeration<?> e = mAuths.getInstances().keys();
-            e.hasMoreElements();) {
+        for (Enumeration<?> e = mAuths.getInstances().keys(); e.hasMoreElements();) {
             String name = (String) e.nextElement();
             AuthManagerProxy proxy = (AuthManagerProxy) mAuths.getInstances().get(name);
             IAuthManager value = proxy.getAuthManager();
@@ -938,7 +935,7 @@ public class AuthAdminServlet extends AdminServlet {
             }
 
             AuthMgrPlugin amgrplugin = (AuthMgrPlugin)
-                mAuths.getPlugins().get(value.getImplName());
+                    mAuths.getPlugins().get(value.getImplName());
 
             if (!amgrplugin.isVisible()) {
                 params.add(name, value.getImplName() + ";invisible;" + enableStr);
@@ -953,21 +950,21 @@ public class AuthAdminServlet extends AdminServlet {
     /**
      * Delete authentication manager plug-in
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
-     * authentication
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of this authentication
-     * manager's substore
+     *            manager's substore
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void delAuthMgrPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) throws ServletException, 
+    private synchronized void delAuthMgrPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -991,16 +988,16 @@ public class AuthAdminServlet extends AdminServlet {
 
                 //System.out.println("SRVLT_NULL_RS_ID");
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
             // prevent deletion of admin and agent.
             if (id.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) ||
-                id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
+                    id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
             }
 
             // does auth manager exist?
@@ -1015,15 +1012,14 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(),
-                    null, resp);
+                        new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(),
+                        null, resp);
                 return;
             }
 
             // first check if any instances from this auth manager
             // DON'T remove auth manager if any instance
-            for (Enumeration<?> e = mAuths.getInstances().keys();
-                e.hasMoreElements();) {
+            for (Enumeration<?> e = mAuths.getInstances().keys(); e.hasMoreElements();) {
                 IAuthManager authMgr = (IAuthManager) mAuths.get((String) e.nextElement());
 
                 if (authMgr.getImplName() == id) {
@@ -1037,19 +1033,19 @@ public class AuthAdminServlet extends AdminServlet {
                     audit(auditMessage);
 
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MGR_IN_USE"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_MGR_IN_USE"),
+                            null, resp);
                     return;
                 }
             }
-		
+
             // then delete this auth manager
             mAuths.getPlugins().remove((Object) id);
 
             IConfigStore destStore =
-                mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
+                    mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
             IConfigStore instancesConfig =
-                destStore.getSubStore(scope);
+                    destStore.getSubStore(scope);
 
             instancesConfig.removeSubStore(id);
             // commiting
@@ -1066,8 +1062,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
@@ -1124,21 +1120,21 @@ public class AuthAdminServlet extends AdminServlet {
     /**
      * Delete authentication manager instance
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
-     * authentication
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of this authentication
-     * manager's substore
+     *            manager's substore
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void delAuthMgrInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) throws ServletException, 
+    private synchronized void delAuthMgrInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -1162,16 +1158,16 @@ public class AuthAdminServlet extends AdminServlet {
 
                 //System.out.println("SRVLT_NULL_RS_ID");
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
             // prevent deletion of admin and agent.
             if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) ||
-                id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
+                    id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
             }
 
             // does auth manager instance exist?
@@ -1186,8 +1182,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(),
-                    null, resp);
+                        new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(),
+                        null, resp);
                 return;
             }
 
@@ -1200,9 +1196,9 @@ public class AuthAdminServlet extends AdminServlet {
 
             // remove the configuration.
             IConfigStore destStore =
-                mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
+                    mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
             IConfigStore instancesConfig =
-                destStore.getSubStore(scope);
+                    destStore.getSubStore(scope);
 
             instancesConfig.removeSubStore(id);
             // commiting
@@ -1220,8 +1216,8 @@ public class AuthAdminServlet extends AdminServlet {
 
                 //System.out.println("SRVLT_FAIL_COMMIT");
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
@@ -1283,24 +1279,24 @@ public class AuthAdminServlet extends AdminServlet {
 
     /**
      * used for getting the required configuration parameters (with
-     *	 possible default values) for a particular auth manager plugin
-     * implementation name specified in the RS_ID.  Actually, there is
-     *	 no logic in here to set any default value here...there's no
-     *	 default value for any parameter in this authentication subsystem
-     *	 at this point.  Later, if we do have one (or some), it can be
-     *	 added.  The interface remains the same.
+     * possible default values) for a particular auth manager plugin
+     * implementation name specified in the RS_ID. Actually, there is
+     * no logic in here to set any default value here...there's no
+     * default value for any parameter in this authentication subsystem
+     * at this point. Later, if we do have one (or some), it can be
+     * added. The interface remains the same.
      */
-    private synchronized void getConfig(HttpServletRequest req, 
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void getConfig(HttpServletRequest req,
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
 
         String implname = req.getParameter(Constants.RS_ID);
 
         if (implname == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -1318,8 +1314,8 @@ public class AuthAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void getInstConfig(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void getInstConfig(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
@@ -1327,16 +1323,16 @@ public class AuthAdminServlet extends AdminServlet {
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does auth manager instance exist?
         if (mAuths.getInstances().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
@@ -1366,28 +1362,28 @@ public class AuthAdminServlet extends AdminServlet {
 
     /**
      * Modify authentication manager instance
-     * This will actually create a new instance with new configuration 
+     * This will actually create a new instance with new configuration
      * parameters and replace the old instance if the new instance is
      * created and initialized successfully.
      * The old instance is left running, so this is very expensive.
      * Restart of server recommended.
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
-     * authentication
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring authentication
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of this authentication
-     * manager's substore
+     *            manager's substore
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void modAuthMgrInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void modAuthMgrInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         // expensive operation.
 
@@ -1411,16 +1407,16 @@ public class AuthAdminServlet extends AdminServlet {
 
                 //System.out.println("SRVLT_NULL_RS_ID");
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
             // prevent modification of admin and agent.
             if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) ||
-                id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
+                    id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
             }
 
             // Does the manager instance exist?
@@ -1435,8 +1431,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"),
-                    null, resp);
+                        CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"),
+                        null, resp);
                 return;
             }
 
@@ -1454,14 +1450,14 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"),
-                    null, resp);
+                        CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"),
+                        null, resp);
                 return;
             }
 
             // get plugin for implementation 
             AuthMgrPlugin plugin =
-                (AuthMgrPlugin) mAuths.getPlugins().get(implname);
+                    (AuthMgrPlugin) mAuths.getPlugins().get(implname);
 
             if (plugin == null) {
                 // store a message in the signed audit log file
@@ -1474,15 +1470,15 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(),
-                    null, resp);
+                        new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(),
+                        null, resp);
                 return;
             }
 
             // save old instance substore params in case new one fails. 
 
-            IAuthManager oldinst = 
-                (IAuthManager) mAuths.get(id);
+            IAuthManager oldinst =
+                    (IAuthManager) mAuths.get(id);
             IConfigStore oldConfig = oldinst.getConfigStore();
 
             String[] oldConfigParms = oldinst.getConfigParams();
@@ -1490,7 +1486,7 @@ public class AuthAdminServlet extends AdminServlet {
 
             // implName is always required so always include it it.
             saveParams.add(IAuthSubsystem.PROP_PLUGIN,
-                (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN));
+                    (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN));
             if (oldConfigParms != null) {
                 for (int i = 0; i < oldConfigParms.length; i++) {
                     String key = oldConfigParms[i];
@@ -1507,9 +1503,9 @@ public class AuthAdminServlet extends AdminServlet {
             // remove old substore.
 
             IConfigStore destStore =
-                mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
+                    mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
             IConfigStore instancesConfig =
-                destStore.getSubStore(scope);
+                    destStore.getSubStore(scope);
 
             instancesConfig.removeSubStore(id);
 
@@ -1551,8 +1547,8 @@ public class AuthAdminServlet extends AdminServlet {
                 // cleanup
                 restore(instancesConfig, id, saveParams);
                 sendResponse(ERROR,
-                    new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             } catch (InstantiationException e) {
                 // store a message in the signed audit log file
@@ -1566,8 +1562,8 @@ public class AuthAdminServlet extends AdminServlet {
 
                 restore(instancesConfig, id, saveParams);
                 sendResponse(ERROR,
-                    new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             } catch (IllegalAccessException e) {
                 // store a message in the signed audit log file
@@ -1581,8 +1577,8 @@ public class AuthAdminServlet extends AdminServlet {
 
                 restore(instancesConfig, id, saveParams);
                 sendResponse(ERROR,
-                    new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             }
 
@@ -1623,8 +1619,8 @@ public class AuthAdminServlet extends AdminServlet {
                 restore(instancesConfig, id, saveParams);
                 //System.out.println("SRVLT_FAIL_COMMIT");
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
@@ -1632,8 +1628,8 @@ public class AuthAdminServlet extends AdminServlet {
 
             mAuths.add(id, newMgrInst);
 
-            mAuths.log(ILogger.LL_INFO, 
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id));
+            mAuths.log(ILogger.LL_INFO,
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id));
 
             NameValuePairs params = new NameValuePairs();
 
@@ -1688,8 +1684,8 @@ public class AuthAdminServlet extends AdminServlet {
     }
 
     // convenience routine.
-    private static void restore(IConfigStore store, 
-        String id, NameValuePairs saveParams) {
+    private static void restore(IConfigStore store,
+            String id, NameValuePairs saveParams) {
         store.removeSubStore(id);
         IConfigStore rstore = store.makeSubStore(id);
 
@@ -1699,7 +1695,7 @@ public class AuthAdminServlet extends AdminServlet {
             String key = (String) keys.nextElement();
             String value = saveParams.getValue(key);
 
-            if (value != null) 
+            if (value != null)
                 rstore.put(key, value);
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java
index bfa9cccd..d0bbfa82 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 
@@ -25,11 +24,10 @@ import com.netscape.certsrv.authentication.IAuthCredentials;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
 
-
 /**
  * Authentication Credentials as input to the authMgr
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthCredentials implements IAuthCredentials {
@@ -40,19 +38,21 @@ public class AuthCredentials implements IAuthCredentials {
     private Hashtable authCreds = null;
     // Inserted by bskim 
     private IArgBlock argblk = null;
+
     // Insert end
-    
+
     public AuthCredentials() {
         authCreds = new Hashtable();
     }
 
     /**
      * sets a credential with credential name and the credential
+     * 
      * @param name credential name
      * @param cred credential
      * @exception com.netscape.certsrv.base.EBaseException NullPointerException
      */
-    public void set(String name, Object cred)throws EBaseException {
+    public void set(String name, Object cred) throws EBaseException {
         if (cred == null) {
             throw new EBaseException("AuthCredentials.set()");
         }
@@ -62,7 +62,8 @@ public class AuthCredentials implements IAuthCredentials {
 
     /**
      * returns the credential to which the specified name is mapped in this
-     *	 credential set
+     * credential set
+     * 
      * @param name credential name
      * @return the named authentication credential
      */
@@ -72,8 +73,9 @@ public class AuthCredentials implements IAuthCredentials {
 
     /**
      * removes the name and its corresponding credential from this
-     *	 credential set.  This method does nothing if the named
-     *	 credential is not in the credential set.
+     * credential set. This method does nothing if the named
+     * credential is not in the credential set.
+     * 
      * @param name credential name
      */
     public void delete(String name) {
@@ -82,26 +84,26 @@ public class AuthCredentials implements IAuthCredentials {
 
     /**
      * returns an enumeration of the credentials in this credential
-     *	 set.  Use the Enumeration methods on the returned object to
-     *	 fetch the elements sequentially.
+     * set. Use the Enumeration methods on the returned object to
+     * fetch the elements sequentially.
+     * 
      * @return an enumeration of the values in this credential set
      * @see java.util.Enumeration
      */
     public Enumeration getElements() {
         return (authCreds.elements());
     }
-    
+
     // Inserted by bskim
     public void setArgBlock(IArgBlock blk) {
         argblk = blk;
         return;
-    }        
+    }
 
     // Insert end
-    
+
     public IArgBlock getArgBlock() {
         return argblk;
-    }        
+    }
     // Insert end
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
index 0ae51ce4..4a059106 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.File;
 import java.io.IOException;
 import java.net.UnknownHostException;
@@ -45,13 +44,12 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.request.IRequestListener;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
  * A class representings an administration servlet for Certificate
- * Authority. This servlet is responsible to serve CA 
- * administrative operations such as configuration parameter 
+ * Authority. This servlet is responsible to serve CA
+ * administrative operations such as configuration parameter
  * updates.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CAAdminServlet extends AdminServlet {
@@ -66,7 +64,7 @@ public class CAAdminServlet extends AdminServlet {
     private final static String INFO = "CAAdminServlet";
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE =
-        "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3";
 
     private ICertificateAuthority mCA = null;
     protected static final String PROP_ENABLED = "enabled";
@@ -98,9 +96,9 @@ public class CAAdminServlet extends AdminServlet {
      * the authenticate manager.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
-			    
+
         //get all operational flags
         String op = req.getParameter(Constants.OP_TYPE);
         String scope = req.getParameter(Constants.OP_SCOPE);
@@ -109,7 +107,7 @@ public class CAAdminServlet extends AdminServlet {
         if ((op == null) || (scope == null)) {
             sendResponse(1, "Invalid Protocol", null, resp);
             return;
-        }			    
+        }
 
         super.authenticate(req);
 
@@ -120,8 +118,8 @@ public class CAAdminServlet extends AdminServlet {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                          CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     getExtendedPluginInfo(req, resp);
@@ -135,8 +133,8 @@ public class CAAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_GENERAL))
@@ -159,8 +157,8 @@ public class CAAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_GENERAL))
@@ -171,9 +169,9 @@ public class CAAdminServlet extends AdminServlet {
                     setCRLIPsConfig(req, resp);
                 else if (scope.equals(ScopeDef.SC_CRL))
                     setCRLConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) 
+                else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP))
                     setNotificationReqCompConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) 
+                else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP))
                     setNotificationRevCompConfig(req, resp);
                 else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ))
                     setNotificationRIQConfig(req, resp);
@@ -183,8 +181,8 @@ public class CAAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_CRLEXTS_RULES))
@@ -195,8 +193,8 @@ public class CAAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_CRLIPS))
@@ -205,8 +203,8 @@ public class CAAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_CRLIPS))
@@ -223,20 +221,20 @@ public class CAAdminServlet extends AdminServlet {
     /*==========================================================
      * private methods
      *==========================================================*/
-    
+
     /*
      * handle request completion (cert issued) notification config requests
      */
     private void getNotificationCompConfig(HttpServletRequest req,
-        HttpServletResponse resp, IConfigStore rc) throws ServletException,
+            HttpServletResponse resp, IConfigStore rc) throws ServletException,
             IOException, EBaseException {
-         
+
         NameValuePairs params = new NameValuePairs();
         Enumeration e = req.getParameterNames();
-        
+
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
-            
+
             if (name.equals(Constants.OP_TYPE))
                 continue;
             if (name.equals(Constants.RS_ID))
@@ -247,33 +245,33 @@ public class CAAdminServlet extends AdminServlet {
                 continue;
             params.add(name, rc.getString(name, ""));
         }
-        
+
         params.add(Constants.PR_ENABLE,
-            rc.getString(PROP_ENABLED, Constants.FALSE));
+                rc.getString(PROP_ENABLED, Constants.FALSE));
         sendResponse(SUCCESS, null, params, resp);
     }
-    
+
     private void getNotificationRevCompConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-        
+
         IConfigStore config = mCA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
         IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE);
-        
+
         getNotificationCompConfig(req, resp, rc);
     }
-    
+
     private void getNotificationReqCompConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-        
+
         IConfigStore config = mCA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
         IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE);
-        
+
         getNotificationCompConfig(req, resp, rc);
     }
 
@@ -281,14 +279,14 @@ public class CAAdminServlet extends AdminServlet {
      * handle getting request in queue notification config info
      */
     private void getNotificationRIQConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
 
         IConfigStore config = mCA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE);
 
@@ -308,8 +306,8 @@ public class CAAdminServlet extends AdminServlet {
             params.add(name, riq.getString(name, ""));
         }
 
-        params.add(Constants.PR_ENABLE, 
-            riq.getString(PROP_ENABLED, Constants.FALSE));
+        params.add(Constants.PR_ENABLE,
+                riq.getString(PROP_ENABLED, Constants.FALSE));
         sendResponse(SUCCESS, null, params, resp);
     }
 
@@ -317,11 +315,11 @@ public class CAAdminServlet extends AdminServlet {
      * handle setting request in queue notification config info
      */
     private void setNotificationRIQConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore config = mCA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE);
 
@@ -346,15 +344,15 @@ public class CAAdminServlet extends AdminServlet {
                 File template = new File(val);
 
                 if ((!template.exists()) || (!template.canRead())
-                    || (template.isDirectory())) {
+                        || (template.isDirectory())) {
                     String error =
-                        "Template: " + val + " does not exist or invalid";
+                            "Template: " + val + " does not exist or invalid";
 
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH"));
 
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
+                            null, resp);
                     return;
                 }
             }
@@ -377,9 +375,9 @@ public class CAAdminServlet extends AdminServlet {
      * handle setting request complete notification config info
      */
     private void setNotificationCompConfig(HttpServletRequest req,
-        HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException,
+            HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException,
             IOException, EBaseException {
- 
+
         //set rest of the parameters
         Enumeration e = req.getParameterNames();
 
@@ -401,15 +399,15 @@ public class CAAdminServlet extends AdminServlet {
                 File template = new File(val);
 
                 if ((!template.exists()) || (!template.canRead())
-                    || (template.isDirectory())) {
+                        || (template.isDirectory())) {
                     String error =
-                        "Template: " + val + " does not exist or invalid";
+                            "Template: " + val + " does not exist or invalid";
 
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH"));
 
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
+                            null, resp);
                     return;
                 }
             }
@@ -429,23 +427,23 @@ public class CAAdminServlet extends AdminServlet {
     }
 
     private void setNotificationRevCompConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore config = mCA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
 
-        IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE);  
+        IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE);
 
         setNotificationCompConfig(req, resp, rc, mCA.getCertRevokedListener());
-    }            
+    }
 
     private void setNotificationReqCompConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore config = mCA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE);
 
@@ -454,8 +452,8 @@ public class CAAdminServlet extends AdminServlet {
     }
 
     private void listCRLIPsConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
         Enumeration ips = mCA.getCRLIssuingPoints();
@@ -469,16 +467,16 @@ public class CAAdminServlet extends AdminServlet {
                 if (ipId != null && ipId.length() > 0)
                     params.add(ipId, ip.getDescription());
                 params.add(ipId + "." + Constants.PR_ENABLED,
-                    (Boolean.valueOf(ip.isCRLIssuingPointEnabled())).toString());
+                        (Boolean.valueOf(ip.isCRLIssuingPointEnabled())).toString());
             }
         }
-            
+
         sendResponse(SUCCESS, null, params, resp);
     }
 
     private void getCRLIPsConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
         String id = req.getParameter(Constants.RS_ID);
@@ -518,11 +516,11 @@ public class CAAdminServlet extends AdminServlet {
     /**
      * Add CRL issuing points configuration
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
-     * configuring CRL profile (extensions, frequency, CRL format)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
@@ -530,8 +528,8 @@ public class CAAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     private void addCRLIPsConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -578,7 +576,7 @@ public class CAAdminServlet extends AdminServlet {
             boolean enable = true;
 
             if (sEnable != null && sEnable.length() > 0 &&
-                sEnable.equalsIgnoreCase(Constants.FALSE)) {
+                    sEnable.equalsIgnoreCase(Constants.FALSE)) {
                 enable = false;
                 params.add(Constants.PR_ENABLED, Constants.FALSE);
             } else {
@@ -586,7 +584,7 @@ public class CAAdminServlet extends AdminServlet {
             }
 
             IConfigStore crlSubStore =
-                mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+                    mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
             Enumeration crlNames = crlSubStore.getSubStoreNames();
 
             while (crlNames.hasMoreElements()) {
@@ -673,11 +671,11 @@ public class CAAdminServlet extends AdminServlet {
     /**
      * Set CRL issuing points configuration
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
-     * configuring CRL profile (extensions, frequency, CRL format)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
@@ -685,8 +683,8 @@ public class CAAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     private void setCRLIPsConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -733,7 +731,7 @@ public class CAAdminServlet extends AdminServlet {
             boolean enable = true;
 
             if (sEnable != null && sEnable.length() > 0 &&
-                sEnable.equalsIgnoreCase(Constants.FALSE)) {
+                    sEnable.equalsIgnoreCase(Constants.FALSE)) {
                 enable = false;
                 params.add(Constants.PR_ENABLED, Constants.FALSE);
             } else {
@@ -741,7 +739,7 @@ public class CAAdminServlet extends AdminServlet {
             }
 
             IConfigStore crlSubStore =
-                mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+                    mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
             boolean done = false;
             Enumeration crlNames = crlSubStore.getSubStoreNames();
 
@@ -759,8 +757,8 @@ public class CAAdminServlet extends AdminServlet {
 
                     if (c != null) {
                         c.putString(Constants.PR_DESCRIPTION, desc);
-                        c.putString(Constants.PR_ENABLED, 
-                            (enable) ? Constants.TRUE : Constants.FALSE);
+                        c.putString(Constants.PR_ENABLED,
+                                (enable) ? Constants.TRUE : Constants.FALSE);
                     }
                     done = true;
                     break;
@@ -833,11 +831,11 @@ public class CAAdminServlet extends AdminServlet {
     /**
      * Delete CRL issuing points configuration
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
-     * configuring CRL profile (extensions, frequency, CRL format)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
@@ -845,8 +843,8 @@ public class CAAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     private void deleteCRLIPsConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -859,7 +857,7 @@ public class CAAdminServlet extends AdminServlet {
 
             if (id != null && id.length() > 0) {
                 IConfigStore crlSubStore =
-                    mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+                        mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
                 boolean done = false;
                 Enumeration crlNames = crlSubStore.getSubStoreNames();
 
@@ -938,8 +936,8 @@ public class CAAdminServlet extends AdminServlet {
     }
 
     private void getCRLExtsConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
         String ipId = null;
@@ -974,11 +972,11 @@ public class CAAdminServlet extends AdminServlet {
     /**
      * Delete CRL extensions configuration
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
-     * configuring CRL profile (extensions, frequency, CRL format)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
@@ -986,8 +984,8 @@ public class CAAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     private void setCRLExtsConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1007,10 +1005,10 @@ public class CAAdminServlet extends AdminServlet {
 
             IConfigStore config = mCA.getConfigStore();
             IConfigStore crlsSubStore =
-                config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+                    config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
             IConfigStore crlSubStore = crlsSubStore.getSubStore(ipId);
             IConfigStore crlExtsSubStore =
-                crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
+                    crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
 
             String id = req.getParameter(Constants.RS_ID);
 
@@ -1092,8 +1090,8 @@ public class CAAdminServlet extends AdminServlet {
     }
 
     private void listCRLExtsConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
         String id = req.getParameter(Constants.PR_ID);
@@ -1130,12 +1128,12 @@ public class CAAdminServlet extends AdminServlet {
         sendResponse(SUCCESS, null, params, resp);
     }
 
-    /** 
+    /**
      * retrieve extended plugin info such as brief description,
      * type info from CRL extensions
      */
     private void getExtendedPluginInfo(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
         int colon = id.indexOf(':');
@@ -1143,8 +1141,8 @@ public class CAAdminServlet extends AdminServlet {
         String implType = id.substring(0, colon);
         String implName = id.substring(colon + 1);
 
-        NameValuePairs params = 
-            getExtendedPluginInfo(getLocale(req), implType, implName);
+        NameValuePairs params =
+                getExtendedPluginInfo(getLocale(req), implType, implName);
 
         sendResponse(SUCCESS, null, params, resp);
     }
@@ -1191,11 +1189,11 @@ public class CAAdminServlet extends AdminServlet {
     /**
      * Set CRL configuration
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
-     * configuring CRL profile (extensions, frequency, CRL format)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when configuring CRL profile (extensions, frequency, CRL format)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
@@ -1203,7 +1201,7 @@ public class CAAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     private void setCRLConfig(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1215,7 +1213,7 @@ public class CAAdminServlet extends AdminServlet {
             String id = req.getParameter(Constants.RS_ID);
 
             if (id == null || id.length() <= 0 ||
-                id.equals(Constants.RS_ID_CONFIG)) {
+                    id.equals(Constants.RS_ID_CONFIG)) {
                 id = ICertificateAuthority.PROP_MASTER_CRL;
             }
             ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(id);
@@ -1301,7 +1299,7 @@ public class CAAdminServlet extends AdminServlet {
     }
 
     private void getCRLConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -1309,11 +1307,11 @@ public class CAAdminServlet extends AdminServlet {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null || id.length() <= 0 ||
-            id.equals(Constants.RS_ID_CONFIG)) {
+                id.equals(Constants.RS_ID_CONFIG)) {
             id = ICertificateAuthority.PROP_MASTER_CRL;
         }
         IConfigStore crlsSubStore =
-            mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+                mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
         IConfigStore crlSubStore = crlsSubStore.getSubStore(id);
 
         Enumeration e = req.getParameterNames();
@@ -1335,9 +1333,9 @@ public class CAAdminServlet extends AdminServlet {
         getSigningAlgConfig(params);
         sendResponse(SUCCESS, null, params, resp);
     }
-     
+
     private void getConnectorConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore caConfig = mCA.getConfigStore();
         IConfigStore connectorConfig = caConfig.getSubStore("connector");
@@ -1370,14 +1368,14 @@ public class CAAdminServlet extends AdminServlet {
     }
 
     private void setConnectorConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         IConfigStore caConfig = mCA.getConfigStore();
         IConfigStore connectorConfig = caConfig.getSubStore("connector");
         IConfigStore caConnectorConfig = null;
 
-//        String nickname = CMS.getServerCertNickname();
+        //        String nickname = CMS.getServerCertNickname();
 
         if (isKRAConnector(req)) {
             caConnectorConfig = connectorConfig.getSubStore("KRA");
@@ -1397,12 +1395,12 @@ public class CAAdminServlet extends AdminServlet {
                     continue;
                 if (name.equals(Constants.OP_SCOPE))
                     continue;
-/*
-                if (name.equals("nickName")) {
-                    caConnectorConfig.putString(name, nickname);
-                    continue;
-                }
-*/
+                /*
+                                if (name.equals("nickName")) {
+                                    caConnectorConfig.putString(name, nickname);
+                                    continue;
+                                }
+                */
                 if (name.equals("host")) {
                     try {
                         Utils.checkHost(req.getParameter("host"));
@@ -1456,7 +1454,7 @@ public class CAAdminServlet extends AdminServlet {
     }
 
     private void getGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -1476,7 +1474,6 @@ public class CAAdminServlet extends AdminServlet {
          params.add(Constants.PR_EE_ENABLED, value);
          */
 
-
         IConfigStore caConfig = mCA.getConfigStore();
 
         value = caConfig.getString(ICertificateAuthority.PROP_ENABLE_PAST_CATIME, "false");
@@ -1485,18 +1482,18 @@ public class CAAdminServlet extends AdminServlet {
         getSigningAlgConfig(params);
         getSerialConfig(params);
         getMaxSerialConfig(params);
-  
+
         sendResponse(SUCCESS, null, params, resp);
     }
 
     private void getSigningAlgConfig(NameValuePairs params) {
         params.add(Constants.PR_DEFAULT_ALGORITHM,
-            mCA.getDefaultAlgorithm());
+                mCA.getDefaultAlgorithm());
         String[] algorithms = mCA.getCASigningAlgorithms();
         StringBuffer algorStr = new StringBuffer();
 
         for (int i = 0; i < algorithms.length; i++) {
-            if (i == 0) 
+            if (i == 0)
                 algorStr.append(algorithms[i]);
             else {
                 algorStr.append(":");
@@ -1508,16 +1505,16 @@ public class CAAdminServlet extends AdminServlet {
 
     private void getSerialConfig(NameValuePairs params) {
         params.add(Constants.PR_SERIAL,
-            mCA.getStartSerial());
+                mCA.getStartSerial());
     }
 
     private void getMaxSerialConfig(NameValuePairs params) {
         params.add(Constants.PR_MAXSERIAL,
-            mCA.getMaxSerial());
+                mCA.getMaxSerial());
     }
 
     private void setGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         ISubsystem eeGateway = null;
@@ -1573,6 +1570,6 @@ public class CAAdminServlet extends AdminServlet {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, "CAAdminServlet: " + msg);
+                level, "CAAdminServlet: " + msg);
     }
-}    
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
index 3251e46b..30c64220 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileInputStream;
@@ -86,7 +85,7 @@ import com.netscape.symkey.SessionKey;
  * servlet is responsible to serve Certificate Server
  * level administrative operations such as configuration
  * parameter updates.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public final class CMSAdminServlet extends AdminServlet {
@@ -108,13 +107,13 @@ public final class CMSAdminServlet extends AdminServlet {
     private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
     private final static byte EOL[] = { Character.LINE_SEPARATOR };
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION =
-        "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3";
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY =
-        "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3";
     private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC =
-        "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3";
+            "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3";
     private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION =
-        "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2";
+            "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2";
     private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION =
             "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3";
 
@@ -145,13 +144,13 @@ public final class CMSAdminServlet extends AdminServlet {
      * Serves HTTP request.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
         try {
             super.authenticate(req);
         } catch (IOException e) {
             sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
-                null, resp);
+                    null, resp);
             return;
         }
 
@@ -164,8 +163,8 @@ public final class CMSAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 getEnv(req, resp);
@@ -175,8 +174,8 @@ public final class CMSAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_LDAP))
@@ -199,13 +198,13 @@ public final class CMSAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_LDAP))
                     setDBConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_SMTP)) 
+                else if (scope.equals(ScopeDef.SC_SMTP))
                     modifySMTPConfig(req, resp);
                 else if (scope.equals(ScopeDef.SC_TASKS))
                     performTasks(req, resp);
@@ -213,9 +212,9 @@ public final class CMSAdminServlet extends AdminServlet {
                     modifyEncryption(req, resp);
                 else if (scope.equals(ScopeDef.SC_ISSUE_IMPORT_CERT))
                     issueImportCert(req, resp);
-                else if (scope.equals(ScopeDef.SC_INSTALL_CERT)) 
+                else if (scope.equals(ScopeDef.SC_INSTALL_CERT))
                     installCert(req, resp);
-                else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT)) 
+                else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT))
                     importXCert(req, resp);
                 else if (scope.equals(ScopeDef.SC_DELETE_CERTS))
                     deleteCerts(req, resp);
@@ -229,8 +228,8 @@ public final class CMSAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_SUBSYSTEM))
@@ -239,11 +238,11 @@ public final class CMSAdminServlet extends AdminServlet {
                     getCACerts(req, resp);
                 else if (scope.equals(ScopeDef.SC_ALL_CERTLIST))
                     getAllCertsManage(req, resp);
-                else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) 
+                else if (scope.equals(ScopeDef.SC_USERCERTSLIST))
                     getUserCerts(req, resp);
-                else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) 
+                else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
                     getTKSKeys(req, resp);
-                else if (scope.equals(ScopeDef.SC_TOKEN)) 
+                else if (scope.equals(ScopeDef.SC_TOKEN))
                     getAllTokenNames(req, resp);
                 else if (scope.equals(ScopeDef.SC_ROOTCERTSLIST))
                     getRootCerts(req, resp);
@@ -251,21 +250,21 @@ public final class CMSAdminServlet extends AdminServlet {
                 mOp = "delete";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) {
                     deleteRootCert(req, resp);
                 } else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) {
-                    deleteUserCert(req,resp);
+                    deleteUserCert(req, resp);
                 }
             } else if (op.equals(OpDef.OP_PROCESS)) {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_CERT_REQUEST))
@@ -282,14 +281,14 @@ public final class CMSAdminServlet extends AdminServlet {
                     checkTokenStatus(req, resp);
                 else if (scope.equals(ScopeDef.SC_SELFTESTS))
                     runSelfTestsOnDemand(req, resp);
-				else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
+                else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
                     createMasterKey(req, resp);
             } else if (op.equals(OpDef.OP_VALIDATE)) {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_SUBJECT_NAME))
@@ -303,7 +302,7 @@ public final class CMSAdminServlet extends AdminServlet {
             }
         } catch (EBaseException e) {
             sendResponse(ERROR, e.toString(getLocale(req)),
-                null, resp);
+                    null, resp);
             return;
         } catch (Exception e) {
             StringWriter sw = new StringWriter();
@@ -316,7 +315,7 @@ public final class CMSAdminServlet extends AdminServlet {
     }
 
     private void getEnv(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
@@ -324,16 +323,16 @@ public final class CMSAdminServlet extends AdminServlet {
             params.add(Constants.PR_NT, Constants.TRUE);
         else
             params.add(Constants.PR_NT, Constants.FALSE);
-        
+
         sendResponse(SUCCESS, null, params, resp);
     }
 
     private void getAllTokenNames(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         NameValuePairs params = new NameValuePairs();
 
         params.add(Constants.PR_TOKEN_LIST, jssSubSystem.getTokenList());
@@ -342,15 +341,15 @@ public final class CMSAdminServlet extends AdminServlet {
     }
 
     private void getAllNicknames(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
 
         params.add(Constants.PR_ALL_NICKNAMES, jssSubSystem.getAllCerts());
- 
+
         sendResponse(SUCCESS, null, params, resp);
     }
 
@@ -363,16 +362,16 @@ public final class CMSAdminServlet extends AdminServlet {
 
             //get subsystem type
             if ((sys instanceof IKeyRecoveryAuthority) &&
-                subsystem.equals("kra"))
+                    subsystem.equals("kra"))
                 return true;
             else if ((sys instanceof IRegistrationAuthority) &&
-                subsystem.equals("ra"))
+                    subsystem.equals("ra"))
                 return true;
             else if ((sys instanceof ICertificateAuthority) &&
-                subsystem.equals("ca"))
+                    subsystem.equals("ca"))
                 return true;
             else if ((sys instanceof IOCSPAuthority) &&
-                subsystem.equals("ocsp"))
+                    subsystem.equals("ocsp"))
                 return true;
         }
 
@@ -380,7 +379,7 @@ public final class CMSAdminServlet extends AdminServlet {
     }
 
     private void readEncryption(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         Enumeration<ISubsystem> e = CMS.getSubsystems();
@@ -405,17 +404,17 @@ public final class CMSAdminServlet extends AdminServlet {
                 isOCSPInstalled = true;
             else if (sys instanceof ITKSAuthority)
                 isTKSInstalled = true;
-				
-	        }
+
+        }
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         String caTokenName = "";
 
         NameValuePairs params = new NameValuePairs();
 
         params.add(Constants.PR_CIPHER_VERSION,
-            jssSubSystem.getCipherVersion());
+                jssSubSystem.getCipherVersion());
         params.add(Constants.PR_CIPHER_FORTEZZA, jssSubSystem.isCipherFortezza());
         params.add(Constants.PR_CIPHER_PREF, jssSubSystem.getCipherPreferences());
 
@@ -427,7 +426,7 @@ public final class CMSAdminServlet extends AdminServlet {
         while (tokenizer.hasMoreElements()) {
             String tokenName = (String) tokenizer.nextElement();
             String certs = jssSubSystem.getCertListWithoutTokenName(tokenName);
-  
+
             if (certs.equals(""))
                 continue;
             if (tokenNewList.equals(""))
@@ -457,7 +456,7 @@ public final class CMSAdminServlet extends AdminServlet {
 
         if (isRAInstalled) {
             IRegistrationAuthority ra = (IRegistrationAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_RA);
             String raNickname = ra.getNickname();
 
             params.add(Constants.PR_CERT_RA, getCertNickname(raNickname));
@@ -465,17 +464,17 @@ public final class CMSAdminServlet extends AdminServlet {
 
         if (isKRAInstalled) {
             IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
             String kraNickname = kra.getNickname();
 
             params.add(Constants.PR_CERT_TRANS, getCertNickname(kraNickname));
         }
         if (isTKSInstalled) {
             ITKSAuthority tks = (ITKSAuthority)
-				CMS.getSubsystem(CMS.SUBSYSTEM_TKS);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_TKS);
         }
         String nickName = CMS.getServerCertNickname();
-		
+
         params.add(Constants.PR_CERT_SERVER, getCertNickname(nickName));
 
         sendResponse(SUCCESS, null, params, resp);
@@ -517,17 +516,17 @@ public final class CMSAdminServlet extends AdminServlet {
     /**
      * Modify encryption configuration
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when
-     * configuring encryption (cert settings and SSL cipher preferences)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when configuring encryption (cert settings and SSL cipher preferences)
      * </ul>
+     * 
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException failed to modify encryption configuration
      */
     private void modifyEncryption(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -537,10 +536,10 @@ public final class CMSAdminServlet extends AdminServlet {
         // to the signed audit log and stored as failures
         try {
             @SuppressWarnings("unchecked")
-			Enumeration<String> enum1 = req.getParameterNames();
+            Enumeration<String> enum1 = req.getParameterNames();
             NameValuePairs params = new NameValuePairs();
             ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
 
             jssSubSystem.getInternalTokenName();
             Enumeration<ISubsystem> e = CMS.getSubsystems();
@@ -563,14 +562,14 @@ public final class CMSAdminServlet extends AdminServlet {
                     isCAInstalled = true;
                 else if (sys instanceof IOCSPAuthority)
                     isOCSPInstalled = true;
-               else if (sys instanceof ITKSAuthority)
+                else if (sys instanceof ITKSAuthority)
                     isTKSInstalled = true;
             }
 
-            ICertificateAuthority  ca = null;
+            ICertificateAuthority ca = null;
             IRegistrationAuthority ra = null;
             IKeyRecoveryAuthority kra = null;
-            ITKSAuthority		  tks = null;
+            ITKSAuthority tks = null;
 
             if (isCAInstalled)
                 ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
@@ -693,19 +692,19 @@ public final class CMSAdminServlet extends AdminServlet {
 
             // rethrow the specific exception to be handled later
             throw eAudit2;
-    // } catch( ServletException eAudit3 ) {
-    //     // store a message in the signed audit log file
-    //     auditMessage = CMS.getLogMessage(
-    //                        LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
-    //                        auditSubjectID,
-    //                        ILogger.FAILURE,
-    //                        auditParams( req ) );
-    //
-    //     audit( auditMessage );
-    //
-    //     // rethrow the specific exception to be handled later
-    //     throw eAudit3;
-       }
+            // } catch( ServletException eAudit3 ) {
+            //     // store a message in the signed audit log file
+            //     auditMessage = CMS.getLogMessage(
+            //                        LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
+            //                        auditSubjectID,
+            //                        ILogger.FAILURE,
+            //                        auditParams( req ) );
+            //
+            //     audit( auditMessage );
+            //
+            //     // rethrow the specific exception to be handled later
+            //     throw eAudit3;
+        }
     }
 
     private String getCertConfigNickname(String val) throws EBaseException {
@@ -767,7 +766,7 @@ public final class CMSAdminServlet extends AdminServlet {
      * Performs Server Tasks: RESTART/STOP operation
      */
     private void performTasks(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String restart = req.getParameter(Constants.PR_SERVER_RESTART);
         String stop = req.getParameter(Constants.PR_SERVER_STOP);
@@ -795,7 +794,7 @@ public final class CMSAdminServlet extends AdminServlet {
      * Reads subsystems that server has loaded with.
      */
     private void readSubsystem(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration<ISubsystem> e = CMS.getSubsystems();
@@ -814,7 +813,7 @@ public final class CMSAdminServlet extends AdminServlet {
                 type = Constants.PR_CA_INSTANCE;
             if (sys instanceof IOCSPAuthority)
                 type = Constants.PR_OCSP_INSTANCE;
-			if (sys instanceof ITKSAuthority)
+            if (sys instanceof ITKSAuthority)
                 type = Constants.PR_TKS_INSTANCE;
             if (!type.trim().equals(""))
                 params.add(sys.getId(), type);
@@ -827,7 +826,7 @@ public final class CMSAdminServlet extends AdminServlet {
      * Reads server statistics.
      */
     private void readStat(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         IConfigStore cs = CMS.getConfigStore();
@@ -850,9 +849,9 @@ public final class CMSAdminServlet extends AdminServlet {
         }
 
         params.add(Constants.PR_STAT_STARTUP,
-            (new Date(CMS.getStartupTime())).toString());
+                (new Date(CMS.getStartupTime())).toString());
         params.add(Constants.PR_STAT_TIME,
-            (new Date(System.currentTimeMillis())).toString());
+                (new Date(System.currentTimeMillis())).toString());
         sendResponse(SUCCESS, null, params, resp);
     }
 
@@ -860,12 +859,12 @@ public final class CMSAdminServlet extends AdminServlet {
      * Modifies database information.
      */
     private void setDBConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         IConfigStore dbConfig = mConfig.getSubStore(PROP_INTERNAL_DB);
         @SuppressWarnings("unchecked")
-		Enumeration<String> enum1 = req.getParameterNames();
+        Enumeration<String> enum1 = req.getParameterNames();
 
         while (enum1.hasMoreElements()) {
             String key = (String) enum1.nextElement();
@@ -876,117 +875,111 @@ public final class CMSAdminServlet extends AdminServlet {
                 continue;
             if (key.equals(Constants.OP_SCOPE))
                 continue;
-            
-            dbConfig.putString(key, req.getParameter(key)); 
+
+            dbConfig.putString(key, req.getParameter(key));
         }
 
         sendResponse(RESTART, null, null, resp);
         mConfig.commit(true);
     }
-	 /**
+
+    /**
      * Create Master Key
      */
-private void 	createMasterKey(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+    private void createMasterKey(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
         @SuppressWarnings("unchecked")
-		Enumeration<String> e = req.getParameterNames();
-		String newKeyName = null, selectedToken = null;
+        Enumeration<String> e = req.getParameterNames();
+        String newKeyName = null, selectedToken = null;
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
 
-            if (name.equals(Constants.PR_KEY_LIST))
-            {
-				newKeyName = req.getParameter(name);
-			}
-            if (name.equals(Constants.PR_TOKEN_LIST))
-            {
-				selectedToken = req.getParameter(name);
-			}
-
+            if (name.equals(Constants.PR_KEY_LIST)) {
+                newKeyName = req.getParameter(name);
+            }
+            if (name.equals(Constants.PR_TOKEN_LIST)) {
+                selectedToken = req.getParameter(name);
+            }
 
         }
-		if(selectedToken!=null && newKeyName!=null)
-		{
-		String symKeys = SessionKey.GenMasterKey(selectedToken,newKeyName);
-		CMS.getConfigStore().putString("tks.defaultSlot", selectedToken);
-		String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
-
-		SessionKey.SetDefaultPrefix(masterKeyPrefix);
-		params.add(Constants.PR_KEY_LIST, newKeyName);
- 		params.add(Constants.PR_TOKEN_LIST, selectedToken);
-		}
-		sendResponse(SUCCESS, null, params, resp);
-}
+        if (selectedToken != null && newKeyName != null) {
+            String symKeys = SessionKey.GenMasterKey(selectedToken, newKeyName);
+            CMS.getConfigStore().putString("tks.defaultSlot", selectedToken);
+            String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
+
+            SessionKey.SetDefaultPrefix(masterKeyPrefix);
+            params.add(Constants.PR_KEY_LIST, newKeyName);
+            params.add(Constants.PR_TOKEN_LIST, selectedToken);
+        }
+        sendResponse(SUCCESS, null, params, resp);
+    }
 
-   /**
+    /**
      * Reads secmod.db
      */
     private void getTKSKeys(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
         @SuppressWarnings("unchecked")
-		Enumeration<String> e = req.getParameterNames();
+        Enumeration<String> e = req.getParameterNames();
 
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
 
-            if (name.equals(Constants.PR_TOKEN_LIST))
-            {
-				String selectedToken = req.getParameter(name);
-
-				int         count      = 0;
-				int         keys_found = 0;
-
-				ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-				
-				CryptoToken token = null;
-				CryptoManager mCryptoManager = null;
-				try {
-					mCryptoManager = CryptoManager.getInstance();
-				} catch (Exception e2) {
-				}
-
-				if(!jssSubSystem.isTokenLoggedIn(selectedToken))
-				{
-					PasswordCallback cpcb = new ConsolePasswordCallback();
-					while (true) {
+            if (name.equals(Constants.PR_TOKEN_LIST)) {
+                String selectedToken = req.getParameter(name);
+
+                int count = 0;
+                int keys_found = 0;
+
+                ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+
+                CryptoToken token = null;
+                CryptoManager mCryptoManager = null;
+                try {
+                    mCryptoManager = CryptoManager.getInstance();
+                } catch (Exception e2) {
+                }
+
+                if (!jssSubSystem.isTokenLoggedIn(selectedToken)) {
+                    PasswordCallback cpcb = new ConsolePasswordCallback();
+                    while (true) {
                         try {
- 							token = mCryptoManager.getTokenByName(selectedToken);
-				            token.login(cpcb);
+                            token = mCryptoManager.getTokenByName(selectedToken);
+                            token.login(cpcb);
                             break;
                         } catch (Exception e3) {
                             //log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD"));
                             continue;
                         }
-						}
-				}
-				// String symKeys = new String("key1,key2"); 
-				String symKeys = SessionKey.ListSymmetricKeys(selectedToken);
-				params.add(Constants.PR_TOKEN_LIST, symKeys);
+                    }
+                }
+                // String symKeys = new String("key1,key2"); 
+                String symKeys = SessionKey.ListSymmetricKeys(selectedToken);
+                params.add(Constants.PR_TOKEN_LIST, symKeys);
 
-			}
+            }
         }
         sendResponse(SUCCESS, null, params, resp);
     }
-	
-		
+
     /**
      * Reads database information.
      */
     private void getDBConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore dbConfig = mConfig.getSubStore(PROP_DB);
         IConfigStore ldapConfig = dbConfig.getSubStore("ldap");
         NameValuePairs params = new NameValuePairs();
         @SuppressWarnings("unchecked")
-		Enumeration<String> e = req.getParameterNames();
-       
+        Enumeration<String> e = req.getParameterNames();
+
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
 
@@ -998,7 +991,7 @@ private void 	createMasterKey(HttpServletRequest req,
                 continue;
             if (name.equals(Constants.PR_SECURE_PORT_ENABLED))
                 params.add(name, ldapConfig.getString(name, "Constants.FALSE"));
-            else 
+            else
                 params.add(name, ldapConfig.getString(name, ""));
         }
         sendResponse(SUCCESS, null, params, resp);
@@ -1008,7 +1001,7 @@ private void 	createMasterKey(HttpServletRequest req,
      * Modifies SMTP configuration.
      */
     private void modifySMTPConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         // XXX
         IConfigStore sConfig = mConfig.getSubStore(PROP_SMTP);
@@ -1022,7 +1015,7 @@ private void 	createMasterKey(HttpServletRequest req,
 
         if (port != null)
             sConfig.putString("port", port);
-			
+
         commit(true);
 
         sendResponse(SUCCESS, null, null, resp);
@@ -1032,23 +1025,23 @@ private void 	createMasterKey(HttpServletRequest req,
      * Reads SMTP configuration.
      */
     private void readSMTPConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore dbConfig = mConfig.getSubStore(PROP_SMTP);
         NameValuePairs params = new NameValuePairs();
 
         params.add(Constants.PR_SERVER_NAME,
-            dbConfig.getString("host"));
+                dbConfig.getString("host"));
         params.add(Constants.PR_PORT,
-            dbConfig.getString("port"));
+                dbConfig.getString("port"));
         sendResponse(SUCCESS, null, params, resp);
     }
 
     private void loggedInToken(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         @SuppressWarnings("unchecked")
-		Enumeration<String> enum1 = req.getParameterNames();
+        Enumeration<String> enum1 = req.getParameterNames();
         String tokenName = "";
         String pwd = "";
 
@@ -1064,7 +1057,7 @@ private void 	createMasterKey(HttpServletRequest req,
         }
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
 
         jssSubSystem.loggedInToken(tokenName, pwd);
 
@@ -1074,10 +1067,10 @@ private void 	createMasterKey(HttpServletRequest req,
     }
 
     private void checkTokenStatus(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         @SuppressWarnings("unchecked")
-		Enumeration<String> enum1 = req.getParameterNames();
+        Enumeration<String> enum1 = req.getParameterNames();
         String key = "";
         String value = "";
 
@@ -1090,7 +1083,7 @@ private void 	createMasterKey(HttpServletRequest req,
         }
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         boolean status = jssSubSystem.isTokenLoggedIn(value);
 
         NameValuePairs params = new NameValuePairs();
@@ -1103,17 +1096,17 @@ private void 	createMasterKey(HttpServletRequest req,
     /**
      * Retrieve a certificate request
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC used when
-     * asymmetric keys are generated
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC used when asymmetric keys are generated
      * </ul>
+     * 
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException failed to retrieve certificate request
      */
     private void getCertRequest(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -1124,7 +1117,7 @@ private void 	createMasterKey(HttpServletRequest req,
         try {
             NameValuePairs params = new NameValuePairs();
             @SuppressWarnings("unchecked")
-			Enumeration<String> enum1 = req.getParameterNames();
+            Enumeration<String> enum1 = req.getParameterNames();
             String tokenName = Constants.PR_INTERNAL_TOKEN_NAME;
             String keyType = "";
             int keyLength = 512;
@@ -1164,10 +1157,10 @@ private void 	createMasterKey(HttpServletRequest req,
             }
 
             pathname = mConfig.getString("instanceRoot", "")
-              + File.separator + "conf" + File.separator;
+                    + File.separator + "conf" + File.separator;
             dir = pathname;
             ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
 
             KeyPair keypair = null;
             PQGParams pqgParams = null;
@@ -1210,7 +1203,7 @@ private void 	createMasterKey(HttpServletRequest req,
                     keypair = jssSubSystem.getECCKeyPair(tokenName, keyCurveName, certType);
                 } else { //DSA or RSA
                     if (keyType.equals("DSA"))
-                        pqgParams = jssSubSystem.getPQG(keyLength); 
+                        pqgParams = jssSubSystem.getPQG(keyLength);
                     keypair = jssSubSystem.getKeyPair(tokenName, keyType, keyLength, pqgParams);
                 }
             }
@@ -1289,25 +1282,25 @@ private void 	createMasterKey(HttpServletRequest req,
 
             // rethrow the specific exception to be handled later
             throw eAudit2;
-    // } catch( ServletException eAudit3 ) {
-    //     // store a message in the signed audit log file
-    //     auditMessage = CMS.getLogMessage(
-    //                        LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
-    //                        auditSubjectID,
-    //                        ILogger.FAILURE,
-    //                        auditPublicKey );
-    //
-    //     audit( auditMessage );
-    //
-    //     // rethrow the specific exception to be handled later
-    //     throw eAudit3;
-       }
-    }
-
-    private void setCANewnickname(String tokenName, String nickname) 
-        throws EBaseException {
+            // } catch( ServletException eAudit3 ) {
+            //     // store a message in the signed audit log file
+            //     auditMessage = CMS.getLogMessage(
+            //                        LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
+            //                        auditSubjectID,
+            //                        ILogger.FAILURE,
+            //                        auditPublicKey );
+            //
+            //     audit( auditMessage );
+            //
+            //     // rethrow the specific exception to be handled later
+            //     throw eAudit3;
+        }
+    }
+
+    private void setCANewnickname(String tokenName, String nickname)
+            throws EBaseException {
         ICertificateAuthority ca = (ICertificateAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
         ISigningUnit signingUnit = ca.getSigningUnit();
 
         if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
@@ -1322,16 +1315,16 @@ private void 	createMasterKey(HttpServletRequest req,
 
     private String getCANewnickname() throws EBaseException {
         ICertificateAuthority ca = (ICertificateAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
         ISigningUnit signingUnit = ca.getSigningUnit();
 
-        return signingUnit.getNewNickName(); 
+        return signingUnit.getNewNickName();
     }
 
     private void setRANewnickname(String tokenName, String nickname)
-        throws EBaseException {
+            throws EBaseException {
         IRegistrationAuthority ra = (IRegistrationAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_RA);
 
         if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
             ra.setNewNickName(nickname);
@@ -1345,13 +1338,13 @@ private void 	createMasterKey(HttpServletRequest req,
 
     private String getRANewnickname() throws EBaseException {
         IRegistrationAuthority ra = (IRegistrationAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_RA);
 
         return ra.getNewNickName();
     }
 
     private void setOCSPNewnickname(String tokenName, String nickname)
-        throws EBaseException {
+            throws EBaseException {
         IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
 
         if (ocsp != null) {
@@ -1367,7 +1360,7 @@ private void 	createMasterKey(HttpServletRequest req,
             }
         } else {
             ICertificateAuthority ca = (ICertificateAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CA);
             ISigningUnit signingUnit = ca.getOCSPSigningUnit();
 
             if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
@@ -1387,20 +1380,20 @@ private void 	createMasterKey(HttpServletRequest req,
         if (ocsp != null) {
             ISigningUnit signingUnit = ocsp.getSigningUnit();
 
-            return signingUnit.getNewNickName(); 
+            return signingUnit.getNewNickName();
         } else {
             ICertificateAuthority ca = (ICertificateAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CA);
             ISigningUnit signingUnit = ca.getOCSPSigningUnit();
 
-            return signingUnit.getNewNickName(); 
+            return signingUnit.getNewNickName();
         }
     }
 
-    private void setKRANewnickname(String tokenName, String nickname) 
-        throws EBaseException {
+    private void setKRANewnickname(String tokenName, String nickname)
+            throws EBaseException {
         IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
 
         if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
             kra.setNewNickName(nickname);
@@ -1418,8 +1411,8 @@ private void 	createMasterKey(HttpServletRequest req,
         return kra.getNewNickName();
     }
 
-    private void setRADMNewnickname(String tokenName, String nickName) 
-        throws EBaseException {
+    private void setRADMNewnickname(String tokenName, String nickName)
+            throws EBaseException {
         CMS.setServerCertNickname(tokenName, nickName);
 
         /*
@@ -1436,8 +1429,8 @@ private void 	createMasterKey(HttpServletRequest req,
          */
     }
 
-    private String getRADMNewnickname() 
-        throws EBaseException {
+    private String getRADMNewnickname()
+            throws EBaseException {
         // assuming the nickname does not change.
         return CMS.getServerCertNickname();
 
@@ -1449,7 +1442,7 @@ private void 	createMasterKey(HttpServletRequest req,
     }
 
     private void setAgentNewnickname(String tokenName, String nickName)
-        throws EBaseException {
+            throws EBaseException {
         CMS.setServerCertNickname(tokenName, nickName);
 
         /*
@@ -1466,8 +1459,8 @@ private void 	createMasterKey(HttpServletRequest req,
          */
     }
 
-    private String getAgentNewnickname() 
-        throws EBaseException {
+    private String getAgentNewnickname()
+            throws EBaseException {
         // assuming the nickname does not change.
         return CMS.getServerCertNickname();
 
@@ -1481,18 +1474,17 @@ private void 	createMasterKey(HttpServletRequest req,
     /**
      * Issue import certificate
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
-     * "Certificate Setup Wizard" is used to import CA certs into the 
-     * certificate database
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to import CA certs into the certificate database
      * </ul>
+     * 
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException failed to issue an import certificate
      */
     private void issueImportCert(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -1501,7 +1493,7 @@ private void 	createMasterKey(HttpServletRequest req,
         // to the signed audit log and stored as failures
         try {
             @SuppressWarnings("unchecked")
-			Enumeration<String> enum1 = req.getParameterNames();
+            Enumeration<String> enum1 = req.getParameterNames();
             String pkcs = "";
             String type = "";
             String tokenName = Constants.PR_INTERNAL_TOKEN_NAME;
@@ -1518,7 +1510,7 @@ private void 	createMasterKey(HttpServletRequest req,
                 String key = (String) enum1.nextElement();
                 String value = req.getParameter(key);
 
-                if (key.equals("pathname")) { 
+                if (key.equals("pathname")) {
                     configPath = mConfig.getString("instanceRoot", "")
                                + File.separator + "conf" + File.separator;
                     pathname = configPath + value;
@@ -1532,13 +1524,13 @@ private void 	createMasterKey(HttpServletRequest req,
             String certType = (String) properties.get(Constants.RS_ID);
 
             ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
             IDBSubsystem dbs = (IDBSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_DBS);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_DBS);
             ICertificateAuthority ca = (ICertificateAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CA);
             ICertificateRepository repository =
-                (ICertificateRepository) ca.getCertificateRepository();
+                    (ICertificateRepository) ca.getCertificateRepository();
             ISigningUnit signingUnit = ca.getSigningUnit();
             String oldtokenname = null;
             //this is the old nick name
@@ -1566,8 +1558,7 @@ private void 	createMasterKey(HttpServletRequest req,
 
                 audit(auditMessage);
 
-                throw new
-                    EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+                throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
             }
 
             if (newtokenname == null)
@@ -1587,13 +1578,12 @@ private void 	createMasterKey(HttpServletRequest req,
 
                 audit(auditMessage);
 
-                throw new
-                    EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+                throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
             }
 
             //xxx renew ca ,use old issuer?
             properties.setIssuerName(
-                jssSubSystem.getCertSubjectName(oldcatokenname,
+                    jssSubSystem.getCertSubjectName(oldcatokenname,
                                                 canicknameWithoutTokenName));
 
             KeyPair pair = null;
@@ -1608,8 +1598,7 @@ private void 	createMasterKey(HttpServletRequest req,
 
                 audit(auditMessage);
 
-                throw new
-                    EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+                throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
             }
 
             //xxx set to old nickname?
@@ -1633,12 +1622,12 @@ private void 	createMasterKey(HttpServletRequest req,
                     defaultOCSPSigningAlg = properties.getHashType();
                 }
             }
-    
+
             // create a new CA certificate or ssl server cert
             if (properties.getKeyCurveName() != null) { //new ECC
                 CMS.debug("CMSAdminServlet: issueImportCert: generating ECC keys");
                 pair = jssSubSystem.getECCKeyPair(properties);
-                if (certType.equals(Constants.PR_CA_SIGNING_CERT)) 
+                if (certType.equals(Constants.PR_CA_SIGNING_CERT))
                     caKeyPair = pair;
             } else if (properties.getKeyLength() != null) { //new RSA or DSA
                 keyType = properties.getKeyType();
@@ -1651,7 +1640,7 @@ private void 	createMasterKey(HttpServletRequest req,
                     //properties.put(Constants.PR_PQGPARAMS, pqgParams);
                 }
                 pair = jssSubSystem.getKeyPair(properties);
-                if (certType.equals(Constants.PR_CA_SIGNING_CERT)) 
+                if (certType.equals(Constants.PR_CA_SIGNING_CERT))
                     caKeyPair = pair;
                 // renew the CA certificate or ssl server cert
             } else {
@@ -1684,7 +1673,7 @@ private void 	createMasterKey(HttpServletRequest req,
                 properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig));
             }
 
-            if (pair == null) 
+            if (pair == null)
                 CMS.debug("CMSAdminServlet: issueImportCert: key pair is null");
 
             BigInteger nextSerialNo = repository.getNextSerialNumber();
@@ -1695,12 +1684,12 @@ private void 	createMasterKey(HttpServletRequest req,
             //        properties.put(Constants.PR_CA_KEYPAIR, pair);
             properties.put(Constants.PR_CA_KEYPAIR, caKeyPair);
 
-            X509CertImpl signedCert = 
-                jssSubSystem.getSignedCert(properties, certType,
+            X509CertImpl signedCert =
+                    jssSubSystem.getSignedCert(properties, certType,
                                            caKeyPair.getPrivate());
 
-            if (signedCert == null) 
-                CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null"); 
+            if (signedCert == null)
+                CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null");
 
             /* bug 600124
              try {
@@ -1721,7 +1710,7 @@ private void 	createMasterKey(HttpServletRequest req,
                                         certType);
             } catch (EBaseException e) {
                 // if it fails, let use a different nickname to try
-                Date now = new Date();	
+                Date now = new Date();
                 String newNickname = nicknameWithoutTokenName
                                    + "-" + now.getTime();
 
@@ -1746,20 +1735,20 @@ private void 	createMasterKey(HttpServletRequest req,
             if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
                 try {
                     X509CertInfo certInfo = (X509CertInfo) signedCert.get(
-                        X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                            X509CertImpl.NAME + "." + X509CertImpl.INFO);
                     CertificateExtensions extensions = (CertificateExtensions)
-                        certInfo.get(X509CertInfo.EXTENSIONS);
+                            certInfo.get(X509CertInfo.EXTENSIONS);
 
                     if (extensions != null) {
                         BasicConstraintsExtension basic =
-                            (BasicConstraintsExtension)
-                            extensions.get(BasicConstraintsExtension.class.getSimpleName());
+                                (BasicConstraintsExtension)
+                                extensions.get(BasicConstraintsExtension.class.getSimpleName());
 
                         if (basic == null)
                             log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL"));
                         else {
                             Integer pathlen = (Integer)
-                                basic.get(BasicConstraintsExtension.PATH_LEN);
+                                    basic.get(BasicConstraintsExtension.PATH_LEN);
                             int num = pathlen.intValue();
 
                             if (num == 0)
@@ -1776,7 +1765,7 @@ private void 	createMasterKey(HttpServletRequest req,
                 }
             }
 
-		    CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname
+            CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname
                     + " newtoken:" + newtokenname + " nickname:" + nickname);
             if ((newtokenname != null &&
                     !newtokenname.equals(oldtokenname)) || nicknameChanged) {
@@ -1786,10 +1775,10 @@ private void 	createMasterKey(HttpServletRequest req,
                                                  newtokenname);
                     } else {
                         signingUnit.updateConfig(newtokenname + ":" +
-                                                 nicknameWithoutTokenName, 
+                                                 nicknameWithoutTokenName,
                                                  newtokenname);
                     }
-                } else  if (certType.equals(Constants.PR_SERVER_CERT)) {
+                } else if (certType.equals(Constants.PR_SERVER_CERT)) {
                     if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
                         nickname = nicknameWithoutTokenName;
                     } else {
@@ -1802,8 +1791,8 @@ private void 	createMasterKey(HttpServletRequest req,
                     modifyAgentGatewayCert(nickname);
                     if (isSubsystemInstalled("ra")) {
                         IRegistrationAuthority ra =
-                            (IRegistrationAuthority)
-                            CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+                                (IRegistrationAuthority)
+                                CMS.getSubsystem(CMS.SUBSYSTEM_RA);
 
                         modifyEEGatewayCert(ra, nickname);
                     }
@@ -1820,23 +1809,23 @@ private void 	createMasterKey(HttpServletRequest req,
 
                     modifyRADMCert(nickname);
                 } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
-                    if (ca != null) { 
+                    if (ca != null) {
                         ISigningUnit ocspSigningUnit = ca.getOCSPSigningUnit();
 
                         if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
                             ocspSigningUnit.updateConfig(
-                                nicknameWithoutTokenName, newtokenname);
+                                    nicknameWithoutTokenName, newtokenname);
                         } else {
                             ocspSigningUnit.updateConfig(newtokenname + ":" +
-                                nicknameWithoutTokenName, 
-                                newtokenname);
+                                    nicknameWithoutTokenName,
+                                    newtokenname);
                         }
                     }
                 }
             }
-  
+
             // set signing algorithms if needed
-            if (certType.equals(Constants.PR_CA_SIGNING_CERT)) 
+            if (certType.equals(Constants.PR_CA_SIGNING_CERT))
                 signingUnit.setDefaultAlgorithm(defaultSigningAlg);
 
             if (defaultOCSPSigningAlg != null) {
@@ -1884,46 +1873,45 @@ private void 	createMasterKey(HttpServletRequest req,
 
             // rethrow the specific exception to be handled later
             throw eAudit2;
-    // } catch( ServletException eAudit3 ) {
-    //     // store a message in the signed audit log file
-    //     auditMessage = CMS.getLogMessage(
-    //                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-    //                        auditSubjectID,
-    //                        ILogger.FAILURE,
-    //                        auditParams( req ) );
-    //
-    //     audit( auditMessage );
-    //
-    //     // rethrow the specific exception to be handled later
-    //     throw eAudit3;
-       }
-    }
-
-    private void updateCASignature(String nickname, KeyCertData properties, 
-        ICryptoSubsystem jssSubSystem) throws EBaseException {
+            // } catch( ServletException eAudit3 ) {
+            //     // store a message in the signed audit log file
+            //     auditMessage = CMS.getLogMessage(
+            //                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+            //                        auditSubjectID,
+            //                        ILogger.FAILURE,
+            //                        auditParams( req ) );
+            //
+            //     audit( auditMessage );
+            //
+            //     // rethrow the specific exception to be handled later
+            //     throw eAudit3;
+        }
+    }
+
+    private void updateCASignature(String nickname, KeyCertData properties,
+            ICryptoSubsystem jssSubSystem) throws EBaseException {
         String alg = jssSubSystem.getSignatureAlgorithm(nickname);
         SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg);
 
         properties.setSignatureAlgorithm(sigAlg);
         properties.setAlgorithmId(
-            jssSubSystem.getAlgorithmId(alg, mConfig));
+                jssSubSystem.getAlgorithmId(alg, mConfig));
     }
 
     /**
      * Install certificates
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
-     * "Certificate Setup Wizard" is used to import CA certs into the 
-     * certificate database
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to import CA certs into the certificate database
      * </ul>
+     * 
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException failed to install a certificate
      */
     private void installCert(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -1940,37 +1928,37 @@ private void 	createMasterKey(HttpServletRequest req,
             String serverID = "";
             String certpath = "";
             @SuppressWarnings("unchecked")
-			Enumeration<String> enum1 = req.getParameterNames();
+            Enumeration<String> enum1 = req.getParameterNames();
 
             while (enum1.hasMoreElements()) {
                 String key = (String) enum1.nextElement();
                 String value = req.getParameter(key);
 
-                if (key.equals(Constants.PR_PKCS10)) 
+                if (key.equals(Constants.PR_PKCS10))
                     pkcs = value;
                 else if (key.equals(Constants.RS_ID))
                     certType = value;
                 else if (key.equals(Constants.PR_NICKNAME))
                     nickname = value;
-                else if (key.equals("pathname")) 
+                else if (key.equals("pathname"))
                     pathname = value;
                 else if (key.equals(Constants.PR_SERVER_ROOT))
                     serverRoot = value;
-                else if (key.equals(Constants.PR_SERVER_ID)) 
+                else if (key.equals(Constants.PR_SERVER_ID))
                     serverID = value;
-                else if (key.equals(Constants.PR_CERT_FILEPATH)) 
+                else if (key.equals(Constants.PR_CERT_FILEPATH))
                     certpath = value;
             }
- 
+
             try {
                 if (pkcs == null || pkcs.equals("")) {
                     if (certpath == null || certpath.equals("")) {
                         // store a message in the signed audit log file
                         auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
+                                LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+                                auditSubjectID,
+                                ILogger.FAILURE,
+                                auditParams(req));
 
                         audit(auditMessage);
 
@@ -1981,7 +1969,7 @@ private void 	createMasterKey(HttpServletRequest req,
                     } else {
                         FileInputStream in = new FileInputStream(certpath);
                         BufferedReader d =
-                            new BufferedReader(new InputStreamReader(in));
+                                new BufferedReader(new InputStreamReader(in));
                         String content = "";
 
                         pkcs = "";
@@ -2009,7 +1997,7 @@ private void 	createMasterKey(HttpServletRequest req,
                 audit(auditMessage);
 
                 throw new EBaseException(
-                    CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
+                        CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
             }
 
             pkcs = pkcs.trim();
@@ -2017,7 +2005,7 @@ private void 	createMasterKey(HttpServletRequest req,
                      + File.separator + "config" + File.separator + pathname;
 
             ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
             //String nickname = getNickname(certType);
             String nicknameWithoutTokenName = "";
 
@@ -2039,7 +2027,7 @@ private void 	createMasterKey(HttpServletRequest req,
                 audit(auditMessage);
 
                 throw new EBaseException(
-                    CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+                        CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
             }
 
             /*
@@ -2094,17 +2082,17 @@ private void 	createMasterKey(HttpServletRequest req,
             //		nickname).
             //
 
-            CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: "+ nicknameWithoutTokenName);
+            CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: " + nicknameWithoutTokenName);
             try {
-                jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, 
-                    certType);
+                jssSubSystem.importCert(pkcs, nicknameWithoutTokenName,
+                        certType);
             } catch (EBaseException e) {
 
                 boolean certFound = false;
 
                 String eString = e.toString();
-                if(eString.contains("Failed to find certificate that was just imported")) {
-                    CMS.debug("CMSAdminServlet.installCert(): nickname="+nicknameWithoutTokenName + " TokenException: " + eString);
+                if (eString.contains("Failed to find certificate that was just imported")) {
+                    CMS.debug("CMSAdminServlet.installCert(): nickname=" + nicknameWithoutTokenName + " TokenException: " + eString);
 
                     X509Certificate cert = null;
                     try {
@@ -2116,11 +2104,11 @@ private void 	createMasterKey(HttpServletRequest req,
                     } catch (Exception ex) {
                         CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: " + ex.toString());
                     }
-                } 
+                }
 
                 if (!certFound) {
                     // if it fails, let use a different nickname to try
-                    Date now = new Date();	
+                    Date now = new Date();
                     String newNickname = nicknameWithoutTokenName + "-" +
                                      now.getTime();
 
@@ -2131,16 +2119,16 @@ private void 	createMasterKey(HttpServletRequest req,
                     } else {
                         nickname = tokenName + ":" + newNickname;
                     }
-                    CMS.debug("CMSAdminServlet: installCert():  After second install attempt following initial error: nickname="+nickname);
-               }
+                    CMS.debug("CMSAdminServlet: installCert():  After second install attempt following initial error: nickname=" + nickname);
+                }
             }
 
             if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
                 ICertificateAuthority ca =
-                    (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                        (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
                 ISigningUnit signingUnit = ca.getSigningUnit();
                 String signatureAlg =
-                    jssSubSystem.getSignatureAlgorithm(nickname);
+                        jssSubSystem.getSignatureAlgorithm(nickname);
 
                 signingUnit.setDefaultAlgorithm(signatureAlg);
                 setCANewnickname("", "");
@@ -2149,26 +2137,26 @@ private void 	createMasterKey(HttpServletRequest req,
 
                     if (nickname.equals(nicknameWithoutTokenName)) {
                         signingUnit.updateConfig(nickname,
-                            Constants.PR_INTERNAL_TOKEN_NAME);
+                                Constants.PR_INTERNAL_TOKEN_NAME);
                         extensions = jssSubSystem.getExtensions(
-                            Constants.PR_INTERNAL_TOKEN_NAME, nickname);
+                                Constants.PR_INTERNAL_TOKEN_NAME, nickname);
                     } else {
                         String tokenname1 = nickname.substring(0, index);
 
                         signingUnit.updateConfig(nickname, tokenname1);
                         extensions = jssSubSystem.getExtensions(tokenname1,
-                            nicknameWithoutTokenName);
+                                nicknameWithoutTokenName);
                     }
                     if (extensions != null) {
                         BasicConstraintsExtension basic =
-                            (BasicConstraintsExtension)
-                            extensions.get(BasicConstraintsExtension.class.getSimpleName());
+                                (BasicConstraintsExtension)
+                                extensions.get(BasicConstraintsExtension.class.getSimpleName());
 
                         if (basic == null)
                             log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL"));
                         else {
                             Integer pathlen = (Integer)
-                                basic.get(BasicConstraintsExtension.PATH_LEN);
+                                    basic.get(BasicConstraintsExtension.PATH_LEN);
                             int num = pathlen.intValue();
 
                             if (num == 0)
@@ -2187,34 +2175,34 @@ private void 	createMasterKey(HttpServletRequest req,
             } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) {
                 setRANewnickname("", "");
                 IRegistrationAuthority ra =
-                    (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+                        (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
 
                 ra.setNickname(nickname);
             } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
                 setOCSPNewnickname("", "");
                 IOCSPAuthority ocsp =
-                    (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
+                        (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
 
                 if (ocsp != null) {
                     ISigningUnit signingUnit = ocsp.getSigningUnit();
 
                     if (nickname.equals(nicknameWithoutTokenName)) {
                         signingUnit.updateConfig(nickname,
-                            Constants.PR_INTERNAL_TOKEN_NAME);
+                                Constants.PR_INTERNAL_TOKEN_NAME);
                     } else {
                         String tokenname1 = nickname.substring(0, index);
 
                         signingUnit.updateConfig(nickname, tokenname1);
                     }
-                } else { 
+                } else {
                     ICertificateAuthority ca =
-                        (ICertificateAuthority)
-                        CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                            (ICertificateAuthority)
+                            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
                     ISigningUnit signingUnit = ca.getOCSPSigningUnit();
 
                     if (nickname.equals(nicknameWithoutTokenName)) {
                         signingUnit.updateConfig(nickname,
-                            Constants.PR_INTERNAL_TOKEN_NAME);
+                                Constants.PR_INTERNAL_TOKEN_NAME);
                     } else {
                         String tokenname1 = nickname.substring(0, index);
 
@@ -2224,7 +2212,7 @@ private void 	createMasterKey(HttpServletRequest req,
             } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) {
                 setKRANewnickname("", "");
                 IKeyRecoveryAuthority kra =
-                    (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+                        (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
 
                 kra.setNickname(nickname);
             } else if (certType.equals(Constants.PR_SERVER_CERT)) {
@@ -2233,15 +2221,15 @@ private void 	createMasterKey(HttpServletRequest req,
                 modifyAgentGatewayCert(nickname);
                 if (isSubsystemInstalled("ra")) {
                     IRegistrationAuthority ra =
-                        (IRegistrationAuthority)
-                        CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+                            (IRegistrationAuthority)
+                            CMS.getSubsystem(CMS.SUBSYSTEM_RA);
 
                     modifyEEGatewayCert(ra, nickname);
                 }
                 if (isSubsystemInstalled("ca")) {
                     ICertificateAuthority ca =
-                        (ICertificateAuthority)
-                        CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                            (ICertificateAuthority)
+                            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
 
                     modifyCAGatewayCert(ca, nickname);
                 }
@@ -2252,7 +2240,7 @@ private void 	createMasterKey(HttpServletRequest req,
 
             boolean verified = CMS.verifySystemCertByNickname(nickname, null);
             if (verified == true) {
-                CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:"+ nickname);
+                CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:" + nickname);
                 auditMessage = CMS.getLogMessage(
                         LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
                         auditSubjectID,
@@ -2261,7 +2249,7 @@ private void 	createMasterKey(HttpServletRequest req,
 
                 audit(auditMessage);
             } else {
-                CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:"+ nickname);
+                CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:" + nickname);
                 auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
                                 auditSubjectID,
@@ -2280,11 +2268,11 @@ private void 	createMasterKey(HttpServletRequest req,
             audit(auditMessage);
 
             mConfig.commit(true);
-            if(verified == true) {
+            if (verified == true) {
                 sendResponse(SUCCESS, null, null, resp);
             } else {
                 sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"),
-                null, resp);
+                        null, resp);
             }
         } catch (EBaseException eAudit1) {
             // store a message in the signed audit log file
@@ -2310,37 +2298,36 @@ private void 	createMasterKey(HttpServletRequest req,
 
             // rethrow the specific exception to be handled later
             throw eAudit2;
-    // } catch( ServletException eAudit3 ) {
-    //     // store a message in the signed audit log file
-    //     auditMessage = CMS.getLogMessage(
-    //                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-    //                        auditSubjectID,
-    //                        ILogger.FAILURE,
-    //                        auditParams( req ) );
-    //
-    //     audit( auditMessage );
-    //
-    //     // rethrow the specific exception to be handled later
-    //     throw eAudit3;
-       }
+            // } catch( ServletException eAudit3 ) {
+            //     // store a message in the signed audit log file
+            //     auditMessage = CMS.getLogMessage(
+            //                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+            //                        auditSubjectID,
+            //                        ILogger.FAILURE,
+            //                        auditParams( req ) );
+            //
+            //     audit( auditMessage );
+            //
+            //     // rethrow the specific exception to be handled later
+            //     throw eAudit3;
+        }
     }
 
     /**
      * For "importing" cross-signed cert into internal db for further
      * cross pair matching and publishing
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
-     * "Certificate Setup Wizard" is used to import a CA cross-signed
-     * certificate into the database
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Certificate Setup Wizard" is used to import a CA cross-signed certificate into the database
      * </ul>
+     * 
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException failed to import a cross-certificate pair
      */
     private void importXCert(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -2355,7 +2342,7 @@ private void 	createMasterKey(HttpServletRequest req,
             String serverID = "";
             String certpath = "";
             @SuppressWarnings("unchecked")
-			Enumeration<String> enum1 = req.getParameterNames();
+            Enumeration<String> enum1 = req.getParameterNames();
             NameValuePairs results = new NameValuePairs();
 
             while (enum1.hasMoreElements()) {
@@ -2363,29 +2350,29 @@ private void 	createMasterKey(HttpServletRequest req,
                 String value = req.getParameter(key);
 
                 // really should be PR_CERT_CONTENT
-                if (key.equals(Constants.PR_PKCS10)) 
+                if (key.equals(Constants.PR_PKCS10))
                     b64Cert = value;
                 else if (key.equals(Constants.RS_ID))
                     certType = value;
-                else if (key.equals("pathname")) 
+                else if (key.equals("pathname"))
                     pathname = value;
                 else if (key.equals(Constants.PR_SERVER_ROOT))
                     serverRoot = value;
-                else if (key.equals(Constants.PR_SERVER_ID)) 
+                else if (key.equals(Constants.PR_SERVER_ID))
                     serverID = value;
-                else if (key.equals(Constants.PR_CERT_FILEPATH)) 
+                else if (key.equals(Constants.PR_CERT_FILEPATH))
                     certpath = value;
             }
- 
+
             try {
                 if (b64Cert == null || b64Cert.equals("")) {
                     if (certpath == null || certpath.equals("")) {
                         // store a message in the signed audit log file
                         auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
+                                LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+                                auditSubjectID,
+                                ILogger.FAILURE,
+                                auditParams(req));
 
                         audit(auditMessage);
 
@@ -2396,7 +2383,7 @@ private void 	createMasterKey(HttpServletRequest req,
                     } else {
                         FileInputStream in = new FileInputStream(certpath);
                         BufferedReader d =
-                            new BufferedReader(new InputStreamReader(in));
+                                new BufferedReader(new InputStreamReader(in));
                         String content = "";
 
                         b64Cert = "";
@@ -2423,7 +2410,7 @@ private void 	createMasterKey(HttpServletRequest req,
                 audit(auditMessage);
 
                 throw new EBaseException(
-                    CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
+                        CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
             }
             CMS.debug("CMSAdminServlet: got b64Cert");
             b64Cert = Cert.stripBrackets(b64Cert.trim());
@@ -2441,7 +2428,7 @@ private void 	createMasterKey(HttpServletRequest req,
                      + File.separator + "config" + File.separator + pathname;
 
             ICrossCertPairSubsystem ccps =
-                (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair");
+                    (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair");
 
             try {
                 //this will import into internal ldap crossCerts entry
@@ -2480,8 +2467,8 @@ private void 	createMasterKey(HttpServletRequest req,
             }
 
             ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-            String content = jssSubSystem.getCertPrettyPrint(b64Cert, 
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+            String content = jssSubSystem.getCertPrettyPrint(b64Cert,
                     super.getLocale(req));
 
             results.add(Constants.PR_NICKNAME, "FBCA cross-signed cert");
@@ -2521,19 +2508,19 @@ private void 	createMasterKey(HttpServletRequest req,
 
             // rethrow the specific exception to be handled later
             throw eAudit2;
-    // } catch( ServletException eAudit3 ) {
-    //     // store a message in the signed audit log file
-    //     auditMessage = CMS.getLogMessage(
-    //                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-    //                        auditSubjectID,
-    //                        ILogger.FAILURE,
-    //                        auditParams( req ) );
-    //
-    //     audit( auditMessage );
-    //
-    //     // rethrow the specific exception to be handled later
-    //     throw eAudit3;
-       }
+            // } catch( ServletException eAudit3 ) {
+            //     // store a message in the signed audit log file
+            //     auditMessage = CMS.getLogMessage(
+            //                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+            //                        auditSubjectID,
+            //                        ILogger.FAILURE,
+            //                        auditParams( req ) );
+            //
+            //     audit( auditMessage );
+            //
+            //     // rethrow the specific exception to be handled later
+            //     throw eAudit3;
+        }
     }
 
     private String getNickname(String certType) throws EBaseException {
@@ -2541,13 +2528,13 @@ private void 	createMasterKey(HttpServletRequest req,
 
         if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
             ICertificateAuthority ca =
-                (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                    (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
             ISigningUnit signingUnit = ca.getSigningUnit();
 
             nickname = signingUnit.getNickname();
         } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
             IOCSPAuthority ocsp =
-                (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
+                    (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
 
             if (ocsp == null) {
                 // this is a local CA service
@@ -2562,28 +2549,28 @@ private void 	createMasterKey(HttpServletRequest req,
             }
         } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) {
             IRegistrationAuthority ra =
-                (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+                    (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
 
             nickname = ra.getNickname();
         } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) {
             IKeyRecoveryAuthority kra =
-                (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+                    (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
 
             nickname = kra.getNickname();
         } else if (certType.equals(Constants.PR_SERVER_CERT)) {
             nickname = CMS.getServerCertNickname();
         } else if (certType.equals(Constants.PR_SERVER_CERT_RADM)) {
             nickname = CMS.getServerCertNickname();
-        } 
+        }
 
         return nickname;
     }
 
     private void getCertInfo(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         @SuppressWarnings("unchecked")
-		Enumeration<String> enum1 = req.getParameterNames();
+        Enumeration<String> enum1 = req.getParameterNames();
         NameValuePairs results = new NameValuePairs();
         String pkcs = "";
         String path = "";
@@ -2616,7 +2603,7 @@ private void 	createMasterKey(HttpServletRequest req,
                 } else {
                     FileInputStream in = new FileInputStream(path);
                     BufferedReader d =
-                        new BufferedReader(new InputStreamReader(in));
+                            new BufferedReader(new InputStreamReader(in));
                     String content = "";
 
                     pkcs = "";
@@ -2640,7 +2627,7 @@ private void 	createMasterKey(HttpServletRequest req,
         int totalLen = pkcs.length();
 
         if (pkcs.indexOf(BEGIN_HEADER) != 0 ||
-            pkcs.indexOf(END_HEADER) != (totalLen - 25)) {
+                pkcs.indexOf(END_HEADER) != (totalLen - 25)) {
             throw (new EBaseException(CMS.getLogMessage("BASE_INVALID_CERT_FORMAT")));
         }
 
@@ -2665,7 +2652,7 @@ private void 	createMasterKey(HttpServletRequest req,
             nickname = getNickname(certType);
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         String content = jssSubSystem.getCertPrettyPrint(pkcs,
                 super.getLocale(req));
 
@@ -2678,12 +2665,12 @@ private void 	createMasterKey(HttpServletRequest req,
     }
 
     private void getCertPrettyPrint(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-    	@SuppressWarnings("unchecked")
+        @SuppressWarnings("unchecked")
         Enumeration<String> enum1 = req.getParameterNames();
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         String nickname = "";
         String serialno = "";
         String issuername = "";
@@ -2703,7 +2690,7 @@ private void 	createMasterKey(HttpServletRequest req,
             if (key.equals(Constants.PR_NICK_NAME)) {
                 nickname = value;
                 continue;
-            } 
+            }
             if (key.equals(Constants.PR_SERIAL_NUMBER)) {
                 serialno = value;
                 continue;
@@ -2714,20 +2701,20 @@ private void 	createMasterKey(HttpServletRequest req,
             }
         }
 
-        String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname, 
-          serialno, issuername, locale);
+        String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname,
+                serialno, issuername, locale);
         pairs.add(nickname, print);
 
         sendResponse(SUCCESS, null, pairs, resp);
     }
 
     private void getRootCertTrustBit(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-    	@SuppressWarnings("unchecked")
+        @SuppressWarnings("unchecked")
         Enumeration<String> enum1 = req.getParameterNames();
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         String nickname = "";
         String serialno = "";
         String issuername = "";
@@ -2759,92 +2746,92 @@ private void 	createMasterKey(HttpServletRequest req,
         }
 
         String trustbit = jssSubSystem.getRootCertTrustBit(nickname,
-          serialno, issuername);
+                serialno, issuername);
         pairs.add(nickname, trustbit);
 
         sendResponse(SUCCESS, null, pairs, resp);
     }
 
     private void getCACerts(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         NameValuePairs pairs = jssSubSystem.getCACerts();
 
         sendResponse(SUCCESS, null, pairs, resp);
     }
 
     private void deleteRootCert(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-          CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         int mindex = id.indexOf(":SERIAL#<");
         String nickname = id.substring(0, mindex);
         String sstr1 = id.substring(mindex);
         int lindex = sstr1.indexOf(">");
         String serialno = sstr1.substring(9, lindex);
-        String issuername = sstr1.substring(lindex+1);
+        String issuername = sstr1.substring(lindex + 1);
         jssSubSystem.deleteRootCert(nickname, serialno, issuername);
         sendResponse(SUCCESS, null, null, resp);
     }
 
     private void deleteUserCert(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-          CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         int mindex = id.indexOf(":SERIAL#<");
         String nickname = id.substring(0, mindex);
         String sstr1 = id.substring(mindex);
         int lindex = sstr1.indexOf(">");
         String serialno = sstr1.substring(9, lindex);
-        String issuername = sstr1.substring(lindex+1);
+        String issuername = sstr1.substring(lindex + 1);
         jssSubSystem.deleteUserCert(nickname, serialno, issuername);
         sendResponse(SUCCESS, null, null, resp);
     }
 
     private void getRootCerts(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         NameValuePairs pairs = jssSubSystem.getRootCerts();
 
         sendResponse(SUCCESS, null, pairs, resp);
     }
 
     private void getAllCertsManage(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         NameValuePairs pairs = jssSubSystem.getAllCertsManage();
 
         sendResponse(SUCCESS, null, pairs, resp);
     }
 
     private void getUserCerts(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         NameValuePairs pairs = jssSubSystem.getUserCerts();
         sendResponse(SUCCESS, null, pairs, resp);
     }
 
     private void deleteCerts(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-    	@SuppressWarnings("unchecked")
+        @SuppressWarnings("unchecked")
         Enumeration<String> enum1 = req.getParameterNames();
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         String nickname = "";
         String date = "";
 
@@ -2872,9 +2859,9 @@ private void 	createMasterKey(HttpServletRequest req,
     }
 
     private void validateSubjectName(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-    	@SuppressWarnings("unchecked")
+        @SuppressWarnings("unchecked")
         Enumeration<String> enum1 = req.getParameterNames();
 
         while (enum1.hasMoreElements()) {
@@ -2883,19 +2870,19 @@ private void 	createMasterKey(HttpServletRequest req,
 
             if (key.equals(Constants.PR_SUBJECT_NAME)) {
                 ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                        CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
 
                 jssSubSystem.isX500DN(value);
             }
         }
 
         sendResponse(SUCCESS, null, null, resp);
-    } 
+    }
 
     private void validateKeyLength(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-    	@SuppressWarnings("unchecked")
+        @SuppressWarnings("unchecked")
         Enumeration<String> enum1 = req.getParameterNames();
         String keyType = "RSA";
         String keyLen = "512";
@@ -2917,16 +2904,16 @@ private void 	createMasterKey(HttpServletRequest req,
         int minKey = mConfig.getInteger(
                 ConfigConstants.PR_RSA_MIN_KEYLENGTH, 512);
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
 
         // jssSubSystem.checkKeyLength(keyType, keyLength, certType, minKey);
         sendResponse(SUCCESS, null, null, resp);
     }
 
     private void validateCurveName(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-    	@SuppressWarnings("unchecked")
+        @SuppressWarnings("unchecked")
         Enumeration<String> enum1 = req.getParameterNames();
         String curveName = null;
 
@@ -2942,7 +2929,7 @@ private void 	createMasterKey(HttpServletRequest req,
         String curveList = mConfig.getString("keys.ecc.curve.list", "nistp521");
         String[] curves = curveList.split(",");
         boolean match = false;
-        for (int i=0; i<curves.length; i++) {
+        for (int i = 0; i < curves.length; i++) {
             if (curves[i].equals(curveName)) {
                 match = true;
             }
@@ -2955,9 +2942,9 @@ private void 	createMasterKey(HttpServletRequest req,
     }
 
     private void validateCertExtension(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-    	@SuppressWarnings("unchecked")
+        @SuppressWarnings("unchecked")
         Enumeration<String> enum1 = req.getParameterNames();
         String certExt = "";
 
@@ -2972,19 +2959,19 @@ private void 	createMasterKey(HttpServletRequest req,
         }
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
 
         jssSubSystem.checkCertificateExt(certExt);
         sendResponse(SUCCESS, null, null, resp);
     }
 
     private void getSubjectName(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         @SuppressWarnings("unchecked")
         Enumeration<String> enum1 = req.getParameterNames();
- 
+
         String nickname = "";
         String keyType = "RSA";
         String keyLen = "512";
@@ -3003,7 +2990,7 @@ private void 	createMasterKey(HttpServletRequest req,
         }
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         String subjectName = jssSubSystem.getSubjectDN(nickname);
 
         params.add(Constants.PR_SUBJECT_NAME, subjectName);
@@ -3011,7 +2998,7 @@ private void 	createMasterKey(HttpServletRequest req,
     }
 
     private void processSubjectName(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         @SuppressWarnings("unchecked")
@@ -3033,7 +3020,7 @@ private void 	createMasterKey(HttpServletRequest req,
         }
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         String subjectName = jssSubSystem.getSubjectDN(nickname);
 
         params.add(Constants.PR_SUBJECT_NAME, subjectName);
@@ -3041,7 +3028,7 @@ private void 	createMasterKey(HttpServletRequest req,
     }
 
     public void setRootCertTrust(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -3053,10 +3040,10 @@ private void 	createMasterKey(HttpServletRequest req,
         CMS.debug("CMSAdminServlet: setRootCertTrust()");
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         try {
             jssSubSystem.setRootCertTrust(nickname, serialno, issuername, trust);
-        } catch  (EBaseException e) {
+        } catch (EBaseException e) {
             auditMessage = CMS.getLogMessage(
                         LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
                         auditSubjectID,
@@ -3083,18 +3070,17 @@ private void 	createMasterKey(HttpServletRequest req,
     /**
      * Establish trust of a CA certificate
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
-     * "Manage Certificate" is used to edit the trustness of certs and
-     * deletion of certs
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when "Manage Certificate" is used to edit the trustness of certs and deletion of certs
      * </ul>
+     * 
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException failed to establish CA certificate trust
      */
     private void trustCACert(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -3104,10 +3090,10 @@ private void 	createMasterKey(HttpServletRequest req,
         // ensure that any low-level exceptions are reported
         // to the signed audit log and stored as failures
         try {
-        	@SuppressWarnings("unchecked")
+            @SuppressWarnings("unchecked")
             Enumeration<String> enum1 = req.getParameterNames();
             ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
             String trust = "";
 
             while (enum1.hasMoreElements()) {
@@ -3160,41 +3146,41 @@ private void 	createMasterKey(HttpServletRequest req,
 
             // rethrow the specific exception to be handled later
             throw eAudit2;
-    // } catch( ServletException eAudit3 ) {
-    //     // store a message in the signed audit log file
-    //     auditMessage = CMS.getLogMessage(
-    //                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-    //                        auditSubjectID,
-    //                        ILogger.FAILURE,
-    //                        auditParams( req ) );
-    //
-    //     audit( auditMessage );
-    //
-    //     // rethrow the specific exception to be handled later
-    //     throw eAudit3;
-       }
+            // } catch( ServletException eAudit3 ) {
+            //     // store a message in the signed audit log file
+            //     auditMessage = CMS.getLogMessage(
+            //                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+            //                        auditSubjectID,
+            //                        ILogger.FAILURE,
+            //                        auditParams( req ) );
+            //
+            //     audit( auditMessage );
+            //
+            //     // rethrow the specific exception to be handled later
+            //     throw eAudit3;
+        }
     }
 
     /**
      * Execute all self tests specified to be run on demand.
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self
-     * tests are run on demand
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self tests are run on demand
      * </ul>
+     * 
      * @exception EMissingSelfTestException a self test plugin instance
-     * property name was missing
+     *                property name was missing
      * @exception ESelfTestException a self test is missing a required
-     * configuration parameter
+     *                configuration parameter
      * @exception IOException an input/output error has occurred
      */
     private synchronized void
-    runSelfTestsOnDemand(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws EMissingSelfTestException,
-            ESelfTestException,
-            IOException {
+            runSelfTestsOnDemand(HttpServletRequest req,
+                    HttpServletResponse resp)
+                    throws EMissingSelfTestException,
+                    ESelfTestException,
+                    IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -3203,7 +3189,7 @@ private void 	createMasterKey(HttpServletRequest req,
         try {
             if (CMS.debugOn()) {
                 CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
-                    + "  ENTERING . . .");
+                        + "  ENTERING . . .");
             }
             @SuppressWarnings("unchecked")
             Enumeration<String> enum1 = req.getParameterNames();
@@ -3224,10 +3210,10 @@ private void 	createMasterKey(HttpServletRequest req,
             }
 
             ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS);
 
             if ((request == null) ||
-                (request.equals(""))) {
+                    (request.equals(""))) {
                 // self test plugin run on demand request parameter was missing
                 // log the error
                 logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_REQUEST",
@@ -3236,7 +3222,7 @@ private void 	createMasterKey(HttpServletRequest req,
                         );
 
                 mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                    logMessage);
+                        logMessage);
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
@@ -3264,7 +3250,7 @@ private void 	createMasterKey(HttpServletRequest req,
                             getServletInfo());
 
                 mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                    logMessage);
+                        logMessage);
 
                 // store this information for console notification
                 content += logMessage
@@ -3288,8 +3274,8 @@ private void 	createMasterKey(HttpServletRequest req,
                                     getServletInfo());
 
                         mSelfTestSubsystem.log(
-                            mSelfTestSubsystem.getSelfTestLogger(),
-                            logMessage);
+                                mSelfTestSubsystem.getSelfTestLogger(),
+                                logMessage);
 
                         // store a message in the signed audit log file
                         auditMessage = CMS.getLogMessage(
@@ -3309,7 +3295,7 @@ private void 	createMasterKey(HttpServletRequest req,
                     }
 
                     ISelfTest test = (ISelfTest)
-                        mSelfTestSubsystem.getSelfTest(instanceName);
+                            mSelfTestSubsystem.getSelfTest(instanceName);
 
                     if (test == null) {
                         // self test plugin instance property name is not present
@@ -3319,8 +3305,8 @@ private void 	createMasterKey(HttpServletRequest req,
                                     instanceFullName);
 
                         mSelfTestSubsystem.log(
-                            mSelfTestSubsystem.getSelfTestLogger(),
-                            logMessage);
+                                mSelfTestSubsystem.getSelfTestLogger(),
+                                logMessage);
 
                         // store a message in the signed audit log file
                         auditMessage = CMS.getLogMessage(
@@ -3342,9 +3328,9 @@ private void 	createMasterKey(HttpServletRequest req,
                     try {
                         if (CMS.debugOn()) {
                             CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
-                                + "    running \""
-                                + test.getSelfTestName()
-                                + "\"");
+                                    + "    running \""
+                                    + test.getSelfTestName()
+                                    + "\"");
                         }
 
                         // store this information for console notification
@@ -3368,8 +3354,8 @@ private void 	createMasterKey(HttpServletRequest req,
                                         instanceFullName);
 
                             mSelfTestSubsystem.log(
-                                mSelfTestSubsystem.getSelfTestLogger(),
-                                logMessage);
+                                    mSelfTestSubsystem.getSelfTestLogger(),
+                                    logMessage);
 
                             // store a message in the signed audit log file
                             auditMessage = CMS.getLogMessage(
@@ -3401,7 +3387,7 @@ private void 	createMasterKey(HttpServletRequest req,
                 logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_SUCCEEDED",
                             getServletInfo());
                 mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                    logMessage);
+                        logMessage);
 
                 // store this information for console notification
                 content += logMessage
@@ -3412,7 +3398,7 @@ private void 	createMasterKey(HttpServletRequest req,
                             getServletInfo());
 
                 mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                    logMessage);
+                        logMessage);
 
                 // store this information for console notification
                 content += logMessage
@@ -3429,14 +3415,14 @@ private void 	createMasterKey(HttpServletRequest req,
 
             // notify console of SUCCESS
             results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CLASS,
-                CMSAdminServlet.class.getName());
+                    CMSAdminServlet.class.getName());
             results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT,
-                content);
+                    content);
             sendResponse(SUCCESS, null, results, resp);
 
             if (CMS.debugOn()) {
                 CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
-                    + "  EXITING.");
+                        + "  EXITING.");
             }
         } catch (EMissingSelfTestException eAudit1) {
             // store a message in the signed audit log file
@@ -3475,16 +3461,16 @@ private void 	createMasterKey(HttpServletRequest req,
     }
 
     public void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg); 
+        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg);
     }
 
     /**
      * Signed Audit Log Public Key
-     *
+     * 
      * This method is called to obtain the public key from the passed in
      * "KeyPair" object for a signed audit log message.
      * <P>
-     *
+     * 
      * @param object a Key Pair Object
      * @return key string containing the public key
      */
@@ -3533,4 +3519,3 @@ private void 	createMasterKey(HttpServletRequest req,
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java
index 7f18d94e..b310f8c9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -42,7 +41,6 @@ import com.netscape.certsrv.jobs.IJobsScheduler;
 import com.netscape.certsrv.jobs.JobPlugin;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * A class representing an administration servlet for the
  * Jobs Scheduler and it's scheduled jobs.
@@ -82,16 +80,16 @@ public class JobsAdminServlet extends AdminServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
-    /** 
+    /**
      * retrieve extended plugin info such as brief description, type info
      * from jobs
      */
     private void getExtendedPluginInfo(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
@@ -100,8 +98,8 @@ public class JobsAdminServlet extends AdminServlet {
         String implType = id.substring(0, colon);
         String implName = id.substring(colon + 1);
 
-        NameValuePairs params = 
-            getExtendedPluginInfo(getLocale(req), implType, implName);
+        NameValuePairs params =
+                getExtendedPluginInfo(getLocale(req), implType, implName);
 
         sendResponse(SUCCESS, null, params, resp);
     }
@@ -111,7 +109,7 @@ public class JobsAdminServlet extends AdminServlet {
         Object impl = null;
 
         JobPlugin jp =
-            (JobPlugin) mJobsSched.getPlugins().get(implName);
+                (JobPlugin) mJobsSched.getPlugins().get(implName);
 
         if (jp != null)
             impl = getClassByNameAsExtendedPluginInfo(jp.getClassPath());
@@ -137,7 +135,7 @@ public class JobsAdminServlet extends AdminServlet {
      * Serves HTTP admin request.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
 
         String scope = req.getParameter(Constants.OP_SCOPE);
@@ -145,17 +143,17 @@ public class JobsAdminServlet extends AdminServlet {
 
         if (op == null) {
             //System.out.println("SRVLT_INVALID_PROTOCOL");
-            sendResponse(ERROR, 
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                null, resp);
+            sendResponse(ERROR,
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+                    null, resp);
             return;
         }
 
         try {
             super.authenticate(req);
         } catch (IOException e) {
-            sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), 
-                null, resp);
+            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -165,8 +163,8 @@ public class JobsAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_JOBS))
@@ -174,27 +172,27 @@ public class JobsAdminServlet extends AdminServlet {
                 else if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
                     getConfig(req, resp);
                 else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE))
-                    getInstConfig(req, resp); 
+                    getInstConfig(req, resp);
                 else if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) {
-                    try { 
-                      getExtendedPluginInfo(req, resp); 
-                    } catch (EBaseException e) { 
-                      sendResponse(ERROR, e.toString(getLocale(req)), null, resp); 
-                      return; 
+                    try {
+                        getExtendedPluginInfo(req, resp);
+                    } catch (EBaseException e) {
+                        sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
+                        return;
                     }
                 } else {
                     //System.out.println("SRVLT_INVALID_OP_SCOPE");
-                    sendResponse(ERROR, 
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                        null, resp);
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                            null, resp);
                     return;
                 }
             } else if (op.equals(OpDef.OP_MODIFY)) {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_JOBS)) {
@@ -202,17 +200,17 @@ public class JobsAdminServlet extends AdminServlet {
                 } else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) {
                     modJobsInst(req, resp, scope);
                 } else {
-                    sendResponse(ERROR, 
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                        null, resp);
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                            null, resp);
                     return;
                 }
             } else if (op.equals(OpDef.OP_SEARCH)) {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
@@ -221,17 +219,17 @@ public class JobsAdminServlet extends AdminServlet {
                     listJobsInsts(req, resp);
                 else {
                     //System.out.println("SRVLT_INVALID_OP_SCOPE");
-                    sendResponse(ERROR, 
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                        null, resp);
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                            null, resp);
                     return;
                 }
             } else if (op.equals(OpDef.OP_ADD)) {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
@@ -240,17 +238,17 @@ public class JobsAdminServlet extends AdminServlet {
                     addJobsInst(req, resp, scope);
                 else {
                     //System.out.println("SRVLT_INVALID_OP_SCOPE");
-                    sendResponse(ERROR, 
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                        null, resp);
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                            null, resp);
                     return;
                 }
             } else if (op.equals(OpDef.OP_DELETE)) {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
@@ -259,41 +257,41 @@ public class JobsAdminServlet extends AdminServlet {
                     delJobsInst(req, resp, scope);
                 else {
                     //System.out.println("SRVLT_INVALID_OP_SCOPE");
-                    sendResponse(ERROR, 
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                        null, resp);
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                            null, resp);
                     return;
                 }
             } else {
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
+                        null, resp);
                 return;
             }
         } catch (EBaseException e) {
             sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
             return;
-        } 
+        }
     }
 
-    private synchronized void addJobPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addJobPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
         // is the job plugin id unique?
         if (mJobsSched.getPlugins().containsKey((Object) id)) {
             sendResponse(ERROR,
-                new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(),
-                null, resp);
+                    new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(),
+                    null, resp);
             return;
         }
 
@@ -301,15 +299,15 @@ public class JobsAdminServlet extends AdminServlet {
 
         if (classPath == null) {
             sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NULL_CLASS"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NULL_CLASS"),
+                    null, resp);
             return;
         }
 
         IConfigStore destStore =
-            mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+                mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
         IConfigStore instancesConfig =
-            destStore.getSubStore(scope);
+                destStore.getSubStore(scope);
 
         // Does the class exist?
         Class newImpl = null;
@@ -318,13 +316,13 @@ public class JobsAdminServlet extends AdminServlet {
             newImpl = Class.forName(classPath);
         } catch (ClassNotFoundException e) {
             sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NO_CLASS"),
+                    null, resp);
             return;
         } catch (IllegalArgumentException e) {
             sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NO_CLASS"),
+                    null, resp);
             return;
         }
 
@@ -332,14 +330,14 @@ public class JobsAdminServlet extends AdminServlet {
         try {
             if (IJob.class.isAssignableFrom(newImpl) == false) {
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_CLASS"),
+                        null, resp);
                 return;
             }
         } catch (NullPointerException e) { // unlikely, only if newImpl null.
             sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_CLASS"),
+                    null, resp);
             return;
         }
 
@@ -353,8 +351,8 @@ public class JobsAdminServlet extends AdminServlet {
         } catch (EBaseException e) {
             //System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -362,8 +360,8 @@ public class JobsAdminServlet extends AdminServlet {
         JobPlugin plugin = new JobPlugin(id, classPath);
 
         mJobsSched.getPlugins().put(id, plugin);
-        mJobsSched.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id));
+        mJobsSched.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id));
 
         NameValuePairs params = new NameValuePairs();
 
@@ -371,24 +369,24 @@ public class JobsAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void addJobsInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addJobsInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // is the job instance id unique?
         if (mJobsSched.getInstances().containsKey((Object) id)) {
             sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_INST_ID"),
+                    null, resp);
             return;
         }
 
@@ -399,21 +397,21 @@ public class JobsAdminServlet extends AdminServlet {
 
         if (implname == null) {
             sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"),
+                    null, resp);
             return;
         }
 
         // check if implementation exists.
         JobPlugin plugin =
-            (JobPlugin) mJobsSched.getPlugins().get(implname);
+                (JobPlugin) mJobsSched.getPlugins().get(implname);
 
         if (plugin == null) {
             sendResponse(ERROR,
-                new
-                EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
-                    id)).toString(),
-                null, resp);
+                    new
+                    EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
+                            id)).toString(),
+                    null, resp);
             return;
         }
 
@@ -423,9 +421,9 @@ public class JobsAdminServlet extends AdminServlet {
         String[] configParams = mJobsSched.getConfigParams(implname);
 
         IConfigStore destStore =
-            mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+                mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
         IConfigStore instancesConfig =
-            destStore.getSubStore(scope);
+                destStore.getSubStore(scope);
         IConfigStore substore = instancesConfig.makeSubStore(id);
 
         if (configParams != null) {
@@ -437,10 +435,10 @@ public class JobsAdminServlet extends AdminServlet {
                     substore.put(key, val);
                 } else if (!key.equals("profileId")) {
                     sendResponse(ERROR,
-                        new
-                        EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
-                            key)).toString(),
-                        null, resp);
+                            new
+                            EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
+                                    key)).toString(),
+                            null, resp);
                     return;
                 }
             }
@@ -458,28 +456,28 @@ public class JobsAdminServlet extends AdminServlet {
             // cleanup
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new EJobsException(
-                  CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                null, resp);
+                    new EJobsException(
+                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+                    null, resp);
             return;
         } catch (InstantiationException e) {
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new EJobsException(
-                  CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                null, resp);
+                    new EJobsException(
+                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+                    null, resp);
             return;
         } catch (IllegalAccessException e) {
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new EJobsException(
-                  CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                null, resp);
+                    new EJobsException(
+                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+                    null, resp);
             return;
         }
-		
+
         IJobsScheduler scheduler = (IJobsScheduler)
-            CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
+                CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
 
         // initialize the job plugin
         try {
@@ -498,16 +496,16 @@ public class JobsAdminServlet extends AdminServlet {
             // clean up.
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
         // inited and commited ok. now add manager instance to list.
         mJobsSched.getInstances().put(id, jobsInst);
 
-        mJobsSched.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id));
+        mJobsSched.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id));
 
         NameValuePairs params = new NameValuePairs();
 
@@ -516,8 +514,8 @@ public class JobsAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void listJobPlugins(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listJobPlugins(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -525,8 +523,8 @@ public class JobsAdminServlet extends AdminServlet {
 
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
-            JobPlugin value = (JobPlugin) 
-                mJobsSched.getPlugins().get(name);
+            JobPlugin value = (JobPlugin)
+                    mJobsSched.getPlugins().get(name);
 
             params.add(name, value.getClassPath());
             //				params.add(name, value.getClassPath()+EDIT);
@@ -535,29 +533,28 @@ public class JobsAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void listJobsInsts(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listJobsInsts(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
 
-        for (Enumeration e = mJobsSched.getInstances().keys();
-            e.hasMoreElements();) {
+        for (Enumeration e = mJobsSched.getInstances().keys(); e.hasMoreElements();) {
             String name = (String) e.nextElement();
-            IJob value = (IJob) 
-                mJobsSched.getInstances().get((Object) name);
+            IJob value = (IJob)
+                    mJobsSched.getInstances().get((Object) name);
 
             //				params.add(name, value.getImplName());
             params.add(name, value.getImplName() + VISIBLE +
-                (value.isEnabled() ? ENABLED : DISABLED)
-            );
+                    (value.isEnabled() ? ENABLED : DISABLED)
+                    );
         }
         sendResponse(SUCCESS, null, params, resp);
         return;
     }
 
-    private synchronized void delJobPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) throws ServletException, 
+    private synchronized void delJobPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -566,42 +563,41 @@ public class JobsAdminServlet extends AdminServlet {
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does this job plugin exist?
         if (mJobsSched.getPlugins().containsKey(id) == false) {
             sendResponse(ERROR,
-                new
-                EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
-                    id)).toString(),
-                null, resp);
+                    new
+                    EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
+                            id)).toString(),
+                    null, resp);
             return;
         }
 
         // first check if any instances from this job plugin
         // DON'T remove job plugin if any instance
-        for (Enumeration e = mJobsSched.getInstances().elements();
-            e.hasMoreElements();) {
+        for (Enumeration e = mJobsSched.getInstances().elements(); e.hasMoreElements();) {
             IJob jobs = (IJob) e.nextElement();
 
             if ((jobs.getImplName()).equals(id)) {
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_IN_USE"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_IN_USE"),
+                        null, resp);
                 return;
             }
         }
-		
+
         // then delete this job plugin
         mJobsSched.getPlugins().remove((Object) id);
 
         IConfigStore destStore =
-            mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+                mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
         IConfigStore instancesConfig =
-            destStore.getSubStore(scope);
+                destStore.getSubStore(scope);
 
         instancesConfig.removeSubStore(id);
         // commiting
@@ -609,8 +605,8 @@ public class JobsAdminServlet extends AdminServlet {
             mConfig.commit(true);
         } catch (EBaseException e) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -618,8 +614,8 @@ public class JobsAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void delJobsInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) throws ServletException, 
+    private synchronized void delJobsInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -628,17 +624,17 @@ public class JobsAdminServlet extends AdminServlet {
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does job plugin instance exist?
         if (mJobsSched.getInstances().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND",
-                    id)).toString(),
-                null, resp);
+                    new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_NOT_FOUND",
+                            id)).toString(),
+                    null, resp);
             return;
         }
 
@@ -651,9 +647,9 @@ public class JobsAdminServlet extends AdminServlet {
 
         // remove the configuration.
         IConfigStore destStore =
-            mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+                mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
         IConfigStore instancesConfig =
-            destStore.getSubStore(scope);
+                destStore.getSubStore(scope);
 
         instancesConfig.removeSubStore(id);
         // commiting
@@ -662,8 +658,8 @@ public class JobsAdminServlet extends AdminServlet {
         } catch (EBaseException e) {
             //System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -673,24 +669,24 @@ public class JobsAdminServlet extends AdminServlet {
 
     /**
      * used for getting the required configuration parameters (with
-     *	 possible default values) for a particular job plugin
-     * implementation name specified in the RS_ID.  Actually, there is
-     *	 no logic in here to set any default value here...there's no
-     *	 default value for any parameter in this job scheduler subsystem
-     *	 at this point.  Later, if we do have one (or some), it can be
-     *	 added.  The interface remains the same.
+     * possible default values) for a particular job plugin
+     * implementation name specified in the RS_ID. Actually, there is
+     * no logic in here to set any default value here...there's no
+     * default value for any parameter in this job scheduler subsystem
+     * at this point. Later, if we do have one (or some), it can be
+     * added. The interface remains the same.
      */
-    private synchronized void getConfig(HttpServletRequest req, 
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void getConfig(HttpServletRequest req,
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
 
         String implname = req.getParameter(Constants.RS_ID);
 
         if (implname == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -708,25 +704,25 @@ public class JobsAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void getInstConfig(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void getInstConfig(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does job plugin instance exist?
         if (mJobsSched.getInstances().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND",
-                    id)).toString(),
-                null, resp);
+                    new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_NOT_FOUND",
+                            id)).toString(),
+                    null, resp);
             return;
         }
 
@@ -758,15 +754,15 @@ public class JobsAdminServlet extends AdminServlet {
 
     /**
      * Modify job plugin instance.
-     * This will actually create a new instance with new configuration 
-     * parameters and replace the old instance, if the new instance 
+     * This will actually create a new instance with new configuration
+     * parameters and replace the old instance, if the new instance
      * created and initialized successfully.
      * The old instance is left running. so this is very expensive.
      * Restart of server recommended.
      */
-    private synchronized void modJobsInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void modJobsInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         // expensive operation.
 
@@ -775,16 +771,16 @@ public class JobsAdminServlet extends AdminServlet {
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // Does the job instance exist?
         if (!mJobsSched.getInstances().containsKey((Object) id)) {
             sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_INST_ID"),
+                    null, resp);
             return;
         }
 
@@ -793,27 +789,27 @@ public class JobsAdminServlet extends AdminServlet {
 
         if (implname == null) {
             sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"),
+                    null, resp);
             return;
         }
 
         // get plugin for implementation 
         JobPlugin plugin =
-            (JobPlugin) mJobsSched.getPlugins().get(implname);
+                (JobPlugin) mJobsSched.getPlugins().get(implname);
 
         if (plugin == null) {
             sendResponse(ERROR,
-                new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
-                    id)).toString(),
-                null, resp);
+                    new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
+                            id)).toString(),
+                    null, resp);
             return;
         }
 
         // save old instance substore params in case new one fails. 
 
-        IJob oldinst = 
-            (IJob) mJobsSched.getInstances().get((Object) id);
+        IJob oldinst =
+                (IJob) mJobsSched.getInstances().get((Object) id);
         IConfigStore oldConfig = oldinst.getConfigStore();
 
         String[] oldConfigParms = oldinst.getConfigParams();
@@ -821,7 +817,7 @@ public class JobsAdminServlet extends AdminServlet {
 
         // implName is always required so always include it it.
         saveParams.add(IJobsScheduler.PROP_PLUGIN,
-            (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN));
+                (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN));
         if (oldConfigParms != null) {
             for (int i = 0; i < oldConfigParms.length; i++) {
                 String key = oldConfigParms[i];
@@ -838,9 +834,9 @@ public class JobsAdminServlet extends AdminServlet {
         // remove old substore.
 
         IConfigStore destStore =
-            mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+                mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
         IConfigStore instancesConfig =
-            destStore.getSubStore(scope);
+                destStore.getSubStore(scope);
 
         instancesConfig.removeSubStore(id);
 
@@ -861,10 +857,10 @@ public class JobsAdminServlet extends AdminServlet {
                 } else if (!key.equals("profileId")) {
                     restore(instancesConfig, id, saveParams);
                     sendResponse(ERROR,
-                        new
-                        EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
-                            key)).toString(),
-                        null, resp);
+                            new
+                            EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
+                                    key)).toString(),
+                            null, resp);
                     return;
                 }
             }
@@ -880,30 +876,30 @@ public class JobsAdminServlet extends AdminServlet {
             // cleanup
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new EJobsException(
-                  CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                null, resp);
+                    new EJobsException(
+                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+                    null, resp);
             return;
         } catch (InstantiationException e) {
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new EJobsException(
-                  CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                null, resp);
+                    new EJobsException(
+                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+                    null, resp);
             return;
         } catch (IllegalAccessException e) {
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new EJobsException(
-                  CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                null, resp);
+                    new EJobsException(
+                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+                    null, resp);
             return;
         }
 
         // initialize the job plugin
 
         IJobsScheduler scheduler = (IJobsScheduler)
-            CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
+                CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
 
         try {
             newJobInst.init(scheduler, id, implname, substore);
@@ -928,8 +924,8 @@ public class JobsAdminServlet extends AdminServlet {
             restore(instancesConfig, id, saveParams);
             //System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -937,8 +933,8 @@ public class JobsAdminServlet extends AdminServlet {
 
         mJobsSched.getInstances().put(id, newJobInst);
 
-        mJobsSched.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id));
+        mJobsSched.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id));
 
         NameValuePairs params = new NameValuePairs();
 
@@ -947,24 +943,24 @@ public class JobsAdminServlet extends AdminServlet {
     }
 
     private void getSettings(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
 
-        params.add(Constants.PR_ENABLE, 
-            config.getString(IJobsScheduler.PROP_ENABLED,
-                Constants.FALSE));
+        params.add(Constants.PR_ENABLE,
+                config.getString(IJobsScheduler.PROP_ENABLED,
+                        Constants.FALSE));
         // default 1 minute
-        params.add(Constants.PR_JOBS_FREQUENCY, 
-            config.getString(IJobsScheduler.PROP_INTERVAL, "1"));
+        params.add(Constants.PR_JOBS_FREQUENCY,
+                config.getString(IJobsScheduler.PROP_INTERVAL, "1"));
 
         //System.out.println("Send: "+params.toString());
         sendResponse(SUCCESS, null, params, resp);
     }
 
     private void setSettings(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            throws ServletException, IOException, EBaseException {
         //Save New Settings to the config file
         IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
 
@@ -980,12 +976,12 @@ public class JobsAdminServlet extends AdminServlet {
 
         //set frequency
         String interval =
-            req.getParameter(Constants.PR_JOBS_FREQUENCY);
+                req.getParameter(Constants.PR_JOBS_FREQUENCY);
 
         if (interval != null) {
             config.putString(IJobsScheduler.PROP_INTERVAL, interval);
             mJobsSched.setInterval(
-                config.getInteger(IJobsScheduler.PROP_INTERVAL));
+                    config.getInteger(IJobsScheduler.PROP_INTERVAL));
         }
 
         if (enabledChanged == true) {
@@ -999,8 +995,8 @@ public class JobsAdminServlet extends AdminServlet {
     }
 
     // convenience routine.
-    private static void restore(IConfigStore store, 
-        String id, NameValuePairs saveParams) {
+    private static void restore(IConfigStore store,
+            String id, NameValuePairs saveParams) {
         store.removeSubStore(id);
         IConfigStore rstore = store.makeSubStore(id);
 
@@ -1010,7 +1006,7 @@ public class JobsAdminServlet extends AdminServlet {
             String key = (String) keys.nextElement();
             String value = saveParams.getValue(key);
 
-            if (!value.equals("")) 
+            if (!value.equals(""))
                 rstore.put(key, value);
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java
index e4138d74..1dd34666 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 
@@ -35,13 +34,12 @@ import com.netscape.certsrv.common.ScopeDef;
 import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * A class representings an administration servlet for Key
- * Recovery Authority. This servlet is responsible to serve 
- * KRA administrative operation such as configuration 
+ * Recovery Authority. This servlet is responsible to serve
+ * KRA administrative operation such as configuration
  * parameter updates.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class KRAAdminServlet extends AdminServlet {
@@ -57,7 +55,7 @@ public class KRAAdminServlet extends AdminServlet {
     private IKeyRecoveryAuthority mKRA = null;
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM =
-        "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
 
     /**
      * Constructs KRA servlet.
@@ -73,49 +71,49 @@ public class KRAAdminServlet extends AdminServlet {
 
     /**
      * Returns serlvet information.
-     *
+     * 
      * @return name of this servlet
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
      * Serves HTTP admin request.
-     *
+     * 
      * @param req HTTP request
      * @param resp HTTP response
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
 
         super.authenticate(req);
         String scope = req.getParameter(Constants.OP_SCOPE);
 
         if (scope == null) {
-            sendResponse(ERROR, 
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                null, resp);
+            sendResponse(ERROR,
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                    null, resp);
             return;
         }
         String op = req.getParameter(Constants.OP_TYPE);
 
         if (op == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
+                    null, resp);
             return;
         }
-		
+
         try {
             AUTHZ_RES_NAME = "certServer.kra.configuration";
             if (op.equals(OpDef.OP_READ)) {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 /* Functions not implemented in console
@@ -129,7 +127,7 @@ public class KRAAdminServlet extends AdminServlet {
                     getNotificationRIQConfig(req, resp);
                     return;
                 } else
-                */ 
+                */
                 if (scope.equals(ScopeDef.SC_GENERAL)) {
                     getGeneralConfig(req, resp);
                     return;
@@ -138,8 +136,8 @@ public class KRAAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 /* Functions not implemented in console
@@ -158,24 +156,24 @@ public class KRAAdminServlet extends AdminServlet {
                 } else 
                 */
                 if (scope.equals(ScopeDef.SC_GENERAL)) {
-                    setGeneralConfig(req,resp);
+                    setGeneralConfig(req, resp);
                 }
-            } 
+            }
         } catch (EBaseException e) {
             // convert exception into locale-specific message
-            sendResponse(ERROR, e.toString(getLocale(req)), 
-                null, resp);
+            sendResponse(ERROR, e.toString(getLocale(req)),
+                    null, resp);
             return;
         } catch (Exception e) {
             e.printStackTrace();
         }
         sendResponse(ERROR,
-            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-            null, resp);
+                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+                null, resp);
     }
 
     private void getGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -188,7 +186,7 @@ public class KRAAdminServlet extends AdminServlet {
     }
 
     private void setGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         Enumeration enum1 = req.getParameterNames();
         boolean restart = false;
@@ -202,14 +200,14 @@ public class KRAAdminServlet extends AdminServlet {
 
             if (key.equals(Constants.PR_NO_OF_REQUIRED_RECOVERY_AGENTS)) {
                 try {
-                    int number = Integer.parseInt(value); 
+                    int number = Integer.parseInt(value);
                     mKRA.setNoOfRequiredAgents(number);
                 } catch (NumberFormatException e) {
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_DRM,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
+                            LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditParams(req));
 
                     audit(auditMessage);
                     throw new EBaseException("Number of agents must be an integer");
@@ -220,10 +218,10 @@ public class KRAAdminServlet extends AdminServlet {
         commit(true);
 
         auditMessage = CMS.getLogMessage(
-            LOGGING_SIGNED_AUDIT_CONFIG_DRM,
-            auditSubjectID,
-            ILogger.SUCCESS,
-            auditParams(req));
+                LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+                auditSubjectID,
+                ILogger.SUCCESS,
+                auditParams(req));
 
         audit(auditMessage);
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java
index 08d6fcf5..95ed2361 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -45,13 +44,12 @@ import com.netscape.certsrv.logging.ILogSubsystem;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.logging.LogPlugin;
 
-
 /**
  * A class representings an administration servlet for logging
  * subsystem. This servlet is responsible to serve
  * logging administrative operation such as configuration
  * parameter updates and log retriever.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class LogAdminServlet extends AdminServlet {
@@ -70,11 +68,11 @@ public class LogAdminServlet extends AdminServlet {
 
     private final static String SIGNED_AUDIT_LOG_TYPE = "SignedAudit";
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT =
-        "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3";
     private final static String LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE =
-        "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4";
+            "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4";
     private final static String LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE =
-        "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4";
+            "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4";
 
     /**
      * Constructs Log servlet.
@@ -114,15 +112,15 @@ public class LogAdminServlet extends AdminServlet {
      * Serves HTTP admin request.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
 
         String op = req.getParameter(Constants.OP_TYPE);
 
         if (op == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+                    null, resp);
             return;
         }
 
@@ -138,8 +136,8 @@ public class LogAdminServlet extends AdminServlet {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     try {
@@ -155,8 +153,8 @@ public class LogAdminServlet extends AdminServlet {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
 
@@ -169,17 +167,17 @@ public class LogAdminServlet extends AdminServlet {
                     } else if (scope.equals(ScopeDef.SC_GENERAL)) {
                         getGeneralConfig(req, resp);
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else if (op.equals(OpDef.OP_DELETE)) {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
 
@@ -190,17 +188,17 @@ public class LogAdminServlet extends AdminServlet {
                         delLogInst(req, resp, scope);
                         return;
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else if (op.equals(OpDef.OP_ADD)) {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
 
@@ -211,9 +209,9 @@ public class LogAdminServlet extends AdminServlet {
                         addLogInst(req, resp, scope);
                         return;
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else if (op.equals(OpDef.OP_MODIFY)) {
@@ -221,8 +219,8 @@ public class LogAdminServlet extends AdminServlet {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
 
@@ -232,17 +230,17 @@ public class LogAdminServlet extends AdminServlet {
                     } else if (scope.equals(ScopeDef.SC_GENERAL)) {
                         setGeneralConfig(req, resp);
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else if (op.equals(OpDef.OP_SEARCH)) {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_LOG_IMPLS)) {
@@ -268,13 +266,13 @@ public class LogAdminServlet extends AdminServlet {
                         mOp = "read";
                         if ((mToken = super.authorize(req)) == null) {
                             sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
+                                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                    null, resp);
                             return;
                         }
 
                         ILogEventListener loginst =
-                            mSys.getLogInstance(instName);
+                                mSys.getLogInstance(instName);
 
                         if (loginst != null) {
                             NameValuePairs nvps = loginst.retrieveLogContent(toHashtable(req));
@@ -296,12 +294,12 @@ public class LogAdminServlet extends AdminServlet {
                         mOp = "read";
                         if ((mToken = super.authorize(req)) == null) {
                             sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
+                                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                    null, resp);
                             return;
                         }
                         ILogEventListener loginst =
-                            mSys.getLogInstance(instName);
+                                mSys.getLogInstance(instName);
 
                         if (loginst != null) {
                             NameValuePairs nvps = loginst.retrieveLogList(toHashtable(req));
@@ -310,15 +308,15 @@ public class LogAdminServlet extends AdminServlet {
                         }
                         return;
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else {
-                    sendResponse(ERROR, 
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
-                        null, resp);
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
+                            null, resp);
                     return;
                 }
             }
@@ -329,15 +327,15 @@ public class LogAdminServlet extends AdminServlet {
             System.out.println("XXX >>>" + e.toString() + "<<<");
             e.printStackTrace();
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+                    null, resp);
         }
 
         return;
     }
 
-    private synchronized void listLogInsts(HttpServletRequest req, 
-        HttpServletResponse resp, boolean all) throws ServletException, 
+    private synchronized void listLogInsts(HttpServletRequest req,
+            HttpServletResponse resp, boolean all) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -351,9 +349,9 @@ public class LogAdminServlet extends AdminServlet {
             if (value == null)
                 continue;
             String pName = mSys.getLogPluginName(value);
-            LogPlugin pClass = (LogPlugin) 
-                mSys.getLogPlugins().get(pName);
-            String c = pClass.getClassPath();	
+            LogPlugin pClass = (LogPlugin)
+                    mSys.getLogPlugins().get(pName);
+            String c = pClass.getClassPath();
 
             // not show ntEventlog here
             if (all || (!all && !c.endsWith("NTEventLog")))
@@ -363,12 +361,12 @@ public class LogAdminServlet extends AdminServlet {
         return;
     }
 
-    /** 
+    /**
      * retrieve extended plugin info such as brief description, type info
      * from logging
      */
     private void getExtendedPluginInfo(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
@@ -381,10 +379,10 @@ public class LogAdminServlet extends AdminServlet {
         sendResponse(SUCCESS, null, params, resp);
     }
 
-    private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { 
-        IExtendedPluginInfo ext_info = null; 
+    private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
+        IExtendedPluginInfo ext_info = null;
         Object impl = null;
-        LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName); 
+        LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName);
 
         if (lp != null) {
             impl = getClassByNameAsExtendedPluginInfo(lp.getClassPath());
@@ -410,11 +408,11 @@ public class LogAdminServlet extends AdminServlet {
     /**
      * Add log plug-in
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
-     * configuring signedAudit
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of the log's substore
@@ -423,9 +421,9 @@ public class LogAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     @SuppressWarnings("unchecked")
-	private synchronized void addLogPlugin(HttpServletRequest req,
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addLogPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -457,8 +455,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -476,8 +474,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(),
-                    null, resp);
+                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(),
+                        null, resp);
                 return;
             }
 
@@ -496,8 +494,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NULL_CLASS"), 
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NULL_CLASS"),
+                        null, resp);
                 return;
             }
 
@@ -505,7 +503,7 @@ public class LogAdminServlet extends AdminServlet {
 
             destStore = mConfig.getSubStore("log");
             IConfigStore instancesConfig =
-                destStore.getSubStore("impl");
+                    destStore.getSubStore("impl");
 
             // Does the class exist?
             Class<ILogEventListener> newImpl = null;
@@ -525,8 +523,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"), 
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NO_CLASS"),
+                        null, resp);
                 return;
             } catch (IllegalArgumentException e) {
                 // store a message in the signed audit log file
@@ -541,8 +539,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"), 
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NO_CLASS"),
+                        null, resp);
                 return;
             }
 
@@ -561,8 +559,8 @@ public class LogAdminServlet extends AdminServlet {
                     }
 
                     sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"), 
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_CLASS"),
+                            null, resp);
                     return;
                 }
             } catch (NullPointerException e) { // unlikely, only if newImpl null.
@@ -578,8 +576,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"), 
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_CLASS"),
+                        null, resp);
                 return;
             }
 
@@ -605,8 +603,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
@@ -682,11 +680,11 @@ public class LogAdminServlet extends AdminServlet {
     /**
      * Add log instance
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
-     * configuring signedAudit
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of the log's substore
@@ -694,9 +692,9 @@ public class LogAdminServlet extends AdminServlet {
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void addLogInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addLogInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -726,8 +724,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -743,8 +741,8 @@ public class LogAdminServlet extends AdminServlet {
                     audit(auditMessage);
                 }
 
-                sendResponse(ERROR, "Invalid ID '" + id + "'", 
-                    null, resp);
+                sendResponse(ERROR, "Invalid ID '" + id + "'",
+                        null, resp);
                 return;
             }
 
@@ -761,8 +759,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"), 
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_INST_ID"),
+                        null, resp);
                 return;
             }
 
@@ -783,15 +781,15 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"),
+                        null, resp);
                 return;
             }
 
             // check if implementation exists.
             LogPlugin plugin =
-                (LogPlugin) mSys.getLogPlugins().get(
-                    implname);
+                    (LogPlugin) mSys.getLogPlugins().get(
+                            implname);
 
             if (plugin == null) {
                 // store a message in the signed audit log file
@@ -806,17 +804,17 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(),
-                    null, resp);
+                        new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)).toString(),
+                        null, resp);
                 return;
             }
 
             Vector<String> configParams = mSys.getLogDefaultParams(implname);
 
             IConfigStore destStore =
-                mConfig.getSubStore("log");
+                    mConfig.getSubStore("log");
             IConfigStore instancesConfig =
-                destStore.getSubStore("instance");
+                    destStore.getSubStore("instance");
             IConfigStore substore = instancesConfig.makeSubStore(id);
 
             if (configParams != null) {
@@ -826,11 +824,11 @@ public class LogAdminServlet extends AdminServlet {
                     String val = req.getParameter(kv.substring(0, index));
 
                     if (val == null) {
-                        substore.put(kv.substring(0, index), 
-                            kv.substring(index + 1));
+                        substore.put(kv.substring(0, index),
+                                kv.substring(index + 1));
                     } else {
-                        substore.put(kv.substring(0, index), 
-                            val);
+                        substore.put(kv.substring(0, index),
+                                val);
                     }
                 }
             }
@@ -864,8 +862,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             } catch (InstantiationException e) {
                 instancesConfig.removeSubStore(id);
@@ -882,8 +880,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             } catch (IllegalAccessException e) {
                 instancesConfig.removeSubStore(id);
@@ -900,8 +898,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             }
 
@@ -962,8 +960,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
@@ -1026,28 +1024,28 @@ public class LogAdminServlet extends AdminServlet {
         }
     }
 
-    private synchronized void listLogPlugins(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listLogPlugins(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration<String> e = mSys.getLogPlugins().keys();
 
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
-            LogPlugin value = (LogPlugin) 
-                mSys.getLogPlugins().get(name);
+            LogPlugin value = (LogPlugin)
+                    mSys.getLogPlugins().get(name);
             // get Description
-            String c = value.getClassPath();	
+            String c = value.getClassPath();
             String desc = "unknown";
 
             try {
                 ILogEventListener lp = (ILogEventListener)
-                    Class.forName(c).newInstance();
+                        Class.forName(c).newInstance();
 
                 desc = lp.getDescription();
             } catch (Exception exp) {
-                sendResponse(ERROR, exp.toString(), null, 
-                    resp);
+                sendResponse(ERROR, exp.toString(), null,
+                        resp);
                 return;
             }
             params.add(name, value.getClassPath() + "," + desc);
@@ -1069,11 +1067,11 @@ public class LogAdminServlet extends AdminServlet {
     /**
      * Delete log instance
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
-     * configuring signedAudit
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of the log's substore
@@ -1081,9 +1079,9 @@ public class LogAdminServlet extends AdminServlet {
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void delLogInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) 
-        throws ServletException, IOException, EBaseException {
+    private synchronized void delLogInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1116,8 +1114,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1135,8 +1133,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(),
-                    null, resp);
+                        new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(),
+                        null, resp);
                 return;
             }
 
@@ -1144,15 +1142,15 @@ public class LogAdminServlet extends AdminServlet {
             // cannot shutdown because we don't keep track of whether it's
             // being used. 
             ILogEventListener logInst = (ILogEventListener)
-                mSys.getLogInstance(id);
+                    mSys.getLogInstance(id);
 
             mSys.getLogInsts().remove((Object) id);
 
             // remove the configuration.
             IConfigStore destStore =
-                mConfig.getSubStore("log");
+                    mConfig.getSubStore("log");
             IConfigStore instancesConfig =
-                destStore.getSubStore("instance");
+                    destStore.getSubStore("instance");
 
             instancesConfig.removeSubStore(id);
             // commiting
@@ -1173,8 +1171,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
@@ -1233,11 +1231,11 @@ public class LogAdminServlet extends AdminServlet {
     /**
      * Delete log plug-in
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
-     * configuring signedAudit
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of the log's substore
@@ -1245,9 +1243,9 @@ public class LogAdminServlet extends AdminServlet {
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void delLogPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) 
-        throws ServletException, IOException, EBaseException {
+    private synchronized void delLogPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1280,8 +1278,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1298,15 +1296,14 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",id)).toString(),
-                    null, resp);
+                        new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", id)).toString(),
+                        null, resp);
                 return;
             }
 
             // first check if any instances from this log
             // DON'T remove log if any instance
-            for (Enumeration<String> e = mSys.getLogInsts().keys();
-                e.hasMoreElements();) {
+            for (Enumeration<String> e = mSys.getLogInsts().keys(); e.hasMoreElements();) {
                 String name = (String) e.nextElement();
                 ILogEventListener log = mSys.getLogInstance(name);
 
@@ -1323,19 +1320,19 @@ public class LogAdminServlet extends AdminServlet {
                     }
 
                     sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_IN_USE"), 
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_IN_USE"),
+                            null, resp);
                     return;
                 }
             }
-		
+
             // then delete this log
             mSys.getLogPlugins().remove((Object) id);
 
             IConfigStore destStore =
-                mConfig.getSubStore("log");
+                    mConfig.getSubStore("log");
             IConfigStore instancesConfig =
-                destStore.getSubStore("impl");
+                    destStore.getSubStore("impl");
 
             instancesConfig.removeSubStore(id);
             // commiting
@@ -1354,8 +1351,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
@@ -1414,18 +1411,13 @@ public class LogAdminServlet extends AdminServlet {
     /**
      * Modify log instance
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
-     * configuring signedAudit
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE used when log file
-     * name (including any path changes) for any of audit, system, transaction, 
-     * or other customized log file change is attempted (authorization should
-     * not allow, but make sure it's written after the attempt)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE used when log
-     * expiration time change is attempted (authorization should not allow, but
-     * make sure it's written after the attempt)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when configuring signedAudit
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE used when log file name (including any path changes) for any of audit, system, transaction, or other customized log file change is attempted (authorization should not allow, but make sure it's written after the attempt)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE used when log expiration time change is attempted (authorization should not allow, but make sure it's written after the attempt)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of the log's substore
@@ -1433,9 +1425,9 @@ public class LogAdminServlet extends AdminServlet {
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void modLogInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void modLogInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -1490,8 +1482,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1509,8 +1501,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_INST_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1530,14 +1522,14 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"),
+                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"),
 
-                    null, resp);
+                        null, resp);
                 return;
             }
             // get plugin for implementation
             LogPlugin plugin =
-                (LogPlugin) mSys.getLogPlugins().get(implname);
+                    (LogPlugin) mSys.getLogPlugins().get(implname);
 
             if (plugin == null) {
                 // store a message in the signed audit log file
@@ -1552,14 +1544,14 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(), null, resp);
+                        new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)).toString(), null, resp);
                 return;
             }
 
             // save old instance substore params in case new one fails.
 
             ILogEventListener oldinst =
-                (ILogEventListener) mSys.getLogInstance(id);
+                    (ILogEventListener) mSys.getLogInstance(id);
             Vector<String> oldConfigParms = oldinst.getInstanceParams();
             NameValuePairs saveParams = new NameValuePairs();
 
@@ -1571,7 +1563,7 @@ public class LogAdminServlet extends AdminServlet {
                     int index = kv.indexOf('=');
 
                     saveParams.add(kv.substring(0, index),
-                        kv.substring(index + 1));
+                            kv.substring(index + 1));
                 }
             }
 
@@ -1580,9 +1572,9 @@ public class LogAdminServlet extends AdminServlet {
             // remove old substore.
 
             IConfigStore destStore =
-                mConfig.getSubStore("log");
+                    mConfig.getSubStore("log");
             IConfigStore instancesConfig =
-                destStore.getSubStore("instance");
+                    destStore.getSubStore("instance");
 
             // create new substore.
 
@@ -1627,16 +1619,15 @@ public class LogAdminServlet extends AdminServlet {
 
             if (configParams != null) {
                 for (int i = 0; i < configParams.size(); i++) {
-                    AUTHZ_RES_NAME = 
+                    AUTHZ_RES_NAME =
                             "certServer.log.configuration";
                     String kv = (String) configParams.elementAt(i);
                     int index = kv.indexOf('=');
                     String key = kv.substring(0, index);
                     String val = req.getParameter(key);
 
-                    if
-                    (key.equals("level")) {
-                        if (val.equals(ILogger.LL_DEBUG_STRING)) 
+                    if (key.equals("level")) {
+                        if (val.equals(ILogger.LL_DEBUG_STRING))
                             val = "0";
                         else if (val.equals(ILogger.LL_INFO_STRING))
                             val = "1";
@@ -1653,9 +1644,8 @@ public class LogAdminServlet extends AdminServlet {
 
                     }
 
-                    if
-                    (key.equals("rolloverInterval")) {
-                        if (val.equals("Hourly")) 
+                    if (key.equals("rolloverInterval")) {
+                        if (val.equals("Hourly"))
                             val = Integer.toString(60 * 60);
                         else if (val.equals("Daily"))
                             val = Integer.toString(60 * 60 * 24);
@@ -1667,8 +1657,7 @@ public class LogAdminServlet extends AdminServlet {
                             val = Integer.toString(60 * 60 * 24 * 365);
                     }
 
-                    if
-                    (key.equals(Constants.PR_LOG_TYPE)) {
+                    if (key.equals(Constants.PR_LOG_TYPE)) {
                         type = val;
                     }
 
@@ -1679,7 +1668,7 @@ public class LogAdminServlet extends AdminServlet {
                             val = val.trim();
                             newLogPath = val;
                             if (!val.equals(origVal.trim())) {
-                                AUTHZ_RES_NAME = 
+                                AUTHZ_RES_NAME =
                                         "certServer.log.configuration.fileName";
                                 mOp = "modify";
                                 if ((mToken = super.authorize(req)) == null) {
@@ -1709,58 +1698,58 @@ public class LogAdminServlet extends AdminServlet {
                                     }
 
                                     sendResponse(ERROR,
-                                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                        null, resp);
-                                    return;
-                                }
-                            }
-                        }
-/*
-                        if (key.equals("expirationTime")) {
-                            String origVal = substore.getString(key);
-
-                            val = val.trim();
-                            newExpirationTime = val;
-                            if (!val.equals(origVal.trim())) {
-                                if (id.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                                    AUTHZ_RES_NAME = 
-                                            "certServer.log.configuration.signedAudit.expirationTime";
-                                }
-                                mOp = "modify";
-                                if ((mToken = super.authorize(req)) == null) {
-                                    // store a message in the signed audit log
-                                    // file (regardless of logType)
-                                    if (!(newExpirationTime.equals(origExpirationTime))) {
-                                        auditMessage = CMS.getLogMessage(
-                                                    LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-                                                    auditSubjectID,
-                                                    ILogger.FAILURE,
-                                                    logType,
-                                                    newExpirationTime);
-
-                                        audit(auditMessage);
-                                    }
-
-                                    // store a message in the signed audit log
-                                    // file
-                                    if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                                        auditMessage = CMS.getLogMessage(
-                                                    LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                                    auditSubjectID,
-                                                    ILogger.FAILURE,
-                                                    auditParams(req));
-
-                                        audit(auditMessage);
-                                    }
-
-                                    sendResponse(ERROR,
-                                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                        null, resp);
+                                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                            null, resp);
                                     return;
                                 }
                             }
                         }
-*/
+                        /*
+                                                if (key.equals("expirationTime")) {
+                                                    String origVal = substore.getString(key);
+
+                                                    val = val.trim();
+                                                    newExpirationTime = val;
+                                                    if (!val.equals(origVal.trim())) {
+                                                        if (id.equals(SIGNED_AUDIT_LOG_TYPE)) {
+                                                            AUTHZ_RES_NAME = 
+                                                                    "certServer.log.configuration.signedAudit.expirationTime";
+                                                        }
+                                                        mOp = "modify";
+                                                        if ((mToken = super.authorize(req)) == null) {
+                                                            // store a message in the signed audit log
+                                                            // file (regardless of logType)
+                                                            if (!(newExpirationTime.equals(origExpirationTime))) {
+                                                                auditMessage = CMS.getLogMessage(
+                                                                            LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
+                                                                            auditSubjectID,
+                                                                            ILogger.FAILURE,
+                                                                            logType,
+                                                                            newExpirationTime);
+
+                                                                audit(auditMessage);
+                                                            }
+
+                                                            // store a message in the signed audit log
+                                                            // file
+                                                            if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
+                                                                auditMessage = CMS.getLogMessage(
+                                                                            LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+                                                                            auditSubjectID,
+                                                                            ILogger.FAILURE,
+                                                                            auditParams(req));
+
+                                                                audit(auditMessage);
+                                                            }
+
+                                                            sendResponse(ERROR,
+                                                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                                                null, resp);
+                                                            return;
+                                                        }
+                                                    }
+                                                }
+                        */
                         substore.put(key, val);
                     }
                 }
@@ -1772,7 +1761,7 @@ public class LogAdminServlet extends AdminServlet {
             ILogEventListener newMgrInst = null;
 
             try {
-                newMgrInst = (ILogEventListener) 
+                newMgrInst = (ILogEventListener)
                         Class.forName(className).newInstance();
             } catch (ClassNotFoundException e) {
                 // check to see if the log file path parameter was changed
@@ -1823,8 +1812,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             } catch (InstantiationException e) {
                 // check to see if the log file path parameter was changed
@@ -1873,8 +1862,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             } catch (IllegalAccessException e) {
                 // check to see if the log file path parameter was changed
@@ -1923,8 +1912,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             }
             // initialize the log
@@ -1981,16 +1970,16 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
             // commited ok. replace instance.
 
-			// REMOVED - we didn't do anything to shut off the old instance
-			// so, it will still be running at this point. You'd have two
-			// log isntances writing to the same file - this would be a big PROBLEM!!!
+            // REMOVED - we didn't do anything to shut off the old instance
+            // so, it will still be running at this point. You'd have two
+            // log isntances writing to the same file - this would be a big PROBLEM!!!
 
             //mSys.getLogInsts().put(id, newMgrInst);
 
@@ -2184,24 +2173,24 @@ public class LogAdminServlet extends AdminServlet {
 
     /**
      * used for getting the required configuration parameters (with
-     *	 possible default values) for a particular  plugin
-     * implementation name specified in the RS_ID.  Actually, there is
-     *	 no logic in here to set any default value here...there's no
-     *	 default value for any parameter in this log subsystem
-     *	 at this point.  Later, if we do have one (or some), it can be
-     *	 added.  The interface remains the same.
+     * possible default values) for a particular plugin
+     * implementation name specified in the RS_ID. Actually, there is
+     * no logic in here to set any default value here...there's no
+     * default value for any parameter in this log subsystem
+     * at this point. Later, if we do have one (or some), it can be
+     * added. The interface remains the same.
      */
-    private synchronized void getConfig(HttpServletRequest req, 
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void getConfig(HttpServletRequest req,
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
 
         String implname = req.getParameter(Constants.RS_ID);
 
         if (implname == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -2218,8 +2207,8 @@ public class LogAdminServlet extends AdminServlet {
                 if (index == -1) {
                     params.add(kv, "");
                 } else {
-                    params.add(kv.substring(0, index), 
-                        kv.substring(index + 1));
+                    params.add(kv.substring(0, index),
+                            kv.substring(index + 1));
                 }
             }
         }
@@ -2227,8 +2216,8 @@ public class LogAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void getInstConfig(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void getInstConfig(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
@@ -2236,34 +2225,34 @@ public class LogAdminServlet extends AdminServlet {
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does log instance exist?
         if (mSys.getLogInsts().containsKey(id) == false) {
             sendResponse(ERROR,
-                new ELogNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(),
-                null, resp);
+                    new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
         ILogEventListener logInst = (ILogEventListener)
-            mSys.getLogInstance(id);
+                mSys.getLogInstance(id);
         Vector<String> configParams = logInst.getInstanceParams();
         NameValuePairs params = new NameValuePairs();
 
-        params.add(Constants.PR_LOG_IMPL_NAME, 
-            getLogPluginName(logInst));
+        params.add(Constants.PR_LOG_IMPL_NAME,
+                getLogPluginName(logInst));
         // implName is always required so always send it.
         if (configParams != null) {
             for (int i = 0; i < configParams.size(); i++) {
                 String kv = (String) configParams.elementAt(i);
                 int index = kv.indexOf('=');
 
-                params.add(kv.substring(0, index), 
-                    kv.substring(index + 1));
+                params.add(kv.substring(0, index),
+                        kv.substring(index + 1));
             }
         }
 
@@ -2272,8 +2261,8 @@ public class LogAdminServlet extends AdminServlet {
     }
 
     // convenience routine.
-    private static void restore(IConfigStore store, 
-        String id, NameValuePairs saveParams) {
+    private static void restore(IConfigStore store,
+            String id, NameValuePairs saveParams) {
         store.removeSubStore(id);
         IConfigStore rstore = store.makeSubStore(id);
 
@@ -2283,17 +2272,17 @@ public class LogAdminServlet extends AdminServlet {
             String key = (String) keys.nextElement();
             String value = saveParams.getValue(key);
 
-            if (value != null) 
+            if (value != null)
                 rstore.put(key, value);
         }
     }
 
     /**
      * Signed Audit Check Log Path
-     *
+     * 
      * This method is called to extract the log file path.
      * <P>
-     *
+     * 
      * @param req http servlet request
      * @return a string containing the log file path
      */
@@ -2311,7 +2300,7 @@ public class LogAdminServlet extends AdminServlet {
     }
 
     private void getGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -2327,11 +2316,11 @@ public class LogAdminServlet extends AdminServlet {
     }
 
     private void setGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         @SuppressWarnings("unchecked")
-		Enumeration<String> enum1 = req.getParameterNames();
+        Enumeration<String> enum1 = req.getParameterNames();
         boolean restart = false;
 
         while (enum1.hasMoreElements()) {
@@ -2353,7 +2342,7 @@ public class LogAdminServlet extends AdminServlet {
                     CMS.debug("setGeneralConfig: Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL + ": " + value);
                     throw new EBaseException("Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL);
                 }
-            } 
+            }
         }
 
         mConfig.commit(true);
@@ -2365,4 +2354,3 @@ public class LogAdminServlet extends AdminServlet {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java
index 152b364f..a968b5b3 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -39,13 +38,12 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.ocsp.IOCSPAuthority;
 import com.netscape.certsrv.ocsp.IOCSPStore;
 
-
 /**
  * A class representings an administration servlet for Certificate
- * Authority. This servlet is responsible to serve OCSP 
- * administrative operations such as configuration parameter 
+ * Authority. This servlet is responsible to serve OCSP
+ * administrative operations such as configuration parameter
  * updates.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class OCSPAdminServlet extends AdminServlet {
@@ -60,7 +58,7 @@ public class OCSPAdminServlet extends AdminServlet {
     private final static String INFO = "OCSPAdminServlet";
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE =
-        "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3";
 
     private IOCSPAuthority mOCSP = null;
 
@@ -88,9 +86,9 @@ public class OCSPAdminServlet extends AdminServlet {
      * the authenticate manager.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
-			    
+
         //get all operational flags
         String op = req.getParameter(Constants.OP_TYPE);
         String scope = req.getParameter(Constants.OP_SCOPE);
@@ -99,18 +97,18 @@ public class OCSPAdminServlet extends AdminServlet {
         if ((op == null) || (scope == null)) {
             sendResponse(1, "Invalid Protocol", null, resp);
             return;
-        }			    
+        }
 
         super.authenticate(req);
-		
+
         try {
             AUTHZ_RES_NAME = "certServer.ocsp.configuration";
             if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 try {
@@ -126,8 +124,8 @@ public class OCSPAdminServlet extends AdminServlet {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     setDefaultStore(req, resp);
@@ -139,8 +137,8 @@ public class OCSPAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_GENERAL)) {
@@ -154,8 +152,8 @@ public class OCSPAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_GENERAL)) {
@@ -169,8 +167,8 @@ public class OCSPAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_OCSPSTORES_RULES)) {
@@ -189,7 +187,7 @@ public class OCSPAdminServlet extends AdminServlet {
      * type info from CRL extensions
      */
     private void getExtendedPluginInfo(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
         int colon = id.indexOf(':');
@@ -198,7 +196,7 @@ public class OCSPAdminServlet extends AdminServlet {
         String implName = id.substring(colon + 1);
 
         NameValuePairs params =
-            getExtendedPluginInfo(getLocale(req), implType, implName);
+                getExtendedPluginInfo(getLocale(req), implType, implName);
 
         sendResponse(SUCCESS, null, params, resp);
     }
@@ -229,12 +227,11 @@ public class OCSPAdminServlet extends AdminServlet {
     /**
      * Set default OCSP store
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when
-     * configuring OCSP profile (everything under Online Certificate Status
-     * Manager)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under Online Certificate Status Manager)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
@@ -242,8 +239,8 @@ public class OCSPAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     private void setDefaultStore(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -253,7 +250,7 @@ public class OCSPAdminServlet extends AdminServlet {
             String id = req.getParameter(Constants.RS_ID);
 
             mOCSP.getConfigStore().putString(IOCSPAuthority.PROP_DEF_STORE_ID,
-                id);
+                    id);
             commit(true);
 
             // store a message in the signed audit log file
@@ -306,8 +303,8 @@ public class OCSPAdminServlet extends AdminServlet {
     }
 
     private void getOCSPStoresConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         IOCSPStore store = mOCSP.getOCSPStore(id);
@@ -319,12 +316,11 @@ public class OCSPAdminServlet extends AdminServlet {
     /**
      * Set OCSP store configuration
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when
-     * configuring OCSP profile (everything under Online Certificate Status
-     * Manager)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under Online Certificate Status Manager)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
@@ -332,8 +328,8 @@ public class OCSPAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     private void setOCSPStoresConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -418,8 +414,8 @@ public class OCSPAdminServlet extends AdminServlet {
     }
 
     private void listOCSPStoresConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         IConfigStore config = mOCSP.getConfigStore();
         String defStore = config.getString(IOCSPAuthority.PROP_DEF_STORE_ID);
@@ -439,7 +435,7 @@ public class OCSPAdminServlet extends AdminServlet {
     }
 
     private void getGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -451,7 +447,7 @@ public class OCSPAdminServlet extends AdminServlet {
 
     private void getSigningAlgConfig(NameValuePairs params) {
         params.add(Constants.PR_DEFAULT_ALGORITHM,
-            mOCSP.getDefaultAlgorithm());
+                mOCSP.getDefaultAlgorithm());
         String[] algorithms = mOCSP.getOCSPSigningAlgorithms();
         StringBuffer algorStr = new StringBuffer();
 
@@ -460,7 +456,7 @@ public class OCSPAdminServlet extends AdminServlet {
                 algorStr.append(algorithms[i]);
             else
                 algorStr.append(":");
-                algorStr.append(algorithms[i]);
+            algorStr.append(algorithms[i]);
         }
         params.add(Constants.PR_ALL_ALGORITHMS, algorStr.toString());
     }
@@ -468,12 +464,11 @@ public class OCSPAdminServlet extends AdminServlet {
     /**
      * Set general OCSP configuration
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when
-     * configuring OCSP profile (everything under Online Certificate Status
-     * Manager)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when configuring OCSP profile (everything under Online Certificate Status Manager)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
@@ -481,7 +476,7 @@ public class OCSPAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     private void setGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -538,7 +533,7 @@ public class OCSPAdminServlet extends AdminServlet {
 
             // rethrow the specific exception to be handled later
             throw eAudit2;
-            
+
         }
     }
-}    
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java
index 10a768a2..e2193cd6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -44,14 +43,13 @@ import com.netscape.certsrv.policy.IPolicyProcessor;
 import com.netscape.certsrv.policy.IPolicyRule;
 import com.netscape.certsrv.ra.IRegistrationAuthority;
 
-
 /**
  * This class is an administration servlet for policy management.
- *
+ * 
  * Each service (CA, KRA, RA) should be responsible
  * for registering an instance of this with the remote
  * administration subsystem.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PolicyAdminServlet extends AdminServlet {
@@ -63,8 +61,8 @@ public class PolicyAdminServlet extends AdminServlet {
     public final static String PROP_AUTHORITY = "authority";
 
     private final static String INFO = "PolicyAdminServlet";
-    private final static String PW_PASSWORD_CACHE_ADD = 
-        "PASSWORD_CACHE_ADD";
+    private final static String PW_PASSWORD_CACHE_ADD =
+            "PASSWORD_CACHE_ADD";
 
     public final static String PROP_PREDICATE = "predicate";
     private IPolicyProcessor mProcessor = null;
@@ -85,7 +83,7 @@ public class PolicyAdminServlet extends AdminServlet {
     public static String MISSING_POLICY_ORDERING = "Missing policy ordering";
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY =
-        "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3";
 
     /**
      * Constructs administration servlet.
@@ -102,7 +100,7 @@ public class PolicyAdminServlet extends AdminServlet {
         String authority = config.getInitParameter(PROP_AUTHORITY);
         String policyStatus = null;
 
-        CMS.debug( "PolicyAdminServlet: In Policy Admin Servlet init!" );
+        CMS.debug("PolicyAdminServlet: In Policy Admin Servlet init!");
 
         // CMS 6.1 began utilizing the "Certificate Profiles" framework
         // instead of the legacy "Certificate Policies" framework.
@@ -138,28 +136,28 @@ public class PolicyAdminServlet extends AdminServlet {
                     policyStatus = ICertificateAuthority.ID
                                  + "." + "Policy"
                                  + "." + IPolicyProcessor.PROP_ENABLE;
-                    if( mConfig.getBoolean( policyStatus, true ) == true ) {
+                    if (mConfig.getBoolean(policyStatus, true) == true) {
                         // NOTE:  If "ca.Policy.enable=<boolean>" is missing,
                         //        then the referenced instance existed prior
                         //        to this name=value pair existing in its
                         //        'CS.cfg' file, and thus we err on the
                         //        side that the user may still need to
                         //        use the policy framework.
-                        CMS.debug( "PolicyAdminServlet::init "
+                        CMS.debug("PolicyAdminServlet::init "
                                  + "Certificate Policy Framework (deprecated) "
-                                 + "is ENABLED" );
+                                 + "is ENABLED");
                     } else {
                         // CS 8.1 Default:  ca.Policy.enable=false
-                        CMS.debug( "PolicyAdminServlet::init "
+                        CMS.debug("PolicyAdminServlet::init "
                                  + "Certificate Policy Framework (deprecated) "
-                                 + "is DISABLED" );
-                        return; 
+                                 + "is DISABLED");
+                        return;
                     }
-                } catch( EBaseException e ) {
-                    throw new ServletException( authority
+                } catch (EBaseException e) {
+                    throw new ServletException(authority
                                               + " does not have a "
                                               + "master policy switch called '"
-                                              + policyStatus + "'" );
+                                              + policyStatus + "'");
                 }
             } else if (mAuthority instanceof IRegistrationAuthority) {
                 // this refers to the legacy RA (pre-CMS 7.0)
@@ -167,34 +165,34 @@ public class PolicyAdminServlet extends AdminServlet {
             } else if (mAuthority instanceof IKeyRecoveryAuthority) {
                 mProcessor = ((IKeyRecoveryAuthority) mAuthority).getPolicyProcessor();
                 try {
-                   policyStatus = IKeyRecoveryAuthority.ID
+                    policyStatus = IKeyRecoveryAuthority.ID
                                 + "." + "Policy"
                                 + "." + IPolicyProcessor.PROP_ENABLE;
-                    if( mConfig.getBoolean( policyStatus, true ) == true ) {
+                    if (mConfig.getBoolean(policyStatus, true) == true) {
                         // NOTE:  If "kra.Policy.enable=<boolean>" is missing,
                         //        then the referenced instance existed prior
                         //        to this name=value pair existing in its
                         //        'CS.cfg' file, and thus we err on the
                         //        side that the user may still need to
                         //        use the policy framework.
-                        CMS.debug( "PolicyAdminServlet::init "
+                        CMS.debug("PolicyAdminServlet::init "
                                  + "Certificate Policy Framework (deprecated) "
-                                 + "is ENABLED" );
+                                 + "is ENABLED");
                     } else {
                         // CS 8.1 Default:  kra.Policy.enable=false
-                        CMS.debug( "PolicyAdminServlet::init "
+                        CMS.debug("PolicyAdminServlet::init "
                                  + "Certificate Policy Framework (deprecated) "
-                                 + "is DISABLED" );
-                        return; 
+                                 + "is DISABLED");
+                        return;
                     }
-                } catch( EBaseException e ) {
-                    throw new ServletException( authority
+                } catch (EBaseException e) {
+                    throw new ServletException(authority
                                               + " does not have a "
                                               + "master policy switch called '"
-                                              + policyStatus + "'" );
+                                              + policyStatus + "'");
                 }
-            } else 
-                throw new ServletException(authority + "  does not have policy processor!"); 
+            } else
+                throw new ServletException(authority + "  does not have policy processor!");
     }
 
     /**
@@ -204,15 +202,15 @@ public class PolicyAdminServlet extends AdminServlet {
         return INFO;
     }
 
-    /** 
+    /**
      * retrieve extended plugin info such as brief description, type info
-     * from policy, authentication, 
-     *   need to add: listener, mapper and publishing plugins
+     * from policy, authentication,
+     * need to add: listener, mapper and publishing plugins
      */
     private void getExtendedPluginInfo(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-       
+
         if (!readAuthorize(req, resp))
             return;
         String id = req.getParameter(Constants.RS_ID);
@@ -248,27 +246,27 @@ public class PolicyAdminServlet extends AdminServlet {
                 ext_info = (IExtendedPluginInfo) impl;
             }
         }
-		
+
         NameValuePairs nvps = null;
-		
+
         if (ext_info == null) {
             nvps = new NameValuePairs();
         } else {
             nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
         }
-		
+
         return nvps;
     }
 
     public NameValuePairs getExtendedPluginInfo(Locale locale, String pluginType,
-        String implName,
-        String instName) {
+            String implName,
+            String instName) {
         IExtendedPluginInfo ext_info = null;
 
         Object impl = null;
 
         IPolicyRule policy = mProcessor.getPolicyInstance(instName);
-		
+
         impl = policy;
         if (impl == null) {
             impl = mProcessor.getPolicyImpl(implName);
@@ -313,8 +311,8 @@ public class PolicyAdminServlet extends AdminServlet {
      * Serves HTTP admin request.
      */
     public void service(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         super.service(req, resp);
 
         super.authenticate(req);
@@ -332,30 +330,30 @@ public class PolicyAdminServlet extends AdminServlet {
             } catch (EBaseException e) {
                 sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
                 return;
-            } 
+            }
         } else
             sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp);
     }
 
-    private boolean readAuthorize(HttpServletRequest req, 
-        HttpServletResponse resp) throws IOException {
+    private boolean readAuthorize(HttpServletRequest req,
+            HttpServletResponse resp) throws IOException {
         mOp = "read";
         if ((mToken = super.authorize(req)) == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                    null, resp);
             return false;
         }
         return true;
     }
 
-    private boolean modifyAuthorize(HttpServletRequest req, 
-        HttpServletResponse resp) throws IOException {
+    private boolean modifyAuthorize(HttpServletRequest req,
+            HttpServletResponse resp) throws IOException {
         mOp = "modify";
         if ((mToken = super.authorize(req)) == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                    null, resp);
             return false;
         }
         return true;
@@ -365,8 +363,8 @@ public class PolicyAdminServlet extends AdminServlet {
      * Process Policy Implementation Management.
      */
     public void processPolicyImplMgmt(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -388,12 +386,12 @@ public class PolicyAdminServlet extends AdminServlet {
             addPolicyImpl(req, resp);
         } else
             sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
-                null, resp);
+                    null, resp);
     }
 
     public void processPolicyRuleMgmt(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -424,17 +422,17 @@ public class PolicyAdminServlet extends AdminServlet {
                 modifyPolicyInstance(req, resp);
         } else
             sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
-                null, resp);
+                    null, resp);
     }
 
     public void listPolicyImpls(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         Enumeration policyImplNames = mProcessor.getPolicyImplsInfo();
         Enumeration policyImpls = mProcessor.getPolicyImpls();
 
         if (policyImplNames == null ||
-            policyImpls == null) {
+                policyImpls == null) {
             sendResponse(ERROR, INVALID_POLICY_IMPL_CONFIG, null, resp);
             return;
         }
@@ -443,12 +441,12 @@ public class PolicyAdminServlet extends AdminServlet {
         NameValuePairs nvp = new NameValuePairs();
 
         while (policyImplNames.hasMoreElements() &&
-            policyImpls.hasMoreElements()) {
+                policyImpls.hasMoreElements()) {
             String id = (String) policyImplNames.nextElement();
             IPolicyRule impl = (IPolicyRule)
-                policyImpls.nextElement();
+                    policyImpls.nextElement();
             String className =
-                impl.getClass().getName();
+                    impl.getClass().getName();
             String desc = impl.getDescription();
 
             nvp.add(id, className + "," + desc);
@@ -457,8 +455,8 @@ public class PolicyAdminServlet extends AdminServlet {
     }
 
     public void listPolicyInstances(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         Enumeration instancesInfo = mProcessor.getPolicyInstancesInfo();
 
         if (instancesInfo == null) {
@@ -475,7 +473,7 @@ public class PolicyAdminServlet extends AdminServlet {
             int i = info.indexOf(";");
 
             nvp.add(info.substring(0, i), info.substring(i + 1));
-			
+
         }
         sendResponse(SUCCESS, null, nvp, resp);
     }
@@ -483,19 +481,19 @@ public class PolicyAdminServlet extends AdminServlet {
     /**
      * Delete policy implementation
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
-     * configuring cert policy constraints and extensions
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void deletePolicyImpl(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -574,8 +572,8 @@ public class PolicyAdminServlet extends AdminServlet {
     }
 
     public void getPolicyImplConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get the policy impl id.
         String id = req.getParameter(Constants.RS_ID);
 
@@ -604,19 +602,19 @@ public class PolicyAdminServlet extends AdminServlet {
     /**
      * Add policy implementation
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
-     * configuring cert policy constraints and extensions
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void addPolicyImpl(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -710,19 +708,19 @@ public class PolicyAdminServlet extends AdminServlet {
     /**
      * Delete policy instance
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
-     * configuring cert policy constraints and extensions
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void deletePolicyInstance(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -801,8 +799,8 @@ public class PolicyAdminServlet extends AdminServlet {
     }
 
     public void getPolicyInstanceConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get the policy rule id.
         String id = req.getParameter(Constants.RS_ID).trim();
 
@@ -836,7 +834,7 @@ public class PolicyAdminServlet extends AdminServlet {
     }
 
     public void
-    putUserPWPair(String combo) {
+            putUserPWPair(String combo) {
         int semicolon;
 
         semicolon = combo.indexOf(";");
@@ -849,19 +847,19 @@ public class PolicyAdminServlet extends AdminServlet {
     /**
      * Add policy instance
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
-     * configuring cert policy constraints and extensions
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void addPolicyInstance(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1005,19 +1003,19 @@ public class PolicyAdminServlet extends AdminServlet {
     /**
      * Change ordering of policy instances
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
-     * configuring cert policy constraints and extensions
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void changePolicyInstanceOrdering(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1025,7 +1023,7 @@ public class PolicyAdminServlet extends AdminServlet {
         // to the signed audit log and stored as failures
         try {
             String policyOrder =
-                req.getParameter(Constants.PR_POLICY_ORDER);
+                    req.getParameter(Constants.PR_POLICY_ORDER);
 
             if (policyOrder == null) {
                 // store a message in the signed audit log file
@@ -1095,19 +1093,19 @@ public class PolicyAdminServlet extends AdminServlet {
     /**
      * Modify policy instance
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
-     * configuring cert policy constraints and extensions
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when configuring cert policy constraints and extensions
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void modifyPolicyInstance(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1252,4 +1250,3 @@ public class PolicyAdminServlet extends AdminServlet {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
index 9c83a30c..99f61935 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.File;
 import java.io.IOException;
 import java.util.Enumeration;
@@ -53,14 +52,13 @@ import com.netscape.certsrv.registry.IPluginInfo;
 import com.netscape.certsrv.registry.IPluginRegistry;
 import com.netscape.cms.profile.common.ProfilePolicy;
 
-
 /**
  * This class is an administration servlet for policy management.
- *
+ * 
  * Each service (CA, KRA, RA) should be responsible
  * for registering an instance of this with the remote
  * administration subsystem.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileAdminServlet extends AdminServlet {
@@ -72,8 +70,8 @@ public class ProfileAdminServlet extends AdminServlet {
     public final static String PROP_AUTHORITY = "authority";
 
     private final static String INFO = "ProfileAdminServlet";
-    private final static String PW_PASSWORD_CACHE_ADD = 
-        "PASSWORD_CACHE_ADD";
+    private final static String PW_PASSWORD_CACHE_ADD =
+            "PASSWORD_CACHE_ADD";
 
     public final static String PROP_PREDICATE = "predicate";
     private IAuthority mAuthority = null;
@@ -97,7 +95,7 @@ public class ProfileAdminServlet extends AdminServlet {
     public static String BAD_CONFIGURATION_VAL = "Invalid configuration value.";
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE =
-        "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3";
 
     /**
      * Constructs administration servlet.
@@ -130,8 +128,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * Serves HTTP admin request.
      */
     public void service(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         super.service(req, resp);
 
         super.authenticate(req);
@@ -139,7 +137,7 @@ public class ProfileAdminServlet extends AdminServlet {
         AUTHZ_RES_NAME = "certServer.profile.configuration";
         String scope = req.getParameter(Constants.OP_SCOPE);
 
-         CMS.debug("ProfileAdminServlet: service scope: " + scope);
+        CMS.debug("ProfileAdminServlet: service scope: " + scope);
         if (scope.equals(ScopeDef.SC_PROFILE_RULES)) {
             processProfileRuleMgmt(req, resp);
         } else if (scope.equals(ScopeDef.SC_PROFILE_POLICIES)) {
@@ -162,33 +160,33 @@ public class ProfileAdminServlet extends AdminServlet {
             sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp);
     }
 
-    private boolean readAuthorize(HttpServletRequest req, 
-        HttpServletResponse resp) throws IOException {
+    private boolean readAuthorize(HttpServletRequest req,
+            HttpServletResponse resp) throws IOException {
         mOp = "read";
         if ((mToken = super.authorize(req)) == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                    null, resp);
             return false;
         }
         return true;
     }
 
-    private boolean modifyAuthorize(HttpServletRequest req, 
-        HttpServletResponse resp) throws IOException {
+    private boolean modifyAuthorize(HttpServletRequest req,
+            HttpServletResponse resp) throws IOException {
         mOp = "modify";
         if ((mToken = super.authorize(req)) == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                    null, resp);
             return false;
         }
         return true;
     }
 
     public void processProfilePolicy(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -208,8 +206,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void processProfileInput(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
         String scope = super.getParameter(req, Constants.OP_SCOPE);
@@ -230,8 +228,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void processProfileOutput(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
         String scope = super.getParameter(req, Constants.OP_SCOPE);
@@ -252,8 +250,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void processProfileInputConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -269,8 +267,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void processProfileOutputConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -286,8 +284,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void processPolicyDefaultConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -307,8 +305,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void processPolicyConstraintConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -332,8 +330,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * Process Policy Implementation Management.
      */
     public void processPolicyImplMgmt(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -343,12 +341,12 @@ public class ProfileAdminServlet extends AdminServlet {
             listProfileImpls(req, resp);
         } else
             sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
-                null, resp);
+                    null, resp);
     }
 
     public void processProfileRuleMgmt(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -374,15 +372,15 @@ public class ProfileAdminServlet extends AdminServlet {
             modifyProfileInstance(req, resp);
         } else
             sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
-                null, resp);
+                    null, resp);
     }
 
     /**
      * Lists all registered profile impementations
      */
     public void listProfileImpls(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
 
         Enumeration<String> impls = mRegistry.getIds("profile");
         NameValuePairs nvp = new NameValuePairs();
@@ -391,29 +389,28 @@ public class ProfileAdminServlet extends AdminServlet {
             String id = (String) impls.nextElement();
             IPluginInfo info = mRegistry.getPluginInfo("profile", id);
 
-            nvp.add(id, info.getClassName() + "," + 
-                info.getDescription(getLocale(req)));
-        } 
+            nvp.add(id, info.getClassName() + "," +
+                    info.getDescription(getLocale(req)));
+        }
         sendResponse(SUCCESS, null, nvp, resp);
     }
 
     /**
      * Add policy profile
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
-     * configuring cert profile (general settings and cert profile; obsoletes
-     * extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void addProfilePolicy(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -451,10 +448,10 @@ public class ProfileAdminServlet extends AdminServlet {
 
             if (mProfileSub.isProfileEnable(profileId)) {
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), 
-                    "CMS_PROFILE_CREATE_POLICY_FAILED",
-                    "Profile is currently enabled"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req),
+                                "CMS_PROFILE_CREATE_POLICY_FAILED",
+                                "Profile is currently enabled"),
+                        null, resp);
                 return;
             }
 
@@ -466,27 +463,27 @@ public class ProfileAdminServlet extends AdminServlet {
 
             try {
                 if (!isValidId(setId)) {
-                  sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), 
-                    "CMS_PROFILE_CREATE_POLICY_FAILED",
-                    "Invalid set id " + setId),
-                    null, resp);
-                  return;
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req),
+                                    "CMS_PROFILE_CREATE_POLICY_FAILED",
+                                    "Invalid set id " + setId),
+                            null, resp);
+                    return;
                 }
                 if (!isValidId(pId)) {
-                  sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), 
-                    "CMS_PROFILE_CREATE_POLICY_FAILED",
-                    "Invalid policy id " + pId),
-                    null, resp);
-                  return;
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req),
+                                    "CMS_PROFILE_CREATE_POLICY_FAILED",
+                                    "Invalid policy id " + pId),
+                            null, resp);
+                    return;
                 }
                 policy = profile.createProfilePolicy(setId, pId,
                             defImpl, conImpl);
             } catch (EBaseException e1) {
                 // error
                 CMS.debug("ProfileAdminServlet: addProfilePolicy " +
-                    e1.toString());
+                        e1.toString());
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
@@ -498,9 +495,9 @@ public class ProfileAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_POLICY_FAILED",
-                    e1.toString()),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_POLICY_FAILED",
+                                e1.toString()),
+                        null, resp);
                 return;
             }
             NameValuePairs nvp = new NameValuePairs();
@@ -545,20 +542,19 @@ public class ProfileAdminServlet extends AdminServlet {
     /**
      * Add profile input
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
-     * configuring cert profile (general settings and cert profile; obsoletes
-     * extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void addProfileInput(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -594,11 +590,11 @@ public class ProfileAdminServlet extends AdminServlet {
 
             IProfileInput input = null;
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
             NameValuePairs nvps = new NameValuePairs();
 
             while (names.hasMoreElements()) {
-                String name =  names.nextElement();
+                String name = names.nextElement();
 
                 if (name.equals("OP_SCOPE"))
                     continue;
@@ -623,9 +619,9 @@ public class ProfileAdminServlet extends AdminServlet {
 
                 audit(auditMessage);
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_INPUT_FAILED",
-                    e1.toString()),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_INPUT_FAILED",
+                                e1.toString()),
+                        null, resp);
 
                 return;
             }
@@ -672,20 +668,19 @@ public class ProfileAdminServlet extends AdminServlet {
     /**
      * Add profile output
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
-     * configuring cert profile (general settings and cert profile; obsoletes
-     * extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void addProfileOutput(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -721,11 +716,11 @@ public class ProfileAdminServlet extends AdminServlet {
 
             IProfileOutput output = null;
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
             NameValuePairs nvps = new NameValuePairs();
 
             while (names.hasMoreElements()) {
-                String name =  names.nextElement();
+                String name = names.nextElement();
 
                 if (name.equals("OP_SCOPE"))
                     continue;
@@ -751,9 +746,9 @@ public class ProfileAdminServlet extends AdminServlet {
 
                 audit(auditMessage);
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_OUTPUT_FAILED", 
-                    e1.toString()),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_OUTPUT_FAILED",
+                                e1.toString()),
+                        null, resp);
 
                 return;
             }
@@ -800,20 +795,19 @@ public class ProfileAdminServlet extends AdminServlet {
     /**
      * Delete policy profile
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
-     * configuring cert profile (general settings and cert profile; obsoletes
-     * extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void deleteProfilePolicy(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -823,10 +817,10 @@ public class ProfileAdminServlet extends AdminServlet {
             String profileId = "";
             String policyId = "";
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
             while (names.hasMoreElements()) {
-                String name =  names.nextElement();
+                String name = names.nextElement();
 
                 if (name.equals("OP_SCOPE"))
                     continue;
@@ -921,20 +915,19 @@ public class ProfileAdminServlet extends AdminServlet {
     /**
      * Delete profile input
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
-     * configuring cert profile (general settings and cert profile; obsoletes
-     * extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void deleteProfileInput(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -944,7 +937,7 @@ public class ProfileAdminServlet extends AdminServlet {
             String profileId = "";
             String inputId = "";
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
             while (names.hasMoreElements()) {
                 String name = names.nextElement();
@@ -1039,20 +1032,19 @@ public class ProfileAdminServlet extends AdminServlet {
     /**
      * Delete profile output
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
-     * configuring cert profile (general settings and cert profile; obsoletes
-     * extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void deleteProfileOutput(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1062,7 +1054,7 @@ public class ProfileAdminServlet extends AdminServlet {
             String profileId = "";
             String outputId = "";
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
             while (names.hasMoreElements()) {
                 String name = (String) names.nextElement();
@@ -1157,20 +1149,19 @@ public class ProfileAdminServlet extends AdminServlet {
     /**
      * Add default policy profile configuration
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
-     * configuring cert profile (general settings and cert profile; obsoletes
-     * extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void addPolicyDefaultConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1201,7 +1192,7 @@ public class ProfileAdminServlet extends AdminServlet {
 
                 sendResponse(ERROR, null, null, resp);
                 return;
-            } 
+            }
 
             StringTokenizer ss = new StringTokenizer(policyId, ":");
             String setId = ss.nextToken();
@@ -1210,9 +1201,9 @@ public class ProfileAdminServlet extends AdminServlet {
             IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
             IPolicyDefault def = policy.getDefault();
             IConfigStore defConfig = def.getConfigStore();
-        
+
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
             while (names.hasMoreElements()) {
                 String name = (String) names.nextElement();
@@ -1224,16 +1215,17 @@ public class ProfileAdminServlet extends AdminServlet {
                 if (name.equals("RS_ID"))
                     continue;
                 try {
-                    def.setConfig(name,req.getParameter(name));
+                    def.setConfig(name, req.getParameter(name));
 
                 } catch (EPropertyException e) {
 
-                   CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
-                   try {
-                     profile.deleteProfilePolicy(setId, pId);
-                   } catch (Exception e11) {}
-                   sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
-                   return;
+                    CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
+                    try {
+                        profile.deleteProfilePolicy(setId, pId);
+                    } catch (Exception e11) {
+                    }
+                    sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
+                    return;
                 }
                 // defConfig.putString("params." + name, req.getParameter(name));
             }
@@ -1294,20 +1286,19 @@ public class ProfileAdminServlet extends AdminServlet {
     /**
      * Add policy constraints profile configuration
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
-     * configuring cert profile (general settings and cert profile; obsoletes
-     * extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void addPolicyConstraintConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1338,7 +1329,7 @@ public class ProfileAdminServlet extends AdminServlet {
 
                 sendResponse(ERROR, null, null, resp);
                 return;
-            } 
+            }
 
             StringTokenizer ss = new StringTokenizer(policyId, ":");
             String setId = ss.nextToken();
@@ -1349,10 +1340,10 @@ public class ProfileAdminServlet extends AdminServlet {
             IConfigStore conConfig = con.getConfigStore();
 
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
             while (names.hasMoreElements()) {
-                String name =  names.nextElement();
+                String name = names.nextElement();
 
                 if (name.equals("OP_SCOPE"))
                     continue;
@@ -1362,16 +1353,17 @@ public class ProfileAdminServlet extends AdminServlet {
                     continue;
 
                 try {
-                    con.setConfig(name,req.getParameter(name));
+                    con.setConfig(name, req.getParameter(name));
 
                 } catch (EPropertyException e) {
 
-                   CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception.");
-                   try {
-                     profile.deleteProfilePolicy(setId, pId);
-                   } catch (Exception e11) {}
-                   sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
-                   return;
+                    CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception.");
+                    try {
+                        profile.deleteProfilePolicy(setId, pId);
+                    } catch (Exception e11) {
+                    }
+                    sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
+                    return;
                 }
                 // conConfig.putString("params." + name, req.getParameter(name));
             }
@@ -1433,20 +1425,19 @@ public class ProfileAdminServlet extends AdminServlet {
     /**
      * Modify default policy profile configuration
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
-     * configuring cert profile (general settings and cert profile; obsoletes
-     * extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void modifyPolicyDefaultConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1477,7 +1468,7 @@ public class ProfileAdminServlet extends AdminServlet {
 
                 sendResponse(ERROR, null, null, resp);
                 return;
-            } 
+            }
 
             StringTokenizer ss = new StringTokenizer(policyId, ":");
             String setId = ss.nextToken();
@@ -1485,9 +1476,9 @@ public class ProfileAdminServlet extends AdminServlet {
             IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
             IPolicyDefault def = policy.getDefault();
             IConfigStore defConfig = def.getConfigStore();
-        
+
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
             while (names.hasMoreElements()) {
                 String name = (String) names.nextElement();
@@ -1499,15 +1490,15 @@ public class ProfileAdminServlet extends AdminServlet {
                 if (name.equals("RS_ID"))
                     continue;
                 try {
-                    def.setConfig(name,req.getParameter(name));
+                    def.setConfig(name, req.getParameter(name));
 
                 } catch (EPropertyException e) {
 
-                   CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
-                   sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
-                   return;
+                    CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
+                    sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
+                    return;
                 }
-               //  defConfig.putString("params." + name, req.getParameter(name));
+                //  defConfig.putString("params." + name, req.getParameter(name));
             }
             try {
                 profile.getConfigStore().commit(false);
@@ -1566,20 +1557,19 @@ public class ProfileAdminServlet extends AdminServlet {
     /**
      * Modify profile input configuration
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
-     * configuring cert profile (general settings and cert profile; obsoletes
-     * extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void modifyInputConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1616,7 +1606,7 @@ public class ProfileAdminServlet extends AdminServlet {
             IConfigStore inputConfig = input.getConfigStore();
 
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
             while (names.hasMoreElements()) {
                 String name = (String) names.nextElement();
@@ -1686,20 +1676,19 @@ public class ProfileAdminServlet extends AdminServlet {
     /**
      * Modify profile output configuration
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
-     * configuring cert profile (general settings and cert profile; obsoletes
-     * extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void modifyOutputConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1736,7 +1725,7 @@ public class ProfileAdminServlet extends AdminServlet {
             IConfigStore outputConfig = output.getConfigStore();
 
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
             while (names.hasMoreElements()) {
                 String name = (String) names.nextElement();
@@ -1748,7 +1737,7 @@ public class ProfileAdminServlet extends AdminServlet {
                 if (name.equals("RS_ID"))
                     continue;
                 outputConfig.putString("params." + name,
-                    req.getParameter(name));
+                        req.getParameter(name));
             }
             try {
                 profile.getConfigStore().commit(false);
@@ -1807,20 +1796,19 @@ public class ProfileAdminServlet extends AdminServlet {
     /**
      * Modify policy constraints profile configuration
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
-     * configuring cert profile (general settings and cert profile; obsoletes
-     * extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void modifyPolicyConstraintConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1851,7 +1839,7 @@ public class ProfileAdminServlet extends AdminServlet {
 
                 sendResponse(ERROR, null, null, resp);
                 return;
-            } 
+            }
 
             StringTokenizer ss = new StringTokenizer(policyId, ":");
             String setId = ss.nextToken();
@@ -1861,9 +1849,9 @@ public class ProfileAdminServlet extends AdminServlet {
             IConfigStore conConfig = con.getConfigStore();
 
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
-            CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + policy + " con " + con); 
+            CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + policy + " con " + con);
             while (names.hasMoreElements()) {
                 String name = (String) names.nextElement();
 
@@ -1874,15 +1862,15 @@ public class ProfileAdminServlet extends AdminServlet {
                 if (name.equals("RS_ID"))
                     continue;
 
-             //   CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" + name  + " val " + req.getParameter(name));
+                //   CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" + name  + " val " + req.getParameter(name));
                 try {
-                    con.setConfig(name,req.getParameter(name));
+                    con.setConfig(name, req.getParameter(name));
 
                 } catch (EPropertyException e) {
 
-                   CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception.");
-                   sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
-                   return;
+                    CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception.");
+                    sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
+                    return;
                 }
                 //conConfig.putString("params." + name, req.getParameter(name));
             }
@@ -1942,8 +1930,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void getPolicyDefaultConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String id = req.getParameter(Constants.RS_ID);
 
         StringTokenizer st = new StringTokenizer(id, ";");
@@ -1955,9 +1943,9 @@ public class ProfileAdminServlet extends AdminServlet {
         try {
             profile = mProfileSub.getProfile(profileId);
         } catch (EBaseException e1) {
-            CMS.debug( "ProfileAdminServlet::getPolicyDefaultConfig() - " +
-                       "profile is null!" );
-            throw new ServletException( e1.toString() );
+            CMS.debug("ProfileAdminServlet::getPolicyDefaultConfig() - " +
+                       "profile is null!");
+            throw new ServletException(e1.toString());
         }
 
         IProfilePolicy policy = null;
@@ -1987,15 +1975,15 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void getPolicyConstraintConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String id = req.getParameter(Constants.RS_ID);
         String constraintsList = req.getParameter(Constants.PR_CONSTRAINTS_LIST);
 
         // this one gets called when one of the elements in the default list get
         // selected, then it returns the list of supported constraintsPolicy
         if (constraintsList != null) {
-            
+
         }
 
         StringTokenizer st = new StringTokenizer(id, ";");
@@ -2007,9 +1995,9 @@ public class ProfileAdminServlet extends AdminServlet {
         try {
             profile = mProfileSub.getProfile(profileId);
         } catch (EBaseException e1) {
-            CMS.debug( "ProfileAdminServlet::getPolicyConstraintConfig() - " +
-                       "profile is null!" );
-            throw new ServletException( e1.toString() );
+            CMS.debug("ProfileAdminServlet::getPolicyConstraintConfig() - " +
+                       "profile is null!");
+            throw new ServletException(e1.toString());
         }
 
         StringTokenizer ss = new StringTokenizer(policyId, ":");
@@ -2035,8 +2023,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void getProfilePolicy(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String id = req.getParameter(Constants.RS_ID);
 
         // only allow profile retrival if it is disabled
@@ -2046,9 +2034,9 @@ public class ProfileAdminServlet extends AdminServlet {
         try {
             profile = mProfileSub.getProfile(id);
         } catch (EBaseException e1) {
-            CMS.debug( "ProfileAdminServlet::getProfilePolicy() - " +
-                       "profile is null!" );
-            throw new ServletException( e1.toString() );
+            CMS.debug("ProfileAdminServlet::getProfilePolicy() - " +
+                       "profile is null!");
+            throw new ServletException(e1.toString());
         }
 
         NameValuePairs nvp = new NameValuePairs();
@@ -2070,9 +2058,9 @@ public class ProfileAdminServlet extends AdminServlet {
                 IPolicyConstraint con = policy.getConstraint();
                 IConfigStore conConfig = con.getConfigStore();
 
-                nvp.add(setId + ":" + policy.getId(), 
-                    def.getName(getLocale(req)) + ";" + 
-                    con.getName(getLocale(req)));
+                nvp.add(setId + ":" + policy.getId(),
+                        def.getName(getLocale(req)) + ";" +
+                                con.getName(getLocale(req)));
             }
         }
 
@@ -2080,17 +2068,17 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void getProfileOutput(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String id = req.getParameter(Constants.RS_ID);
         IProfile profile = null;
 
         try {
             profile = mProfileSub.getProfile(id);
         } catch (EBaseException e1) {
-            CMS.debug( "ProfileAdminServlet::getProfileOutput() - " +
-                       "profile is null!" );
-            throw new ServletException( e1.toString() );
+            CMS.debug("ProfileAdminServlet::getProfileOutput() - " +
+                       "profile is null!");
+            throw new ServletException(e1.toString());
         }
 
         NameValuePairs nvp = new NameValuePairs();
@@ -2107,17 +2095,17 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void getProfileInput(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String id = req.getParameter(Constants.RS_ID);
         IProfile profile = null;
 
         try {
             profile = mProfileSub.getProfile(id);
         } catch (EBaseException e1) {
-            CMS.debug( "ProfileAdminServlet::getProfileInput() - " +
-                       "profile is null!" );
-            throw new ServletException( e1.toString() );
+            CMS.debug("ProfileAdminServlet::getProfileInput() - " +
+                       "profile is null!");
+            throw new ServletException(e1.toString());
         }
 
         NameValuePairs nvp = new NameValuePairs();
@@ -2134,9 +2122,9 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void getInputConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
-        
+            HttpServletResponse resp)
+            throws ServletException, IOException {
+
         String id = req.getParameter(Constants.RS_ID);
         StringTokenizer st = new StringTokenizer(id, ";");
         String profileId = st.nextToken();
@@ -2146,9 +2134,9 @@ public class ProfileAdminServlet extends AdminServlet {
         try {
             profile = mProfileSub.getProfile(profileId);
         } catch (EBaseException e1) {
-            CMS.debug( "ProfileAdminServlet::getInputConfig() - " +
-                       "profile is null!" );
-            throw new ServletException( e1.toString() );
+            CMS.debug("ProfileAdminServlet::getInputConfig() - " +
+                       "profile is null!");
+            throw new ServletException(e1.toString());
         }
 
         IProfileInput profileInput = null;
@@ -2160,14 +2148,14 @@ public class ProfileAdminServlet extends AdminServlet {
         while (names.hasMoreElements()) {
             String name = names.nextElement();
             IDescriptor desc = profileInput.getConfigDescriptor(
-		getLocale(req), name);
+                    getLocale(req), name);
             if (desc == null) {
                 nvp.add(name, ";" + ";" + profileInput.getConfig(name));
             } else {
-                nvp.add(name, desc.getSyntax() + ";" + 
+                nvp.add(name, desc.getSyntax() + ";" +
                         getNonNull(desc.getConstraint()) + ";" +
                         desc.getDescription(getLocale(req)) + ";" +
-			profileInput.getConfig(name));
+                        profileInput.getConfig(name));
             }
         }
 
@@ -2175,8 +2163,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void getOutputConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
 
         String id = req.getParameter(Constants.RS_ID);
         StringTokenizer st = new StringTokenizer(id, ";");
@@ -2187,9 +2175,9 @@ public class ProfileAdminServlet extends AdminServlet {
         try {
             profile = mProfileSub.getProfile(profileId);
         } catch (EBaseException e1) {
-            CMS.debug( "ProfileAdminServlet::getOutputConfig() - " +
-                       "profile is null!" );
-            throw new ServletException( e1.toString() );
+            CMS.debug("ProfileAdminServlet::getOutputConfig() - " +
+                       "profile is null!");
+            throw new ServletException(e1.toString());
         }
 
         IProfileOutput profileOutput = null;
@@ -2201,14 +2189,14 @@ public class ProfileAdminServlet extends AdminServlet {
         while (names.hasMoreElements()) {
             String name = names.nextElement();
             IDescriptor desc = profileOutput.getConfigDescriptor(
-		getLocale(req), name);
+                    getLocale(req), name);
             if (desc == null) {
                 nvp.add(name, ";" + ";" + profileOutput.getConfig(name));
             } else {
-                nvp.add(name, desc.getSyntax() + ";" + 
+                nvp.add(name, desc.getSyntax() + ";" +
                         getNonNull(desc.getConstraint()) + ";" +
                         desc.getDescription(getLocale(req)) + ";" +
-			profileOutput.getConfig(name));
+                        profileOutput.getConfig(name));
             }
         }
 
@@ -2216,14 +2204,14 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void listProfileInstances(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
 
         NameValuePairs nvp = new NameValuePairs();
         Enumeration<String> e = mProfileSub.getProfileIds();
 
         while (e.hasMoreElements()) {
-            String profileId =  e.nextElement();
+            String profileId = e.nextElement();
             IProfile profile = null;
 
             try {
@@ -2231,7 +2219,7 @@ public class ProfileAdminServlet extends AdminServlet {
             } catch (EBaseException e1) {
                 // error
             }
-        
+
             String status = null;
 
             if (mProfileSub.isProfileEnable(profileId)) {
@@ -2247,8 +2235,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void getProfileInstanceConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
 
         String id = req.getParameter(Constants.RS_ID);
         IProfile profile = null;
@@ -2256,9 +2244,9 @@ public class ProfileAdminServlet extends AdminServlet {
         try {
             profile = mProfileSub.getProfile(id);
         } catch (EBaseException e1) {
-            CMS.debug( "ProfileAdminServlet::getProfileInstanceConfig() - " +
-                       "profile is null!" );
-            throw new ServletException( e1.toString() );
+            CMS.debug("ProfileAdminServlet::getProfileInstanceConfig() - " +
+                       "profile is null!");
+            throw new ServletException(e1.toString());
         }
 
         NameValuePairs nvp = new NameValuePairs();
@@ -2285,20 +2273,19 @@ public class ProfileAdminServlet extends AdminServlet {
     /**
      * Delete profile instance
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
-     * configuring cert profile (general settings and cert profile; obsoletes
-     * extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void deleteProfileInstance(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -2324,14 +2311,14 @@ public class ProfileAdminServlet extends AdminServlet {
 
             String config = null;
 
-            ISubsystem subsystem = CMS.getSubsystem("ca"); 
+            ISubsystem subsystem = CMS.getSubsystem("ca");
             String subname = "ca";
 
-            if (subsystem == null) 
-                 subname = "ra";
+            if (subsystem == null)
+                subname = "ra";
 
             try {
-                config = CMS.getConfigStore().getString("instanceRoot") + 
+                config = CMS.getConfigStore().getString("instanceRoot") +
                         "/profiles/" + subname + "/" + id + ".cfg";
             } catch (EBaseException e) {
                 // store a message in the signed audit log file
@@ -2346,7 +2333,7 @@ public class ProfileAdminServlet extends AdminServlet {
                 sendResponse(ERROR, null, null, resp);
                 return;
             }
-        
+
             try {
                 mProfileSub.deleteProfile(id, config);
             } catch (EProfileException e) {
@@ -2401,7 +2388,7 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void
-    putUserPWPair(String combo) {
+            putUserPWPair(String combo) {
         int semicolon;
 
         semicolon = combo.indexOf(";");
@@ -2411,12 +2398,11 @@ public class ProfileAdminServlet extends AdminServlet {
         CMS.putPasswordCache(user, pw);
     }
 
-    public boolean isValidId(String id)
-    {
+    public boolean isValidId(String id) {
         for (int i = 0; i < id.length(); i++) {
-           char c = id.charAt(i);
-           if (!Character.isLetterOrDigit(c))
-             return false;
+            char c = id.charAt(i);
+            if (!Character.isLetterOrDigit(c))
+                return false;
         }
         return true;
     }
@@ -2424,20 +2410,19 @@ public class ProfileAdminServlet extends AdminServlet {
     /**
      * Add profile instance
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
-     * configuring cert profile (general settings and cert profile; obsoletes
-     * extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void addProfileInstance(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -2465,14 +2450,14 @@ public class ProfileAdminServlet extends AdminServlet {
             IProfile p = null;
 
             try {
-                p = mProfileSub.getProfile(id); 
+                p = mProfileSub.getProfile(id);
             } catch (EProfileException e1) {
             }
             if (p != null) {
                 sendResponse(ERROR, POLICY_INST_ID_ALREADY_USED, null, resp);
                 return;
             }
-            
+
             String impl = req.getParameter("impl");
             String name = req.getParameter("name");
             String desc = req.getParameter("desc");
@@ -2516,8 +2501,8 @@ public class ProfileAdminServlet extends AdminServlet {
                 profile = mProfileSub.createProfile(id, impl,
                             info.getClassName(),
                             config);
-                profile.setName(getLocale(req), name); 
-                profile.setDescription(getLocale(req), name); 
+                profile.setName(getLocale(req), name);
+                profile.setDescription(getLocale(req), name);
                 if (visible != null && visible.equals("true")) {
                     profile.setVisible(true);
                 } else {
@@ -2528,10 +2513,10 @@ public class ProfileAdminServlet extends AdminServlet {
 
                 mProfileSub.createProfileConfig(id, impl, config);
                 if (profile instanceof IProfileEx) {
-                  // populates profile specific plugins such as
- 	          // policies, inputs and outputs
-                  ((IProfileEx)profile).populate();
-                }  
+                    // populates profile specific plugins such as
+                    // policies, inputs and outputs
+                    ((IProfileEx) profile).populate();
+                }
             } catch (Exception e) {
                 CMS.debug("ProfileAdminServlet: " + e.toString());
 
@@ -2588,20 +2573,19 @@ public class ProfileAdminServlet extends AdminServlet {
     /**
      * Modify profile instance
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
-     * configuring cert profile (general settings and cert profile; obsoletes
-     * extensions and constraints policies)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when configuring cert profile (general settings and cert profile; obsoletes extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void modifyProfileInstance(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -2656,7 +2640,7 @@ public class ProfileAdminServlet extends AdminServlet {
             audit(auditMessage);
 
             try {
-              profile.getConfigStore().commit(false);
+                profile.getConfigStore().commit(false);
             } catch (Exception e) {
             }
 
@@ -2688,11 +2672,10 @@ public class ProfileAdminServlet extends AdminServlet {
         }
     }
 
-   protected String getNonNull(String s) {
-       if (s == null)
-           return "";
-       return s;
-   }
+    protected String getNonNull(String s) {
+        if (s == null)
+            return "";
+        return s;
+    }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java
index 2842542e..22aa306e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -68,12 +67,11 @@ import com.netscape.certsrv.publish.RulePlugin;
 import com.netscape.certsrv.security.ICryptoSubsystem;
 import com.netscape.cmsutil.password.IPasswordStore;
 
-
 /**
  * A class representing an publishing servlet for the
- * Publishing subsystem.  This servlet is responsible
+ * Publishing subsystem. This servlet is responsible
  * to serve configuration requests for the Publishing subsystem.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PublisherAdminServlet extends AdminServlet {
@@ -85,8 +83,8 @@ public class PublisherAdminServlet extends AdminServlet {
     public final static String PROP_AUTHORITY = "authority";
 
     private final static String INFO = "PublisherAdminServlet";
-    private final static String PW_TAG_CA_LDAP_PUBLISHING = 
-        "CA LDAP Publishing";
+    private final static String PW_TAG_CA_LDAP_PUBLISHING =
+            "CA LDAP Publishing";
     public final static String NOMAPPER = "<NONE>";
     private IPublisherProcessor mProcessor = null;
     private IAuthority mAuth = null;
@@ -110,22 +108,22 @@ public class PublisherAdminServlet extends AdminServlet {
         if (mAuth != null)
             if (mAuth instanceof ICertificateAuthority) {
                 mProcessor = ((ICertificateAuthority) mAuth).getPublisherProcessor();
-            } else 
-                throw new ServletException(authority + "  does not have publishing processor!"); 
+            } else
+                throw new ServletException(authority + "  does not have publishing processor!");
     }
 
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
      * Serves HTTP admin request.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
 
         CMS.debug("PublisherAdminServlet: in service");
@@ -134,9 +132,9 @@ public class PublisherAdminServlet extends AdminServlet {
 
         if (op == null) {
             //System.out.println("SRVLT_INVALID_PROTOCOL");
-            sendResponse(ERROR, 
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                null, resp);
+            sendResponse(ERROR,
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+                    null, resp);
             return;
         }
 
@@ -149,8 +147,8 @@ public class PublisherAdminServlet extends AdminServlet {
                 return;
             }
         } catch (IOException e) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"), 
-                null, resp);
+            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
+                    null, resp);
             return;
         }
         try {
@@ -160,8 +158,8 @@ public class PublisherAdminServlet extends AdminServlet {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_LDAP)) {
@@ -188,13 +186,13 @@ public class PublisherAdminServlet extends AdminServlet {
                     } else if (scope.equals(ScopeDef.SC_RULE_RULES)) {
                         getRuleInstConfig(req, resp);
                         return;
-                    } 
+                    }
                 } else if (op.equals(OpDef.OP_MODIFY)) {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_LDAP)) {
@@ -214,20 +212,20 @@ public class PublisherAdminServlet extends AdminServlet {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_LDAP)) {
                         testSetLDAPDest(req, resp);
                         return;
-                    } 
+                    }
                 } else if (op.equals(OpDef.OP_SEARCH)) {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) {
@@ -242,7 +240,7 @@ public class PublisherAdminServlet extends AdminServlet {
                     } else if (scope.equals(ScopeDef.SC_MAPPER_RULES)) {
                         listMapperInsts(req, resp);
                         return;
-                    } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) { 
+                    } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) {
                         listRulePlugins(req, resp);
                         return;
                     } else if (scope.equals(ScopeDef.SC_RULE_RULES)) {
@@ -253,8 +251,8 @@ public class PublisherAdminServlet extends AdminServlet {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) {
@@ -275,13 +273,13 @@ public class PublisherAdminServlet extends AdminServlet {
                     } else if (scope.equals(ScopeDef.SC_RULE_RULES)) {
                         addRuleInst(req, resp, scope);
                         return;
-                    } 
+                    }
                 } else if (op.equals(OpDef.OP_DELETE)) {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) {
@@ -304,31 +302,31 @@ public class PublisherAdminServlet extends AdminServlet {
                         return;
                     }
                 } else {
-                    sendResponse(ERROR, 
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
-                        null, resp);
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
+                            null, resp);
                     return;
                 }
             } else {
                 //System.out.println("SRVLT_INVALID_OP_SCOPE");
-                sendResponse(ERROR, 
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                    null, resp);
+                sendResponse(ERROR,
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                        null, resp);
                 return;
             }
         } catch (EBaseException e) {
             sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
             return;
-        } 
+        }
         //System.out.println("SRVLT_FAIL_PERFORM 2");
         sendResponse(ERROR,
-            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
-            null, resp);
+                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+                null, resp);
         return;
     }
 
     private IExtendedPluginInfo getExtendedPluginInfo(IPublisherProcessor
-        p) {
+            p) {
         Enumeration mappers = p.getMapperInsts().keys();
         Enumeration publishers = p.getPublisherInsts().keys();
 
@@ -337,11 +335,11 @@ public class PublisherAdminServlet extends AdminServlet {
         for (; mappers.hasMoreElements();) {
             String name = (String) mappers.nextElement();
 
-            if (map.length()== 0) {
-              map.append(name);
+            if (map.length() == 0) {
+                map.append(name);
             } else {
-              map.append(",");
-              map.append(name);
+                map.append(",");
+                map.append(name);
             }
         }
         StringBuffer publish = new StringBuffer();
@@ -379,12 +377,11 @@ public class PublisherAdminServlet extends AdminServlet {
         } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_MAPPER)) {
             IPublisherProcessor p_processor = mProcessor;
             Plugin plugin = (Plugin) p_processor.getMapperPlugins().get(implName
-                );
+                    );
 
             impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath());
 
-        } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER)
-        ) {
+        } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER)) {
             IPublisherProcessor p_processor = mProcessor;
             Plugin plugin = (Plugin) p_processor.getPublisherPlugins().get(implName);
 
@@ -408,13 +405,13 @@ public class PublisherAdminServlet extends AdminServlet {
 
     }
 
-    /** 
+    /**
      * retrieve extended plugin info such as brief description, type info
-     * from policy, authentication, 
-     *   need to add: listener, mapper and publishing plugins
+     * from policy, authentication,
+     * need to add: listener, mapper and publishing plugins
      */
     private void getExtendedPluginInfo(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
@@ -423,14 +420,14 @@ public class PublisherAdminServlet extends AdminServlet {
         String implType = id.substring(0, colon);
         String implName = id.substring(colon + 1);
 
-        NameValuePairs params = 
-            getExtendedPluginInfo(getLocale(req), implType, implName);
+        NameValuePairs params =
+                getExtendedPluginInfo(getLocale(req), implType, implName);
 
         sendResponse(SUCCESS, null, params, resp);
     }
-	
+
     private void getLDAPDest(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         IConfigStore config = mAuth.getConfigStore();
@@ -482,25 +479,25 @@ public class PublisherAdminServlet extends AdminServlet {
                 params.add(name, value);
             }
         }
-        params.add(Constants.PR_PUBLISHING_ENABLE, 
-            publishcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
+        params.add(Constants.PR_PUBLISHING_ENABLE,
+                publishcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
         params.add(Constants.PR_PUBLISHING_QUEUE_ENABLE,
-            publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE));
+                publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE));
         params.add(Constants.PR_PUBLISHING_QUEUE_THREADS,
-            publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_THREADS, "3"));
+                publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_THREADS, "3"));
         params.add(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE,
-            publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40"));
+                publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40"));
         params.add(Constants.PR_PUBLISHING_QUEUE_PRIORITY,
-            publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0"));
+                publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0"));
         params.add(Constants.PR_PUBLISHING_QUEUE_STATUS,
-            publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_STATUS, "200"));
-        params.add(Constants.PR_ENABLE, 
-            ldapcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
+                publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_STATUS, "200"));
+        params.add(Constants.PR_ENABLE,
+                ldapcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
         sendResponse(SUCCESS, null, params, resp);
     }
 
     private void setLDAPDest(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
         //Save New Settings to the config file
@@ -518,7 +515,7 @@ public class PublisherAdminServlet extends AdminServlet {
             // need to disable the ldap module here
             mProcessor.setLdapConnModule(null);
         }
-			
+
         //set reset of the parameters
         Enumeration e = req.getParameterNames();
         String pwd = null;
@@ -536,9 +533,9 @@ public class PublisherAdminServlet extends AdminServlet {
                 continue;
             if (name.equals(Constants.PR_PUBLISHING_ENABLE))
                 continue;
-                // don't store password in the config file.
-            if (name.equals(Constants.PR_BIND_PASSWD)) 
-                continue;		// old style password read from config.
+            // don't store password in the config file.
+            if (name.equals(Constants.PR_BIND_PASSWD))
+                continue; // old style password read from config.
             if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) {
                 pwd = req.getParameter(name);
                 continue;
@@ -567,7 +564,7 @@ public class PublisherAdminServlet extends AdminServlet {
             /* Don't enter the publishing pw into the config store */
             ldap.putString(name, req.getParameter(name));
         }
-			
+
         commit(true);
 
         /* Do a "PUT" of the new pw to the watchdog" 
@@ -580,27 +577,27 @@ public class PublisherAdminServlet extends AdminServlet {
         // update passwordFile
         String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT);
         IPasswordStore pwdStore = CMS.getPasswordStore();
-        CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for "+            prompt + " to password file");
+        CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for " + prompt + " to password file");
         pwdStore.putPassword(prompt, pwd);
         pwdStore.commit();
         CMS.debug("PublisherAdminServlet: setLDAPDest(): password saved");
 
-/* we'll shut down and restart the PublisherProcessor instead
-        // what a hack to  do this without require restart server
-//        ILdapAuthInfo authInfo = CMS.getLdapAuthInfo();
-        ILdapConnModule connModule = mProcessor.getLdapConnModule();
-        ILdapAuthInfo authInfo = null;
-        if (connModule != null) {
-            authInfo = connModule.getLdapAuthInfo();
-        }
+        /* we'll shut down and restart the PublisherProcessor instead
+                // what a hack to  do this without require restart server
+        //        ILdapAuthInfo authInfo = CMS.getLdapAuthInfo();
+                ILdapConnModule connModule = mProcessor.getLdapConnModule();
+                ILdapAuthInfo authInfo = null;
+                if (connModule != null) {
+                    authInfo = connModule.getLdapAuthInfo();
+                }
 
-//        authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd);
-        if (authInfo != null) {
-            CMS.debug("PublisherAdminServlet: setLDAPDest(): adding password to memory cache");
-            authInfo.addPassword(prompt, pwd);
-        } else
-            CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null");
-*/
+        //        authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd);
+                if (authInfo != null) {
+                    CMS.debug("PublisherAdminServlet: setLDAPDest(): adding password to memory cache");
+                    authInfo.addPassword(prompt, pwd);
+                } else
+                    CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null");
+        */
 
         try {
             CMS.debug("PublisherAdminServlet: setLDAPDest(): restarting publishing processor");
@@ -618,7 +615,7 @@ public class PublisherAdminServlet extends AdminServlet {
     }
 
     private void testSetLDAPDest(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
         CMS.debug("PublisherAdmineServlet: in testSetLDAPDest");
@@ -629,8 +626,8 @@ public class PublisherAdminServlet extends AdminServlet {
         IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP);
 
         //set enable flag
-        publishcfg.putString(IPublisherProcessor.PROP_ENABLE, 
-            req.getParameter(Constants.PR_PUBLISHING_ENABLE));
+        publishcfg.putString(IPublisherProcessor.PROP_ENABLE,
+                req.getParameter(Constants.PR_PUBLISHING_ENABLE));
         String ldapPublish = req.getParameter(Constants.PR_ENABLE);
 
         ldapcfg.putString(IPublisherProcessor.PROP_ENABLE, ldapPublish);
@@ -656,9 +653,9 @@ public class PublisherAdminServlet extends AdminServlet {
                 continue;
             if (name.equals(Constants.PR_PUBLISHING_ENABLE))
                 continue;
-                // don't store password in the config file.
-            if (name.equals(Constants.PR_BIND_PASSWD)) 
-                continue;		// old style password read from config.
+            // don't store password in the config file.
+            if (name.equals(Constants.PR_BIND_PASSWD))
+                continue; // old style password read from config.
             if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) {
                 pwd = req.getParameter(name);
                 continue;
@@ -687,22 +684,22 @@ public class PublisherAdminServlet extends AdminServlet {
             /* Don't enter the publishing pw into the config store */
             ldap.putString(name, req.getParameter(name));
         }
-	
+
         // test before commit
         if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) &&
-            ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) {
-            params.add("title", 
-                "You've attempted to configure CMS to connect" +
-                " to a LDAP directory. The connection status is" +
-                " as follows:\n \n");
+                ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) {
+            params.add("title",
+                    "You've attempted to configure CMS to connect" +
+                            " to a LDAP directory. The connection status is" +
+                            " as follows:\n \n");
             LDAPConnection conn = null;
             ILdapConnInfo connInfo =
-                CMS.getLdapConnInfo(ldap.getSubStore(
-                        ILdapBoundConnFactory.PROP_LDAPCONNINFO));
+                    CMS.getLdapConnInfo(ldap.getSubStore(
+                            ILdapBoundConnFactory.PROP_LDAPCONNINFO));
             //LdapAuthInfo authInfo =
             //new LdapAuthInfo(ldap.getSubStore(
             //			   ILdapBoundConnFactory.PROP_LDAPAUTHINFO));
-            String host = connInfo.getHost(); 
+            String host = connInfo.getHost();
             int port = connInfo.getPort();
             boolean secure = connInfo.getSecure();
             //int authType = authInfo.getAuthType();
@@ -720,51 +717,51 @@ public class PublisherAdminServlet extends AdminServlet {
                     conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory(
                                     certNickName));
                     CMS.debug("Publishing Test certNickName=" + certNickName);
-                    params.add(Constants.PR_CONN_INITED, 
-                        "Create ssl LDAPConnection with certificate: " + 
-                        certNickName + dashes(70 - 44 - certNickName.length()) + " Success");
+                    params.add(Constants.PR_CONN_INITED,
+                            "Create ssl LDAPConnection with certificate: " +
+                                    certNickName + dashes(70 - 44 - certNickName.length()) + " Success");
                 } catch (Exception ex) {
-                    params.add(Constants.PR_CONN_INIT_FAIL, 
-                        "Create ssl LDAPConnection with certificate: " + 
-                        certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + " exception: " + ex);
-                    params.add(Constants.PR_SAVE_NOT, 
-                        "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" + 
-                        "Do you want to save the configuration anyway?");
+                    params.add(Constants.PR_CONN_INIT_FAIL,
+                            "Create ssl LDAPConnection with certificate: " +
+                                    certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + " exception: " + ex);
+                    params.add(Constants.PR_SAVE_NOT,
+                            "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" +
+                                    "Do you want to save the configuration anyway?");
                     sendResponse(SUCCESS, null, params, resp);
                     return;
                 }
                 try {
                     conn.connect(host, port);
-                    params.add(Constants.PR_CONN_OK, 
-                        "Connect to directory server " + 
-                        host + " at port " + port +
-                        dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success");
-                    params.add(Constants.PR_AUTH_OK, 
-                        "Authentication: SSL client authentication" +
-                        dashes(70 - 41) + " Success" +
-                        "\nBind to the directory as: " + certNickName +
-                        dashes(70 - 26 - certNickName.length()) + " Success");
+                    params.add(Constants.PR_CONN_OK,
+                            "Connect to directory server " +
+                                    host + " at port " + port +
+                                    dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success");
+                    params.add(Constants.PR_AUTH_OK,
+                            "Authentication: SSL client authentication" +
+                                    dashes(70 - 41) + " Success" +
+                                    "\nBind to the directory as: " + certNickName +
+                                    dashes(70 - 26 - certNickName.length()) + " Success");
                 } catch (LDAPException ex) {
                     if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
                         // need to intercept this because message from LDAP is
                         // "DSA is unavailable" which confuses with DSA PKI.
-                        params.add(Constants.PR_CONN_FAIL, 
-                            "Connect to directory server " + 
-                            host + " at port " + port +
-                            dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + 
-                            " Failure\n" + 
-                            " error: server unavailable");
+                        params.add(Constants.PR_CONN_FAIL,
+                                "Connect to directory server " +
+                                        host + " at port " + port +
+                                        dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) +
+                                        " Failure\n" +
+                                        " error: server unavailable");
                     } else {
-                        params.add(Constants.PR_CONN_FAIL, 
-                            "Connect to directory server " + 
-                            host + " at port " + port +
-                            dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + 
-                            " Failure");
+                        params.add(Constants.PR_CONN_FAIL,
+                                "Connect to directory server " +
+                                        host + " at port " + port +
+                                        dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) +
+                                        " Failure");
                     }
-                    params.add(Constants.PR_SAVE_NOT, 
-                        "\n \nIf the problem is not fixed then " +
-                        "LDAP publishing will fail.\n" + 
-                        "Do you want to save the configuration anyway?");
+                    params.add(Constants.PR_SAVE_NOT,
+                            "\n \nIf the problem is not fixed then " +
+                                    "LDAP publishing will fail.\n" +
+                                    "Do you want to save the configuration anyway?");
                     sendResponse(SUCCESS, null, params, resp);
                     return;
                 }
@@ -773,53 +770,53 @@ public class PublisherAdminServlet extends AdminServlet {
                     if (secure) {
                         conn = new LDAPConnection(
                                     CMS.getLdapJssSSLSocketFactory());
-                        params.add(Constants.PR_CONN_INITED, 
-                            "Create ssl LDAPConnection" +
-                            dashes(70 - 25) + " Success");
+                        params.add(Constants.PR_CONN_INITED,
+                                "Create ssl LDAPConnection" +
+                                        dashes(70 - 25) + " Success");
                     } else {
                         conn = new LDAPConnection();
-                        params.add(Constants.PR_CONN_INITED, 
-                            "Create LDAPConnection" +
-                            dashes(70 - 21) + " Success");
+                        params.add(Constants.PR_CONN_INITED,
+                                "Create LDAPConnection" +
+                                        dashes(70 - 21) + " Success");
                     }
                 } catch (Exception ex) {
-                    params.add(Constants.PR_CONN_INIT_FAIL, 
-                        "Create LDAPConnection" +
-                        dashes(70 - 21) + " Failure\n" +
-                        "exception: " + ex);
-                    params.add(Constants.PR_SAVE_NOT, 
-                        "\n \nIf the problem is not fixed then " +
-                        "LDAP publishing will fail.\n" + 
-                        "Do you want to save the configuration anyway?");
+                    params.add(Constants.PR_CONN_INIT_FAIL,
+                            "Create LDAPConnection" +
+                                    dashes(70 - 21) + " Failure\n" +
+                                    "exception: " + ex);
+                    params.add(Constants.PR_SAVE_NOT,
+                            "\n \nIf the problem is not fixed then " +
+                                    "LDAP publishing will fail.\n" +
+                                    "Do you want to save the configuration anyway?");
                     sendResponse(SUCCESS, null, params, resp);
                     return;
                 }
                 try {
                     conn.connect(host, port);
-                    params.add(Constants.PR_CONN_OK, 
-                        "Connect to directory server " + 
-                        host + " at port " + port +
-                        dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success");
+                    params.add(Constants.PR_CONN_OK,
+                            "Connect to directory server " +
+                                    host + " at port " + port +
+                                    dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success");
                 } catch (LDAPException ex) {
                     if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
                         // need to intercept this because message from LDAP is
                         // "DSA is unavailable" which confuses with DSA PKI.
-                        params.add(Constants.PR_CONN_FAIL, 
-                            "Connect to directory server " + 
-                            host + " at port " + port + 
-                            dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" +
-                            "\nerror: server unavailable");
+                        params.add(Constants.PR_CONN_FAIL,
+                                "Connect to directory server " +
+                                        host + " at port " + port +
+                                        dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" +
+                                        "\nerror: server unavailable");
                     } else {
-                        params.add(Constants.PR_CONN_FAIL, 
-                            "Connect to directory server " +  
-                            host + " at port " + port + 
-                            dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" +
-                            "\nexception: " + ex);
+                        params.add(Constants.PR_CONN_FAIL,
+                                "Connect to directory server " +
+                                        host + " at port " + port +
+                                        dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" +
+                                        "\nexception: " + ex);
                     }
-                    params.add(Constants.PR_SAVE_NOT, 
-                        "\n \nIf the problem is not fixed then " +
-                        "LDAP publishing will fail.\n" + 
-                        "Do you want to save the configuration anyway?");
+                    params.add(Constants.PR_SAVE_NOT,
+                            "\n \nIf the problem is not fixed then " +
+                                    "LDAP publishing will fail.\n" +
+                                    "Do you want to save the configuration anyway?");
                     sendResponse(SUCCESS, null, params, resp);
                     return;
                 }
@@ -828,44 +825,42 @@ public class PublisherAdminServlet extends AdminServlet {
                     bindAs = ldap.getSubStore(
                                 ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_BINDDN);
                     conn.authenticate(version, bindAs, pwd);
-                    params.add(Constants.PR_AUTH_OK, 
-                        "Authentication: Basic authentication" + 
-                        dashes(70 - 36) + " Success" +
-                        "\nBind to the directory as: " + bindAs + 
-                        dashes(70 - 26 - bindAs.length()) + " Success");
+                    params.add(Constants.PR_AUTH_OK,
+                            "Authentication: Basic authentication" +
+                                    dashes(70 - 36) + " Success" +
+                                    "\nBind to the directory as: " + bindAs +
+                                    dashes(70 - 26 - bindAs.length()) + " Success");
                 } catch (LDAPException ex) {
-                    if (ex.getLDAPResultCode() == 
-                        LDAPException.NO_SUCH_OBJECT) {
-                        params.add(Constants.PR_AUTH_FAIL, 
-                            "Authentication: Basic authentication" + 
-                            dashes(70 - 36) + "Failure" +
-                            "\nBind to the directory as: " + bindAs +
-                            dashes(70 - 26 - bindAs.length()) + 
-                            "Failure" + "\nThe object doesn't exist. " +
-                            "Please correct the value assigned in the" +
-                            " \"Directory manager DN\" field.");
-                    } else if (ex.getLDAPResultCode() == 
-                        LDAPException.INVALID_CREDENTIALS) {
-                        params.add(Constants.PR_AUTH_FAIL, 
-                            "Authentication: Basic authentication" + 
-                            dashes(70 - 36) + " Failure" +
-                            "\nBind to the directory as: " + bindAs +
-                            dashes(70 - 26 - bindAs.length()) + 
-                            " Failure" + "\nInvalid password. " +
-                            "Please correct the value assigned in the" +
-                            " \"Password\" field.");
+                    if (ex.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) {
+                        params.add(Constants.PR_AUTH_FAIL,
+                                "Authentication: Basic authentication" +
+                                        dashes(70 - 36) + "Failure" +
+                                        "\nBind to the directory as: " + bindAs +
+                                        dashes(70 - 26 - bindAs.length()) +
+                                        "Failure" + "\nThe object doesn't exist. " +
+                                        "Please correct the value assigned in the" +
+                                        " \"Directory manager DN\" field.");
+                    } else if (ex.getLDAPResultCode() == LDAPException.INVALID_CREDENTIALS) {
+                        params.add(Constants.PR_AUTH_FAIL,
+                                "Authentication: Basic authentication" +
+                                        dashes(70 - 36) + " Failure" +
+                                        "\nBind to the directory as: " + bindAs +
+                                        dashes(70 - 26 - bindAs.length()) +
+                                        " Failure" + "\nInvalid password. " +
+                                        "Please correct the value assigned in the" +
+                                        " \"Password\" field.");
                     } else {
-                        params.add(Constants.PR_AUTH_FAIL, 
-                            "Authentication: Basic authentication" + 
-                            dashes(70 - 36) + " Failure" +
-                            "\nBind to the directory as: " + bindAs +
-                            dashes(70 - 26 - bindAs.length()) + 
-                            " Failure");
+                        params.add(Constants.PR_AUTH_FAIL,
+                                "Authentication: Basic authentication" +
+                                        dashes(70 - 36) + " Failure" +
+                                        "\nBind to the directory as: " + bindAs +
+                                        dashes(70 - 26 - bindAs.length()) +
+                                        " Failure");
                     }
-                    params.add(Constants.PR_SAVE_NOT, 
-                        "\n \nIf the problem is not fixed then " +
-                        "LDAP publishing will fail.\n" + 
-                        "Do you want to save the configuration anyway?");
+                    params.add(Constants.PR_SAVE_NOT,
+                            "\n \nIf the problem is not fixed then " +
+                                    "LDAP publishing will fail.\n" +
+                                    "Do you want to save the configuration anyway?");
                     sendResponse(SUCCESS, null, params, resp);
                     return;
                 }
@@ -875,7 +870,7 @@ public class PublisherAdminServlet extends AdminServlet {
 
         //commit(true);
         if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) &&
-            pwd != null) {
+                pwd != null) {
 
             /* Do a "PUT" of the new pw to the watchdog"
              ** do not remove - cfu
@@ -886,28 +881,28 @@ public class PublisherAdminServlet extends AdminServlet {
             // update passwordFile
             String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT);
             IPasswordStore pwdStore = CMS.getPasswordStore();
-            CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for "+
-                prompt + " to password file");
+            CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for " +
+                    prompt + " to password file");
             pwdStore.putPassword(prompt, pwd);
             pwdStore.commit();
             CMS.debug("PublisherAdminServlet: testSetLDAPDest(): password saved");
-/* we'll shut down and restart the PublisherProcessor instead
-             // what a hack to  do this without require restart server
-//        ILdapAuthInfo authInfo = CMS.getLdapAuthInfo();
-            ILdapConnModule connModule = mProcessor.getLdapConnModule();
-            ILdapAuthInfo authInfo = null;
-            if (connModule != null) {
-                authInfo = connModule.getLdapAuthInfo();
-            } else
-                CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null");
-
-//        authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd);
-            if (authInfo != null) {
-                CMS.debug("PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache");
-                authInfo.addPassword(prompt, pwd);
-            } else
-                CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null");
-*/
+            /* we'll shut down and restart the PublisherProcessor instead
+                         // what a hack to  do this without require restart server
+            //        ILdapAuthInfo authInfo = CMS.getLdapAuthInfo();
+                        ILdapConnModule connModule = mProcessor.getLdapConnModule();
+                        ILdapAuthInfo authInfo = null;
+                        if (connModule != null) {
+                            authInfo = connModule.getLdapAuthInfo();
+                        } else
+                            CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null");
+
+            //        authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd);
+                        if (authInfo != null) {
+                            CMS.debug("PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache");
+                            authInfo.addPassword(prompt, pwd);
+                        } else
+                            CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null");
+            */
         }
         //params.add(Constants.PR_SAVE_OK, 
         //		   "\n \nConfiguration changes are now committed.");
@@ -921,7 +916,7 @@ public class PublisherAdminServlet extends AdminServlet {
             if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) {
                 ICertAuthority authority = (ICertAuthority) mProcessor.getAuthority();
 
-                if (!(authority instanceof ICertificateAuthority)) 
+                if (!(authority instanceof ICertificateAuthority))
                     return;
                 ICertificateAuthority ca = (ICertificateAuthority) authority;
 
@@ -929,26 +924,26 @@ public class PublisherAdminServlet extends AdminServlet {
                 try {
                     mProcessor.publishCACert(ca.getCACert());
                     CMS.debug("PublisherAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PUB_CA_CERT"));
-                    params.add("publishCA", 
-                        "CA certificate is published.");
+                    params.add("publishCA",
+                            "CA certificate is published.");
                 } catch (Exception ex) {
                     // exception not thrown - not seen as a fatal error.
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", ex.toString()));
-                    params.add("publishCA", 
-                        "Failed to publish CA certificate.");
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", ex.toString()));
+                    params.add("publishCA",
+                            "Failed to publish CA certificate.");
                     int index = ex.toString().indexOf("Failed to create CA");
 
                     if (index > -1) {
                         params.add("createError",
-                            ex.toString().substring(index));
+                                ex.toString().substring(index));
                     }
                     mProcessor.shutdown();
                     // Do you want to enable LDAP publishing anyway
-                    params.add(Constants.PR_SAVE_NOT, 
-                        "\n \nIf the problem is not fixed then " +
-                        "the CA certificate won't be published.\n" + 
-                        "Do you want to enable LDAP publishing anyway?");
+                    params.add(Constants.PR_SAVE_NOT,
+                            "\n \nIf the problem is not fixed then " +
+                                    "the CA certificate won't be published.\n" +
+                                    "Do you want to enable LDAP publishing anyway?");
                     sendResponse(SUCCESS, null, params, resp);
                     return;
 
@@ -958,65 +953,65 @@ public class PublisherAdminServlet extends AdminServlet {
                     CMS.debug("PublisherAdminServlet: about to update CRL");
                     ca.publishCRLNow();
                     CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_PUB_CRL"));
-                    params.add("publishCRL", 
-                        "CRL is published.");
+                    params.add("publishCRL",
+                            "CRL is published.");
                 } catch (Exception ex) {
                     // exception not thrown - not seen as a fatal error.
-                    log(ILogger.LL_FAILURE, 
-                        "Could not publish crl " + ex.toString());
-                    params.add("publishCRL", 
-                        "Failed to publish CRL.");
+                    log(ILogger.LL_FAILURE,
+                            "Could not publish crl " + ex.toString());
+                    params.add("publishCRL",
+                            "Failed to publish CRL.");
                     mProcessor.shutdown();
                     // Do you want to enable LDAP publishing anyway
-                    params.add(Constants.PR_SAVE_NOT, 
-                        "\n \nIf the problem is not fixed then " +
-                        "the CRL won't be published.\n" + 
-                        "Do you want to enable LDAP publishing anyway?");
+                    params.add(Constants.PR_SAVE_NOT,
+                            "\n \nIf the problem is not fixed then " +
+                                    "the CRL won't be published.\n" +
+                                    "Do you want to enable LDAP publishing anyway?");
                     sendResponse(SUCCESS, null, params, resp);
                     return;
                 }
             }
             commit(true);
-            params.add(Constants.PR_SAVE_OK, 
-                "\n \nConfiguration changes are now committed.");
+            params.add(Constants.PR_SAVE_OK,
+                    "\n \nConfiguration changes are now committed.");
             params.add("restarted", "Publishing is restarted.");
         } else {
             commit(true);
-            params.add(Constants.PR_SAVE_OK, 
-                "\n \nConfiguration changes are now committed.");
-            params.add("stopped", 
-                "Publishing is stopped.");
+            params.add(Constants.PR_SAVE_OK,
+                    "\n \nConfiguration changes are now committed.");
+            params.add("stopped",
+                    "Publishing is stopped.");
         }
 
         //XXX See if we can dynamically in B2
         sendResponse(SUCCESS, null, params, resp);
     }
 
-    private synchronized void addMapperPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addMapperPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // is the manager id unique?
         if (mProcessor.getMapperPlugins().containsKey((Object) id)) {
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(),
+                    null, resp);
             return;
         }
 
         String classPath = req.getParameter(Constants.PR_MAPPER_CLASS);
 
         if (classPath == null) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
+            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
             return;
         }
 
@@ -1059,8 +1054,8 @@ public class PublisherAdminServlet extends AdminServlet {
         } catch (EBaseException e) {
             //System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -1068,8 +1063,8 @@ public class PublisherAdminServlet extends AdminServlet {
         MapperPlugin plugin = new MapperPlugin(id, classPath);
 
         mProcessor.getMapperPlugins().put(id, plugin);
-        mProcessor.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", ""));
+        mProcessor.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", ""));
 
         NameValuePairs params = new NameValuePairs();
 
@@ -1087,27 +1082,27 @@ public class PublisherAdminServlet extends AdminServlet {
         return true;
     }
 
-    private synchronized void addMapperInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addMapperInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         if (!isValidID(id)) {
-            sendResponse(ERROR, "Invalid ID '" + id + "'", 
-                null, resp);
+            sendResponse(ERROR, "Invalid ID '" + id + "'",
+                    null, resp);
             return;
         }
 
         if (mProcessor.getMapperInsts().containsKey((Object) id)) {
             sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                null, resp);
+                    null, resp);
             return;
         }
 
@@ -1122,13 +1117,13 @@ public class PublisherAdminServlet extends AdminServlet {
 
         // check if implementation exists.
         MapperPlugin plugin =
-            (MapperPlugin) mProcessor.getMapperPlugins().get(
-                implname);
+                (MapperPlugin) mProcessor.getMapperPlugins().get(
+                        implname);
 
         if (plugin == null) {
             sendResponse(ERROR,
-                new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(),
-                null, resp);
+                    new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(),
+                    null, resp);
             return;
         }
 
@@ -1145,11 +1140,11 @@ public class PublisherAdminServlet extends AdminServlet {
                 String val = req.getParameter(kv.substring(0, index));
 
                 if (val == null) {
-                    substore.put(kv.substring(0, index), 
-                        kv.substring(index + 1));
+                    substore.put(kv.substring(0, index),
+                            kv.substring(index + 1));
                 } else {
-                    substore.put(kv.substring(0, index), 
-                        val);
+                    substore.put(kv.substring(0, index),
+                            val);
                 }
             }
         }
@@ -1165,20 +1160,20 @@ public class PublisherAdminServlet extends AdminServlet {
             // cleanup
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (InstantiationException e) {
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (IllegalAccessException e) {
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         }
 
@@ -1203,46 +1198,46 @@ public class PublisherAdminServlet extends AdminServlet {
             // clean up.
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
         // inited and commited ok. now add mapper instance to list.
         mProcessor.getMapperInsts().put(id, new MapperProxy(true, mapperInst));
 
-        mProcessor.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id));
+        mProcessor.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id));
 
         NameValuePairs params = new NameValuePairs();
 
         params.add(Constants.PR_MAPPER_IMPL_NAME, implname);
         sendResponse(SUCCESS, null, params, resp);
         return;
-    }	
+    }
 
-    private synchronized void listMapperPlugins(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listMapperPlugins(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration e = mProcessor.getMapperPlugins().keys();
 
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
-            MapperPlugin value = (MapperPlugin) 
-                mProcessor.getMapperPlugins().get(name);
+            MapperPlugin value = (MapperPlugin)
+                    mProcessor.getMapperPlugins().get(name);
             // get Description
-            String c = value.getClassPath();	
+            String c = value.getClassPath();
             String desc = "unknown";
 
             try {
                 ILdapMapper lp = (ILdapMapper)
-                    Class.forName(c).newInstance();
+                        Class.forName(c).newInstance();
 
                 desc = lp.getDescription();
             } catch (Exception exp) {
-                sendResponse(ERROR, exp.toString(), null, 
-                    resp);
+                sendResponse(ERROR, exp.toString(), null,
+                        resp);
                 return;
             }
             params.add(name, value.getClassPath() + "," + desc);
@@ -1261,8 +1256,8 @@ public class PublisherAdminServlet extends AdminServlet {
         }
     }
 
-    private synchronized void listMapperInsts(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listMapperInsts(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -1278,25 +1273,25 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void delMapperInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) 
-        throws ServletException, IOException, EBaseException {
+    private synchronized void delMapperInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does a`mapper instance exist?
         if (mProcessor.getMapperInsts().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
@@ -1304,14 +1299,14 @@ public class PublisherAdminServlet extends AdminServlet {
         // cannot shutdown because we don't keep track of whether it's
         // being used. 
         ILdapMapper mapperInst = (ILdapMapper)
-            mProcessor.getMapperInstance(id);
+                mProcessor.getMapperInstance(id);
 
         mProcessor.getMapperInsts().remove((Object) id);
 
         // remove the configuration.
         IConfigStore destStore =
-            mConfig.getSubStore(
-                mAuth.getId() + ".publish.mapper");
+                mConfig.getSubStore(
+                        mAuth.getId() + ".publish.mapper");
         IConfigStore instancesConfig = destStore.getSubStore("instance");
 
         instancesConfig.removeSubStore(id);
@@ -1321,39 +1316,38 @@ public class PublisherAdminServlet extends AdminServlet {
         } catch (EBaseException e) {
             //System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
         sendResponse(SUCCESS, null, params, resp);
         return;
-    }	
+    }
 
-    private synchronized void delMapperPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) 
-        throws ServletException, IOException, EBaseException {
+    private synchronized void delMapperPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         if (mProcessor.getMapperPlugins().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
         // first check if any instances from this mapper
         // DON'T remove mapper if any instance
-        for (Enumeration e = mProcessor.getMapperInsts().keys();
-            e.hasMoreElements();) {
+        for (Enumeration e = mProcessor.getMapperInsts().keys(); e.hasMoreElements();) {
             String name = (String) e.nextElement();
             ILdapMapper mapper = mProcessor.getMapperInstance(name);
 
@@ -1362,15 +1356,15 @@ public class PublisherAdminServlet extends AdminServlet {
                 return;
             }
         }
-		
+
         // then delete this mapper
         mProcessor.getMapperPlugins().remove((Object) id);
 
         IConfigStore destStore =
-            mConfig.getSubStore(
-                mAuth.getId() + ".publish.mapper");
+                mConfig.getSubStore(
+                        mAuth.getId() + ".publish.mapper");
         IConfigStore instancesConfig =
-            destStore.getSubStore("impl");
+                destStore.getSubStore("impl");
 
         instancesConfig.removeSubStore(id);
         // commiting
@@ -1378,26 +1372,26 @@ public class PublisherAdminServlet extends AdminServlet {
             mConfig.commit(true);
         } catch (EBaseException e) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
         sendResponse(SUCCESS, null, params, resp);
         return;
-    }	
+    }
 
-    private synchronized void getMapperConfig(HttpServletRequest req, 
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void getMapperConfig(HttpServletRequest req,
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
 
         String implname = req.getParameter(Constants.RS_ID);
 
         if (implname == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -1411,50 +1405,50 @@ public class PublisherAdminServlet extends AdminServlet {
                 String kv = (String) configParams.elementAt(i);
                 int index = kv.indexOf('=');
 
-                params.add(kv.substring(0, index), 
-                    kv.substring(index + 1));
+                params.add(kv.substring(0, index),
+                        kv.substring(index + 1));
             }
         }
         sendResponse(0, null, params, resp);
         return;
     }
 
-    private synchronized void getMapperInstConfig(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void getMapperInstConfig(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does mapper instance exist?
         if (mProcessor.getMapperInsts().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
         ILdapMapper mapperInst = (ILdapMapper)
-            mProcessor.getMapperInstance(id);
+                mProcessor.getMapperInstance(id);
         Vector configParams = mapperInst.getInstanceParams();
         NameValuePairs params = new NameValuePairs();
 
-        params.add(Constants.PR_MAPPER_IMPL_NAME, 
-            getMapperPluginName(mapperInst));
+        params.add(Constants.PR_MAPPER_IMPL_NAME,
+                getMapperPluginName(mapperInst));
         // implName is always required so always send it.
         if (configParams != null) {
             for (int i = 0; i < configParams.size(); i++) {
                 String kv = (String) configParams.elementAt(i);
                 int index = kv.indexOf('=');
 
-                params.add(kv.substring(0, index), 
-                    kv.substring(index + 1));
+                params.add(kv.substring(0, index),
+                        kv.substring(index + 1));
             }
         }
 
@@ -1462,24 +1456,24 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void modMapperInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void modMapperInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // Does the manager instance exist?
         if (!mProcessor.getMapperInsts().containsKey((Object) id)) {
             sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                null, resp);
+                    null, resp);
             return;
         }
 
@@ -1492,19 +1486,19 @@ public class PublisherAdminServlet extends AdminServlet {
         }
         // get plugin for implementation
         MapperPlugin plugin =
-            (MapperPlugin) mProcessor.getMapperPlugins().get(implname);
+                (MapperPlugin) mProcessor.getMapperPlugins().get(implname);
 
         if (plugin == null) {
             sendResponse(ERROR,
-                new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(),
-                null, resp);
+                    new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(),
+                    null, resp);
             return;
         }
 
         // save old instance substore params in case new one fails.
 
         ILdapMapper oldinst =
-            (ILdapMapper) mProcessor.getMapperInstance(id);
+                (ILdapMapper) mProcessor.getMapperInstance(id);
         Vector oldConfigParms = oldinst.getInstanceParams();
         NameValuePairs saveParams = new NameValuePairs();
 
@@ -1516,7 +1510,7 @@ public class PublisherAdminServlet extends AdminServlet {
                 int index = kv.indexOf('=');
 
                 saveParams.add(kv.substring(0, index),
-                    kv.substring(index + 1));
+                        kv.substring(index + 1));
             }
         }
 
@@ -1525,8 +1519,8 @@ public class PublisherAdminServlet extends AdminServlet {
         // remove old substore.
 
         IConfigStore destStore =
-            mConfig.getSubStore(mAuth.getId() +
-                ".publish.mapper");
+                mConfig.getSubStore(mAuth.getId() +
+                        ".publish.mapper");
         IConfigStore instancesConfig = destStore.getSubStore("instance");
 
         // create new substore.
@@ -1557,26 +1551,26 @@ public class PublisherAdminServlet extends AdminServlet {
         ILdapMapper newMgrInst = null;
 
         try {
-            newMgrInst = (ILdapMapper) 
+            newMgrInst = (ILdapMapper)
                     Class.forName(className).newInstance();
         } catch (ClassNotFoundException e) {
             // cleanup
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (InstantiationException e) {
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (IllegalAccessException e) {
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         }
         // initialize the mapper
@@ -1586,13 +1580,13 @@ public class PublisherAdminServlet extends AdminServlet {
         } catch (EBaseException e) {
             // don't commit in this case and cleanup the new substore.
             restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR, e.toString(getLocale(req)), null, 
-                resp);
+            sendResponse(ERROR, e.toString(getLocale(req)), null,
+                    resp);
             return;
         } catch (Throwable e) {
             restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR, e.toString(), null, 
-                resp);
+            sendResponse(ERROR, e.toString(), null,
+                    resp);
             return;
         }
 
@@ -1604,8 +1598,8 @@ public class PublisherAdminServlet extends AdminServlet {
             restore(instancesConfig, id, saveParams);
             //System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -1614,31 +1608,31 @@ public class PublisherAdminServlet extends AdminServlet {
         mProcessor.getMapperInsts().put(id, new MapperProxy(true, newMgrInst));
 
         mProcessor.log(ILogger.LL_INFO,
-            CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id));
+                CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id));
         NameValuePairs params = new NameValuePairs();
 
         sendResponse(SUCCESS, null, params, resp);
         return;
     }
 
-    private synchronized void addRulePlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addRulePlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // is the rule id unique?
         if (mProcessor.getRulePlugins().containsKey((Object) id)) {
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)),
+                    null, resp);
             return;
         }
 
@@ -1689,8 +1683,8 @@ public class PublisherAdminServlet extends AdminServlet {
         } catch (EBaseException e) {
             //System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -1698,8 +1692,8 @@ public class PublisherAdminServlet extends AdminServlet {
         RulePlugin plugin = new RulePlugin(id, classPath);
 
         mProcessor.getRulePlugins().put(id, plugin);
-        mProcessor.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id));
+        mProcessor.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id));
 
         NameValuePairs params = new NameValuePairs();
 
@@ -1707,26 +1701,26 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void addRuleInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addRuleInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
         if (!isValidID(id)) {
-            sendResponse(ERROR, "Invalid ID '" + id + "'", 
-                null, resp);
+            sendResponse(ERROR, "Invalid ID '" + id + "'",
+                    null, resp);
             return;
         }
 
         if (mProcessor.getRuleInsts().containsKey((Object) id)) {
             sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                null, resp);
+                    null, resp);
             return;
         }
 
@@ -1741,23 +1735,23 @@ public class PublisherAdminServlet extends AdminServlet {
 
         // check if implementation exists.
         RulePlugin plugin =
-            (RulePlugin) mProcessor.getRulePlugins().get(
-                implname);
+                (RulePlugin) mProcessor.getRulePlugins().get(
+                        implname);
 
         if (plugin == null) {
             sendResponse(ERROR,
-                new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
-                null, resp);
+                    new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
+                    null, resp);
             return;
         }
 
         Vector configParams = mProcessor.getRuleDefaultParams(implname);
 
         IConfigStore destStore =
-            mConfig.getSubStore(mAuth.getId()
-                + ".publish.rule");
+                mConfig.getSubStore(mAuth.getId()
+                        + ".publish.rule");
         IConfigStore instancesConfig =
-            destStore.getSubStore("instance");
+                destStore.getSubStore("instance");
         IConfigStore substore = instancesConfig.makeSubStore(id);
 
         if (configParams != null) {
@@ -1767,13 +1761,13 @@ public class PublisherAdminServlet extends AdminServlet {
                 String val = req.getParameter(kv.substring(0, index));
 
                 if (val == null) {
-                    substore.put(kv.substring(0, index), 
-                        kv.substring(index + 1));
+                    substore.put(kv.substring(0, index),
+                            kv.substring(index + 1));
                 } else {
                     if (val.equals(NOMAPPER))
                         val = "";
-                    substore.put(kv.substring(0, index), 
-                        val);
+                    substore.put(kv.substring(0, index),
+                            val);
                 }
             }
         }
@@ -1789,20 +1783,20 @@ public class PublisherAdminServlet extends AdminServlet {
             // cleanup
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (InstantiationException e) {
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (IllegalAccessException e) {
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         }
 
@@ -1828,40 +1822,40 @@ public class PublisherAdminServlet extends AdminServlet {
             // clean up.
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
         // inited and commited ok. now add manager instance to list.
         mProcessor.getRuleInsts().put(id, ruleInst);
 
-        mProcessor.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id));
+        mProcessor.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id));
 
         NameValuePairs params = new NameValuePairs();
 
         params.add(Constants.PR_RULE_IMPL_NAME, implname);
         sendResponse(SUCCESS, null, params, resp);
         return;
-    }	
+    }
 
-    private synchronized void listRulePlugins(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listRulePlugins(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration e = mProcessor.getRulePlugins().keys();
 
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
-            RulePlugin value = (RulePlugin) 
-                mProcessor.getRulePlugins().get(name);
+            RulePlugin value = (RulePlugin)
+                    mProcessor.getRulePlugins().get(name);
             // get Description
-            String c = value.getClassPath();	
+            String c = value.getClassPath();
             String desc = "unknown";
 
             try {
                 ILdapRule lp = (ILdapRule)
-                    Class.forName(c).newInstance();
+                        Class.forName(c).newInstance();
 
                 desc = lp.getDescription();
             } catch (Exception exp) {
@@ -1872,8 +1866,8 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void listRuleInsts(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listRuleInsts(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         String insts = null;
@@ -1881,8 +1875,8 @@ public class PublisherAdminServlet extends AdminServlet {
 
         for (; e.hasMoreElements();) {
             String name = (String) e.nextElement();
-            ILdapRule value = (ILdapRule) 
-                mProcessor.getRuleInsts().get((Object) name);
+            ILdapRule value = (ILdapRule)
+                    mProcessor.getRuleInsts().get((Object) name);
             String enabled = value.enabled() ? "enabled" : "disabled";
 
             params.add(name, value.getInstanceName() + ";visible;" + enabled);
@@ -1901,47 +1895,46 @@ public class PublisherAdminServlet extends AdminServlet {
         }
     }
 
-    private synchronized void delRulePlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) 
-        throws ServletException, IOException, EBaseException {
+    private synchronized void delRulePlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does rule exist?
         if (mProcessor.getRulePlugins().containsKey(id) == false) {
             sendResponse(ERROR,
-                new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
         // first check if any instances from this rule
         // DON'T remove rule if any instance
-        for (Enumeration e = mProcessor.getRuleInsts().elements();
-            e.hasMoreElements();) {
-            ILdapRule rule = (ILdapRule) 
-                e.nextElement();
+        for (Enumeration e = mProcessor.getRuleInsts().elements(); e.hasMoreElements();) {
+            ILdapRule rule = (ILdapRule)
+                    e.nextElement();
 
             if (id.equals(getRulePluginName(rule))) {
                 sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp);
                 return;
             }
         }
-		
+
         // then delete this rule
         mProcessor.getRulePlugins().remove((Object) id);
 
         IConfigStore destStore =
-            mConfig.getSubStore(
-                mAuth.getId() + ".rule");
+                mConfig.getSubStore(
+                        mAuth.getId() + ".rule");
         IConfigStore instancesConfig = destStore.getSubStore("impl");
 
         instancesConfig.removeSubStore(id);
@@ -1950,26 +1943,26 @@ public class PublisherAdminServlet extends AdminServlet {
             mConfig.commit(true);
         } catch (EBaseException e) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
         sendResponse(SUCCESS, null, params, resp);
         return;
-    }	
+    }
 
-    private synchronized void delRuleInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) 
-        throws ServletException, IOException, EBaseException {
+    private synchronized void delRuleInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -1978,8 +1971,8 @@ public class PublisherAdminServlet extends AdminServlet {
         // does rule instance exist?
         if (mProcessor.getRuleInsts().containsKey(id) == false) {
             sendResponse(ERROR,
-                new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
@@ -1987,14 +1980,14 @@ public class PublisherAdminServlet extends AdminServlet {
         // cannot shutdown because we don't keep track of whether it's
         // being used. 
         ILdapRule ruleInst = (ILdapRule)
-            mProcessor.getRuleInsts().get(id);
+                mProcessor.getRuleInsts().get(id);
 
         mProcessor.getRuleInsts().remove((Object) id);
 
         // remove the configuration.
         IConfigStore destStore =
-            mConfig.getSubStore(
-                mAuth.getId() + ".publish.rule");
+                mConfig.getSubStore(
+                        mAuth.getId() + ".publish.rule");
         IConfigStore instancesConfig = destStore.getSubStore("instance");
 
         instancesConfig.removeSubStore(id);
@@ -2004,24 +1997,24 @@ public class PublisherAdminServlet extends AdminServlet {
         } catch (EBaseException e) {
             //System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
         sendResponse(SUCCESS, null, params, resp);
         return;
-    }	
+    }
 
-    private synchronized void getRuleConfig(HttpServletRequest req, 
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void getRuleConfig(HttpServletRequest req,
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         String implname = req.getParameter(Constants.RS_ID);
 
         if (implname == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -2035,50 +2028,50 @@ public class PublisherAdminServlet extends AdminServlet {
                 String kv = (String) configParams.elementAt(i);
                 int index = kv.indexOf('=');
 
-                params.add(kv.substring(0, index), 
-                    kv.substring(index + 1));
+                params.add(kv.substring(0, index),
+                        kv.substring(index + 1));
             }
         }
         sendResponse(0, null, params, resp);
         return;
     }
 
-    private synchronized void getRuleInstConfig(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void getRuleInstConfig(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does rule instance exist?
         if (mProcessor.getRuleInsts().containsKey(id) == false) {
             sendResponse(ERROR,
-                new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
         ILdapRule ruleInst = (ILdapRule)
-            mProcessor.getRuleInsts().get(id);
+                mProcessor.getRuleInsts().get(id);
         Vector configParams = ruleInst.getInstanceParams();
         NameValuePairs params = new NameValuePairs();
 
-        params.add(Constants.PR_RULE_IMPL_NAME, 
-            getRulePluginName(ruleInst));
+        params.add(Constants.PR_RULE_IMPL_NAME,
+                getRulePluginName(ruleInst));
         // implName is always required so always send it.
         if (configParams != null) {
             for (int i = 0; i < configParams.size(); i++) {
                 String kv = (String) configParams.elementAt(i);
                 int index = kv.indexOf('=');
 
-                params.add(kv.substring(0, index), 
-                    kv.substring(index + 1));
+                params.add(kv.substring(0, index),
+                        kv.substring(index + 1));
             }
         }
 
@@ -2086,23 +2079,23 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void modRuleInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void modRuleInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // Does the manager instance exist?
         if (!mProcessor.getRuleInsts().containsKey((Object) id)) {
             sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                null, resp);
+                    null, resp);
             return;
         }
 
@@ -2116,20 +2109,20 @@ public class PublisherAdminServlet extends AdminServlet {
 
         // get plugin for implementation 
         RulePlugin plugin =
-            (RulePlugin) mProcessor.getRulePlugins().get(implname);
+                (RulePlugin) mProcessor.getRulePlugins().get(implname);
 
         if (plugin == null) {
             sendResponse(ERROR,
-                //new ERulePluginNotFound(implname).toString(getLocale(req)),
-                "",
-                null, resp);
+                    //new ERulePluginNotFound(implname).toString(getLocale(req)),
+                    "",
+                    null, resp);
             return;
         }
 
         // save old instance substore params in case new one fails. 
 
-        ILdapRule oldinst = 
-            (ILdapRule) mProcessor.getRuleInsts().get((Object) id);
+        ILdapRule oldinst =
+                (ILdapRule) mProcessor.getRuleInsts().get((Object) id);
         Vector oldConfigParms = oldinst.getInstanceParams();
         NameValuePairs saveParams = new NameValuePairs();
 
@@ -2141,7 +2134,7 @@ public class PublisherAdminServlet extends AdminServlet {
                 int index = kv.indexOf('=');
 
                 saveParams.add(kv.substring(0, index),
-                    kv.substring(index + 1));
+                        kv.substring(index + 1));
             }
         }
 
@@ -2150,8 +2143,8 @@ public class PublisherAdminServlet extends AdminServlet {
         // remove old substore.
 
         IConfigStore destStore =
-            mConfig.getSubStore(
-                mAuth.getId() + ".publish.rule");
+                mConfig.getSubStore(
+                        mAuth.getId() + ".publish.rule");
         IConfigStore instancesConfig = destStore.getSubStore("instance");
 
         // create new substore.
@@ -2171,8 +2164,8 @@ public class PublisherAdminServlet extends AdminServlet {
                 String val = req.getParameter(key);
 
                 if (val == null) {
-                    substore.put(key, 
-                        kv.substring(index + 1));
+                    substore.put(key,
+                            kv.substring(index + 1));
                 } else {
                     if (val.equals(NOMAPPER))
                         val = "";
@@ -2192,20 +2185,20 @@ public class PublisherAdminServlet extends AdminServlet {
             // cleanup
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (InstantiationException e) {
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (IllegalAccessException e) {
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         }
 
@@ -2232,8 +2225,8 @@ public class PublisherAdminServlet extends AdminServlet {
             restore(instancesConfig, id, saveParams);
             //System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -2241,40 +2234,40 @@ public class PublisherAdminServlet extends AdminServlet {
 
         mProcessor.getRuleInsts().put(id, newRuleInst);
 
-        mProcessor.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id));
+        mProcessor.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id));
         NameValuePairs params = new NameValuePairs();
 
         sendResponse(SUCCESS, null, params, resp);
         return;
     }
 
-    private synchronized void addPublisherPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addPublisherPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // is the manager id unique?
         if (mProcessor.getPublisherPlugins().containsKey((Object) id)) {
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(),
+                    null, resp);
             return;
         }
 
         String classPath = req.getParameter(Constants.PR_PUBLISHER_CLASS);
 
         if (classPath == null) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
+            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
             return;
         }
 
@@ -2318,8 +2311,8 @@ public class PublisherAdminServlet extends AdminServlet {
         } catch (EBaseException e) {
             //System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -2327,8 +2320,8 @@ public class PublisherAdminServlet extends AdminServlet {
         PublisherPlugin plugin = new PublisherPlugin(id, classPath);
 
         mProcessor.getPublisherPlugins().put(id, plugin);
-        mProcessor.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id));
+        mProcessor.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id));
 
         NameValuePairs params = new NameValuePairs();
 
@@ -2336,28 +2329,28 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void addPublisherInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addPublisherInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         if (!isValidID(id)) {
-            sendResponse(ERROR, "Invalid ID '" + id + "'", 
-                null, resp);
+            sendResponse(ERROR, "Invalid ID '" + id + "'",
+                    null, resp);
             return;
         }
 
         if (mProcessor.getPublisherInsts().containsKey((Object) id)) {
             sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                null, resp);
+                    null, resp);
             return;
         }
 
@@ -2372,20 +2365,20 @@ public class PublisherAdminServlet extends AdminServlet {
 
         // check if implementation exists.
         PublisherPlugin plugin =
-            (PublisherPlugin) mProcessor.getPublisherPlugins().get(
-                implname);
+                (PublisherPlugin) mProcessor.getPublisherPlugins().get(
+                        implname);
 
         if (plugin == null) {
             sendResponse(ERROR,
-                new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
-                null, resp);
+                    new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
+                    null, resp);
             return;
         }
 
         Vector configParams = mProcessor.getPublisherDefaultParams(implname);
 
         IConfigStore destStore =
-            mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
+                mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
         IConfigStore instancesConfig = destStore.getSubStore("instance");
         IConfigStore substore = instancesConfig.makeSubStore(id);
 
@@ -2404,15 +2397,15 @@ public class PublisherAdminServlet extends AdminServlet {
                     if (index == -1) {
                         substore.put(kv, "");
                     } else {
-                        substore.put(kv.substring(0, index), 
-                            kv.substring(index + 1));
+                        substore.put(kv.substring(0, index),
+                                kv.substring(index + 1));
                     }
                 } else {
                     if (index == -1) {
                         substore.put(kv, val);
                     } else {
-                        substore.put(kv.substring(0, index), 
-                            val);
+                        substore.put(kv.substring(0, index),
+                                val);
                     }
                 }
             }
@@ -2429,20 +2422,20 @@ public class PublisherAdminServlet extends AdminServlet {
             // cleanup
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (InstantiationException e) {
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (IllegalAccessException e) {
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         }
 
@@ -2467,16 +2460,16 @@ public class PublisherAdminServlet extends AdminServlet {
             // clean up.
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
         // inited and commited ok. now add manager instance to list.
         mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, publisherInst));
 
-        mProcessor.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id));
+        mProcessor.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id));
 
         NameValuePairs params = new NameValuePairs();
 
@@ -2485,8 +2478,8 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void listPublisherPlugins(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listPublisherPlugins(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -2494,15 +2487,15 @@ public class PublisherAdminServlet extends AdminServlet {
 
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
-            PublisherPlugin value = (PublisherPlugin) 
-                mProcessor.getPublisherPlugins().get(name);
+            PublisherPlugin value = (PublisherPlugin)
+                    mProcessor.getPublisherPlugins().get(name);
             // get Description
-            String c = value.getClassPath();	
+            String c = value.getClassPath();
             String desc = "unknown";
 
             try {
                 ILdapPublisher lp = (ILdapPublisher)
-                    Class.forName(c).newInstance();
+                        Class.forName(c).newInstance();
 
                 desc = lp.getDescription();
             } catch (Exception exp) {
@@ -2523,8 +2516,8 @@ public class PublisherAdminServlet extends AdminServlet {
         }
     }
 
-    private synchronized void listPublisherInsts(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listPublisherInsts(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -2543,8 +2536,8 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void delPublisherPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) throws ServletException, 
+    private synchronized void delPublisherPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -2553,38 +2546,37 @@ public class PublisherAdminServlet extends AdminServlet {
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does publisher exist?
         if (mProcessor.getPublisherPlugins().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
         // first check if any instances from this publisher
         // DON'T remove publisher if any instance
-        for (Enumeration e = mProcessor.getPublisherInsts().keys();
-            e.hasMoreElements();) {
+        for (Enumeration e = mProcessor.getPublisherInsts().keys(); e.hasMoreElements();) {
             String name = (String) e.nextElement();
-            ILdapPublisher publisher = 
-                mProcessor.getPublisherInstance(name);
+            ILdapPublisher publisher =
+                    mProcessor.getPublisherInstance(name);
 
             if (id.equals(getPublisherPluginName(publisher))) {
                 sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp);
                 return;
             }
         }
-		
+
         // then delete this publisher
         mProcessor.getPublisherPlugins().remove((Object) id);
 
         IConfigStore destStore =
-            mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
+                mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
         IConfigStore instancesConfig = destStore.getSubStore("impl");
 
         instancesConfig.removeSubStore(id);
@@ -2593,8 +2585,8 @@ public class PublisherAdminServlet extends AdminServlet {
             mConfig.commit(true);
         } catch (EBaseException e) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -2602,8 +2594,8 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void delPublisherInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) throws ServletException, 
+    private synchronized void delPublisherInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -2612,8 +2604,8 @@ public class PublisherAdminServlet extends AdminServlet {
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -2622,8 +2614,8 @@ public class PublisherAdminServlet extends AdminServlet {
         // does publisher instance exist?
         if (mProcessor.getPublisherInsts().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
@@ -2636,7 +2628,7 @@ public class PublisherAdminServlet extends AdminServlet {
 
         // remove the configuration.
         IConfigStore destStore =
-            mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
+                mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
         IConfigStore instancesConfig = destStore.getSubStore("instance");
 
         instancesConfig.removeSubStore(id);
@@ -2646,8 +2638,8 @@ public class PublisherAdminServlet extends AdminServlet {
         } catch (EBaseException e) {
             //System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
         sendResponse(SUCCESS, null, params, resp);
@@ -2656,24 +2648,24 @@ public class PublisherAdminServlet extends AdminServlet {
 
     /**
      * used for getting the required configuration parameters (with
-     *	 possible default values) for a particular  plugin
-     * implementation name specified in the RS_ID.  Actually, there is
-     *	 no logic in here to set any default value here...there's no
-     *	 default value for any parameter in this publishing subsystem
-     *	 at this point.  Later, if we do have one (or some), it can be
-     *	 added.  The interface remains the same.
+     * possible default values) for a particular plugin
+     * implementation name specified in the RS_ID. Actually, there is
+     * no logic in here to set any default value here...there's no
+     * default value for any parameter in this publishing subsystem
+     * at this point. Later, if we do have one (or some), it can be
+     * added. The interface remains the same.
      */
-    private synchronized void getConfig(HttpServletRequest req, 
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void getConfig(HttpServletRequest req,
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
 
         String implname = req.getParameter(Constants.RS_ID);
 
         if (implname == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -2690,8 +2682,8 @@ public class PublisherAdminServlet extends AdminServlet {
                 if (index == -1) {
                     params.add(kv, "");
                 } else {
-                    params.add(kv.substring(0, index), 
-                        kv.substring(index + 1));
+                    params.add(kv.substring(0, index),
+                            kv.substring(index + 1));
                 }
             }
         }
@@ -2699,8 +2691,8 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void getInstConfig(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void getInstConfig(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
@@ -2708,34 +2700,34 @@ public class PublisherAdminServlet extends AdminServlet {
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does publisher instance exist?
         if (mProcessor.getPublisherInsts().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
         ILdapPublisher publisherInst = (ILdapPublisher)
-            mProcessor.getPublisherInstance(id);
+                mProcessor.getPublisherInstance(id);
         Vector configParams = publisherInst.getInstanceParams();
         NameValuePairs params = new NameValuePairs();
 
-        params.add(Constants.PR_PUBLISHER_IMPL_NAME, 
-            getPublisherPluginName(publisherInst));
+        params.add(Constants.PR_PUBLISHER_IMPL_NAME,
+                getPublisherPluginName(publisherInst));
         // implName is always required so always send it.
         if (configParams != null) {
             for (int i = 0; i < configParams.size(); i++) {
                 String kv = (String) configParams.elementAt(i);
                 int index = kv.indexOf('=');
 
-                params.add(kv.substring(0, index), 
-                    kv.substring(index + 1));
+                params.add(kv.substring(0, index),
+                        kv.substring(index + 1));
             }
         }
 
@@ -2745,15 +2737,15 @@ public class PublisherAdminServlet extends AdminServlet {
 
     /**
      * Modify publisher instance.
-     * This will actually create a new instance with new configuration 
-     * parameters and replace the old instance, if the new instance 
+     * This will actually create a new instance with new configuration
+     * parameters and replace the old instance, if the new instance
      * created and initialized successfully.
      * The old instance is left running. so this is very expensive.
      * Restart of server recommended.
      */
-    private synchronized void modPublisherInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void modPublisherInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         // expensive operation.
 
@@ -2762,15 +2754,15 @@ public class PublisherAdminServlet extends AdminServlet {
         if (id == null) {
             //System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // Does the manager instance exist?
         if (!mProcessor.getPublisherInsts().containsKey((Object) id)) {
             sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                null, resp);
+                    null, resp);
             return;
         }
 
@@ -2784,12 +2776,12 @@ public class PublisherAdminServlet extends AdminServlet {
 
         // get plugin for implementation 
         PublisherPlugin plugin =
-            (PublisherPlugin) mProcessor.getPublisherPlugins().get(implname);
+                (PublisherPlugin) mProcessor.getPublisherPlugins().get(implname);
 
         if (plugin == null) {
             sendResponse(ERROR,
-                new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
-                null, resp);
+                    new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
+                    null, resp);
             return;
         }
 
@@ -2813,8 +2805,8 @@ public class PublisherAdminServlet extends AdminServlet {
                         pubType = "crl";
                     }
 
-                    saveParams.add(kv.substring(0, index), 
-                        kv.substring(index + 1));
+                    saveParams.add(kv.substring(0, index),
+                            kv.substring(index + 1));
                 }
             }
         }
@@ -2824,7 +2816,7 @@ public class PublisherAdminServlet extends AdminServlet {
         // remove old substore.
 
         IConfigStore destStore =
-            mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
+                mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
         IConfigStore instancesConfig = destStore.getSubStore("instance");
 
         // get objects added and deleted
@@ -2859,9 +2851,9 @@ public class PublisherAdminServlet extends AdminServlet {
         }
 
         // process any changes to the ldap object class definitions
-        if (pubType.equals("cacert"))  {
+        if (pubType.equals("cacert")) {
             processChangedOC(saveParams, substore, "caObjectClass");
-            substore.put("pubtype", "cacert"); 
+            substore.put("pubtype", "cacert");
         }
 
         if (pubType.equals("crl")) {
@@ -2880,20 +2872,20 @@ public class PublisherAdminServlet extends AdminServlet {
             // cleanup
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (InstantiationException e) {
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (IllegalAccessException e) {
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         }
 
@@ -2920,8 +2912,8 @@ public class PublisherAdminServlet extends AdminServlet {
             restore(instancesConfig, id, saveParams);
             //System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -2929,8 +2921,8 @@ public class PublisherAdminServlet extends AdminServlet {
 
         mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, newMgrInst));
 
-        mProcessor.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id));
+        mProcessor.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id));
 
         NameValuePairs params = new NameValuePairs();
 
@@ -2941,51 +2933,54 @@ public class PublisherAdminServlet extends AdminServlet {
     // convenience function - takes list1, list2.  Returns what is in list1
     // but not in list2
     private String[] getExtras(String[] list1, String[] list2) {
-        Vector <String> extras = new Vector<String>();
-        for (int i=0; i< list1.length; i++) {
-           boolean match=false;
-           for (int j=0; j < list2.length; j++) {
-               if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) {
-                   match = true;
-                   break;
-               }
-           }
-           if (!match) extras.add(list1[i].trim());
-        }
-        
-        return (String[])extras.toArray(new String[extras.size()]); 
+        Vector<String> extras = new Vector<String>();
+        for (int i = 0; i < list1.length; i++) {
+            boolean match = false;
+            for (int j = 0; j < list2.length; j++) {
+                if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) {
+                    match = true;
+                    break;
+                }
+            }
+            if (!match)
+                extras.add(list1[i].trim());
+        }
+
+        return (String[]) extras.toArray(new String[extras.size()]);
     }
 
     // convenience function - takes list1, list2.  Concatenates the two
     // lists removing duplicates
     private String[] joinLists(String[] list1, String[] list2) {
-        Vector <String> sum = new Vector<String>();
-        for (int i=0; i< list1.length; i++) {
-           sum.add(list1[i]);
-        }
-        
-        for (int i=0; i < list2.length; i++) {
-           boolean match=false;
-           for (int j=0; j < list1.length; j++) {
-               if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) {
-                   match = true;
-                   break;
-               }
-           }
-           if (!match) sum.add(list2[i].trim());
-        }
-        
-        return (String[])sum.toArray(new String[sum.size()]); 
+        Vector<String> sum = new Vector<String>();
+        for (int i = 0; i < list1.length; i++) {
+            sum.add(list1[i]);
+        }
+
+        for (int i = 0; i < list2.length; i++) {
+            boolean match = false;
+            for (int j = 0; j < list1.length; j++) {
+                if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) {
+                    match = true;
+                    break;
+                }
+            }
+            if (!match)
+                sum.add(list2[i].trim());
+        }
+
+        return (String[]) sum.toArray(new String[sum.size()]);
     }
 
     // convenience funtion. Takes a string array and delimiter
     // and returns a String with the concatenation
     private static String join(String[] s, String delimiter) {
-        if (s.length == 0) return "";
+        if (s.length == 0)
+            return "";
 
         StringBuffer buffer = new StringBuffer(s[0]);
         if (s.length > 1) {
-            for (int i=1; i< s.length; i++) {
+            for (int i = 1; i < s.length; i++) {
                 buffer.append(delimiter).append(s[i].trim());
             }
         }
@@ -3005,29 +3000,31 @@ public class PublisherAdminServlet extends AdminServlet {
         oldAdded = saveParams.getValue(objName + "Added");
         oldDeleted = saveParams.getValue(objName + "Deleted");
 
-        if ((oldOC == null) || (newOC == null)) return;
-        if (oldOC.equalsIgnoreCase(newOC)) return;
+        if ((oldOC == null) || (newOC == null))
+            return;
+        if (oldOC.equalsIgnoreCase(newOC))
+            return;
 
-        String [] oldList = oldOC.split(",");
-        String [] newList = newOC.split(",");
-        String [] deletedList = getExtras(oldList, newList);
-        String [] addedList = getExtras(newList, oldList);
+        String[] oldList = oldOC.split(",");
+        String[] newList = newOC.split(",");
+        String[] deletedList = getExtras(oldList, newList);
+        String[] addedList = getExtras(newList, oldList);
 
         // CMS.debug("addedList = " + join(addedList, ","));
         // CMS.debug("deletedList = " + join(deletedList, ","));
 
-        if ((addedList.length ==0) && (deletedList.length == 0)) 
-            return;  // no changes
+        if ((addedList.length == 0) && (deletedList.length == 0))
+            return; // no changes
 
         if (oldAdded != null) {
             // CMS.debug("oldAdded is " + oldAdded);
-            String [] oldAddedList = oldAdded.split(",");
+            String[] oldAddedList = oldAdded.split(",");
             addedList = joinLists(addedList, oldAddedList);
         }
 
         if (oldDeleted != null) {
             // CMS.debug("oldDeleted is " + oldDeleted);
-            String [] oldDeletedList = oldDeleted.split(",");
+            String[] oldDeletedList = oldDeleted.split(",");
             deletedList = joinLists(deletedList, oldDeletedList);
         }
 
@@ -3046,8 +3043,8 @@ public class PublisherAdminServlet extends AdminServlet {
     }
 
     // convenience routine.
-    private static void restore(IConfigStore store, 
-        String id, NameValuePairs saveParams) {
+    private static void restore(IConfigStore store,
+            String id, NameValuePairs saveParams) {
         store.removeSubStore(id);
         IConfigStore rstore = store.makeSubStore(id);
 
@@ -3057,7 +3054,7 @@ public class PublisherAdminServlet extends AdminServlet {
             String key = (String) keys.nextElement();
             String value = saveParams.getValue(key);
 
-            if (value != null) 
+            if (value != null)
                 rstore.put(key, value);
         }
     }
@@ -3078,7 +3075,7 @@ public class PublisherAdminServlet extends AdminServlet {
     public void log(int level, String msg) {
         if (mLogger == null)
             return;
-        mLogger.log(ILogger.EV_SYSTEM, 
-            ILogger.S_LDAP, level, "PublishingAdminServlet: " + msg);
+        mLogger.log(ILogger.EV_SYSTEM,
+                ILogger.S_LDAP, level, "PublishingAdminServlet: " + msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java
index 35bbb91a..cbabe1fd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 
@@ -36,13 +35,12 @@ import com.netscape.certsrv.common.ScopeDef;
 import com.netscape.certsrv.ra.IRegistrationAuthority;
 import com.netscape.certsrv.request.IRequestListener;
 
-
 /**
  * A class representings an administration servlet for Registration
  * Authority. This servlet is responsible to serve RA
  * administrative operations such as configuration parameter
  * updates.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class RAAdminServlet extends AdminServlet {
@@ -94,7 +92,7 @@ public class RAAdminServlet extends AdminServlet {
      * the authenticate manager.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
 
         //get all operational flags
@@ -117,8 +115,8 @@ public class RAAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_GENERAL)) {
@@ -144,8 +142,8 @@ public class RAAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_GENERAL)) {
@@ -157,7 +155,7 @@ public class RAAdminServlet extends AdminServlet {
                 } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) {
                     setNotificationReqCompConfig(req, resp);
                     return;
-                }else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) {
+                } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) {
                     setNotificationRevCompConfig(req, resp);
                     return;
                 } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) {
@@ -179,12 +177,12 @@ public class RAAdminServlet extends AdminServlet {
     /*==========================================================
      * private methods
      *==========================================================*/
-    
+
     /*
      * handle getting completion (cert issued) notification config info
      */
     private void getNotificationCompConfig(HttpServletRequest req,
-        HttpServletResponse resp, IConfigStore rc) throws ServletException,
+            HttpServletResponse resp, IConfigStore rc) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration e = req.getParameterNames();
@@ -203,19 +201,19 @@ public class RAAdminServlet extends AdminServlet {
             params.add(name, rc.getString(name, ""));
         }
 
-        params.add(Constants.PR_ENABLE, 
-            rc.getString(PROP_ENABLED, Constants.FALSE));
+        params.add(Constants.PR_ENABLE,
+                rc.getString(PROP_ENABLED, Constants.FALSE));
         //System.out.println("Send: "+params.toString());
         sendResponse(SUCCESS, null, params, resp);
     }
 
     private void getNotificationReqCompConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         IConfigStore config = mRA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE);
 
@@ -224,12 +222,12 @@ public class RAAdminServlet extends AdminServlet {
     }
 
     private void getNotificationRevCompConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         IConfigStore config = mRA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE);
 
@@ -241,14 +239,14 @@ public class RAAdminServlet extends AdminServlet {
      * handle getting request in queue notification config info
      */
     private void getNotificationRIQConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
 
         IConfigStore config = mRA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE);
 
@@ -268,8 +266,8 @@ public class RAAdminServlet extends AdminServlet {
             params.add(name, riq.getString(name, ""));
         }
 
-        params.add(Constants.PR_ENABLE, 
-            riq.getString(PROP_ENABLED, Constants.FALSE));
+        params.add(Constants.PR_ENABLE,
+                riq.getString(PROP_ENABLED, Constants.FALSE));
         //System.out.println("Send: "+params.toString());
         sendResponse(SUCCESS, null, params, resp);
     }
@@ -278,11 +276,11 @@ public class RAAdminServlet extends AdminServlet {
      * handle setting request in queue notification config info
      */
     private void setNotificationRIQConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore config = mRA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE);
 
@@ -321,7 +319,7 @@ public class RAAdminServlet extends AdminServlet {
      * handle setting request complete notification config info
      */
     private void setNotificationCompConfig(HttpServletRequest req,
-        HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException,
+            HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException,
             IOException, EBaseException {
         //set rest of the parameters
         Enumeration e = req.getParameterNames();
@@ -355,24 +353,24 @@ public class RAAdminServlet extends AdminServlet {
     }
 
     private void setNotificationReqCompConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore config = mRA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE);
 
         setNotificationCompConfig(req, resp, rc, mRA.getCertIssuedListener());
- 
+
     }
 
     private void setNotificationRevCompConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore config = mRA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE);
 
@@ -380,7 +378,7 @@ public class RAAdminServlet extends AdminServlet {
     }
 
     private void getConnectorConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore raConfig = mRA.getConfigStore();
         IConfigStore connectorConfig = raConfig.getSubStore("connector");
@@ -427,13 +425,13 @@ public class RAAdminServlet extends AdminServlet {
     }
 
     private void setConnectorConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         IConfigStore raConfig = mRA.getConfigStore();
         IConfigStore connectorConfig = raConfig.getSubStore("connector");
         IConfigStore caConnectorConfig = null;
- //       String nickname = raConfig.getString("certNickname", "");
+        //       String nickname = raConfig.getString("certNickname", "");
 
         if (isCAConnector(req)) {
             caConnectorConfig = connectorConfig.getSubStore("CA");
@@ -455,12 +453,12 @@ public class RAAdminServlet extends AdminServlet {
                     continue;
                 if (name.equals(Constants.OP_SCOPE))
                     continue;
-/*
-                if (name.equals("nickName")) {
-                    caConnectorConfig.putString(name, nickname);
-                    continue;
-                }
-*/
+                /*
+                                if (name.equals("nickName")) {
+                                    caConnectorConfig.putString(name, nickname);
+                                    continue;
+                                }
+                */
                 caConnectorConfig.putString(name, req.getParameter(name));
             }
         }
@@ -528,7 +526,7 @@ public class RAAdminServlet extends AdminServlet {
 
     //reading the RA general information
     private void readGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -544,13 +542,13 @@ public class RAAdminServlet extends AdminServlet {
          }
          params.add(Constants.PR_EE_ENABLED, value);
          */
-  
+
         sendResponse(SUCCESS, null, params, resp);
     }
 
     //mdify RA General Information
     private void modifyGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         /*
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java
index 7605eb2e..36cc7100 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 
@@ -41,7 +40,7 @@ import com.netscape.certsrv.registry.IPluginRegistry;
 
 /**
  * This implements the administration servlet for registry subsystem.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class RegistryAdminServlet extends AdminServlet {
@@ -53,8 +52,8 @@ public class RegistryAdminServlet extends AdminServlet {
     public final static String PROP_AUTHORITY = "authority";
 
     private final static String INFO = "RegistryAdminServlet";
-    private final static String PW_PASSWORD_CACHE_ADD = 
-        "PASSWORD_CACHE_ADD";
+    private final static String PW_PASSWORD_CACHE_ADD =
+            "PASSWORD_CACHE_ADD";
 
     public final static String PROP_PREDICATE = "predicate";
     private IAuthority mAuthority = null;
@@ -104,8 +103,8 @@ public class RegistryAdminServlet extends AdminServlet {
      * Serves HTTP admin request.
      */
     public void service(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         super.service(req, resp);
 
         super.authenticate(req);
@@ -113,7 +112,7 @@ public class RegistryAdminServlet extends AdminServlet {
         AUTHZ_RES_NAME = "certServer.registry.configuration";
         String scope = req.getParameter(Constants.OP_SCOPE);
         String op = req.getParameter(Constants.OP_TYPE);
-    
+
         if (scope.equals(ScopeDef.SC_SUPPORTED_CONSTRAINTPOLICIES)) {
             if (op.equals(OpDef.OP_READ))
                 if (!readAuthorize(req, resp))
@@ -124,25 +123,25 @@ public class RegistryAdminServlet extends AdminServlet {
         }
     }
 
-    private boolean readAuthorize(HttpServletRequest req, 
-        HttpServletResponse resp) throws IOException {
+    private boolean readAuthorize(HttpServletRequest req,
+            HttpServletResponse resp) throws IOException {
         mOp = "read";
         if ((mToken = super.authorize(req)) == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                    null, resp);
             return false;
         }
         return true;
     }
 
-    private boolean modifyAuthorize(HttpServletRequest req, 
-        HttpServletResponse resp) throws IOException {
+    private boolean modifyAuthorize(HttpServletRequest req,
+            HttpServletResponse resp) throws IOException {
         mOp = "modify";
         if ((mToken = super.authorize(req)) == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                    null, resp);
             return false;
         }
         return true;
@@ -152,8 +151,8 @@ public class RegistryAdminServlet extends AdminServlet {
      * Process Policy Implementation Management.
      */
     public void processImplMgmt(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
         String scope = req.getParameter(Constants.OP_SCOPE);
@@ -176,16 +175,16 @@ public class RegistryAdminServlet extends AdminServlet {
             addImpl(req, resp);
         } else
             sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
-                null, resp);
+                    null, resp);
     }
 
     public void addImpl(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
 
         // Get the policy impl id.
         String id = req.getParameter(Constants.RS_ID);
-        String scope = req.getParameter(Constants.OP_SCOPE); 
+        String scope = req.getParameter(Constants.OP_SCOPE);
         String classPath = req.getParameter(Constants.PR_POLICY_CLASS);
         String desc = req.getParameter(Constants.PR_POLICY_DESC);
 
@@ -198,17 +197,17 @@ public class RegistryAdminServlet extends AdminServlet {
 
         IPluginInfo info = mRegistry.createPluginInfo(id, desc, classPath);
         try {
-          mRegistry.addPluginInfo(scope, id, info);
+            mRegistry.addPluginInfo(scope, id, info);
         } catch (Exception e) {
-          CMS.debug(e.toString());
+            CMS.debug(e.toString());
         }
 
         sendResponse(SUCCESS, null, nvp, resp);
     }
 
     public void deleteImpl(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
 
         // Get the policy impl id.
         String id = req.getParameter(Constants.RS_ID);
@@ -225,13 +224,13 @@ public class RegistryAdminServlet extends AdminServlet {
             sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
             return;
         }
-       
+
         NameValuePairs nvp = new NameValuePairs();
 
         try {
-          mRegistry.removePluginInfo(scope, id);
+            mRegistry.removePluginInfo(scope, id);
         } catch (Exception e) {
-          CMS.debug(e.toString());
+            CMS.debug(e.toString());
         }
 
         sendResponse(SUCCESS, null, nvp, resp);
@@ -241,26 +240,26 @@ public class RegistryAdminServlet extends AdminServlet {
      * Lists all registered profile impementations
      */
     public void listImpls(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
 
         String scope = req.getParameter(Constants.OP_SCOPE);
         Enumeration<String> impls = mRegistry.getIds(scope);
         NameValuePairs nvp = new NameValuePairs();
 
         while (impls.hasMoreElements()) {
-            String id =  impls.nextElement();
+            String id = impls.nextElement();
             IPluginInfo info = mRegistry.getPluginInfo(scope, id);
 
-            nvp.add(id, info.getClassName() + "," + 
-                info.getDescription(getLocale(req)) + "," + info.getName(getLocale(req)));
-        } 
+            nvp.add(id, info.getClassName() + "," +
+                    info.getDescription(getLocale(req)) + "," + info.getName(getLocale(req)));
+        }
 
         sendResponse(SUCCESS, null, nvp, resp);
     }
 
-    public void getSupportedConstraintPolicies(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, IOException {
+    public void getSupportedConstraintPolicies(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException, IOException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
@@ -273,7 +272,7 @@ public class RegistryAdminServlet extends AdminServlet {
             IPluginInfo info = mRegistry.getPluginInfo("defaultPolicy", id);
             String className = info.getClassName();
             IPolicyDefault policyDefaultClass = (IPolicyDefault)
-                Class.forName(className).newInstance();
+                    Class.forName(className).newInstance();
 
             if (policyDefaultClass != null) {
                 Enumeration<String> impls = mRegistry.getIds("constraintPolicy");
@@ -283,14 +282,14 @@ public class RegistryAdminServlet extends AdminServlet {
                     IPluginInfo constraintInfo = mRegistry.getPluginInfo(
                             "constraintPolicy", constraintID);
                     IPolicyConstraint policyConstraintClass = (IPolicyConstraint)
-                        Class.forName(constraintInfo.getClassName()).newInstance();
+                            Class.forName(constraintInfo.getClassName()).newInstance();
 
                     CMS.debug("RegistryAdminServlet: getSUpportedConstraint " + constraintInfo.getClassName());
 
                     if (policyConstraintClass.isApplicable(policyDefaultClass)) {
                         CMS.debug("RegistryAdminServlet: getSUpportedConstraint isApplicable " + constraintInfo.getClassName());
                         nvp.add(constraintID, constraintInfo.getClassName() + "," +
-                            constraintInfo.getDescription(getLocale(req)) + "," + constraintInfo.getName(getLocale(req)));
+                                constraintInfo.getDescription(getLocale(req)) + "," + constraintInfo.getName(getLocale(req)));
                     }
                 }
             }
@@ -302,8 +301,8 @@ public class RegistryAdminServlet extends AdminServlet {
     }
 
     public void getProfileImplConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
 
         // Get the policy impl id.
         String id = req.getParameter(Constants.RS_ID);
@@ -320,7 +319,7 @@ public class RegistryAdminServlet extends AdminServlet {
             sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
             return;
         }
-       
+
         NameValuePairs nvp = new NameValuePairs();
 
         String className = info.getClassName();
@@ -337,19 +336,19 @@ public class RegistryAdminServlet extends AdminServlet {
             if (names != null) {
                 while (names.hasMoreElements()) {
                     String name = names.nextElement();
-                        CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " + name);
+                    CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " + name);
                     IDescriptor desc = template.getConfigDescriptor(getLocale(req), name);
 
                     if (desc != null) {
-                      try {
-                        String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue());
-
-                        CMS.debug("RegistryAdminServlet: getProfileImpl " + value);
-                        nvp.add(name, value);
-                      } catch (Exception e) {
-                  
-                        CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " + name);
-                      }
+                        try {
+                            String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue());
+
+                            CMS.debug("RegistryAdminServlet: getProfileImpl " + value);
+                            nvp.add(name, value);
+                        } catch (Exception e) {
+
+                            CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " + name);
+                        }
                     } else {
                         CMS.debug("RegistryAdminServlet: getProfileImpl cannot find descriptor for " + name);
                     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
index fe8d1826..799638e8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateExpiredException;
@@ -58,16 +57,15 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
 import com.netscape.cmsutil.util.Cert;
 
-
 /**
- * A class representing an administration servlet for 
+ * A class representing an administration servlet for
  * User/Group Manager. It communicates with client
  * SDK to allow remote administration of User/Group
  * manager.
- *
- * This servlet will be registered to remote 
+ * 
+ * This servlet will be registered to remote
  * administration subsystem by usrgrp manager.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UsrGrpAdminServlet extends AdminServlet {
@@ -88,17 +86,16 @@ public class UsrGrpAdminServlet extends AdminServlet {
     private final static String BACK_SLASH = "\\";
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
-        "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
 
     private IUGSubsystem mMgr = null;
 
     private IAuthzSubsystem mAuthz = null;
 
-    private static String [] mMultiRoleGroupEnforceList = null;
-    private final static String MULTI_ROLE_ENABLE= "multiroles.enable";
+    private static String[] mMultiRoleGroupEnforceList = null;
+    private final static String MULTI_ROLE_ENABLE = "multiroles.enable";
     private final static String MULTI_ROLE_ENFORCE_GROUP_LIST = "multiroles.false.groupEnforceList";
 
-
     /**
      * Constructs User/Group manager servlet.
      */
@@ -126,7 +123,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
      * Serves incoming User/Group management request.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
 
         String scope = super.getParameter(req, Constants.OP_SCOPE);
@@ -134,9 +131,9 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
         if (op == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL"));
-            sendResponse(ERROR, 
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                null, resp);
+            sendResponse(ERROR,
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+                    null, resp);
             return;
         }
 
@@ -148,7 +145,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"));
 
             sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
-                null, resp);
+                    null, resp);
             return;
         }
 
@@ -181,30 +178,29 @@ public class UsrGrpAdminServlet extends AdminServlet {
          }
          */
 
-
         try {
             ISubsystem subsystem = CMS.getSubsystem("ca");
-            if (subsystem != null) 
+            if (subsystem != null)
                 AUTHZ_RES_NAME = RES_CA_GROUP;
             subsystem = CMS.getSubsystem("ra");
-            if (subsystem != null) 
+            if (subsystem != null)
                 AUTHZ_RES_NAME = RES_RA_GROUP;
             subsystem = CMS.getSubsystem("kra");
-            if (subsystem != null) 
+            if (subsystem != null)
                 AUTHZ_RES_NAME = RES_KRA_GROUP;
             subsystem = CMS.getSubsystem("ocsp");
-            if (subsystem != null) 
+            if (subsystem != null)
                 AUTHZ_RES_NAME = RES_OCSP_GROUP;
             subsystem = CMS.getSubsystem("tks");
-            if (subsystem != null) 
+            if (subsystem != null)
                 AUTHZ_RES_NAME = RES_TKS_GROUP;
             if (scope != null) {
                 if (scope.equals(ScopeDef.SC_USER_TYPE)) {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
 
@@ -216,8 +212,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -234,8 +230,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -252,8 +248,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -270,8 +266,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -285,8 +281,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -296,11 +292,11 @@ public class UsrGrpAdminServlet extends AdminServlet {
                         findUsers(req, resp);
                         return;
                     } else {
-                        log(ILogger.LL_FAILURE, 
-                            CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE"));
+                        log(ILogger.LL_FAILURE,
+                                CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE"));
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 }
@@ -308,21 +304,21 @@ public class UsrGrpAdminServlet extends AdminServlet {
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, e.toString());
             sendResponse(ERROR, e.toString(getLocale(req)),
-                null, resp);
+                    null, resp);
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE, e.toString());
             log(ILogger.LL_FAILURE, CMS.getLogMessage(" ADMIN_SRVLT_FAIL_PERFORM"));
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+                    null, resp);
             return;
         }
     }
 
     private void getUserType(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException { 
+            HttpServletResponse resp) throws ServletException,
+            IOException, EBaseException {
 
         String id = super.getParameter(req, Constants.RS_ID);
         IUser user = mMgr.getUser(id);
@@ -337,14 +333,14 @@ public class UsrGrpAdminServlet extends AdminServlet {
     }
 
     /**
-     * Searches for users in LDAP directory.  List uids only
-     *
+     * Searches for users in LDAP directory. List uids only
+     * 
      * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      */
-    private synchronized void findUsers(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void findUsers(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -355,7 +351,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
             e = mMgr.listUsers("*");
         } catch (Exception ex) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
             return;
         }
 
@@ -384,15 +380,15 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
     /**
      * List user information. Certificates covered in a separate
-     *	 protocol for findUserCerts().  List of group memberships are
-     *	 also provided.
-     *
+     * protocol for findUserCerts(). List of group memberships are
+     * also provided.
+     * 
      * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      */
-    private synchronized void findUser(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void findUser(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         //get id first
@@ -402,8 +398,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
 
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -416,7 +412,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
         } catch (Exception e) {
             e.printStackTrace();
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
             return;
         }
 
@@ -435,7 +431,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
             } catch (Exception ex) {
                 ex.printStackTrace();
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
                 return;
             }
 
@@ -445,7 +441,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 IGroup group = (IGroup) e.nextElement();
 
                 if (group.isMember(id) == true) {
-                    if (grpString.length()!=0) {
+                    if (grpString.length() != 0) {
                         grpString.append(",");
                     }
                     grpString.append(group.getGroupID());
@@ -461,20 +457,20 @@ public class UsrGrpAdminServlet extends AdminServlet {
         log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
 
         sendResponse(ERROR,
-            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
+                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
         return;
     }
 
     /**
      * List user certificate(s)
-     *
+     * 
      * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      */
-    private synchronized void findUserCerts(HttpServletRequest req, 
-        HttpServletResponse resp, Locale clientLocale)
-        throws ServletException, 
+    private synchronized void findUserCerts(HttpServletRequest req,
+            HttpServletResponse resp, Locale clientLocale)
+            throws ServletException,
             IOException, EBaseException {
 
         //get id first
@@ -484,8 +480,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
 
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -498,7 +494,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
         } catch (Exception e) {
             e.printStackTrace();
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
             return;
         }
 
@@ -506,23 +502,23 @@ public class UsrGrpAdminServlet extends AdminServlet {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
 
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
             return;
         }
 
         X509Certificate[] certs =
-            (X509Certificate[]) user.getX509Certificates();
+                (X509Certificate[]) user.getX509Certificates();
 
         if (certs != null) {
             for (int i = 0; i < certs.length; i++) {
                 ICertPrettyPrint print = CMS.getCertPrettyPrint(certs[i]);
 
-		// add base64 encoding
-		String base64 = CMS.getEncodedCert(certs[i]);	
-		
+                // add base64 encoding
+                String base64 = CMS.getEncodedCert(certs[i]);
+
                 // pretty print certs
                 params.add(getCertificateString(certs[i]),
-                    print.toString(clientLocale) + "\n" + base64);
+                        print.toString(clientLocale) + "\n" + base64);
             }
             sendResponse(SUCCESS, null, params, resp);
             return;
@@ -542,18 +538,18 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
         // note that it did not represent a certificate fully
         return cert.getVersion() + ";" + cert.getSerialNumber().toString() +
-            ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
+                ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
     }
 
     /**
      * Searchess for groups in LDAP server
-     *
+     * 
      * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#group
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#group
      */
-    private synchronized void findGroups(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void findGroups(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
@@ -584,11 +580,11 @@ public class UsrGrpAdminServlet extends AdminServlet {
     /**
      * finds a group
      * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      */
-    private synchronized void findGroup(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void findGroup(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
@@ -599,8 +595,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
 
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -619,14 +615,14 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
             params.add(Constants.PR_GROUP_GROUP, group.getGroupID());
             params.add(Constants.PR_GROUP_DESC,
-                group.getDescription());
+                    group.getDescription());
 
             Enumeration members = group.getMemberNames();
             StringBuffer membersString = new StringBuffer();
 
             if (members != null) {
                 while (members.hasMoreElements()) {
-                    if (membersString.length()!=0) {
+                    if (membersString.length() != 0) {
                         membersString.append(", ");
                     }
 
@@ -644,7 +640,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
 
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp);
             return;
 
         }
@@ -653,24 +649,22 @@ public class UsrGrpAdminServlet extends AdminServlet {
     /**
      * Adds a new user to LDAP server
      * <P>
-     *
-     * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * 
+     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
-     * role information (anything under users/groups)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void addUser(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void addUser(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -694,8 +688,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -713,8 +707,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_RS_ID_BS"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_RS_ID_BS"),
+                        null, resp);
                 return;
             }
 
@@ -732,8 +726,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_SPECIAL_ID", id),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_SPECIAL_ID", id),
+                        null, resp);
                 return;
             }
 
@@ -756,7 +750,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
                 sendResponse(ERROR, msg, null, resp);
                 return;
-            } else 
+            } else
                 user.setFullName(fname);
 
             String email = super.getParameter(req, Constants.PR_USER_EMAIL);
@@ -835,10 +829,10 @@ public class UsrGrpAdminServlet extends AdminServlet {
                         audit(auditMessage);
 
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
                         return;
                     }
-				
+
                     if (e.hasMoreElements()) {
                         IGroup group = (IGroup) e.nextElement();
 
@@ -858,18 +852,18 @@ public class UsrGrpAdminServlet extends AdminServlet {
                             audit(auditMessage);
 
                             sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+                                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
                             return;
                         }
                     }
                     // for audit log
                     SessionContext sContext = SessionContext.getContext();
                     String adminId = (String) sContext.get(SessionContext.USER_ID);
-				
+
                     mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                        AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
-                        new Object[] {adminId, id, groupName}
-                    );
+                            AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
+                            new Object[] { adminId, id, groupName }
+                            );
                 }
 
                 NameValuePairs params = new NameValuePairs();
@@ -899,10 +893,10 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
                 if (user.getUserID() == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp);
                 } else {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
                 }
                 return;
             } catch (LDAPException e) {
@@ -920,7 +914,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
                 return;
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE, e.toString());
@@ -935,7 +929,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
                 return;
             }
         } catch (EBaseException eAudit1) {
@@ -980,24 +974,22 @@ public class UsrGrpAdminServlet extends AdminServlet {
     /**
      * Adds a certificate to a user
      * <P>
-     *
-     * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * 
+     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
-     * role information (anything under users/groups)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void addUserCert(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void addUserCert(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -1021,8 +1013,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1068,7 +1060,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
                 try {
                     CryptoManager manager = CryptoManager.getInstance();
-			
+
                     PKCS7 pkcs7 = new PKCS7(p7Cert);
 
                     X509Certificate p7certs[] = pkcs7.getCertificates();
@@ -1084,7 +1076,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                         audit(auditMessage);
 
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
                         return;
                     }
                     // fix for 370099 - cert ordering can not be assumed
@@ -1095,7 +1087,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     // the ordering
                     if (p7certs[0].getSubjectDN().toString().equals(
                             p7certs[0].getIssuerDN().toString()) &&
-                        (p7certs.length == 1)) {
+                            (p7certs.length == 1)) {
                         certs[0] = p7certs[0];
                         CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_SINGLE_CERT_IMPORT"));
                     } else if (p7certs[0].getIssuerDN().toString().equals(p7certs[1].getSubjectDN().toString())) {
@@ -1119,7 +1111,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                         audit(auditMessage);
 
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
                         return;
                     }
 
@@ -1140,8 +1132,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     for (j = jBegin; j < jEnd; j++) {
                         CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_IN_CHAIN", String.valueOf(j), String.valueOf(p7certs[j].getSubjectDN())));
                         org.mozilla.jss.crypto.X509Certificate leafCert =
-                            null;
-				
+                                null;
+
                         leafCert =
                                 manager.importCACertPackage(p7certs[j].getEncoded());
 
@@ -1152,10 +1144,10 @@ public class UsrGrpAdminServlet extends AdminServlet {
                         }
 
                         if (leafCert instanceof InternalCertificate) {
-                            ((InternalCertificate) leafCert).setSSLTrust(	
-                                InternalCertificate.VALID_CA |
-                                InternalCertificate.TRUSTED_CA |
-                                InternalCertificate.TRUSTED_CLIENT_CA);
+                            ((InternalCertificate) leafCert).setSSLTrust(
+                                    InternalCertificate.VALID_CA |
+                                            InternalCertificate.TRUSTED_CA |
+                                            InternalCertificate.TRUSTED_CLIENT_CA);
                         } else {
                             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NOT_INTERNAL_CERT",
                                     String.valueOf(p7certs[j].getSubjectDN())));
@@ -1182,7 +1174,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     audit(auditMessage);
 
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
                     return;
                 }
             } catch (Exception e) {
@@ -1198,7 +1190,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp);
                 return;
             }
 
@@ -1236,10 +1228,10 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp);
                 return;
             } catch (CertificateNotYetValidException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID", 
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID",
                         String.valueOf(certs[0].getSubjectDN())));
 
                 // store a message in the signed audit log file
@@ -1252,7 +1244,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp);
                 return;
 
             } catch (LDAPException e) {
@@ -1265,13 +1257,12 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
                 audit(auditMessage);
 
-                if (e.getLDAPResultCode() ==
-                    LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
+                if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp);
                 } else {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
                 }
                 return;
             } catch (Exception e) {
@@ -1287,7 +1278,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
                 return;
             }
             // } catch( EBaseException eAudit1 ) {
@@ -1332,28 +1323,25 @@ public class UsrGrpAdminServlet extends AdminServlet {
     /**
      * Removes a certificate for a user
      * <P>
-     *
-     * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * 
+     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin
      * <P>
-     *
-     * In this method, "certDN" is actually a combination of version,
-     *	 serialNumber, issuerDN, and SubjectDN.
+     * 
+     * In this method, "certDN" is actually a combination of version, serialNumber, issuerDN, and SubjectDN.
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
-     * role information (anything under users/groups)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void modifyUserCert(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void modifyUserCert(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -1377,8 +1365,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1431,7 +1419,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
                 return;
             }
             // } catch( EBaseException eAudit1 ) {
@@ -1474,29 +1462,27 @@ public class UsrGrpAdminServlet extends AdminServlet {
     }
 
     /**
-     * removes a user.  user not removed if belongs to any group
-     *	 (Administrators should remove the user from "uniquemember" of
-     *	 any group he/she belongs to before trying to remove the user
-     *	 itself.
+     * removes a user. user not removed if belongs to any group
+     * (Administrators should remove the user from "uniquemember" of
+     * any group he/she belongs to before trying to remove the user
+     * itself.
      * <P>
-     *
-     * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * 
+     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
-     * role information (anything under users/groups)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void removeUser(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void removeUser(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -1528,8 +1514,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
             // get list of groups, and see if uid belongs to any
@@ -1570,8 +1556,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                         audit(auditMessage);
 
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"),
+                                null, resp);
                         return;
                     }
                 }
@@ -1604,7 +1590,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp);
                 return;
             }
         } catch (EBaseException eAudit1) {
@@ -1649,24 +1635,22 @@ public class UsrGrpAdminServlet extends AdminServlet {
     /**
      * Adds a new group in local scope.
      * <P>
-     *
-     * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#group
+     * 
+     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#group
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
-     * role information (anything under users/groups)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void addGroup(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void addGroup(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -1691,8 +1675,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1743,8 +1727,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_ADD_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_ADD_FAILED"),
+                        null, resp);
                 return;
             }
         } catch (EBaseException eAudit1) {
@@ -1789,24 +1773,22 @@ public class UsrGrpAdminServlet extends AdminServlet {
     /**
      * removes a group
      * <P>
-     *
-     * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#group
+     * 
+     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#group
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
-     * role information (anything under users/groups)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void removeGroup(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void removeGroup(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -1831,8 +1813,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1892,27 +1874,25 @@ public class UsrGrpAdminServlet extends AdminServlet {
     /**
      * modifies a group
      * <P>
-     *
-     *  last person of the super power group "Certificate
-     *	 Server Administrators" can never be removed.
+     * 
+     * last person of the super power group "Certificate Server Administrators" can never be removed.
      * <P>
-     *
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#group
+     * 
+     * http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#group
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
-     * role information (anything under users/groups)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void modifyGroup(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void modifyGroup(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -1937,8 +1917,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1968,7 +1948,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     if (multiRole) {
                         group.addMemberName(memberName);
                     } else {
-                        if( isGroupInMultiRoleEnforceList(groupName)) {
+                        if (isGroupInMultiRoleEnforceList(groupName)) {
                             if (!isDuplicate(groupName, memberName)) {
                                 group.addMemberName(memberName);
                             } else {
@@ -2019,8 +1999,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_MODIFY_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_MODIFY_FAILED"),
+                        null, resp);
                 return;
             }
         } catch (EBaseException eAudit1) {
@@ -2062,36 +2042,35 @@ public class UsrGrpAdminServlet extends AdminServlet {
         }
     }
 
-    private boolean isGroupInMultiRoleEnforceList(String groupName)
-    {
+    private boolean isGroupInMultiRoleEnforceList(String groupName) {
         String groupList = null;
 
         if (groupName == null || groupName.equals("")) {
             return true;
         }
         if (mMultiRoleGroupEnforceList == null) {
-           try {
-               groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST); 
-           } catch (Exception e) {
-           }
-
-           if (groupList != null && !groupList.equals("")) {
-               mMultiRoleGroupEnforceList = groupList.split(",");
-               for (int j = 0 ; j < mMultiRoleGroupEnforceList.length; j++) {
-                   mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j].trim();
-               }
-           }
-       }
-
-       if (mMultiRoleGroupEnforceList == null)
-           return true;
-
-       for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) {
-           if (groupName.equals(mMultiRoleGroupEnforceList[i])) {
-               return true;
-           }
-       }
-       return false;
+            try {
+                groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST);
+            } catch (Exception e) {
+            }
+
+            if (groupList != null && !groupList.equals("")) {
+                mMultiRoleGroupEnforceList = groupList.split(",");
+                for (int j = 0; j < mMultiRoleGroupEnforceList.length; j++) {
+                    mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j].trim();
+                }
+            }
+        }
+
+        if (mMultiRoleGroupEnforceList == null)
+            return true;
+
+        for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) {
+            if (groupName.equals(mMultiRoleGroupEnforceList[i])) {
+                return true;
+            }
+        }
+        return false;
     }
 
     private boolean isDuplicate(String groupName, String memberName) {
@@ -2100,7 +2079,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
         // Let's not mess with users that are already a member of this group
         boolean isMember = false;
         try {
-            isMember = mMgr.isMemberOf(memberName,groupName);
+            isMember = mMgr.isMemberOf(memberName, groupName);
         } catch (Exception e) {
         }
 
@@ -2134,24 +2113,22 @@ public class UsrGrpAdminServlet extends AdminServlet {
     /**
      * Modifies an existing user in local scope.
      * <P>
-     *
-     * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * 
+     * Request/Response Syntax: http://warp.mcom.com/server/certificate/columbo/design/ ui/admin-protocol-definition.html#user-admin
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
-     * role information (anything under users/groups)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring role information (anything under users/groups)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void modifyUser(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void modifyUser(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -2176,8 +2153,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -2186,7 +2163,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
             if ((fname == null) || (fname.length() == 0)) {
                 String msg =
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED", "full name");
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED", "full name");
 
                 log(ILogger.LL_FAILURE, msg);
 
@@ -2270,7 +2247,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
                 return;
             }
         } catch (EBaseException eAudit1) {
@@ -2316,6 +2293,6 @@ public class UsrGrpAdminServlet extends AdminServlet {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_USRGRP,
-            level, "UsrGrpAdminServlet: " + msg);
+                level, "UsrGrpAdminServlet: " + msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
index 696b091e..d4b5495a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
@@ -99,10 +99,9 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 import com.netscape.cms.servlet.common.Utils;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 /**
  * This is the base class of all CS servlet.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public abstract class CMSServlet extends HttpServlet {
@@ -127,76 +126,55 @@ public abstract class CMSServlet extends HttpServlet {
     public final static String AUTHZ_CONFIG_STORE = "authz";
     public final static String AUTHZ_SRC_XML = "web.xml";
     public final static String PROP_AUTHZ_MGR = "AuthzMgr";
-    public final static String PROP_ACL = "ACLinfo";    
+    public final static String PROP_ACL = "ACLinfo";
     public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz";
     public final static String AUTHZ_MGR_LDAP = "DirAclAuthz";
     private final static String FAILED = "1";
     private final static String HDR_LANG = "accept-language";
-	
+
     // final error message - if error and exception templates don't work 
     // send out this text string directly to output.
 
     public final static String PROP_FINAL_ERROR_MSG = "finalErrorMsg";
     public final static String ERROR_MSG_TOKEN = "$ERROR_MSG";
-    public final static String FINAL_ERROR_MSG = 
-        "<HTML>\n" +
-        "<BODY BGCOLOR=white>\n" +
-        "<P>\n" +
-        "The Certificate System has encountered " +
-        "an unrecoverable error.\n" +
-        "<P>\n" +
-        "Error Message:<BR>\n" +
-        "<I>$ERROR_MSG</I>\n" +
-        "<P>\n" +
-        "Please contact your local administrator for assistance.\n" +
-        "</BODY>\n" +
-        "</HTML>\n";
+    public final static String FINAL_ERROR_MSG =
+            "<HTML>\n" +
+                    "<BODY BGCOLOR=white>\n" +
+                    "<P>\n" +
+                    "The Certificate System has encountered " +
+                    "an unrecoverable error.\n" +
+                    "<P>\n" +
+                    "Error Message:<BR>\n" +
+                    "<I>$ERROR_MSG</I>\n" +
+                    "<P>\n" +
+                    "Please contact your local administrator for assistance.\n" +
+                    "</BODY>\n" +
+                    "</HTML>\n";
 
     // properties from configuration.
 
-    protected final static String 
-        PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate";
-    protected final static String 
-        UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template";
-    protected final static String 
-        PROP_SUCCESS_TEMPLATE = "successTemplate";
-    protected final static String 
-        SUCCESS_TEMPLATE = "/GenSuccess.template";
-    protected final static String 
-        PROP_PENDING_TEMPLATE = "pendingTemplate";
-    protected final static String 
-        PENDING_TEMPLATE = "/GenPending.template";
-    protected final static String 
-        PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate";
-    protected final static String 
-        SVC_PENDING_TEMPLATE = "/GenSvcPending.template";
-    protected final static String 
-        PROP_REJECTED_TEMPLATE = "rejectedTemplate";
-    protected final static String 
-        REJECTED_TEMPLATE = "/GenRejected.template";
-    protected final static String 
-        PROP_ERROR_TEMPLATE = "errorTemplate";
-    protected final static String 
-        ERROR_TEMPLATE = "/GenError.template";
-    protected final static String 
-        PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate"; 
-    protected final static String 
-        EXCEPTION_TEMPLATE = "/GenUnexpectedError.template";
-
-    private final static String 
-        PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller"; 
-    protected final static String 
-        PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller"; 
-    private final static String 
-        PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller"; 
-    private final static String 
-        PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller"; 
-    private final static String 
-        PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller"; 
-    private final static String 
-        PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller"; 
-    private final static String 
-        PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller"; 
+    protected final static String PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate";
+    protected final static String UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template";
+    protected final static String PROP_SUCCESS_TEMPLATE = "successTemplate";
+    protected final static String SUCCESS_TEMPLATE = "/GenSuccess.template";
+    protected final static String PROP_PENDING_TEMPLATE = "pendingTemplate";
+    protected final static String PENDING_TEMPLATE = "/GenPending.template";
+    protected final static String PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate";
+    protected final static String SVC_PENDING_TEMPLATE = "/GenSvcPending.template";
+    protected final static String PROP_REJECTED_TEMPLATE = "rejectedTemplate";
+    protected final static String REJECTED_TEMPLATE = "/GenRejected.template";
+    protected final static String PROP_ERROR_TEMPLATE = "errorTemplate";
+    protected final static String ERROR_TEMPLATE = "/GenError.template";
+    protected final static String PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate";
+    protected final static String EXCEPTION_TEMPLATE = "/GenUnexpectedError.template";
+
+    private final static String PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller";
+    protected final static String PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller";
+    private final static String PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller";
+    private final static String PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller";
+    private final static String PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller";
+    private final static String PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller";
+    private final static String PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller";
 
     protected final static String RA_AGENT_GROUP = "Registration Manager Agents";
     protected final static String CA_AGENT_GROUP = "Certificate Manager Agents";
@@ -206,25 +184,18 @@ public abstract class CMSServlet extends HttpServlet {
     protected final static String ADMIN_GROUP = "Administrators";
 
     // default http params NOT to save in request.(config values added to list )
-    private static final String 
-        PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams";
-    private static final String[] 
-        DONT_SAVE_HTTP_PARAMS = { "pwd", "password", "passwd", 
+    private static final String PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams";
+    private static final String[] DONT_SAVE_HTTP_PARAMS = { "pwd", "password", "passwd",
             "challengePassword", "confirmChallengePassword" };
 
     // default http headers to save in request. (config values added to list)
-    private static final String 
-        PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders";
-    private static final String[] 
-        SAVE_HTTP_HEADERS = { "accept-language", "user-agent", };
+    private static final String PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders";
+    private static final String[] SAVE_HTTP_HEADERS = { "accept-language", "user-agent", };
 
     // request prefixes to distinguish from other request attributes.
-    public static final String 
-        PFX_HTTP_HEADER = "HTTP_HEADER";
-    public static final String 
-        PFX_HTTP_PARAM = "HTTP_PARAM";
-    public static final String 
-        PFX_AUTH_TOKEN = "AUTH_TOKEN";
+    public static final String PFX_HTTP_HEADER = "HTTP_HEADER";
+    public static final String PFX_HTTP_PARAM = "HTTP_PARAM";
+    public static final String PFX_AUTH_TOKEN = "AUTH_TOKEN";
 
     /* input http params */
     protected final static String AUTHMGR_PARAM = "authenticator";
@@ -232,8 +203,8 @@ public abstract class CMSServlet extends HttpServlet {
     /* fixed credential passed to auth managers */
     protected final static String CERT_AUTH_CRED = "sslClientCert";
 
-    public static final String CERT_ATTR = 
-        "javax.servlet.request.X509Certificate";
+    public static final String CERT_ATTR =
+            "javax.servlet.request.X509Certificate";
 
     // members. 
 
@@ -243,7 +214,7 @@ public abstract class CMSServlet extends HttpServlet {
 
     protected ServletConfig mServletConfig = null;
     protected ServletContext mServletContext = null;
-    private   CMSFileLoader mFileLoader = null;
+    private CMSFileLoader mFileLoader = null;
 
     protected Vector<String> mDontSaveHttpParams = new Vector<String>();
     protected Vector<String> mSaveHttpHeaders = new Vector<String>();
@@ -258,7 +229,7 @@ public abstract class CMSServlet extends HttpServlet {
     // system logger.
     protected ILogger mLogger = CMS.getLogger();
     protected int mLogCategory = ILogger.S_OTHER;
-    private   MessageDigest mSHADigest = null;
+    private MessageDigest mSHADigest = null;
 
     protected String mGetClientCert = "false";
     protected String mAuthMgr = null;
@@ -270,18 +241,18 @@ public abstract class CMSServlet extends HttpServlet {
     protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
     protected String mOutputTemplatePath = null;
     private IUGSubsystem mUG = (IUGSubsystem)
-        CMS.getSubsystem(CMS.SUBSYSTEM_UG);
+            CMS.getSubsystem(CMS.SUBSYSTEM_UG);
 
     private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
-        "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
+            "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
     private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
+            "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
     private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL =
-        "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
+            "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
     private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
+            "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
     private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
-        "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
+            "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
 
     public CMSServlet() {
     }
@@ -328,33 +299,33 @@ public abstract class CMSServlet extends HttpServlet {
         if (mAuthority != null)
             mRequestQueue = mAuthority.getRequestQueue();
 
-            // set default templates.
+        // set default templates.
         setDefaultTemplates(sc);
 
         // for logging to the right authority category.
         if (mAuthority == null) {
             mLogCategory = ILogger.S_OTHER;
         } else {
-            if (mAuthority instanceof ICertificateAuthority) 
+            if (mAuthority instanceof ICertificateAuthority)
                 mLogCategory = ILogger.S_CA;
-            else if (mAuthority instanceof IRegistrationAuthority) 
+            else if (mAuthority instanceof IRegistrationAuthority)
                 mLogCategory = ILogger.S_RA;
-            else if (mAuthority instanceof IKeyRecoveryAuthority) 
+            else if (mAuthority instanceof IKeyRecoveryAuthority)
                 mLogCategory = ILogger.S_KRA;
-            else 
+            else
                 mLogCategory = ILogger.S_OTHER;
         }
 
         try {
             // get final error message. 
             // used when templates can't even be loaded.
-            String eMsg = 
-                sc.getInitParameter(PROP_FINAL_ERROR_MSG);
+            String eMsg =
+                    sc.getInitParameter(PROP_FINAL_ERROR_MSG);
 
             if (eMsg != null)
                 mFinalErrorMsg = eMsg;
 
-                // get any configured templates.
+            // get any configured templates.
             Enumeration<CMSLoadTemplate> templs = mTemplates.elements();
 
             while (templs.hasMoreElements()) {
@@ -363,13 +334,13 @@ public abstract class CMSServlet extends HttpServlet {
                 if (templ == null || templ.mPropName == null) {
                     continue;
                 }
-                String tName = 
-                    sc.getInitParameter(templ.mPropName);
+                String tName =
+                        sc.getInitParameter(templ.mPropName);
 
                 if (tName != null)
                     templ.mTemplateName = tName;
-                String fillerName = 
-                    sc.getInitParameter(templ.mFillerPropName);
+                String fillerName =
+                        sc.getInitParameter(templ.mFillerPropName);
 
                 if (fillerName != null) {
                     ICMSTemplateFiller filler = newFillerObject(fillerName);
@@ -385,26 +356,26 @@ public abstract class CMSServlet extends HttpServlet {
             getSaveHttpHeaders(sc);
         } catch (Exception e) {
             // should never occur since we provide defaults above. 
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
-                    e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
+                            e.toString()));
             throw new ServletException(e.toString());
         }
 
         try {
             mSHADigest = MessageDigest.getInstance("SHA1");
         } catch (NoSuchAlgorithmException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
-                    e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
+                            e.toString()));
             throw new ServletException(e.toString());
         }
     }
-   
+
     public String getId() {
         return mId;
     }
- 
+
     public String getAuthMgr() {
         return mAuthMgr;
     }
@@ -416,44 +387,43 @@ public abstract class CMSServlet extends HttpServlet {
             return false;
     }
 
-    public void outputHttpParameters(HttpServletRequest httpReq)
-    {
-	CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI());
+    public void outputHttpParameters(HttpServletRequest httpReq) {
+        CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI());
         Enumeration<?> paramNames = httpReq.getParameterNames();
         while (paramNames.hasMoreElements()) {
-            String pn = (String)paramNames.nextElement();
+            String pn = (String) paramNames.nextElement();
             // added this facility so that password can be hidden,
             // all sensitive parameters should be prefixed with 
             // __ (double underscores); however, in the event that
             // a security parameter slips through, we perform multiple
             // additional checks to insure that it is NOT displayed
-            if( pn.startsWith("__")                         ||
-                pn.endsWith("password")                     ||
-                pn.endsWith("passwd")                       ||
-                pn.endsWith("pwd")                          ||
-                pn.equalsIgnoreCase("admin_password_again") ||
-                pn.equalsIgnoreCase("directoryManagerPwd")  ||
-                pn.equalsIgnoreCase("bindpassword")         ||
-                pn.equalsIgnoreCase("bindpwd")              ||
-                pn.equalsIgnoreCase("passwd")               ||
-                pn.equalsIgnoreCase("password")             ||
-                pn.equalsIgnoreCase("pin")                  ||
-                pn.equalsIgnoreCase("pwd")                  ||
-                pn.equalsIgnoreCase("pwdagain")             ||
-                pn.startsWith("p12Password")                ||
-                pn.equalsIgnoreCase("uPasswd") ) {
-              CMS.debug("CMSServlet::service() param name='" + pn +
-                        "' value='(sensitive)'" );
+            if (pn.startsWith("__") ||
+                    pn.endsWith("password") ||
+                    pn.endsWith("passwd") ||
+                    pn.endsWith("pwd") ||
+                    pn.equalsIgnoreCase("admin_password_again") ||
+                    pn.equalsIgnoreCase("directoryManagerPwd") ||
+                    pn.equalsIgnoreCase("bindpassword") ||
+                    pn.equalsIgnoreCase("bindpwd") ||
+                    pn.equalsIgnoreCase("passwd") ||
+                    pn.equalsIgnoreCase("password") ||
+                    pn.equalsIgnoreCase("pin") ||
+                    pn.equalsIgnoreCase("pwd") ||
+                    pn.equalsIgnoreCase("pwdagain") ||
+                    pn.startsWith("p12Password") ||
+                    pn.equalsIgnoreCase("uPasswd")) {
+                CMS.debug("CMSServlet::service() param name='" + pn +
+                        "' value='(sensitive)'");
             } else {
-              CMS.debug("CMSServlet::service() param name='" + pn +
-                        "' value='" + httpReq.getParameter(pn) + "'" );
+                CMS.debug("CMSServlet::service() param name='" + pn +
+                        "' value='" + httpReq.getParameter(pn) + "'");
             }
         }
     }
 
-    public void service(HttpServletRequest httpReq, 
-        HttpServletResponse httpResp) 
-        throws ServletException, IOException {
+    public void service(HttpServletRequest httpReq,
+            HttpServletResponse httpResp)
+            throws ServletException, IOException {
 
         boolean running_state = CMS.isInRunningState();
 
@@ -473,7 +443,7 @@ public abstract class CMSServlet extends HttpServlet {
         httpReq.setCharacterEncoding("UTF-8");
 
         if (CMS.debugOn()) {
-          outputHttpParameters(httpReq);
+            outputHttpParameters(httpReq);
         }
         CMS.debug("CMSServlet: " + mId + " start to service.");
         String className = this.getClass().getName();
@@ -482,7 +452,7 @@ public abstract class CMSServlet extends HttpServlet {
         CMSRequest cmsRequest = newCMSRequest();
 
         // set argblock 
-        cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params",toHashtable(httpReq)));
+        cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params", toHashtable(httpReq)));
 
         // set http request
         cmsRequest.setHttpReq(httpReq);
@@ -516,14 +486,14 @@ public abstract class CMSServlet extends HttpServlet {
                 renderResult(cmsRequest);
                 SessionContext.releaseContext();
                 return;
-            } 
+            }
             long startTime = CMS.getCurrentDate().getTime();
             process(cmsRequest);
             renderResult(cmsRequest);
             Date endDate = CMS.getCurrentDate();
             long endTime = endDate.getTime();
             if (CMS.debugOn()) {
-              CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + (endTime - startTime));
+                CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + (endTime - startTime));
             }
             iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this);
         } catch (EBaseException e) {
@@ -551,8 +521,9 @@ public abstract class CMSServlet extends HttpServlet {
 
     /**
      * Create a new CMSRequest object. This should be overriden by servlets
-	 * implementing different types of request
-	 * @return a new CMSRequest object
+     * implementing different types of request
+     * 
+     * @return a new CMSRequest object
      */
     protected CMSRequest newCMSRequest() {
         return new CMSRequest();
@@ -560,30 +531,29 @@ public abstract class CMSServlet extends HttpServlet {
 
     /**
      * process an HTTP request. Servlets must override this with their
-	 * own implementation
-	 * @throws EBaseException if the servlet was unable to satisfactorily
-	 * process the request
+     * own implementation
+     * 
+     * @throws EBaseException if the servlet was unable to satisfactorily
+     *             process the request
      */
-    protected void process(CMSRequest cmsRequest) 
-        throws EBaseException 
-    {
+    protected void process(CMSRequest cmsRequest)
+            throws EBaseException {
     }
-   
 
     /**
-     * Output a template. 
+     * Output a template.
      * If an error occurs while outputing the template the exception template
      * is used to display the error.
      * 
      * @param cmsReq the CS request
      */
     protected void renderResult(CMSRequest cmsReq)
-        throws IOException {
+            throws IOException {
 
         if (!mRenderResult)
             return;
         Integer status = cmsReq.getStatus();
-        
+
         CMSLoadTemplate ltempl = (CMSLoadTemplate) mTemplates.get(status);
 
         if (ltempl == null || ltempl.mTemplateName == null) {
@@ -594,13 +564,12 @@ public abstract class CMSServlet extends HttpServlet {
 
         renderTemplate(cmsReq, ltempl.mTemplateName, filler);
     }
-	
+
     private static final String PRESERVED = "preserved";
     public static final String TEMPLATE_NAME = "templateName";
-			
+
     protected void outputArgBlockAsXML(XMLObject xmlObj, Node parent,
-                                       String argBlockName, IArgBlock argBlock) 
-    {
+                                       String argBlockName, IArgBlock argBlock) {
         Node argBlockContainer = xmlObj.createContainer(parent, argBlockName);
 
         if (argBlock != null) {
@@ -614,15 +583,14 @@ public abstract class CMSServlet extends HttpServlet {
         }
     }
 
-    protected void outputXML(HttpServletResponse httpResp, CMSTemplateParams params)
-    {
+    protected void outputXML(HttpServletResponse httpResp, CMSTemplateParams params) {
         XMLObject xmlObj = null;
         try {
             xmlObj = new XMLObject();
 
             Node root = xmlObj.createRoot("xml");
             outputArgBlockAsXML(xmlObj, root, "header", params.getHeader());
-            outputArgBlockAsXML(xmlObj, root, "fixed",  params.getFixed());
+            outputArgBlockAsXML(xmlObj, root, "fixed", params.getFixed());
 
             Enumeration<IArgBlock> records = params.queryRecords();
             Node recordsNode = xmlObj.createContainer(root, "records");
@@ -645,14 +613,14 @@ public abstract class CMSServlet extends HttpServlet {
     }
 
     protected void renderTemplate(
-        CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) 
-        throws IOException {
+            CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
+            throws IOException {
         try {
             IArgBlock httpParams = cmsReq.getHttpParams();
 
             Locale[] locale = new Locale[1];
             CMSTemplate template =
-                getTemplate(templateName, cmsReq.getHttpReq(), locale);
+                    getTemplate(templateName, cmsReq.getHttpReq(), locale);
             CMSTemplateParams templateParams = null;
 
             if (filler != null) {
@@ -670,20 +638,20 @@ public abstract class CMSServlet extends HttpServlet {
             }
 
             if (httpParams != null) {
-                String httpTemplateName = 
-                    httpParams.getValueAsString(
-                        TEMPLATE_NAME, null);
+                String httpTemplateName =
+                        httpParams.getValueAsString(
+                                TEMPLATE_NAME, null);
 
                 if (httpTemplateName != null) {
                     templateName = httpTemplateName;
                 }
             }
 
-            if (templateParams == null) 
+            if (templateParams == null)
                 templateParams = new CMSTemplateParams(null, null);
 
-                // #359630
-                // inject preserved http parameter into the template
+            // #359630
+            // inject preserved http parameter into the template
             if (httpParams != null) {
                 String preserved = httpParams.getValueAsString(
                         PRESERVED, null);
@@ -704,32 +672,33 @@ public abstract class CMSServlet extends HttpServlet {
             cmsReq.getHttpResp().setContentLength(bos.size());
             bos.writeTo(cmsReq.getHttpResp().getOutputStream());
         } catch (Exception e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, e.toString()));
-            renderException(cmsReq, 
-                new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, e.toString()));
+            renderException(cmsReq,
+                    new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
             return;
         }
     }
 
     /**
-     * Output exception (unexpected error) template 
+     * Output exception (unexpected error) template
      * This is different from other templates in that if an exception occurs
-     * while rendering the exception a message is printed out directly. 
-     * If the message gets an error an IOException is thrown. 
-     * In others if an exception occurs while rendering the template the 
-     * exception template (this) is called. 
+     * while rendering the exception a message is printed out directly.
+     * If the message gets an error an IOException is thrown.
+     * In others if an exception occurs while rendering the template the
+     * exception template (this) is called.
      * <p>
+     * 
      * @param cmsReq the CS request to pass to template filler if any.
      * @param e the unexpected exception
      */
-    protected void renderException(CMSRequest cmsReq, EBaseException e) 
-        throws IOException {
+    protected void renderException(CMSRequest cmsReq, EBaseException e)
+            throws IOException {
         try {
             Locale[] locale = new Locale[1];
-            CMSLoadTemplate loadTempl = 
-                (CMSLoadTemplate) mTemplates.get(CMSRequest.EXCEPTION);
-            CMSTemplate template = getTemplate(loadTempl.mTemplateName, 
+            CMSLoadTemplate loadTempl =
+                    (CMSLoadTemplate) mTemplates.get(CMSRequest.EXCEPTION);
+            CMSTemplate template = getTemplate(loadTempl.mTemplateName,
                     cmsReq.getHttpReq(), locale);
             ICMSTemplateFiller filler = loadTempl.mFiller;
             CMSTemplateParams templateParams = null;
@@ -749,7 +718,7 @@ public abstract class CMSServlet extends HttpServlet {
             }
             if (e != null) {
                 templateParams.getFixed().set(
-                    ICMSTemplateFiller.EXCEPTION, e.toString(locale[0]));
+                        ICMSTemplateFiller.EXCEPTION, e.toString(locale[0]));
             }
 
             // just output arg blocks as XML
@@ -772,25 +741,25 @@ public abstract class CMSServlet extends HttpServlet {
         }
     }
 
-    public void renderFinalError(CMSRequest cmsReq, Exception ex) 
-        throws IOException {
+    public void renderFinalError(CMSRequest cmsReq, Exception ex)
+            throws IOException {
         // this template is the last resort for all other unexpected 
         // errors in other templates so we can only output text. 
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
         httpResp.setContentType("text/html");
         ServletOutputStream out = httpResp.getOutputStream();
-	
+
         // replace $ERRORMSG with exception message if included. 
         String finalErrMsg = mFinalErrorMsg;
         int tokenIdx = mFinalErrorMsg.indexOf(ERROR_MSG_TOKEN);
 
         if (tokenIdx != -1) {
-            finalErrMsg = 
+            finalErrMsg =
                     mFinalErrorMsg.substring(0, tokenIdx) +
-                    ex.toString() + 
-                    mFinalErrorMsg.substring(
-                        tokenIdx + ERROR_MSG_TOKEN.length());
+                            ex.toString() +
+                            mFinalErrorMsg.substring(
+                                    tokenIdx + ERROR_MSG_TOKEN.length());
         }
         out.println(finalErrMsg);
         return;
@@ -822,12 +791,12 @@ public abstract class CMSServlet extends HttpServlet {
     }
 
     /**
-     * construct a authentication credentials to pass into authentication 
+     * construct a authentication credentials to pass into authentication
      * manager.
      */
     public static AuthCredentials getAuthCreds(
-        IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) 
-        throws EBaseException {
+            IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert)
+            throws EBaseException {
         // get credentials from http parameters.
         String[] reqCreds = authMgr.getRequiredCreds();
         AuthCredentials creds = new AuthCredentials();
@@ -837,8 +806,8 @@ public abstract class CMSServlet extends HttpServlet {
 
             if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) {
                 // cert could be null;
-                creds.set(reqCred, new X509Certificate[] { clientCert}
-                ); 
+                creds.set(reqCred, new X509Certificate[] { clientCert }
+                        );
             } else {
                 String value = argBlock.getValueAsString(reqCred);
 
@@ -854,19 +823,19 @@ public abstract class CMSServlet extends HttpServlet {
     /**
      * get ssl client authenticated certificate
      */
-    protected X509Certificate 
-    getSSLClientCertificate(HttpServletRequest httpReq) 
-        throws EBaseException {
+    protected X509Certificate
+            getSSLClientCertificate(HttpServletRequest httpReq)
+                    throws EBaseException {
 
         X509Certificate cert = null;
 
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, 
-            CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT"));
+        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO,
+                CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT"));
 
         // iws60 support Java Servlet Spec V2.2, attribute 
         // javax.servlet.request.X509Certificate now contains array
         // of X509Certificates instead of one X509Certificate object
-        X509Certificate[] allCerts = (X509Certificate[]) httpReq.getAttribute(CERT_ATTR); 
+        X509Certificate[] allCerts = (X509Certificate[]) httpReq.getAttribute(CERT_ATTR);
 
         if (allCerts == null || allCerts.length == 0) {
             throw new EBaseException("You did not provide a valid certificate for this operation");
@@ -876,10 +845,10 @@ public abstract class CMSServlet extends HttpServlet {
 
         if (cert == null) {
             // just don't have a cert.
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL"));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL"));
             return null;
-        } 
+        }
 
         // convert to sun's x509 cert interface.
         try {
@@ -888,53 +857,53 @@ public abstract class CMSServlet extends HttpServlet {
             cert = new X509CertImpl(certEncoded);
         } catch (CertificateEncodingException e) {
             mLogger.log(
-                ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", e.getMessage()));
+                    ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", e.getMessage()));
             return null;
         } catch (CertificateException e) {
             mLogger.log(
-                ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", e.getMessage()));
+                    ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", e.getMessage()));
             return null;
         }
-        return cert; 
+        return cert;
     }
 
     /**
      * get a template based on result status.
      */
     protected CMSTemplate getTemplate(
-        String templateName, HttpServletRequest httpReq, Locale[] locale)
-        throws EBaseException, IOException {
+            String templateName, HttpServletRequest httpReq, Locale[] locale)
+            throws EBaseException, IOException {
         // this converts to system dependent file seperator char.
         if (mServletConfig == null) {
-	        CMS.debug( "CMSServlet:getTemplate() - mServletConfig is null!" );
+            CMS.debug("CMSServlet:getTemplate() - mServletConfig is null!");
             return null;
         }
         if (mServletConfig.getServletContext() == null) {
         }
         if (templateName == null) {
         }
-        String realpath = 
-            mServletConfig.getServletContext().getRealPath("/" + templateName);
+        String realpath =
+                mServletConfig.getServletContext().getRealPath("/" + templateName);
 
         if (realpath == null) {
             mLogger.log(
-                ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName));
+                    ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
 
         File realpathFile = new File(realpath);
-        File templateFile = 
-            getLangFile(httpReq, realpathFile, locale);
+        File templateFile =
+                getLangFile(httpReq, realpathFile, locale);
         String charSet = httpReq.getCharacterEncoding();
 
         if (charSet == null) {
             charSet = "UTF8";
         }
-        CMSTemplate template = 
-            (CMSTemplate) mFileLoader.getCMSFile(templateFile, charSet);
+        CMSTemplate template =
+                (CMSTemplate) mFileLoader.getCMSFile(templateFile, charSet);
 
         return template;
     }
@@ -943,13 +912,13 @@ public abstract class CMSServlet extends HttpServlet {
      * log according to authority category.
      */
     protected void log(int event, int level, String msg) {
-        mLogger.log(event, mLogCategory, level, 
-            "Servlet " + mId + ": " + msg);
+        mLogger.log(event, mLogCategory, level,
+                "Servlet " + mId + ": " + msg);
     }
 
     protected void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, 
-            "Servlet " + mId + ": " + msg);
+        mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level,
+                "Servlet " + mId + ": " + msg);
     }
 
     /**
@@ -965,8 +934,8 @@ public abstract class CMSServlet extends HttpServlet {
             dontSaveParams = sc.getInitParameter(
                         PROP_DONT_SAVE_HTTP_PARAMS);
             if (dontSaveParams != null) {
-                StringTokenizer params = 
-                    new StringTokenizer(dontSaveParams, ",");
+                StringTokenizer params =
+                        new StringTokenizer(dontSaveParams, ",");
 
                 while (params.hasMoreTokens()) {
                     String param = params.nextToken();
@@ -976,8 +945,8 @@ public abstract class CMSServlet extends HttpServlet {
             }
         } catch (Exception e) {
             // should never happen
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_DONT_SAVE_HTTP_PARAMS, e.toString()));
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_DONT_SAVE_HTTP_PARAMS, e.toString()));
             // default just in case.
             for (int i = 0; i < DONT_SAVE_HTTP_PARAMS.length; i++) {
                 mDontSaveHttpParams.addElement(DONT_SAVE_HTTP_PARAMS[i]);
@@ -997,12 +966,12 @@ public abstract class CMSServlet extends HttpServlet {
             }
 
             // now get from config file if there's more.
-            String saveHeaders = 
-                sc.getInitParameter(PROP_SAVE_HTTP_HEADERS);
+            String saveHeaders =
+                    sc.getInitParameter(PROP_SAVE_HTTP_HEADERS);
 
-            if (saveHeaders != null) { 
-                StringTokenizer headers = 
-                    new StringTokenizer(saveHeaders, ",");
+            if (saveHeaders != null) {
+                StringTokenizer headers =
+                        new StringTokenizer(saveHeaders, ",");
 
                 while (headers.hasMoreTokens()) {
                     String hdr = headers.nextToken();
@@ -1021,8 +990,8 @@ public abstract class CMSServlet extends HttpServlet {
      * save http headers in a IRequest.
      */
     protected void saveHttpHeaders(
-        HttpServletRequest httpReq, IRequest req)
-        throws EBaseException {
+            HttpServletRequest httpReq, IRequest req)
+            throws EBaseException {
         Hashtable<String, String> headers = new Hashtable<String, String>();
         Enumeration<String> hdrs = mSaveHttpHeaders.elements();
 
@@ -1041,7 +1010,7 @@ public abstract class CMSServlet extends HttpServlet {
      * save http headers in a IRequest.
      */
     protected void saveHttpParams(
-        IArgBlock httpParams, IRequest req) {
+            IArgBlock httpParams, IRequest req) {
         Hashtable<String, String> saveParams = new Hashtable<String, String>();
 
         Enumeration<String> names = httpParams.elements();
@@ -1075,14 +1044,14 @@ public abstract class CMSServlet extends HttpServlet {
      * handy routine for getting a cert record given a serial number.
      */
     protected ICertRecord getCertRecord(BigInteger serialNo) {
-        if (mAuthority == null || 
-            !(mAuthority instanceof ICertificateAuthority)) {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_NON_CERT_AUTH"));
+        if (mAuthority == null ||
+                !(mAuthority instanceof ICertificateAuthority)) {
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_NON_CERT_AUTH"));
             return null;
         }
-        ICertificateRepository certdb = 
-            (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository();
+        ICertificateRepository certdb =
+                (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository();
 
         if (certdb == null) {
             log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString()));
@@ -1093,8 +1062,8 @@ public abstract class CMSServlet extends HttpServlet {
         try {
             certRecord = certdb.readCertificateRecord(serialNo);
         } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString()));
             return null;
         }
         return certRecord;
@@ -1126,18 +1095,18 @@ public abstract class CMSServlet extends HttpServlet {
     }
 
     /**
-     * handy routine for getting a certificate from the certificate 
+     * handy routine for getting a certificate from the certificate
      * repository. mAuthority must be a CA.
      */
     protected X509Certificate getX509Certificate(BigInteger serialNo) {
-        if (mAuthority == null || 
-            !(mAuthority instanceof ICertificateAuthority)) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_NOT_CERT_AUTH"));
+        if (mAuthority == null ||
+                !(mAuthority instanceof ICertificateAuthority)) {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_NOT_CERT_AUTH"));
             return null;
         }
-        ICertificateRepository certdb = 
-            (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository();
+        ICertificateRepository certdb =
+                (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository();
 
         if (certdb == null) {
             log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString()));
@@ -1148,15 +1117,16 @@ public abstract class CMSServlet extends HttpServlet {
         try {
             cert = certdb.getX509Certificate(serialNo);
         } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString()));
             return null;
         }
         return cert;
     }
 
     /**
-     * instantiate a new filler from a class name, 
+     * instantiate a new filler from a class name,
+     * 
      * @return null if can't be instantiated, new instance otherwise.
      */
     protected ICMSTemplateFiller newFillerObject(String fillerClass) {
@@ -1169,8 +1139,8 @@ public abstract class CMSServlet extends HttpServlet {
             if ((e instanceof RuntimeException)) {
                 throw (RuntimeException) e;
             } else {
-                log(ILogger.LL_WARN, 
-                    CMS.getLogMessage("CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString()));
+                log(ILogger.LL_WARN,
+                        CMS.getLogMessage("CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString()));
                 return null;
             }
         }
@@ -1178,8 +1148,8 @@ public abstract class CMSServlet extends HttpServlet {
     }
 
     /**
-     * set default templates. 
-     * subclasses can override, and should override at least the success 
+     * set default templates.
+     * subclasses can override, and should override at least the success
      * template
      */
     protected void setDefaultTemplates(ServletConfig sc) {
@@ -1211,16 +1181,16 @@ public abstract class CMSServlet extends HttpServlet {
                 successTemplate = SUCCESS_TEMPLATE;
                 if (gateway != null)
                     //successTemplate = "/"+gateway+successTemplate;
-                    successTemplate = "/"+gateway+successTemplate;
+                    successTemplate = "/" + gateway + successTemplate;
             }
 
             errorTemplate = sc.getInitParameter(
                         PROP_ERROR_TEMPLATE);
             if (errorTemplate == null) {
                 errorTemplate = ERROR_TEMPLATE;
-                if (gateway != null) 
+                if (gateway != null)
                     //errorTemplate = "/"+gateway+errorTemplate;
-                    errorTemplate = "/"+gateway+errorTemplate;
+                    errorTemplate = "/" + gateway + errorTemplate;
             }
 
             unauthorizedTemplate = sc.getInitParameter(
@@ -1229,7 +1199,7 @@ public abstract class CMSServlet extends HttpServlet {
                 unauthorizedTemplate = UNAUTHORIZED_TEMPLATE;
                 if (gateway != null)
                     //unauthorizedTemplate = "/"+gateway+unauthorizedTemplate;
-                    unauthorizedTemplate = "/"+gateway+unauthorizedTemplate;
+                    unauthorizedTemplate = "/" + gateway + unauthorizedTemplate;
             }
 
             pendingTemplate = sc.getInitParameter(
@@ -1238,7 +1208,7 @@ public abstract class CMSServlet extends HttpServlet {
                 pendingTemplate = PENDING_TEMPLATE;
                 if (gateway != null)
                     //pendingTemplate = "/"+gateway+pendingTemplate;
-                    pendingTemplate = "/"+gateway+pendingTemplate;
+                    pendingTemplate = "/" + gateway + pendingTemplate;
             }
 
             svcpendingTemplate = sc.getInitParameter(
@@ -1247,7 +1217,7 @@ public abstract class CMSServlet extends HttpServlet {
                 svcpendingTemplate = SVC_PENDING_TEMPLATE;
                 if (gateway != null)
                     //svcpendingTemplate = "/"+gateway+svcpendingTemplate;
-                    svcpendingTemplate = "/"+gateway+svcpendingTemplate;
+                    svcpendingTemplate = "/" + gateway + svcpendingTemplate;
             }
 
             rejectedTemplate = sc.getInitParameter(
@@ -1256,7 +1226,7 @@ public abstract class CMSServlet extends HttpServlet {
                 rejectedTemplate = REJECTED_TEMPLATE;
                 if (gateway != null)
                     //rejectedTemplate = "/"+gateway+rejectedTemplate;
-                    rejectedTemplate = "/"+gateway+rejectedTemplate;
+                    rejectedTemplate = "/" + gateway + rejectedTemplate;
             }
 
             unexpectedErrorTemplate = sc.getInitParameter(
@@ -1265,50 +1235,50 @@ public abstract class CMSServlet extends HttpServlet {
                 unexpectedErrorTemplate = EXCEPTION_TEMPLATE;
                 if (gateway != null)
                     //unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate;
-                    unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate;
+                    unexpectedErrorTemplate = "/" + gateway + unexpectedErrorTemplate;
             }
         } catch (Exception e) {
             // this should never happen. 
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
-                    mId));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
+                            mId));
         }
 
         mTemplates.put(
-            CMSRequest.UNAUTHORIZED, 
-            new CMSLoadTemplate(
-                PROP_UNAUTHORIZED_TEMPLATE, PROP_UNAUTHOR_TEMPLATE_FILLER,
-                unauthorizedTemplate, null));  
+                CMSRequest.UNAUTHORIZED,
+                new CMSLoadTemplate(
+                        PROP_UNAUTHORIZED_TEMPLATE, PROP_UNAUTHOR_TEMPLATE_FILLER,
+                        unauthorizedTemplate, null));
         mTemplates.put(
-            CMSRequest.SUCCESS, 
-            new CMSLoadTemplate(
-                PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER,
-                successTemplate, new GenSuccessTemplateFiller()));  
+                CMSRequest.SUCCESS,
+                new CMSLoadTemplate(
+                        PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER,
+                        successTemplate, new GenSuccessTemplateFiller()));
         mTemplates.put(
-            CMSRequest.PENDING, 
-            new CMSLoadTemplate(
-                PROP_PENDING_TEMPLATE, PROP_PENDING_TEMPLATE_FILLER,
-                pendingTemplate, new GenPendingTemplateFiller()));
+                CMSRequest.PENDING,
+                new CMSLoadTemplate(
+                        PROP_PENDING_TEMPLATE, PROP_PENDING_TEMPLATE_FILLER,
+                        pendingTemplate, new GenPendingTemplateFiller()));
         mTemplates.put(
-            CMSRequest.SVC_PENDING, 
-            new CMSLoadTemplate(
-                PROP_SVC_PENDING_TEMPLATE, PROP_SVC_PENDING_TEMPLATE_FILLER,
-                svcpendingTemplate, new GenSvcPendingTemplateFiller()));
+                CMSRequest.SVC_PENDING,
+                new CMSLoadTemplate(
+                        PROP_SVC_PENDING_TEMPLATE, PROP_SVC_PENDING_TEMPLATE_FILLER,
+                        svcpendingTemplate, new GenSvcPendingTemplateFiller()));
         mTemplates.put(
-            CMSRequest.REJECTED, 
-            new CMSLoadTemplate(
-                PROP_REJECTED_TEMPLATE, PROP_REJECTED_TEMPLATE_FILLER,
-                rejectedTemplate, new GenRejectedTemplateFiller()));
+                CMSRequest.REJECTED,
+                new CMSLoadTemplate(
+                        PROP_REJECTED_TEMPLATE, PROP_REJECTED_TEMPLATE_FILLER,
+                        rejectedTemplate, new GenRejectedTemplateFiller()));
         mTemplates.put(
-            CMSRequest.ERROR, 
-            new CMSLoadTemplate(
-                PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER,
-                errorTemplate, new GenErrorTemplateFiller()));
+                CMSRequest.ERROR,
+                new CMSLoadTemplate(
+                        PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER,
+                        errorTemplate, new GenErrorTemplateFiller()));
         mTemplates.put(
-            CMSRequest.EXCEPTION, 
-            new CMSLoadTemplate(
-                PROP_EXCEPTION_TEMPLATE, PROP_EXCEPTION_TEMPLATE_FILLER,
-                unexpectedErrorTemplate, new GenUnexpectedErrorTemplateFiller()));
+                CMSRequest.EXCEPTION,
+                new CMSLoadTemplate(
+                        PROP_EXCEPTION_TEMPLATE, PROP_EXCEPTION_TEMPLATE_FILLER,
+                        unexpectedErrorTemplate, new GenUnexpectedErrorTemplateFiller()));
     }
 
     /**
@@ -1317,8 +1287,8 @@ public abstract class CMSServlet extends HttpServlet {
     public static boolean clientIsNav(HttpServletRequest httpReq) {
         String useragent = httpReq.getHeader("user-agent");
 
-        if (useragent.startsWith("Mozilla") && 
-            useragent.indexOf("MSIE") == -1)
+        if (useragent.startsWith("Mozilla") &&
+                useragent.indexOf("MSIE") == -1)
             return true;
         return false;
     }
@@ -1339,10 +1309,11 @@ public abstract class CMSServlet extends HttpServlet {
      * set using cartman JS. (no other way to tell)
      */
     private static String CMMF_RESPONSE = "cmmfResponse";
+
     public static boolean doCMMFResponse(IArgBlock httpParams) {
         if (httpParams.getValueAsBoolean(CMMF_RESPONSE, false))
             return true;
-        else 
+        else
             return false;
     }
 
@@ -1350,29 +1321,24 @@ public abstract class CMSServlet extends HttpServlet {
     private static final String IMPORT_CHAIN = "importCAChain";
     private static final String IMPORT_CERT_MIME_TYPE = "importCertMimeType";
     // default mime type 
-    private static final String 
-        NS_X509_USER_CERT = "application/x-x509-user-cert";
-    private static final String 
-        NS_X509_EMAIL_CERT = "application/x-x509-email-cert";
+    private static final String NS_X509_USER_CERT = "application/x-x509-user-cert";
+    private static final String NS_X509_EMAIL_CERT = "application/x-x509-email-cert";
 
     // CMC mime types
-    public static final String
-        SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10";
-    public static final String
-        SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
-    public static final String
-        FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime";
-    public static final String
-        FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
+    public static final String SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10";
+    public static final String SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
+    public static final String FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime";
+    public static final String FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
 
     /**
      * handy routine to check if client want full enrollment response
      */
     public static String FULL_RESPONSE = "fullResponse";
+
     public static boolean doFullResponse(IArgBlock httpParams) {
         if (httpParams.getValueAsBoolean(FULL_RESPONSE, false))
             return true;
-        else 
+        else
             return false;
     }
 
@@ -1381,19 +1347,19 @@ public abstract class CMSServlet extends HttpServlet {
      * @return true if import cert directly is true and import cert.
      */
     protected boolean checkImportCertToNav(
-        HttpServletResponse httpResp, IArgBlock httpParams, X509CertImpl cert)
-        throws EBaseException {
+            HttpServletResponse httpResp, IArgBlock httpParams, X509CertImpl cert)
+            throws EBaseException {
         if (!httpParams.getValueAsBoolean(IMPORT_CERT, false)) {
             return false;
         }
         boolean importCAChain =
-            httpParams.getValueAsBoolean(IMPORT_CHAIN, true);
+                httpParams.getValueAsBoolean(IMPORT_CHAIN, true);
         // XXX Temporary workaround because of problem with passing Mime type
         boolean emailCert =
-            httpParams.getValueAsBoolean("emailCert", false);
+                httpParams.getValueAsBoolean("emailCert", false);
         String importMimeType = (emailCert) ?
-            httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) :
-            httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT);
+                httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) :
+                httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT);
 
         //		String importMimeType =
         //			httpParams.getValueAsString(
@@ -1406,17 +1372,17 @@ public abstract class CMSServlet extends HttpServlet {
      * handy routine to import cert to old navigator in nav mime type.
      */
     public void importCertToNav(
-        HttpServletResponse httpResp, X509CertImpl cert, 
-        String contentType, boolean importCAChain)
-        throws EBaseException {
+            HttpServletResponse httpResp, X509CertImpl cert,
+            String contentType, boolean importCAChain)
+            throws EBaseException {
         ServletOutputStream out = null;
         byte[] encoding = null;
 
-        CMS.debug("CMSServlet: importCertToNav " + 
-                       "contentType=" + contentType + " " + 
+        CMS.debug("CMSServlet: importCertToNav " +
+                       "contentType=" + contentType + " " +
                        "importCAChain=" + importCAChain);
-        try { 
-            out = httpResp.getOutputStream(); 
+        try {
+            out = httpResp.getOutputStream();
             // CA chain.
             if (importCAChain) {
                 CertificateChain caChain = null;
@@ -1427,8 +1393,8 @@ public abstract class CMSServlet extends HttpServlet {
                 caCerts = caChain.getChain();
 
                 // set user + CA cert chain in pkcs7 
-                X509CertImpl[] userChain = 
-                    new X509CertImpl[caCerts.length + 1];
+                X509CertImpl[] userChain =
+                        new X509CertImpl[caCerts.length + 1];
 
                 userChain[0] = cert;
                 int m = 1, n = 0;
@@ -1456,16 +1422,16 @@ public abstract class CMSServlet extends HttpServlet {
             }
             httpResp.setContentType(contentType);
             out.write(encoding);
-        } catch (IOException e) { 
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString()));
+        } catch (IOException e) {
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString()));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_RETURNING_CERT"));
         } catch (CertificateEncodingException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString()));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
         }
@@ -1511,13 +1477,13 @@ public abstract class CMSServlet extends HttpServlet {
      * handy routine for getting agent's relative path
      */
     protected String getRelPath(IAuthority authority) {
-        if (authority instanceof ICertificateAuthority) 
+        if (authority instanceof ICertificateAuthority)
             return "ca/";
-        else if (authority instanceof IRegistrationAuthority) 
+        else if (authority instanceof IRegistrationAuthority)
             return "ra/";
-        else if (authority instanceof IKeyRecoveryAuthority) 
+        else if (authority instanceof IKeyRecoveryAuthority)
             return "kra/";
-        else 
+        else
             return "/";
     }
 
@@ -1531,55 +1497,57 @@ public abstract class CMSServlet extends HttpServlet {
         if (!(mAuthority instanceof ICertificateAuthority)) {
             return false;
         }
-        X509Certificate caCert = 
-            ((ICertificateAuthority)mAuthority).getCACert();
+        X509Certificate caCert =
+                ((ICertificateAuthority) mAuthority).getCACert();
         if (caCert != null) {
-          /* only check this if we are self-signed */
-          if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) {
-            if (caCert.getSerialNumber().equals(serialNo)) {
-              return true;
+            /* only check this if we are self-signed */
+            if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) {
+                if (caCert.getSerialNumber().equals(serialNo)) {
+                    return true;
+                }
             }
-          }
         }
         return false;
     }
 
     /**
      * make a CRL entry from a serial number and revocation reason.
+     * 
      * @return a RevokedCertImpl that can be entered in a CRL.
      */
     protected RevokedCertImpl formCRLEntry(
-        BigInteger serialNo, RevocationReason reason)
-        throws EBaseException {
+            BigInteger serialNo, RevocationReason reason)
+            throws EBaseException {
         CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
         CRLExtensions crlentryexts = new CRLExtensions();
 
         try {
             crlentryexts.set(CRLReasonExtension.class.getSimpleName(), reasonExt);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_CRL_REASON", reason.toString(), e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_CRL_REASON", reason.toString(), e.toString()));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON"));
         }
-        RevokedCertImpl crlentry = 
-            new RevokedCertImpl(serialNo, CMS.getCurrentDate(), crlentryexts);
+        RevokedCertImpl crlentry =
+                new RevokedCertImpl(serialNo, CMS.getCurrentDate(), crlentryexts);
 
         return crlentry;
     }
 
     /**
      * check if a certificate (serial number) is revoked on a CA.
+     * 
      * @return true if cert is marked revoked in the CA's database.
-     * @return false if cert is not marked revoked.  
+     * @return false if cert is not marked revoked.
      */
-    protected boolean certIsRevoked(BigInteger serialNum) 
-        throws EBaseException {
+    protected boolean certIsRevoked(BigInteger serialNum)
+            throws EBaseException {
         ICertRecord certRecord = getCertRecord(serialNum);
 
         if (certRecord == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", String.valueOf(serialNum)));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", String.valueOf(serialNum)));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_INVALID_CERT"));
         }
@@ -1590,7 +1558,7 @@ public abstract class CMSServlet extends HttpServlet {
 
     public static String generateSalt() {
         Random rnd = new Random();
-        String salt = new Integer( rnd.nextInt() ).toString();
+        String salt = new Integer(rnd.nextInt()).toString();
         return salt;
     }
 
@@ -1608,8 +1576,8 @@ public abstract class CMSServlet extends HttpServlet {
      * @param locale array of at least one to be filled with locale found.
      */
     public static File getLangFile(
-        HttpServletRequest req, File realpathFile, Locale[] locale)
-        throws IOException {
+            HttpServletRequest req, File realpathFile, Locale[] locale)
+            throws IOException {
         File file = null;
         String acceptLang = req.getHeader("accept-language");
 
@@ -1626,7 +1594,7 @@ public abstract class CMSServlet extends HttpServlet {
                 }
                 String name = realpathFile.getName();
 
-                if (name == null) {  // filename should never be null.
+                if (name == null) { // filename should never be null.
                     throw new IOException("file has no name");
                 }
                 int i;
@@ -1655,8 +1623,8 @@ public abstract class CMSServlet extends HttpServlet {
                     }
 
                     String langfilepath =
-                        parent + File.separatorChar +
-                        lang + File.separatorChar + name;
+                            parent + File.separatorChar +
+                                    lang + File.separatorChar + name;
 
                     file = new File(langfilepath);
                     if (file.exists()) {
@@ -1688,18 +1656,18 @@ public abstract class CMSServlet extends HttpServlet {
     }
 
     public IAuthToken authenticate(CMSRequest req)
-        throws EBaseException {
+            throws EBaseException {
         return authenticate(req, mAuthMgr);
     }
 
     public IAuthToken authenticate(HttpServletRequest httpReq)
-        throws EBaseException {
+            throws EBaseException {
         return authenticate(httpReq, mAuthMgr);
     }
 
-    public IAuthToken authenticate(CMSRequest req, String authMgrName) 
-        throws EBaseException {
-        IAuthToken authToken = authenticate(req.getHttpReq(), 
+    public IAuthToken authenticate(CMSRequest req, String authMgrName)
+            throws EBaseException {
+        IAuthToken authToken = authenticate(req.getHttpReq(),
                 authMgrName);
 
         saveAuthToken(authToken, req.getIRequest());
@@ -1709,19 +1677,16 @@ public abstract class CMSServlet extends HttpServlet {
     /**
      * Authentication
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication
-     * fails (in case of SSL-client auth, only webserver env can pick up the
-     * SSL violation; CS authMgr can pick up cert mis-match, so this event
-     * is used)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication
-     * succeeded
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication fails (in case of SSL-client auth, only webserver env can pick up the SSL violation; CS authMgr can pick up cert mis-match, so this event is used)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication succeeded
      * </ul>
+     * 
      * @exception EBaseException an error has occurred
      */
     public IAuthToken authenticate(HttpServletRequest httpReq, String authMgrName)
-        throws EBaseException { 
+            throws EBaseException {
         String auditMessage = null;
         String auditSubjectID = ILogger.UNIDENTIFIED;
         String auditAuthMgrID = ILogger.UNIDENTIFIED;
@@ -1750,9 +1715,9 @@ public abstract class CMSServlet extends HttpServlet {
             //
             // check ssl client authentication if specified.
             //
-            X509Certificate clientCert = null; 
+            X509Certificate clientCert = null;
 
-            if (getClientCert != null && getClientCert.equals("true")) { 
+            if (getClientCert != null && getClientCert.equals("true")) {
                 CMS.debug("CMSServlet: retrieving SSL certificate");
                 clientCert = getSSLClientCertificate(httpReq);
             }
@@ -1795,10 +1760,10 @@ public abstract class CMSServlet extends HttpServlet {
             }
             AuthToken authToken = CMSGateway.checkAuthManager(httpReq,
                     httpArgs,
-                    clientCert, 
+                    clientCert,
                     authMgrName);
             if (authToken == null) {
-              return null;
+                return null;
             }
             String userid = authToken.getInString(IAuthToken.USER_ID);
 
@@ -1807,7 +1772,7 @@ public abstract class CMSServlet extends HttpServlet {
             if (userid != null) {
                 ctx.put(SessionContext.USER_ID, userid);
             }
-        
+
             // reset the "auditSubjectID"
             auditSubjectID = auditSubjectID();
 
@@ -1828,7 +1793,7 @@ public abstract class CMSServlet extends HttpServlet {
                         auditSubjectID,
                         ILogger.FAILURE,
                         auditAuthMgrID,
-                        auditUID); 
+                        auditUID);
             audit(auditMessage);
 
             // rethrow the specific exception to be handled later
@@ -1837,7 +1802,7 @@ public abstract class CMSServlet extends HttpServlet {
     }
 
     public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken,
-      String exp) throws EBaseException {
+            String exp) throws EBaseException {
         AuthzToken authzToken = null;
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -1911,29 +1876,27 @@ public abstract class CMSServlet extends HttpServlet {
     /**
      * Authorize must occur after Authenticate
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization
-     * has failed
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization
-     * is successful
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a
-     * role (in current CS that's when one accesses a role port)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CS that's when one accesses a role port)
      * </ul>
+     * 
      * @param authzMgrName string representing the name of the authorization
-     * manager
+     *            manager
      * @param authToken the authentication token
      * @param resource a string representing the ACL resource id as defined in
-     * the ACL resource list
+     *            the ACL resource list
      * @param operation a string representing one of the operations as defined
-     * within the ACL statement (e. g. - "read" for an ACL statement containing
-     * "(read,write)")
+     *            within the ACL statement (e. g. - "read" for an ACL statement containing
+     *            "(read,write)")
      * @exception EBaseException an error has occurred
      * @return the authorization token
      */
     public AuthzToken authorize(String authzMgrName, IAuthToken authToken,
-        String resource, String operation)
-        throws EBaseException {
+            String resource, String operation)
+            throws EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditGroupID = auditGroupID();
@@ -1941,19 +1904,18 @@ public abstract class CMSServlet extends HttpServlet {
         String auditACLResource = resource;
         String auditOperation = operation;
 
-
         SessionContext auditContext = SessionContext.getExistingContext();
         String authManagerId = null;
 
-        if(auditContext != null) {
+        if (auditContext != null) {
             authManagerId = (String) auditContext.get(SessionContext.AUTH_MANAGER_ID);
-    
-            if(authManagerId != null && authManagerId.equals("TokenAuth")) {
-               if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
-                   auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
-                   CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID");
-                   auditID = auditGroupID;  
-               }
+
+            if (authManagerId != null && authManagerId.equals("TokenAuth")) {
+                if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
+                        auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
+                    CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID");
+                    auditID = auditGroupID;
+                }
             }
         }
 
@@ -2073,11 +2035,11 @@ public abstract class CMSServlet extends HttpServlet {
 
     /**
      * Signed Audit Log
-     *
+     * 
      * This method is inherited by all extended "CMSServlet"s,
      * and is called to store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
     protected void audit(String msg) {
@@ -2089,20 +2051,20 @@ public abstract class CMSServlet extends HttpServlet {
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     /**
      * Signed Audit Log Subject ID
-     *
+     * 
      * This method is inherited by all extended "CMSServlet"s,
      * and is called to obtain the "SubjectID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message SubjectID
      */
     protected String auditSubjectID() {
@@ -2137,12 +2099,12 @@ public abstract class CMSServlet extends HttpServlet {
 
     /**
      * Signed Audit Log Group ID
-     *
+     * 
      * This method is inherited by all extended "CMSServlet"s,
      * and is called to obtain the "gid" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message SubjectID
      */
     protected String auditGroupID() {
@@ -2177,14 +2139,14 @@ public abstract class CMSServlet extends HttpServlet {
 
     /**
      * Signed Audit Groups
-     *
+     * 
      * This method is called to extract all "groups" associated
      * with the "auditSubjectID()".
      * <P>
-     *
+     * 
      * @param id string containing the signed audit log message SubjectID
      * @return a delimited string of groups associated
-     *      with the "auditSubjectID()"
+     *         with the "auditSubjectID()"
      */
     private String auditGroups(String SubjectID) {
         // if no signed audit object exists, bail
@@ -2193,7 +2155,7 @@ public abstract class CMSServlet extends HttpServlet {
         }
 
         if ((SubjectID == null) ||
-            (SubjectID.equals(ILogger.UNIDENTIFIED))) {
+                (SubjectID.equals(ILogger.UNIDENTIFIED))) {
             return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         }
 
@@ -2211,7 +2173,7 @@ public abstract class CMSServlet extends HttpServlet {
             IGroup group = (IGroup) groups.nextElement();
 
             if (group.isMember(SubjectID) == true) {
-                if (membersString.length()!= 0) {
+                if (membersString.length() != 0) {
                     membersString.append(", ");
                 }
 
@@ -2219,7 +2181,7 @@ public abstract class CMSServlet extends HttpServlet {
             }
         }
 
-        if (membersString.length()!=0) {
+        if (membersString.length() != 0) {
             return membersString.toString();
         } else {
             return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -2243,18 +2205,18 @@ public abstract class CMSServlet extends HttpServlet {
         return locale;
     }
 
-    protected void outputResult(HttpServletResponse httpResp, 
-      String contentType, byte[] content) {
+    protected void outputResult(HttpServletResponse httpResp,
+            String contentType, byte[] content) {
         try {
             OutputStream os = httpResp.getOutputStream();
-    
+
             httpResp.setContentType(contentType);
             httpResp.setContentLength(content.length);
             os.write(content);
             os.flush();
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
             return;
         }
     }
@@ -2288,34 +2250,36 @@ public abstract class CMSServlet extends HttpServlet {
         } catch (Exception ee) {
             CMS.debug("Failed to send XML output to the server.");
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString()));
         }
     }
 
-    protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape)
-    {
+    protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) {
         StringBuffer result = new StringBuffer();
 
         // Do we need to escape any characters
         for (int i = 0; i < v.length(); i++) {
             int c = v.charAt(i);
             if (c == ',' || c == '=' || c == '+' || c == '<' ||
-                c == '>' || c == '#' || c == ';' || c == '\r' ||
-                c == '\n' || c == '\\' || c == '"') {
-                if ((c == 0x5c) && ((i+1) < v.length())) {
-                    int nextC = v.charAt(i+1);
+                    c == '>' || c == '#' || c == ';' || c == '\r' ||
+                    c == '\n' || c == '\\' || c == '"') {
+                if ((c == 0x5c) && ((i + 1) < v.length())) {
+                    int nextC = v.charAt(i + 1);
                     if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' ||
                                         nextC == '<' || nextC == '>' || nextC == '#' ||
                                         nextC == ';' || nextC == '\r' || nextC == '\n' ||
                                         nextC == '\\' || nextC == '"')) {
-                        if (doubleEscape) result.append('\\');
+                        if (doubleEscape)
+                            result.append('\\');
                     } else {
                         result.append('\\');
-                        if (doubleEscape) result.append('\\');
+                        if (doubleEscape)
+                            result.append('\\');
                     }
                 } else {
                     result.append('\\');
-                    if (doubleEscape) result.append('\\');
+                    if (doubleEscape)
+                        result.append('\\');
                 }
             }
             if (c == '\r') {
@@ -2323,11 +2287,10 @@ public abstract class CMSServlet extends HttpServlet {
             } else if (c == '\n') {
                 result.append("0A");
             } else {
-                result.append((char)c);
+                result.append((char) c);
             }
         }
         return result;
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
index 64c59c5a..4bfc7460 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.base;
 
-
 import java.io.File;
 import java.io.IOException;
 import java.io.PrintWriter;
@@ -32,11 +31,10 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
  * This servlet is started by the web server at startup, and
  * it starts the CMS framework.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSStartServlet extends HttpServlet {
@@ -55,34 +53,34 @@ public class CMSStartServlet extends HttpServlet {
         if (!f.exists()) {
             int index = path.lastIndexOf("CS.cfg");
             if (index != -1) {
-                old_path = path.substring(0, index)+"CMS.cfg";
+                old_path = path.substring(0, index) + "CMS.cfg";
             }
             File f1 = new File(old_path);
             if (f1.exists()) {
                 // The following block of code moves "CMS.cfg" to "CS.cfg".
                 try {
-                    if( Utils.isNT() ) {
+                    if (Utils.isNT()) {
                         // NT is very picky on the path
-                        Utils.exec( "copy " +
-                                    f1.getAbsolutePath().replace( '/', '\\' ) +
+                        Utils.exec("copy " +
+                                    f1.getAbsolutePath().replace('/', '\\') +
                                     " " +
-                                    f.getAbsolutePath().replace( '/', '\\' ) );
+                                    f.getAbsolutePath().replace('/', '\\'));
                     } else {
                         // Create a copy of the original file which
                         // preserves the original file permissions.
-                        Utils.exec( "cp -p " + f1.getAbsolutePath() + " " +
-                                    f.getAbsolutePath() );
+                        Utils.exec("cp -p " + f1.getAbsolutePath() + " " +
+                                    f.getAbsolutePath());
                     }
 
                     // Remove the original file if and only if
                     // the backup copy was successful.
-                    if( f.exists() ) {
+                    if (f.exists()) {
                         f1.delete();
 
                         // Make certain that the new file has
                         // the correct permissions.
-                        if( !Utils.isNT() ) {
-                            Utils.exec( "chmod 00660 " + f.getAbsolutePath() );
+                        if (!Utils.isNT()) {
+                            Utils.exec("chmod 00660 " + f.getAbsolutePath());
                         }
                     }
                 } catch (Exception e) {
@@ -96,7 +94,7 @@ public class CMSStartServlet extends HttpServlet {
     }
 
     public void doGet(HttpServletRequest req, HttpServletResponse res)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         res.setContentType("text/html");
 
         PrintWriter out = res.getWriter();
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java
index 8d853f0b..ffd602b2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.base;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileInputStream;
@@ -33,10 +32,9 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * This is the servlet that displays the html page for the corresponding input id.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DisplayHtmlServlet extends CMSServlet {
@@ -55,7 +53,7 @@ public class DisplayHtmlServlet extends CMSServlet {
 
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
-        mHTMLPath = sc.getInitParameter(PROP_HTML_PATH); 
+        mHTMLPath = sc.getInitParameter(PROP_HTML_PATH);
         mTemplates.remove(CMSRequest.SUCCESS);
     }
 
@@ -68,18 +66,18 @@ public class DisplayHtmlServlet extends CMSServlet {
         IAuthToken authToken = authenticate(cmsReq);
 
         try {
-            String realpath = 
-              mServletConfig.getServletContext().getRealPath("/" + mHTMLPath);
+            String realpath =
+                    mServletConfig.getServletContext().getRealPath("/" + mHTMLPath);
 
             if (realpath == null) {
                 mLogger.log(
-                  ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                  CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath));
-                throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")) ;
+                        ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath));
+                throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
             }
             File file = new File(realpath);
             long flen = file.length();
-            byte[] bin = new byte[(int)flen];
+            byte[] bin = new byte[(int) flen];
             FileInputStream ins = new FileInputStream(file);
 
             int len = 0;
@@ -92,9 +90,9 @@ public class DisplayHtmlServlet extends CMSServlet {
             ins.close();
             bos.close();
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-              CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, e.toString()));
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); 
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, e.toString()));
+            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java
index 9607fbe2..f7f31b19 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.base;
 
-
 import java.io.IOException;
 import java.util.Date;
 import java.util.Enumeration;
@@ -39,14 +38,12 @@ import com.netscape.certsrv.authentication.IAuthToken;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
-
 /**
  * Return some javascript to the request which contains the list of
  * dynamic data in the CMS system.
  * <p>
- * This allows the requestor (browser) to make decisions about what
- * to present in the UI, depending on how CMS is configured
- *
+ * This allows the requestor (browser) to make decisions about what to present in the UI, depending on how CMS is configured
+ * 
  * @version $Revision$, $Date$
  */
 public class DynamicVariablesServlet extends CMSServlet {
@@ -83,10 +80,10 @@ public class DynamicVariablesServlet extends CMSServlet {
     private static final String VAR_CLA_CRL_URL_STRING = "clacrlurl()";
     private static final Integer VAR_CLA_CRL_URL = Integer.valueOf(6);
     private String VAR_CLA_CRL_URL_VALUE = null;
-	
+
     private String mAuthMgrCacheString = "";
-    private long   mAuthMgrCacheTime = 0;
-    private final int AUTHMGRCACHE = 10;   	//number of seconds to cache list of
+    private long mAuthMgrCacheTime = 0;
+    private final int AUTHMGRCACHE = 10; //number of seconds to cache list of
     // authmanagers for
     private Hashtable dynvars = null;
     private String mGetClientCert = "false";
@@ -99,7 +96,7 @@ public class DynamicVariablesServlet extends CMSServlet {
         IConfigStore config = CMS.getConfigStore().getSubStore(PROP_CLONING);
 
         try {
-            mCrlurl = 
+            mCrlurl =
                     config.getString(PROP_CRLURL, "");
         } catch (EBaseException e) {
         }
@@ -119,33 +116,27 @@ public class DynamicVariablesServlet extends CMSServlet {
     /**
      * Reads the following variables from the servlet config:
      * <ul>
-     *   <li><strong>AuthMgr</strong>  - the authentication manager to use to authenticate the request
-     *   <li><strong>GetClientCert</strong> - whether to request client auth for this request
-     *   <li><strong>authority</strong>  - the authority (ca, ra, drm) to return to the client
-     *   <li><strong>dynamicVariables</strong> - a string of the form:
-     *         serverdate=serverdate(),subsystemname=subsystemname(),
-     *         http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl()
+     * <li><strong>AuthMgr</strong> - the authentication manager to use to authenticate the request
+     * <li><strong>GetClientCert</strong> - whether to request client auth for this request
+     * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to the client
+     * <li><strong>dynamicVariables</strong> - a string of the form: serverdate=serverdate(),subsystemname=subsystemname(), http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl()
      * </ul>
      * The dynamicVariables string is parsed by splitting on commas.
      * When services, the HTTP request provides a piece of javascript
      * code as follows.
      * <p>
-     * Each sub expression "lhs=rhs()" forms a javascript statement of the form
-     * <i>lhs=xxx;</i>  Where  lhs is xxx is the result of 'evaluating' the
-     * rhs. The possible values for the rhs() function are:
+     * Each sub expression "lhs=rhs()" forms a javascript statement of the form <i>lhs=xxx;</i> Where lhs is xxx is the result of 'evaluating' the rhs. The possible values for the rhs() function are:
      * <ul>
-     * <li><strong>serverdate()</strong>  - the timestamp of the server (used to ensure that the client
-     *        clock is set correctly)
+     * <li><strong>serverdate()</strong> - the timestamp of the server (used to ensure that the client clock is set correctly)
      * <li><strong>subsystemname()</strong>
      * <li><strong>http()</strong> - "true" or "false" - is this an http connection (as opposed to https)
      * <li>authmgrs() - a comma separated list of authentication managers
-     * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. This is
-     *    defined in the CMS configuration parameter 'cloning.cloneMasterCrlUrl'
+     * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. This is defined in the CMS configuration parameter 'cloning.cloneMasterCrlUrl'
      * </ul>
+     * 
      * @see javax.servlet.Servlet#init(ServletConfig)
      */
 
-
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
         mAuthMgr = sc.getInitParameter(PROP_AUTHMGR);
@@ -194,8 +185,8 @@ public class DynamicVariablesServlet extends CMSServlet {
     }
 
     public void service(HttpServletRequest httpReq,
-        HttpServletResponse httpResp)
-        throws ServletException, IOException {
+            HttpServletResponse httpResp)
+            throws ServletException, IOException {
         boolean running_state = CMS.isInRunningState();
 
         if (!running_state)
@@ -214,7 +205,7 @@ public class DynamicVariablesServlet extends CMSServlet {
 
         httpResp.setContentType("application/x-javascript");
         httpResp.setHeader("Pragma", "no-cache");
-		
+
         try {
             ServletOutputStream os = httpResp.getOutputStream();
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java
index 3b8f8bd4..f96cb0e1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.base;
 
-
 import java.io.IOException;
 import java.util.Date;
 import java.util.Enumeration;
@@ -43,10 +42,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Retrieve information.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class GetStats extends CMSServlet {
@@ -64,7 +62,7 @@ public class GetStats extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template
      * file "getOCSPInfo.template" to render the result page.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -79,14 +77,13 @@ public class GetStats extends CMSServlet {
         mTemplates.remove(CMSRequest.SUCCESS);
     }
 
-
     /**
-	 * Process the HTTP request. 
-     *
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
@@ -98,10 +95,10 @@ public class GetStats extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -118,10 +115,10 @@ public class GetStats extends CMSServlet {
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -130,12 +127,12 @@ public class GetStats extends CMSServlet {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
 
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
         StatsEvent st = statsSub.getMainStatsEvent();
 
         String op = httpReq.getParameter("op");
         if (op != null && op.equals("clear")) {
-          statsSub.resetCounters();
+            statsSub.resetCounters();
         }
 
         header.addStringValue("startTime", statsSub.getStartTime().toString());
@@ -149,43 +146,42 @@ public class GetStats extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
         return;
     }
 
-    public String getSep(int level)
-    {
-      StringBuffer s = new StringBuffer();
-      for (int i = 0; i < level; i++) {
-        s.append("-");
-      }
-      return s.toString();
+    public String getSep(int level) {
+        StringBuffer s = new StringBuffer();
+        for (int i = 0; i < level; i++) {
+            s.append("-");
+        }
+        return s.toString();
     }
 
     public void parse(CMSTemplateParams argSet, StatsEvent st, int level) {
         Enumeration names = st.getSubEventNames();
         while (names.hasMoreElements()) {
-          String name = (String)names.nextElement();
-          StatsEvent subSt = st.getSubEvent(name);
-
-          IArgBlock rarg = CMS.createArgBlock();
-          rarg.addStringValue("name", getSep(level) + " " + subSt.getName());
-          rarg.addLongValue("noOfOp", subSt.getNoOfOperations());
-          rarg.addLongValue("timeTaken", subSt.getTimeTaken());
-          rarg.addLongValue("max", subSt.getMax());
-          rarg.addLongValue("min", subSt.getMin());
-          rarg.addLongValue("percentage", subSt.getPercentage());
-          rarg.addLongValue("avg", subSt.getAvg());
-          rarg.addLongValue("stddev", subSt.getStdDev());
-          argSet.addRepeatRecord(rarg); 
-
-          parse(argSet, subSt, level+1);
+            String name = (String) names.nextElement();
+            StatsEvent subSt = st.getSubEvent(name);
+
+            IArgBlock rarg = CMS.createArgBlock();
+            rarg.addStringValue("name", getSep(level) + " " + subSt.getName());
+            rarg.addLongValue("noOfOp", subSt.getNoOfOperations());
+            rarg.addLongValue("timeTaken", subSt.getTimeTaken());
+            rarg.addLongValue("max", subSt.getMax());
+            rarg.addLongValue("min", subSt.getMin());
+            rarg.addLongValue("percentage", subSt.getPercentage());
+            rarg.addLongValue("avg", subSt.getAvg());
+            rarg.addLongValue("stddev", subSt.getStdDev());
+            argSet.addRepeatRecord(rarg);
+
+            parse(argSet, subSt, level + 1);
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java
index 89179b57..95dbf2ab 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.base;
 
-
 import java.io.IOException;
 
 import javax.servlet.ServletConfig;
@@ -32,11 +31,10 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cms.servlet.common.IndexTemplateFiller;
 
-
 /**
  * This is the servlet that builds the index page in
  * various ports.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class IndexServlet extends CMSServlet {
@@ -91,26 +89,26 @@ public class IndexServlet extends CMSServlet {
      * Serves HTTP request.
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
-        if (CMSGateway.getEnableAdminEnroll() && 
-            mAuthority != null && 
-            mAuthority instanceof ICertificateAuthority) {
+        if (CMSGateway.getEnableAdminEnroll() &&
+                mAuthority != null &&
+                mAuthority instanceof ICertificateAuthority) {
             try {
                 cmsReq.getHttpResp().sendRedirect("/ca/adminEnroll.html");
             } catch (IOException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", e.toString()));
                 throw new ECMSGWException(
                         CMS.getLogMessage("CMSGW_ERROR_REDIRECTING_ADMINENROLL1",
-                            e.toString()));
+                                e.toString()));
             }
             return;
         } else {
             try {
                 renderTemplate(
-                    cmsReq, mTemplateName, new IndexTemplateFiller());
+                        cmsReq, mTemplateName, new IndexTemplateFiller());
             } catch (IOException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, e.toString()));
                 throw new ECMSGWException(
                         CMS.getLogMessage("CMSG_ERROR_DISPLAY_TEMPLATE"));
             }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java
index 4c3dec80..fced583a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.base;
 
-
 import java.io.IOException;
 
 import javax.servlet.ServletConfig;
@@ -34,7 +33,7 @@ import com.netscape.cmsutil.xml.XMLObject;
 
 /**
  * This servlet returns port information.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PortsServlet extends CMSServlet {
@@ -67,10 +66,10 @@ public class PortsServlet extends CMSServlet {
         String port = null;
 
         if (secure.equals("true"))
-            port = CMS.getEESSLPort(); 
+            port = CMS.getEESSLPort();
         else
             port = CMS.getEENonSSLPort();
-     
+
         try {
             XMLObject xmlObj = null;
             xmlObj = new XMLObject();
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java
index 15bfb306..0784945a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java
@@ -2,7 +2,6 @@
 
 package com.netscape.cms.servlet.base;
 
-
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.Iterator;
@@ -21,34 +20,33 @@ import javax.servlet.http.HttpServletResponse;
 
 import com.netscape.certsrv.apps.CMS;
 
-
 /**
  * This is a servlet that proxies request to another servlet.
- *
+ * 
  * SERVLET REDIRECTION
  * Specify the URL of a servlet to forward the request to
- *     destServlet: /ee/ca/newservlet
- *
+ * destServlet: /ee/ca/newservlet
+ * 
  * PARAMETER MAPPING
- * In the servlet configuration (as an init-param in web.xml) you 
- * can optionally specify a value for the parameter 'parameterMap' 
+ * In the servlet configuration (as an init-param in web.xml) you
+ * can optionally specify a value for the parameter 'parameterMap'
  * which contains a list of HTTP parameters which should be
  * translated to new names.
  * 
- *     parameterMap:  name1->newname1,name2->newname2
- *
+ * parameterMap: name1->newname1,name2->newname2
+ * 
  * Optionally, names can be set to static values:
- *
- *     parameterMap: name1->name2=value
- *
+ * 
+ * parameterMap: name1->name2=value
+ * 
  * Examples:
  * Consider the following HTTP input parameters:
- *   vehicle:car  make:ford  model:explorer
+ * vehicle:car make:ford model:explorer
  * 
  * The following config strings will have this effect:
- *   parameterMap: make->manufacturer,model->name=expedition,->suv=true
- *   output:       vehicle:car manufactuer:ford model:expedition suv:true
- *
+ * parameterMap: make->manufacturer,model->name=expedition,->suv=true
+ * output: vehicle:car manufactuer:ford model:expedition suv:true
+ * 
  * @version $Revision$, $Date$
  */
 public class ProxyServlet extends HttpServlet {
@@ -64,40 +62,41 @@ public class ProxyServlet extends HttpServlet {
     private Vector mMatchStrings = new Vector();
     private String mDestServletOnNoMatch = null;
     private String mAppendPathInfoOnNoMatch = null;
-	private Map mParamMap = new HashMap();
-	private Map mParamValue = new HashMap();
+    private Map mParamMap = new HashMap();
+    private Map mParamValue = new HashMap();
 
     public ProxyServlet() {
     }
 
-	private void parseParamTable(String s) {
-		if (s == null) return;
-
-		String[] params = s.split(",");
-		for (int i=0;i<params.length;i++) {
-			String p = params[i];
-			if (p != null) {
-				String[] paramNames = p.split("->");
-				if (paramNames.length != 2) {
-				}
-				String from = paramNames[0];
-				String to   = paramNames[1];
-				if (from != null && to != null) {
-					String[] splitTo = to.split("=");
-					String toName  = splitTo[0];
-					if (from.length() >0) {
-						mParamMap.put(from,toName);
-					}
-					if (splitTo.length == 2) {
-						String toValue = splitTo[1];
-						String toValues[] = new String[1];
-						toValues[0] = toValue;
-						mParamValue.put(toName,toValues);
-					}
-				}
-			}
-		}
-	}
+    private void parseParamTable(String s) {
+        if (s == null)
+            return;
+
+        String[] params = s.split(",");
+        for (int i = 0; i < params.length; i++) {
+            String p = params[i];
+            if (p != null) {
+                String[] paramNames = p.split("->");
+                if (paramNames.length != 2) {
+                }
+                String from = paramNames[0];
+                String to = paramNames[1];
+                if (from != null && to != null) {
+                    String[] splitTo = to.split("=");
+                    String toName = splitTo[0];
+                    if (from.length() > 0) {
+                        mParamMap.put(from, toName);
+                    }
+                    if (splitTo.length == 2) {
+                        String toValue = splitTo[1];
+                        String toValues[] = new String[1];
+                        toValues[0] = toValue;
+                        mParamValue.put(toName, toValues);
+                    }
+                }
+            }
+        }
+    }
 
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
@@ -115,14 +114,13 @@ public class ProxyServlet extends HttpServlet {
         mAppendPathInfo = sc.getInitParameter("appendPathInfo");
         mAppendPathInfoOnNoMatch = sc.getInitParameter("appendPathInfoOnNoMatch");
         String map = sc.getInitParameter("parameterMap");
-		if (map != null) {
-			parseParamTable(map);
-		}
+        if (map != null) {
+            parseParamTable(map);
+        }
     }
 
     public void service(HttpServletRequest req, HttpServletResponse res) throws
-          IOException, ServletException
-    {
+            IOException, ServletException {
         RequestDispatcher dispatcher = null;
         String dest = mDest;
         String uri = req.getRequestURI();
@@ -132,120 +130,118 @@ public class ProxyServlet extends HttpServlet {
         if (mMatchStrings.size() != 0) {
             boolean matched = false;
             for (int i = 0; i < mMatchStrings.size(); i++) {
-                String t = (String)mMatchStrings.elementAt(i);
-                if (uri.indexOf(t) != -1)  {
+                String t = (String) mMatchStrings.elementAt(i);
+                if (uri.indexOf(t) != -1) {
                     matched = true;
                 }
             }
             if (!matched) {
                 dest = mDestServletOnNoMatch;
                 // append Path info for OCSP request in Get method
-                if (mAppendPathInfoOnNoMatch != null && 
-                   !mAppendPathInfoOnNoMatch.equals("")) {
+                if (mAppendPathInfoOnNoMatch != null &&
+                        !mAppendPathInfoOnNoMatch.equals("")) {
                     dest = dest + uri.replace(mAppendPathInfoOnNoMatch, "");
                 }
             }
         }
         if (dest == null || dest.equals("")) {
-          // mapping everything
-          dest = uri;
-          dest = dest.replaceFirst(mSrcContext, "");
+            // mapping everything
+            dest = uri;
+            dest = dest.replaceFirst(mSrcContext, "");
         }
         if (mAppendPathInfo != null && !mAppendPathInfo.equals("")) {
-          dest = dest + uri.replace(mAppendPathInfo, "");
+            dest = dest + uri.replace(mAppendPathInfo, "");
         }
         if (mDestContext != null && !mDestContext.equals("")) {
-             dispatcher = getServletContext().getContext(mDestContext).getRequestDispatcher(dest);
+            dispatcher = getServletContext().getContext(mDestContext).getRequestDispatcher(dest);
         } else {
-             dispatcher = req.getRequestDispatcher(dest);
+            dispatcher = req.getRequestDispatcher(dest);
         }
 
-		// If a parameter map was specified
-		if (mParamMap != null && !mParamMap.isEmpty()) {
-			// Make a new wrapper with the new parameters
-			ProxyWrapper r = new ProxyWrapper(req);
-			r.setParameterMapAndValue(mParamMap,mParamValue);
-			req = r;
-		}
-		
-        dispatcher.forward(req, res);  
+        // If a parameter map was specified
+        if (mParamMap != null && !mParamMap.isEmpty()) {
+            // Make a new wrapper with the new parameters
+            ProxyWrapper r = new ProxyWrapper(req);
+            r.setParameterMapAndValue(mParamMap, mParamValue);
+            req = r;
+        }
+
+        dispatcher.forward(req, res);
     }
 }
 
-class ProxyWrapper extends HttpServletRequestWrapper
-{
-	private Map mMap = null;
-	private Map mValueMap = null;
-
-	public ProxyWrapper(HttpServletRequest req)
-	{
-		super(req);
-	}
-
-	public void setParameterMapAndValue(Map m,Map v)
-	{
-		if (m != null) mMap = m;
-		if (v != null) mValueMap = v;
-	}
-
-	public Map getParameterMap()
-	{
-		try {
-		// If we haven't specified any parameter mapping, just
-		// use the regular implementation
-		if (mMap == null) return super.getParameterMap();
-		else {
-			// Make a new Map for us to put stuff in
-			Map n = new HashMap();
-			// get the HTTP parameters the user supplied.
-			Map m = super.getParameterMap();
-			Set s = m.entrySet();
-			Iterator i = s.iterator();
-			while (i.hasNext()) {
-				Map.Entry me = (Map.Entry) i.next();
-				String name  = (String) me.getKey();
-				String[] values = (String[])(me.getValue());
-				String newname = null;
-				if (name != null) {
-					newname = (String) mMap.get(name);
-				}
-
-				// No mapping specified, just use existing name/value
-				if (newname == null || mValueMap == null) {
-					n.put(name,values);
-				} else { // new name specified
-					Object o = mValueMap.get(newname);
-					// check if new (static) value specified
-					if (o==null) {
-						n.put(newname,values);
-					} else {
-						String newvalues[] = (String[])mValueMap.get(newname);
-						n.put(newname,newvalues);
-					}
-				}
-			}
-			// Now, deal with static values set in the config 
-			// which weren't set in the HTTP request
-			Set s2 = mValueMap.entrySet();
-			Iterator i2 = s2.iterator();
-			// Cycle through all the static values
-			while (i2.hasNext()) {
-				Map.Entry me2 = (Map.Entry) i2.next();
-				String name2  = (String) me2.getKey();
-				if (n.get(name2) == null) {
-					String[] values2 = (String[])me2.getValue();
-					// If the parameter is not set in the map
-					// Set it now
-					n.put(name2,values2);
-				}
-			}
-			
-			return n;
-		}
-		} catch (NullPointerException npe) {
-			CMS.debug(npe);
-			return null;
-		}
-	}
-}
+class ProxyWrapper extends HttpServletRequestWrapper {
+    private Map mMap = null;
+    private Map mValueMap = null;
+
+    public ProxyWrapper(HttpServletRequest req) {
+        super(req);
+    }
+
+    public void setParameterMapAndValue(Map m, Map v) {
+        if (m != null)
+            mMap = m;
+        if (v != null)
+            mValueMap = v;
+    }
 
+    public Map getParameterMap() {
+        try {
+            // If we haven't specified any parameter mapping, just
+            // use the regular implementation
+            if (mMap == null)
+                return super.getParameterMap();
+            else {
+                // Make a new Map for us to put stuff in
+                Map n = new HashMap();
+                // get the HTTP parameters the user supplied.
+                Map m = super.getParameterMap();
+                Set s = m.entrySet();
+                Iterator i = s.iterator();
+                while (i.hasNext()) {
+                    Map.Entry me = (Map.Entry) i.next();
+                    String name = (String) me.getKey();
+                    String[] values = (String[]) (me.getValue());
+                    String newname = null;
+                    if (name != null) {
+                        newname = (String) mMap.get(name);
+                    }
+
+                    // No mapping specified, just use existing name/value
+                    if (newname == null || mValueMap == null) {
+                        n.put(name, values);
+                    } else { // new name specified
+                        Object o = mValueMap.get(newname);
+                        // check if new (static) value specified
+                        if (o == null) {
+                            n.put(newname, values);
+                        } else {
+                            String newvalues[] = (String[]) mValueMap.get(newname);
+                            n.put(newname, newvalues);
+                        }
+                    }
+                }
+                // Now, deal with static values set in the config 
+                // which weren't set in the HTTP request
+                Set s2 = mValueMap.entrySet();
+                Iterator i2 = s2.iterator();
+                // Cycle through all the static values
+                while (i2.hasNext()) {
+                    Map.Entry me2 = (Map.Entry) i2.next();
+                    String name2 = (String) me2.getKey();
+                    if (n.get(name2) == null) {
+                        String[] values2 = (String[]) me2.getValue();
+                        // If the parameter is not set in the map
+                        // Set it now
+                        n.put(name2, values2);
+                    }
+                }
+
+                return n;
+            }
+        } catch (NullPointerException npe) {
+            CMS.debug(npe);
+            return null;
+        }
+    }
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java
index 5daac065..6d91e1b2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.base;
 
-
 import java.io.IOException;
 import java.util.Date;
 
@@ -35,10 +34,10 @@ import com.netscape.certsrv.apps.CMS;
  * thread.
  * <p>
  * Also allows user to trigger a new garbage collection
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class SystemInfoServlet extends HttpServlet { 
+public class SystemInfoServlet extends HttpServlet {
 
     /**
      *
@@ -58,16 +57,16 @@ public class SystemInfoServlet extends HttpServlet {
      * value of the 'op' HTTP parameter.
      * <UL>
      * <LI>op = <i>undefined</i> - display a menu with links to the other functionality of this servlet
-     * <li>op = gc - tell the JVM that we want to do a garbage collection and to run finalizers
-     *    (@see java.lang.Runtime.getRuntime#gc() )
-     * <li>op = general  - display information about memory, and other JVM informatino
-     * <li>op = thread  - display details about each thread.
+     * <li>op = gc - tell the JVM that we want to do a garbage collection and to run finalizers (@see java.lang.Runtime.getRuntime#gc() )
+     * <li>op = general - display information about memory, and other JVM informatino
+     * <li>op = thread - display details about each thread.
      * </UL>
+     * 
      * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse)
      */
-    public void service(HttpServletRequest request, 
-        HttpServletResponse response)
-        throws ServletException, IOException { 
+    public void service(HttpServletRequest request,
+            HttpServletResponse response)
+            throws ServletException, IOException {
         boolean collect = false;
         String op = request.getParameter("op");
 
@@ -83,9 +82,9 @@ public class SystemInfoServlet extends HttpServlet {
         }
     }
 
-    private void mainMenu(HttpServletRequest request, 
-        HttpServletResponse response)
-        throws ServletException, IOException { 
+    private void mainMenu(HttpServletRequest request,
+            HttpServletResponse response)
+            throws ServletException, IOException {
         response.getWriter().println("<HTML>");
         response.getWriter().println("<H1>");
         response.getWriter().println("<a href=" + request.getServletPath() + ">");
@@ -122,9 +121,9 @@ public class SystemInfoServlet extends HttpServlet {
         response.getWriter().println("</HTML>");
     }
 
-    private void gc(HttpServletRequest request, 
-        HttpServletResponse response)
-        throws ServletException, IOException { 
+    private void gc(HttpServletRequest request,
+            HttpServletResponse response)
+            throws ServletException, IOException {
         java.lang.Runtime.getRuntime().gc();
         java.lang.Runtime.getRuntime().runFinalization();
         response.getWriter().println("<HTML>");
@@ -140,9 +139,9 @@ public class SystemInfoServlet extends HttpServlet {
         response.getWriter().println("</HTML>");
     }
 
-    private void general(HttpServletRequest request, 
-        HttpServletResponse response)
-        throws ServletException, IOException { 
+    private void general(HttpServletRequest request,
+            HttpServletResponse response)
+            throws ServletException, IOException {
         response.getWriter().println("<HTML>");
         response.getWriter().println("<H1>");
         response.getWriter().println("<a href=" + request.getServletPath() + ">");
@@ -221,9 +220,9 @@ public class SystemInfoServlet extends HttpServlet {
         response.getWriter().println("</HTML>");
     }
 
-    private void thread(HttpServletRequest request, 
-        HttpServletResponse response)
-        throws ServletException, IOException { 
+    private void thread(HttpServletRequest request,
+            HttpServletResponse response)
+            throws ServletException, IOException {
         response.getWriter().println("</table>");
         response.getWriter().println("<HTML>");
         response.getWriter().println("<H1>");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java
index 02ab5b52..dd8f6961 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java
@@ -17,11 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.base;
 
-
 /**
  * This class represents information about the client e.g. version,
  * langauge, vendor.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UserInfo {
@@ -36,7 +35,7 @@ public class UserInfo {
 
     /**
      * Returns the user language.
-     *
+     * 
      * @param s user language info from the browser
      * @return user language
      */
@@ -53,7 +52,7 @@ public class UserInfo {
 
     /**
      * Returns the user country.
-     *
+     * 
      * @param s user language info from the browser
      * @return user country
      */
@@ -67,10 +66,10 @@ public class UserInfo {
         }
         return "";
     }
-    
+
     /**
      * Returns the users agent.
-     *
+     * 
      * @param s user language info from the browser
      * @return user agent
      */
@@ -79,7 +78,7 @@ public class UserInfo {
         if (s.indexOf(MSIE) != -1) {
             return MSIE;
         }
-        
+
         // Check for Netscape i.e. Mozilla
         if (s.indexOf(MOZILLA) != -1) {
             return MOZILLA;
@@ -87,5 +86,5 @@ public class UserInfo {
 
         // Don't know agent. Return empty string.
         return "";
-    }        
+    }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
index 15d069e3..8bcb4857 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CertificateException;
@@ -67,10 +66,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Revoke a certificate with a CMC-formatted revocation request
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMCRevReqServlet extends CMSServlet {
@@ -83,7 +81,7 @@ public class CMCRevReqServlet extends CMSServlet {
     // revocation templates.
     private final static String TPL_FILE = "revocationResult.template";
     public static final String CRED_CMC = "cmcRequest";
-    
+
     private ICertificateRepository mCertDB = null;
     private String mFormPath = null;
     private IRequestQueue mQueue = null;
@@ -92,12 +90,10 @@ public class CMCRevReqServlet extends CMSServlet {
     private final static String REVOKE = "revoke";
     private final static String ON_HOLD = "on-hold";
     private final static int ON_HOLD_REASON = 6;
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
 
     // http params 
     public static final String SERIAL_NO = TOKEN_CERT_SERIAL;
@@ -106,15 +102,16 @@ public class CMCRevReqServlet extends CMSServlet {
 
     // request attributes
     public static final String SERIALNO_ARRAY = "serialNoArray";
-    
+
     public CMCRevReqServlet() {
         super();
     }
 
-	/**
+    /**
      * initialize the servlet.
-	 * @param sc servlet configuration, read from the web.xml file
-	 */
+     * 
+     * @param sc servlet configuration, read from the web.xml file
+     */
     public void init(ServletConfig sc) throws ServletException {
 
         super.init(sc);
@@ -136,26 +133,26 @@ public class CMCRevReqServlet extends CMSServlet {
             mFormPath = mOutputTemplatePath;
     }
 
-
-    /** 
-	 * Process the HTTP request. 
-	 *
-	 * <ul>
-	 * <li>http.param cmcRequest the base-64 encoded CMC request
-	 * </ul>
-	 * @param cmsReq the object holding the request and response information
+    /**
+     * Process the HTTP request.
+     * 
+     * <ul>
+     * <li>http.param cmcRequest the base-64 encoded CMC request
+     * </ul>
+     * 
+     * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
 
         String cmcAgentSerialNumber = null;
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();        
-        
+        HttpServletResponse resp = cmsReq.getHttpResp();
+
         CMSTemplate form = null;
         Locale[] locale = new Locale[1];
 
-CMS.debug("**** mFormPath = "+mFormPath);
+        CMS.debug("**** mFormPath = " + mFormPath);
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
@@ -167,12 +164,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
         IArgBlock header = CMS.createArgBlock();
         IArgBlock ctx = CMS.createArgBlock();
         CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-        
 
         String cmc = (String) httpParams.get(CRED_CMC);
         if (cmc == null) {
             throw new EMissingCredential(
-				CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC));
+                    CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC));
         }
 
         IAuthToken authToken = authenticate(cmsReq);
@@ -200,8 +196,8 @@ CMS.debug("**** mFormPath = "+mFormPath);
             serialNoArray = authToken.getInBigIntegerArray(TOKEN_CERT_SERIAL);
         }
 
-        Integer reasonCode = Integer.valueOf(0); 
-         if (authToken != null) {
+        Integer reasonCode = Integer.valueOf(0);
+        if (authToken != null) {
             reasonCode = authToken.getInInteger(REASON_CODE);
         }
         RevocationReason reason = RevocationReason.fromInt(reasonCode.intValue());
@@ -211,12 +207,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
         String revokeAll = null;
         int verifiedRecordCount = 0;
         int totalRecordCount = 0;
-  
+
         if (serialNoArray != null) {
             totalRecordCount = serialNoArray.length;
             verifiedRecordCount = serialNoArray.length;
         }
-        
+
         X509CertImpl[] certs = null;
 
         //for audit log.
@@ -247,7 +243,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 IRequest getCertsChallengeReq = null;
 
                 getCertsChallengeReq = mQueue.newRequest(
-                            GETCERTS_FOR_CHALLENGE_REQUEST); 
+                            GETCERTS_FOR_CHALLENGE_REQUEST);
                 getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray);
                 mQueue.processRequest(getCertsChallengeReq);
                 RequestStatus status = getCertsChallengeReq.getRequestStatus();
@@ -257,7 +253,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
                     header.addStringValue("request", getCertsChallengeReq.getRequestId().toString());
                     mRequestID = getCertsChallengeReq.getRequestId().toString();
                 } else {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); 
+                    log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD"));
                 }
             }
 
@@ -268,22 +264,22 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 IArgBlock rarg = CMS.createArgBlock();
 
                 rarg.addBigIntegerValue("serialNumber",
-                    serialNoArray[i], 16);
+                        serialNoArray[i], 16);
                 rarg.addStringValue("subject",
-                    certs[i].getSubjectDN().toString());
+                        certs[i].getSubjectDN().toString());
                 rarg.addLongValue("validNotBefore",
-                    certs[i].getNotBefore().getTime() / 1000);
+                        certs[i].getNotBefore().getTime() / 1000);
                 rarg.addLongValue("validNotAfter",
-                    certs[i].getNotAfter().getTime() / 1000);
+                        certs[i].getNotAfter().getTime() / 1000);
                 //argSet.addRepeatRecord(rarg);
             }
 
             revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))";
-            cmcAgentSerialNumber=  authToken.getInString(IAuthManager.CRED_SSL_CLIENT_CERT);
+            cmcAgentSerialNumber = authToken.getInString(IAuthManager.CRED_SSL_CLIENT_CERT);
             process(argSet, header, reasonCode.intValue(), invalidityDate, initiative, req, resp,
-                verifiedRecordCount, revokeAll, totalRecordCount,
-                comments, locale[0],cmcAgentSerialNumber);
-            
+                    verifiedRecordCount, revokeAll, totalRecordCount,
+                    comments, locale[0], cmcAgentSerialNumber);
+
         } else {
             header.addIntegerValue("totalRecordCount", 0);
             header.addIntegerValue("verifiedRecordCount", 0);
@@ -292,7 +288,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
         try {
             ServletOutputStream out = resp.getOutputStream();
 
-            if ((serialNoArray== null) || (serialNoArray.length == 0)) {
+            if ((serialNoArray == null) || (serialNoArray.length == 0)) {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 EBaseException ee = new EBaseException("No matched certificate is found");
 
@@ -300,16 +296,16 @@ CMS.debug("**** mFormPath = "+mFormPath);
             } else {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
     }
@@ -318,56 +314,53 @@ CMS.debug("**** mFormPath = "+mFormPath);
      * Process cert status change request using the Certificate Management
      * protocol using CMS (CMC)
      * <P>
-     *
+     * 
      * (Certificate Request - an "EE" cert status change request)
      * <P>
-     *
+     * 
      * (Certificate Request Processed - an "EE" cert status change request)
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
-     * a cert status change request (e. g. - "revocation") is made (before
-     * approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
-     * used when a certificate status is changed (revoked, expired, on-hold,
-     * off-hold)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (revoked, expired, on-hold, off-hold)
      * </ul>
+     * 
      * @param argSet CMS template parameters
      * @param header argument block
      * @param reason revocation reason (0 - Unspecified, 1 - Key compromised,
-     * 2 - CA key compromised; should not be used, 3 - Affiliation changed,
-     * 4 - Certificate superceded, 5 - Cessation of operation, or
-     * 6 - Certificate is on hold)
+     *            2 - CA key compromised; should not be used, 3 - Affiliation changed,
+     *            4 - Certificate superceded, 5 - Cessation of operation, or
+     *            6 - Certificate is on hold)
      * @param invalidityDate certificate validity date
      * @param initiative string containing the audit format
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param verifiedRecordCount number of verified records
      * @param revokeAll string containing information on all of the
-     * certificates to be revoked
+     *            certificates to be revoked
      * @param totalRecordCount total number of records (verified and unverified)
      * @param comments string containing certificate comments
      * @param locale the system locale
      * @exception EBaseException an error has occurred
      */
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        int reason, Date invalidityDate,
-        String initiative,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        int verifiedRecordCount,
-        String revokeAll,
-        int totalRecordCount,
-        String comments,
-        Locale locale,String cmcAgentSerialNumber)
-        throws EBaseException {
+            int reason, Date invalidityDate,
+            String initiative,
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            int verifiedRecordCount,
+            String revokeAll,
+            int totalRecordCount,
+            String comments,
+            Locale locale, String cmcAgentSerialNumber)
+            throws EBaseException {
         String eeSerialNumber = null;
-        if(cmcAgentSerialNumber!=null) {
+        if (cmcAgentSerialNumber != null) {
             eeSerialNumber = cmcAgentSerialNumber;
-        }else{
-            X509CertImpl sslCert = ( X509CertImpl ) getSSLClientCertificate( req );
-            if( sslCert != null ) {
+        } else {
+            X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req);
+            if (sslCert != null) {
                 eeSerialNumber = sslCert.getSerialNumber().toString();
             }
         }
@@ -375,11 +368,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
         boolean auditRequest = true;
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
-        String auditRequesterID = auditRequesterID( req );
-        String auditSerialNumber = auditSerialNumber( eeSerialNumber );
-        String auditRequestType = auditRequestType( reason );
+        String auditRequesterID = auditRequesterID(req);
+        String auditSerialNumber = auditSerialNumber(eeSerialNumber);
+        String auditRequestType = auditRequestType(reason);
         String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        String auditReasonNum = String.valueOf( reason );
+        String auditReasonNum = String.valueOf(reason);
 
         try {
             int count = 0;
@@ -418,18 +411,18 @@ CMS.debug("**** mFormPath = "+mFormPath);
                     IArgBlock rarg = CMS.createArgBlock();
 
                     rarg.addBigIntegerValue("serialNumber",
-                        cert.getSerialNumber(), 16);
+                            cert.getSerialNumber(), 16);
 
                     if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
                         rarg.addStringValue("error", "Certificate " +
-                            cert.getSerialNumber().toString() +
-                            " is already revoked.");
+                                cert.getSerialNumber().toString() +
+                                " is already revoked.");
                     } else {
                         oldCertsV.addElement(cert);
 
                         RevokedCertImpl revCertImpl =
-                            new RevokedCertImpl(cert.getSerialNumber(),
-                                CMS.getCurrentDate(), entryExtn);
+                                new RevokedCertImpl(cert.getSerialNumber(),
+                                        CMS.getCurrentDate(), entryExtn);
 
                         revCertImplsV.addElement(revCertImpl);
                         count++;
@@ -441,14 +434,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
             } else if (mAuthority instanceof IRegistrationAuthority) {
                 String reqIdStr = null;
 
-                if (mRequestID != null && mRequestID.length() > 0) 
+                if (mRequestID != null && mRequestID.length() > 0)
                     reqIdStr = mRequestID;
                 Vector<String> serialNumbers = new Vector<String>();
 
                 if (revokeAll != null && revokeAll.length() > 0) {
-                    for (int i = revokeAll.indexOf('=');
-                        i < revokeAll.length() && i > -1;
-                        i = revokeAll.indexOf('=', i)) {
+                    for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) {
                         if (i > -1) {
                             i++;
                             while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') {
@@ -457,8 +448,8 @@ CMS.debug("**** mFormPath = "+mFormPath);
                             String legalDigits = "0123456789";
                             int j = i;
 
-                            while (j < revokeAll.length() && 
-                                legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
+                            while (j < revokeAll.length() &&
+                                    legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
                                 j++;
                             }
                             if (j > i) {
@@ -485,12 +476,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addBigIntegerValue("serialNumber",
-                                certs[i].getSerialNumber(), 16);
+                                    certs[i].getSerialNumber(), 16);
                             oldCertsV.addElement(certs[i]);
 
                             RevokedCertImpl revCertImpl =
-                                new RevokedCertImpl(certs[i].getSerialNumber(),
-                                    CMS.getCurrentDate(), entryExtn);
+                                    new RevokedCertImpl(certs[i].getSerialNumber(),
+                                            CMS.getCurrentDate(), entryExtn);
 
                             revCertImplsV.addElement(revCertImpl);
                             count++;
@@ -507,12 +498,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
                         IArgBlock rarg = CMS.createArgBlock();
 
                         rarg.addBigIntegerValue("serialNumber",
-                            cert.getSerialNumber(), 16);
+                                cert.getSerialNumber(), 16);
                         oldCertsV.addElement(cert);
 
                         RevokedCertImpl revCertImpl =
-                            new RevokedCertImpl(cert.getSerialNumber(),
-                                CMS.getCurrentDate(), entryExtn);
+                                new RevokedCertImpl(cert.getSerialNumber(),
+                                        CMS.getCurrentDate(), entryExtn);
 
                         revCertImplsV.addElement(revCertImpl);
                         count++;
@@ -533,7 +524,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
             }
 
             IRequest revReq =
-                mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+                    mQueue.newRequest(IRequest.REVOCATION_REQUEST);
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -573,7 +564,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
 
                 if (result.equals(IRequest.RES_ERROR)) {
                     String[] svcErrors =
-                        revReq.getExtDataInStringArray(IRequest.SVCERRORS);
+                            revReq.getExtDataInStringArray(IRequest.SVCERRORS);
 
                     if (svcErrors != null && svcErrors.length > 0) {
                         for (int i = 0; i < svcErrors.length; i++) {
@@ -584,18 +575,18 @@ CMS.debug("**** mFormPath = "+mFormPath);
                                 for (int j = 0; j < count; j++) {
                                     if (oldCerts[j] != null) {
                                         mLogger.log(ILogger.EV_AUDIT,
-                                            ILogger.S_OTHER,
-                                            AuditFormat.LEVEL,
-                                            AuditFormat.DOREVOKEFORMAT,
-                                            new Object[] {
-                                                revReq.getRequestId(),
-                                                initiative,
-                                                "completed with error: " +
-                                                err,
-                                                oldCerts[j].getSubjectDN(),
-                                                oldCerts[j].getSerialNumber().toString(16),
-                                                RevocationReason.fromInt(reason).toString()}
-                                        );
+                                                ILogger.S_OTHER,
+                                                AuditFormat.LEVEL,
+                                                AuditFormat.DOREVOKEFORMAT,
+                                                new Object[] {
+                                                        revReq.getRequestId(),
+                                                        initiative,
+                                                        "completed with error: " +
+                                                                err,
+                                                        oldCerts[j].getSubjectDN(),
+                                                        oldCerts[j].getSerialNumber().toString(16),
+                                                        RevocationReason.fromInt(reason).toString() }
+                                                );
                                     }
                                 }
                             }
@@ -608,23 +599,23 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 for (int j = 0; j < count; j++) {
                     if (oldCerts[j] != null) {
                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOREVOKEFORMAT,
-                            new Object[] {
-                                revReq.getRequestId(),
-                                initiative,
-                                "completed",
-                                oldCerts[j].getSubjectDN(),
-                                oldCerts[j].getSerialNumber().toString(16),
-                                RevocationReason.fromInt(reason).toString()}
-                        );
+                                AuditFormat.LEVEL,
+                                AuditFormat.DOREVOKEFORMAT,
+                                new Object[] {
+                                        revReq.getRequestId(),
+                                        initiative,
+                                        "completed",
+                                        oldCerts[j].getSubjectDN(),
+                                        oldCerts[j].getSerialNumber().toString(16),
+                                        RevocationReason.fromInt(reason).toString() }
+                                );
                     }
                 }
 
                 header.addStringValue("revoked", "yes");
 
                 Integer updateCRLResult =
-                    revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+                        revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
 
                 if (updateCRLResult != null) {
                     header.addStringValue("updateCRL", "yes");
@@ -633,15 +624,15 @@ CMS.debug("**** mFormPath = "+mFormPath);
                     } else {
                         header.addStringValue("updateCRLSuccess", "no");
                         String crlError =
-                            revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+                                revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
 
                         if (crlError != null)
                             header.addStringValue("updateCRLError",
-                                crlError);
+                                    crlError);
                     }
                     // let known crl publishing status too.
                     Integer publishCRLResult =
-                        revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+                            revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
 
                     if (publishCRLResult != null) {
                         if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
@@ -649,22 +640,22 @@ CMS.debug("**** mFormPath = "+mFormPath);
                         } else {
                             header.addStringValue("publishCRLSuccess", "no");
                             String publError =
-                                revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                                    revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
                             if (publError != null)
                                 header.addStringValue("publishCRLError",
-                                    publError);
+                                        publError);
                         }
                     }
                 }
                 if (mAuthority instanceof ICertificateAuthority) {
                     // let known update and publish status of all crls.
                     Enumeration<ICRLIssuingPoint> otherCRLs =
-                        ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+                            ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
 
                     while (otherCRLs.hasMoreElements()) {
                         ICRLIssuingPoint crl = (ICRLIssuingPoint)
-                            otherCRLs.nextElement();
+                                otherCRLs.nextElement();
                         String crlId = crl.getId();
 
                         if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -674,25 +665,25 @@ CMS.debug("**** mFormPath = "+mFormPath);
 
                         if (updateResult != null) {
                             if (updateResult.equals(IRequest.RES_SUCCESS)) {
-                                CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", 
+                                CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER",
                                         updateStatusStr));
                                 header.addStringValue(updateStatusStr, "yes");
                             } else {
                                 String updateErrorStr = crl.getCrlUpdateErrorStr();
 
-                                CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", 
+                                CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
                                         updateStatusStr));
                                 header.addStringValue(updateStatusStr, "no");
                                 String error =
-                                    revReq.getExtDataInString(updateErrorStr);
+                                        revReq.getExtDataInString(updateErrorStr);
 
                                 if (error != null)
                                     header.addStringValue(updateErrorStr,
-                                        error);
+                                            error);
                             }
                             String publishStatusStr = crl.getCrlPublishStatusStr();
                             Integer publishResult =
-                                revReq.getExtDataInInteger(publishStatusStr);
+                                    revReq.getExtDataInInteger(publishStatusStr);
 
                             if (publishResult == null)
                                 continue;
@@ -700,15 +691,15 @@ CMS.debug("**** mFormPath = "+mFormPath);
                                 header.addStringValue(publishStatusStr, "yes");
                             } else {
                                 String publishErrorStr =
-                                    crl.getCrlPublishErrorStr();
+                                        crl.getCrlPublishErrorStr();
 
                                 header.addStringValue(publishStatusStr, "no");
                                 String error =
-                                    revReq.getExtDataInString(publishErrorStr);
+                                        revReq.getExtDataInString(publishErrorStr);
 
                                 if (error != null)
                                     header.addStringValue(
-                                        publishErrorStr, error);
+                                            publishErrorStr, error);
                             }
                         }
                     }
@@ -717,7 +708,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
                     header.addStringValue("dirEnabled", "yes");
                     Integer[] ldapPublishStatus =
-                        revReq.getExtDataInIntegerArray("ldapPublishStatus");
+                            revReq.getExtDataInIntegerArray("ldapPublishStatus");
                     int certsToUpdate = 0;
                     int certsUpdated = 0;
 
@@ -734,11 +725,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
 
                     // add crl publishing status.
                     String publError =
-                        revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                            revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
                     if (publError != null) {
                         header.addStringValue("crlPublishError",
-                            publError);
+                                publError);
                     }
                 } else {
                     header.addStringValue("dirEnabled", "no");
@@ -752,16 +743,16 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 for (int j = 0; j < count; j++) {
                     if (oldCerts[j] != null) {
                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOREVOKEFORMAT,
-                            new Object[] {
-                                revReq.getRequestId(),
-                                initiative,
-                                "pending",
-                                oldCerts[j].getSubjectDN(),
-                                oldCerts[j].getSerialNumber().toString(16),
-                                RevocationReason.fromInt(reason).toString()}
-                        );
+                                AuditFormat.LEVEL,
+                                AuditFormat.DOREVOKEFORMAT,
+                                new Object[] {
+                                        revReq.getRequestId(),
+                                        initiative,
+                                        "pending",
+                                        oldCerts[j].getSubjectDN(),
+                                        oldCerts[j].getSerialNumber().toString(16),
+                                        RevocationReason.fromInt(reason).toString() }
+                                );
                     }
                 }
 
@@ -771,7 +762,8 @@ CMS.debug("**** mFormPath = "+mFormPath);
 
                 if (errors != null && errors.size() > 0) {
                     for (int ii = 0; ii < errors.size(); ii++) {
-                        errorStr.append(errors.elementAt(ii));;
+                        errorStr.append(errors.elementAt(ii));
+                        ;
                     }
                 }
                 header.addStringValue("error", errorStr.toString());
@@ -780,16 +772,16 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 for (int j = 0; j < count; j++) {
                     if (oldCerts[j] != null) {
                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOREVOKEFORMAT,
-                            new Object[] {
-                                revReq.getRequestId(),
-                                initiative,
-                                stat.toString(),
-                                oldCerts[j].getSubjectDN(),
-                                oldCerts[j].getSerialNumber().toString(16),
-                                RevocationReason.fromInt(reason).toString()}
-                        );
+                                AuditFormat.LEVEL,
+                                AuditFormat.DOREVOKEFORMAT,
+                                new Object[] {
+                                        revReq.getRequestId(),
+                                        initiative,
+                                        stat.toString(),
+                                        oldCerts[j].getSubjectDN(),
+                                        oldCerts[j].getSerialNumber().toString(16),
+                                        RevocationReason.fromInt(reason).toString() }
+                                );
                     }
                 }
             }
@@ -798,17 +790,17 @@ CMS.debug("**** mFormPath = "+mFormPath);
             // if and only if "auditApprovalStatus" is
             // "complete", "revoked", or "canceled"
             if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-            ||  (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-            ||  (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
+                    || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                    || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                    auditSubjectID,
-                    ILogger.SUCCESS,
-                    auditRequesterID,
-                    auditSerialNumber,
-                    auditRequestType,
-                    auditReasonNum,
-                    auditApprovalStatus);
+                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+                        auditSubjectID,
+                        ILogger.SUCCESS,
+                        auditRequesterID,
+                        auditSerialNumber,
+                        auditRequestType,
+                        auditReasonNum,
+                        auditApprovalStatus);
 
                 audit(auditMessage);
             }
@@ -818,12 +810,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 // store a "CERT_STATUS_CHANGE_REQUEST" failure
                 // message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditRequesterID,
-                    auditSerialNumber,
-                    auditRequestType);
+                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditRequesterID,
+                        auditSerialNumber,
+                        auditRequestType);
 
                 audit(auditMessage);
             } else {
@@ -832,11 +824,10 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 // if and only if "auditApprovalStatus" is
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-                ||  (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-                ||  (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)))
-                {
+                        || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                        || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                             auditSubjectID,
                             ILogger.FAILURE,
                             auditRequesterID,
@@ -857,12 +848,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 // store a "CERT_STATUS_CHANGE_REQUEST" failure
                 // message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditRequesterID,
-                    auditSerialNumber,
-                    auditRequestType);
+                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditRequesterID,
+                        auditSerialNumber,
+                        auditRequestType);
 
                 audit(auditMessage);
             } else {
@@ -871,18 +862,17 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 // if and only if "auditApprovalStatus" is
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-                ||  (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-                ||  (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)))
-                {
+                        || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                        || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        auditSerialNumber,
-                        auditRequestType,
-                        auditReasonNum,
-                        auditApprovalStatus);
+                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditRequesterID,
+                            auditSerialNumber,
+                            auditRequestType,
+                            auditReasonNum,
+                            auditApprovalStatus);
 
                     audit(auditMessage);
                 }
@@ -891,18 +881,18 @@ CMS.debug("**** mFormPath = "+mFormPath);
             throw e;
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString()));
 
             if (auditRequest) {
                 // store a "CERT_STATUS_CHANGE_REQUEST" failure
                 // message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditRequesterID,
-                    auditSerialNumber,
-                    auditRequestType);
+                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditRequesterID,
+                        auditSerialNumber,
+                        auditRequestType);
 
                 audit(auditMessage);
             } else {
@@ -911,18 +901,17 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 // if and only if "auditApprovalStatus" is
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-                ||  (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-                ||  (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)))
-                {
+                        || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                        || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        auditSerialNumber,
-                        auditRequestType,
-                        auditReasonNum,
-                        auditApprovalStatus);
+                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditRequesterID,
+                            auditSerialNumber,
+                            auditRequestType,
+                            auditReasonNum,
+                            auditApprovalStatus);
 
                     audit(auditMessage);
                 }
@@ -934,12 +923,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 // store a "CERT_STATUS_CHANGE_REQUEST" failure
                 // message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditRequesterID,
-                    auditSerialNumber,
-                    auditRequestType);
+                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditRequesterID,
+                        auditSerialNumber,
+                        auditRequestType);
 
                 audit(auditMessage);
             } else {
@@ -948,18 +937,17 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 // if and only if "auditApprovalStatus" is
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-                ||  (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-                ||  (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)))
-                {
+                        || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                        || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        auditSerialNumber,
-                        auditRequestType,
-                        auditReasonNum,
-                        auditApprovalStatus);
+                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditRequesterID,
+                            auditSerialNumber,
+                            auditRequestType,
+                            auditReasonNum,
+                            auditApprovalStatus);
 
                     audit(auditMessage);
                 }
@@ -973,11 +961,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
 
     /**
      * Signed Audit Log Requester ID
-     *
+     * 
      * This method is called to obtain the "RequesterID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @param req HTTP request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -1003,11 +991,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
 
     /**
      * Signed Audit Log Serial Number
-     *
+     * 
      * This method is called to obtain the serial number of the certificate
      * whose status is to be changed for a signed audit log message.
      * <P>
-     *
+     * 
      * @param eeSerialNumber a string containing the un-normalized serialNumber
      * @return id string containing the signed audit log message RequesterID
      */
@@ -1026,7 +1014,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
             // convert it to hexadecimal
             serialNumber = "0x"
                     + Integer.toHexString(
-                        Integer.valueOf(serialNumber).intValue());
+                            Integer.valueOf(serialNumber).intValue());
         } else {
             serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         }
@@ -1036,11 +1024,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
 
     /**
      * Signed Audit Log Request Type
-     *
+     * 
      * This method is called to obtain the "Request Type" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @param reason an integer denoting the revocation reason
      * @return string containing REVOKE or ON_HOLD
      */
@@ -1062,4 +1050,3 @@ CMS.debug("**** mFormPath = "+mFormPath);
         return requestType;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java
index 181e6e9c..9ca4afab 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CertificateException;
@@ -66,11 +65,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * Takes the certificate info (serial number) and optional challenge phrase, creates a 
+ * Takes the certificate info (serial number) and optional challenge phrase, creates a
  * revocation request and submits it to the authority subsystem for processing
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ChallengeRevocationServlet1 extends CMSServlet {
@@ -102,10 +100,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
     }
 
     /**
-     * Initialize the servlet. This servlet uses the file 
-	 * revocationResult.template for the response
-     *
-	 * @param sc servlet configuration, read from the web.xml file
+     * Initialize the servlet. This servlet uses the file
+     * revocationResult.template for the response
+     * 
+     * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
@@ -125,17 +123,17 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
         mQueue = mAuthority.getRequestQueue();
     }
 
-	/**
-     * Process the HTTP request. 
+    /**
+     * Process the HTTP request.
      * <ul>
      * <li>http.param REASON_CODE the revocation reason
-	 * <li>http.param b64eCertificate the base-64 encoded certificate to revoke
+     * <li>http.param b64eCertificate the base-64 encoded certificate to revoke
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
-    protected void process(CMSRequest cmsReq) 
-        throws EBaseException {
+    protected void process(CMSRequest cmsReq)
+            throws EBaseException {
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest req = cmsReq.getHttpReq();
         HttpServletResponse resp = cmsReq.getHttpResp();
@@ -159,23 +157,23 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
         // for audit log
         IAuthToken authToken = authenticate(cmsReq);
         String authMgr = AuditFormat.NOAUTH;
-		
+
         BigInteger[] serialNoArray = null;
 
         if (authToken != null) {
             serialNoArray = authToken.getInBigIntegerArray(SERIAL_NO);
         }
         // set revocation reason, default to unspecified if not set.
-        int reasonCode = 
-            httpParams.getValueAsInt(REASON_CODE, 0); 
+        int reasonCode =
+                httpParams.getValueAsInt(REASON_CODE, 0);
         //        header.addIntegerValue("reason", reasonCode);
         RevocationReason reason = RevocationReason.fromInt(reasonCode);
 
         String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS);
         Date invalidityDate = null;
         String revokeAll = null;
-        int totalRecordCount = (serialNoArray != null)? serialNoArray.length:0;
-        int verifiedRecordCount = (serialNoArray != null)? serialNoArray.length:0;
+        int totalRecordCount = (serialNoArray != null) ? serialNoArray.length : 0;
+        int verifiedRecordCount = (serialNoArray != null) ? serialNoArray.length : 0;
 
         X509CertImpl[] certs = null;
 
@@ -198,11 +196,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
         AuthzToken authzToken = null;
 
         try {
-            authzToken = authorize(mAclMethod, authToken, 
+            authzToken = authorize(mAclMethod, authToken,
                         mAuthzResourceName, "revoke");
         } catch (Exception e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -222,7 +220,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                 IRequest getCertsChallengeReq = null;
 
                 getCertsChallengeReq = mQueue.newRequest(
-                            GETCERTS_FOR_CHALLENGE_REQUEST); 
+                            GETCERTS_FOR_CHALLENGE_REQUEST);
                 getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray);
                 mQueue.processRequest(getCertsChallengeReq);
                 RequestStatus status = getCertsChallengeReq.getRequestStatus();
@@ -232,7 +230,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                     header.addStringValue("request", getCertsChallengeReq.getRequestId().toString());
                     mRequestID = getCertsChallengeReq.getRequestId().toString();
                 } else {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); 
+                    log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD"));
                 }
             }
 
@@ -243,20 +241,20 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                 IArgBlock rarg = CMS.createArgBlock();
 
                 rarg.addBigIntegerValue("serialNumber",
-                    serialNoArray[i], 16);
+                        serialNoArray[i], 16);
                 rarg.addStringValue("subject",
-                    certs[i].getSubjectDN().toString());
+                        certs[i].getSubjectDN().toString());
                 rarg.addLongValue("validNotBefore",
-                    certs[i].getNotBefore().getTime() / 1000);
+                        certs[i].getNotBefore().getTime() / 1000);
                 rarg.addLongValue("validNotAfter",
-                    certs[i].getNotAfter().getTime() / 1000);
+                        certs[i].getNotAfter().getTime() / 1000);
                 //argSet.addRepeatRecord(rarg);
             }
 
             revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))";
             process(argSet, header, reasonCode, invalidityDate, initiative, req, resp,
-                verifiedRecordCount, revokeAll, totalRecordCount,
-                comments, locale[0]);
+                    verifiedRecordCount, revokeAll, totalRecordCount,
+                    comments, locale[0]);
         } else {
             header.addIntegerValue("totalRecordCount", 0);
             header.addIntegerValue("verifiedRecordCount", 0);
@@ -265,10 +263,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
         try {
             ServletOutputStream out = resp.getOutputStream();
 
-            if( serialNoArray == null ) {
-                CMS.debug( "ChallengeRevcationServlet1::process() - " +
-                           " serialNoArray is null!" );
-                EBaseException ee = new EBaseException( "No matched certificate is found" );
+            if (serialNoArray == null) {
+                CMS.debug("ChallengeRevcationServlet1::process() - " +
+                           " serialNoArray is null!");
+                EBaseException ee = new EBaseException("No matched certificate is found");
 
                 cmsReq.setError(ee);
                 return;
@@ -282,31 +280,31 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
             } else {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
     }
 
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        int reason, Date invalidityDate,
-        String initiative,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        int verifiedRecordCount,
-        String revokeAll,
-        int totalRecordCount,
-        String comments,
-        Locale locale)
-        throws EBaseException {
+            int reason, Date invalidityDate,
+            String initiative,
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            int verifiedRecordCount,
+            String revokeAll,
+            int totalRecordCount,
+            String comments,
+            Locale locale)
+            throws EBaseException {
         try {
             int count = 0;
             Vector<X509CertImpl> oldCertsV = new Vector<X509CertImpl>();
@@ -344,18 +342,18 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                     IArgBlock rarg = CMS.createArgBlock();
 
                     rarg.addBigIntegerValue("serialNumber",
-                        cert.getSerialNumber(), 16);
+                            cert.getSerialNumber(), 16);
 
                     if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
                         rarg.addStringValue("error", "Certificate " +
-                            cert.getSerialNumber().toString() +
-                            " is already revoked.");
+                                cert.getSerialNumber().toString() +
+                                " is already revoked.");
                     } else {
                         oldCertsV.addElement(cert);
 
                         RevokedCertImpl revCertImpl =
-                            new RevokedCertImpl(cert.getSerialNumber(),
-                                CMS.getCurrentDate(), entryExtn);
+                                new RevokedCertImpl(cert.getSerialNumber(),
+                                        CMS.getCurrentDate(), entryExtn);
 
                         revCertImplsV.addElement(revCertImpl);
                         count++;
@@ -367,14 +365,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
             } else if (mAuthority instanceof IRegistrationAuthority) {
                 String reqIdStr = null;
 
-                if (mRequestID != null && mRequestID.length() > 0) 
+                if (mRequestID != null && mRequestID.length() > 0)
                     reqIdStr = mRequestID;
                 Vector<String> serialNumbers = new Vector<String>();
 
                 if (revokeAll != null && revokeAll.length() > 0) {
-                    for (int i = revokeAll.indexOf('=');
-                        i < revokeAll.length() && i > -1;
-                        i = revokeAll.indexOf('=', i)) {
+                    for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) {
                         if (i > -1) {
                             i++;
                             while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') {
@@ -383,8 +379,8 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                             String legalDigits = "0123456789";
                             int j = i;
 
-                            while (j < revokeAll.length() && 
-                                legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
+                            while (j < revokeAll.length() &&
+                                    legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
                                 j++;
                             }
                             if (j > i) {
@@ -411,12 +407,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addBigIntegerValue("serialNumber",
-                                certs[i].getSerialNumber(), 16);
+                                    certs[i].getSerialNumber(), 16);
                             oldCertsV.addElement(certs[i]);
 
                             RevokedCertImpl revCertImpl =
-                                new RevokedCertImpl(certs[i].getSerialNumber(),
-                                    CMS.getCurrentDate(), entryExtn);
+                                    new RevokedCertImpl(certs[i].getSerialNumber(),
+                                            CMS.getCurrentDate(), entryExtn);
 
                             revCertImplsV.addElement(revCertImpl);
                             count++;
@@ -433,12 +429,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                         IArgBlock rarg = CMS.createArgBlock();
 
                         rarg.addBigIntegerValue("serialNumber",
-                            cert.getSerialNumber(), 16);
+                                cert.getSerialNumber(), 16);
                         oldCertsV.addElement(cert);
 
                         RevokedCertImpl revCertImpl =
-                            new RevokedCertImpl(cert.getSerialNumber(),
-                                CMS.getCurrentDate(), entryExtn);
+                                new RevokedCertImpl(cert.getSerialNumber(),
+                                        CMS.getCurrentDate(), entryExtn);
 
                         revCertImplsV.addElement(revCertImpl);
                         count++;
@@ -459,7 +455,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
             }
 
             IRequest revReq =
-                mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+                    mQueue.newRequest(IRequest.REVOCATION_REQUEST);
 
             revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
             revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
@@ -479,7 +475,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
 
                 if (result.equals(IRequest.RES_ERROR)) {
                     String[] svcErrors =
-                        revReq.getExtDataInStringArray(IRequest.SVCERRORS);
+                            revReq.getExtDataInStringArray(IRequest.SVCERRORS);
 
                     if (svcErrors != null && svcErrors.length > 0) {
                         for (int i = 0; i < svcErrors.length; i++) {
@@ -490,18 +486,18 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                                 for (int j = 0; j < count; j++) {
                                     if (oldCerts[j] != null) {
                                         mLogger.log(ILogger.EV_AUDIT,
-                                            ILogger.S_OTHER,
-                                            AuditFormat.LEVEL,
-                                            AuditFormat.DOREVOKEFORMAT,
-                                            new Object[] {
-                                                revReq.getRequestId(),
-                                                initiative,
-                                                "completed with error: " +
-                                                err,
-                                                oldCerts[j].getSubjectDN(),
-                                                oldCerts[j].getSerialNumber().toString(16),
-                                                RevocationReason.fromInt(reason).toString()}
-                                        );
+                                                ILogger.S_OTHER,
+                                                AuditFormat.LEVEL,
+                                                AuditFormat.DOREVOKEFORMAT,
+                                                new Object[] {
+                                                        revReq.getRequestId(),
+                                                        initiative,
+                                                        "completed with error: " +
+                                                                err,
+                                                        oldCerts[j].getSubjectDN(),
+                                                        oldCerts[j].getSerialNumber().toString(16),
+                                                        RevocationReason.fromInt(reason).toString() }
+                                                );
                                     }
                                 }
                             }
@@ -514,23 +510,23 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                 for (int j = 0; j < count; j++) {
                     if (oldCerts[j] != null) {
                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOREVOKEFORMAT,
-                            new Object[] {
-                                revReq.getRequestId(),
-                                initiative,
-                                "completed",
-                                oldCerts[j].getSubjectDN(),
-                                oldCerts[j].getSerialNumber().toString(16),
-                                RevocationReason.fromInt(reason).toString()}
-                        );
+                                AuditFormat.LEVEL,
+                                AuditFormat.DOREVOKEFORMAT,
+                                new Object[] {
+                                        revReq.getRequestId(),
+                                        initiative,
+                                        "completed",
+                                        oldCerts[j].getSubjectDN(),
+                                        oldCerts[j].getSerialNumber().toString(16),
+                                        RevocationReason.fromInt(reason).toString() }
+                                );
                     }
                 }
 
                 header.addStringValue("revoked", "yes");
 
                 Integer updateCRLResult =
-                    revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+                        revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
 
                 if (updateCRLResult != null) {
                     header.addStringValue("updateCRL", "yes");
@@ -539,15 +535,15 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                     } else {
                         header.addStringValue("updateCRLSuccess", "no");
                         String crlError =
-                            revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+                                revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
 
                         if (crlError != null)
                             header.addStringValue("updateCRLError",
-                                crlError);
+                                    crlError);
                     }
                     // let known crl publishing status too.
                     Integer publishCRLResult =
-                        revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+                            revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
 
                     if (publishCRLResult != null) {
                         if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
@@ -555,22 +551,22 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                         } else {
                             header.addStringValue("publishCRLSuccess", "no");
                             String publError =
-                                revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                                    revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
                             if (publError != null)
                                 header.addStringValue("publishCRLError",
-                                    publError);
+                                        publError);
                         }
                     }
                 }
                 if (mAuthority instanceof ICertificateAuthority) {
                     // let known update and publish status of all crls.
                     Enumeration<ICRLIssuingPoint> otherCRLs =
-                        ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+                            ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
 
                     while (otherCRLs.hasMoreElements()) {
                         ICRLIssuingPoint crl = (ICRLIssuingPoint)
-                            otherCRLs.nextElement();
+                                otherCRLs.nextElement();
                         String crlId = crl.getId();
 
                         if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -580,25 +576,25 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
 
                         if (updateResult != null) {
                             if (updateResult.equals(IRequest.RES_SUCCESS)) {
-                                CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", 
+                                CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER",
                                         updateStatusStr));
                                 header.addStringValue(updateStatusStr, "yes");
                             } else {
                                 String updateErrorStr = crl.getCrlUpdateErrorStr();
 
-                                CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", 
+                                CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
                                         updateStatusStr));
                                 header.addStringValue(updateStatusStr, "no");
                                 String error =
-                                    revReq.getExtDataInString(updateErrorStr);
+                                        revReq.getExtDataInString(updateErrorStr);
 
                                 if (error != null)
                                     header.addStringValue(updateErrorStr,
-                                        error);
+                                            error);
                             }
                             String publishStatusStr = crl.getCrlPublishStatusStr();
                             Integer publishResult =
-                                revReq.getExtDataInInteger(publishStatusStr);
+                                    revReq.getExtDataInInteger(publishStatusStr);
 
                             if (publishResult == null)
                                 continue;
@@ -606,15 +602,15 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                                 header.addStringValue(publishStatusStr, "yes");
                             } else {
                                 String publishErrorStr =
-                                    crl.getCrlPublishErrorStr();
+                                        crl.getCrlPublishErrorStr();
 
                                 header.addStringValue(publishStatusStr, "no");
                                 String error =
-                                    revReq.getExtDataInString(publishErrorStr);
+                                        revReq.getExtDataInString(publishErrorStr);
 
                                 if (error != null)
                                     header.addStringValue(
-                                        publishErrorStr, error);
+                                            publishErrorStr, error);
                             }
                         }
                     }
@@ -623,7 +619,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                 if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
                     header.addStringValue("dirEnabled", "yes");
                     Integer[] ldapPublishStatus =
-                        revReq.getExtDataInIntegerArray("ldapPublishStatus");
+                            revReq.getExtDataInIntegerArray("ldapPublishStatus");
                     int certsToUpdate = 0;
                     int certsUpdated = 0;
 
@@ -640,11 +636,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
 
                     // add crl publishing status.
                     String publError =
-                        revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                            revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
                     if (publError != null) {
                         header.addStringValue("crlPublishError",
-                            publError);
+                                publError);
                     }
                 } else {
                     header.addStringValue("dirEnabled", "no");
@@ -658,16 +654,16 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                 for (int j = 0; j < count; j++) {
                     if (oldCerts[j] != null) {
                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOREVOKEFORMAT,
-                            new Object[] {
-                                revReq.getRequestId(),
-                                initiative,
-                                "pending",
-                                oldCerts[j].getSubjectDN(),
-                                oldCerts[j].getSerialNumber().toString(16),
-                                RevocationReason.fromInt(reason).toString()}
-                        );
+                                AuditFormat.LEVEL,
+                                AuditFormat.DOREVOKEFORMAT,
+                                new Object[] {
+                                        revReq.getRequestId(),
+                                        initiative,
+                                        "pending",
+                                        oldCerts[j].getSubjectDN(),
+                                        oldCerts[j].getSerialNumber().toString(16),
+                                        RevocationReason.fromInt(reason).toString() }
+                                );
                     }
                 }
 
@@ -686,16 +682,16 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                 for (int j = 0; j < count; j++) {
                     if (oldCerts[j] != null) {
                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOREVOKEFORMAT,
-                            new Object[] {
-                                revReq.getRequestId(),
-                                initiative,
-                                stat.toString(),
-                                oldCerts[j].getSubjectDN(),
-                                oldCerts[j].getSerialNumber().toString(16),
-                                RevocationReason.fromInt(reason).toString()}
-                        );
+                                AuditFormat.LEVEL,
+                                AuditFormat.DOREVOKEFORMAT,
+                                new Object[] {
+                                        revReq.getRequestId(),
+                                        initiative,
+                                        stat.toString(),
+                                        oldCerts[j].getSubjectDN(),
+                                        oldCerts[j].getSerialNumber().toString(16),
+                                        RevocationReason.fromInt(reason).toString() }
+                                );
                     }
                 }
             }
@@ -706,7 +702,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
             throw e;
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
         } catch (Exception e) {
             e.printStackTrace();
@@ -715,4 +711,3 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java
index b3693a53..9feddbec 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -39,12 +38,11 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Redirect a request to the Master. This servlet is used in
- * a clone when a requested service (such as CRL) is not available. 
+ * a clone when a requested service (such as CRL) is not available.
  * It redirects the user to the master.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CloneRedirect extends CMSServlet {
@@ -71,7 +69,8 @@ public class CloneRedirect extends CMSServlet {
 
     /**
      * Initialize the servlet.
-	 * @param sc servlet configuration, read from the web.xml file
+     * 
+     * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
@@ -93,8 +92,8 @@ public class CloneRedirect extends CMSServlet {
 
         if (mAuthority instanceof ICertificateAuthority)
             mCA = (ICertificateAuthority) mAuthority;
-		
-            // override success to do output with our own template.
+
+        // override success to do output with our own template.
         mTemplates.remove(CMSRequest.SUCCESS);
     }
 
@@ -117,28 +116,28 @@ public class CloneRedirect extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
 
-        CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl)); 
+        CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl));
         header.addStringValue("masterURL", mNewUrl);
         try {
             ServletOutputStream out = resp.getOutputStream();
 
             String xmlOutput = req.getParameter("xml");
-			if (xmlOutput != null && xmlOutput.equals("true")) {
-			  outputXML(resp, argSet);
-			} else {
-			  resp.setContentType("text/html");
-			  form.renderOutput(out, argSet);
-			  cmsReq.setStatus(CMSRequest.SUCCESS);
-			}
+            if (xmlOutput != null && xmlOutput.equals("true")) {
+                outputXML(resp, argSet);
+            } else {
+                resp.setContentType("text/html");
+                form.renderOutput(out, argSet);
+                cmsReq.setStatus(CMSRequest.SUCCESS);
+            }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java
index 0ccf7f18..03c909cc 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.util.Date;
 import java.util.Locale;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * 'Face-to-face' certificate enrollment.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DirAuthServlet extends CMSServlet {
@@ -64,8 +62,9 @@ public class DirAuthServlet extends CMSServlet {
         super();
     }
 
-	/**
+    /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -81,15 +80,14 @@ public class DirAuthServlet extends CMSServlet {
         mTemplates.remove(CMSRequest.SUCCESS);
     }
 
-
-	/**
+    /**
      * Process the HTTP request. This servlet reads configuration information
-	 * from the hashDirEnrollment configuration substore
-     *
+     * from the hashDirEnrollment configuration substore
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
@@ -112,8 +110,8 @@ public class DirAuthServlet extends CMSServlet {
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
             cmsReq.setError(new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
             cmsReq.setStatus(CMSRequest.ERROR);
@@ -166,7 +164,7 @@ public class DirAuthServlet extends CMSServlet {
             printError(cmsReq, "2");
             cmsReq.setStatus(CMSRequest.SUCCESS);
             return;
-        }  
+        }
 
         mgr.setLastLogin(reqHost, currTime);
 
@@ -176,11 +174,11 @@ public class DirAuthServlet extends CMSServlet {
 
         mgr.addAuthToken(pageID, authToken);
 
-        header.addStringValue("pageID", pageID); 
+        header.addStringValue("pageID", pageID);
         header.addStringValue("uid", uid);
         header.addStringValue("fingerprint", mgr.hashFingerprint(reqHost, pageID, uid));
         header.addStringValue("hostname", reqHost);
-  
+
         try {
             ServletOutputStream out = httpResp.getOutputStream();
 
@@ -188,8 +186,8 @@ public class DirAuthServlet extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
             cmsReq.setStatus(CMSRequest.ERROR);
@@ -199,7 +197,7 @@ public class DirAuthServlet extends CMSServlet {
     }
 
     private void printError(CMSRequest cmsReq, String errorCode)
-        throws EBaseException {
+            throws EBaseException {
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -219,7 +217,7 @@ public class DirAuthServlet extends CMSServlet {
             form = getTemplate(formPath, httpReq, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
             cmsReq.setStatus(CMSRequest.ERROR);
@@ -234,7 +232,7 @@ public class DirAuthServlet extends CMSServlet {
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
             cmsReq.setStatus(CMSRequest.ERROR);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java
index 9f353312..a5cdc98e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.security.cert.X509Certificate;
 import java.util.Locale;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * For Face-to-face enrollment, disable EE enrollment feature
- *
+ * 
  * @version $Revision$, $Date$
  * @see com.netscape.cms.servlet.cert.EnableEnrollResult
  */
@@ -83,7 +81,7 @@ public class DisableEnrollResult extends CMSServlet {
      * Services the request
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
@@ -125,10 +123,10 @@ public class DisableEnrollResult extends CMSServlet {
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -162,10 +160,10 @@ public class DisableEnrollResult extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
index ea62b9cb..16be7a8a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.math.BigInteger;
@@ -67,13 +66,12 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Display detailed information about a certificate
- *
+ * 
  * The template 'displayBySerial.template' is used to
  * render the response for this servlet.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DisplayBySerial extends CMSServlet {
@@ -99,6 +97,7 @@ public class DisplayBySerial extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -109,13 +108,13 @@ public class DisplayBySerial extends CMSServlet {
         try {
             mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain();
         } catch (Exception e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
         }
         // coming from ee
         mForm1Path = "/" + mAuthority.getId() + "/" + TPL_FILE1;
-      
-        if (mOutputTemplatePath != null) 
+
+        if (mOutputTemplatePath != null)
             mForm1Path = mOutputTemplatePath;
 
         // override success and error templates to null - 
@@ -126,8 +125,7 @@ public class DisplayBySerial extends CMSServlet {
     /**
      * Serves HTTP request. The format of this request is as follows:
      * <ul>
-     * <li>http.param serialNumber Decimal serial number of certificate to display
-     *   (or hex if serialNumber preceded by 0x)
+     * <li>http.param serialNumber Decimal serial number of certificate to display (or hex if serialNumber preceded by 0x)
      * </ul>
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -151,7 +149,7 @@ public class DisplayBySerial extends CMSServlet {
                             mAuthzResourceName, "read");
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             }
 
             if (authzToken == null) {
@@ -170,8 +168,8 @@ public class DisplayBySerial extends CMSServlet {
 
             error = new ECMSGWException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString()));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         } catch (EDBRecordNotFoundException e) {
@@ -185,15 +183,15 @@ public class DisplayBySerial extends CMSServlet {
 
         try {
             if (serialNumber.compareTo(MINUS_ONE) > 0) {
-                process(argSet, header, serialNumber, 
-                    req, resp, locale[0]);
+                process(argSet, header, serialNumber,
+                        req, resp, locale[0]);
             } else {
                 error = new ECMSGWException(
                             CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
             }
         } catch (EBaseException e) {
             error = e;
-        } 
+        }
 
         try {
             ServletOutputStream out = resp.getOutputStream();
@@ -201,19 +199,19 @@ public class DisplayBySerial extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
 
@@ -223,53 +221,53 @@ public class DisplayBySerial extends CMSServlet {
      * Display information about a particular certificate
      */
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        BigInteger seq, HttpServletRequest req, 
-        HttpServletResponse resp, 
-        Locale locale)
-        throws EBaseException {
+            BigInteger seq, HttpServletRequest req,
+            HttpServletResponse resp,
+            Locale locale)
+            throws EBaseException {
         String certType[] = new String[1];
 
         try {
             ICertRecord rec = getCertRecord(seq, certType);
-				
+
             if (certType[0].equalsIgnoreCase("x509")) {
                 processX509(argSet, header, seq, req, resp, locale);
                 return;
             }
         } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
             throw e;
         }
-		
+
         return;
     }
-	
+
     private void processX509(CMSTemplateParams argSet, IArgBlock header,
-        BigInteger seq, HttpServletRequest req, 
-        HttpServletResponse resp, 
-        Locale locale)
-        throws EBaseException {
+            BigInteger seq, HttpServletRequest req,
+            HttpServletResponse resp,
+            Locale locale)
+            throws EBaseException {
         try {
             ICertRecord rec = (ICertRecord) mCertDB.readCertificateRecord(seq);
-            if (rec == null)  {
-              CMS.debug("DisplayBySerial: failed to read record");
-              throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
+            if (rec == null) {
+                CMS.debug("DisplayBySerial: failed to read record");
+                throw new ECMSGWException(
+                        CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
             }
             X509CertImpl cert = rec.getCertificate();
-            if (cert == null)  {
-              CMS.debug("DisplayBySerial: no certificate in record");
-              throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
+            if (cert == null) {
+                CMS.debug("DisplayBySerial: no certificate in record");
+                throw new ECMSGWException(
+                        CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
             }
 
             try {
                 X509CertInfo info = (X509CertInfo) cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
-                if (info == null)  {
-                  CMS.debug("DisplayBySerial: no info found");
-                  throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
+                if (info == null) {
+                    CMS.debug("DisplayBySerial: no info found");
+                    throw new ECMSGWException(
+                            CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
                 }
                 CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
 
@@ -287,11 +285,11 @@ public class DisplayBySerial extends CMSServlet {
                         }
                         if (ext instanceof KeyUsageExtension) {
                             KeyUsageExtension usage =
-                                (KeyUsageExtension) ext;
+                                    (KeyUsageExtension) ext;
 
                             try {
                                 if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() ||
-                                    ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
+                                        ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
                                     emailCert = true;
                             } catch (ArrayIndexOutOfBoundsException e) {
                                 // bug356108:
@@ -321,8 +319,8 @@ public class DisplayBySerial extends CMSServlet {
                 header.addBooleanValue("noCertImport", noCertImport);
 
             } catch (Exception e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString()));
             }
 
             IRevocationInfo revocationInfo = rec.getRevocationInfo();
@@ -347,8 +345,8 @@ public class DisplayBySerial extends CMSServlet {
 
             ICertPrettyPrint certDetails = CMS.getCertPrettyPrint(cert);
 
-            header.addStringValue("certPrettyPrint", 
-                certDetails.toString(locale));
+            header.addStringValue("certPrettyPrint",
+                    certDetails.toString(locale));
 
             /*
              String scheme = req.getScheme();
@@ -369,8 +367,8 @@ public class DisplayBySerial extends CMSServlet {
             try {
                 certFingerprints = CMS.getFingerPrints(cert);
             } catch (Exception e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString()));
             }
             if (certFingerprints.length() > 0)
                 header.addStringValue("certFingerprint", certFingerprints);
@@ -387,7 +385,8 @@ public class DisplayBySerial extends CMSServlet {
              (userAgent != null)? UserInfo.getUserAgent(userAgent): "";
              */
             // Now formulate a PKCS#7 blob
-            X509CertImpl[] certsInChain = new X509CertImpl[1];; 
+            X509CertImpl[] certsInChain = new X509CertImpl[1];
+            ;
             if (mCACerts != null) {
                 for (int i = 0; i < mCACerts.length; i++) {
                     if (cert.equals(mCACerts[i])) {
@@ -398,10 +397,10 @@ public class DisplayBySerial extends CMSServlet {
                     certsInChain = new X509CertImpl[mCACerts.length + 1];
                 }
             }
-			
+
             // Set the EE cert
             certsInChain[0] = cert;
-			
+
             // Set the Ca certificate chain
             if (mCACerts != null) {
                 for (int i = 0; i < mCACerts.length; i++) {
@@ -414,43 +413,43 @@ public class DisplayBySerial extends CMSServlet {
             String p7Str;
 
             try {
-                PKCS7 p7 = new PKCS7(new AlgorithmId[0], 
+                PKCS7 p7 = new PKCS7(new AlgorithmId[0],
                         new ContentInfo(new byte[0]),
                         certsInChain,
                         new SignerInfo[0]);
                 ByteArrayOutputStream bos = new ByteArrayOutputStream();
 
-                p7.encodeSignedData(bos,false);
+                p7.encodeSignedData(bos, false);
                 byte[] p7Bytes = bos.toByteArray();
 
-				p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes);
+                p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes);
                 header.addStringValue("pkcs7ChainBase64", p7Str);
             } catch (Exception e) {
                 //p7Str = "PKCS#7 B64 Encoding error - " + e.toString() 
                 //+ "; Please contact your administrator";
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); 
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString()));
                 throw new ECMSGWException(
                         CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7"));
             }
         } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString()));
             throw e;
         } catch (CertificateEncodingException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString()));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
         }
 
         return;
     }
-	
+
     private ICertRecord getCertRecord(BigInteger seq, String certtype[])
-        throws EBaseException {
+            throws EBaseException {
         ICertRecord rec = null;
-		
+
         try {
             rec = (ICertRecord) mCertDB.readCertificateRecord(seq);
             X509CertImpl x509cert = rec.getCertificate();
@@ -460,16 +459,16 @@ public class DisplayBySerial extends CMSServlet {
                 return rec;
             }
         } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
             throw e;
         }
-		
+
         return rec;
     }
 
     private BigInteger getSerialNumber(HttpServletRequest req)
-        throws NumberFormatException {
+            throws NumberFormatException {
         String serialNumString = req.getParameter("serialNumber");
 
         if (serialNumString != null) {
@@ -477,11 +476,10 @@ public class DisplayBySerial extends CMSServlet {
             if (serialNumString.startsWith("0x") || serialNumString.startsWith("0X")) {
                 return new BigInteger(serialNumString.substring(2), 16);
             } else {
-                return  new BigInteger(serialNumString);
+                return new BigInteger(serialNumString);
             }
-        } else {	
+        } else {
             throw new NumberFormatException();
-        }			
+        }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java
index 3a5f3f06..0f2cd413 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CRLException;
@@ -50,10 +49,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Decode the CRL and display it to the requester.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DisplayCRL extends CMSServlet {
@@ -80,7 +78,8 @@ public class DisplayCRL extends CMSServlet {
     /**
      * Initialize the servlet. This servlet uses the 'displayCRL.template' file to
      * to render the response to the client.
-	 * @param sc servlet configuration, read from the web.xml file
+     * 
+     * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
@@ -96,15 +95,15 @@ public class DisplayCRL extends CMSServlet {
     }
 
     /**
-	 * Process the HTTP request
+     * Process the HTTP request
      * <ul>
-     * <li>http.param  crlIssuingPoint number
-     * <li>http.param  crlDisplayType entireCRL or crlHeader or base64Encoded or deltaCRL
-     * <li>http.param  pageStart which page to start displaying from
-     * <li>http.param  pageSize number of entries to show per page
+     * <li>http.param crlIssuingPoint number
+     * <li>http.param crlDisplayType entireCRL or crlHeader or base64Encoded or deltaCRL
+     * <li>http.param pageStart which page to start displaying from
+     * <li>http.param pageSize number of entries to show per page
      * </ul>
+     * 
      * @param cmsReq the Request to service.
-
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
@@ -132,8 +131,8 @@ public class DisplayCRL extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, e.toString()));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
@@ -148,22 +147,22 @@ public class DisplayCRL extends CMSServlet {
         String crlIssuingPointId = req.getParameter("crlIssuingPoint");
 
         process(argSet, header, req, resp, crlIssuingPointId,
-            locale[0]);
+                locale[0]);
 
         try {
             ServletOutputStream out = resp.getOutputStream();
 
             String xmlOutput = req.getParameter("xml");
-			if (xmlOutput != null && xmlOutput.equals("true")) {
-			  outputXML(resp, argSet);
-			} else {
-			  resp.setContentType("text/html");
-			  form.renderOutput(out, argSet);
-			  cmsReq.setStatus(CMSRequest.SUCCESS);
-			}
+            if (xmlOutput != null && xmlOutput.equals("true")) {
+                outputXML(resp, argSet);
+            } else {
+                resp.setContentType("text/html");
+                form.renderOutput(out, argSet);
+                cmsReq.setStatus(CMSRequest.SUCCESS);
+            }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
     }
@@ -192,24 +191,25 @@ public class DisplayCRL extends CMSServlet {
             masterHost = CMS.getConfigStore().getString("master.ca.agent.host", "");
             masterPort = CMS.getConfigStore().getString("master.ca.agent.port", "");
             if (masterHost != null && masterHost.length() > 0 &&
-                masterPort != null && masterPort.length() > 0) {
+                    masterPort != null && masterPort.length() > 0) {
                 clonedCA = true;
                 ipNames = crlRepository.getIssuingPointsNames();
             }
         } catch (EBaseException e) {
         }
-            
+
         if (clonedCA) {
             if (crlIssuingPointId != null) {
                 if (ipNames != null && ipNames.size() > 0) {
                     int i;
                     for (i = 0; i < ipNames.size(); i++) {
-                        String ipName = (String)ipNames.elementAt(i);
+                        String ipName = (String) ipNames.elementAt(i);
                         if (crlIssuingPointId.equals(ipName)) {
                             break;
                         }
                     }
-                    if (i >= ipNames.size()) crlIssuingPointId = null;
+                    if (i >= ipNames.size())
+                        crlIssuingPointId = null;
                 } else {
                     crlIssuingPointId = null;
                 }
@@ -226,13 +226,14 @@ public class DisplayCRL extends CMSServlet {
                         isCRLCacheEnabled = ip.isCRLCacheEnabled();
                         break;
                     }
-                    if (!ips.hasMoreElements()) crlIssuingPointId = null;
+                    if (!ips.hasMoreElements())
+                        crlIssuingPointId = null;
                 }
             }
         }
         if (crlIssuingPointId == null) {
             header.addStringValue("error",
-                "Request to unspecified or non-existing CRL issuing point: "+ipId);
+                    "Request to unspecified or non-existing CRL issuing point: " + ipId);
             return;
         }
 
@@ -240,22 +241,23 @@ public class DisplayCRL extends CMSServlet {
 
         String crlDisplayType = req.getParameter("crlDisplayType");
 
-        if (crlDisplayType == null) crlDisplayType = "cachedCRL";
+        if (crlDisplayType == null)
+            crlDisplayType = "cachedCRL";
         header.addStringValue("crlDisplayType", crlDisplayType);
 
         try {
-            crlRecord = 
+            crlRecord =
                     (ICRLIssuingPointRecord) mCA.getCRLRepository().readCRLIssuingPointRecord(crlIssuingPointId);
         } catch (EBaseException e) {
             header.addStringValue("error", e.toString(locale));
             return;
         }
         if (crlRecord == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
-            header.addStringValue("error", 
-                new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
-            return; 
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
+            header.addStringValue("error",
+                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+            return;
         }
 
         header.addStringValue("crlIssuingPoint", crlIssuingPointId);
@@ -283,10 +285,10 @@ public class DisplayCRL extends CMSServlet {
             byte[] crlbytes = crlRecord.getCRL();
 
             if (crlbytes == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
-                header.addStringValue("error", 
-                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
+                header.addStringValue("error",
+                        new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
                 return;
             }
 
@@ -299,8 +301,8 @@ public class DisplayCRL extends CMSServlet {
 
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString()));
-                header.addStringValue("error", 
-                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
+                header.addStringValue("error",
+                        new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
             }
         }
 
@@ -320,24 +322,25 @@ public class DisplayCRL extends CMSServlet {
                     long lPageStart = new Long(pageStart).longValue();
                     long lPageSize = new Long(pageSize).longValue();
 
-                    if (lPageStart < 1) lPageStart = 1;
+                    if (lPageStart < 1)
+                        lPageStart = 1;
                     // if (lPageStart + lPageSize - lCRLSize > 1)
                     //     lPageStart = lCRLSize - lPageSize + 1;
 
                     header.addStringValue(
-                        "crlPrettyPrint", crlDetails.toString(locale,
-                            lCRLSize, lPageStart, lPageSize));
+                            "crlPrettyPrint", crlDetails.toString(locale,
+                                    lCRLSize, lPageStart, lPageSize));
                     header.addLongValue("pageStart", lPageStart);
                     header.addLongValue("pageSize", lPageSize);
                 } else {
                     header.addStringValue(
-                        "crlPrettyPrint", crlDetails.toString(locale));
+                            "crlPrettyPrint", crlDetails.toString(locale));
                 }
             } else if (crlDisplayType.equals("crlHeader")) {
                 ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl);
 
                 header.addStringValue(
-                    "crlPrettyPrint", crlDetails.toString(locale, lCRLSize, 0, 0));
+                        "crlPrettyPrint", crlDetails.toString(locale, lCRLSize, 0, 0));
             } else if (crlDisplayType.equals("base64Encoded")) {
                 try {
                     byte[] ba = crl.getEncoded();
@@ -377,14 +380,14 @@ public class DisplayCRL extends CMSServlet {
                 } catch (CRLException e) {
                 }
             } else if (crlDisplayType.equals("deltaCRL")) {
-                if ((clonedCA && crlRecord.getDeltaCRLSize() != null && 
-                     crlRecord.getDeltaCRLSize().longValue() > -1) ||
-                    (crlIP != null && crlIP.isDeltaCRLEnabled())) {
+                if ((clonedCA && crlRecord.getDeltaCRLSize() != null &&
+                        crlRecord.getDeltaCRLSize().longValue() > -1) ||
+                        (crlIP != null && crlIP.isDeltaCRLEnabled())) {
                     byte[] deltaCRLBytes = crlRecord.getDeltaCRL();
 
                     if (deltaCRLBytes == null) {
-                        log(ILogger.LL_FAILURE, 
-                            CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId));
+                        log(ILogger.LL_FAILURE,
+                                CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId));
                         header.addStringValue("error", "Delta CRL is not available");
                     } else {
                         X509CRLImpl deltaCRL = null;
@@ -393,23 +396,23 @@ public class DisplayCRL extends CMSServlet {
                             deltaCRL = new X509CRLImpl(deltaCRLBytes);
                         } catch (Exception e) {
                             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", e.toString()));
-                            header.addStringValue("error", 
-                              new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
+                            header.addStringValue("error",
+                                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
                         }
                         if (deltaCRL != null) {
                             BigInteger crlNumber = crlRecord.getCRLNumber();
                             BigInteger deltaNumber = crlRecord.getDeltaCRLNumber();
                             if ((clonedCA && crlNumber != null && deltaNumber != null &&
-                                 deltaNumber.compareTo(crlNumber) >= 0) ||
-                                (crlIP != null && crlIP.isThisCurrentDeltaCRL(deltaCRL))) {
+                                    deltaNumber.compareTo(crlNumber) >= 0) ||
+                                    (crlIP != null && crlIP.isThisCurrentDeltaCRL(deltaCRL))) {
 
                                 header.addIntegerValue("deltaCRLSize",
-                                    deltaCRL.getNumberOfRevokedCertificates());
+                                        deltaCRL.getNumberOfRevokedCertificates());
 
                                 ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(deltaCRL);
 
                                 header.addStringValue(
-                                    "crlPrettyPrint", crlDetails.toString(locale, 0, 0, 0));
+                                        "crlPrettyPrint", crlDetails.toString(locale, 0, 0, 0));
 
                                 try {
                                     byte[] ba = deltaCRL.getEncoded();
@@ -455,8 +458,8 @@ public class DisplayCRL extends CMSServlet {
                     }
                 } else {
                     header.addStringValue("error", "Delta CRL is not enabled for " +
-                        crlIssuingPointId +
-                        " issuing point");
+                            crlIssuingPointId +
+                            " issuing point");
                 }
             }
 
@@ -464,10 +467,10 @@ public class DisplayCRL extends CMSServlet {
             header.addStringValue("error", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId));
             header.addStringValue("crlPrettyPrint", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId));
         } else {
-            header.addStringValue("error", 
-                new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
-            header.addStringValue("crlPrettyPrint", 
-                new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
+            header.addStringValue("error",
+                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
+            header.addStringValue("crlPrettyPrint",
+                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
         }
         return;
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java
index 6efda2bb..9815ff68 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.util.Date;
 import java.util.Locale;
@@ -45,11 +44,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Servlet to report the status, ie, the agent-initiated user
  * enrollment is enabled or disabled.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DisplayHashUserEnroll extends CMSServlet {
@@ -90,7 +88,7 @@ public class DisplayHashUserEnroll extends CMSServlet {
      * Services the request
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
@@ -117,7 +115,7 @@ public class DisplayHashUserEnroll extends CMSServlet {
         if (!(mAuthority instanceof IRegistrationAuthority)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE"));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+                    CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -152,7 +150,7 @@ public class DisplayHashUserEnroll extends CMSServlet {
             printError(cmsReq, "2");
             cmsReq.setStatus(CMSRequest.SUCCESS);
             return;
-        }  
+        }
 
         mgr.setLastLogin(reqHost, currTime);
 
@@ -162,10 +160,10 @@ public class DisplayHashUserEnroll extends CMSServlet {
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -177,10 +175,10 @@ public class DisplayHashUserEnroll extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -188,7 +186,7 @@ public class DisplayHashUserEnroll extends CMSServlet {
     }
 
     private void printError(CMSRequest cmsReq, String errorCode)
-        throws EBaseException {
+            throws EBaseException {
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -208,9 +206,9 @@ public class DisplayHashUserEnroll extends CMSServlet {
             form = getTemplate(formPath, httpReq, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -223,10 +221,10 @@ public class DisplayHashUserEnroll extends CMSServlet {
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
 
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
index 3c562d65..66841e39 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -71,10 +70,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Revoke a Certificate
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DoRevoke extends CMSServlet {
@@ -98,12 +96,10 @@ public class DoRevoke extends CMSServlet {
     private final static String REVOKE = "revoke";
     private final static String ON_HOLD = "on-hold";
     private final static int ON_HOLD_REASON = 6;
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
 
     public DoRevoke() {
         super();
@@ -111,7 +107,8 @@ public class DoRevoke extends CMSServlet {
 
     /**
      * initialize the servlet. This servlet uses the template
-	 * file "revocationResult.template" to render the result
+     * file "revocationResult.template" to render the result
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -146,15 +143,18 @@ public class DoRevoke extends CMSServlet {
 
     /**
      * Serves HTTP request. The http parameters used by this request are as follows:
+     * 
      * <pre>
      * serialNumber Serial number of certificate to revoke (in HEX)
      * revocationReason Revocation reason (Described below)
      * totalRecordCount [number]
      * verifiedRecordCount [number]
      * invalidityDate [number of seconds in Jan 1,1970]
-     *
+     * 
      * </pre>
+     * 
      * revocationReason can be one of these values:
+     * 
      * <pre>
      * 0 = Unspecified   (default)
      * 1 = Key compromised
@@ -204,7 +204,7 @@ public class DoRevoke extends CMSServlet {
             if (req.getParameter("verifiedRecordCount") != null) {
                 verifiedRecordCount = Integer.parseInt(
                             req.getParameter(
-                                "verifiedRecordCount"));
+                                    "verifiedRecordCount"));
             }
             if (req.getParameter("invalidityDate") != null) {
                 long l = Long.parseLong(req.getParameter(
@@ -228,8 +228,8 @@ public class DoRevoke extends CMSServlet {
                     try {
                         user = (IUser) mUL.locateUser(new Certificates(certChain));
                     } catch (Exception e) {
-                        CMS.debug("DoRevoke:  Failed to map certificate '"+
-                                   cert2.getSubjectDN().getName()+"' to user.");
+                        CMS.debug("DoRevoke:  Failed to map certificate '" +
+                                   cert2.getSubjectDN().getName() + "' to user.");
                     }
                     if (mUG.isMemberOf(user, "Subsystem Group")) {
                         skipNonceVerification = true;
@@ -249,8 +249,8 @@ public class DoRevoke extends CMSServlet {
                 } else {
                     CMS.debug("DoRevoke:  Missing nonce");
                 }
-                CMS.debug("DoRevoke:  nonceVerified="+nonceVerified);
-                CMS.debug("DoRevoke:  skipNonceVerification="+skipNonceVerification);
+                CMS.debug("DoRevoke:  nonceVerified=" + nonceVerified);
+                CMS.debug("DoRevoke:  skipNonceVerification=" + skipNonceVerification);
                 if ((!nonceVerified) && (!skipNonceVerification)) {
                     cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
                     return;
@@ -275,25 +275,24 @@ public class DoRevoke extends CMSServlet {
                             mAuthzResourceName, "revoke");
             } catch (EAuthzAccessDenied e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             }
 
             if (authzToken == null) {
                 cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
                 return;
             }
- 
-            
+
             if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
                 if (authToken != null) {
 
                     String serialNumber = req.getParameter("serialNumber");
                     X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req);
 
-                    if (serialNumber != null)  {
+                    if (serialNumber != null) {
                         eeSerialNumber = serialNumber;
                     }
 
@@ -306,12 +305,12 @@ public class DoRevoke extends CMSServlet {
             } else {
                 // request is fromUser.
                 initiative = AuditFormat.FROMUSER;
-                
+
                 String serialNumber = req.getParameter("serialNumber");
                 X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req);
 
                 if (serialNumber == null || sslCert == null ||
-                    !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) {
+                        !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) {
                     authorized = false;
                 } else {
                     eeSubjectDN = sslCert.getSubjectDN().toString();
@@ -322,14 +321,14 @@ public class DoRevoke extends CMSServlet {
 
             if (authorized) {
                 process(argSet, header, reason, invalidityDate, initiative,
-                    req, resp, verifiedRecordCount, revokeAll,
-                    totalRecordCount, eeSerialNumber, eeSubjectDN,
-                    comments, locale[0]);
+                        req, resp, verifiedRecordCount, revokeAll,
+                        totalRecordCount, eeSerialNumber, eeSubjectDN,
+                        comments, locale[0]);
             }
 
         } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
             error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
         } catch (EBaseException e) {
             error = e;
@@ -353,11 +352,11 @@ public class DoRevoke extends CMSServlet {
             if (error == null && authorized) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else if (!authorized) {
                 cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
@@ -366,8 +365,8 @@ public class DoRevoke extends CMSServlet {
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
     }
@@ -375,58 +374,53 @@ public class DoRevoke extends CMSServlet {
     /**
      * Process cert status change request
      * <P>
-     *
-     * (Certificate Request - either an "agent" cert status change request,
-     *  or an "EE" cert status change request)
+     * 
+     * (Certificate Request - either an "agent" cert status change request, or an "EE" cert status change request)
      * <P>
-     *
-     * (Certificate Request Processed -  either an "agent" cert status change
-     *  request, or an "EE" cert status change request)
+     * 
+     * (Certificate Request Processed - either an "agent" cert status change request, or an "EE" cert status change request)
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
-     * a cert status change request (e. g. - "revocation") is made (before
-     * approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
-     * used when a certificate status is changed (revoked, expired, on-hold,
-     * off-hold)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (revoked, expired, on-hold, off-hold)
      * </ul>
+     * 
      * @param argSet CMS template parameters
      * @param header argument block
      * @param reason revocation reason (0 - Unspecified, 1 - Key compromised,
-     * 2 - CA key compromised; should not be used, 3 - Affiliation changed,
-     * 4 - Certificate superceded, 5 - Cessation of operation, or
-     * 6 - Certificate is on hold)
+     *            2 - CA key compromised; should not be used, 3 - Affiliation changed,
+     *            4 - Certificate superceded, 5 - Cessation of operation, or
+     *            6 - Certificate is on hold)
      * @param invalidityDate certificate validity date
      * @param initiative string containing the audit format
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param verifiedRecordCount number of verified records
      * @param revokeAll string containing information on all of the
-     * certificates to be revoked
+     *            certificates to be revoked
      * @param totalRecordCount total number of records (verified and unverified)
      * @param eeSerialNumber string containing the end-entity certificate
-     * serial number
+     *            serial number
      * @param eeSubjectDN string containing the end-entity certificate subject
-     * distinguished name (DN)
+     *            distinguished name (DN)
      * @param comments string containing certificate comments
      * @param locale the system locale
      * @exception EBaseException an error has occurred
      */
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        int reason, Date invalidityDate,
-        String initiative,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        int verifiedRecordCount,
-        String revokeAll,
-        int totalRecordCount,
-        String eeSerialNumber,
-        String eeSubjectDN,
-        String comments,
-        Locale locale) 
-        throws EBaseException {
+            int reason, Date invalidityDate,
+            String initiative,
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            int verifiedRecordCount,
+            String revokeAll,
+            int totalRecordCount,
+            String eeSerialNumber,
+            String eeSubjectDN,
+            String comments,
+            Locale locale)
+            throws EBaseException {
         boolean auditRequest = true;
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -436,7 +430,7 @@ public class DoRevoke extends CMSServlet {
         String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         String auditReasonNum = String.valueOf(reason);
 
-         CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + " auditSerialNumber: " + auditSerialNumber);
+        CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + " auditSerialNumber: " + auditSerialNumber);
         long startTime = CMS.getCurrentDate().getTime();
 
         try {
@@ -483,16 +477,16 @@ public class DoRevoke extends CMSServlet {
                         CMS.debug("DoRevoke: skipped revocation request for system certificate " + xcert.getSerialNumber());
                         continue;
                     }
-					
+
                     if (xcert != null) {
                         rarg.addStringValue("serialNumber",
-                            xcert.getSerialNumber().toString(16));
+                                xcert.getSerialNumber().toString(16));
 
                         if (eeSerialNumber != null &&
-                            (eeSerialNumber.equals(xcert.getSerialNumber().toString())) &&
-                            rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
+                                (eeSerialNumber.equals(xcert.getSerialNumber().toString())) &&
+                                rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
                             log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16)));
+                                    CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16)));
 
                             // store a message in the signed audit log file
                             auditMessage = CMS.getLogMessage(
@@ -508,19 +502,19 @@ public class DoRevoke extends CMSServlet {
                             throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"));
                         } else if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
                             rarg.addStringValue("error", "Certificate 0x" +
-                                xcert.getSerialNumber().toString(16) +
-                                " is already revoked.");
+                                    xcert.getSerialNumber().toString(16) +
+                                    " is already revoked.");
                         } else if (eeSubjectDN != null &&
-                            (!eeSubjectDN.equals(xcert.getSubjectDN().toString()))) {
+                                (!eeSubjectDN.equals(xcert.getSubjectDN().toString()))) {
                             rarg.addStringValue("error", "Certificate 0x" +
-                                xcert.getSerialNumber().toString(16) +
-                                " belongs to different subject.");
+                                    xcert.getSerialNumber().toString(16) +
+                                    " belongs to different subject.");
                         } else {
                             oldCertsV.addElement(xcert);
 
                             RevokedCertImpl revCertImpl =
-                                new RevokedCertImpl(xcert.getSerialNumber(),
-                                    CMS.getCurrentDate(), entryExtn);
+                                    new RevokedCertImpl(xcert.getSerialNumber(),
+                                            CMS.getCurrentDate(), entryExtn);
 
                             revCertImplsV.addElement(revCertImpl);
                             count++;
@@ -535,9 +529,7 @@ public class DoRevoke extends CMSServlet {
                 Vector<String> serialNumbers = new Vector<String>();
 
                 if (revokeAll != null && revokeAll.length() > 0) {
-                    for (int i = revokeAll.indexOf('=');
-                        i < revokeAll.length() && i > -1;
-                        i = revokeAll.indexOf('=', i)) {
+                    for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) {
                         if (i > -1) {
                             i++;
                             while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') {
@@ -564,29 +556,28 @@ public class DoRevoke extends CMSServlet {
                     for (int i = 0; i < certs.length; i++) {
                         boolean addToList = false;
 
-                        for (int j = 0; j < serialNumbers.size();
-                            j++) {
+                        for (int j = 0; j < serialNumbers.size(); j++) {
                             //xxxxx serial number in decimal? 
                             if (certs[i].getSerialNumber().toString().equals((String) serialNumbers.elementAt(j)) &&
-                                eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) {
+                                    eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) {
                                 addToList = true;
                                 break;
                             }
                         }
                         if (eeSerialNumber != null &&
-                            eeSerialNumber.equals(certs[i].getSerialNumber().toString())) {
+                                eeSerialNumber.equals(certs[i].getSerialNumber().toString())) {
                             authorized = true;
                         }
                         if (addToList) {
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addStringValue("serialNumber",
-                                certs[i].getSerialNumber().toString(16));
+                                    certs[i].getSerialNumber().toString(16));
                             oldCertsV.addElement(certs[i]);
 
                             RevokedCertImpl revCertImpl =
-                                new RevokedCertImpl(certs[i].getSerialNumber(),
-                                    CMS.getCurrentDate(), entryExtn);
+                                    new RevokedCertImpl(certs[i].getSerialNumber(),
+                                            CMS.getCurrentDate(), entryExtn);
 
                             revCertImplsV.addElement(revCertImpl);
                             count++;
@@ -596,7 +587,7 @@ public class DoRevoke extends CMSServlet {
                     }
                     if (!authorized) {
                         log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT"));
+                                CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT"));
 
                         // store a message in the signed audit log file
                         auditMessage = CMS.getLogMessage(
@@ -622,12 +613,12 @@ public class DoRevoke extends CMSServlet {
                         IArgBlock rarg = CMS.createArgBlock();
 
                         rarg.addStringValue("serialNumber",
-                            cert.getSerialNumber().toString(16));
+                                cert.getSerialNumber().toString(16));
                         oldCertsV.addElement(cert);
 
                         RevokedCertImpl revCertImpl =
-                            new RevokedCertImpl(cert.getSerialNumber(),
-                                CMS.getCurrentDate(), entryExtn);
+                                new RevokedCertImpl(cert.getSerialNumber(),
+                                        CMS.getCurrentDate(), entryExtn);
 
                         revCertImplsV.addElement(revCertImpl);
                         count++;
@@ -636,8 +627,8 @@ public class DoRevoke extends CMSServlet {
                     }
                 }
             }
-            if (count == 0) { 
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); 
+            if (count == 0) {
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
@@ -665,7 +656,7 @@ public class DoRevoke extends CMSServlet {
             }
 
             IRequest revReq =
-                mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+                    mQueue.newRequest(IRequest.REVOCATION_REQUEST);
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -680,7 +671,7 @@ public class DoRevoke extends CMSServlet {
 
             revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
             revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
-            if(initiative.equals(AuditFormat.FROMUSER))
+            if (initiative.equals(AuditFormat.FROMUSER))
                 revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE);
             else
                 revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
@@ -713,7 +704,7 @@ public class DoRevoke extends CMSServlet {
 
                 if (result.equals(IRequest.RES_ERROR)) {
                     String[] svcErrors =
-                        revReq.getExtDataInStringArray(IRequest.SVCERRORS);
+                            revReq.getExtDataInStringArray(IRequest.SVCERRORS);
 
                     if (svcErrors != null && svcErrors.length > 0) {
                         for (int i = 0; i < svcErrors.length; i++) {
@@ -727,18 +718,18 @@ public class DoRevoke extends CMSServlet {
 
                                         if (oldCerts[j] != null) {
                                             mLogger.log(ILogger.EV_AUDIT,
-                                                ILogger.S_OTHER,
-                                                AuditFormat.LEVEL,
-                                                AuditFormat.DOREVOKEFORMAT,
-                                                new Object[] {
-                                                    revReq.getRequestId(), 
-                                                    initiative,
-                                                    "completed with error: " +
-                                                    err,
-                                                    cert.getSubjectDN(),
-                                                    cert.getSerialNumber().toString(16),
-                                                    RevocationReason.fromInt(reason).toString()}
-                                            );
+                                                    ILogger.S_OTHER,
+                                                    AuditFormat.LEVEL,
+                                                    AuditFormat.DOREVOKEFORMAT,
+                                                    new Object[] {
+                                                            revReq.getRequestId(),
+                                                            initiative,
+                                                            "completed with error: " +
+                                                                    err,
+                                                            cert.getSubjectDN(),
+                                                            cert.getSerialNumber().toString(16),
+                                                            RevocationReason.fromInt(reason).toString() }
+                                                    );
                                         }
                                     }
                                 }
@@ -751,10 +742,10 @@ public class DoRevoke extends CMSServlet {
                     // "complete", "revoked", or "canceled"
                     if ((auditApprovalStatus.equals(
                                 RequestStatus.COMPLETE_STRING)) ||
-                        (auditApprovalStatus.equals(
-                                RequestStatus.REJECTED_STRING)) ||
-                        (auditApprovalStatus.equals(
-                                RequestStatus.CANCELED_STRING))) {
+                            (auditApprovalStatus.equals(
+                                    RequestStatus.REJECTED_STRING)) ||
+                            (auditApprovalStatus.equals(
+                                    RequestStatus.CANCELED_STRING))) {
                         auditMessage = CMS.getLogMessage(
                                     LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                     auditSubjectID,
@@ -768,7 +759,7 @@ public class DoRevoke extends CMSServlet {
                         audit(auditMessage);
                     }
 
-                    return; 
+                    return;
                 }
 
                 long endTime = CMS.getCurrentDate().getTime();
@@ -780,24 +771,24 @@ public class DoRevoke extends CMSServlet {
                             X509CertImpl cert = (X509CertImpl) oldCerts[j];
 
                             mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOREVOKEFORMAT,
-                                new Object[] {
-                                    revReq.getRequestId(), 
-                                    initiative,
-                                    "completed",
-                                    cert.getSubjectDN(),
-                                    cert.getSerialNumber().toString(16),
-                                    RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)}
-                            );
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.DOREVOKEFORMAT,
+                                    new Object[] {
+                                            revReq.getRequestId(),
+                                            initiative,
+                                            "completed",
+                                            cert.getSubjectDN(),
+                                            cert.getSerialNumber().toString(16),
+                                            RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime) }
+                                    );
                         }
                     }
                 }
 
                 header.addStringValue("revoked", "yes");
 
-                Integer updateCRLResult = 
-                    revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+                Integer updateCRLResult =
+                        revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
 
                 if (updateCRLResult != null) {
                     header.addStringValue("updateCRL", "yes");
@@ -806,15 +797,15 @@ public class DoRevoke extends CMSServlet {
                     } else {
                         header.addStringValue("updateCRLSuccess", "no");
                         String crlError =
-                            revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+                                revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
 
-                        if (crlError != null) 
-                            header.addStringValue("updateCRLError", 
-                                crlError);
+                        if (crlError != null)
+                            header.addStringValue("updateCRLError",
+                                    crlError);
                     }
                     // let known crl publishing status too.
                     Integer publishCRLResult =
-                        revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+                            revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
 
                     if (publishCRLResult != null) {
                         if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
@@ -822,23 +813,23 @@ public class DoRevoke extends CMSServlet {
                         } else {
                             header.addStringValue("publishCRLSuccess", "no");
                             String publError =
-                                revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                                    revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
-                            if (publError != null) 
-                                header.addStringValue("publishCRLError", 
-                                    publError);
+                            if (publError != null)
+                                header.addStringValue("publishCRLError",
+                                        publError);
                         }
                     }
                 }
 
                 if (mAuthority instanceof ICertificateAuthority) {
                     // let known update and publish status of all crls. 
-                    Enumeration<ICRLIssuingPoint> otherCRLs = 
-                        ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+                    Enumeration<ICRLIssuingPoint> otherCRLs =
+                            ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
 
                     while (otherCRLs.hasMoreElements()) {
                         ICRLIssuingPoint crl = (ICRLIssuingPoint)
-                            otherCRLs.nextElement();
+                                otherCRLs.nextElement();
                         String crlId = crl.getId();
 
                         if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -857,31 +848,31 @@ public class DoRevoke extends CMSServlet {
                                         updateStatusStr));
                                 header.addStringValue(updateStatusStr, "no");
                                 String error =
-                                    revReq.getExtDataInString(updateErrorStr);
+                                        revReq.getExtDataInString(updateErrorStr);
 
-                                if (error != null) 
+                                if (error != null)
                                     header.addStringValue(updateErrorStr,
-                                        error);
+                                            error);
                             }
                             String publishStatusStr = crl.getCrlPublishStatusStr();
                             Integer publishResult =
-                                revReq.getExtDataInInteger(publishStatusStr);
+                                    revReq.getExtDataInInteger(publishStatusStr);
 
-                            if (publishResult == null) 
+                            if (publishResult == null)
                                 continue;
                             if (publishResult.equals(IRequest.RES_SUCCESS)) {
                                 header.addStringValue(publishStatusStr, "yes");
                             } else {
-                                String publishErrorStr = 
-                                    crl.getCrlPublishErrorStr();
+                                String publishErrorStr =
+                                        crl.getCrlPublishErrorStr();
 
                                 header.addStringValue(publishStatusStr, "no");
                                 String error =
-                                    revReq.getExtDataInString(publishErrorStr);
+                                        revReq.getExtDataInString(publishErrorStr);
 
-                                if (error != null) 
+                                if (error != null)
                                     header.addStringValue(
-                                        publishErrorStr, error);
+                                            publishErrorStr, error);
                             }
                         }
                     }
@@ -889,8 +880,8 @@ public class DoRevoke extends CMSServlet {
 
                 if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
                     header.addStringValue("dirEnabled", "yes");
-                    Integer[] ldapPublishStatus = 
-                        revReq.getExtDataInIntegerArray("ldapPublishStatus");
+                    Integer[] ldapPublishStatus =
+                            revReq.getExtDataInIntegerArray("ldapPublishStatus");
                     int certsToUpdate = 0;
                     int certsUpdated = 0;
 
@@ -907,11 +898,11 @@ public class DoRevoke extends CMSServlet {
 
                     // add crl publishing status. 
                     String publError =
-                        revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                            revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
                     if (publError != null) {
                         header.addStringValue("crlPublishError",
-                            publError);
+                                publError);
                     }
                 } else {
                     header.addStringValue("dirEnabled", "no");
@@ -946,16 +937,16 @@ public class DoRevoke extends CMSServlet {
                             X509CertImpl cert = (X509CertImpl) oldCerts[j];
 
                             mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOREVOKEFORMAT,
-                                new Object[] {
-                                    revReq.getRequestId(), 
-                                    initiative,
-                                    stat.toString(),
-                                    cert.getSubjectDN(),
-                                    cert.getSerialNumber().toString(16),
-                                    RevocationReason.fromInt(reason).toString()}
-                            );
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.DOREVOKEFORMAT,
+                                    new Object[] {
+                                            revReq.getRequestId(),
+                                            initiative,
+                                            stat.toString(),
+                                            cert.getSubjectDN(),
+                                            cert.getSerialNumber().toString(16),
+                                            RevocationReason.fromInt(reason).toString() }
+                                    );
                         }
                     }
                 }
@@ -965,9 +956,8 @@ public class DoRevoke extends CMSServlet {
             // if and only if "auditApprovalStatus" is
             // "complete", "revoked", or "canceled"
             if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-                || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-                || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
-            ) {
+                    || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                    || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                 auditMessage = CMS.getLogMessage(
                             LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                             auditSubjectID,
@@ -1001,10 +991,10 @@ public class DoRevoke extends CMSServlet {
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(
                             RequestStatus.COMPLETE_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.REJECTED_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.CANCELED_STRING))) {
+                        (auditApprovalStatus.equals(
+                                RequestStatus.REJECTED_STRING)) ||
+                        (auditApprovalStatus.equals(
+                                RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                 auditSubjectID,
@@ -1042,10 +1032,10 @@ public class DoRevoke extends CMSServlet {
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(
                             RequestStatus.COMPLETE_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.REJECTED_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.CANCELED_STRING))) {
+                        (auditApprovalStatus.equals(
+                                RequestStatus.REJECTED_STRING)) ||
+                        (auditApprovalStatus.equals(
+                                RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                 auditSubjectID,
@@ -1062,8 +1052,8 @@ public class DoRevoke extends CMSServlet {
 
             throw e;
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
 
             if (auditRequest) {
                 // store a "CERT_STATUS_CHANGE_REQUEST" failure
@@ -1084,10 +1074,10 @@ public class DoRevoke extends CMSServlet {
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(
                             RequestStatus.COMPLETE_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.REJECTED_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.CANCELED_STRING))) {
+                        (auditApprovalStatus.equals(
+                                RequestStatus.REJECTED_STRING)) ||
+                        (auditApprovalStatus.equals(
+                                RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                 auditSubjectID,
@@ -1110,11 +1100,11 @@ public class DoRevoke extends CMSServlet {
 
     /**
      * Signed Audit Log Requester ID
-     *
+     * 
      * This method is called to obtain the "RequesterID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @param req HTTP request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -1140,11 +1130,11 @@ public class DoRevoke extends CMSServlet {
 
     /**
      * Signed Audit Log Serial Number
-     *
+     * 
      * This method is called to obtain the serial number of the certificate
      * whose status is to be changed for a signed audit log message.
      * <P>
-     *
+     * 
      * @param eeSerialNumber a string containing the un-normalized serialNumber
      * @return id string containing the signed audit log message RequesterID
      */
@@ -1163,30 +1153,30 @@ public class DoRevoke extends CMSServlet {
             // find out if the value is hex or decimal
 
             int value = -1;
-           
+
             //try int 
-            try { 
-                value = Integer.parseInt(serialNumber,10);
+            try {
+                value = Integer.parseInt(serialNumber, 10);
             } catch (NumberFormatException e) {
             }
- 
+
             //try hex
-            if( value == -1) {
+            if (value == -1) {
                 try {
-                    value = Integer.parseInt(serialNumber,16);
+                    value = Integer.parseInt(serialNumber, 16);
 
                 } catch (NumberFormatException e) {
                 }
             }
             // give up if it isn't hex or dec
-            if ( value == -1)   {
+            if (value == -1) {
                 throw new NumberFormatException();
             }
 
             // convert it to hexadecimal
             serialNumber = "0x"
                     + Integer.toHexString(
-                        value);
+                            value);
         } else {
             serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         }
@@ -1196,11 +1186,11 @@ public class DoRevoke extends CMSServlet {
 
     /**
      * Signed Audit Log Request Type
-     *
+     * 
      * This method is called to obtain the "Request Type" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @param reason an integer denoting the revocation reason
      * @return string containing REVOKE or ON_HOLD
      */
@@ -1222,4 +1212,3 @@ public class DoRevoke extends CMSServlet {
         return requestType;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
index 12093661..a9f26754 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.io.OutputStream;
 import java.util.Date;
@@ -63,10 +62,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Revoke a Certificate
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DoRevokeTPS extends CMSServlet {
@@ -89,12 +87,10 @@ public class DoRevokeTPS extends CMSServlet {
     private final static String REVOKE = "revoke";
     private final static String ON_HOLD = "on-hold";
     private final static int ON_HOLD_REASON = 6;
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
 
     public DoRevokeTPS() {
         super();
@@ -102,7 +98,8 @@ public class DoRevokeTPS extends CMSServlet {
 
     /**
      * initialize the servlet. This servlet uses the template
-	 * file "revocationResult.template" to render the result
+     * file "revocationResult.template" to render the result
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -132,15 +129,18 @@ public class DoRevokeTPS extends CMSServlet {
 
     /**
      * Serves HTTP request. The http parameters used by this request are as follows:
+     * 
      * <pre>
      * serialNumber Serial number of certificate to revoke (in HEX)
      * revocationReason Revocation reason (Described below)
      * totalRecordCount [number]
      * verifiedRecordCount [number]
      * invalidityDate [number of seconds in Jan 1,1970]
-     *
+     * 
      * </pre>
+     * 
      * revocationReason can be one of these values:
+     * 
      * <pre>
      * 0 = Unspecified   (default)
      * 1 = Key compromised
@@ -174,7 +174,7 @@ public class DoRevokeTPS extends CMSServlet {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         } catch (Exception e) {
-        CMS.debug("DoRevokeTPS getTemplate failed");
+            CMS.debug("DoRevokeTPS getTemplate failed");
             throw new EBaseException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
 
@@ -215,17 +215,17 @@ public class DoRevokeTPS extends CMSServlet {
                             mAuthzResourceName, "revoke");
             } catch (EAuthzAccessDenied e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             }
 
             if (authzToken == null) {
                 cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
                 return;
             }
-            
+
             if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
                 if (authToken != null) {
                     authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
@@ -242,11 +242,11 @@ public class DoRevokeTPS extends CMSServlet {
 
             if (authorized) {
                 process(argSet, header, reason, invalidityDate, initiative, req,
-                  resp, revokeAll, totalRecordCount, comments, locale[0]);
+                        resp, revokeAll, totalRecordCount, comments, locale[0]);
             }
         } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
             error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
         } catch (EBaseException e) {
             error = e;
@@ -260,10 +260,10 @@ public class DoRevokeTPS extends CMSServlet {
                 errorString = "error=unauthorized";
             } else if (error != null) {
                 o_status = "status=3";
-                errorString = "error="+error.toString();
+                errorString = "error=" + error.toString();
             }
 
-            String pp = o_status+"\n"+errorString;
+            String pp = o_status + "\n" + errorString;
             byte[] b = pp.getBytes();
             resp.setContentType("text/html");
             resp.setContentLength(b.length);
@@ -271,8 +271,8 @@ public class DoRevokeTPS extends CMSServlet {
             os.write(b);
             os.flush();
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
     }
@@ -280,50 +280,45 @@ public class DoRevokeTPS extends CMSServlet {
     /**
      * Process cert status change request
      * <P>
-     *
-     * (Certificate Request - either an "agent" cert status change request,
-     *  or an "EE" cert status change request)
+     * 
+     * (Certificate Request - either an "agent" cert status change request, or an "EE" cert status change request)
      * <P>
-     *
-     * (Certificate Request Processed -  either an "agent" cert status change
-     *  request, or an "EE" cert status change request)
+     * 
+     * (Certificate Request Processed - either an "agent" cert status change request, or an "EE" cert status change request)
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
-     * a cert status change request (e. g. - "revocation") is made (before
-     * approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
-     * used when a certificate status is changed (revoked, expired, on-hold,
-     * off-hold)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (revoked, expired, on-hold, off-hold)
      * </ul>
+     * 
      * @param argSet CMS template parameters
      * @param header argument block
      * @param reason revocation reason (0 - Unspecified, 1 - Key compromised,
-     * 2 - CA key compromised; should not be used, 3 - Affiliation changed,
-     * 4 - Certificate superceded, 5 - Cessation of operation, or
-     * 6 - Certificate is on hold)
+     *            2 - CA key compromised; should not be used, 3 - Affiliation changed,
+     *            4 - Certificate superceded, 5 - Cessation of operation, or
+     *            6 - Certificate is on hold)
      * @param invalidityDate certificate validity date
      * @param initiative string containing the audit format
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param revokeAll string containing information on all of the
-     * certificates to be revoked
+     *            certificates to be revoked
      * @param totalRecordCount total number of records (verified and unverified)
      * @param comments string containing certificate comments
      * @param locale the system locale
      * @exception EBaseException an error has occurred
      */
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        int reason, Date invalidityDate,
-        String initiative,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        String revokeAll,
-        int totalRecordCount,
-        String comments,
-        Locale locale) 
-        throws EBaseException {
+            int reason, Date invalidityDate,
+            String initiative,
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            String revokeAll,
+            int totalRecordCount,
+            String comments,
+            Locale locale)
+            throws EBaseException {
         boolean auditRequest = true;
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -333,11 +328,10 @@ public class DoRevokeTPS extends CMSServlet {
         String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         String auditReasonNum = String.valueOf(reason);
 
-
         if (revokeAll != null) {
-           CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll);
+            CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll);
 
-           String serial = "";
+            String serial = "";
             String[] tokens;
             tokens = revokeAll.split("=");
 
@@ -345,9 +339,9 @@ public class DoRevokeTPS extends CMSServlet {
                 serial = tokens[1];
                 //remove the trailing paren
                 if (serial.endsWith(")")) {
-                    serial = serial.substring(0,serial.length() -1);
+                    serial = serial.substring(0, serial.length() - 1);
                 }
-                auditSerialNumber = serial;    
+                auditSerialNumber = serial;
             }
         }
 
@@ -393,7 +387,7 @@ public class DoRevokeTPS extends CMSServlet {
                 }
                 X509CertImpl xcert = rec.getCertificate();
                 IArgBlock rarg = CMS.createArgBlock();
-					
+
                 // we do not want to revoke the CA certificate accidentially
                 if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) {
                     CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + xcert.getSerialNumber());
@@ -403,20 +397,20 @@ public class DoRevokeTPS extends CMSServlet {
 
                 if (xcert != null) {
                     rarg.addStringValue("serialNumber",
-                        xcert.getSerialNumber().toString(16));
+                            xcert.getSerialNumber().toString(16));
 
                     if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
                         alreadyRevokedCertFound = true;
-                        CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16) + " has been revoked.");
+                        CMS.debug("Certificate 0x" + xcert.getSerialNumber().toString(16) + " has been revoked.");
                     } else {
                         oldCertsV.addElement(xcert);
 
                         RevokedCertImpl revCertImpl =
-                            new RevokedCertImpl(xcert.getSerialNumber(),
-                                CMS.getCurrentDate(), entryExtn);
+                                new RevokedCertImpl(xcert.getSerialNumber(),
+                                        CMS.getCurrentDate(), entryExtn);
 
                         revCertImplsV.addElement(revCertImpl);
-                        CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16)+" is going to be revoked.");
+                        CMS.debug("Certificate 0x" + xcert.getSerialNumber().toString(16) + " is going to be revoked.");
                         count++;
                     }
                 } else {
@@ -424,27 +418,27 @@ public class DoRevokeTPS extends CMSServlet {
                 }
             }
 
-            if (count == 0) { 
+            if (count == 0) {
                 // Situation where no certs were reoked here, but some certs
                 // requested happened to be already revoked. Don't return error.
                 if (alreadyRevokedCertFound == true && badCertsRequested == false) {
-                     CMS.debug("Only have previously revoked certs in the list.");
-                     // store a message in the signed audit log file
-                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditRequesterID,
-                        auditSerialNumber,
-                        auditRequestType);
+                    CMS.debug("Only have previously revoked certs in the list.");
+                    // store a message in the signed audit log file
+                    auditMessage = CMS.getLogMessage(
+                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+                            auditSubjectID,
+                            ILogger.SUCCESS,
+                            auditRequesterID,
+                            auditSerialNumber,
+                            auditRequestType);
 
-                     audit(auditMessage);
-                     return; 
+                    audit(auditMessage);
+                    return;
                 }
- 
+
                 errorString = "error=No certificates are revoked.";
                 o_status = "status=2";
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); 
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
@@ -469,7 +463,7 @@ public class DoRevokeTPS extends CMSServlet {
             }
 
             IRequest revReq =
-                mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+                    mQueue.newRequest(IRequest.REVOCATION_REQUEST);
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -484,7 +478,7 @@ public class DoRevokeTPS extends CMSServlet {
 
             revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
             revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
-            if(initiative.equals(AuditFormat.FROMUSER)) {
+            if (initiative.equals(AuditFormat.FROMUSER)) {
                 revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE);
             } else {
                 revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
@@ -518,7 +512,7 @@ public class DoRevokeTPS extends CMSServlet {
 
                 if (result.equals(IRequest.RES_ERROR)) {
                     String[] svcErrors =
-                        revReq.getExtDataInStringArray(IRequest.SVCERRORS);
+                            revReq.getExtDataInStringArray(IRequest.SVCERRORS);
 
                     if (svcErrors != null && svcErrors.length > 0) {
                         for (int i = 0; i < svcErrors.length; i++) {
@@ -532,18 +526,18 @@ public class DoRevokeTPS extends CMSServlet {
 
                                         if (oldCerts[j] != null) {
                                             mLogger.log(ILogger.EV_AUDIT,
-                                                ILogger.S_OTHER,
-                                                AuditFormat.LEVEL,
-                                                AuditFormat.DOREVOKEFORMAT,
-                                                new Object[] {
-                                                    revReq.getRequestId(), 
-                                                    initiative,
-                                                    "completed with error: " +
-                                                    err,
-                                                    cert.getSubjectDN(),
-                                                    cert.getSerialNumber().toString(16),
-                                                    RevocationReason.fromInt(reason).toString()}
-                                            );
+                                                    ILogger.S_OTHER,
+                                                    AuditFormat.LEVEL,
+                                                    AuditFormat.DOREVOKEFORMAT,
+                                                    new Object[] {
+                                                            revReq.getRequestId(),
+                                                            initiative,
+                                                            "completed with error: " +
+                                                                    err,
+                                                            cert.getSubjectDN(),
+                                                            cert.getSerialNumber().toString(16),
+                                                            RevocationReason.fromInt(reason).toString() }
+                                                    );
                                         }
                                     }
                                 }
@@ -556,10 +550,10 @@ public class DoRevokeTPS extends CMSServlet {
                     // "complete", "revoked", or "canceled"
                     if ((auditApprovalStatus.equals(
                                 RequestStatus.COMPLETE_STRING)) ||
-                        (auditApprovalStatus.equals(
-                                RequestStatus.REJECTED_STRING)) ||
-                        (auditApprovalStatus.equals(
-                                RequestStatus.CANCELED_STRING))) {
+                            (auditApprovalStatus.equals(
+                                    RequestStatus.REJECTED_STRING)) ||
+                            (auditApprovalStatus.equals(
+                                    RequestStatus.CANCELED_STRING))) {
                         auditMessage = CMS.getLogMessage(
                                     LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                     auditSubjectID,
@@ -573,7 +567,7 @@ public class DoRevokeTPS extends CMSServlet {
                         audit(auditMessage);
                     }
 
-                    return; 
+                    return;
                 }
 
                 long endTime = CMS.getCurrentDate().getTime();
@@ -585,24 +579,24 @@ public class DoRevokeTPS extends CMSServlet {
                             X509CertImpl cert = (X509CertImpl) oldCerts[j];
 
                             mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOREVOKEFORMAT,
-                                new Object[] {
-                                    revReq.getRequestId(), 
-                                    initiative,
-                                    "completed",
-                                    cert.getSubjectDN(),
-                                    cert.getSerialNumber().toString(16),
-                                    RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)}
-                            );
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.DOREVOKEFORMAT,
+                                    new Object[] {
+                                            revReq.getRequestId(),
+                                            initiative,
+                                            "completed",
+                                            cert.getSubjectDN(),
+                                            cert.getSerialNumber().toString(16),
+                                            RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime) }
+                                    );
                         }
                     }
                 }
 
                 header.addStringValue("revoked", "yes");
 
-                Integer updateCRLResult = 
-                    revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+                Integer updateCRLResult =
+                        revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
 
                 if (updateCRLResult != null) {
                     if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) {
@@ -615,16 +609,16 @@ public class DoRevokeTPS extends CMSServlet {
                     }
                     // let known crl publishing status too.
                     Integer publishCRLResult =
-                        revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+                            revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
 
                     if (publishCRLResult != null) {
                         if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) {
                             String publError =
-                                revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                                    revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
                             o_status = "status=3";
                             if (publError != null) {
-                                errorString = "error="+publError;
+                                errorString = "error=" + publError;
                             }
                         }
                     }
@@ -632,12 +626,12 @@ public class DoRevokeTPS extends CMSServlet {
 
                 if (mAuthority instanceof ICertificateAuthority) {
                     // let known update and publish status of all crls. 
-                    Enumeration<ICRLIssuingPoint> otherCRLs = 
-                        ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+                    Enumeration<ICRLIssuingPoint> otherCRLs =
+                            ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
 
                     while (otherCRLs.hasMoreElements()) {
                         ICRLIssuingPoint crl = (ICRLIssuingPoint)
-                            otherCRLs.nextElement();
+                                otherCRLs.nextElement();
                         String crlId = crl.getId();
 
                         if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -652,25 +646,25 @@ public class DoRevokeTPS extends CMSServlet {
                                 CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
                                         updateStatusStr));
                                 String error =
-                                    revReq.getExtDataInString(updateErrorStr);
+                                        revReq.getExtDataInString(updateErrorStr);
 
                                 o_status = "status=3";
-                                if (error != null) { 
-                                    errorString = "error="+error;
+                                if (error != null) {
+                                    errorString = "error=" + error;
                                 }
                             }
                             String publishStatusStr = crl.getCrlPublishStatusStr();
                             Integer publishResult =
-                                revReq.getExtDataInInteger(publishStatusStr);
+                                    revReq.getExtDataInInteger(publishStatusStr);
 
-                            if (publishResult == null) 
+                            if (publishResult == null)
                                 continue;
                             if (!publishResult.equals(IRequest.RES_SUCCESS)) {
-                                String publishErrorStr = 
-                                    crl.getCrlPublishErrorStr();
+                                String publishErrorStr =
+                                        crl.getCrlPublishErrorStr();
 
                                 String error =
-                                    revReq.getExtDataInString(publishErrorStr);
+                                        revReq.getExtDataInString(publishErrorStr);
 
                                 o_status = "status=3";
                                 if (error != null) {
@@ -683,8 +677,8 @@ public class DoRevokeTPS extends CMSServlet {
 
                 if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
                     header.addStringValue("dirEnabled", "yes");
-                    Integer[] ldapPublishStatus = 
-                        revReq.getExtDataInIntegerArray("ldapPublishStatus");
+                    Integer[] ldapPublishStatus =
+                            revReq.getExtDataInIntegerArray("ldapPublishStatus");
                     int certsToUpdate = 0;
                     int certsUpdated = 0;
 
@@ -699,10 +693,10 @@ public class DoRevokeTPS extends CMSServlet {
 
                     // add crl publishing status. 
                     String publError =
-                        revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                            revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
                     if (publError != null) {
-                        errorString = "error="+publError;
+                        errorString = "error=" + publError;
                         o_status = "status=3";
                     }
                 } else if (mPublisherProcessor == null && mPublisherProcessor.ldapEnabled()) {
@@ -712,7 +706,7 @@ public class DoRevokeTPS extends CMSServlet {
             } else {
                 if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) {
                     o_status = "status=2";
-                    errorString = "error="+stat.toString();
+                    errorString = "error=" + stat.toString();
                 } else {
                     o_status = "status=2";
                     errorString = "error=Undefined request status";
@@ -743,16 +737,16 @@ public class DoRevokeTPS extends CMSServlet {
                             X509CertImpl cert = (X509CertImpl) oldCerts[j];
 
                             mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOREVOKEFORMAT,
-                                new Object[] {
-                                    revReq.getRequestId(), 
-                                    initiative,
-                                    stat.toString(),
-                                    cert.getSubjectDN(),
-                                    cert.getSerialNumber().toString(16),
-                                    RevocationReason.fromInt(reason).toString()}
-                            );
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.DOREVOKEFORMAT,
+                                    new Object[] {
+                                            revReq.getRequestId(),
+                                            initiative,
+                                            stat.toString(),
+                                            cert.getSubjectDN(),
+                                            cert.getSerialNumber().toString(16),
+                                            RevocationReason.fromInt(reason).toString() }
+                                    );
                         }
                     }
                 }
@@ -762,9 +756,8 @@ public class DoRevokeTPS extends CMSServlet {
             // if and only if "auditApprovalStatus" is
             // "complete", "revoked", or "canceled"
             if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-                || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-                || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
-            ) {
+                    || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                    || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                 auditMessage = CMS.getLogMessage(
                             LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                             auditSubjectID,
@@ -799,10 +792,10 @@ public class DoRevokeTPS extends CMSServlet {
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(
                             RequestStatus.COMPLETE_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.REJECTED_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.CANCELED_STRING))) {
+                        (auditApprovalStatus.equals(
+                                RequestStatus.REJECTED_STRING)) ||
+                        (auditApprovalStatus.equals(
+                                RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                 auditSubjectID,
@@ -819,8 +812,8 @@ public class DoRevokeTPS extends CMSServlet {
 
             throw e;
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
 
             if (auditRequest) {
                 // store a "CERT_STATUS_CHANGE_REQUEST" failure
@@ -841,10 +834,10 @@ public class DoRevokeTPS extends CMSServlet {
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(
                             RequestStatus.COMPLETE_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.REJECTED_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.CANCELED_STRING))) {
+                        (auditApprovalStatus.equals(
+                                RequestStatus.REJECTED_STRING)) ||
+                        (auditApprovalStatus.equals(
+                                RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                 auditSubjectID,
@@ -867,11 +860,11 @@ public class DoRevokeTPS extends CMSServlet {
 
     /**
      * Signed Audit Log Requester ID
-     *
+     * 
      * This method is called to obtain the "RequesterID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @param req HTTP request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -897,11 +890,11 @@ public class DoRevokeTPS extends CMSServlet {
 
     /**
      * Signed Audit Log Serial Number
-     *
+     * 
      * This method is called to obtain the serial number of the certificate
      * whose status is to be changed for a signed audit log message.
      * <P>
-     *
+     * 
      * @param eeSerialNumber a string containing the un-normalized serialNumber
      * @return id string containing the signed audit log message RequesterID
      */
@@ -920,7 +913,7 @@ public class DoRevokeTPS extends CMSServlet {
             // convert it to hexadecimal
             serialNumber = "0x"
                     + Integer.toHexString(
-                        Integer.valueOf(serialNumber).intValue());
+                            Integer.valueOf(serialNumber).intValue());
         } else {
             serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         }
@@ -930,11 +923,11 @@ public class DoRevokeTPS extends CMSServlet {
 
     /**
      * Signed Audit Log Request Type
-     *
+     * 
      * This method is called to obtain the "Request Type" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @param reason an integer denoting the revocation reason
      * @return string containing REVOKE or ON_HOLD
      */
@@ -956,4 +949,3 @@ public class DoRevokeTPS extends CMSServlet {
         return requestType;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
index e1791045..e5b3fe80 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Enumeration;
@@ -56,11 +55,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * 'Unrevoke' a certificate. (For certificates that are on-hold only,
  * take them off-hold)
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DoUnrevoke extends CMSServlet {
@@ -80,19 +78,18 @@ public class DoUnrevoke extends CMSServlet {
 
     private final static String OFF_HOLD = "off-hold";
     private final static int OFF_HOLD_REASON = 6;
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
-    
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+
     public DoUnrevoke() {
         super();
     }
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -112,14 +109,11 @@ public class DoUnrevoke extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
-     * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The
-	 *   certificate must be revoked with a revovcation reason 'on hold' for this
-	 *   operation to succeed. The serial number may be expressed as a hex number by
-	 *   prefixing '0x' to the serialNumber string
+     * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The certificate must be revoked with a revovcation reason 'on hold' for this operation to succeed. The serial number may be expressed as a hex number by prefixing '0x' to the serialNumber string
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -136,10 +130,10 @@ public class DoUnrevoke extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -152,17 +146,17 @@ public class DoUnrevoke extends CMSServlet {
             //for audit log.
             IAuthToken authToken = authenticate(cmsReq);
             String authMgr = AuditFormat.NOAUTH;
-        
+
             if (authToken != null) {
                 authMgr =
                         authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-            } else {    
-                CMS.debug( "DoUnrevoke::process() -  authToken is null!" );
+            } else {
+                CMS.debug("DoUnrevoke::process() -  authToken is null!");
                 return;
             }
             String agentID = authToken.getInString("userid");
             String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID
-                + " authenticated by " + authMgr;
+                    + " authenticated by " + authMgr;
 
             AuthzToken authzToken = null;
 
@@ -171,10 +165,10 @@ public class DoUnrevoke extends CMSServlet {
                             mAuthzResourceName, "unrevoke");
             } catch (EAuthzAccessDenied e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             }
 
             if (authzToken == null) {
@@ -186,7 +180,7 @@ public class DoUnrevoke extends CMSServlet {
 
         } catch (NumberFormatException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT"));
-            error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+            error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
         } catch (EBaseException e) {
             error = e;
         }
@@ -197,44 +191,39 @@ public class DoUnrevoke extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
-	
     /**
      * Process X509 cert status change request
      * <P>
-     *
-     * (Certificate Request - an "agent" cert status change request to take
-     *  a certificate off-hold)
+     * 
+     * (Certificate Request - an "agent" cert status change request to take a certificate off-hold)
      * <P>
-     *
-     * (Certificate Request Processed -  an "agent" cert status change request
-     *  to take a certificate off-hold)
+     * 
+     * (Certificate Request Processed - an "agent" cert status change request to take a certificate off-hold)
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
-     * a cert status change request (e. g. - "revocation") is made (before
-     * approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
-     * used when a certificate status is changed (taken off-hold)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (taken off-hold)
      * </ul>
+     * 
      * @param argSet CMS template parameters
      * @param header argument block
      * @param serialNumbers the serial number of the certificate
@@ -245,11 +234,11 @@ public class DoUnrevoke extends CMSServlet {
      * @exception EBaseException an error has occurred
      */
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        BigInteger[] serialNumbers,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        Locale locale, String initiative)
-        throws EBaseException {
+            BigInteger[] serialNumbers,
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            Locale locale, String initiative)
+            throws EBaseException {
         boolean auditRequest = true;
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -265,8 +254,9 @@ public class DoUnrevoke extends CMSServlet {
             // certs are for old cloning and they should be removed as soon as possible
             X509CertImpl[] certs = new X509CertImpl[serialNumbers.length];
             for (int i = 0; i < serialNumbers.length; i++) {
-                certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]);
-                if (snList.length() > 0) snList.append(", ");
+                certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]);
+                if (snList.length() > 0)
+                    snList.append(", ");
                 snList.append("0x");
                 snList.append(serialNumbers[i].toString(16));
             }
@@ -310,15 +300,15 @@ public class DoUnrevoke extends CMSServlet {
                     header.addStringValue("unrevoked", "yes");
                     if (certs[0] != null) {
                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOUNREVOKEFORMAT,
-                            new Object[] {
-                                unrevReq.getRequestId(),
-                                initiative,
-                                "completed",
-                                certs[0].getSubjectDN(),
-                                "0x" + serialNumbers[0].toString(16)}
-                        );
+                                AuditFormat.LEVEL,
+                                AuditFormat.DOUNREVOKEFORMAT,
+                                new Object[] {
+                                        unrevReq.getRequestId(),
+                                        initiative,
+                                        "completed",
+                                        certs[0].getSubjectDN(),
+                                        "0x" + serialNumbers[0].toString(16) }
+                                );
                     }
                 } else {
                     header.addStringValue("unrevoked", "no");
@@ -328,29 +318,29 @@ public class DoUnrevoke extends CMSServlet {
                         header.addStringValue("error", error);
                         if (certs[0] != null) {
                             mLogger.log(ILogger.EV_AUDIT,
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOUNREVOKEFORMAT,
-                                new Object[] {
-                                    unrevReq.getRequestId(),
-                                    initiative,
-                                    "completed with error: " +
-                                    error,
-                                    certs[0].getSubjectDN(),
-                                    "0x" + serialNumbers[0].toString(16)}
-                            );
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.DOUNREVOKEFORMAT,
+                                    new Object[] {
+                                            unrevReq.getRequestId(),
+                                            initiative,
+                                            "completed with error: " +
+                                                    error,
+                                            certs[0].getSubjectDN(),
+                                            "0x" + serialNumbers[0].toString(16) }
+                                    );
                         }
 
                         /****************************************************/
-                    
+
                         /* IMPORTANT:  In the event that the following      */
-                    
+
                         /*             "throw error;" statement is          */
-                    
+
                         /*             uncommented, uncomment the following */
-                    
+
                         /*             signed audit log message, also!!!    */
-                    
+
                         /****************************************************/
 
                         //                  // store a message in the signed audit log file
@@ -379,8 +369,8 @@ public class DoUnrevoke extends CMSServlet {
                     }
                 }
 
-                Integer updateCRLResult = 
-                    unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+                Integer updateCRLResult =
+                        unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
 
                 if (updateCRLResult != null) {
                     header.addStringValue("updateCRL", "yes");
@@ -389,15 +379,15 @@ public class DoUnrevoke extends CMSServlet {
                     } else {
                         header.addStringValue("updateCRLSuccess", "no");
                         String crlError =
-                            unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+                                unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
 
-                        if (crlError != null) 
-                            header.addStringValue("updateCRLError", 
-                                crlError);
+                        if (crlError != null)
+                            header.addStringValue("updateCRLError",
+                                    crlError);
                     }
                     // let known crl publishing status too.
-                    Integer publishCRLResult = 
-                        unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+                    Integer publishCRLResult =
+                            unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
 
                     if (publishCRLResult != null) {
                         if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
@@ -405,22 +395,22 @@ public class DoUnrevoke extends CMSServlet {
                         } else {
                             header.addStringValue("publishCRLSuccess", "no");
                             String publError =
-                                unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                                    unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
-                            if (publError != null) 
-                                header.addStringValue("publishCRLError", 
-                                    publError);
+                            if (publError != null)
+                                header.addStringValue("publishCRLError",
+                                        publError);
                         }
                     }
                 }
 
                 // let known update and publish status of all crls. 
-                Enumeration otherCRLs = 
-                    ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+                Enumeration otherCRLs =
+                        ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
 
                 while (otherCRLs.hasMoreElements()) {
                     ICRLIssuingPoint crl = (ICRLIssuingPoint)
-                        otherCRLs.nextElement();
+                            otherCRLs.nextElement();
                     String crlId = crl.getId();
 
                     if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -431,48 +421,48 @@ public class DoUnrevoke extends CMSServlet {
                     if (updateResult != null) {
                         if (updateResult.equals(IRequest.RES_SUCCESS)) {
                             CMS.debug("DoUnrevoke: adding header " +
-                                updateStatusStr + " yes ");
+                                    updateStatusStr + " yes ");
                             header.addStringValue(updateStatusStr, "yes");
                         } else {
                             String updateErrorStr = crl.getCrlUpdateErrorStr();
 
                             CMS.debug("DoUnrevoke: adding header " +
-                                updateStatusStr + " no ");
+                                    updateStatusStr + " no ");
                             header.addStringValue(updateStatusStr, "no");
                             String error =
-                                unrevReq.getExtDataInString(updateErrorStr);
+                                    unrevReq.getExtDataInString(updateErrorStr);
 
-                            if (error != null) 
+                            if (error != null)
                                 header.addStringValue(
-                                    updateErrorStr, error);
+                                        updateErrorStr, error);
                         }
                         String publishStatusStr = crl.getCrlPublishStatusStr();
                         Integer publishResult =
-                            unrevReq.getExtDataInInteger(publishStatusStr);
+                                unrevReq.getExtDataInInteger(publishStatusStr);
 
-                        if (publishResult == null) 
+                        if (publishResult == null)
                             continue;
                         if (publishResult.equals(IRequest.RES_SUCCESS)) {
                             header.addStringValue(publishStatusStr, "yes");
                         } else {
-                            String publishErrorStr = 
-                                crl.getCrlPublishErrorStr();
+                            String publishErrorStr =
+                                    crl.getCrlPublishErrorStr();
 
                             header.addStringValue(publishStatusStr, "no");
                             String error =
-                                unrevReq.getExtDataInString(publishErrorStr);
+                                    unrevReq.getExtDataInString(publishErrorStr);
 
-                            if (error != null) 
+                            if (error != null)
                                 header.addStringValue(
-                                    publishErrorStr, error);
+                                        publishErrorStr, error);
                         }
                     }
                 }
 
                 if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
                     header.addStringValue("dirEnabled", "yes");
-                    Integer[] ldapPublishStatus = 
-                        unrevReq.getExtDataInIntegerArray("ldapPublishStatus");
+                    Integer[] ldapPublishStatus =
+                            unrevReq.getExtDataInIntegerArray("ldapPublishStatus");
 
                     if (ldapPublishStatus != null) {
                         if (ldapPublishStatus[0] == IRequest.RES_SUCCESS) {
@@ -490,30 +480,30 @@ public class DoUnrevoke extends CMSServlet {
                 header.addStringValue("unrevoked", "pending");
                 if (certs[0] != null) {
                     mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                        AuditFormat.LEVEL,
-                        AuditFormat.DOUNREVOKEFORMAT,
-                        new Object[] {
-                            unrevReq.getRequestId(),
-                            initiative,
-                            "pending",
-                            certs[0].getSubjectDN(),
-                            "0x" + serialNumbers[0].toString(16)}
-                    );
+                            AuditFormat.LEVEL,
+                            AuditFormat.DOUNREVOKEFORMAT,
+                            new Object[] {
+                                    unrevReq.getRequestId(),
+                                    initiative,
+                                    "pending",
+                                    certs[0].getSubjectDN(),
+                                    "0x" + serialNumbers[0].toString(16) }
+                            );
                 }
             } else {
                 header.addStringValue("error", "Request Status.Error");
                 header.addStringValue("unrevoked", "no");
                 if (certs[0] != null) {
                     mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                        AuditFormat.LEVEL,
-                        AuditFormat.DOUNREVOKEFORMAT,
-                        new Object[] {
-                            unrevReq.getRequestId(),
-                            initiative,
-                            status.toString(),
-                            certs[0].getSubjectDN(),
-                            "0x" + serialNumbers[0].toString(16)}
-                    );
+                            AuditFormat.LEVEL,
+                            AuditFormat.DOUNREVOKEFORMAT,
+                            new Object[] {
+                                    unrevReq.getRequestId(),
+                                    initiative,
+                                    status.toString(),
+                                    certs[0].getSubjectDN(),
+                                    "0x" + serialNumbers[0].toString(16) }
+                            );
                 }
             }
 
@@ -521,9 +511,8 @@ public class DoUnrevoke extends CMSServlet {
             // if and only if "auditApprovalStatus" is
             // "complete", "revoked", or "canceled"
             if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-                || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-                || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
-            ) {
+                    || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                    || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                 auditMessage = CMS.getLogMessage(
                             LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                             auditSubjectID,
@@ -557,10 +546,10 @@ public class DoUnrevoke extends CMSServlet {
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(
                             RequestStatus.COMPLETE_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.REJECTED_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.CANCELED_STRING))) {
+                        (auditApprovalStatus.equals(
+                                RequestStatus.REJECTED_STRING)) ||
+                        (auditApprovalStatus.equals(
+                                RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                 auditSubjectID,
@@ -580,7 +569,7 @@ public class DoUnrevoke extends CMSServlet {
     }
 
     private BigInteger[] getSerialNumbers(HttpServletRequest req)
-        throws NumberFormatException {
+            throws NumberFormatException {
         String serialNumString = req.getParameter("serialNumber");
 
         StringTokenizer snList = new StringTokenizer(serialNumString, " ");
@@ -601,7 +590,7 @@ public class DoUnrevoke extends CMSServlet {
                 biList.addElement(bi);
             } else {
                 throw new NumberFormatException();
-            } 
+            }
         }
         if (biList.size() < 1) {
             throw new NumberFormatException();
@@ -617,11 +606,11 @@ public class DoUnrevoke extends CMSServlet {
 
     /**
      * Signed Audit Log Requester ID
-     *
+     * 
      * This method is called to obtain the "RequesterID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @param req HTTP request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -647,11 +636,11 @@ public class DoUnrevoke extends CMSServlet {
 
     /**
      * Signed Audit Log Serial Number
-     *
+     * 
      * This method is called to obtain the serial number of the certificate
      * whose status is to be changed for a signed audit log message.
      * <P>
-     *
+     * 
      * @param eeSerialNumber a string containing the un-normalized serialNumber
      * @return id string containing the signed audit log message RequesterID
      */
@@ -670,7 +659,7 @@ public class DoUnrevoke extends CMSServlet {
             // convert it to hexadecimal
             serialNumber = "0x"
                     + Integer.toHexString(
-                        Integer.valueOf(serialNumber).intValue());
+                            Integer.valueOf(serialNumber).intValue());
         } else {
             serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         }
@@ -678,4 +667,3 @@ public class DoUnrevoke extends CMSServlet {
         return serialNumber;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
index 8f46ee9c..65716c07 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.io.OutputStream;
 import java.math.BigInteger;
@@ -55,11 +54,10 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * 'Unrevoke' a certificate. (For certificates that are on-hold only,
  * take them off-hold)
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DoUnrevokeTPS extends CMSServlet {
@@ -81,19 +79,18 @@ public class DoUnrevokeTPS extends CMSServlet {
 
     private final static String OFF_HOLD = "off-hold";
     private final static int OFF_HOLD_REASON = 6;
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
-    
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+
     public DoUnrevokeTPS() {
         super();
     }
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -112,14 +109,11 @@ public class DoUnrevokeTPS extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
-     * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The
-	 *   certificate must be revoked with a revovcation reason 'on hold' for this
-	 *   operation to succeed. The serial number may be expressed as a hex number by
-	 *   prefixing '0x' to the serialNumber string
+     * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The certificate must be revoked with a revovcation reason 'on hold' for this operation to succeed. The serial number may be expressed as a hex number by prefixing '0x' to the serialNumber string
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -133,16 +127,16 @@ public class DoUnrevokeTPS extends CMSServlet {
 
         Locale[] locale = new Locale[1];
 
-/*
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-*/
+        /*
+                try {
+                    form = getTemplate(mFormPath, req, locale);
+                } catch (IOException e) {
+                    log(ILogger.LL_FAILURE, 
+                        CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+                    throw new ECMSGWException(
+                      CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                }
+        */
 
         try {
             serialNumbers = getSerialNumbers(req);
@@ -150,17 +144,17 @@ public class DoUnrevokeTPS extends CMSServlet {
             //for audit log.
             IAuthToken authToken = authenticate(cmsReq);
             String authMgr = AuditFormat.NOAUTH;
-        
+
             if (authToken != null) {
                 authMgr =
                         authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-            } else {    
-                CMS.debug( "DoUnrevokeTPS::process() -  authToken is null!" );
+            } else {
+                CMS.debug("DoUnrevokeTPS::process() -  authToken is null!");
                 return;
-            }    
+            }
             String agentID = authToken.getInString("userid");
             String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID
-                + " authenticated by " + authMgr;
+                    + " authenticated by " + authMgr;
 
             AuthzToken authzToken = null;
 
@@ -169,17 +163,17 @@ public class DoUnrevokeTPS extends CMSServlet {
                             mAuthzResourceName, "unrevoke");
             } catch (EAuthzAccessDenied e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             }
 
             if (authzToken == null) {
                 cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
                 o_status = "status=3";
                 errorString = "error=unauthorized";
-                String pp = o_status+"\n"+errorString;
+                String pp = o_status + "\n" + errorString;
                 byte[] b = pp.getBytes();
                 resp.setContentType("text/html");
                 resp.setContentLength(b.length);
@@ -192,7 +186,7 @@ public class DoUnrevokeTPS extends CMSServlet {
             process(serialNumbers, req, resp, locale[0], initiative);
         } catch (NumberFormatException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT"));
-            error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+            error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
         } catch (EBaseException e) {
             error = e;
         } catch (IOException e) {
@@ -206,10 +200,10 @@ public class DoUnrevokeTPS extends CMSServlet {
                 errorString = "error=";
             } else {
                 o_status = "status=3";
-                errorString = "error="+error.toString();
+                errorString = "error=" + error.toString();
             }
 
-            String pp = o_status+"\n"+errorString;
+            String pp = o_status + "\n" + errorString;
             byte[] b = pp.getBytes();
             resp.setContentType("text/html");
             resp.setContentLength(b.length);
@@ -217,33 +211,28 @@ public class DoUnrevokeTPS extends CMSServlet {
             os.write(b);
             os.flush();
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
-	
     /**
      * Process X509 cert status change request
      * <P>
-     *
-     * (Certificate Request - an "agent" cert status change request to take
-     *  a certificate off-hold)
+     * 
+     * (Certificate Request - an "agent" cert status change request to take a certificate off-hold)
      * <P>
-     *
-     * (Certificate Request Processed -  an "agent" cert status change request
-     *  to take a certificate off-hold)
+     * 
+     * (Certificate Request Processed - an "agent" cert status change request to take a certificate off-hold)
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
-     * a cert status change request (e. g. - "revocation") is made (before
-     * approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
-     * used when a certificate status is changed (taken off-hold)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when a cert status change request (e. g. - "revocation") is made (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a certificate status is changed (taken off-hold)
      * </ul>
+     * 
      * @param serialNumbers the serial number of the certificate
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
@@ -252,10 +241,10 @@ public class DoUnrevokeTPS extends CMSServlet {
      * @exception EBaseException an error has occurred
      */
     private void process(BigInteger[] serialNumbers,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        Locale locale, String initiative)
-        throws EBaseException {
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            Locale locale, String initiative)
+            throws EBaseException {
         boolean auditRequest = true;
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -271,8 +260,9 @@ public class DoUnrevokeTPS extends CMSServlet {
             // certs are for old cloning and they should be removed as soon as possible
             X509CertImpl[] certs = new X509CertImpl[serialNumbers.length];
             for (int i = 0; i < serialNumbers.length; i++) {
-                certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]);
-                if (snList.length() > 0) snList += ", ";
+                certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]);
+                if (snList.length() > 0)
+                    snList += ", ";
                 snList += "0x" + serialNumbers[i].toString(16);
             }
 
@@ -313,76 +303,76 @@ public class DoUnrevokeTPS extends CMSServlet {
                 if (result != null && result.equals(IRequest.RES_SUCCESS)) {
                     if (certs[0] != null) {
                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOUNREVOKEFORMAT,
-                            new Object[] {
-                                unrevReq.getRequestId(),
-                                initiative,
-                                "completed",
-                                certs[0].getSubjectDN(),
-                                "0x" + serialNumbers[0].toString(16)}
-                        );
+                                AuditFormat.LEVEL,
+                                AuditFormat.DOUNREVOKEFORMAT,
+                                new Object[] {
+                                        unrevReq.getRequestId(),
+                                        initiative,
+                                        "completed",
+                                        certs[0].getSubjectDN(),
+                                        "0x" + serialNumbers[0].toString(16) }
+                                );
                     }
                 } else {
                     String error = unrevReq.getExtDataInString(IRequest.ERROR);
 
                     if (error != null) {
                         o_status = "status=3";
-                        errorString = "error="+error;
+                        errorString = "error=" + error;
                         if (certs[0] != null) {
                             mLogger.log(ILogger.EV_AUDIT,
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOUNREVOKEFORMAT,
-                                new Object[] {
-                                    unrevReq.getRequestId(),
-                                    initiative,
-                                    "completed with error: " +
-                                    error,
-                                    certs[0].getSubjectDN(),
-                                    "0x" + serialNumbers[0].toString(16)}
-                            );
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.DOUNREVOKEFORMAT,
+                                    new Object[] {
+                                            unrevReq.getRequestId(),
+                                            initiative,
+                                            "completed with error: " +
+                                                    error,
+                                            certs[0].getSubjectDN(),
+                                            "0x" + serialNumbers[0].toString(16) }
+                                    );
                         }
                     }
                 }
 
-                Integer updateCRLResult = 
-                    unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+                Integer updateCRLResult =
+                        unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
 
                 if (updateCRLResult != null) {
                     if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) {
                         String crlError =
-                            unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+                                unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
 
                         if (crlError != null) {
                             o_status = "status=3";
-                            errorString = "error="+crlError;
+                            errorString = "error=" + crlError;
                         }
                     }
                     // let known crl publishing status too.
-                    Integer publishCRLResult = 
-                        unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+                    Integer publishCRLResult =
+                            unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
 
                     if (publishCRLResult != null) {
                         if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) {
                             String publError =
-                                unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                                    unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
                             if (publError != null) {
                                 o_status = "status=3";
-                                errorString = "error="+publError;
+                                errorString = "error=" + publError;
                             }
                         }
                     }
                 }
 
                 // let known update and publish status of all crls. 
-                Enumeration otherCRLs = 
-                    ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+                Enumeration otherCRLs =
+                        ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
 
                 while (otherCRLs.hasMoreElements()) {
                     ICRLIssuingPoint crl = (ICRLIssuingPoint)
-                        otherCRLs.nextElement();
+                            otherCRLs.nextElement();
                     String crlId = crl.getId();
 
                     if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -394,37 +384,37 @@ public class DoUnrevokeTPS extends CMSServlet {
                         if (!updateResult.equals(IRequest.RES_SUCCESS)) {
                             String updateErrorStr = crl.getCrlUpdateErrorStr();
                             String error =
-                                unrevReq.getExtDataInString(updateErrorStr);
+                                    unrevReq.getExtDataInString(updateErrorStr);
 
                             if (error != null) {
                                 o_status = "status=3";
-                                errorString = "error="+error;
+                                errorString = "error=" + error;
                             }
                         }
                         String publishStatusStr = crl.getCrlPublishStatusStr();
                         Integer publishResult =
-                            unrevReq.getExtDataInInteger(publishStatusStr);
+                                unrevReq.getExtDataInInteger(publishStatusStr);
 
-                        if (publishResult == null) 
+                        if (publishResult == null)
                             continue;
                         if (!publishResult.equals(IRequest.RES_SUCCESS)) {
-                            String publishErrorStr = 
-                                crl.getCrlPublishErrorStr();
+                            String publishErrorStr =
+                                    crl.getCrlPublishErrorStr();
 
                             String error =
-                                unrevReq.getExtDataInString(publishErrorStr);
+                                    unrevReq.getExtDataInString(publishErrorStr);
 
                             if (error != null) {
                                 o_status = "status=3";
-                                errorString = "error="+error;
+                                errorString = "error=" + error;
                             }
                         }
                     }
                 }
 
                 if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
-                    Integer[] ldapPublishStatus = 
-                        unrevReq.getExtDataInIntegerArray("ldapPublishStatus");
+                    Integer[] ldapPublishStatus =
+                            unrevReq.getExtDataInIntegerArray("ldapPublishStatus");
 
                     if (ldapPublishStatus != null) {
                         if (ldapPublishStatus[0] != IRequest.RES_SUCCESS) {
@@ -432,25 +422,25 @@ public class DoUnrevokeTPS extends CMSServlet {
                             errorString = "error=Problem in publishing to LDAP";
                         }
                     }
-                } else if (mPublisherProcessor == null || (! mPublisherProcessor.ldapEnabled())) {
+                } else if (mPublisherProcessor == null || (!mPublisherProcessor.ldapEnabled())) {
                     o_status = "status=3";
                     errorString = "error=LDAP Publisher not enabled";
                 }
 
             } else if (status == RequestStatus.PENDING) {
                 o_status = "status=2";
-                errorString = "error="+status.toString();
+                errorString = "error=" + status.toString();
                 if (certs[0] != null) {
                     mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                        AuditFormat.LEVEL,
-                        AuditFormat.DOUNREVOKEFORMAT,
-                        new Object[] {
-                            unrevReq.getRequestId(),
-                            initiative,
-                            "pending",
-                            certs[0].getSubjectDN(),
-                            "0x" + serialNumbers[0].toString(16)}
-                    );
+                            AuditFormat.LEVEL,
+                            AuditFormat.DOUNREVOKEFORMAT,
+                            new Object[] {
+                                    unrevReq.getRequestId(),
+                                    initiative,
+                                    "pending",
+                                    certs[0].getSubjectDN(),
+                                    "0x" + serialNumbers[0].toString(16) }
+                            );
                 }
             } else {
                 o_status = "status=2";
@@ -458,15 +448,15 @@ public class DoUnrevokeTPS extends CMSServlet {
 
                 if (certs[0] != null) {
                     mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                        AuditFormat.LEVEL,
-                        AuditFormat.DOUNREVOKEFORMAT,
-                        new Object[] {
-                            unrevReq.getRequestId(),
-                            initiative,
-                            status.toString(),
-                            certs[0].getSubjectDN(),
-                            "0x" + serialNumbers[0].toString(16)}
-                    );
+                            AuditFormat.LEVEL,
+                            AuditFormat.DOUNREVOKEFORMAT,
+                            new Object[] {
+                                    unrevReq.getRequestId(),
+                                    initiative,
+                                    status.toString(),
+                                    certs[0].getSubjectDN(),
+                                    "0x" + serialNumbers[0].toString(16) }
+                            );
                 }
             }
 
@@ -474,9 +464,8 @@ public class DoUnrevokeTPS extends CMSServlet {
             // if and only if "auditApprovalStatus" is
             // "complete", "revoked", or "canceled"
             if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-                || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-                || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
-            ) {
+                    || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                    || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                 auditMessage = CMS.getLogMessage(
                             LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                             auditSubjectID,
@@ -510,10 +499,10 @@ public class DoUnrevokeTPS extends CMSServlet {
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(
                             RequestStatus.COMPLETE_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.REJECTED_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.CANCELED_STRING))) {
+                        (auditApprovalStatus.equals(
+                                RequestStatus.REJECTED_STRING)) ||
+                        (auditApprovalStatus.equals(
+                                RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                 auditSubjectID,
@@ -533,7 +522,7 @@ public class DoUnrevokeTPS extends CMSServlet {
     }
 
     private BigInteger[] getSerialNumbers(HttpServletRequest req)
-        throws NumberFormatException {
+            throws NumberFormatException {
         String serialNumString = req.getParameter("serialNumber");
 
         StringTokenizer snList = new StringTokenizer(serialNumString, " ");
@@ -554,7 +543,7 @@ public class DoUnrevokeTPS extends CMSServlet {
                 biList.addElement(bi);
             } else {
                 throw new NumberFormatException();
-            } 
+            }
         }
         if (biList.size() < 1) {
             throw new NumberFormatException();
@@ -570,11 +559,11 @@ public class DoUnrevokeTPS extends CMSServlet {
 
     /**
      * Signed Audit Log Requester ID
-     *
+     * 
      * This method is called to obtain the "RequesterID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @param req HTTP request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -600,11 +589,11 @@ public class DoUnrevokeTPS extends CMSServlet {
 
     /**
      * Signed Audit Log Serial Number
-     *
+     * 
      * This method is called to obtain the serial number of the certificate
      * whose status is to be changed for a signed audit log message.
      * <P>
-     *
+     * 
      * @param eeSerialNumber a string containing the un-normalized serialNumber
      * @return id string containing the signed audit log message RequesterID
      */
@@ -623,7 +612,7 @@ public class DoUnrevokeTPS extends CMSServlet {
             // convert it to hexadecimal
             serialNumber = "0x"
                     + Integer.toHexString(
-                        Integer.valueOf(serialNumber).intValue());
+                            Integer.valueOf(serialNumber).intValue());
         } else {
             serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         }
@@ -631,4 +620,3 @@ public class DoUnrevokeTPS extends CMSServlet {
         return serialNumber;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java
index b1d89426..2a143b66 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.security.cert.X509Certificate;
 import java.util.Locale;
@@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * For Face-to-face enrollment, enable EE enrollment feature
- *
+ * 
  * @version $Revision$, $Date$
  * @see com.netscape.cms.servlet.cert.DisableEnrollResult
  */
@@ -88,7 +86,7 @@ public class EnableEnrollResult extends CMSServlet {
      * Services the request
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
@@ -119,7 +117,7 @@ public class EnableEnrollResult extends CMSServlet {
         if (!(mAuthority instanceof IRegistrationAuthority)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+                    CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -130,10 +128,10 @@ public class EnableEnrollResult extends CMSServlet {
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -162,7 +160,7 @@ public class EnableEnrollResult extends CMSServlet {
             String timeout = args.getValueAsString("timeout", "600");
 
             mgr.createEntry(host, dn, Long.parseLong(timeout) * 1000,
-                random.nextLong() + "", 0);
+                    random.nextLong() + "", 0);
             header.addStringValue("code", "0");
         }
 
@@ -173,10 +171,10 @@ public class EnableEnrollResult extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java
index 44d0c509..a717aa71 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CertificateEncodingException;
@@ -75,10 +74,9 @@ import com.netscape.cms.servlet.processors.KeyGenProcessor;
 import com.netscape.cms.servlet.processors.PKCS10Processor;
 import com.netscape.cms.servlet.processors.PKIProcessor;
 
-
 /**
  * Submit a Certificate Enrollment request
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EnrollServlet extends CMSServlet {
@@ -90,8 +88,7 @@ public class EnrollServlet extends CMSServlet {
     public final static String ADMIN_ENROLL_SERVLET_ID = "caadminEnroll";
 
     // enrollment templates.
-    public static final String 
-        ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template";
+    public static final String ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template";
 
     // http params 
     public static final String OLD_CERT_TYPE = "csrCertType";
@@ -116,8 +113,7 @@ public class EnrollServlet extends CMSServlet {
 
     private boolean mAuthTokenOverride = true;
     private String mEnrollSuccessTemplate = null;
-    private ICMSTemplateFiller 
-        mEnrollSuccessFiller = new ImportCertsTemplateFiller();
+    private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller();
 
     ICertificateAuthority mCa = null;
     ICertificateRepository mRepository = null;
@@ -126,55 +122,55 @@ public class EnrollServlet extends CMSServlet {
 
     private String auditServiceID = ILogger.UNIDENTIFIED;
     private final static String ADMIN_CA_ENROLLMENT_SERVLET =
-        "caadminEnroll";
+            "caadminEnroll";
     private final static String AGENT_CA_BULK_ENROLLMENT_SERVLET =
-        "cabulkissuance";
+            "cabulkissuance";
     private final static String AGENT_RA_BULK_ENROLLMENT_SERVLET =
-        "rabulkissuance";
+            "rabulkissuance";
     private final static String EE_CA_CERT_BASED_ENROLLMENT_SERVLET =
-        "cacertbasedenrollment";
+            "cacertbasedenrollment";
     private final static String EE_CA_ENROLLMENT_SERVLET =
-        "caenrollment";
+            "caenrollment";
     private final static String EE_RA_CERT_BASED_ENROLLMENT_SERVLET =
-        "racertbasedenrollment";
+            "racertbasedenrollment";
     private final static String EE_RA_ENROLLMENT_SERVLET =
-        "raenrollment";
+            "raenrollment";
     private final static byte EOL[] = { Character.LINE_SEPARATOR };
-    private final static String[]
-        SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
-            
-            /* 0 */ "automated non-profile cert request rejection:  "
+    private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
+
+    /* 0 */"automated non-profile cert request rejection:  "
             + "unable to render OLD_CERT_TYPE response",
-            
-            /* 1 */ "automated non-profile cert request rejection:  "
+
+    /* 1 */"automated non-profile cert request rejection:  "
             + "unable to complete handleEnrollAuditLog() method",
-            
-            /* 2 */ "automated non-profile cert request rejection:  "
+
+    /* 2 */"automated non-profile cert request rejection:  "
             + "unable to render success template",
-            
-            /* 3 */ "automated non-profile cert request rejection:  "
+
+    /* 3 */"automated non-profile cert request rejection:  "
             + "indeterminate reason for inability to process "
             + "cert request due to an EBaseException"
         };
-    private final static String
-        LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST =
-        "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
- 
+    private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST =
+            "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
+            "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+
     private static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----";
     private static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----";
-    
+
     public EnrollServlet() {
         super();
     }
 
     /**
-     * initialize the servlet.<p>
-	 * the following parameters are read from the servlet config:
-	 * <ul><li>CMSServlet.PROP_ID - ID for signed audit log messages
-	 *     <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file
+     * initialize the servlet.
+     * <p>
+     * the following parameters are read from the servlet config:
+     * <ul>
+     * <li>CMSServlet.PROP_ID - ID for signed audit log messages
+     * <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -185,8 +181,8 @@ public class EnrollServlet extends CMSServlet {
 
             try {
                 IConfigStore configStore = CMS.getConfigStore();
-                String PKI_Subsystem = configStore.getString( "subsystem.0.id",
-                                                              null );
+                String PKI_Subsystem = configStore.getString("subsystem.0.id",
+                                                              null);
 
                 // CMS 6.1 began utilizing the "Certificate Profiles" framework
                 // instead of the legacy "Certificate Policies" framework.
@@ -213,35 +209,35 @@ public class EnrollServlet extends CMSServlet {
                 //        The "EnrollServlet.java" servlet is NOT used by
                 //        the KRA.
                 //
-                if( PKI_Subsystem.trim().equalsIgnoreCase( "ca" ) ) {
+                if (PKI_Subsystem.trim().equalsIgnoreCase("ca")) {
                     String policyStatus = PKI_Subsystem.trim().toLowerCase()
                                         + "." + "Policy"
                                         + "." + IPolicyProcessor.PROP_ENABLE;
 
-                    if( configStore.getBoolean( policyStatus, true ) == true ) {
+                    if (configStore.getBoolean(policyStatus, true) == true) {
                         // NOTE:  If "<subsystem>.Policy.enable=<boolean>"
                         //        is missing, then the referenced instance
                         //        existed prior to this name=value pair
                         //        existing in its 'CS.cfg' file, and thus
                         //        we err on the side that the user may
                         //        still need to use the policy framework.
-                        CMS.debug( "EnrollServlet::init Certificate "
+                        CMS.debug("EnrollServlet::init Certificate "
                                  + "Policy Framework (deprecated) "
-                                 + "is ENABLED" );
+                                 + "is ENABLED");
                     } else {
                         // CS 8.1 Default:  <subsystem>.Policy.enable=false
-                        CMS.debug( "EnrollServlet::init Certificate "
+                        CMS.debug("EnrollServlet::init Certificate "
                                  + "Policy Framework (deprecated) "
-                                 + "is DISABLED" );
+                                 + "is DISABLED");
                         return;
                     }
                 }
-            } catch( EBaseException e ) {
-                throw new ServletException( "EnrollServlet::init - "
+            } catch (EBaseException e) {
+                throw new ServletException("EnrollServlet::init - "
                                           + "EBaseException:  "
                                           + "Unable to initialize "
                                           + "Certificate Policy Framework "
-                                          + "(deprecated)" );
+                                          + "(deprecated)");
             }
 
             // override success template to allow direct import of keygen certs.
@@ -254,18 +250,18 @@ public class EnrollServlet extends CMSServlet {
                 if (id != null) {
                     if (!(auditServiceID.equals(
                                 ADMIN_CA_ENROLLMENT_SERVLET))
-                        && !(auditServiceID.equals(
-                                AGENT_CA_BULK_ENROLLMENT_SERVLET))
-                        && !(auditServiceID.equals(
-                                AGENT_RA_BULK_ENROLLMENT_SERVLET))
-                        && !(auditServiceID.equals(
-                                EE_CA_CERT_BASED_ENROLLMENT_SERVLET))
-                        && !(auditServiceID.equals(
-                                EE_CA_ENROLLMENT_SERVLET))
-                        && !(auditServiceID.equals(
-                                EE_RA_CERT_BASED_ENROLLMENT_SERVLET))
-                        && !(auditServiceID.equals(
-                                EE_RA_ENROLLMENT_SERVLET))) {
+                            && !(auditServiceID.equals(
+                                    AGENT_CA_BULK_ENROLLMENT_SERVLET))
+                            && !(auditServiceID.equals(
+                                    AGENT_RA_BULK_ENROLLMENT_SERVLET))
+                            && !(auditServiceID.equals(
+                                    EE_CA_CERT_BASED_ENROLLMENT_SERVLET))
+                            && !(auditServiceID.equals(
+                                    EE_CA_ENROLLMENT_SERVLET))
+                            && !(auditServiceID.equals(
+                                    EE_RA_CERT_BASED_ENROLLMENT_SERVLET))
+                            && !(auditServiceID.equals(
+                                    EE_RA_ENROLLMENT_SERVLET))) {
                         auditServiceID = ILogger.UNIDENTIFIED;
                     } else {
                         auditServiceID = id.trim();
@@ -282,7 +278,7 @@ public class EnrollServlet extends CMSServlet {
                 if (fillername != null) {
                     ICMSTemplateFiller filler = newFillerObject(fillername);
 
-                    if (filler != null) 
+                    if (filler != null)
                         mEnrollSuccessFiller = filler;
                 }
 
@@ -292,9 +288,9 @@ public class EnrollServlet extends CMSServlet {
                 init_testbed_hack(mConfig);
             } catch (Exception e) {
                 // this should never happen. 
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR",
-                        e.toString(), mId));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR",
+                                e.toString(), mId));
             }
         } catch (ServletException eAudit1) {
             // rethrow caught exception
@@ -302,46 +298,43 @@ public class EnrollServlet extends CMSServlet {
         }
     }
 
-
-	/**
-	 * XXX (SHOULD CHANGE TO READ FROM Servletconfig)
-     *  Getter method to see if Proof of Posession checking is enabled. 
-	 * this value is set in the CMS.cfg filem with the parameter 
-	 * "enrollment.enforcePop". It defaults to false
-	 * @return true if user is required to Prove that they possess the 
-	 * private key corresponding to the public key in the certificate
-	 * request they are submitting 
-	 */
+    /**
+     * XXX (SHOULD CHANGE TO READ FROM Servletconfig)
+     * Getter method to see if Proof of Posession checking is enabled.
+     * this value is set in the CMS.cfg filem with the parameter
+     * "enrollment.enforcePop". It defaults to false
+     * 
+     * @return true if user is required to Prove that they possess the
+     *         private key corresponding to the public key in the certificate
+     *         request they are submitting
+     */
     public boolean getEnforcePop() {
         return enforcePop;
     }
 
     /**
-     * Process the HTTP request. 
-	 * <UL><LI>If the request is coming through the admin port, it is only
-	 * allowed to continue if 'admin enrollment' is enabled in the CMS.cfg file
-	 * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread is
-	 * renamed with more information about the current request ID
-	 * <LI>The request is preprocessed, then processed further in one
-	 * of the cert request processor classes: KeyGenProcessor, PKCS10Processor,
-	 * CMCProcessor, CRMFProcessor
-	 * </UL>
-     *
+     * Process the HTTP request.
+     * <UL>
+     * <LI>If the request is coming through the admin port, it is only allowed to continue if 'admin enrollment' is enabled in the CMS.cfg file
+     * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread is renamed with more information about the current request ID
+     * <LI>The request is preprocessed, then processed further in one of the cert request processor classes: KeyGenProcessor, PKCS10Processor, CMCProcessor, CRMFProcessor
+     * </UL>
+     * 
      * @param cmsReq the object holding the request and response information
      */
-    protected void process(CMSRequest cmsReq) 
-        throws EBaseException {
+    protected void process(CMSRequest cmsReq)
+            throws EBaseException {
         // SPECIAL CASE:
         // if it is adminEnroll servlet,check if it's enabled
         if (mId.equals(ADMIN_ENROLL_SERVLET_ID) &&
-            !CMSGateway.getEnableAdminEnroll()) {
-            log(ILogger.LL_SECURITY, 
-                CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP"));
+                !CMSGateway.getEnableAdminEnroll()) {
+            log(ILogger.LL_SECURITY,
+                    CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", "Attempt to access adminEnroll after already setup."));
+                    CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", "Attempt to access adminEnroll after already setup."));
         }
 
-        processX509(cmsReq); 
+        processX509(cmsReq);
     }
 
     private boolean getCertAuthEnrollStatus(IArgBlock httpParams) {
@@ -359,7 +352,7 @@ public class EnrollServlet extends CMSServlet {
         boolean certAuthEnroll = false;
 
         String certAuthEnrollOn =
-            httpParams.getValueAsString("certauthEnroll", null);
+                httpParams.getValueAsString("certauthEnroll", null);
 
         if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) {
             certAuthEnroll = true;
@@ -371,7 +364,7 @@ public class EnrollServlet extends CMSServlet {
     }
 
     private String getCertAuthEnrollType(IArgBlock httpParams, boolean certAuthEnroll)
-        throws EBaseException {
+            throws EBaseException {
 
         String certauthEnrollType = null;
 
@@ -387,53 +380,53 @@ public class EnrollServlet extends CMSServlet {
                     CMS.debug("EnrollServlet: certauthEnrollType is single");
                 } else {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType));
+                            CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
+                            CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
                 }
             } else {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
+                        CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
+                        CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
             }
         }
-               
+
         return certauthEnrollType;
-           
+
     }
 
     private boolean checkClientCertSigningOnly(X509Certificate sslClientCert)
-        throws EBaseException {
+            throws EBaseException {
         if ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
                 false) ||
-            ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
+                ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
                     true) &&
                 (CMS.isEncryptionCert((X509CertImpl) sslClientCert) ==
                     true))) {
 
             // either it's not a signing cert, or it's a dual cert
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
+                    CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
+                    CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
         }
 
         return true;
     }
-	
+
     private X509CertInfo[] handleCertAuthDual(X509CertInfo certInfo, IAuthToken authToken, X509Certificate sslClientCert,
-        ICertificateAuthority mCa, String certBasedOldSubjectDN,
-        BigInteger certBasedOldSerialNum)
-        throws EBaseException {
-      
+            ICertificateAuthority mCa, String certBasedOldSubjectDN,
+            BigInteger certBasedOldSerialNum)
+            throws EBaseException {
+
         CMS.debug("EnrollServlet: In handleCertAuthDual!");
- 
+
         if (mCa == null) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_NOT_A_CA"));
+                    CMS.getLogMessage("CMSGW_NOT_A_CA"));
             throw new ECMSGWException(
-                CMS.getUserMessage("CMS_GW_NOT_A_CA"));
+                    CMS.getUserMessage("CMS_GW_NOT_A_CA"));
         }
 
         // first, make sure the client cert is indeed a
@@ -456,20 +449,20 @@ public class EnrollServlet extends CMSServlet {
             certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", e.toString()));
+                    CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
         }
 
         String filter =
-            "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))";
+                "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))";
         ICertRecordList list =
-            (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10);
+                (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10);
         int size = list.getSize();
         Enumeration<ICertRecord> en = list.getCertRecords(0, size - 1);
         boolean gotEncCert = false;
@@ -482,8 +475,8 @@ public class EnrollServlet extends CMSServlet {
             // pairing encryption cert not found
         } else {
             X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo();
-            X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo,
-                    encCertInfo};
+            X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo,
+                    encCertInfo };
             int i = 1;
 
             boolean encCertFound = false;
@@ -494,7 +487,7 @@ public class EnrollServlet extends CMSServlet {
 
                 // if not encryption cert only, try next one
                 if ((CMS.isEncryptionCert(cert) == false) ||
-                    ((CMS.isEncryptionCert(cert) == true) &&
+                        ((CMS.isEncryptionCert(cert) == true) &&
                         (CMS.isSigningCert(cert) == true))) {
 
                     CMS.debug("EnrollServlet: Not encryption only cert, will try next one.");
@@ -508,27 +501,27 @@ public class EnrollServlet extends CMSServlet {
                 try {
                     encCertInfo = (X509CertInfo)
                             cert.get(
-                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                                    X509CertImpl.NAME + "." + X509CertImpl.INFO);
 
                 } catch (CertificateParsingException ex) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
+                            CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_MISSING_CERTINFO"));
+                            CMS.getUserMessage("CMS_GW_MISSING_CERTINFO"));
                 }
 
                 try {
                     encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
                 } catch (CertificateException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+                            CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+                            CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
                 } catch (IOException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+                            CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+                            CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
                 }
 
                 CMS.debug("EnrollServlet: About to fillCertInfoFromAuthToken!");
@@ -545,13 +538,13 @@ public class EnrollServlet extends CMSServlet {
 
             CMS.debug("EnrollServlet: returning cInfoArray of length " + cInfoArray.length);
             return cInfoArray;
-        }     
+        }
 
     }
 
     private boolean handleEnrollAuditLog(IRequest req, CMSRequest cmsReq, String authMgr, IAuthToken authToken,
-        X509CertInfo certInfo, long startTime)
-        throws EBaseException {
+            X509CertInfo certInfo, long startTime)
+            throws EBaseException {
         //for audit log
 
         String initiative = null;
@@ -563,7 +556,7 @@ public class EnrollServlet extends CMSServlet {
         } else {
             agentID = authToken.getInString("userid");
             initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
-        }      
+        }
 
         // if service not complete return standard templates.
         RequestStatus status = req.getRequestStatus();
@@ -584,54 +577,54 @@ public class EnrollServlet extends CMSServlet {
                             wholeMsg.append(msgs.nextElement());
                         }
                         mLogger.log(ILogger.EV_AUDIT,
-                            ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.ENROLLMENTFORMAT,
-                            new Object[] {
-                                req.getRequestId(),
-                                initiative,
-                                authMgr,
-                                status.toString(),
-                                certInfo.get(X509CertInfo.SUBJECT),
-                                " violation: " +
-                                wholeMsg.toString()}
-                        );
+                                ILogger.S_OTHER,
+                                AuditFormat.LEVEL,
+                                AuditFormat.ENROLLMENTFORMAT,
+                                new Object[] {
+                                        req.getRequestId(),
+                                        initiative,
+                                        authMgr,
+                                        status.toString(),
+                                        certInfo.get(X509CertInfo.SUBJECT),
+                                        " violation: " +
+                                                wholeMsg.toString() }
+                                );
                     } else { // no policy violation, from agent
                         mLogger.log(ILogger.EV_AUDIT,
-                            ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.ENROLLMENTFORMAT,
-                            new Object[] {
-                                req.getRequestId(),
-                                initiative,
-                                authMgr,
-                                status.toString(),
-                                certInfo.get(X509CertInfo.SUBJECT), ""}
-                        );
+                                ILogger.S_OTHER,
+                                AuditFormat.LEVEL,
+                                AuditFormat.ENROLLMENTFORMAT,
+                                new Object[] {
+                                        req.getRequestId(),
+                                        initiative,
+                                        authMgr,
+                                        status.toString(),
+                                        certInfo.get(X509CertInfo.SUBJECT), "" }
+                                );
                     }
                 } else { // other imcomplete status
                     long endTime = CMS.getCurrentDate().getTime();
 
                     mLogger.log(ILogger.EV_AUDIT,
-                        ILogger.S_OTHER,
-                        AuditFormat.LEVEL,
-                        AuditFormat.ENROLLMENTFORMAT,
-                        new Object[] {
-                            req.getRequestId(),
-                            initiative,
-                            authMgr,
-                            status.toString(),
-                            certInfo.get(X509CertInfo.SUBJECT) + " time: " + (endTime - startTime), ""}
-                    );
+                            ILogger.S_OTHER,
+                            AuditFormat.LEVEL,
+                            AuditFormat.ENROLLMENTFORMAT,
+                            new Object[] {
+                                    req.getRequestId(),
+                                    initiative,
+                                    authMgr,
+                                    status.toString(),
+                                    certInfo.get(X509CertInfo.SUBJECT) + " time: " + (endTime - startTime), "" }
+                            );
                 }
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
-                        e.toString()));
+                        CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+                                e.toString()));
             } catch (CertificateException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
-                        e.toString()));
+                        CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+                                e.toString()));
             }
             return false;
         }
@@ -643,7 +636,7 @@ public class EnrollServlet extends CMSServlet {
             cmsReq.setStatus(CMSRequest.ERROR);
             cmsReq.setError(req.getExtDataInString(IRequest.ERROR));
             String[] svcErrors =
-                req.getExtDataInStringArray(IRequest.SVCERRORS);
+                    req.getExtDataInStringArray(IRequest.SVCERRORS);
 
             if (svcErrors != null && svcErrors.length > 0) {
                 for (int i = 0; i < svcErrors.length; i++) {
@@ -657,26 +650,26 @@ public class EnrollServlet extends CMSServlet {
                         // audit log the error
                         try {
                             mLogger.log(ILogger.EV_AUDIT,
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.ENROLLMENTFORMAT,
-                                new Object[] {
-                                    req.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "completed with error: " +
-                                    err,
-                                    certInfo.get(X509CertInfo.SUBJECT), ""
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.ENROLLMENTFORMAT,
+                                    new Object[] {
+                                            req.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "completed with error: " +
+                                                    err,
+                                            certInfo.get(X509CertInfo.SUBJECT), ""
                                 }
-                            );
+                                    );
                         } catch (IOException e) {
                             log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
-                                    e.toString()));
+                                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+                                            e.toString()));
                         } catch (CertificateException e) {
                             log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
-                                    e.toString()));
+                                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+                                            e.toString()));
                         }
 
                     }
@@ -693,29 +686,23 @@ public class EnrollServlet extends CMSServlet {
     /**
      * Process X509 certificate enrollment request
      * <P>
-     *
-     * (Certificate Request - either an "admin" cert request for an admin
-     *  certificate, an "agent" cert request for "bulk enrollment", or
-     *  an "EE" standard cert request)
+     * 
+     * (Certificate Request - either an "admin" cert request for an admin certificate, an "agent" cert request for "bulk enrollment", or an "EE" standard cert request)
      * <P>
-     *
-     * (Certificate Request Processed - either an automated "admin" non-profile
-     *  based CA admin cert acceptance, an automated "admin" non-profile based
-     *  CA admin cert rejection, an automated "EE" non-profile based cert
-     *  acceptance, or an automated "EE" non-profile based cert rejection)
+     * 
+     * (Certificate Request Processed - either an automated "admin" non-profile based CA admin cert acceptance, an automated "admin" non-profile based CA admin cert rejection, an automated "EE" non-profile based cert acceptance, or an automated "EE" non-profile based cert rejection)
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a
-     * non-profile cert request is made (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
-     * certificate request has just been through the approval process
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a non-profile cert request is made (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
      * </ul>
+     * 
      * @param cmsReq a certificate enrollment request
      * @exception EBaseException an error has occurred
      */
-    protected void processX509(CMSRequest cmsReq) 
-        throws EBaseException {
+    protected void processX509(CMSRequest cmsReq)
+            throws EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditRequesterID = ILogger.UNIDENTIFIED;
@@ -733,7 +720,7 @@ public class EnrollServlet extends CMSServlet {
 
         IConfigStore configStore = CMS.getConfigStore();
 
-		/* XXX shouldn't we read this from ServletConfig at init time? */
+        /* XXX shouldn't we read this from ServletConfig at init time? */
         enforcePop = configStore.getBoolean("enrollment.enforcePop", false);
         CMS.debug("EnrollServlet: enforcePop " + enforcePop);
 
@@ -743,7 +730,7 @@ public class EnrollServlet extends CMSServlet {
             startTime = CMS.getCurrentDate().getTime();
             httpParams = cmsReq.getHttpParams();
             httpReq = cmsReq.getHttpReq();
-            if (mAuthMgr != null) { 
+            if (mAuthMgr != null) {
                 authToken = authenticate(cmsReq);
             }
 
@@ -752,10 +739,10 @@ public class EnrollServlet extends CMSServlet {
                             mAuthzResourceName, "submit");
             } catch (EAuthzAccessDenied e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             }
 
             if (authzToken == null) {
@@ -791,14 +778,14 @@ public class EnrollServlet extends CMSServlet {
             }
 
             try {
-                if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) { 
-                    String currentName = Thread.currentThread().getName(); 
+                if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) {
+                    String currentName = Thread.currentThread().getName();
 
                     Thread.currentThread().setName(currentName
-                        + "-request-"
-                        + req.getRequestId().toString()
-                        + "-"
-                        + (new Date()).getTime());
+                            + "-request-"
+                            + req.getRequestId().toString()
+                            + "-"
+                            + (new Date()).getTime());
                 }
             } catch (Exception e) {
             }
@@ -844,7 +831,7 @@ public class EnrollServlet extends CMSServlet {
             CMS.debug("EnrollServlet: In EnrollServlet.processX509!");
             CMS.debug("EnrollServlet: certAuthEnroll " + certAuthEnroll);
             CMS.debug("EnrollServlet: certauthEnrollType " + certauthEnrollType);
-            
+
             String challengePassword = httpParams.getValueAsString(
                     "challengePassword", "");
 
@@ -865,7 +852,7 @@ public class EnrollServlet extends CMSServlet {
                 sslClientCert = getSSLClientCertificate(httpReq);
                 if (sslClientCert == null) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT"));
+                            CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT"));
 
                     // store a message in the signed audit log file
                     // (either an "admin" cert request for an admin certificate,
@@ -882,7 +869,7 @@ public class EnrollServlet extends CMSServlet {
                     audit(auditMessage);
 
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
+                            CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
                 }
 
                 certBasedOldSubjectDN = (String)
@@ -904,10 +891,10 @@ public class EnrollServlet extends CMSServlet {
                 try {
                     certInfo = (X509CertInfo)
                             ((X509CertImpl) sslClientCert).get(
-                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                                    X509CertImpl.NAME + "." + X509CertImpl.INFO);
                 } catch (CertificateParsingException ex) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_MISSING_CERTINFO"));
+                            CMS.getLogMessage("CMSGW_MISSING_CERTINFO"));
 
                     // store a message in the signed audit log file
                     // (either an "admin" cert request for an admin certificate,
@@ -924,14 +911,14 @@ public class EnrollServlet extends CMSServlet {
                     audit(auditMessage);
 
                     throw new ECMSGWException(
-                      CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
+                            CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
                 }
             } else {
                 CMS.debug("EnrollServlet: No CertAuthEnroll.");
                 certInfo = CMS.getDefaultX509CertInfo();
             }
 
-            X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo};
+            X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo };
 
             X509CertInfo authCertInfo = null;
             String authMgr = AuditFormat.NOAUTH;
@@ -943,12 +930,12 @@ public class EnrollServlet extends CMSServlet {
                 // don't store agent token in request. 
                 // agent currently used for bulk issuance. 
                 // if (!authMgr.equals(AuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
-                log(ILogger.LL_INFO, 
-                    "Enrollment request was authenticated by " +
-                    authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
+                log(ILogger.LL_INFO,
+                        "Enrollment request was authenticated by " +
+                                authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
 
                 PKIProcessor.fillCertInfoFromAuthToken(certInfo,
-                    authToken);
+                        authToken);
                 // save authtoken attrs to request directly
                 // (for policy use)
                 saveAuthToken(authToken, req);
@@ -964,8 +951,8 @@ public class EnrollServlet extends CMSServlet {
                 //     "from ssl client cert");
                 if (authToken == null) {
                     // authToken is null, can't match to anyone; bail!
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH"));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH"));
 
                     // store a message in the signed audit log file
                     // (either an "admin" cert request for an admin certificate,
@@ -1039,24 +1026,23 @@ public class EnrollServlet extends CMSServlet {
                     ex.printStackTrace();
                 }
             }
-            
+
             String cmc = null;
             String asciiBASE64Blob = httpParams.getValueAsString(CMC_REQUEST, null);
-            
-            if(asciiBASE64Blob!=null)
-            {
-            int startIndex = asciiBASE64Blob.indexOf(HEADER);
-            int endIndex = asciiBASE64Blob.indexOf(TRAILER);
-            if (startIndex!= -1 && endIndex!=-1) {
-                startIndex = startIndex + HEADER.length();
-                cmc=asciiBASE64Blob.substring(startIndex, endIndex);
-            }else
-                cmc = asciiBASE64Blob;
-            CMS.debug("EnrollServlet: cmc " + cmc);
+
+            if (asciiBASE64Blob != null) {
+                int startIndex = asciiBASE64Blob.indexOf(HEADER);
+                int endIndex = asciiBASE64Blob.indexOf(TRAILER);
+                if (startIndex != -1 && endIndex != -1) {
+                    startIndex = startIndex + HEADER.length();
+                    cmc = asciiBASE64Blob.substring(startIndex, endIndex);
+                } else
+                    cmc = asciiBASE64Blob;
+                CMS.debug("EnrollServlet: cmc " + cmc);
             }
-            
+
             String crmf = httpParams.getValueAsString(CRMF_REQUEST, null);
-            
+
             CMS.debug("EnrollServlet: crmf " + crmf);
 
             if (certAuthEnroll == true) {
@@ -1066,7 +1052,7 @@ public class EnrollServlet extends CMSServlet {
                 // for dual certs
                 if (certauthEnrollType.equals(CERT_AUTH_DUAL)) {
 
-                    CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL"); 
+                    CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL");
                     boolean gotEncCert = false;
                     X509CertInfo[] cInfoArray = null;
 
@@ -1103,8 +1089,8 @@ public class EnrollServlet extends CMSServlet {
                     if (gotEncCert == false) {
                         // encryption cert not found, bail
                         log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage(
-                                "CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
+                                CMS.getLogMessage(
+                                        "CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
 
                         // store a message in the signed audit log file
                         // (either an "admin" cert request for an admin
@@ -1121,7 +1107,7 @@ public class EnrollServlet extends CMSServlet {
                         audit(auditMessage);
 
                         throw new ECMSGWException(
-                          CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
+                                CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
                     }
 
                 } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) {
@@ -1158,12 +1144,12 @@ public class EnrollServlet extends CMSServlet {
                                 this);
 
                         keyGenProc.fillCertInfo(null, certInfo,
-                            authToken, httpParams);
+                                authToken, httpParams);
 
                         req.setExtData(CLIENT_ISSUER,
-                            sslClientCert.getIssuerDN().toString());
+                                sslClientCert.getIssuerDN().toString());
                         CMS.debug("EnrollServlet: sslClientCert issuerDN = " +
-                            sslClientCert.getIssuerDN().toString());
+                                sslClientCert.getIssuerDN().toString());
                     } else if (crmf != null && crmf != "") {
                         CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop);
 
@@ -1173,13 +1159,13 @@ public class EnrollServlet extends CMSServlet {
                                     req);
 
                         req.setExtData(CLIENT_ISSUER,
-                            sslClientCert.getIssuerDN().toString());
+                                sslClientCert.getIssuerDN().toString());
                         CMS.debug("EnrollServlet: sslClientCert issuerDN = " +
-                            sslClientCert.getIssuerDN().toString());
+                                sslClientCert.getIssuerDN().toString());
                     } else {
-                        log(ILogger.LL_FAILURE, 
-                            CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
-                            CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+                        log(ILogger.LL_FAILURE,
+                                CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
+                                        CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
 
                         // store a message in the signed audit log file
                         // (either an "admin" cert request for an admin
@@ -1196,7 +1182,7 @@ public class EnrollServlet extends CMSServlet {
                         audit(auditMessage);
 
                         throw new ECMSGWException(
-                          CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
+                                CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
                     }
 
                 } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) {
@@ -1208,13 +1194,13 @@ public class EnrollServlet extends CMSServlet {
                                 this);
 
                         keyGenProc.fillCertInfo(null, certInfo,
-                            authToken, httpParams);
+                                authToken, httpParams);
                     } else if (pkcs10 != null) {
                         PKCS10Processor pkcs10Proc = new PKCS10Processor(cmsReq,
                                 this);
 
                         pkcs10Proc.fillCertInfo(pkcs10, certInfo,
-                            authToken, httpParams); 
+                                authToken, httpParams);
                     } else if (cmc != null && cmc != "") {
                         CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, enforcePop);
 
@@ -1230,9 +1216,9 @@ public class EnrollServlet extends CMSServlet {
                                     httpParams,
                                     req);
                     } else {
-                        log(ILogger.LL_FAILURE, 
-                            CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
-                            CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+                        log(ILogger.LL_FAILURE,
+                                CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
+                                        CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
 
                         // store a message in the signed audit log file
                         // (either an "admin" cert request for an admin
@@ -1249,10 +1235,10 @@ public class EnrollServlet extends CMSServlet {
                         audit(auditMessage);
 
                         throw new ECMSGWException(
-                          CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
+                                CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
                     }
                     req.setExtData(CLIENT_ISSUER,
-                        sslClientCert.getIssuerDN().toString());
+                            sslClientCert.getIssuerDN().toString());
                 }
 
             } else if (keyGenInfo != null) {
@@ -1279,9 +1265,9 @@ public class EnrollServlet extends CMSServlet {
                 certInfoArray = crmfProc.fillCertInfoArray(crmf, authToken,
                             httpParams, req);
             } else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
-                    CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
+                                CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
 
                 // store a message in the signed audit log file
                 // (either an "admin" cert request for an admin certificate,
@@ -1300,28 +1286,26 @@ public class EnrollServlet extends CMSServlet {
                 throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
             }
 
-
             // if ca, fill in default signing alg here
-       
+
             try {
-              ICertificateAuthority caSub = 
-               (ICertificateAuthority) CMS.getSubsystem("ca");
-              if (certInfoArray != null && caSub != null) {
-                for (int ix = 0; ix < certInfoArray.length; ix++) {
-                   X509CertInfo ci = (X509CertInfo)certInfoArray[ix];
-                   String defaultSig = caSub.getDefaultAlgorithm(); 
-                   AlgorithmId algid = AlgorithmId.get(defaultSig);
-                   ci.set(X509CertInfo.ALGORITHM_ID,
-                      new CertificateAlgorithmId(algid));
+                ICertificateAuthority caSub =
+                        (ICertificateAuthority) CMS.getSubsystem("ca");
+                if (certInfoArray != null && caSub != null) {
+                    for (int ix = 0; ix < certInfoArray.length; ix++) {
+                        X509CertInfo ci = (X509CertInfo) certInfoArray[ix];
+                        String defaultSig = caSub.getDefaultAlgorithm();
+                        AlgorithmId algid = AlgorithmId.get(defaultSig);
+                        ci.set(X509CertInfo.ALGORITHM_ID,
+                                new CertificateAlgorithmId(algid));
+                    }
                 }
-              }
             } catch (Exception e) {
-              CMS.debug("Failed to set signing alg to certinfo " + e.toString());
+                CMS.debug("Failed to set signing alg to certinfo " + e.toString());
             }
 
             req.setExtData(IRequest.CERT_INFO, certInfoArray);
 
-
             if (challengePassword != null && !challengePassword.equals("")) {
                 String pwd = hashPassword(challengePassword);
 
@@ -1379,7 +1363,7 @@ public class EnrollServlet extends CMSServlet {
 
                     issuedCerts =
                             cmsReq.getIRequest().getExtDataInCertArray(
-                                IRequest.ISSUED_CERTS);
+                                    IRequest.ISSUED_CERTS);
 
                     for (int i = 0; i < issuedCerts.length; i++) {
                         // (automated "agent" cert request processed
@@ -1449,27 +1433,27 @@ public class EnrollServlet extends CMSServlet {
             // audit log the success.
             long endTime = CMS.getCurrentDate().getTime();
 
-            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, 
-                AuditFormat.LEVEL,
-                AuditFormat.ENROLLMENTFORMAT,
-                new Object[]
-                { req.getRequestId(), 
-                    initiative,
-                    mAuthMgr,
-                    "completed",
-                    issuedCerts[0].getSubjectDN(),
-                    "cert issued serial number: 0x" +
-                    issuedCerts[0].getSerialNumber().toString(16) +
-                    " time: " +
-                    (endTime - startTime) }
-            );
+            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+                    AuditFormat.LEVEL,
+                    AuditFormat.ENROLLMENTFORMAT,
+                    new Object[]
+                { req.getRequestId(),
+                        initiative,
+                        mAuthMgr,
+                        "completed",
+                        issuedCerts[0].getSubjectDN(),
+                        "cert issued serial number: 0x" +
+                                issuedCerts[0].getSerialNumber().toString(16) +
+                                " time: " +
+                                (endTime - startTime) }
+                    );
 
             // handle initial admin enrollment if in adminEnroll mode.
             checkAdminEnroll(cmsReq, issuedCerts);
 
             // return cert as mime type binary if requested.
             if (checkImportCertToNav(cmsReq.getHttpResp(),
-                    httpParams, issuedCerts[0])) { 
+                    httpParams, issuedCerts[0])) {
                 cmsReq.setStatus(CMSRequest.SUCCESS);
 
                 for (int i = 0; i < issuedCerts.length; i++) {
@@ -1490,10 +1474,10 @@ public class EnrollServlet extends CMSServlet {
 
             // use success template.
             try {
-                cmsReq.setResult(issuedCerts); 
-                renderTemplate(cmsReq, mEnrollSuccessTemplate, 
-                    mEnrollSuccessFiller);
-                cmsReq.setStatus(CMSRequest.SUCCESS); 
+                cmsReq.setResult(issuedCerts);
+                renderTemplate(cmsReq, mEnrollSuccessTemplate,
+                        mEnrollSuccessFiller);
+                cmsReq.setStatus(CMSRequest.SUCCESS);
 
                 for (int i = 0; i < issuedCerts.length; i++) {
                     // (automated "agent" cert request processed - "accepted")
@@ -1508,10 +1492,10 @@ public class EnrollServlet extends CMSServlet {
                     audit(auditMessage);
                 }
             } catch (IOException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_TEMP_REND_ERR",
-                        mEnrollSuccessFiller.toString(),
-                        e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_TEMP_REND_ERR",
+                                mEnrollSuccessFiller.toString(),
+                                e.toString()));
 
                 // (automated "agent" cert request processed - "rejected")
                 auditMessage = CMS.getLogMessage(
@@ -1525,7 +1509,7 @@ public class EnrollServlet extends CMSServlet {
                 audit(auditMessage);
 
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
+                        CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
             }
         } catch (EBaseException eAudit1) {
             // store a message in the signed audit log file
@@ -1548,10 +1532,10 @@ public class EnrollServlet extends CMSServlet {
 
     /**
      * check if this is first enroll from admin enroll.
-     * If so disable admin enroll from here on. 
+     * If so disable admin enroll from here on.
      */
     protected void checkAdminEnroll(CMSRequest cmsReq, X509CertImpl[] issuedCerts)
-        throws EBaseException {
+            throws EBaseException {
         // this is special case, get the admin certificate
         if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
             addAdminAgent(cmsReq, issuedCerts);
@@ -1559,8 +1543,8 @@ public class EnrollServlet extends CMSServlet {
         }
     }
 
-    protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts) 
-        throws EBaseException {
+    protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts)
+            throws EBaseException {
         String userid = cmsReq.getHttpParams().getValueAsString("uid");
         IUGSubsystem ug = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
 
@@ -1571,13 +1555,13 @@ public class EnrollServlet extends CMSServlet {
             ug.addUserCert(adminuser);
         } catch (netscape.ldap.LDAPException e) {
             CMS.debug(
-                "EnrollServlet: Cannot add admin's certificate to its entry in the " +
-                "user group database. Error " + e);
+                    "EnrollServlet: Cannot add admin's certificate to its entry in the " +
+                            "user group database. Error " + e);
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString()));
+                    CMS.getUserMessage("CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString()));
         }
-        IGroup agentGroup = 
-            ug.getGroupFromName(CA_AGENT_GROUP);
+        IGroup agentGroup =
+                ug.getGroupFromName(CA_AGENT_GROUP);
 
         if (agentGroup != null) {
             // add user to the group if necessary
@@ -1585,15 +1569,15 @@ public class EnrollServlet extends CMSServlet {
                 agentGroup.addMemberName(userid);
                 ug.modifyGroup(agentGroup);
                 mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                    AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
-                    new Object[] {userid, userid, CA_AGENT_GROUP}
-                );
+                        AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
+                        new Object[] { userid, userid, CA_AGENT_GROUP }
+                        );
 
             }
         } else {
             String msg = "Cannot add admin to the " +
-                CA_AGENT_GROUP +
-                " group: Group does not exist.";
+                    CA_AGENT_GROUP +
+                    " group: Group does not exist.";
 
             CMS.debug("EnrollServlet: " + msg);
             throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_ADMIN_ERROR"));
@@ -1635,19 +1619,19 @@ public class EnrollServlet extends CMSServlet {
             out.println("<P>");
             out.println("<PRE>");
             X509CertImpl certs[] =
-                cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS);
+                    cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
             out.println(CMS.getEncodedCert(certs[0]));
             out.println("</PRE>");
             out.println("<P>");
             out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
-                cmsReq.getIRequest().getCreationTime().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + 
-                cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_ID=" + 
-                cmsReq.getIRequest().getRequestId().toString() + ">");
+                    cmsReq.getIRequest().getCreationTime().toString() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+                    cmsReq.getStatus().toString() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_ID=" +
+                    cmsReq.getIRequest().getRequestId().toString() + ">");
             out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" +
-                CMS.getEncodedCert(certs[0]) + ">");
+                    CMS.getEncodedCert(certs[0]) + ">");
         } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) {
             out.println("<H1>");
             out.println("PENDING");
@@ -1664,11 +1648,11 @@ public class EnrollServlet extends CMSServlet {
             out.println(cmsReq.getIRequest().getRequestId().toString());
             out.println("<P>");
             out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
-                cmsReq.getIRequest().getCreationTime().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + 
-                cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_ID=" + 
-                cmsReq.getIRequest().getRequestId().toString() + ">");
+                    cmsReq.getIRequest().getCreationTime().toString() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+                    cmsReq.getStatus().toString() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_ID=" +
+                    cmsReq.getIRequest().getRequestId().toString() + ">");
         } else {
             out.println("<H1>");
             out.println("ERROR");
@@ -1683,21 +1667,21 @@ public class EnrollServlet extends CMSServlet {
             out.println("Error: ");
             out.println(cmsReq.getError()); // XXX - need to parse in Locale
             out.println("<P>");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + 
-                cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT ERROR=" + 
-                cmsReq.getError() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+                    cmsReq.getStatus().toString() + ">");
+            out.println("<!HTTP_OUTPUT ERROR=" +
+                    cmsReq.getError() + ">");
         }
 
         /**
-         // include all the input data
-         ArgBlock args = cmsReq.getHttpParams();
-         Enumeration ele = args.getElements();
-         while (ele.hasMoreElements()) {
-         String eleT = (String)ele.nextElement();
-         out.println("<!HTTP_INPUT " + eleT + "=" + 
-         args.get(eleT) + ">");
-         }
+         * // include all the input data
+         * ArgBlock args = cmsReq.getHttpParams();
+         * Enumeration ele = args.getElements();
+         * while (ele.hasMoreElements()) {
+         * String eleT = (String)ele.nextElement();
+         * out.println("<!HTTP_INPUT " + eleT + "=" +
+         * args.get(eleT) + ">");
+         * }
          **/
 
         out.println("</HTML>");
@@ -1712,18 +1696,18 @@ public class EnrollServlet extends CMSServlet {
 
     private boolean mIsTestBed = false;
 
-    private void init_testbed_hack(IConfigStore config) 
-        throws EBaseException {
+    private void init_testbed_hack(IConfigStore config)
+            throws EBaseException {
         mIsTestBed = config.getBoolean("isTestBed", true);
     }
 
     /**
      * Signed Audit Log Info Certificate Value
-     *
+     * 
      * This method is called to obtain the certificate from the passed in
      * "X509CertImpl" for a signed audit log message.
      * <P>
-     *
+     * 
      * @param x509cert an X509CertImpl
      * @return cert string containing the certificate
      */
@@ -1776,4 +1760,3 @@ public class EnrollServlet extends CMSServlet {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
index a723cb52..fca81ff4 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.math.BigInteger;
@@ -58,7 +57,6 @@ import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 
-
 /**
  * Retrieve certificate by serial number.
  * 
@@ -83,10 +81,11 @@ public class GetBySerial extends CMSServlet {
         super();
     }
 
-	 /**
+    /**
      * Initialize the servlet. This servlet uses the template file
-	 * "ImportCert.template" to import the cert to the users browser,
-	 * if that is what the user requested
+     * "ImportCert.template" to import the cert to the users browser,
+     * if that is what the user requested
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -115,11 +114,11 @@ public class GetBySerial extends CMSServlet {
     }
 
     /**
-	 * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
-     * <li>http.param  serialNumber serial number of certificate in HEX
+     * <li>http.param serialNumber serial number of certificate in HEX
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -139,10 +138,10 @@ public class GetBySerial extends CMSServlet {
                         mAuthzResourceName, "import");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -160,18 +159,18 @@ public class GetBySerial extends CMSServlet {
             serialNo = null;
         }
         if (serial == null || serialNo == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER")));
+                    CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
 
         ICertRecord certRecord = (ICertRecord) getCertRecord(serialNo);
         if (certRecord == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
             cmsReq.setError(new ECMSGWException(
                     CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16))));
             cmsReq.setStatus(CMSRequest.ERROR);
@@ -181,37 +180,37 @@ public class GetBySerial extends CMSServlet {
         // if RA, needs requestOwner to match
         // first, find the user's group
         if (authToken != null) {
-          String group = authToken.getInString("group");
- 
-          if ((group != null) && (group != "")) {
-            CMS.debug("GetBySerial process: auth group="+group);
-            if (group.equals("Registration Manager Agents")) {
-              boolean groupMatched = false;
-              // find the cert record's orig. requestor's group
-              MetaInfo metai = certRecord.getMetaInfo();
-              if (metai != null) {
-                String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID);
-                RequestId rid = new RequestId(reqId);
-                IRequest creq = mReqQ.findRequest(rid);
-                if (creq != null) {
-                  String reqOwner = creq.getRequestOwner();
-                  if (reqOwner != null) {
-                    CMS.debug("GetBySerial process: req owner="+reqOwner);
-                    if (reqOwner.equals(group))
-                      groupMatched = true;
-                  }
+            String group = authToken.getInString("group");
+
+            if ((group != null) && (group != "")) {
+                CMS.debug("GetBySerial process: auth group=" + group);
+                if (group.equals("Registration Manager Agents")) {
+                    boolean groupMatched = false;
+                    // find the cert record's orig. requestor's group
+                    MetaInfo metai = certRecord.getMetaInfo();
+                    if (metai != null) {
+                        String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID);
+                        RequestId rid = new RequestId(reqId);
+                        IRequest creq = mReqQ.findRequest(rid);
+                        if (creq != null) {
+                            String reqOwner = creq.getRequestOwner();
+                            if (reqOwner != null) {
+                                CMS.debug("GetBySerial process: req owner=" + reqOwner);
+                                if (reqOwner.equals(group))
+                                    groupMatched = true;
+                            }
+                        }
+                    }
+                    if (groupMatched == false) {
+                        log(ILogger.LL_FAILURE,
+                                CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
+                        cmsReq.setError(new ECMSGWException(
+                                CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16))));
+                        cmsReq.setStatus(CMSRequest.ERROR);
+                        return;
+                    }
                 }
-              }
-              if (groupMatched == false) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
-                 cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16))));
-                 cmsReq.setStatus(CMSRequest.ERROR);
-                 return;
-              }
             }
-          }
         }
 
         X509CertImpl cert = certRecord.getCertificate();
@@ -224,7 +223,7 @@ public class GetBySerial extends CMSServlet {
                 IArgBlock ctx = CMS.createArgBlock();
                 Locale[] locale = new Locale[1];
                 CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-                ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+                ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
                 CertificateChain cachain = ca.getCACertChain();
                 X509Certificate[] cacerts = cachain.getChain();
                 X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
@@ -236,7 +235,7 @@ public class GetBySerial extends CMSServlet {
 
                 userChain[0] = cert;
                 PKCS7 p7 = new PKCS7(new AlgorithmId[0],
-                  new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
+                        new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
                 ByteArrayOutputStream bos = new ByteArrayOutputStream();
 
                 try {
@@ -246,7 +245,7 @@ public class GetBySerial extends CMSServlet {
 
                 byte[] p7Bytes = bos.toByteArray();
                 String p7Str = CMS.BtoA(p7Bytes);
-        
+
                 header.addStringValue("pkcs7", CryptoUtil.normalizeCertStr(p7Str));
                 try {
                     CMSTemplate form = getTemplate(mIETemplate, req, locale);
@@ -256,16 +255,16 @@ public class GetBySerial extends CMSServlet {
                     form.renderOutput(out, argSet);
                     return;
                 } catch (Exception ee) {
-                    CMS.debug("GetBySerial process: Exception="+ee.toString());
+                    CMS.debug("GetBySerial process: Exception=" + ee.toString());
                 }
             } //browser is IE
- 
+
             MetaInfo metai = certRecord.getMetaInfo();
             String crmfReqId = null;
 
             if (metai != null) {
                 crmfReqId = (String) metai.get(ICertRecord.META_CRMF_REQID);
-                if (crmfReqId != null) 
+                if (crmfReqId != null)
                     cmsReq.setResult(IRequest.CRMF_REQID, crmfReqId);
             }
 
@@ -294,8 +293,7 @@ public class GetBySerial extends CMSServlet {
                 throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
             }
         }
-		
+
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
index b765a2cb..ae759949 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
@@ -15,10 +15,9 @@
 // (C) 2007 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-	package com.netscape.cms.servlet.cert;
+package com.netscape.cms.servlet.cert;
 
-
-	import java.io.ByteArrayOutputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
@@ -49,236 +48,237 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
-	/**
-	 * Retrieve the Certificates comprising the CA Chain for this CA.
-	 *
-	 * @version $Revision$, $Date$
-	 */
-	public class GetCAChain extends CMSServlet {
-	    /**
+/**
+ * Retrieve the Certificates comprising the CA Chain for this CA.
+ * 
+ * @version $Revision$, $Date$
+ */
+public class GetCAChain extends CMSServlet {
+    /**
          *
          */
-        private static final long serialVersionUID = -8189048155415074581L;
-        private final static String TPL_FILE = "displayCaCert.template";
-	    private String mFormPath = null;
-
-	    public GetCAChain() {
-		super();
-	    }
-
-	    /**
-	     * initialize the servlet.
-	     * @param sc servlet configuration, read from the web.xml file
-	     */
-	    public void init(ServletConfig sc) throws ServletException {
-		super.init(sc);
-
-		// override success to display own output.
-		mTemplates.remove(CMSRequest.SUCCESS);
-		// coming from ee
-		mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-	    }
-
-	    /**
-	     * Process the HTTP request. 
-	     * <ul>
-	     * <li>http.param op 'downloadBIN' - return the binary certificate chain
-	     * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
-	     * </ul>
-	     * @param cmsReq the object holding the request and response information
-	     */
-	    protected void process(CMSRequest cmsReq)
-		throws EBaseException {
-		HttpServletRequest httpReq = cmsReq.getHttpReq();
-		HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-		IAuthToken authToken = authenticate(cmsReq);
-
-		// Construct an ArgBlock
-		IArgBlock args = cmsReq.getHttpParams();
-
-		// Get the operation code
-		String op = null;
-
-		op = args.getValueAsString("op", null);
-		if (op == null) {
-		    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED"));
-		    throw new ECMSGWException(
-		      CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"));
-		}
-
-		cmsReq.setStatus(CMSRequest.SUCCESS);
-
-		AuthzToken authzToken = null;
-
-		if (op.startsWith("download")) {
-		    try {
-			authzToken = authorize(mAclMethod, authToken,
-				    mAuthzResourceName, "download");
-		    } catch (EAuthzAccessDenied e) {
-			log(ILogger.LL_FAILURE,
-			    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-		    } catch (Exception e) {
-			log(ILogger.LL_FAILURE,
-			    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-		    }
-
-		    if (authzToken == null) {
-			cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
-			return;
-		    }
-
-		    downloadChain(op, args, httpReq, httpResp, cmsReq);
-		} else if (op.startsWith("display")) {
-		    try {
-			authzToken = mAuthz.authorize(mAclMethod, authToken,
-				    mAuthzResourceName, "read");
-		    } catch (EAuthzAccessDenied e) {
-			log(ILogger.LL_FAILURE,
-			    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-		    } catch (Exception e) {
-			log(ILogger.LL_FAILURE,
-			    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-		    }
-
-		    if (authzToken == null) {
-			cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
-			return;
-		    }
-
-		    displayChain(op, args, httpReq, httpResp, cmsReq);
-		} else {
-		    log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN"));
-		    throw new ECMSGWException(
-		      CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
-		}
-		//		cmsReq.setResult(null);
-		return;
-	    }
-
-	    private void downloadChain(String op, 
-		IArgBlock args, 
-		HttpServletRequest httpReq, 
-		HttpServletResponse httpResp,
-		CMSRequest cmsReq)
-		throws EBaseException {
-
-		/* check browser info ? */
-		
-		/* check if pkcs7 will work for both nav and ie */
-
-		byte[] bytes = null;
-
-		/*
-		 * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert.
-		 * This means that we can only hand out the root CA, and not
-		 * the whole chain.
-		 */
-
-		if (clientIsMSIE(httpReq) && (op.equals("download") || op.equals("downloadBIN"))) {
-		    X509Certificate[] caCerts = 
-			((ICertAuthority) mAuthority).getCACertChain().getChain();
-
-		    try {
-			bytes = caCerts[0].getEncoded();
-		    } catch (CertificateEncodingException e) {
-			cmsReq.setStatus(CMSRequest.ERROR);
-			log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString()));
-			throw new ECMSGWException(
-			  CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR"));
-		    }
-		} else {
-		    CertificateChain certChain = 
-			((ICertAuthority) mAuthority).getCACertChain();
-
-		    if (certChain == null) {
-			log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY"));
-			throw new ECMSGWException(
-			  CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY"));
-		    }
-				
-		    try {
-			ByteArrayOutputStream encoded = new ByteArrayOutputStream();
-
-			certChain.encode(encoded, false);
-			bytes = encoded.toByteArray();
-		    } catch (IOException e) {
-			cmsReq.setStatus(CMSRequest.ERROR);
-			log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString()));
-			throw new ECMSGWException(
-			  CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
-		    }
-		}
-
-		String mimeType = null;
-
-		if (op.equals("downloadBIN")) {
-		    mimeType = "application/octet-stream";
-		} else {
-		    try {
-			mimeType = args.getValueAsString("mimeType");
-		    } catch (EBaseException e) {
-			mimeType = "application/octet-stream";
-		    }
-		}
-
-		try {
-		    if (op.equals("downloadBIN")) {
-		        // file suffixes changed to comply with RFC 5280
-		        // requirements for AIA extensions
-		        if (clientIsMSIE(httpReq)) {
-		            httpResp.setHeader("Content-disposition",
-		                "attachment; filename=ca.cer");
-		        } else {
-		            httpResp.setHeader("Content-disposition",
-		                "attachment; filename=ca.p7c");
-		        }
-		    }
-		    httpResp.setContentType(mimeType);
-		    httpResp.getOutputStream().write(bytes);
-		    httpResp.setContentLength(bytes.length);
-		    httpResp.getOutputStream().flush();
-		} catch (IOException e) {
-		    cmsReq.setStatus(CMSRequest.ERROR);
-		    log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString()));
-		    throw new ECMSGWException(
-		      CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
-		}
-	    }
-
-	    private void displayChain(String op, 
-		IArgBlock args, 
-		HttpServletRequest httpReq, 
-		HttpServletResponse httpResp,
-		CMSRequest cmsReq)
-		throws EBaseException {
-		String outputString = null;
-
-		CertificateChain certChain = 
-		    ((ICertAuthority) mAuthority).getCACertChain();
-
-		if (certChain == null) {
-		    cmsReq.setStatus(CMSRequest.ERROR);
-		    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
-		    throw new ECMSGWException(
-		      CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
-		}
-
-		CMSTemplate form = null;
-		Locale[] locale = new Locale[1];
-
-		if (mOutputTemplatePath != null)
-		    mFormPath = mOutputTemplatePath;
+    private static final long serialVersionUID = -8189048155415074581L;
+    private final static String TPL_FILE = "displayCaCert.template";
+    private String mFormPath = null;
+
+    public GetCAChain() {
+        super();
+    }
+
+    /**
+     * initialize the servlet.
+     * 
+     * @param sc servlet configuration, read from the web.xml file
+     */
+    public void init(ServletConfig sc) throws ServletException {
+        super.init(sc);
+
+        // override success to display own output.
+        mTemplates.remove(CMSRequest.SUCCESS);
+        // coming from ee
+        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
+    }
+
+    /**
+     * Process the HTTP request.
+     * <ul>
+     * <li>http.param op 'downloadBIN' - return the binary certificate chain
+     * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
+     * </ul>
+     * 
+     * @param cmsReq the object holding the request and response information
+     */
+    protected void process(CMSRequest cmsReq)
+            throws EBaseException {
+        HttpServletRequest httpReq = cmsReq.getHttpReq();
+        HttpServletResponse httpResp = cmsReq.getHttpResp();
+
+        IAuthToken authToken = authenticate(cmsReq);
+
+        // Construct an ArgBlock
+        IArgBlock args = cmsReq.getHttpParams();
+
+        // Get the operation code
+        String op = null;
+
+        op = args.getValueAsString("op", null);
+        if (op == null) {
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED"));
+            throw new ECMSGWException(
+                    CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"));
+        }
+
+        cmsReq.setStatus(CMSRequest.SUCCESS);
+
+        AuthzToken authzToken = null;
+
+        if (op.startsWith("download")) {
+            try {
+                authzToken = authorize(mAclMethod, authToken,
+                        mAuthzResourceName, "download");
+            } catch (EAuthzAccessDenied e) {
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+            } catch (Exception e) {
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+            }
+
+            if (authzToken == null) {
+                cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
+                return;
+            }
+
+            downloadChain(op, args, httpReq, httpResp, cmsReq);
+        } else if (op.startsWith("display")) {
+            try {
+                authzToken = mAuthz.authorize(mAclMethod, authToken,
+                        mAuthzResourceName, "read");
+            } catch (EAuthzAccessDenied e) {
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+            } catch (Exception e) {
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+            }
+
+            if (authzToken == null) {
+                cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
+                return;
+            }
+
+            displayChain(op, args, httpReq, httpResp, cmsReq);
+        } else {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN"));
+            throw new ECMSGWException(
+                    CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
+        }
+        //		cmsReq.setResult(null);
+        return;
+    }
+
+    private void downloadChain(String op,
+            IArgBlock args,
+            HttpServletRequest httpReq,
+            HttpServletResponse httpResp,
+            CMSRequest cmsReq)
+            throws EBaseException {
+
+        /* check browser info ? */
+
+        /* check if pkcs7 will work for both nav and ie */
+
+        byte[] bytes = null;
+
+        /*
+         * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert.
+         * This means that we can only hand out the root CA, and not
+         * the whole chain.
+         */
+
+        if (clientIsMSIE(httpReq) && (op.equals("download") || op.equals("downloadBIN"))) {
+            X509Certificate[] caCerts =
+                    ((ICertAuthority) mAuthority).getCACertChain().getChain();
+
+            try {
+                bytes = caCerts[0].getEncoded();
+            } catch (CertificateEncodingException e) {
+                cmsReq.setStatus(CMSRequest.ERROR);
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString()));
+                throw new ECMSGWException(
+                        CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR"));
+            }
+        } else {
+            CertificateChain certChain =
+                    ((ICertAuthority) mAuthority).getCACertChain();
+
+            if (certChain == null) {
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY"));
+                throw new ECMSGWException(
+                        CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY"));
+            }
+
+            try {
+                ByteArrayOutputStream encoded = new ByteArrayOutputStream();
+
+                certChain.encode(encoded, false);
+                bytes = encoded.toByteArray();
+            } catch (IOException e) {
+                cmsReq.setStatus(CMSRequest.ERROR);
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString()));
+                throw new ECMSGWException(
+                        CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
+            }
+        }
+
+        String mimeType = null;
+
+        if (op.equals("downloadBIN")) {
+            mimeType = "application/octet-stream";
+        } else {
+            try {
+                mimeType = args.getValueAsString("mimeType");
+            } catch (EBaseException e) {
+                mimeType = "application/octet-stream";
+            }
+        }
+
+        try {
+            if (op.equals("downloadBIN")) {
+                // file suffixes changed to comply with RFC 5280
+                // requirements for AIA extensions
+                if (clientIsMSIE(httpReq)) {
+                    httpResp.setHeader("Content-disposition",
+                            "attachment; filename=ca.cer");
+                } else {
+                    httpResp.setHeader("Content-disposition",
+                            "attachment; filename=ca.p7c");
+                }
+            }
+            httpResp.setContentType(mimeType);
+            httpResp.getOutputStream().write(bytes);
+            httpResp.setContentLength(bytes.length);
+            httpResp.getOutputStream().flush();
+        } catch (IOException e) {
+            cmsReq.setStatus(CMSRequest.ERROR);
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString()));
+            throw new ECMSGWException(
+                    CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
+        }
+    }
+
+    private void displayChain(String op,
+            IArgBlock args,
+            HttpServletRequest httpReq,
+            HttpServletResponse httpResp,
+            CMSRequest cmsReq)
+            throws EBaseException {
+        String outputString = null;
+
+        CertificateChain certChain =
+                ((ICertAuthority) mAuthority).getCACertChain();
+
+        if (certChain == null) {
+            cmsReq.setStatus(CMSRequest.ERROR);
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
+            throw new ECMSGWException(
+                    CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
+        }
+
+        CMSTemplate form = null;
+        Locale[] locale = new Locale[1];
+
+        if (mOutputTemplatePath != null)
+            mFormPath = mOutputTemplatePath;
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -306,7 +306,7 @@ import com.netscape.cms.servlet.common.ECMSGWException;
             byte[] bytes = null;
 
             try {
-                subjectdn = 
+                subjectdn =
                         certChain.getFirstCertificate().getSubjectDN().toString();
                 ByteArrayOutputStream encoded = new ByteArrayOutputStream();
 
@@ -315,14 +315,14 @@ import com.netscape.cms.servlet.common.ECMSGWException;
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString()));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
+                        CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
             }
 
             String chainBase64 = getBase64(bytes);
 
             header.addStringValue("subjectdn", subjectdn);
             header.addStringValue("chainBase64", chainBase64);
-        } else { 
+        } else {
             try {
                 X509Certificate[] certs = certChain.getChain();
 
@@ -339,13 +339,13 @@ import com.netscape.cms.servlet.common.ECMSGWException;
                     String subjectdn = certs[i].getSubjectDN().toString();
                     String finger = null;
                     try {
-			finger = CMS.getFingerPrints(certs[i]);
+                        finger = CMS.getFingerPrints(certs[i]);
                     } catch (Exception e) {
                         throw new IOException("Internal Error");
                     }
 
-                    ICertPrettyPrint certDetails = 
-                        CMS.getCertPrettyPrint((X509CertImpl) certs[i]);
+                    ICertPrettyPrint certDetails =
+                            CMS.getCertPrettyPrint((X509CertImpl) certs[i]);
 
                     IArgBlock rarg = CMS.createArgBlock();
 
@@ -353,14 +353,14 @@ import com.netscape.cms.servlet.common.ECMSGWException;
                     rarg.addStringValue("subjectdn", subjectdn);
                     rarg.addStringValue("base64", getBase64(bytes));
                     rarg.addStringValue("certDetails",
-                        certDetails.toString(locale[0]));
+                            certDetails.toString(locale[0]));
                     argSet.addRepeatRecord(rarg);
                 }
             } catch (IOException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString()));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
+                        CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
             }
         }
 
@@ -371,10 +371,10 @@ import com.netscape.cms.servlet.common.ECMSGWException;
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java
index 2bbec482..21a0c1d2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CRLException;
@@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Retrieve CRL for a Certificate Authority
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class GetCRL extends CMSServlet {
@@ -68,6 +66,7 @@ public class GetCRL extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -79,15 +78,14 @@ public class GetCRL extends CMSServlet {
             mFormPath = mOutputTemplatePath;
     }
 
-
     /**
-     * Process the HTTP request. 
-     *
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
-	 * @see DisplayCRL#process
+     * @see DisplayCRL#process
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
@@ -100,10 +98,10 @@ public class GetCRL extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -117,7 +115,7 @@ public class GetCRL extends CMSServlet {
         if (!(mAuthority instanceof ICertificateAuthority)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+                    CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -125,14 +123,14 @@ public class GetCRL extends CMSServlet {
         CMSTemplate form = null;
         Locale[] locale = new Locale[1];
 
-CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
+        CMS.debug("**** mFormPath before getTemplate = " + mFormPath);
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -150,14 +148,14 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
         if (op == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED"));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")));
+                    CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
         if (crlId == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT"));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED")));
+                    CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -165,23 +163,24 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
         ICRLIssuingPointRecord crlRecord = null;
         ICertificateAuthority ca = (ICertificateAuthority) mAuthority;
         ICRLIssuingPoint crlIP = null;
-        if (ca != null) crlIP = ca.getCRLIssuingPoint(crlId);
+        if (ca != null)
+            crlIP = ca.getCRLIssuingPoint(crlId);
 
         try {
             crlRecord = (ICRLIssuingPointRecord) ca.getCRLRepository().readCRLIssuingPointRecord(crlId);
         } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND")));
+                    CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
         if (crlRecord == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
+                    CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -201,12 +200,12 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
         }
 
         if ((op.equals("checkCRLcache") ||
-             (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) &&
-              (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) {
+                (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) &&
+                (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) {
             cmsReq.setError(
-                CMS.getUserMessage(
-                    ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty())?
-                        "CMS_GW_CRL_CACHE_IS_EMPTY":"CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId));
+                    CMS.getUserMessage(
+                            ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty()) ?
+                                    "CMS_GW_CRL_CACHE_IS_EMPTY" : "CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -214,26 +213,26 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
         byte[] crlbytes = null;
 
         if (op.equals("importDeltaCRL") || op.equals("getDeltaCRL") ||
-            (op.equals("displayCRL") && crlDisplayType != null &&
-             crlDisplayType.equals("deltaCRL"))) {
+                (op.equals("displayCRL") && crlDisplayType != null &&
+                crlDisplayType.equals("deltaCRL"))) {
             crlbytes = crlRecord.getDeltaCRL();
         } else if (op.equals("importCRL") || op.equals("getCRL") ||
                    op.equals("checkCRL") ||
                    (op.equals("displayCRL") &&
-                    crlDisplayType != null &&
+                           crlDisplayType != null &&
                     (crlDisplayType.equals("entireCRL") ||
-                     crlDisplayType.equals("crlHeader") ||
+                            crlDisplayType.equals("crlHeader") ||
                      crlDisplayType.equals("base64Encoded")))) {
             crlbytes = crlRecord.getCRL();
-        } 
+        }
 
         if (crlbytes == null && (!op.equals("checkCRLcache")) &&
-            (!(op.equals("displayCRL") && crlDisplayType != null &&
-               crlDisplayType.equals("cachedCRL")))) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
+                (!(op.equals("displayCRL") && crlDisplayType != null &&
+                crlDisplayType.equals("cachedCRL")))) {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
+                    CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -242,15 +241,15 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
         X509CRLImpl crl = null;
 
         if (op.equals("checkCRL") || op.equals("importCRL") ||
-            op.equals("importDeltaCRL") ||
-            (op.equals("displayCRL") && crlDisplayType != null &&
-             (crlDisplayType.equals("entireCRL") ||
-              crlDisplayType.equals("crlHeader") ||
-              crlDisplayType.equals("base64Encoded") ||
-              crlDisplayType.equals("deltaCRL")))) {
+                op.equals("importDeltaCRL") ||
+                (op.equals("displayCRL") && crlDisplayType != null &&
+                (crlDisplayType.equals("entireCRL") ||
+                        crlDisplayType.equals("crlHeader") ||
+                        crlDisplayType.equals("base64Encoded") ||
+                crlDisplayType.equals("deltaCRL")))) {
             try {
                 if (op.equals("displayCRL") && crlDisplayType != null &&
-                    crlDisplayType.equals("crlHeader")) {
+                        crlDisplayType.equals("crlHeader")) {
                     crl = new X509CRLImpl(crlbytes, false);
                 } else {
                     crl = new X509CRLImpl(crlbytes);
@@ -258,25 +257,25 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAILED_DECODE_CRL_1", e.toString()));
                 cmsReq.setError(new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED")));
+                        CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED")));
                 cmsReq.setStatus(CMSRequest.ERROR);
                 return;
             }
             if ((op.equals("importDeltaCRL") || (op.equals("displayCRL") &&
-                 crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) &&
-                  ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) &&
-                   (crlRecord.getCRLNumber() == null ||
-                    crlRecord.getDeltaCRLNumber() == null || 
-                    crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 ||
-                    crlRecord.getDeltaCRLSize() == null ||
+                    crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) &&
+                    ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) &&
+                    (crlRecord.getCRLNumber() == null ||
+                            crlRecord.getDeltaCRLNumber() == null ||
+                            crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 ||
+                            crlRecord.getDeltaCRLSize() == null ||
                     crlRecord.getDeltaCRLSize().longValue() == -1))) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL_1"));
                 cmsReq.setError(new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
+                        CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
                 cmsReq.setStatus(CMSRequest.ERROR);
                 return;
             }
-        } 
+        }
 
         String mimeType = "application/x-pkcs7-crl";
 
@@ -300,13 +299,13 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
 
             if (op.equals("checkCRL")) {
                 header.addBooleanValue("isOnCRL",
-                    crl.isRevoked(new BigInteger(certSerialNumber)));
+                        crl.isRevoked(new BigInteger(certSerialNumber)));
             }
 
             if (op.equals("displayCRL")) {
                 if (crlDisplayType.equals("entireCRL") || crlDisplayType.equals("cachedCRL")) {
-                    ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL"))?
-                                                    CMS.getCRLPrettyPrint(crl):
+                    ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL")) ?
+                                                    CMS.getCRLPrettyPrint(crl) :
                                                     CMS.getCRLCachePrettyPrint(crlIP);
                     String pageStart = args.getValueAsString("pageStart", null);
                     String pageSize = args.getValueAsString("pageSize", null);
@@ -315,22 +314,23 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
                         long lPageStart = new Long(pageStart).longValue();
                         long lPageSize = new Long(pageSize).longValue();
 
-                        if (lPageStart < 1) lPageStart = 1;
+                        if (lPageStart < 1)
+                            lPageStart = 1;
 
                         header.addStringValue("crlPrettyPrint",
                                  crlDetails.toString(locale[0],
-                                 lCRLSize, lPageStart, lPageSize));
+                                         lCRLSize, lPageStart, lPageSize));
                         header.addLongValue("pageStart", lPageStart);
                         header.addLongValue("pageSize", lPageSize);
                     } else {
                         header.addStringValue(
-                            "crlPrettyPrint", crlDetails.toString(locale[0]));
+                                "crlPrettyPrint", crlDetails.toString(locale[0]));
                     }
                 } else if (crlDisplayType.equals("crlHeader")) {
                     ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl);
 
                     header.addStringValue(
-                        "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0));
+                            "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0));
                 } else if (crlDisplayType.equals("base64Encoded")) {
                     try {
                         byte[] ba = crl.getEncoded();
@@ -365,12 +365,12 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
                     }
                 } else if (crlDisplayType.equals("deltaCRL")) {
                     header.addIntegerValue("deltaCRLSize",
-                        crl.getNumberOfRevokedCertificates());
+                            crl.getNumberOfRevokedCertificates());
 
                     ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl);
 
                     header.addStringValue(
-                        "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0));
+                            "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0));
 
                     try {
                         byte[] ba = crl.getEncoded();
@@ -413,10 +413,10 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
                 form.renderOutput(out, argSet);
                 cmsReq.setStatus(CMSRequest.SUCCESS);
             } catch (IOException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
                 cmsReq.setError(new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
                 cmsReq.setStatus(CMSRequest.ERROR);
             }
             return;
@@ -428,15 +428,15 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
         } else if (op.equals("getCRL")) {
             mimeType = "application/octet-stream";
             httpResp.setHeader("Content-disposition",
-                "attachment; filename=" + crlId + ".crl");
+                    "attachment; filename=" + crlId + ".crl");
         } else if (op.equals("getDeltaCRL")) {
             mimeType = "application/octet-stream";
             httpResp.setHeader("Content-disposition",
-                "attachment; filename=delta-" + crlId + ".crl");
+                    "attachment; filename=delta-" + crlId + ".crl");
         } else {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_OPTIONS_SELECTED"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
+                    CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
         }
 
         try {
@@ -450,7 +450,7 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CRLINFO"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR"));
         }
         //		cmsReq.setResult(null);
         cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
index 5909bc4b..4d1fe7b9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -52,10 +51,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 
-
 /**
- * Gets a issued certificate from a request id. 
- *
+ * Gets a issued certificate from a request id.
+ * 
  * @version $Revision$, $Date$
  */
 public class GetCertFromRequest extends CMSServlet {
@@ -64,27 +62,26 @@ public class GetCertFromRequest extends CMSServlet {
      */
     private static final long serialVersionUID = 5310646832256611066L;
     private final static String PROP_IMPORT = "importCert";
-    protected static final String 
-        GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template";
-    protected static final String 
-        DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template";
+    protected static final String GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template";
+    protected static final String DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template";
 
     protected static final String REQUEST_ID = "requestId";
     protected static final String CERT_TYPE = "certtype";
 
-    protected String mCertFrReqSuccessTemplate = null; 
+    protected String mCertFrReqSuccessTemplate = null;
     protected ICMSTemplateFiller mCertFrReqFiller = null;
 
     protected IRequestQueue mQueue = null;
     protected boolean mImportCert = true;
 
-    public GetCertFromRequest() {		
+    public GetCertFromRequest() {
         super();
     }
 
     /**
      * initialize the servlet. This servlet uses the template files
-	 * "displayCertFromRequest.template" and "ImportCert.template"
+     * "displayCertFromRequest.template" and "ImportCert.template"
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -102,23 +99,23 @@ public class GetCertFromRequest extends CMSServlet {
 
             if (mImportCert)
                 defTemplate = GET_CERT_FROM_REQUEST_TEMPLATE;
-            else 
+            else
                 defTemplate = DISPLAY_CERT_FROM_REQUEST_TEMPLATE;
             if (mAuthority instanceof IRegistrationAuthority)
                 defTemplate = "/ra/" + defTemplate;
-            else 
+            else
                 defTemplate = "/ca/" + defTemplate;
             mCertFrReqSuccessTemplate = sc.getInitParameter(
                         PROP_SUCCESS_TEMPLATE);
             if (mCertFrReqSuccessTemplate == null)
                 mCertFrReqSuccessTemplate = defTemplate;
             String fillername =
-                sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
+                    sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
 
             if (fillername != null) {
                 ICMSTemplateFiller filler = newFillerObject(fillername);
 
-                if (filler != null) 
+                if (filler != null)
                     mCertFrReqFiller = filler;
             } else {
                 mCertFrReqFiller = new CertFrRequestFiller();
@@ -126,22 +123,21 @@ public class GetCertFromRequest extends CMSServlet {
         } catch (Exception e) {
             // should never happen.
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
-                    mId));
+                    CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
+                            mId));
         }
     }
 
-
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
-     * <li>http.param  requestId  The request ID to search on
+     * <li>http.param requestId The request ID to search on
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
-    protected void process(CMSRequest cmsReq) 
-        throws EBaseException {
+    protected void process(CMSRequest cmsReq)
+            throws EBaseException {
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest httpReq = cmsReq.getHttpReq();
 
@@ -154,10 +150,10 @@ public class GetCertFromRequest extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -165,7 +161,7 @@ public class GetCertFromRequest extends CMSServlet {
             return;
         }
 
-        String requestId = httpParams.getValueAsString(REQUEST_ID, null); 
+        String requestId = httpParams.getValueAsString(REQUEST_ID, null);
 
         if (requestId == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED"));
@@ -185,51 +181,51 @@ public class GetCertFromRequest extends CMSServlet {
         if (r == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+                    CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
         }
 
         if (authToken != null) {
-          //if RA, group and requestOwner must match
-          String group = authToken.getInString("group");
-          if ((group != null) && (group != "") &&
-               group.equals("Registration Manager Agents")) {
-            boolean groupMatched = false;
-            String reqOwner = r.getRequestOwner();
-            if (reqOwner != null) {
-              CMS.debug("GetCertFromRequest process: req owner="+reqOwner);
-              if (reqOwner.equals(group))
-                groupMatched = true;
-            }
-            if (groupMatched == false) {
-              CMS.debug("RA group unmatched");
-              log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId));
-              throw new ECMSGWException(
-                CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+            //if RA, group and requestOwner must match
+            String group = authToken.getInString("group");
+            if ((group != null) && (group != "") &&
+                    group.equals("Registration Manager Agents")) {
+                boolean groupMatched = false;
+                String reqOwner = r.getRequestOwner();
+                if (reqOwner != null) {
+                    CMS.debug("GetCertFromRequest process: req owner=" + reqOwner);
+                    if (reqOwner.equals(group))
+                        groupMatched = true;
+                }
+                if (groupMatched == false) {
+                    CMS.debug("RA group unmatched");
+                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId));
+                    throw new ECMSGWException(
+                            CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+                }
             }
-          }
         }
 
         if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r.getRequestType().equals(IRequest.RENEWAL_REQUEST)))) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId));
             throw new ECMSGWException(
                     CMS.getUserMessage("CMS_GW_REQUEST_NOT_ENROLLMENT", requestId));
         }
         RequestStatus status = r.getRequestStatus();
 
         if (!status.equals(RequestStatus.COMPLETE)) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_REQUEST_NOT_COMPLETED_1", requestId));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_REQUEST_NOT_COMPLETED_1", requestId));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_REQUEST_NOT_COMPLETED", requestId));
+                    CMS.getUserMessage("CMS_GW_REQUEST_NOT_COMPLETED", requestId));
         }
         Integer result = r.getExtDataInInteger(IRequest.RESULT);
 
         if (result != null && !result.equals(IRequest.RES_SUCCESS)) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_REQUEST_HAD_ERROR", requestId));
+                    CMS.getUserMessage("CMS_GW_REQUEST_HAD_ERROR", requestId));
         }
         Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
@@ -242,19 +238,19 @@ public class GetCertFromRequest extends CMSServlet {
             o = certs;
         }
         if (o == null || !(o instanceof X509CertImpl[])) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
+                    CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
         }
         if (o instanceof X509CertImpl[]) {
             X509CertImpl[] certs = (X509CertImpl[]) o;
 
             if (certs == null || certs.length == 0 || certs[0] == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
+                        CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
             }
 
             // for importsCert to get the crmf_reqid.
@@ -263,7 +259,7 @@ public class GetCertFromRequest extends CMSServlet {
             cmsReq.setStatus(CMSRequest.SUCCESS);
 
             if (mImportCert &&
-                checkImportCertToNav(cmsReq.getHttpResp(), httpParams, certs[0])) {
+                    checkImportCertToNav(cmsReq.getHttpResp(), httpParams, certs[0])) {
                 return;
             }
             try {
@@ -271,26 +267,25 @@ public class GetCertFromRequest extends CMSServlet {
                 renderTemplate(cmsReq, mCertFrReqSuccessTemplate, mCertFrReqFiller);
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1",
-                        mCertFrReqSuccessTemplate, e.toString()));
+                        CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1",
+                                mCertFrReqSuccessTemplate, e.toString()));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
             }
         }
         return;
     }
 }
 
-
 class CertFrRequestFiller extends ImportCertsTemplateFiller {
     public CertFrRequestFiller() {
     }
 
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
-        throws Exception {
-        CMSTemplateParams tparams = 
-            super.getTemplateParams(cmsReq, authority, locale, e);
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
+            throws Exception {
+        CMSTemplateParams tparams =
+                super.getTemplateParams(cmsReq, authority, locale, e);
         String reqId = cmsReq.getHttpParams().getValueAsString(
                 GetCertFromRequest.REQUEST_ID);
 
@@ -329,11 +324,11 @@ class CertFrRequestFiller extends ImportCertsTemplateFiller {
                             }
                             if (ext instanceof KeyUsageExtension) {
                                 KeyUsageExtension usage =
-                                    (KeyUsageExtension) ext;
+                                        (KeyUsageExtension) ext;
 
                                 try {
                                     if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() ||
-                                        ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
+                                            ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
                                         emailCert = true;
                                 } catch (ArrayIndexOutOfBoundsException e0) {
                                     // bug356108:
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java
index 8b5536ea..e589cc06 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Servlet to get the enrollment status, enable or disable.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class GetEnableStatus extends CMSServlet {
@@ -64,7 +62,8 @@ public class GetEnableStatus extends CMSServlet {
     }
 
     /**
-	 * initialize the servlet.
+     * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -80,15 +79,15 @@ public class GetEnableStatus extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
      * <li>http.param
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
@@ -115,7 +114,7 @@ public class GetEnableStatus extends CMSServlet {
         if (!(mAuthority instanceof IRegistrationAuthority)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+                    CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -126,11 +125,11 @@ public class GetEnableStatus extends CMSServlet {
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE",
-                    mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE",
+                            mFormPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -164,10 +163,10 @@ public class GetEnableStatus extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java
index 9d83d430..7217435a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Enumeration;
@@ -49,10 +48,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Get detailed information about CA CRL processing
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class GetInfo extends CMSServlet {
@@ -76,6 +74,7 @@ public class GetInfo extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -90,11 +89,11 @@ public class GetInfo extends CMSServlet {
     }
 
     /**
-	 * XXX Process the HTTP request. 
+     * XXX Process the HTTP request.
      * <ul>
      * <li>http.param template filename of template to use to render the result
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -109,10 +108,10 @@ public class GetInfo extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -129,35 +128,34 @@ public class GetInfo extends CMSServlet {
         String template = req.getParameter("template");
         String formFile = "";
 
-/*
-        for (int i = 0; ((template != null) && (i < template.length())); i++) {
-            char c = template.charAt(i);
-            if (!Character.isLetterOrDigit(c) && c != '_' && c != '-') {
-                template = null;
-                break;
-            }
-        }
-*/
-
+        /*
+                for (int i = 0; ((template != null) && (i < template.length())); i++) {
+                    char c = template.charAt(i);
+                    if (!Character.isLetterOrDigit(c) && c != '_' && c != '-') {
+                        template = null;
+                        break;
+                    }
+                }
+        */
 
         if (template != null) {
             formFile = template + ".template";
         } else {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         CMSTemplate form = null;
         Locale[] locale = new Locale[1];
 
-CMS.debug("*** formFile = "+formFile);
+        CMS.debug("*** formFile = " + formFile);
         try {
             form = getTemplate(formFile, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formFile, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         try {
@@ -172,29 +170,29 @@ CMS.debug("*** formFile = "+formFile);
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        Locale locale)
-        throws EBaseException {
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            Locale locale)
+            throws EBaseException {
         if (mCA != null) {
             String crlIssuingPoints = "";
             String crlNumbers = "";
@@ -209,15 +207,15 @@ CMS.debug("*** formFile = "+formFile);
 
             String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", "");
             String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", "");
-            
+
             if (masterHost != null && masterHost.length() > 0 &&
-                masterPort != null && masterPort.length() > 0) {
+                    masterPort != null && masterPort.length() > 0) {
 
                 ICRLRepository crlRepository = mCA.getCRLRepository();
 
                 Vector ipNames = crlRepository.getIssuingPointsNames();
                 for (int i = 0; i < ipNames.size(); i++) {
-                    String ipName = (String)ipNames.elementAt(i);
+                    String ipName = (String) ipNames.elementAt(i);
                     ICRLIssuingPointRecord crlRecord = null;
                     try {
                         crlRecord = crlRepository.readCRLIssuingPointRecord(ipName);
@@ -236,8 +234,8 @@ CMS.debug("*** formFile = "+formFile);
 
                         if (crlSizes.length() > 0)
                             crlSizes += "+";
-                        crlSizes += ((crlRecord.getCRLSize() != null)? 
-                                      crlRecord.getCRLSize().toString(): "-1");
+                        crlSizes += ((crlRecord.getCRLSize() != null) ?
+                                      crlRecord.getCRLSize().toString() : "-1");
 
                         if (deltaSizes.length() > 0)
                             deltaSizes += "+";
@@ -307,7 +305,7 @@ CMS.debug("*** formFile = "+formFile);
                             recentChanges += "Publishing CRL #" + ip.getCRLNumber();
                         } else if (ip.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_STARTED) {
                             recentChanges += "Creating CRL #" + ip.getNextCRLNumber();
-                        } else {  // ip.CRL_UPDATE_DONE
+                        } else { // ip.CRL_UPDATE_DONE
                             recentChanges += ip.getNumberOfRecentlyRevokedCerts() + ", " +
                                     ip.getNumberOfRecentlyUnrevokedCerts() + ", " +
                                     ip.getNumberOfRecentlyExpiredCerts();
@@ -326,7 +324,7 @@ CMS.debug("*** formFile = "+formFile);
 
                         if (crlTesting.length() > 0)
                             crlTesting += "+";
-                        crlTesting += ((ip.isCRLCacheTestingEnabled())?"1":"0");
+                        crlTesting += ((ip.isCRLCacheTestingEnabled()) ? "1" : "0");
                     }
                 }
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java
index 5507cadf..955f8a86 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -85,10 +84,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 
-
 /**
  * performs face-to-face enrollment.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class HashEnrollServlet extends CMSServlet {
@@ -100,8 +98,7 @@ public class HashEnrollServlet extends CMSServlet {
     public final static String ADMIN_ENROLL_SERVLET_ID = "adminEnroll";
 
     // enrollment templates.
-    public static final String 
-        ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template";
+    public static final String ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template";
 
     // http params 
     public static final String OLD_CERT_TYPE = "csrCertType";
@@ -123,8 +120,7 @@ public class HashEnrollServlet extends CMSServlet {
 
     private boolean mAuthTokenOverride = true;
     private String mEnrollSuccessTemplate = null;
-    private ICMSTemplateFiller 
-        mEnrollSuccessFiller = new ImportCertsTemplateFiller();
+    private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller();
 
     ICertificateAuthority mCa = null;
     ICertificateRepository mRepository = null;
@@ -135,6 +131,7 @@ public class HashEnrollServlet extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -146,13 +143,13 @@ public class HashEnrollServlet extends CMSServlet {
                         CMSServlet.PROP_SUCCESS_TEMPLATE);
             if (mEnrollSuccessTemplate == null)
                 mEnrollSuccessTemplate = ENROLL_SUCCESS_TEMPLATE;
-            String fillername = 
-                sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
+            String fillername =
+                    sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
 
             if (fillername != null) {
                 ICMSTemplateFiller filler = newFillerObject(fillername);
 
-                if (filler != null) 
+                if (filler != null)
                     mEnrollSuccessFiller = filler;
             }
 
@@ -162,19 +159,18 @@ public class HashEnrollServlet extends CMSServlet {
             init_testbed_hack(mConfig);
         } catch (Exception e) {
             // this should never happen. 
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId));
         }
     }
 
-
     /**
-     * Process the HTTP request. 
-     *
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
-    protected void process(CMSRequest cmsReq) 
-        throws EBaseException {
+    protected void process(CMSRequest cmsReq)
+            throws EBaseException {
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -193,7 +189,7 @@ public class HashEnrollServlet extends CMSServlet {
         IConfigStore configStore = CMS.getConfigStore();
         String val = configStore.getString("hashDirEnrollment.name");
         IAuthSubsystem authSS = (IAuthSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+                CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
         IAuthManager authMgr = authSS.get(val);
         HashAuthentication mgr = (HashAuthentication) authMgr;
 
@@ -226,14 +222,15 @@ public class HashEnrollServlet extends CMSServlet {
         certType = httpParams.getValueAsString(OLD_CERT_TYPE, null);
         if (certType == null) {
             certType = httpParams.getValueAsString(CERT_TYPE, "client");
-        } else {;
-        }			
+        } else {
+            ;
+        }
 
-        processX509(cmsReq); 
+        processX509(cmsReq);
     }
-	
+
     private void printError(CMSRequest cmsReq, String errorCode)
-        throws EBaseException {
+            throws EBaseException {
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -253,9 +250,9 @@ public class HashEnrollServlet extends CMSServlet {
             form = getTemplate(formPath, httpReq, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-               CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -267,16 +264,16 @@ public class HashEnrollServlet extends CMSServlet {
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM",
-                    e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM",
+                            e.toString()));
             cmsReq.setError(new ECMSGWException(
-               CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
     }
 
-    protected void processX509(CMSRequest cmsReq) 
-        throws EBaseException {
+    protected void processX509(CMSRequest cmsReq)
+            throws EBaseException {
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest httpReq = cmsReq.getHttpReq();
 
@@ -296,7 +293,7 @@ public class HashEnrollServlet extends CMSServlet {
         boolean certAuthEnroll = false;
 
         String certAuthEnrollOn =
-            httpParams.getValueAsString("certauthEnroll", null);
+                httpParams.getValueAsString("certauthEnroll", null);
         X509CertInfo new_certInfo = null;
 
         if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) {
@@ -307,7 +304,7 @@ public class HashEnrollServlet extends CMSServlet {
         String certauthEnrollType = null;
 
         if (certAuthEnroll == true) {
-            certauthEnrollType = 
+            certauthEnrollType =
                     httpParams.getValueAsString("certauthEnrollType", null);
             if (certauthEnrollType != null) {
                 if (certauthEnrollType.equals("dual")) {
@@ -318,15 +315,15 @@ public class HashEnrollServlet extends CMSServlet {
                     CMS.debug("HashEnrollServlet: certauthEnrollType is single");
                 } else {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType));
+                            CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
+                            CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
                 }
             } else {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
+                        CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
                 throw new ECMSGWException(
-                   CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
+                        CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
             }
         }
 
@@ -365,7 +362,7 @@ public class HashEnrollServlet extends CMSServlet {
             if (sslClientCert == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT"));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
+                        CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
             }
 
             certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN().toString();
@@ -373,24 +370,24 @@ public class HashEnrollServlet extends CMSServlet {
             try {
                 certInfo = (X509CertInfo)
                         ((X509CertImpl) sslClientCert).get(
-                            X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
             } catch (CertificateParsingException ex) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
+                        CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
                 throw new ECMSGWException(
-                  CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
+                        CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
             }
         } else {
             certInfo = CMS.getDefaultX509CertInfo();
         }
 
-        X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo};
+        X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo };
 
         //AuthToken authToken = access.getAuthToken();
         IConfigStore configStore = CMS.getConfigStore();
         String val = configStore.getString("hashDirEnrollment.name");
         IAuthSubsystem authSS = (IAuthSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+                CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
         IAuthManager authMgr1 = authSS.get(val);
         HashAuthentication mgr = (HashAuthentication) authMgr1;
         String pageID = httpParams.getValueAsString("pageID", null);
@@ -405,14 +402,14 @@ public class HashEnrollServlet extends CMSServlet {
             cmsReq.setStatus(CMSRequest.SUCCESS);
             return;
         } else {
-            authMgr = 
+            authMgr =
                     authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
             // don't store agent token in request. 
             // agent currently used for bulk issuance. 
             // if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
-            log(ILogger.LL_INFO, 
-                "Enrollment request was authenticated by " +
-                authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
+            log(ILogger.LL_INFO,
+                    "Enrollment request was authenticated by " +
+                            authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
             fillCertInfoFromAuthToken(certInfo, authToken);
             // save authtoken attrs to request directly (for policy use) 
             saveAuthToken(authToken, req);
@@ -421,8 +418,8 @@ public class HashEnrollServlet extends CMSServlet {
         }
 
         // fill certInfo from input types: keygen, cmc, pkcs10 or crmf
-        KeyGenInfo keyGenInfo = 
-            httpParams.getValueAsKeyGenInfo(SUBJECT_KEYGEN_INFO, null);	
+        KeyGenInfo keyGenInfo =
+                httpParams.getValueAsKeyGenInfo(SUBJECT_KEYGEN_INFO, null);
 
         String certType = null;
 
@@ -441,8 +438,8 @@ public class HashEnrollServlet extends CMSServlet {
             req.setExtData(IRequest.HTTP_PARAMS, CERT_TYPE, certType);
         }
 
-        String crmf = 
-            httpParams.getValueAsString(CRMF_REQUEST, null);
+        String crmf =
+                httpParams.getValueAsString(CRMF_REQUEST, null);
 
         if (certAuthEnroll == true) {
 
@@ -452,24 +449,24 @@ public class HashEnrollServlet extends CMSServlet {
             if (certauthEnrollType.equals(CERT_AUTH_DUAL)) {
                 if (mCa == null) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_NOT_A_CA"));
+                            CMS.getLogMessage("CMSGW_NOT_A_CA"));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_NOT_A_CA"));
+                            CMS.getUserMessage("CMS_GW_NOT_A_CA"));
                 }
 
                 // first, make sure the client cert is indeed a
                 //				signing only cert
                 if ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
                         false) ||
-                    ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
+                        ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
                             true) &&
                         (CMS.isEncryptionCert((X509CertImpl) sslClientCert) ==
                             true))) {
                     // either it's not a signing cert, or it's a dual cert
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
+                            CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
+                            CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
                 }
                 X509Key key = null;
 
@@ -478,22 +475,22 @@ public class HashEnrollServlet extends CMSServlet {
                 try {
                     certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
                 } catch (CertificateException e) {
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+                            CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
                 } catch (IOException e) {
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+                            CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
                 }
 
                 String filter =
-                    "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))";
-                ICertRecordList list = 
-                    (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter,
-                        null, 10);
+                        "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))";
+                ICertRecordList list =
+                        (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter,
+                                null, 10);
                 int size = list.getSize();
                 Enumeration<ICertRecord> en = list.getCertRecords(0, size - 1);
                 boolean gotEncCert = false;
@@ -502,8 +499,8 @@ public class HashEnrollServlet extends CMSServlet {
                     // pairing encryption cert not found
                 } else {
                     X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo();
-                    X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo,
-                            encCertInfo};
+                    X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo,
+                            encCertInfo };
                     int i = 1;
 
                     while (en.hasMoreElements()) {
@@ -512,7 +509,7 @@ public class HashEnrollServlet extends CMSServlet {
 
                         // if not encryption cert only, try next one
                         if ((CMS.isEncryptionCert(cert) == false) ||
-                            ((CMS.isEncryptionCert(cert) == true) &&
+                                ((CMS.isEncryptionCert(cert) == true) &&
                                 (CMS.isSigningCert(cert) == true))) {
                             continue;
                         }
@@ -521,27 +518,27 @@ public class HashEnrollServlet extends CMSServlet {
                         try {
                             encCertInfo = (X509CertInfo)
                                     cert.get(
-                                        X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                                            X509CertImpl.NAME + "." + X509CertImpl.INFO);
 
                         } catch (CertificateParsingException ex) {
                             log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
+                                    CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
                             throw new ECMSGWException(
-                              CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
+                                    CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
                         }
 
                         try {
                             encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
                         } catch (CertificateException e) {
-                            log(ILogger.LL_FAILURE, 
-                                CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
                             throw new ECMSGWException(
-                              CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+                                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
                         } catch (IOException e) {
-                            log(ILogger.LL_FAILURE, 
-                                CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
                             throw new ECMSGWException(
-                              CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+                                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
                         }
                         fillCertInfoFromAuthToken(encCertInfo, authToken);
 
@@ -555,24 +552,24 @@ public class HashEnrollServlet extends CMSServlet {
                 if (gotEncCert == false) {
                     // encryption cert not found, bail
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
+                            CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
+                            CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
                 }
             } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) {
                 // first, make sure the client cert is indeed a
                 //				signing only cert
                 if ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
                         false) ||
-                    ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
+                        ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
                             true) &&
                         (CMS.isEncryptionCert((X509CertImpl) sslClientCert) ==
                             true))) {
                     // either it's not a signing cert, or it's a dual cert
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
+                            CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
+                            CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
                 }
 
                 /*
@@ -581,14 +578,14 @@ public class HashEnrollServlet extends CMSServlet {
                 if (crmf != null && crmf != "") {
                     certInfoArray = fillCRMF(crmf, authToken, httpParams, req);
                     req.setExtData(CLIENT_ISSUER,
-                        sslClientCert.getIssuerDN().toString());
+                            sslClientCert.getIssuerDN().toString());
                     CMS.debug(
-                        "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString());
+                            "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString());
                 } else {
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
                     throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq),
-                      "CMS_GW_MISSING_KEYGEN_INFO"));
+                            "CMS_GW_MISSING_KEYGEN_INFO"));
                 }
             } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) {
                 // have to be buried here to handle the issuer
@@ -596,21 +593,21 @@ public class HashEnrollServlet extends CMSServlet {
                 if (crmf != null && crmf != "") {
                     certInfoArray = fillCRMF(crmf, authToken, httpParams, req);
                 } else {
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
                     throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq),
-                      "CMS_GW_MISSING_KEYGEN_INFO"));
+                            "CMS_GW_MISSING_KEYGEN_INFO"));
                 }
                 req.setExtData(CLIENT_ISSUER,
-                    sslClientCert.getIssuerDN().toString());
+                        sslClientCert.getIssuerDN().toString());
             }
         } else if (crmf != null && crmf != "") {
             certInfoArray = fillCRMF(crmf, authToken, httpParams, req);
         } else {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
             throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq),
-                "CMS_GW_MISSING_KEYGEN_INFO"));
+                    "CMS_GW_MISSING_KEYGEN_INFO"));
         }
 
         req.setExtData(IRequest.CERT_INFO, certInfoArray);
@@ -648,7 +645,7 @@ public class HashEnrollServlet extends CMSServlet {
         } else {
             agentID = authToken.getInString("userid");
             initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
-        }	
+        }
 
         // if service not complete return standard templates.
         RequestStatus status = req.getRequestStatus();
@@ -668,52 +665,52 @@ public class HashEnrollServlet extends CMSServlet {
                             wholeMsg.append("\n");
                             wholeMsg.append(msgs.nextElement());
                         }
-                        mLogger.log(ILogger.EV_AUDIT, 
-                            ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.ENROLLMENTFORMAT,
-                            new Object[] {
-                                req.getRequestId(), 
-                                initiative,
-                                authMgr,
-                                status.toString(),
-                                certInfo.get(X509CertInfo.SUBJECT),
-                                " violation: " +
-                                wholeMsg.toString()},
-                            ILogger.L_MULTILINE
-                        );
+                        mLogger.log(ILogger.EV_AUDIT,
+                                ILogger.S_OTHER,
+                                AuditFormat.LEVEL,
+                                AuditFormat.ENROLLMENTFORMAT,
+                                new Object[] {
+                                        req.getRequestId(),
+                                        initiative,
+                                        authMgr,
+                                        status.toString(),
+                                        certInfo.get(X509CertInfo.SUBJECT),
+                                        " violation: " +
+                                                wholeMsg.toString() },
+                                ILogger.L_MULTILINE
+                                );
                     } else { // no policy violation, from agent
                         mLogger.log(ILogger.EV_AUDIT,
+                                ILogger.S_OTHER,
+                                AuditFormat.LEVEL,
+                                AuditFormat.ENROLLMENTFORMAT,
+                                new Object[] {
+                                        req.getRequestId(),
+                                        initiative,
+                                        authMgr,
+                                        status.toString(),
+                                        certInfo.get(X509CertInfo.SUBJECT), "" }
+                                );
+                    }
+                } else { // other imcomplete status 
+                    mLogger.log(ILogger.EV_AUDIT,
                             ILogger.S_OTHER,
                             AuditFormat.LEVEL,
                             AuditFormat.ENROLLMENTFORMAT,
                             new Object[] {
-                                req.getRequestId(), 
-                                initiative,
-                                authMgr,
-                                status.toString(),
-                                certInfo.get(X509CertInfo.SUBJECT), ""}
-                        );
-                    }
-                } else { // other imcomplete status 
-                    mLogger.log(ILogger.EV_AUDIT,
-                        ILogger.S_OTHER,
-                        AuditFormat.LEVEL,
-                        AuditFormat.ENROLLMENTFORMAT,
-                        new Object[] {
-                            req.getRequestId(), 
-                            initiative,
-                            authMgr,
-                            status.toString(),
-                            certInfo.get(X509CertInfo.SUBJECT), ""}
-                    );
+                                    req.getRequestId(),
+                                    initiative,
+                                    authMgr,
+                                    status.toString(),
+                                    certInfo.get(X509CertInfo.SUBJECT), "" }
+                            );
                 }
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
+                        CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
             } catch (CertificateException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
+                        CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
             }
             return;
         }
@@ -725,7 +722,7 @@ public class HashEnrollServlet extends CMSServlet {
             cmsReq.setStatus(CMSRequest.ERROR);
             cmsReq.setError(req.getExtDataInString(IRequest.ERROR));
             String[] svcErrors =
-                req.getExtDataInStringArray(IRequest.SVCERRORS);
+                    req.getExtDataInStringArray(IRequest.SVCERRORS);
 
             if (svcErrors != null && svcErrors.length > 0) {
                 for (int i = 0; i < svcErrors.length; i++) {
@@ -738,26 +735,26 @@ public class HashEnrollServlet extends CMSServlet {
                         cmsReq.setErrorDescription(err);
                         // audit log the error
                         try {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.ENROLLMENTFORMAT,
-                                new Object[] {
-                                    req.getRequestId(), 
-                                    initiative,
-                                    authMgr,
-                                    "completed with error: " +
-                                    err,
-                                    certInfo.get(X509CertInfo.SUBJECT), ""}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.ENROLLMENTFORMAT,
+                                    new Object[] {
+                                            req.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "completed with error: " +
+                                                    err,
+                                            certInfo.get(X509CertInfo.SUBJECT), "" }
+                                    );
                         } catch (IOException e) {
                             log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", 
-                                    e.toString()));
+                                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+                                            e.toString()));
                         } catch (CertificateException e) {
                             log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", 
-                                    e.toString()));
+                                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+                                            e.toString()));
                         }
                     }
                 }
@@ -768,53 +765,53 @@ public class HashEnrollServlet extends CMSServlet {
         // service success
         cmsReq.setStatus(CMSRequest.SUCCESS);
         X509CertImpl[] issuedCerts =
-            req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+                req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
         // audit log the success.
-        mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, 
-            AuditFormat.LEVEL,
-            AuditFormat.ENROLLMENTFORMAT,
-            new Object[] {
-                req.getRequestId(), 
-                initiative,
-                authMgr,
-                "completed",
-                issuedCerts[0].getSubjectDN(),
-                "cert issued serial number: 0x" +
-                issuedCerts[0].getSerialNumber().toString(16)}
-        );
+        mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+                AuditFormat.LEVEL,
+                AuditFormat.ENROLLMENTFORMAT,
+                new Object[] {
+                        req.getRequestId(),
+                        initiative,
+                        authMgr,
+                        "completed",
+                        issuedCerts[0].getSubjectDN(),
+                        "cert issued serial number: 0x" +
+                                issuedCerts[0].getSerialNumber().toString(16) }
+                );
 
         // return cert as mime type binary if requested.
         if (checkImportCertToNav(
-                cmsReq.getHttpResp(), httpParams, issuedCerts[0])) { 
+                cmsReq.getHttpResp(), httpParams, issuedCerts[0])) {
             cmsReq.setStatus(CMSRequest.SUCCESS);
             return;
         }
-			
+
         // use success template.
         try {
-            cmsReq.setResult(issuedCerts); 
-            renderTemplate(cmsReq, mEnrollSuccessTemplate, 
-                mEnrollSuccessFiller);
-            cmsReq.setStatus(CMSRequest.SUCCESS); 
+            cmsReq.setResult(issuedCerts);
+            renderTemplate(cmsReq, mEnrollSuccessTemplate,
+                    mEnrollSuccessFiller);
+            cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
+                    CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
         }
         return;
     }
 
     /**
-     * fill subject name, validity, extensions from authoken if any, 
-     * overriding what was in pkcs10. 
-     * fill subject name, extensions from http input if not authenticated. 
-     * requests not authenticated will need to be approved by an agent. 
+     * fill subject name, validity, extensions from authoken if any,
+     * overriding what was in pkcs10.
+     * fill subject name, extensions from http input if not authenticated.
+     * requests not authenticated will need to be approved by an agent.
      */
     protected void fillCertInfoFromAuthToken(
-        X509CertInfo certInfo, IAuthToken authToken)
-        throws EBaseException {
+            X509CertInfo certInfo, IAuthToken authToken)
+            throws EBaseException {
         // override subject, validity and extensions from auth token
         // CA determines algorithm, version and issuer.
         // take key from keygen, cmc, pkcs10 or crmf. 
@@ -822,89 +819,89 @@ public class HashEnrollServlet extends CMSServlet {
         // subject name.
         try {
             String subjectname =
-                authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
+                    authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
 
             if (subjectname != null) {
                 CertificateSubjectName certSubject = (CertificateSubjectName)
-                    new CertificateSubjectName(new X500Name(subjectname));
+                        new CertificateSubjectName(new X500Name(subjectname));
 
                 certInfo.set(X509CertInfo.SUBJECT, certSubject);
-                log(ILogger.LL_INFO, 
-                    "cert subject set to " + certSubject + " from authtoken");
+                log(ILogger.LL_INFO,
+                        "cert subject set to " + certSubject + " from authtoken");
             }
         } catch (CertificateException e) {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
         } catch (IOException e) {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
-                    e.toString()));
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
+                            e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
         }
 
         // validity
         try {
             CertificateValidity validity = null;
-            Date notBefore = 
-                authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
-            Date notAfter = 
-                authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
+            Date notBefore =
+                    authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
+            Date notAfter =
+                    authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
 
             if (notBefore != null && notAfter != null) {
                 validity = new CertificateValidity(notBefore, notAfter);
                 certInfo.set(X509CertInfo.VALIDITY, validity);
-                log(ILogger.LL_INFO, 
-                    "cert validity set to " + validity + " from authtoken");
+                log(ILogger.LL_INFO,
+                        "cert validity set to " + validity + " from authtoken");
             }
         } catch (CertificateException e) {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1",
-                    e.toString()));
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1",
+                            e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
         } catch (IOException e) {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
         }
-	
+
         // extensions
         try {
             CertificateExtensions extensions =
-                authToken.getInCertExts(X509CertInfo.EXTENSIONS);
+                    authToken.getInCertExts(X509CertInfo.EXTENSIONS);
 
             if (extensions != null) {
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
                 log(ILogger.LL_INFO, "cert extensions set from authtoken");
             }
         } catch (CertificateException e) {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
         } catch (IOException e) {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1",
-                    e.toString()));
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1",
+                            e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
         }
     }
 
     protected X509CertInfo[] fillCRMF(
-        String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req) 
-        throws EBaseException {
+            String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req)
+            throws EBaseException {
         try {
             byte[] crmfBlob = CMS.AtoB(crmf);
             ByteArrayInputStream crmfBlobIn =
-                new ByteArrayInputStream(crmfBlob);
-			
+                    new ByteArrayInputStream(crmfBlob);
+
             SEQUENCE crmfMsgs = (SEQUENCE)
-                new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
+                    new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
 
             int nummsgs = crmfMsgs.size();
             X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs];
@@ -951,27 +948,27 @@ public class HashEnrollServlet extends CMSServlet {
                 if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) {
                     CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter());
 
-                    certInfo.set(X509CertInfo.VALIDITY, certValidity);	
+                    certInfo.set(X509CertInfo.VALIDITY, certValidity);
                 }
 
                 if (certTemplate.hasSubject()) {
                     Name subjectdn = certTemplate.getSubject();
-                    ByteArrayOutputStream subjectEncStream = 
-                        new ByteArrayOutputStream();
+                    ByteArrayOutputStream subjectEncStream =
+                            new ByteArrayOutputStream();
 
                     subjectdn.encode(subjectEncStream);
                     byte[] subjectEnc = subjectEncStream.toByteArray();
                     X500Name subject = new X500Name(subjectEnc);
 
-                    certInfo.set(X509CertInfo.SUBJECT, 
-                        new CertificateSubjectName(subject));
-                } else if (authToken == null || 
-                    authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
+                    certInfo.set(X509CertInfo.SUBJECT,
+                            new CertificateSubjectName(subject));
+                } else if (authToken == null ||
+                        authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
                     // No subject name - error! 
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+                            CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
                 }
 
                 // get extensions 
@@ -979,7 +976,7 @@ public class HashEnrollServlet extends CMSServlet {
 
                 try {
                     extensions = (CertificateExtensions)
-                            certInfo.get(X509CertInfo.EXTENSIONS); 
+                            certInfo.get(X509CertInfo.EXTENSIONS);
                 } catch (CertificateException e) {
                     extensions = null;
                 } catch (IOException e) {
@@ -989,40 +986,40 @@ public class HashEnrollServlet extends CMSServlet {
                     // put each extension from CRMF into CertInfo. 
                     // index by extension name, consistent with 
                     // CertificateExtensions.parseExtension() method.
-                    if (extensions == null) 
+                    if (extensions == null)
                         extensions = new CertificateExtensions();
                     int numexts = certTemplate.numExtensions();
 
                     for (int j = 0; j < numexts; j++) {
-                        org.mozilla.jss.pkix.cert.Extension jssext = 
-                            certTemplate.extensionAt(j);
+                        org.mozilla.jss.pkix.cert.Extension jssext =
+                                certTemplate.extensionAt(j);
                         boolean isCritical = jssext.getCritical();
-                        org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = 
-                            jssext.getExtnId();
+                        org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
+                                jssext.getExtnId();
                         long[] numbers = jssoid.getNumbers();
                         int[] oidNumbers = new int[numbers.length];
 
                         for (int k = numbers.length - 1; k >= 0; k--) {
                             oidNumbers[k] = (int) numbers[k];
                         }
-                        ObjectIdentifier oid = 
-                            new ObjectIdentifier(oidNumbers);
-                        org.mozilla.jss.asn1.OCTET_STRING jssvalue = 
-                            jssext.getExtnValue();
-                        ByteArrayOutputStream jssvalueout = 
-                            new ByteArrayOutputStream();
+                        ObjectIdentifier oid =
+                                new ObjectIdentifier(oidNumbers);
+                        org.mozilla.jss.asn1.OCTET_STRING jssvalue =
+                                jssext.getExtnValue();
+                        ByteArrayOutputStream jssvalueout =
+                                new ByteArrayOutputStream();
 
                         jssvalue.encode(jssvalueout);
                         byte[] extValue = jssvalueout.toByteArray();
 
-                        Extension ext = 
-                            new Extension(oid, isCritical, extValue);
+                        Extension ext =
+                                new Extension(oid, isCritical, extValue);
 
                         extensions.parseExtension(ext);
                     }
 
-                    certInfo.set(X509CertInfo.VERSION, 
-                        new CertificateVersion(CertificateVersion.V3));
+                    certInfo.set(X509CertInfo.VERSION,
+                            new CertificateVersion(CertificateVersion.V3));
                     certInfo.set(X509CertInfo.EXTENSIONS, extensions);
 
                 }
@@ -1034,8 +1031,8 @@ public class HashEnrollServlet extends CMSServlet {
                 // to have the control of the subject name
                 // formulation.
                 // -- CRMFfillCert
-                if (authToken != null && 
-                    authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
+                if (authToken != null &&
+                        authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
                     // if authenticated override subect name, validity and 
                     // extensions if any from authtoken.
                     fillCertInfoFromAuthToken(certInfo, authToken);
@@ -1048,27 +1045,27 @@ public class HashEnrollServlet extends CMSServlet {
 
             return certInfoArray;
         } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
-                    e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+                            e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
         } catch (InvalidBERException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
         } catch (InvalidKeyException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
-                    e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+                            e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
         }
     }
 
@@ -1107,19 +1104,19 @@ public class HashEnrollServlet extends CMSServlet {
             out.println("<P>");
             out.println("<PRE>");
             X509CertImpl certs[] =
-                cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS);
+                    cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
             out.println(CMS.getEncodedCert(certs[0]));
             out.println("</PRE>");
             out.println("<P>");
             out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
-                cmsReq.getIRequest().getCreationTime().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + 
-                cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_ID=" + 
-                cmsReq.getIRequest().getRequestId().toString() + ">");
+                    cmsReq.getIRequest().getCreationTime().toString() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+                    cmsReq.getStatus().toString() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_ID=" +
+                    cmsReq.getIRequest().getRequestId().toString() + ">");
             out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" +
-                CMS.getEncodedCert(certs[0]) + ">");
+                    CMS.getEncodedCert(certs[0]) + ">");
         } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) {
             out.println("<H1>");
             out.println("PENDING");
@@ -1136,11 +1133,11 @@ public class HashEnrollServlet extends CMSServlet {
             out.println(cmsReq.getIRequest().getRequestId().toString());
             out.println("<P>");
             out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
-                cmsReq.getIRequest().getCreationTime().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + 
-                cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_ID=" + 
-                cmsReq.getIRequest().getRequestId().toString() + ">");
+                    cmsReq.getIRequest().getCreationTime().toString() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+                    cmsReq.getStatus().toString() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_ID=" +
+                    cmsReq.getIRequest().getRequestId().toString() + ">");
         } else {
             out.println("<H1>");
             out.println("ERROR");
@@ -1155,21 +1152,21 @@ public class HashEnrollServlet extends CMSServlet {
             out.println("Error: ");
             out.println(cmsReq.getError()); // XXX - need to parse in Locale
             out.println("<P>");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + 
-                cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT ERROR=" + 
-                cmsReq.getError() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+                    cmsReq.getStatus().toString() + ">");
+            out.println("<!HTTP_OUTPUT ERROR=" +
+                    cmsReq.getError() + ">");
         }
 
         /**
-         // include all the input data
-         IArgBlock args = cmsReq.getHttpParams();
-         Enumeration ele = args.getElements();
-         while (ele.hasMoreElements()) {
-         String eleT = (String)ele.nextElement();
-         out.println("<!HTTP_INPUT " + eleT + "=" + 
-         args.get(eleT) + ">");
-         }
+         * // include all the input data
+         * IArgBlock args = cmsReq.getHttpParams();
+         * Enumeration ele = args.getElements();
+         * while (ele.hasMoreElements()) {
+         * String eleT = (String)ele.nextElement();
+         * out.println("<!HTTP_INPUT " + eleT + "=" +
+         * args.get(eleT) + ">");
+         * }
          **/
 
         out.println("</HTML>");
@@ -1184,32 +1181,32 @@ public class HashEnrollServlet extends CMSServlet {
 
     private boolean mIsTestBed = false;
 
-    private void init_testbed_hack(IConfigStore config) 
-        throws EBaseException {
+    private void init_testbed_hack(IConfigStore config)
+            throws EBaseException {
         mIsTestBed = config.getBoolean("isTestBed", true);
     }
 
     private void do_testbed_hack(
-        int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams) 
-        throws EBaseException {
-        if (!mIsTestBed) 
+            int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams)
+            throws EBaseException {
+        if (!mIsTestBed)
             return;
 
-            // get around bug in cartman - bits are off by one byte.
+        // get around bug in cartman - bits are off by one byte.
         for (int i = 0; i < certinfo.length; i++) {
             try {
                 X509CertInfo cert = certinfo[i];
                 CertificateExtensions exts = (CertificateExtensions)
-                    cert.get(CertificateExtensions.NAME);
+                        cert.get(CertificateExtensions.NAME);
 
                 if (exts == null) {
                     // should not happen.
                     continue;
                 }
                 KeyUsageExtension ext = (KeyUsageExtension)
-                    exts.get(KeyUsageExtension.class.getSimpleName());
+                        exts.get(KeyUsageExtension.class.getSimpleName());
 
-                if (ext == null) 
+                if (ext == null)
                     // should not happen 
                     continue;
                 byte[] value = ext.getExtensionValue();
@@ -1235,9 +1232,9 @@ public class HashEnrollServlet extends CMSServlet {
                         }
                     }
                     newvalue[4] = 0;
-                    KeyUsageExtension newext = 
-                        new KeyUsageExtension(Boolean.valueOf(true), 
-                            (Object) newvalue);
+                    KeyUsageExtension newext =
+                            new KeyUsageExtension(Boolean.valueOf(true),
+                                    (Object) newvalue);
 
                     exts.delete(KeyUsageExtension.class.getSimpleName());
                     exts.set(KeyUsageExtension.class.getSimpleName(), newext);
@@ -1253,4 +1250,3 @@ public class HashEnrollServlet extends CMSServlet {
 
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
index 75726730..5e4f7a42 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.BufferedReader;
 import java.io.ByteArrayOutputStream;
 import java.io.StringReader;
@@ -58,25 +57,26 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 
-
 /**
  * Set up HTTP response to import certificate into browsers
  * 
  * The result must have been populate with the set of certificates
  * to return.
+ * 
  * <pre>
  * inputs: certtype.
  * outputs: 
- *		- cert type from http input (if any)
+ * 	- cert type from http input (if any)
  *      - CA chain 
- *		- authority name (RM, CM, DRM)
+ * 	- authority name (RM, CM, DRM)
  *      - scheme:host:port of server.
- *	 array of one or more 
+ *  array of one or more 
  *      - cert serial number
  *      - cert pretty print
- *		- cert in base 64 encoding.
- *		- cmmf blob to import 
+ * 	- cert in base 64 encoding.
+ * 	- cmmf blob to import
  * </pre>
+ * 
  * @version $Revision$, $Date$
  */
 public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
@@ -88,7 +88,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
     public static final String CERT_FINGERPRINT = "certFingerprint"; // cisco
     public static final String CERT_NICKNAME = "certNickname";
     public static final String CMMF_RESP = "cmmfResponse";
-    public static final String PKCS7_RESP = "pkcs7ChainBase64";  // for MSIE
+    public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE
 
     public ImportCertsTemplateFiller() {
     }
@@ -100,19 +100,19 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
      * @param e unexpected exception e. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) 
-        throws Exception {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
+            throws Exception {
         Certificate[] certs = (Certificate[]) cmsReq.getResult();
 
         if (certs instanceof X509CertImpl[])
-            return 	getX509TemplateParams(cmsReq, authority, locale, e);
+            return getX509TemplateParams(cmsReq, authority, locale, e);
         else
             return null;
     }
-	
+
     public CMSTemplateParams getX509TemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) 
-        throws Exception {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
+            throws Exception {
         IArgBlock header = CMS.createArgBlock();
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(header, fixed);
@@ -123,9 +123,9 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
         int port = httpReq.getServerPort();
         String scheme = httpReq.getScheme();
         String format = httpReq.getParameter("format");
-        if(format!=null && format.equals("cmc"))
+        if (format != null && format.equals("cmc"))
             fixed.set("importCMC", "false");
-        String agentPort = ""+port;
+        String agentPort = "" + port;
         fixed.set("agentHost", host);
         fixed.set("agentPort", agentPort);
         fixed.set(ICMSTemplateFiller.HOST, host);
@@ -148,33 +148,34 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
 
         // set cert type.
         IArgBlock httpParams = cmsReq.getHttpParams();
-        String certType = 
-            httpParams.getValueAsString(CERT_TYPE, null);
+        String certType =
+                httpParams.getValueAsString(CERT_TYPE, null);
 
-        if (certType != null) 
+        if (certType != null)
             fixed.set(CERT_TYPE, certType);
 
-            // this authority
-        fixed.set(ICMSTemplateFiller.AUTHORITY, 
-            (String) authority.getOfficialName());
+        // this authority
+        fixed.set(ICMSTemplateFiller.AUTHORITY,
+                (String) authority.getOfficialName());
 
         // CA chain.
-        CertificateChain cachain = 
-            ((ICertAuthority) authority).getCACertChain();
+        CertificateChain cachain =
+                ((ICertAuthority) authority).getCACertChain();
         X509Certificate[] cacerts = cachain.getChain();
 
         String replyTo = httpParams.getValueAsString("replyTo", null);
 
-        if (replyTo != null) fixed.set("replyTo", replyTo);
+        if (replyTo != null)
+            fixed.set("replyTo", replyTo);
 
-            // set user + CA cert chain and pkcs7 for MSIE. 
+        // set user + CA cert chain and pkcs7 for MSIE. 
         X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
         int m = 1, n = 0;
 
-        for (; n < cacerts.length; m++, n++) 
+        for (; n < cacerts.length; m++, n++)
             userChain[m] = (X509CertImpl) cacerts[n];
 
-            // certs. 
+        // certs. 
         X509CertImpl[] certs = (X509CertImpl[]) cmsReq.getResult();
 
         // expose CRMF request id
@@ -196,23 +197,23 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
         if (CMSServlet.doCMMFResponse(httpParams)) {
             byte[][] caPubs = new byte[cacerts.length][];
 
-            for (int j = 0; j < cacerts.length; j++) 
+            for (int j = 0; j < cacerts.length; j++)
                 caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded();
             certRepContent = new CertRepContent(caPubs);
 
-            String certnickname = 
-                cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null);
+            String certnickname =
+                    cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null);
 
             // if nickname is not requested set to subject name by default.
-            if (certnickname == null) 
+            if (certnickname == null)
                 fixed.set(CERT_NICKNAME, certs[0].getSubjectDN().toString());
             else
                 fixed.set(CERT_NICKNAME, certnickname);
         }
 
         // make pkcs7 for MSIE 
-        if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) && 
-            (certType == null || certType.equals("client"))) {
+        if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) &&
+                (certType == null || certType.equals("client"))) {
             userChain[0] = certs[0];
             PKCS7 p7 = new PKCS7(new AlgorithmId[0],
                     new ContentInfo(new byte[0]),
@@ -234,8 +235,8 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
             X509CertImpl cert = certs[i];
 
             // set serial number.
-            BigInteger serialNo = 
-                ((X509Certificate) cert).getSerialNumber();
+            BigInteger serialNo =
+                    ((X509Certificate) cert).getSerialNumber();
 
             repeat.addBigIntegerValue(ISSUED_CERT_SERIAL, serialNo, 16);
 
@@ -244,14 +245,14 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
             //			String b64 = encoder.encodeBuffer(certEncoded);
             String b64 = CMS.BtoA(certEncoded);
             String b64cert = "-----BEGIN CERTIFICATE-----\n" +
-                b64 + "\n-----END CERTIFICATE-----";
+                    b64 + "\n-----END CERTIFICATE-----";
 
             repeat.set(BASE64_CERT, b64cert);
-			
+
             // set cert pretty print.
-			
+
             String prettyPrintRequested =
-                cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null);
+                    cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null);
 
             if (prettyPrintRequested == null) {
                 prettyPrintRequested = "true";
@@ -266,7 +267,8 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
             repeat.set(CERT_PRETTYPRINT, ppStr);
 
             // Now formulate a PKCS#7 blob
-            X509CertImpl[] certsInChain = new X509CertImpl[1];; 
+            X509CertImpl[] certsInChain = new X509CertImpl[1];
+            ;
             if (cacerts != null) {
                 for (int j = 0; j < cacerts.length; j++) {
                     if (cert.equals(cacerts[j])) {
@@ -277,10 +279,10 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
                     certsInChain = new X509CertImpl[cacerts.length + 1];
                 }
             }
-			
+
             // Set the EE cert
             certsInChain[0] = cert;
-			
+
             // Set the Ca certificate chain
             if (cacerts != null) {
                 for (int j = 0; j < cacerts.length; j++) {
@@ -292,7 +294,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
             String p7Str;
 
             try {
-                PKCS7 p7 = new PKCS7(new AlgorithmId[0], 
+                PKCS7 p7 = new PKCS7(new AlgorithmId[0],
                         new ContentInfo(new byte[0]),
                         certsInChain,
                         new SignerInfo[0]);
@@ -308,7 +310,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
                 //p7Str = "PKCS#7 B64 Encoding error - " + ex.toString() 
                 //+ "; Please contact your administrator";
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
+                        CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
             }
 
             // set cert fingerprint (for Cisco routers)
@@ -325,18 +327,18 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
                 throw new EBaseException(
                         CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString()));
             }
-            if (fingerprint != null && fingerprint.length() > 0) 
+            if (fingerprint != null && fingerprint.length() > 0)
                 repeat.set(CERT_FINGERPRINT, fingerprint);
 
-                // cmmf response for this cert.
+            // cmmf response for this cert.
             if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null &&
-                (certType == null || certType.equals("client"))) {
+                    (certType == null || certType.equals("client"))) {
                 PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted);
-                CertifiedKeyPair certifiedKP = 
-                    new CertifiedKeyPair(new CertOrEncCert(certEncoded));
-                CertResponse resp = 
-                    new CertResponse(new INTEGER(crmfReqId), status, 
-                        certifiedKP);
+                CertifiedKeyPair certifiedKP =
+                        new CertifiedKeyPair(new CertOrEncCert(certEncoded));
+                CertResponse resp =
+                        new CertResponse(new INTEGER(crmfReqId), status,
+                                certifiedKP);
 
                 certRepContent.addCertResponse(resp);
             }
@@ -352,8 +354,8 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
             byte[] certRepBytes = certRepOut.toByteArray();
             String certRepB64 = com.netscape.osutil.OSUtil.BtoA(certRepBytes);
             // add CR to each return as required by cartman
-            BufferedReader certRepB64lines = 
-                new BufferedReader(new StringReader(certRepB64));
+            BufferedReader certRepB64lines =
+                    new BufferedReader(new StringReader(certRepB64));
             StringWriter certRepStringOut = new StringWriter();
             String oneLine = null;
             boolean first = true;
@@ -376,4 +378,3 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java
index a65be25a..492e0cde 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.PublicKey;
@@ -57,10 +56,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Retrieve a paged list of certs matching the specified query
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ListCerts extends CMSServlet {
@@ -78,8 +76,8 @@ public class ListCerts extends CMSServlet {
     private ICertificateRepository mCertDB = null;
     private X500Name mAuthName = null;
     private String mFormPath = null;
-    private boolean  mReverse = false;
-    private boolean  mHardJumpTo = false; //jump to the end
+    private boolean mReverse = false;
+    private boolean mHardJumpTo = false; //jump to the end
     private String mDirection = null;
     private boolean mUseClientFilter = false;
     private Vector<String> mAllowedClientFilters = new Vector<String>();
@@ -95,7 +93,7 @@ public class ListCerts extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "queryCert.template" to render the response
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -125,23 +123,23 @@ public class ListCerts extends CMSServlet {
            the client applications that submits raw LDAP
            filter into this servlet.  */
         if (sc.getInitParameter(USE_CLIENT_FILTER) != null &&
-              sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) {            mUseClientFilter = true;
+                sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) {
+            mUseClientFilter = true;
         }
         if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) {
-             mAllowedClientFilters.addElement("(certStatus=*)");
-             mAllowedClientFilters.addElement("(certStatus=VALID)");
-             mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))");
-             mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=REVOKED))");
+            mAllowedClientFilters.addElement("(certStatus=*)");
+            mAllowedClientFilters.addElement("(certStatus=VALID)");
+            mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))");
+            mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=REVOKED))");
         } else {
             StringTokenizer st = new StringTokenizer(sc.getInitParameter(ALLOWED_CLIENT_FILTERS), ",");
             while (st.hasMoreTokens()) {
-              mAllowedClientFilters.addElement(st.nextToken());
+                mAllowedClientFilters.addElement(st.nextToken());
             }
         }
     }
 
-    public String buildFilter(HttpServletRequest req)
-    {
+    public String buildFilter(HttpServletRequest req) {
         String queryCertFilter = req.getParameter("queryCertFilter");
 
         com.netscape.certsrv.apps.CMS.debug("client queryCertFilter=" + queryCertFilter);
@@ -151,7 +149,7 @@ public class ListCerts extends CMSServlet {
             Enumeration<String> filters = mAllowedClientFilters.elements();
             // check to see if the filter is allowed
             while (filters.hasMoreElements()) {
-                String filter = (String)filters.nextElement();
+                String filter = (String) filters.nextElement();
                 com.netscape.certsrv.apps.CMS.debug("Comparing filter=" + filter + " queryCertFilter=" + queryCertFilter);
                 if (filter.equals(queryCertFilter)) {
                     return queryCertFilter;
@@ -166,34 +164,33 @@ public class ListCerts extends CMSServlet {
         boolean skipRevoked = false;
         boolean skipNonValid = false;
         if (req.getParameter("skipRevoked") != null &&
-            req.getParameter("skipRevoked").equals("on")) {
+                req.getParameter("skipRevoked").equals("on")) {
             skipRevoked = true;
         }
         if (req.getParameter("skipNonValid") != null &&
-            req.getParameter("skipNonValid").equals("on")) {
+                req.getParameter("skipNonValid").equals("on")) {
             skipNonValid = true;
         }
 
         if (!skipRevoked && !skipNonValid) {
-            queryCertFilter = "(certStatus=*)"; 
-        } else if (skipRevoked && skipNonValid) { 
-            queryCertFilter = "(certStatus=VALID)"; 
-        } else if (skipRevoked) { 
-            queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"; 
-        } else if (skipNonValid) { 
-            queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))"; 
+            queryCertFilter = "(certStatus=*)";
+        } else if (skipRevoked && skipNonValid) {
+            queryCertFilter = "(certStatus=VALID)";
+        } else if (skipRevoked) {
+            queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))";
+        } else if (skipNonValid) {
+            queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))";
         }
         return queryCertFilter;
     }
 
     /**
-     * Process the HTTP request. 
-	 * <ul>
-	 * <li>http.param maxCount Number of certificates to show
-     * <li>http.param queryFilter and ldap style filter specifying the
-     *         certificates to show
-     * <li>http.param querySentinelDown the serial number of the first certificate to show  (default decimal, or hex if prefixed with 0x) when paging down
-     * <li>http.param querySentinelUp the serial number of the first certificate to show  (default decimal, or hex if prefixed with 0x) when paging up
+     * Process the HTTP request.
+     * <ul>
+     * <li>http.param maxCount Number of certificates to show
+     * <li>http.param queryFilter and ldap style filter specifying the certificates to show
+     * <li>http.param querySentinelDown the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging down
+     * <li>http.param querySentinelUp the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging up
      * <li>http.param direction "up", "down", "begin", or "end"
      * </ul>
      */
@@ -232,24 +229,24 @@ public class ListCerts extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
-	mHardJumpTo = false;
+        mHardJumpTo = false;
         try {
 
-	    if (req.getParameter("direction") != null) {
-		mDirection = req.getParameter("direction").trim();
-		mReverse = mDirection.equals("up");
-		if (mReverse)
-		    com.netscape.certsrv.apps.CMS.debug("reverse is true");
-		else
-		    com.netscape.certsrv.apps.CMS.debug("reverse is false");
+            if (req.getParameter("direction") != null) {
+                mDirection = req.getParameter("direction").trim();
+                mReverse = mDirection.equals("up");
+                if (mReverse)
+                    com.netscape.certsrv.apps.CMS.debug("reverse is true");
+                else
+                    com.netscape.certsrv.apps.CMS.debug("reverse is false");
 
-	    }
+            }
 
             if (req.getParameter("maxCount") != null) {
                 maxCount = Integer.parseInt(req.getParameter("maxCount"));
@@ -259,19 +256,19 @@ public class ListCerts extends CMSServlet {
                 maxCount = mMaxReturns;
             }
 
-	    String sentinelStr = "";
-	    if (mReverse) {
-		sentinelStr = req.getParameter("querySentinelUp");
-	    } else if (mDirection.equals("end")) {
-		// this servlet will figure out the end
-		sentinelStr = "0";
-		mReverse = true;
-		mHardJumpTo = true;
-	    } else if (mDirection.equals("down")) {
-		 sentinelStr = req.getParameter("querySentinelDown");
-	    } else
-		sentinelStr = "0";
-	//begin and non-specified have sentinel default "0"
+            String sentinelStr = "";
+            if (mReverse) {
+                sentinelStr = req.getParameter("querySentinelUp");
+            } else if (mDirection.equals("end")) {
+                // this servlet will figure out the end
+                sentinelStr = "0";
+                mReverse = true;
+                mHardJumpTo = true;
+            } else if (mDirection.equals("down")) {
+                sentinelStr = req.getParameter("querySentinelDown");
+            } else
+                sentinelStr = "0";
+            //begin and non-specified have sentinel default "0"
 
             if (sentinelStr != null) {
                 if (sentinelStr.trim().startsWith("0x")) {
@@ -288,7 +285,7 @@ public class ListCerts extends CMSServlet {
 
                 //if (isCertFromCA(caCert))
                 header.addStringValue("caSerialNumber",
-                    caCert.getSerialNumber().toString(16));
+                        caCert.getSerialNumber().toString(16));
             }
 
             // constructs the ldap filter on the server side
@@ -298,7 +295,7 @@ public class ListCerts extends CMSServlet {
                 cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
                 return;
             }
- 
+
             com.netscape.certsrv.apps.CMS.debug("queryCertFilter=" + queryCertFilter);
 
             int totalRecordCount = -1;
@@ -307,16 +304,16 @@ public class ListCerts extends CMSServlet {
                 totalRecordCount = Integer.parseInt(req.getParameter("totalRecordCount"));
             } catch (Exception e) {
             }
-            processCertFilter(argSet, header, maxCount, 
-                  sentinel,
-                  totalRecordCount,
-                  req.getParameter("serialTo"), 
-                  queryCertFilter,
-                  req, resp, revokeAll, locale[0]);
+            processCertFilter(argSet, header, maxCount,
+                    sentinel,
+                    totalRecordCount,
+                    req.getParameter("serialTo"),
+                    queryCertFilter,
+                    req, resp, revokeAll, locale[0]);
         } catch (NumberFormatException e) {
             log(ILogger.LL_FAILURE, com.netscape.certsrv.apps.CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
-				
-            error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+
+            error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
         } catch (EBaseException e) {
             error = e;
         }
@@ -329,36 +326,36 @@ public class ListCerts extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
-    private void processCertFilter(CMSTemplateParams argSet, 
-        IArgBlock header, 
-        int maxCount,
-        BigInteger sentinel,	
-        int totalRecordCount,	
-        String serialTo, 
-        String filter, 
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        String revokeAll, 
-        Locale locale
-    ) throws EBaseException {
+    private void processCertFilter(CMSTemplateParams argSet,
+            IArgBlock header,
+            int maxCount,
+            BigInteger sentinel,
+            int totalRecordCount,
+            String serialTo,
+            String filter,
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            String revokeAll,
+            Locale locale
+            ) throws EBaseException {
         BigInteger serialToVal = MINUS_ONE;
 
         try {
@@ -376,21 +373,21 @@ public class ListCerts extends CMSServlet {
         }
 
         String jumpTo = sentinel.toString();
-	int pSize = 0;
-	if (mReverse) {
-	    if (!mHardJumpTo) //reverse gets one more
-		pSize = -1*maxCount-1;
-	    else
-		pSize = -1*maxCount;
-	} else
-	    pSize = maxCount;
+        int pSize = 0;
+        if (mReverse) {
+            if (!mHardJumpTo) //reverse gets one more
+                pSize = -1 * maxCount - 1;
+            else
+                pSize = -1 * maxCount;
+        } else
+            pSize = maxCount;
 
         ICertRecordList list = (ICertRecordList) mCertDB.findCertRecordsInList(
-	       filter, (String[]) null, jumpTo, mHardJumpTo, "serialno",
-	       pSize);
+                filter, (String[]) null, jumpTo, mHardJumpTo, "serialno",
+                pSize);
         // retrive maxCount + 1 entries
 
-        Enumeration<ICertRecord> e = list.getCertRecords(0, maxCount); 
+        Enumeration<ICertRecord> e = list.getCertRecords(0, maxCount);
 
         ICertRecordList tolist = null;
         int toCurIndex = 0;
@@ -399,8 +396,8 @@ public class ListCerts extends CMSServlet {
             // if user specify a range, we need to 
             // calculate the totalRecordCount
             tolist = (ICertRecordList) mCertDB.findCertRecordsInList(
-                        filter, 
-                        (String[]) null, serialTo, 
+                        filter,
+                        (String[]) null, serialTo,
                         "serialno", maxCount);
             Enumeration<ICertRecord> en = tolist.getCertRecords(0, 0);
 
@@ -420,82 +417,82 @@ public class ListCerts extends CMSServlet {
                 }
             }
         }
-	
+
         int curIndex = list.getCurrentIndex();
 
         int count = 0;
-	BigInteger firstSerial = new BigInteger("0");
-	BigInteger curSerial = new BigInteger("0");
-	ICertRecord[] recs = new ICertRecord[maxCount];
-	int rcount = 0;
+        BigInteger firstSerial = new BigInteger("0");
+        BigInteger curSerial = new BigInteger("0");
+        ICertRecord[] recs = new ICertRecord[maxCount];
+        int rcount = 0;
 
         if (e != null) {
-	    /* in reverse (page up), because the sentinel is the one after the
-	     * last item to be displayed, we need to skip it
-	     */
-            while ((count < ((mReverse &&!mHardJumpTo)? (maxCount+1):maxCount)) && e.hasMoreElements()) {
+            /* in reverse (page up), because the sentinel is the one after the
+             * last item to be displayed, we need to skip it
+             */
+            while ((count < ((mReverse && !mHardJumpTo) ? (maxCount + 1) : maxCount)) && e.hasMoreElements()) {
                 ICertRecord rec = (ICertRecord) e.nextElement();
 
                 if (rec == null) {
-		com.netscape.certsrv.apps.CMS.debug("record "+count+" is null");
+                    com.netscape.certsrv.apps.CMS.debug("record " + count + " is null");
                     break;
-		}
+                }
                 curSerial = rec.getSerialNumber();
-		com.netscape.certsrv.apps.CMS.debug("record "+count+" is serial#"+curSerial);
-
-		if (count == 0) {
-		    firstSerial = curSerial;
-		    if (mReverse && !mHardJumpTo) {//reverse got one more, skip
-			count++;
-			continue;
-		    }
-		}
-
-                    // DS has a problem where last record will be returned
-                    // even though the filter is not matched. 
-		/*cfu -  is this necessary?  it breaks when paging up
-		if (curSerial.compareTo(sentinel) == -1) {
-			com.netscape.certsrv.apps.CMS.debug("curSerial compare sentinel -1 break...");
-
-			break;
-		    }
-		*/
+                com.netscape.certsrv.apps.CMS.debug("record " + count + " is serial#" + curSerial);
+
+                if (count == 0) {
+                    firstSerial = curSerial;
+                    if (mReverse && !mHardJumpTo) {//reverse got one more, skip
+                        count++;
+                        continue;
+                    }
+                }
+
+                // DS has a problem where last record will be returned
+                // even though the filter is not matched. 
+                /*cfu -  is this necessary?  it breaks when paging up
+                if (curSerial.compareTo(sentinel) == -1) {
+                	com.netscape.certsrv.apps.CMS.debug("curSerial compare sentinel -1 break...");
+
+                	break;
+                    }
+                */
                 if (!serialToVal.equals(MINUS_ONE)) {
                     // check if we go over the limit
                     if (curSerial.compareTo(serialToVal) == 1) {
-		com.netscape.certsrv.apps.CMS.debug("curSerial compare serialToVal 1 breaking...");
+                        com.netscape.certsrv.apps.CMS.debug("curSerial compare serialToVal 1 breaking...");
                         break;
-		    }
+                    }
                 }
 
-		if (mReverse) {
-		    recs[rcount++] = rec;
-		} else {
+                if (mReverse) {
+                    recs[rcount++] = rec;
+                } else {
 
-		    IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock();
+                    IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock();
 
-		    fillRecordIntoArg(rec, rarg);
-		    argSet.addRepeatRecord(rarg);
-		}
+                    fillRecordIntoArg(rec, rarg);
+                    argSet.addRepeatRecord(rarg);
+                }
                 count++;
             }
         } else {
             com.netscape.certsrv.apps.CMS.debug(
-                "ListCerts::processCertFilter() - no Cert Records found!" );
+                    "ListCerts::processCertFilter() - no Cert Records found!");
             return;
         }
 
-	if (mReverse) {
-	// fill records into arg block and argSet
-	for (int ii = rcount-1; ii>= 0; ii--) {
-	    if (recs[ii] != null) {
-                IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock();
-		//com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+ recs[ii].getSerialNumber());
-                fillRecordIntoArg(recs[ii], rarg);
-                argSet.addRepeatRecord(rarg);
-	    }
-	}
-	}
+        if (mReverse) {
+            // fill records into arg block and argSet
+            for (int ii = rcount - 1; ii >= 0; ii--) {
+                if (recs[ii] != null) {
+                    IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock();
+                    //com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+ recs[ii].getSerialNumber());
+                    fillRecordIntoArg(recs[ii], rarg);
+                    argSet.addRepeatRecord(rarg);
+                }
+            }
+        }
 
         // peek ahead
         ICertRecord nextRec = null;
@@ -519,58 +516,58 @@ public class ListCerts extends CMSServlet {
         if (totalRecordCount == -1) {
             if (!serialToVal.equals(MINUS_ONE)) {
                 totalRecordCount = toCurIndex - curIndex + 1;
-		com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount);
+                com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" + totalRecordCount);
             } else {
-                totalRecordCount = list.getSize() - 
+                totalRecordCount = list.getSize() -
                         list.getCurrentIndex();
-		com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount);
+                com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" + totalRecordCount);
             }
         }
 
         header.addIntegerValue("totalRecordCount", totalRecordCount);
-        header.addIntegerValue("currentRecordCount", list.getSize() - 
-            list.getCurrentIndex());
-
-	String qs = "";
-	if (mReverse)
-	    qs = "querySentinelUp";
-	else
-	    qs = "querySentinelDown";
-
-	if (mHardJumpTo) {
-	  com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString());
-
-	  header.addStringValue("querySentinelUp", curSerial.toString());
-	} else {
-        if (nextRec == null) {
-            header.addStringValue(qs, null);
-	    com.netscape.certsrv.apps.CMS.debug("nextRec is null");
-	    if (mReverse) {
-		com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString());
-
-		header.addStringValue("querySentinelUp", curSerial.toString());
-	    }
+        header.addIntegerValue("currentRecordCount", list.getSize() -
+                list.getCurrentIndex());
+
+        String qs = "";
+        if (mReverse)
+            qs = "querySentinelUp";
+        else
+            qs = "querySentinelDown";
+
+        if (mHardJumpTo) {
+            com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:" + curSerial.toString());
+
+            header.addStringValue("querySentinelUp", curSerial.toString());
         } else {
-            BigInteger nextRecNo = nextRec.getSerialNumber();
+            if (nextRec == null) {
+                header.addStringValue(qs, null);
+                com.netscape.certsrv.apps.CMS.debug("nextRec is null");
+                if (mReverse) {
+                    com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:" + curSerial.toString());
 
-            if (serialToVal.equals(MINUS_ONE)) {
-                header.addStringValue(
-                    qs, nextRecNo.toString());
+                    header.addStringValue("querySentinelUp", curSerial.toString());
+                }
             } else {
-                if (nextRecNo.compareTo(serialToVal) <= 0) {
+                BigInteger nextRecNo = nextRec.getSerialNumber();
+
+                if (serialToVal.equals(MINUS_ONE)) {
                     header.addStringValue(
-                        qs, nextRecNo.toString());
+                            qs, nextRecNo.toString());
                 } else {
-                    header.addStringValue(qs, 
-                        null);
+                    if (nextRecNo.compareTo(serialToVal) <= 0) {
+                        header.addStringValue(
+                                qs, nextRecNo.toString());
+                    } else {
+                        header.addStringValue(qs,
+                                null);
+                    }
                 }
+                com.netscape.certsrv.apps.CMS.debug("querySentinel " + qs + " = " + nextRecNo.toString());
             }
-	    com.netscape.certsrv.apps.CMS.debug("querySentinel "+qs+" = "+nextRecNo.toString());
-        }
-	} // !mHardJumpto
+        } // !mHardJumpto
 
-	header.addStringValue(!mReverse? "querySentinelUp":"querySentinelDown", 
-				  firstSerial.toString());
+        header.addStringValue(!mReverse ? "querySentinelUp" : "querySentinelDown",
+                  firstSerial.toString());
 
     }
 
@@ -578,7 +575,7 @@ public class ListCerts extends CMSServlet {
      * Fills cert record into argument block.
      */
     private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg)
-        throws EBaseException {
+            throws EBaseException {
 
         X509CertImpl xcert = rec.getCertificate();
 
@@ -586,9 +583,9 @@ public class ListCerts extends CMSServlet {
             fillX509RecordIntoArg(rec, rarg);
         }
     }
-	
+
     private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg)
-        throws EBaseException {
+            throws EBaseException {
 
         X509CertImpl cert = rec.getCertificate();
 
@@ -631,12 +628,13 @@ public class ListCerts extends CMSServlet {
         rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID());
         String issuedBy = rec.getIssuedBy();
 
-        if (issuedBy == null) issuedBy = "";
+        if (issuedBy == null)
+            issuedBy = "";
         rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString()
         rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000);
 
         rarg.addStringValue("revokedBy",
-            ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy()));
+                ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy()));
         if (rec.getRevokedOn() == null) {
             rarg.addStringValue("revokedOn", null);
         } else {
@@ -665,4 +663,3 @@ public class ListCerts extends CMSServlet {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java
index db77d039..b248d2bd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.util.Calendar;
 import java.util.Date;
@@ -51,10 +50,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Provide statistical queries of request and certificate records.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class Monitor extends CMSServlet {
@@ -83,8 +81,8 @@ public class Monitor extends CMSServlet {
 
     /**
      * initialize the servlet. This servlet uses the template file
-	 * 'monitor.template' to render the response.
-     *
+     * 'monitor.template' to render the response.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
 
@@ -111,8 +109,8 @@ public class Monitor extends CMSServlet {
      * Process the HTTP request.
      * <ul>
      * <li>http.param startTime start of time period to query
-     * <li>http.param  endTime   end of time period to query
-     * <li>http.param interval  time between queries
+     * <li>http.param endTime end of time period to query
+     * <li>http.param interval time between queries
      * <li>http.param numberOfIntervals number of queries to run
      * <li>http.param maxResults =number
      * <li>http.param timeLimit =time
@@ -130,10 +128,10 @@ public class Monitor extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -158,8 +156,8 @@ public class Monitor extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
@@ -172,7 +170,7 @@ public class Monitor extends CMSServlet {
             process(argSet, header, startTime, endTime, interval, numberOfIntervals, locale[0]);
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString()));
             error = e;
         }
 
@@ -182,29 +180,29 @@ public class Monitor extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
-                    e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
+                            e.toString()));
             throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
-    private void process(CMSTemplateParams argSet, IArgBlock header, 
-        String startTime, String endTime,
-        String interval, String numberOfIntervals,
-        Locale locale)
-        throws EBaseException {
+    private void process(CMSTemplateParams argSet, IArgBlock header,
+            String startTime, String endTime,
+            String interval, String numberOfIntervals,
+            Locale locale)
+            throws EBaseException {
         if (interval == null || interval.length() == 0) {
             header.addStringValue("error", "Invalid interval: " + interval);
             return;
@@ -270,7 +268,7 @@ public class Monitor extends CMSServlet {
 
         return;
     }
-    
+
     Date nextDate(Date d, int seconds) {
         Date date = new Date((d.getTime()) + ((long) (seconds * 1000)));
 
@@ -326,12 +324,12 @@ public class Monitor extends CMSServlet {
                     mTotalReqs += count;
                 }
             } catch (Exception ex) {
-                return "Exception: " + ex; 
+                return "Exception: " + ex;
             }
 
             return null;
         } else {
-            return "Missing start or end date"; 
+            return "Missing start or end date";
         }
     }
 
@@ -348,12 +346,12 @@ public class Monitor extends CMSServlet {
                 int hour = Integer.parseInt(z.substring(8, 10));
                 int minute = Integer.parseInt(z.substring(10, 12));
                 int second = Integer.parseInt(z.substring(12, 14));
-                Calendar calendar= Calendar.getInstance();
+                Calendar calendar = Calendar.getInstance();
                 calendar.set(year, month, date, hour, minute, second);
                 d = calendar.getTime();
             } catch (NumberFormatException nfe) {
             }
-        } else if (z != null && z.length() > 1 && z.charAt(0) == '-') {  // -5
+        } else if (z != null && z.length() > 1 && z.charAt(0) == '-') { // -5
             try {
                 int i = Integer.parseInt(z);
 
@@ -370,23 +368,27 @@ public class Monitor extends CMSServlet {
         Calendar calendar = Calendar.getInstance();
         calendar.setTime(d);
 
-
         String time = "" + (calendar.get(Calendar.YEAR));
         int i = calendar.get(Calendar.MONTH) + 1;
 
-        if (i < 10) time += "0";
+        if (i < 10)
+            time += "0";
         time += i;
-        i =  calendar.get(Calendar.DAY_OF_MONTH);
-        if (i < 10) time += "0";
+        i = calendar.get(Calendar.DAY_OF_MONTH);
+        if (i < 10)
+            time += "0";
         time += i;
         i = calendar.get(Calendar.HOUR_OF_DAY);
-        if (i < 10) time += "0";
+        if (i < 10)
+            time += "0";
         time += i;
         i = calendar.get(Calendar.MINUTE);
-        if (i < 10) time += "0";
+        if (i < 10)
+            time += "0";
         time += i;
         i = calendar.get(Calendar.SECOND);
-        if (i < 10) time += "0";
+        if (i < 10)
+            time += "0";
         time += i + "Z";
         return time;
     }
@@ -403,4 +405,3 @@ public class Monitor extends CMSServlet {
         return filter;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
index 50296cf1..87882059 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Specify the RevocationReason when revoking a certificate
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ReasonToRevoke extends CMSServlet {
@@ -75,9 +73,9 @@ public class ReasonToRevoke extends CMSServlet {
     }
 
     /**
-	 * initialize the servlet. This servlet uses the template file
-	 * 'reasonToRevoke.template' to render the response
- 	 *
+     * initialize the servlet. This servlet uses the template file
+     * 'reasonToRevoke.template' to render the response
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -108,13 +106,13 @@ public class ReasonToRevoke extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
-     * Process the HTTP request. 
-     *
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -130,10 +128,10 @@ public class ReasonToRevoke extends CMSServlet {
                         mAuthzResourceName, "revoke");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -151,10 +149,10 @@ public class ReasonToRevoke extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -163,20 +161,20 @@ public class ReasonToRevoke extends CMSServlet {
 
         try {
             if (req.getParameter("totalRecordCount") != null) {
-                totalRecordCount = 
+                totalRecordCount =
                         Integer.parseInt(req.getParameter("totalRecordCount"));
             }
 
             revokeAll = req.getParameter("revokeAll");
 
-            process(argSet, header, req, resp, 
-                revokeAll, totalRecordCount, locale[0]);
+            process(argSet, header, req, resp,
+                    revokeAll, totalRecordCount, locale[0]);
         } catch (EBaseException e) {
             error = e;
         } catch (NumberFormatException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_RECORD_COUNT_FORMAT"));
             error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
-        } 
+        }
 
         /*
          catch (Exception e) {
@@ -196,30 +194,30 @@ public class ReasonToRevoke extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        String revokeAll, int totalRecordCount,
-        Locale locale) 
-        throws EBaseException {
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            String revokeAll, int totalRecordCount,
+            Locale locale)
+            throws EBaseException {
 
         header.addStringValue("revokeAll", revokeAll);
         header.addIntegerValue("totalRecordCount", totalRecordCount);
@@ -238,14 +236,14 @@ public class ReasonToRevoke extends CMSServlet {
 
                 if (isCertFromCA(caCert)) {
                     header.addStringValue("caSerialNumber",
-                        caCert.getSerialNumber().toString(16));
+                            caCert.getSerialNumber().toString(16));
                 }
             }
 
             /**
-             ICertRecordList list = mCertDB.findCertRecordsInList(
-             revokeAll, null, totalRecordCount);
-             Enumeration e = list.getCertRecords(0, totalRecordCount - 1);
+             * ICertRecordList list = mCertDB.findCertRecordsInList(
+             * revokeAll, null, totalRecordCount);
+             * Enumeration e = list.getCertRecords(0, totalRecordCount - 1);
              **/
             Enumeration e = mCertDB.searchCertificates(revokeAll,
                     totalRecordCount, mTimeLimits);
@@ -265,16 +263,16 @@ public class ReasonToRevoke extends CMSServlet {
                         count++;
                         IArgBlock rarg = CMS.createArgBlock();
 
-                        rarg.addStringValue("serialNumber", 
-                            xcert.getSerialNumber().toString(16));
-                        rarg.addStringValue("serialNumberDecimal", 
-                            xcert.getSerialNumber().toString());
-                        rarg.addStringValue("subject", 
-                            xcert.getSubjectDN().toString());
-                        rarg.addLongValue("validNotBefore", 
-                            xcert.getNotBefore().getTime() / 1000);
-                        rarg.addLongValue("validNotAfter", 
-                            xcert.getNotAfter().getTime() / 1000);
+                        rarg.addStringValue("serialNumber",
+                                xcert.getSerialNumber().toString(16));
+                        rarg.addStringValue("serialNumberDecimal",
+                                xcert.getSerialNumber().toString());
+                        rarg.addStringValue("subject",
+                                xcert.getSubjectDN().toString());
+                        rarg.addLongValue("validNotBefore",
+                                xcert.getNotBefore().getTime() / 1000);
+                        rarg.addLongValue("validNotAfter",
+                                xcert.getNotAfter().getTime() / 1000);
                         argSet.addRepeatRecord(rarg);
                     }
             }
@@ -288,4 +286,3 @@ public class ReasonToRevoke extends CMSServlet {
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java
index 9c414b9c..5a0a1266 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.util.Calendar;
 import java.util.Date;
@@ -54,7 +53,6 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Allow agent to turn on/off authentication managers
  * 
@@ -89,7 +87,7 @@ public class RemoteAuthConfig extends CMSServlet {
 
     /**
      * Initializes the servlet.
-     *
+     * 
      * Presence of "auths.enableRemoteConfiguration=true" in CMS.cfg
      * enables remote configuration for authentication plugins.
      * List of remotely set instances can be found in CMS.cfg
@@ -133,16 +131,16 @@ public class RemoteAuthConfig extends CMSServlet {
 
     /**
      * Serves HTTPS request. The format of this request is as follows:
-     *   https://host:ee-port/remoteAuthConfig?
-     *                        op="add"|"delete"&
-     *                        instance=<instanceName>&
-     *                        of=<authPluginName>&
-     *                        host=<hostName>&
-     *                        port=<portNumber>&
-     *                        password=<password>&
-     *                        [adminDN=<adminDN>]&
-     *                        [uid=<uid>]&
-     *                        [baseDN=<baseDN>]
+     * https://host:ee-port/remoteAuthConfig?
+     * op="add"|"delete"&
+     * instance=<instanceName>&
+     * of=<authPluginName>&
+     * host=<hostName>&
+     * port=<portNumber>&
+     * password=<password>&
+     * [adminDN=<adminDN>]&
+     * [uid=<uid>]&
+     * [baseDN=<baseDN>]
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
@@ -201,7 +199,7 @@ public class RemoteAuthConfig extends CMSServlet {
                                     }
                                 } else {
                                     header.addStringValue("error", "Unknown instance " +
-                                        instance + ".");
+                                            instance + ".");
                                 }
                             } else {
                                 header.addStringValue("error", "Unknown plugin name: " + plugin);
@@ -217,7 +215,7 @@ public class RemoteAuthConfig extends CMSServlet {
                                 }
                                 if (isInstanceListed(instance)) {
                                     header.addStringValue("error", "Instance name " +
-                                        instance + " is already in use.");
+                                            instance + " is already in use.");
                                 } else {
                                     errMsg = addInstance(instance, plugin,
                                                 host, port, baseDN,
@@ -253,7 +251,7 @@ public class RemoteAuthConfig extends CMSServlet {
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         try {
@@ -263,15 +261,15 @@ public class RemoteAuthConfig extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
     private String authenticateRemoteAdmin(String host, String port,
-        String adminDN, String password) {
+            String adminDN, String password) {
         if (host == null || host.length() == 0) {
             return "Missing host name.";
         }
@@ -362,8 +360,8 @@ public class RemoteAuthConfig extends CMSServlet {
     }
 
     private String authenticateRemoteAdmin(String host, String port,
-        String uid, String baseDN,
-        String password) {
+            String uid, String baseDN,
+            String password) {
         if (host == null || host.length() == 0) {
             return "Missing host name.";
         }
@@ -473,8 +471,8 @@ public class RemoteAuthConfig extends CMSServlet {
     }
 
     private String addInstance(String instance, String plugin,
-        String host, String port,
-        String baseDN, String dnPattern) {
+            String host, String port,
+            String baseDN, String dnPattern) {
         if (host == null || host.length() == 0) {
             return "Missing host name.";
         }
@@ -516,7 +514,8 @@ public class RemoteAuthConfig extends CMSServlet {
         StringBuffer list = new StringBuffer();
 
         for (int i = 0; i < mRemotelySetInstances.size(); i++) {
-            if (i > 0) list.append(",");
+            if (i > 0)
+                list.append(",");
             list.append((String) mRemotelySetInstances.elementAt(i));
         }
 
@@ -542,7 +541,8 @@ public class RemoteAuthConfig extends CMSServlet {
             StringBuffer list = new StringBuffer();
 
             for (int i = 0; i < mRemotelySetInstances.size(); i++) {
-                if (i > 0) list.append(",");
+                if (i > 0)
+                    list.append(",");
                 list.append((String) mRemotelySetInstances.elementAt(i));
             }
 
@@ -602,17 +602,21 @@ public class RemoteAuthConfig extends CMSServlet {
         int y = now.get(Calendar.YEAR);
         String name = "R" + y;
 
-        if (now.get(Calendar.MONTH) < 10) name += "0";
+        if (now.get(Calendar.MONTH) < 10)
+            name += "0";
         name += now.get(Calendar.MONTH);
-        if (now.get(Calendar.DAY_OF_MONTH) < 10) name += "0";
+        if (now.get(Calendar.DAY_OF_MONTH) < 10)
+            name += "0";
         name += now.get(Calendar.DAY_OF_MONTH);
-        if (now.get(Calendar.HOUR_OF_DAY) < 10) name += "0";
+        if (now.get(Calendar.HOUR_OF_DAY) < 10)
+            name += "0";
         name += now.get(Calendar.HOUR_OF_DAY);
-        if (now.get(Calendar.MINUTE) < 10) name += "0";
+        if (now.get(Calendar.MINUTE) < 10)
+            name += "0";
         name += now.get(Calendar.MINUTE);
-        if (now.get(Calendar.SECOND) < 10) name += "0";
+        if (now.get(Calendar.SECOND) < 10)
+            name += "0";
         name += now.get(Calendar.SECOND);
         return name;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java
index 050dd36d..2bc1d305 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CertificateException;
@@ -59,7 +58,7 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 
 /**
  * Certificate Renewal
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class RenewalServlet extends CMSServlet {
@@ -69,8 +68,7 @@ public class RenewalServlet extends CMSServlet {
     private static final long serialVersionUID = -3094124661102395244L;
 
     // renewal templates.
-    public static final String 
-        RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template";
+    public static final String RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template";
 
     // http params 
     public static final String CERT_TYPE = "certType";
@@ -81,8 +79,7 @@ public class RenewalServlet extends CMSServlet {
     public static final String IMPORT_CERT = "importCert";
 
     private String mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE;
-    private ICMSTemplateFiller 
-        mRenewalSuccessFiller = new ImportCertsTemplateFiller();
+    private ICMSTemplateFiller mRenewalSuccessFiller = new ImportCertsTemplateFiller();
 
     public RenewalServlet() {
         super();
@@ -92,6 +89,7 @@ public class RenewalServlet extends CMSServlet {
      * initialize the servlet. This servlet makes use of the
      * template file "RenewalSuccess.template" to render the
      * response
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -103,32 +101,31 @@ public class RenewalServlet extends CMSServlet {
                         PROP_SUCCESS_TEMPLATE);
             if (mRenewalSuccessTemplate == null)
                 mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE;
-            String fillername = 
-                sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
+            String fillername =
+                    sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
 
             if (fillername != null) {
                 ICMSTemplateFiller filler = newFillerObject(fillername);
 
-                if (filler != null) 
+                if (filler != null)
                     mRenewalSuccessFiller = filler;
             }
         } catch (Exception e) {
             // this should never happen. 
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
-                    mId));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
+                            mId));
         }
 
     }
 
-
     /**
-     * Process the HTTP request. 
-     *
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
-    protected void process(CMSRequest cmsReq) 
-        throws EBaseException {
+    protected void process(CMSRequest cmsReq)
+            throws EBaseException {
         long startTime = CMS.getCurrentDate().getTime();
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest httpReq = cmsReq.getHttpReq();
@@ -139,7 +136,7 @@ public class RenewalServlet extends CMSServlet {
         //		- old certs from auth manager
         // 	- coming from agent or trusted RA: 
         //  	- serial no of cert to be renewed. 
-		
+
         BigInteger old_serial_no = null;
         X509CertImpl old_cert = null;
         X509CertImpl renewed_cert = null;
@@ -156,10 +153,10 @@ public class RenewalServlet extends CMSServlet {
                         mAuthzResourceName, "renew");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -190,7 +187,7 @@ public class RenewalServlet extends CMSServlet {
             int endDate = httpParams.getValueAsInt("endDate", -1);
 
             if (beginYear != -1 && beginMonth != -1 && beginDate != -1 &&
-                endYear != -1 && endMonth != -1 && endDate != -1) {
+                    endYear != -1 && endMonth != -1 && endDate != -1) {
                 Calendar calendar = Calendar.getInstance();
                 calendar.set(beginYear, beginMonth, beginDate);
                 notBefore = calendar.getTime();
@@ -213,15 +210,15 @@ public class RenewalServlet extends CMSServlet {
             X509CertInfo new_certInfo = null;
 
             req = mRequestQueue.newRequest(IRequest.RENEWAL_REQUEST);
-            req.setExtData(IRequest.OLD_SERIALS, new BigInteger[] {old_serial_no});
+            req.setExtData(IRequest.OLD_SERIALS, new BigInteger[] { old_serial_no });
             if (old_cert != null) {
                 req.setExtData(IRequest.OLD_CERTS,
-                    new X509CertImpl[] { old_cert }
-                );
+                        new X509CertImpl[] { old_cert }
+                        );
                 // create new certinfo from old_cert contents. 
                 X509CertInfo old_certInfo = (X509CertInfo)
-                    ((X509CertImpl) old_cert).get(
-                        X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                        ((X509CertImpl) old_cert).get(
+                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
 
                 new_certInfo = new X509CertInfo(old_certInfo.getEncodedInfo());
             } else {
@@ -229,28 +226,28 @@ public class RenewalServlet extends CMSServlet {
                 // (serializable) to pass through policies. And set the old 
                 // serial number to pick up.
                 new_certInfo = new CertInfo();
-                new_certInfo.set(X509CertInfo.SERIAL_NUMBER, 
-                    new CertificateSerialNumber(old_serial_no));
+                new_certInfo.set(X509CertInfo.SERIAL_NUMBER,
+                        new CertificateSerialNumber(old_serial_no));
             }
-			
+
             if (notBefore == null || notAfter == null) {
                 notBefore = new Date(0);
                 notAfter = new Date(0);
             }
-            new_certInfo.set(X509CertInfo.VALIDITY, 
-                new CertificateValidity(notBefore, notAfter));
+            new_certInfo.set(X509CertInfo.VALIDITY,
+                    new CertificateValidity(notBefore, notAfter));
             req.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { new_certInfo }
-            );
+                    );
         } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
         }
 
         saveHttpHeaders(httpReq, req);
@@ -269,7 +266,7 @@ public class RenewalServlet extends CMSServlet {
         if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
             agentID = authToken.getInString("userid");
             initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
-        }else {
+        } else {
             // request is from eegateway, so fromUser.
             initiative = AuditFormat.FROMUSER;
         }
@@ -292,51 +289,51 @@ public class RenewalServlet extends CMSServlet {
                         wholeMsg.append(msgs.nextElement());
                     }
 
-                    mLogger.log(ILogger.EV_AUDIT, 
-                        ILogger.S_OTHER,
-                        AuditFormat.LEVEL,
-                        AuditFormat.RENEWALFORMAT,
-                        new Object[] {
-                            req.getRequestId(), 
-                            initiative,
-                            authMgr,
-                            status.toString(),
-                            old_cert.getSubjectDN(),
-                            old_cert.getSerialNumber().toString(16),
-                            "violation: " +
-                            wholeMsg.toString()}
-                        // wholeMsg},
-                        // ILogger.L_MULTILINE
-                    );
+                    mLogger.log(ILogger.EV_AUDIT,
+                            ILogger.S_OTHER,
+                            AuditFormat.LEVEL,
+                            AuditFormat.RENEWALFORMAT,
+                            new Object[] {
+                                    req.getRequestId(),
+                                    initiative,
+                                    authMgr,
+                                    status.toString(),
+                                    old_cert.getSubjectDN(),
+                                    old_cert.getSerialNumber().toString(16),
+                                    "violation: " +
+                                            wholeMsg.toString() }
+                            // wholeMsg},
+                            // ILogger.L_MULTILINE
+                            );
                 } else { // no policy violation, from agent
                     mLogger.log(ILogger.EV_AUDIT,
+                            ILogger.S_OTHER,
+                            AuditFormat.LEVEL,
+                            AuditFormat.RENEWALFORMAT,
+                            new Object[] {
+                                    req.getRequestId(),
+                                    initiative,
+                                    authMgr,
+                                    status.toString(),
+                                    old_cert.getSubjectDN(),
+                                    old_cert.getSerialNumber().toString(16),
+                                    "" }
+                            );
+                }
+            } else { // other imcomplete status 
+                mLogger.log(ILogger.EV_AUDIT,
                         ILogger.S_OTHER,
                         AuditFormat.LEVEL,
                         AuditFormat.RENEWALFORMAT,
                         new Object[] {
-                            req.getRequestId(), 
-                            initiative,
-                            authMgr,
-                            status.toString(),
-                            old_cert.getSubjectDN(),
-                            old_cert.getSerialNumber().toString(16),
-                            "" }
-                    );
-                }
-            } else { // other imcomplete status 
-                mLogger.log(ILogger.EV_AUDIT,
-                    ILogger.S_OTHER,
-                    AuditFormat.LEVEL,
-                    AuditFormat.RENEWALFORMAT,
-                    new Object[] {
-                        req.getRequestId(), 
-                        initiative,
-                        authMgr,
-                        status.toString(),
-                        old_cert.getSubjectDN(),
-                        old_cert.getSerialNumber().toString(16),
-                        "" }
-                );
+                                req.getRequestId(),
+                                initiative,
+                                authMgr,
+                                status.toString(),
+                                old_cert.getSubjectDN(),
+                                old_cert.getSerialNumber().toString(16),
+                                "" }
+                        );
             }
             return;
         }
@@ -345,15 +342,15 @@ public class RenewalServlet extends CMSServlet {
         Integer result = req.getExtDataInInteger(IRequest.RESULT);
 
         CMS.debug(
-            "RenewalServlet: Result for request " + req.getRequestId() + " is " + result);
+                "RenewalServlet: Result for request " + req.getRequestId() + " is " + result);
         if (result.equals(IRequest.RES_ERROR)) {
             CMS.debug(
-                "RenewalServlet: Result for request " + req.getRequestId() + " is error.");
+                    "RenewalServlet: Result for request " + req.getRequestId() + " is error.");
 
             cmsReq.setStatus(CMSRequest.ERROR);
             cmsReq.setError(req.getExtDataInString(IRequest.ERROR));
             String[] svcErrors =
-                req.getExtDataInStringArray(IRequest.SVCERRORS);
+                    req.getExtDataInStringArray(IRequest.SVCERRORS);
 
             if (svcErrors != null && svcErrors.length > 0) {
                 for (int i = 0; i < svcErrors.length; i++) {
@@ -365,19 +362,19 @@ public class RenewalServlet extends CMSServlet {
                         //err.toString());
                         cmsReq.setErrorDescription(err);
                         mLogger.log(ILogger.EV_AUDIT,
-                            ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.RENEWALFORMAT,
-                            new Object[] {
-                                req.getRequestId(), 
-                                initiative,
-                                authMgr,
-                                "completed with error: " +
-                                err,
-                                old_cert.getSubjectDN(),
-                                old_cert.getSerialNumber().toString(16),
-                                "" }
-                        );
+                                ILogger.S_OTHER,
+                                AuditFormat.LEVEL,
+                                AuditFormat.RENEWALFORMAT,
+                                new Object[] {
+                                        req.getRequestId(),
+                                        initiative,
+                                        authMgr,
+                                        "completed with error: " +
+                                                err,
+                                        old_cert.getSubjectDN(),
+                                        old_cert.getSerialNumber().toString(16),
+                                        "" }
+                                );
 
                     }
                 }
@@ -393,27 +390,27 @@ public class RenewalServlet extends CMSServlet {
         long endTime = CMS.getCurrentDate().getTime();
 
         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-            AuditFormat.LEVEL,
-            AuditFormat.RENEWALFORMAT,
-            new Object[] {
-                req.getRequestId(), 
-                initiative,
-                authMgr,
-                "completed",
-                old_cert.getSubjectDN(),
-                old_cert.getSerialNumber().toString(16),
-                "new serial number: 0x" +
-                renewed_cert.getSerialNumber().toString(16) + " time: " + (endTime - startTime)}
-        );
+                AuditFormat.LEVEL,
+                AuditFormat.RENEWALFORMAT,
+                new Object[] {
+                        req.getRequestId(),
+                        initiative,
+                        authMgr,
+                        "completed",
+                        old_cert.getSubjectDN(),
+                        old_cert.getSerialNumber().toString(16),
+                        "new serial number: 0x" +
+                                renewed_cert.getSerialNumber().toString(16) + " time: " + (endTime - startTime) }
+                );
 
         return;
     }
 
     private void respondSuccess(
-        CMSRequest cmsReq, X509CertImpl renewed_cert)
-        throws EBaseException {
-        cmsReq.setResult(new X509CertImpl[] {renewed_cert}
-        );
+            CMSRequest cmsReq, X509CertImpl renewed_cert)
+            throws EBaseException {
+        cmsReq.setResult(new X509CertImpl[] { renewed_cert }
+                );
         cmsReq.setStatus(CMSRequest.SUCCESS);
 
         // check if cert should be imported. 
@@ -425,45 +422,45 @@ public class RenewalServlet extends CMSServlet {
         String certType = httpParams.getValueAsString(CERT_TYPE, "client");
         String agent = httpReq.getHeader("user-agent");
 
-        if (checkImportCertToNav(cmsReq.getHttpResp(), 
+        if (checkImportCertToNav(cmsReq.getHttpResp(),
                 httpParams, renewed_cert)) {
             return;
         } else {
             try {
-                renderTemplate(cmsReq, 
-                    mRenewalSuccessTemplate, mRenewalSuccessFiller);
+                renderTemplate(cmsReq,
+                        mRenewalSuccessTemplate, mRenewalSuccessFiller);
             } catch (IOException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1",
-                        mRenewalSuccessTemplate, e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1",
+                                mRenewalSuccessTemplate, e.toString()));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
             }
         }
         return;
     }
 
-    protected BigInteger getRenewedCert(ICertRecord certRec) 
-        throws EBaseException {
+    protected BigInteger getRenewedCert(ICertRecord certRec)
+            throws EBaseException {
         BigInteger renewedCert = null;
         String serial = null;
-        MetaInfo meta = certRec.getMetaInfo(); 
+        MetaInfo meta = certRec.getMetaInfo();
 
         if (meta == null) {
-            log(ILogger.LL_INFO, 
-                "no meta info in cert serial 0x" + certRec.getSerialNumber().toString(16));
+            log(ILogger.LL_INFO,
+                    "no meta info in cert serial 0x" + certRec.getSerialNumber().toString(16));
             return null;
         }
         serial = (String) meta.get(ICertRecord.META_RENEWED_CERT);
         if (serial == null) {
-            log(ILogger.LL_INFO, 
-                "no renewed cert in cert 0x" + certRec.getSerialNumber().toString(16));
+            log(ILogger.LL_INFO,
+                    "no renewed cert in cert 0x" + certRec.getSerialNumber().toString(16));
             return null;
         }
         renewedCert = new BigInteger(serial);
-        log(ILogger.LL_INFO, 
-            "renewed cert serial 0x" + renewedCert.toString(16) + "found for 0x" +
-            certRec.getSerialNumber().toString(16));
+        log(ILogger.LL_INFO,
+                "renewed cert serial 0x" + renewedCert.toString(16) + "found for 0x" +
+                        certRec.getSerialNumber().toString(16));
         return renewedCert;
     }
 
@@ -471,27 +468,27 @@ public class RenewalServlet extends CMSServlet {
      * get certs to renew from agent.
      */
     private BigInteger getCertFromAgent(
-        IArgBlock httpParams, X509Certificate[] certContainer)
-        throws EBaseException {
+            IArgBlock httpParams, X509Certificate[] certContainer)
+            throws EBaseException {
         BigInteger serialno = null;
         X509Certificate cert = null;
 
         // get serial no
         serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null);
         if (serialno == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW"));
+                    CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW"));
         }
         // get cert from db if we're cert authority.
         if (mAuthority instanceof ICertificateAuthority) {
             cert = getX509Certificate(serialno);
             if (cert == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW_1", serialno.toString(16)));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW_1", serialno.toString(16)));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
+                        CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
             }
         }
         certContainer[0] = cert;
@@ -502,23 +499,23 @@ public class RenewalServlet extends CMSServlet {
      * get cert to renew from auth manager
      */
     private BigInteger getCertFromAuthMgr(
-        IAuthToken authToken, X509Certificate[] certContainer) 
-        throws EBaseException {
+            IAuthToken authToken, X509Certificate[] certContainer)
+            throws EBaseException {
         X509CertImpl cert =
-            authToken.getInCert(AuthToken.TOKEN_CERT);
+                authToken.getInCert(AuthToken.TOKEN_CERT);
 
         if (cert == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
+                    CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
         }
-        if (mAuthority instanceof ICertificateAuthority && 
-            !isCertFromCA(cert)) {
+        if (mAuthority instanceof ICertificateAuthority &&
+                !isCertFromCA(cert)) {
             log(ILogger.LL_FAILURE, "certficate from auth manager for " +
-                " renewal is not from this ca.");
+                    " renewal is not from this ca.");
             throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
+                    CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
         }
         certContainer[0] = cert;
         BigInteger serialno = ((X509Certificate) cert).getSerialNumber();
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java
index 9b39acc7..875f2ab6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CertificateEncodingException;
@@ -57,10 +56,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Perform the first step in revoking a certificate
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class RevocationServlet extends CMSServlet {
@@ -85,15 +83,15 @@ public class RevocationServlet extends CMSServlet {
     private Random mRandom = null;
     private Nonces mNonces = null;
 
-
     public RevocationServlet() {
         super();
     }
 
     /**
-     * initialize the servlet. This servlet uses 
-	 * the template file "reasonToRevoke.template" to render the
-     * result. 
+     * initialize the servlet. This servlet uses
+     * the template file "reasonToRevoke.template" to render the
+     * result.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -115,7 +113,7 @@ public class RevocationServlet extends CMSServlet {
                 }
             }
 
-                // set to false by revokeByDN=false in web.xml
+            // set to false by revokeByDN=false in web.xml
             mRevokeByDN = false;
             String tmp = sc.getInitParameter(PROP_REVOKEBYDN);
 
@@ -127,17 +125,16 @@ public class RevocationServlet extends CMSServlet {
         }
     }
 
-
     /**
-     * Process the HTTP request.  Note that this servlet does not
-	 * actually perform the certificate revocation. This is the first
-	 * step in the multi-step revocation process. (the next step is
+     * Process the HTTP request. Note that this servlet does not
+     * actually perform the certificate revocation. This is the first
+     * step in the multi-step revocation process. (the next step is
      * in the ReasonToRevoke servlet.
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
-    protected void process(CMSRequest cmsReq) 
-        throws EBaseException {
+    protected void process(CMSRequest cmsReq)
+            throws EBaseException {
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -148,7 +145,7 @@ public class RevocationServlet extends CMSServlet {
         //		- old certs from auth manager
         // 	- coming from agent or trusted RA: 
         //  	- serial no of cert to be revoked. 
-		
+
         BigInteger old_serial_no = null;
         X509CertImpl old_cert = null;
         String revokeAll = null;
@@ -159,10 +156,10 @@ public class RevocationServlet extends CMSServlet {
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -178,17 +175,17 @@ public class RevocationServlet extends CMSServlet {
                         mAuthzResourceName, "submit");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
             cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
             return;
         }
-        
+
         // coming from agent 
         if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
             X509Certificate[] cert = new X509Certificate[1];
@@ -199,7 +196,7 @@ public class RevocationServlet extends CMSServlet {
         else {
             // from auth manager 
             X509CertImpl[] cert = new X509CertImpl[1];
-            
+
             old_serial_no = getCertFromAuthMgr(authToken, cert);
             old_cert = cert[0];
         }
@@ -212,7 +209,7 @@ public class RevocationServlet extends CMSServlet {
 
         if (mNonces != null) {
             long n = mRandom.nextLong();
-            long m = mNonces.addNonce(n, (X509Certificate)old_cert);
+            long m = mNonces.addNonce(n, (X509Certificate) old_cert);
             if ((n + m) != 0) {
                 header.addStringValue("nonce", Long.toString(m));
             }
@@ -229,12 +226,12 @@ public class RevocationServlet extends CMSServlet {
         } else if (mAuthority instanceof IRegistrationAuthority) {
             IRequest req = mRequestQueue.newRequest(IRequest.GETCERTS_REQUEST);
             String filter = "(&(" + ICertRecord.ATTR_X509CERT + "." +
-                X509CertInfo.SUBJECT + "=" +
-                old_cert.getSubjectDN().toString() + ")(|(" +
-                ICertRecord.ATTR_CERT_STATUS + "=" +
-                ICertRecord.STATUS_VALID + ")(" +
-                ICertRecord.ATTR_CERT_STATUS + "=" +
-                ICertRecord.STATUS_EXPIRED + ")))";
+                    X509CertInfo.SUBJECT + "=" +
+                    old_cert.getSubjectDN().toString() + ")(|(" +
+                    ICertRecord.ATTR_CERT_STATUS + "=" +
+                    ICertRecord.STATUS_VALID + ")(" +
+                    ICertRecord.ATTR_CERT_STATUS + "=" +
+                    ICertRecord.STATUS_EXPIRED + ")))";
 
             req.setExtData(IRequest.CERT_FILTER, filter);
             mRequestQueue.processRequest(req);
@@ -271,8 +268,8 @@ public class RevocationServlet extends CMSServlet {
 
         if (!noInfo && (certsToRevoke == null || certsToRevoke.length == 0 ||
                 (!authorized))) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16)));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16)));
             throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CERT_ALREADY_REVOKED"));
         }
 
@@ -296,15 +293,15 @@ public class RevocationServlet extends CMSServlet {
                 IArgBlock rarg = CMS.createArgBlock();
 
                 rarg.addStringValue("serialNumber",
-                    certsToRevoke[i].getSerialNumber().toString(16));
+                        certsToRevoke[i].getSerialNumber().toString(16));
                 rarg.addStringValue("serialNumberDecimal",
-                    certsToRevoke[i].getSerialNumber().toString());
+                        certsToRevoke[i].getSerialNumber().toString());
                 rarg.addStringValue("subject",
-                    certsToRevoke[i].getSubjectDN().toString());
+                        certsToRevoke[i].getSubjectDN().toString());
                 rarg.addLongValue("validNotBefore",
-                    certsToRevoke[i].getNotBefore().getTime() / 1000);
+                        certsToRevoke[i].getNotBefore().getTime() / 1000);
                 rarg.addLongValue("validNotAfter",
-                    certsToRevoke[i].getNotAfter().getTime() / 1000);
+                        certsToRevoke[i].getNotAfter().getTime() / 1000);
                 argSet.addRepeatRecord(rarg);
             }
         } else {
@@ -313,7 +310,7 @@ public class RevocationServlet extends CMSServlet {
         }
 
         // set revocation reason, default to unspecified if not set.
-        int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0); 
+        int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0);
 
         header.addIntegerValue("reason", reasonCode);
 
@@ -324,10 +321,10 @@ public class RevocationServlet extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         return;
@@ -337,28 +334,28 @@ public class RevocationServlet extends CMSServlet {
      * get cert to revoke from agent.
      */
     private BigInteger getCertFromAgent(
-        IArgBlock httpParams, X509Certificate[] certContainer)
-        throws EBaseException {
+            IArgBlock httpParams, X509Certificate[] certContainer)
+            throws EBaseException {
         BigInteger serialno = null;
         X509Certificate cert = null;
 
         // get serial no
         serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null);
         if (serialno == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE"));
+                    CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE"));
         }
 
         // get cert from db if we're cert authority.
         if (mAuthority instanceof ICertificateAuthority) {
             cert = getX509Certificate(serialno);
             if (cert == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
+                        CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
             }
         }
         certContainer[0] = cert;
@@ -369,22 +366,22 @@ public class RevocationServlet extends CMSServlet {
      * get cert to revoke from auth manager
      */
     private BigInteger getCertFromAuthMgr(
-        IAuthToken authToken, X509Certificate[] certContainer) 
-        throws EBaseException {
+            IAuthToken authToken, X509Certificate[] certContainer)
+            throws EBaseException {
         X509CertImpl cert =
-            authToken.getInCert(AuthToken.TOKEN_CERT);
+                authToken.getInCert(AuthToken.TOKEN_CERT);
 
         if (cert == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
+                    CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
         }
-        if (mAuthority instanceof ICertificateAuthority && 
-            !isCertFromCA(cert)) {
+        if (mAuthority instanceof ICertificateAuthority &&
+                !isCertFromCA(cert)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
             throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
+                    CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
         }
         certContainer[0] = cert;
         BigInteger serialno = ((X509Certificate) cert).getSerialNumber();
@@ -393,4 +390,3 @@ public class RevocationServlet extends CMSServlet {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java
index 3a571d44..cfc562d7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.util.Locale;
 
 import javax.servlet.http.HttpServletRequest;
@@ -31,21 +30,21 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 
-
 /**
- * Certificates Template filler. 
- * must have list of certificates in result. 
+ * Certificates Template filler.
+ * must have list of certificates in result.
  * looks at inputs: certtype.
- * outputs: 
- *		- cert type from http input (if any)
- *      - CA chain 
- *		- authority name (RM, CM, DRM)
- *      - scheme:host:port of server.
- *	 array of one or more 
- *      - cert serial number
- *      - cert pretty print
- *		- cert in base 64 encoding.
- *		- cmmf blob to import 
+ * outputs:
+ * - cert type from http input (if any)
+ * - CA chain
+ * - authority name (RM, CM, DRM)
+ * - scheme:host:port of server.
+ * array of one or more
+ * - cert serial number
+ * - cert pretty print
+ * - cert in base 64 encoding.
+ * - cmmf blob to import
+ * 
  * @version $Revision$, $Date$
  */
 class RevocationSuccessTemplateFiller implements ICMSTemplateFiller {
@@ -61,8 +60,8 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller {
      * @param e unexpected exception e. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) 
-        throws Exception {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
+            throws Exception {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(null, fixed);
 
@@ -77,13 +76,13 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller {
         fixed.set(ICMSTemplateFiller.SCHEME, scheme);
 
         // this authority
-        fixed.set(ICMSTemplateFiller.AUTHORITY, 
-            (String) authority.getOfficialName());
+        fixed.set(ICMSTemplateFiller.AUTHORITY,
+                (String) authority.getOfficialName());
 
         // XXX CA chain.
 
-        RevokedCertImpl[] revoked = 
-            (RevokedCertImpl[]) cmsReq.getResult();
+        RevokedCertImpl[] revoked =
+                (RevokedCertImpl[]) cmsReq.getResult();
 
         // revoked certs. 
         for (int i = 0; i < revoked.length; i++) {
@@ -96,4 +95,3 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller {
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
index 17bad7a1..01bcfbc0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.PublicKey;
@@ -61,10 +60,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Search for certificates matching complex query filter
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class SrchCerts extends CMSServlet {
@@ -96,8 +94,9 @@ public class SrchCerts extends CMSServlet {
     }
 
     /**
-	 * initialize the servlet. This servlet uses srchCert.template
-	 * to render the response
+     * initialize the servlet. This servlet uses srchCert.template
+     * to render the response
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -145,15 +144,14 @@ public class SrchCerts extends CMSServlet {
            the client applications that submits raw LDAP
            filter into this servlet.  */
         if (sc.getInitParameter("useClientFilter") != null &&
-              sc.getInitParameter("useClientFilter").equalsIgnoreCase("true")) {
+                sc.getInitParameter("useClientFilter").equalsIgnoreCase("true")) {
             mUseClientFilter = true;
         }
     }
 
-    private boolean isOn(HttpServletRequest req, String name) 
-    {
+    private boolean isOn(HttpServletRequest req, String name) {
         String inUse = req.getParameter(name);
-        if (inUse == null)  {
+        if (inUse == null) {
             return false;
         }
         if (inUse.equals("on")) {
@@ -162,10 +160,9 @@ public class SrchCerts extends CMSServlet {
         return false;
     }
 
-    private boolean isOff(HttpServletRequest req, String name) 
-    {
+    private boolean isOff(HttpServletRequest req, String name) {
         String inUse = req.getParameter(name);
-        if (inUse == null)  {
+        if (inUse == null) {
             return false;
         }
         if (inUse.equals("off")) {
@@ -174,8 +171,7 @@ public class SrchCerts extends CMSServlet {
         return false;
     }
 
-    private void buildCertStatusFilter(HttpServletRequest req, StringBuffer filter) 
-    {
+    private void buildCertStatusFilter(HttpServletRequest req, StringBuffer filter) {
         if (!isOn(req, "statusInUse")) {
             return;
         }
@@ -185,8 +181,7 @@ public class SrchCerts extends CMSServlet {
         filter.append(")");
     }
 
-    private void buildProfileFilter(HttpServletRequest req, StringBuffer filter) 
-    {
+    private void buildProfileFilter(HttpServletRequest req, StringBuffer filter) {
         if (!isOn(req, "profileInUse")) {
             return;
         }
@@ -196,16 +191,14 @@ public class SrchCerts extends CMSServlet {
         filter.append(")");
     }
 
-    private void buildBasicConstraintsFilter(HttpServletRequest req, StringBuffer filter) 
-    {
+    private void buildBasicConstraintsFilter(HttpServletRequest req, StringBuffer filter) {
         if (!isOn(req, "basicConstraintsInUse")) {
             return;
         }
         filter.append("(x509cert.BasicConstraints.isCA=on)");
     }
 
-    private void buildSerialNumberRangeFilter(HttpServletRequest req, StringBuffer filter) 
-    {
+    private void buildSerialNumberRangeFilter(HttpServletRequest req, StringBuffer filter) {
         if (!isOn(req, "serialNumberRangeInUse")) {
             return;
         }
@@ -225,9 +218,8 @@ public class SrchCerts extends CMSServlet {
         }
     }
 
-    private void buildAVAFilter(HttpServletRequest req, String paramName, 
-                                 String avaName, StringBuffer lf, String match)
-    {
+    private void buildAVAFilter(HttpServletRequest req, String paramName,
+                                 String avaName, StringBuffer lf, String match) {
         String val = req.getParameter(paramName);
         if (val != null && !val.equals("")) {
             if (match != null && match.equals("exact")) {
@@ -254,8 +246,7 @@ public class SrchCerts extends CMSServlet {
         }
     }
 
-    private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter) 
-    {
+    private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter) {
         if (!isOn(req, "subjectInUse")) {
             return;
         }
@@ -286,9 +277,8 @@ public class SrchCerts extends CMSServlet {
         }
     }
 
-    private void buildRevokedByFilter(HttpServletRequest req, 
-                                      StringBuffer filter) 
-    {
+    private void buildRevokedByFilter(HttpServletRequest req,
+                                      StringBuffer filter) {
         if (!isOn(req, "revokedByInUse")) {
             return;
         }
@@ -302,10 +292,9 @@ public class SrchCerts extends CMSServlet {
         }
     }
 
-    private void buildDateFilter(HttpServletRequest req, String prefix, 
+    private void buildDateFilter(HttpServletRequest req, String prefix,
                                    String outStr, long adjustment,
-                                   StringBuffer filter)
-    {
+                                   StringBuffer filter) {
         String queryCertFilter = null;
         long epoch = 0;
         try {
@@ -324,19 +313,17 @@ public class SrchCerts extends CMSServlet {
     }
 
     private void buildRevokedOnFilter(HttpServletRequest req,
-                                      StringBuffer filter) 
-    {
+                                      StringBuffer filter) {
         if (!isOn(req, "revokedOnInUse")) {
             return;
         }
         buildDateFilter(req, "revokedOnFrom", "certRevokedOn>=", 0, filter);
-        buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999, 
+        buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999,
                         filter);
     }
 
     private void buildRevocationReasonFilter(HttpServletRequest req,
-                                             StringBuffer filter) 
-    {
+                                             StringBuffer filter) {
         if (!isOn(req, "revocationReasonInUse")) {
             return;
         }
@@ -347,23 +334,22 @@ public class SrchCerts extends CMSServlet {
         String queryCertFilter = null;
         StringTokenizer st = new StringTokenizer(reasons, ",");
         if (st.hasMoreTokens()) {
-          filter.append("(|");
-          while (st.hasMoreTokens()) {
-              String token = st.nextToken();
-              if (queryCertFilter == null) {
-                  queryCertFilter = "";
-              } 
-              filter.append("(x509cert.certRevoInfo=");
-              filter.append(token);
-              filter.append(")");
-          }
-          filter.append(")");
+            filter.append("(|");
+            while (st.hasMoreTokens()) {
+                String token = st.nextToken();
+                if (queryCertFilter == null) {
+                    queryCertFilter = "";
+                }
+                filter.append("(x509cert.certRevoInfo=");
+                filter.append(token);
+                filter.append(")");
+            }
+            filter.append(")");
         }
     }
 
-    private void buildIssuedByFilter(HttpServletRequest req, 
-                                      StringBuffer filter) 
-    {
+    private void buildIssuedByFilter(HttpServletRequest req,
+                                      StringBuffer filter) {
         if (!isOn(req, "issuedByInUse")) {
             return;
         }
@@ -378,43 +364,39 @@ public class SrchCerts extends CMSServlet {
     }
 
     private void buildIssuedOnFilter(HttpServletRequest req,
-                                      StringBuffer filter) 
-    {
+                                      StringBuffer filter) {
         if (!isOn(req, "issuedOnInUse")) {
             return;
         }
         buildDateFilter(req, "issuedOnFrom", "certCreateTime>=", 0, filter);
-        buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999, 
+        buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999,
                         filter);
     }
 
     private void buildValidNotBeforeFilter(HttpServletRequest req,
-                                      StringBuffer filter) 
-    {
+                                      StringBuffer filter) {
         if (!isOn(req, "validNotBeforeInUse")) {
             return;
         }
-        buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=", 
+        buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=",
                         0, filter);
-        buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=", 
+        buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=",
                         86399999, filter);
     }
 
     private void buildValidNotAfterFilter(HttpServletRequest req,
-                                      StringBuffer filter) 
-    {
+                                      StringBuffer filter) {
         if (!isOn(req, "validNotAfterInUse")) {
             return;
         }
-        buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=", 
+        buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=",
                         0, filter);
-        buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=", 
+        buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=",
                         86399999, filter);
     }
 
     private void buildValidityLengthFilter(HttpServletRequest req,
-                                      StringBuffer filter) 
-    {
+                                      StringBuffer filter) {
         if (!isOn(req, "validityLengthInUse")) {
             return;
         }
@@ -439,8 +421,7 @@ public class SrchCerts extends CMSServlet {
     }
 
     private void buildCertTypeFilter(HttpServletRequest req,
-                                      StringBuffer filter) 
-    {
+                                      StringBuffer filter) {
         if (!isOn(req, "certTypeInUse")) {
             return;
         }
@@ -471,8 +452,7 @@ public class SrchCerts extends CMSServlet {
         }
     }
 
-    public String buildFilter(HttpServletRequest req) 
-    {
+    public String buildFilter(HttpServletRequest req) {
         String queryCertFilter = req.getParameter("queryCertFilter");
 
         StringBuffer filter = new StringBuffer();
@@ -504,10 +484,10 @@ public class SrchCerts extends CMSServlet {
 
     /**
      * Serves HTTP request. This format of this request is as follows:
-     *   queryCert?
-     *     [maxCount=<number>]
-     *     [queryFilter=<filter>]
-     *     [revokeAll=<filter>]
+     * queryCert?
+     * [maxCount=<number>]
+     * [queryFilter=<filter>]
+     * [revokeAll=<filter>]
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
@@ -522,10 +502,10 @@ public class SrchCerts extends CMSServlet {
                         mAuthzResourceName, "list");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -551,10 +531,10 @@ public class SrchCerts extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         try {
@@ -571,10 +551,10 @@ public class SrchCerts extends CMSServlet {
 
             String queryCertFilter = buildFilter(req);
             process(argSet, header, queryCertFilter,
-                revokeAll, maxResults, timeLimit, req, resp, locale[0]);
+                    revokeAll, maxResults, timeLimit, req, resp, locale[0]);
         } catch (NumberFormatException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
-            error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+            error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
         } catch (EBaseException e) {
             error = e;
         }
@@ -585,33 +565,33 @@ public class SrchCerts extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
     /**
      * Process the key search.
      */
-    private void process(CMSTemplateParams argSet, IArgBlock header, 
-        String filter, String revokeAll,
-        int maxResults, int timeLimit,
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale)
-        throws EBaseException {
+    private void process(CMSTemplateParams argSet, IArgBlock header,
+            String filter, String revokeAll,
+            int maxResults, int timeLimit,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale)
+            throws EBaseException {
         try {
             long startTime = CMS.getCurrentDate().getTime();
 
@@ -629,7 +609,7 @@ public class SrchCerts extends CMSServlet {
                 timeLimit = mTimeLimits;
             }
             CMS.debug("Start searching ... " + "filter=" + filter + " maxreturns=" + maxResults + " timelimit=" + timeLimit);
-            Enumeration<ICertRecord > e = mCertDB.searchCertificates(filter, maxResults, timeLimit);
+            Enumeration<ICertRecord> e = mCertDB.searchCertificates(filter, maxResults, timeLimit);
 
             int count = 0;
 
@@ -671,7 +651,8 @@ public class SrchCerts extends CMSServlet {
         int i = filter.indexOf(CURRENT_TIME, k);
 
         while (i > -1) {
-            if (now == null) now = new Date();
+            if (now == null)
+                now = new Date();
             newFilter.append(filter.substring(k, i));
             newFilter.append(now.getTime());
             k = i + CURRENT_TIME.length();
@@ -687,7 +668,7 @@ public class SrchCerts extends CMSServlet {
      * Fills cert record into argument block.
      */
     private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg)
-        throws EBaseException {
+            throws EBaseException {
 
         X509CertImpl xcert = rec.getCertificate();
 
@@ -695,9 +676,9 @@ public class SrchCerts extends CMSServlet {
             fillX509RecordIntoArg(rec, rarg);
         }
     }
-	
+
     private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg)
-        throws EBaseException {
+            throws EBaseException {
 
         X509CertImpl cert = rec.getCertificate();
 
@@ -708,7 +689,7 @@ public class SrchCerts extends CMSServlet {
         String subject = (String) cert.getSubjectDN().toString();
 
         if (subject.equals("")) {
-            rarg.addStringValue("subject", " "); 
+            rarg.addStringValue("subject", " ");
         } else {
             rarg.addStringValue("subject", subject);
 
@@ -744,12 +725,13 @@ public class SrchCerts extends CMSServlet {
         rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID());
         String issuedBy = rec.getIssuedBy();
 
-        if (issuedBy == null) issuedBy = "";
+        if (issuedBy == null)
+            issuedBy = "";
         rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString()
         rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000);
 
         rarg.addStringValue("revokedBy",
-            ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy()));
+                ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy()));
         if (rec.getRevokedOn() == null) {
             rarg.addStringValue("revokedOn", null);
         } else {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
index b10086e1..77fbc85a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Date;
@@ -60,10 +59,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Force the CRL to be updated now.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UpdateCRL extends CMSServlet {
@@ -96,32 +94,31 @@ public class UpdateCRL extends CMSServlet {
         mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
         if (mAuthority instanceof ICertificateAuthority)
             mCA = (ICertificateAuthority) mAuthority;
-		
-            // override success to do output orw own template.
+
+        // override success to do output orw own template.
         mTemplates.remove(CMSRequest.SUCCESS);
         if (mOutputTemplatePath != null)
             mFormPath = mOutputTemplatePath;
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
      * <li>http.param signatureAlgorithm the algorithm to use to sign the CRL
-	 * <li>http.param waitForUpdate true/false - should the servlet wait until
-	 *     the CRL update is complete?
-     * <li>http.param clearCRLCache true/false - should the CRL cache cleared
-     *     before the CRL is generated?
+     * <li>http.param waitForUpdate true/false - should the servlet wait until the CRL update is complete?
+     * <li>http.param clearCRLCache true/false - should the CRL cache cleared before the CRL is generated?
      * <li>http.param crlIssuingPoint the CRL Issuing Point to Update
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
         HttpServletResponse resp = cmsReq.getHttpResp();
 
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
         if (statsSub != null) {
-          statsSub.startTiming("crl", true /* main action */);
+            statsSub.startTiming("crl", true /* main action */);
         }
 
         long startTime = CMS.getCurrentDate().getTime();
@@ -133,16 +130,16 @@ public class UpdateCRL extends CMSServlet {
                         mAuthzResourceName, "update");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
             cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
             if (statsSub != null) {
-              statsSub.endTiming("crl");
+                statsSub.endTiming("crl");
             }
             return;
         }
@@ -159,21 +156,21 @@ public class UpdateCRL extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             if (statsSub != null) {
-              statsSub.endTiming("crl");
+                statsSub.endTiming("crl");
             }
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         try {
-            String signatureAlgorithm = 
-                req.getParameter("signatureAlgorithm");
+            String signatureAlgorithm =
+                    req.getParameter("signatureAlgorithm");
 
-            process(argSet, header, req, resp, 
-                signatureAlgorithm, locale[0]);
+            process(argSet, header, req, resp,
+                    signatureAlgorithm, locale[0]);
         } catch (EBaseException e) {
             error = e;
         }
@@ -184,42 +181,43 @@ public class UpdateCRL extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
-                    e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
+                            e.toString()));
             if (statsSub != null) {
-              statsSub.endTiming("crl");
+                statsSub.endTiming("crl");
             }
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         if (statsSub != null) {
-          statsSub.endTiming("crl");
+            statsSub.endTiming("crl");
         }
     }
 
-    private CRLExtensions crlEntryExtensions (String reason, String invalidity) {
+    private CRLExtensions crlEntryExtensions(String reason, String invalidity) {
         CRLExtensions entryExts = new CRLExtensions();
 
         CRLReasonExtension crlReasonExtn = null;
         if (reason != null && reason.length() > 0) {
             try {
                 RevocationReason revReason = RevocationReason.fromInt(Integer.parseInt(reason));
-                if (revReason == null) revReason = RevocationReason.UNSPECIFIED;
+                if (revReason == null)
+                    revReason = RevocationReason.UNSPECIFIED;
                 crlReasonExtn = new CRLReasonExtension(revReason);
             } catch (Exception e) {
-                CMS.debug("Invalid revocation reason: "+reason);
+                CMS.debug("Invalid revocation reason: " + reason);
             }
         }
 
@@ -229,15 +227,15 @@ public class UpdateCRL extends CMSServlet {
             Date invalidityDate = null;
             try {
                 long backInTime = Long.parseLong(invalidity);
-                invalidityDate = new Date(now-(backInTime*60000));
+                invalidityDate = new Date(now - (backInTime * 60000));
             } catch (Exception e) {
-                CMS.debug("Invalid invalidity time offset: "+invalidity);
+                CMS.debug("Invalid invalidity time offset: " + invalidity);
             }
             if (invalidityDate != null) {
                 try {
                     invalidityDateExtn = new InvalidityDateExtension(invalidityDate);
                 } catch (Exception e) {
-                    CMS.debug("Error creating invalidity extension: "+e);
+                    CMS.debug("Error creating invalidity extension: " + e);
                 }
             }
         }
@@ -246,7 +244,7 @@ public class UpdateCRL extends CMSServlet {
             try {
                 entryExts.set(crlReasonExtn.getName(), crlReasonExtn);
             } catch (Exception e) {
-                CMS.debug("Error adding revocation reason extension to entry extensions: "+e);
+                CMS.debug("Error adding revocation reason extension to entry extensions: " + e);
             }
         }
 
@@ -254,7 +252,7 @@ public class UpdateCRL extends CMSServlet {
             try {
                 entryExts.set(invalidityDateExtn.getName(), invalidityDateExtn);
             } catch (Exception e) {
-                CMS.debug("Error adding invalidity date extension to entry extensions: "+e);
+                CMS.debug("Error adding invalidity date extension to entry extensions: " + e);
             }
         }
 
@@ -293,18 +291,18 @@ public class UpdateCRL extends CMSServlet {
     }
 
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        String signatureAlgorithm,
-        Locale locale)
-        throws EBaseException {
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            String signatureAlgorithm,
+            Locale locale)
+            throws EBaseException {
         long startTime = CMS.getCurrentDate().getTime();
-        String waitForUpdate = 
-            req.getParameter("waitForUpdate");
-        String clearCache = 
-            req.getParameter("clearCRLCache");
-        String crlIssuingPointId = 
-            req.getParameter("crlIssuingPoint");
+        String waitForUpdate =
+                req.getParameter("waitForUpdate");
+        String clearCache =
+                req.getParameter("clearCRLCache");
+        String crlIssuingPointId =
+                req.getParameter("crlIssuingPoint");
         String test = req.getParameter("test");
         String add = req.getParameter("add");
         String from = req.getParameter("from");
@@ -317,45 +315,46 @@ public class UpdateCRL extends CMSServlet {
             Enumeration<ICRLIssuingPoint> ips = mCA.getCRLIssuingPoints();
 
             while (ips.hasMoreElements()) {
-                ICRLIssuingPoint ip =  ips.nextElement();
+                ICRLIssuingPoint ip = ips.nextElement();
 
                 if (crlIssuingPointId.equals(ip.getId())) {
                     break;
                 }
-                if (!ips.hasMoreElements()) crlIssuingPointId = null;
+                if (!ips.hasMoreElements())
+                    crlIssuingPointId = null;
             }
         }
         if (crlIssuingPointId == null) {
             crlIssuingPointId = ICertificateAuthority.PROP_MASTER_CRL;
         }
 
-        ICRLIssuingPoint crlIssuingPoint = 
-            mCA.getCRLIssuingPoint(crlIssuingPointId);
+        ICRLIssuingPoint crlIssuingPoint =
+                mCA.getCRLIssuingPoint(crlIssuingPointId);
         header.addStringValue("crlIssuingPoint", crlIssuingPointId);
         IPublisherProcessor lpm = mCA.getPublisherProcessor();
 
         if (crlIssuingPoint != null) {
             if (clearCache != null && clearCache.equals("true") &&
-                crlIssuingPoint.isCRLGenerationEnabled() &&
-                crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
-                crlIssuingPoint.isCRLIssuingPointInitialized()
+                    crlIssuingPoint.isCRLGenerationEnabled() &&
+                    crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
+                    crlIssuingPoint.isCRLIssuingPointInitialized()
                                 == ICRLIssuingPoint.CRL_IP_INITIALIZED) {
                 crlIssuingPoint.clearCRLCache();
             }
             if (waitForUpdate != null && waitForUpdate.equals("true") &&
-                crlIssuingPoint.isCRLGenerationEnabled() &&
-                crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
-                crlIssuingPoint.isCRLIssuingPointInitialized()
+                    crlIssuingPoint.isCRLGenerationEnabled() &&
+                    crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
+                    crlIssuingPoint.isCRLIssuingPointInitialized()
                                 == ICRLIssuingPoint.CRL_IP_INITIALIZED) {
                 if (test != null && test.equals("true") &&
-                    crlIssuingPoint.isCRLCacheTestingEnabled() &&
-                    (!mTesting.contains(crlIssuingPointId))) {
+                        crlIssuingPoint.isCRLCacheTestingEnabled() &&
+                        (!mTesting.contains(crlIssuingPointId))) {
                     CMS.debug("CRL test started.");
                     mTesting.add(crlIssuingPointId);
                     BigInteger addLen = null;
                     BigInteger startFrom = null;
                     if (add != null && add.length() > 0 &&
-                        from != null && from.length() > 0) {
+                            from != null && from.length() > 0) {
                         try {
                             addLen = new BigInteger(add);
                             startFrom = new BigInteger(from);
@@ -366,7 +365,7 @@ public class UpdateCRL extends CMSServlet {
                         Date revocationDate = CMS.getCurrentDate();
                         String err = null;
 
-                        CRLExtensions entryExts = crlEntryExtensions (reason, invalidity);
+                        CRLExtensions entryExts = crlEntryExtensions(reason, invalidity);
 
                         BigInteger serialNumber = startFrom;
                         BigInteger counter = addLen;
@@ -380,16 +379,16 @@ public class UpdateCRL extends CMSServlet {
 
                         long t1 = System.currentTimeMillis();
                         long t2 = 0;
-                       
+
                         while (counter.compareTo(BigInteger.ZERO) > 0) {
                             RevokedCertImpl revokedCert =
-                                new RevokedCertImpl(serialNumber, revocationDate, entryExts);
+                                    new RevokedCertImpl(serialNumber, revocationDate, entryExts);
                             crlIssuingPoint.addRevokedCert(serialNumber, revokedCert);
                             serialNumber = serialNumber.add(BigInteger.ONE);
                             counter = counter.subtract(BigInteger.ONE);
 
                             if ((counter.compareTo(BigInteger.ZERO) == 0) ||
-                                (stepBy != null && ((counter.mod(stepBy)).compareTo(BigInteger.ZERO) == 0))) {
+                                    (stepBy != null && ((counter.mod(stepBy)).compareTo(BigInteger.ZERO) == 0))) {
                                 t2 = System.currentTimeMillis();
                                 long t0 = t2 - t1;
                                 t1 = t2;
@@ -465,40 +464,40 @@ public class UpdateCRL extends CMSServlet {
                         String agentId = (String) sContext.get(SessionContext.USER_ID);
                         IAuthToken authToken = (IAuthToken) sContext.get(SessionContext.AUTH_TOKEN);
                         String authMgr = AuditFormat.NOAUTH;
-        
+
                         if (authToken != null) {
                             authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
                         }
                         long endTime = CMS.getCurrentDate().getTime();
 
                         if (crlIssuingPoint.getNextUpdate() != null) {
-                            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, 
-                                AuditFormat.LEVEL,
-                                AuditFormat.CRLUPDATEFORMAT,
-                                new Object[] { 
-                                    AuditFormat.FROMAGENT + " agentID: " + agentId,
-                                    authMgr,
-                                    "completed",
-                                    crlIssuingPoint.getId(),
-                                    crlIssuingPoint.getCRLNumber(),
-                                    crlIssuingPoint.getLastUpdate(),
-                                    crlIssuingPoint.getNextUpdate(),
-                                    Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)}
-                            );
-                        }else {
-                            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, 
-                                AuditFormat.LEVEL,
-                                AuditFormat.CRLUPDATEFORMAT,
-                                new Object[] { 
-                                    AuditFormat.FROMAGENT + " agentID: " + agentId,
-                                    authMgr,
-                                    "completed",
-                                    crlIssuingPoint.getId(),
-                                    crlIssuingPoint.getCRLNumber(),
-                                    crlIssuingPoint.getLastUpdate(),
-                                    "not set",
-                                    Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.CRLUPDATEFORMAT,
+                                    new Object[] {
+                                            AuditFormat.FROMAGENT + " agentID: " + agentId,
+                                            authMgr,
+                                            "completed",
+                                            crlIssuingPoint.getId(),
+                                            crlIssuingPoint.getCRLNumber(),
+                                            crlIssuingPoint.getLastUpdate(),
+                                            crlIssuingPoint.getNextUpdate(),
+                                            Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime) }
+                                    );
+                        } else {
+                            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.CRLUPDATEFORMAT,
+                                    new Object[] {
+                                            AuditFormat.FROMAGENT + " agentID: " + agentId,
+                                            authMgr,
+                                            "completed",
+                                            crlIssuingPoint.getId(),
+                                            crlIssuingPoint.getCRLNumber(),
+                                            crlIssuingPoint.getLastUpdate(),
+                                            "not set",
+                                            Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime) }
+                                    );
                         }
                     } catch (EBaseException e) {
                         log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_UPDATE_CRL", e.toString()));
@@ -511,8 +510,7 @@ public class UpdateCRL extends CMSServlet {
                     }
                 }
             } else {
-                if (crlIssuingPoint.isCRLIssuingPointInitialized()
-                           != ICRLIssuingPoint.CRL_IP_INITIALIZED) {
+                if (crlIssuingPoint.isCRLIssuingPointInitialized() != ICRLIssuingPoint.CRL_IP_INITIALIZED) {
                     header.addStringValue("crlUpdate", "notInitialized");
                 } else if (crlIssuingPoint.isCRLUpdateInProgress()
                            != ICRLIssuingPoint.CRL_UPDATE_DONE ||
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java
index ccba3362..27de7b28 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Enumeration;
@@ -58,10 +57,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Update the configured LDAP server with specified objects
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UpdateDir extends CMSServlet {
@@ -85,12 +83,12 @@ public class UpdateDir extends CMSServlet {
     private final static int REVOKED_FROM = 10;
     private final static int REVOKED_TO = 11;
     private final static int CHECK_FLAG = 12;
-    private final static String[] updateName = 
-        {"updateAll", "updateCRL", "updateCA",
-            "updateValid", "validFrom", "validTo",
-            "updateExpired", "expiredFrom", "expiredTo",
-            "updateRevoked", "revokedFrom", "revokedTo",
-            "checkFlag"};
+    private final static String[] updateName =
+        { "updateAll", "updateCRL", "updateCA",
+                "updateValid", "validFrom", "validTo",
+                "updateExpired", "expiredFrom", "expiredTo",
+                "updateRevoked", "revokedFrom", "revokedTo",
+                "checkFlag" };
 
     private String mFormPath = null;
     private ICertificateAuthority mCA = null;
@@ -112,7 +110,7 @@ public class UpdateDir extends CMSServlet {
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
 
-        if( mAuthority != null ) {
+        if (mAuthority != null) {
             mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
             if (mAuthority instanceof ICertificateAuthority) {
                 mCA = (ICertificateAuthority) mAuthority;
@@ -129,8 +127,8 @@ public class UpdateDir extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
-     *
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -146,10 +144,10 @@ public class UpdateDir extends CMSServlet {
                         mAuthzResourceName, "update");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -169,17 +167,17 @@ public class UpdateDir extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         try {
             String crlIssuingPointId = req.getParameter("crlIssuingPoint");
 
             if (mPublisherProcessor == null ||
-                !mPublisherProcessor.enabled())
+                    !mPublisherProcessor.enabled())
                 throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_PUB_MODULE"));
 
             String[] updateValue = new String[updateName.length];
@@ -191,7 +189,7 @@ public class UpdateDir extends CMSServlet {
             String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", "");
             String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", "");
             if (masterHost != null && masterHost.length() > 0 &&
-                masterPort != null && masterPort.length() > 0) {
+                    masterPort != null && masterPort.length() > 0) {
                 mClonedCA = true;
             }
 
@@ -206,29 +204,29 @@ public class UpdateDir extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
     private void updateCRLIssuingPoint(
-        IArgBlock header, 
-        String crlIssuingPointId,
-        ICRLIssuingPoint crlIssuingPoint,
-        Locale locale) {
+            IArgBlock header,
+            String crlIssuingPointId,
+            ICRLIssuingPoint crlIssuingPoint,
+            Locale locale) {
         SessionContext sc = SessionContext.getContext();
 
         sc.put(ICRLIssuingPoint.SC_ISSUING_POINT_ID, crlIssuingPointId);
@@ -237,28 +235,28 @@ public class UpdateDir extends CMSServlet {
 
         try {
             if (mCRLRepository != null) {
-                crlRecord = (ICRLIssuingPointRecord)mCRLRepository.readCRLIssuingPointRecord(crlIssuingPointId);
+                crlRecord = (ICRLIssuingPointRecord) mCRLRepository.readCRLIssuingPointRecord(crlIssuingPointId);
             }
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_CRL_RECORD", e.toString()));
         }
 
         if (crlRecord == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
             header.addStringValue("crlPublished", "Failure");
             header.addStringValue("crlError",
-                new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
         } else {
-            String publishDN = (crlIssuingPoint != null)? crlIssuingPoint.getPublishDN(): null;
+            String publishDN = (crlIssuingPoint != null) ? crlIssuingPoint.getPublishDN() : null;
             byte[] crlbytes = crlRecord.getCRL();
 
             if (crlbytes == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", ""));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", ""));
                 header.addStringValue("crlPublished", "Failure");
                 header.addStringValue("crlError",
-                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+                        new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
             } else {
                 X509CRLImpl crl = null;
 
@@ -271,13 +269,13 @@ public class UpdateDir extends CMSServlet {
                 if (crl == null) {
                     header.addStringValue("crlPublished", "Failure");
                     header.addStringValue("crlError",
-                        new ECMSGWException(CMS.getUserMessage(locale,"CMS_GW_DECODE_CRL_FAILED")).toString());
+                            new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
                 } else {
                     try {
                         if (publishDN != null) {
                             mPublisherProcessor.publishCRL(publishDN, crl);
                         } else {
-                            mPublisherProcessor.publishCRL(crl,crlIssuingPointId);
+                            mPublisherProcessor.publishCRL(crl, crlIssuingPointId);
                         }
                         header.addStringValue("crlPublished", "Success");
                     } catch (ELdapException e) {
@@ -307,20 +305,20 @@ public class UpdateDir extends CMSServlet {
                     BigInteger deltaNumber = crlRecord.getDeltaCRLNumber();
                     Long deltaCRLSize = crlRecord.getDeltaCRLSize();
                     if (deltaCRLSize != null && deltaCRLSize.longValue() > -1 &&
-                        crlNumber != null && deltaNumber != null &&
-                        deltaNumber.compareTo(crlNumber) >= 0) {
+                            crlNumber != null && deltaNumber != null &&
+                            deltaNumber.compareTo(crlNumber) >= 0) {
                         goodDelta = true;
                     }
                 }
 
                 if (deltaCrl != null && ((mClonedCA && goodDelta) ||
-                    (crlIssuingPoint != null &&
-                     crlIssuingPoint.isThisCurrentDeltaCRL(deltaCrl)))) {
+                        (crlIssuingPoint != null &&
+                        crlIssuingPoint.isThisCurrentDeltaCRL(deltaCrl)))) {
                     try {
                         if (publishDN != null) {
                             mPublisherProcessor.publishCRL(publishDN, deltaCrl);
                         } else {
-                            mPublisherProcessor.publishCRL(deltaCrl,crlIssuingPointId);
+                            mPublisherProcessor.publishCRL(deltaCrl, crlIssuingPointId);
                         }
                     } catch (ELdapException e) {
                         log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_PUBLISH_DELTA_CRL", e.toString()));
@@ -331,16 +329,16 @@ public class UpdateDir extends CMSServlet {
     }
 
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        String crlIssuingPointId,
-        String[] updateValue,
-        Locale locale)
-        throws EBaseException {
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            String crlIssuingPointId,
+            String[] updateValue,
+            Locale locale)
+            throws EBaseException {
         // all or crl
         if ((updateValue[UPDATE_ALL] != null &&
                 updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
-            (updateValue[UPDATE_CRL] != null &&
+                (updateValue[UPDATE_CRL] != null &&
                 updateValue[UPDATE_CRL].equalsIgnoreCase("yes"))) {
             // check if received issuing point ID is known to the server
             if (crlIssuingPointId != null) {
@@ -352,7 +350,8 @@ public class UpdateDir extends CMSServlet {
                     if (crlIssuingPointId.equals(ip.getId())) {
                         break;
                     }
-                    if (!ips.hasMoreElements()) crlIssuingPointId = null;
+                    if (!ips.hasMoreElements())
+                        crlIssuingPointId = null;
                 }
             }
             if (crlIssuingPointId == null) {
@@ -361,7 +360,7 @@ public class UpdateDir extends CMSServlet {
                     Vector ipNames = mCRLRepository.getIssuingPointsNames();
                     if (ipNames != null && ipNames.size() > 0) {
                         for (int i = 0; i < ipNames.size(); i++) {
-                            String ipName = (String)ipNames.elementAt(i);
+                            String ipName = (String) ipNames.elementAt(i);
 
                             updateCRLIssuingPoint(header, ipName, null, locale);
                         }
@@ -377,11 +376,11 @@ public class UpdateDir extends CMSServlet {
                 }
             } else {
                 ICRLIssuingPoint crlIssuingPoint =
-                    mCA.getCRLIssuingPoint(crlIssuingPointId);
+                        mCA.getCRLIssuingPoint(crlIssuingPointId);
                 ICRLIssuingPointRecord crlRecord = null;
 
-                updateCRLIssuingPoint(header, crlIssuingPointId, 
-                    crlIssuingPoint, locale);
+                updateCRLIssuingPoint(header, crlIssuingPointId,
+                        crlIssuingPoint, locale);
             }
         }
 
@@ -390,7 +389,7 @@ public class UpdateDir extends CMSServlet {
         // all or ca
         if ((updateValue[UPDATE_ALL] != null &&
                 updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
-            (updateValue[UPDATE_CA] != null &&
+                (updateValue[UPDATE_CA] != null &&
                 updateValue[UPDATE_CA].equalsIgnoreCase("yes"))) {
             X509CertImpl caCert = mCA.getSigningUnit().getCertImpl();
 
@@ -408,7 +407,7 @@ public class UpdateDir extends CMSServlet {
         // all or valid
         if ((updateValue[UPDATE_ALL] != null &&
                 updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
-            (updateValue[UPDATE_VALID] != null &&
+                (updateValue[UPDATE_VALID] != null &&
                 updateValue[UPDATE_VALID].equalsIgnoreCase("yes"))) {
             if (certificateRepository != null) {
                 if (updateValue[VALID_FROM].startsWith("0x")) {
@@ -420,16 +419,16 @@ public class UpdateDir extends CMSServlet {
                 Enumeration validCerts = null;
 
                 if (updateValue[CHECK_FLAG] != null &&
-                    updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
-                    validCerts = 
+                        updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
+                    validCerts =
                             certificateRepository.getValidNotPublishedCertificates(
-                                updateValue[VALID_FROM],
-                                updateValue[VALID_TO]);
+                                    updateValue[VALID_FROM],
+                                    updateValue[VALID_TO]);
                 } else {
-                    validCerts = 
+                    validCerts =
                             certificateRepository.getValidCertificates(
-                                updateValue[VALID_FROM],
-                                updateValue[VALID_TO]);
+                                    updateValue[VALID_FROM],
+                                    updateValue[VALID_TO]);
                 }
                 int i = 0;
                 int l = 0;
@@ -438,7 +437,7 @@ public class UpdateDir extends CMSServlet {
                 if (validCerts != null) {
                     while (validCerts.hasMoreElements()) {
                         ICertRecord certRecord =
-                            (ICertRecord) validCerts.nextElement();
+                                (ICertRecord) validCerts.nextElement();
                         //X509CertImpl cert = certRecord.getCertificate();
                         X509CertImpl cert = null;
                         Object o = certRecord.getCertificate();
@@ -454,9 +453,9 @@ public class UpdateDir extends CMSServlet {
                             // ca's self signed signing cert and
                             // server cert has no related request and
                             // have no metaInfo
-                            log(ILogger.LL_FAILURE,					
-                                CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
-                                    cert.getSerialNumber().toString(16)));
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
+                                            cert.getSerialNumber().toString(16)));
                         } else {
                             ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
                         }
@@ -465,55 +464,55 @@ public class UpdateDir extends CMSServlet {
 
                         if (ridString != null) {
                             RequestId rid = new RequestId(ridString);
-						
+
                             r = mCA.getRequestQueue().findRequest(rid);
-                        } 
+                        }
 
                         try {
                             l++;
-                            SessionContext sc = SessionContext.getContext();                                
+                            SessionContext sc = SessionContext.getContext();
 
                             if (r == null) {
                                 if (CMS.isEncryptionCert(cert))
                                     sc.put((Object) "isEncryptionCert", (Object) "true");
-                                else 
+                                else
                                     sc.put((Object) "isEncryptionCert", (Object) "false");
                                 mPublisherProcessor.publishCert(cert, null);
                             } else {
                                 if (CMS.isEncryptionCert(cert))
                                     r.setExtData("isEncryptionCert", "true");
-                                else 
+                                else
                                     r.setExtData("isEncryptionCert", "false");
                                 mPublisherProcessor.publishCert(cert, r);
                             }
                             i++;
                         } catch (Exception e) {
-                            log(ILogger.LL_FAILURE, 
-                                CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", certRecord.getSerialNumber().toString(16),
-                                    e.toString()));
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", certRecord.getSerialNumber().toString(16),
+                                            e.toString()));
                             validCertsError +=
                                     "Failed to publish certificate: 0x" +
-                                    certRecord.getSerialNumber().toString(16) +
-                                    ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
+                                            certRecord.getSerialNumber().toString(16) +
+                                            ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
                         }
                     }
                 }
                 if (i > 0 && i == l) {
                     header.addStringValue("validCertsPublished",
-                        "Success");
+                            "Success");
                     if (i == 1)
-                        header.addStringValue("validCertsError", i + 
-                            " valid certificate is published in the directory.");
+                        header.addStringValue("validCertsError", i +
+                                " valid certificate is published in the directory.");
                     else
-                        header.addStringValue("validCertsError", i + 
-                            " valid certificates are published in the directory.");
+                        header.addStringValue("validCertsError", i +
+                                " valid certificates are published in the directory.");
                 } else {
                     if (l == 0) {
                         header.addStringValue("validCertsPublished", "No");
                     } else {
                         header.addStringValue("validCertsPublished", "Failure");
-                        header.addStringValue("validCertsError", 
-                            validCertsError);
+                        header.addStringValue("validCertsError",
+                                validCertsError);
                     }
                 }
             } else {
@@ -525,7 +524,7 @@ public class UpdateDir extends CMSServlet {
         // all or expired
         if ((updateValue[UPDATE_ALL] != null &&
                 updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
-            (updateValue[UPDATE_EXPIRED] != null &&
+                (updateValue[UPDATE_EXPIRED] != null &&
                 updateValue[UPDATE_EXPIRED].equalsIgnoreCase("yes"))) {
             if (certificateRepository != null) {
                 if (updateValue[EXPIRED_FROM].startsWith("0x")) {
@@ -537,25 +536,25 @@ public class UpdateDir extends CMSServlet {
                 Enumeration expiredCerts = null;
 
                 if (updateValue[CHECK_FLAG] != null &&
-                    updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
+                        updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
                     expiredCerts =
                             certificateRepository.getExpiredPublishedCertificates(
-                                updateValue[EXPIRED_FROM],
-                                updateValue[EXPIRED_TO]);
+                                    updateValue[EXPIRED_FROM],
+                                    updateValue[EXPIRED_TO]);
                 } else {
                     expiredCerts =
                             certificateRepository.getExpiredCertificates(
-                                updateValue[EXPIRED_FROM],
-                                updateValue[EXPIRED_TO]);
+                                    updateValue[EXPIRED_FROM],
+                                    updateValue[EXPIRED_TO]);
                 }
                 int i = 0;
                 int l = 0;
                 StringBuffer expiredCertsError = new StringBuffer();
 
-                if (expiredCerts != null) { 
+                if (expiredCerts != null) {
                     while (expiredCerts.hasMoreElements()) {
                         ICertRecord certRecord =
-                            (ICertRecord) expiredCerts.nextElement();
+                                (ICertRecord) expiredCerts.nextElement();
                         //X509CertImpl cert = certRecord.getCertificate();
                         X509CertImpl cert = null;
                         Object o = certRecord.getCertificate();
@@ -571,9 +570,9 @@ public class UpdateDir extends CMSServlet {
                             // ca's self signed signing cert and
                             // server cert has no related request and
                             // have no metaInfo
-                            log(ILogger.LL_FAILURE,					
-                                CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
-                                    cert.getSerialNumber().toString(16)));
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
+                                            cert.getSerialNumber().toString(16)));
                         } else {
                             ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
                         }
@@ -582,9 +581,9 @@ public class UpdateDir extends CMSServlet {
 
                         if (ridString != null) {
                             RequestId rid = new RequestId(ridString);
-						
+
                             r = mCA.getRequestQueue().findRequest(rid);
-                        } 
+                        }
 
                         try {
                             l++;
@@ -595,10 +594,10 @@ public class UpdateDir extends CMSServlet {
                             }
                             i++;
                         } catch (Exception e) {
-                            log(ILogger.LL_FAILURE, 
-                                CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
-                                    certRecord.getSerialNumber().toString(16),
-                                    e.toString()));
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
+                                            certRecord.getSerialNumber().toString(16),
+                                            e.toString()));
                             expiredCertsError.append(
                                     "Failed to unpublish certificate: 0x");
                             expiredCertsError.append(
@@ -611,18 +610,18 @@ public class UpdateDir extends CMSServlet {
                 if (i > 0 && i == l) {
                     header.addStringValue("expiredCertsUnpublished", "Success");
                     if (i == 1)
-                        header.addStringValue("expiredCertsError", i + 
-                            " expired certificate is unpublished in the directory.");
+                        header.addStringValue("expiredCertsError", i +
+                                " expired certificate is unpublished in the directory.");
                     else
-                        header.addStringValue("expiredCertsError", i + 
-                            " expired certificates are unpublished in the directory.");
+                        header.addStringValue("expiredCertsError", i +
+                                " expired certificates are unpublished in the directory.");
                 } else {
                     if (l == 0) {
                         header.addStringValue("expiredCertsUnpublished", "No");
                     } else {
                         header.addStringValue("expiredCertsUnpublished", "Failure");
-                        header.addStringValue("expiredCertsError", 
-                            expiredCertsError.toString());
+                        header.addStringValue("expiredCertsError",
+                                expiredCertsError.toString());
                     }
                 }
             } else {
@@ -634,7 +633,7 @@ public class UpdateDir extends CMSServlet {
         // all or revoked
         if ((updateValue[UPDATE_ALL] != null &&
                 updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
-            (updateValue[UPDATE_REVOKED] != null &&
+                (updateValue[UPDATE_REVOKED] != null &&
                 updateValue[UPDATE_REVOKED].equalsIgnoreCase("yes"))) {
             if (certificateRepository != null) {
                 if (updateValue[REVOKED_FROM].startsWith("0x")) {
@@ -646,25 +645,25 @@ public class UpdateDir extends CMSServlet {
                 Enumeration revokedCerts = null;
 
                 if (updateValue[CHECK_FLAG] != null &&
-                    updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
+                        updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
                     revokedCerts =
                             certificateRepository.getRevokedPublishedCertificates(
-                                updateValue[REVOKED_FROM],
-                                updateValue[REVOKED_TO]);
+                                    updateValue[REVOKED_FROM],
+                                    updateValue[REVOKED_TO]);
                 } else {
                     revokedCerts =
                             certificateRepository.getRevokedCertificates(
-                                updateValue[REVOKED_FROM],
-                                updateValue[REVOKED_TO]);
+                                    updateValue[REVOKED_FROM],
+                                    updateValue[REVOKED_TO]);
                 }
                 int i = 0;
                 int l = 0;
                 String revokedCertsError = "";
 
-                if (revokedCerts != null) { 
+                if (revokedCerts != null) {
                     while (revokedCerts.hasMoreElements()) {
                         ICertRecord certRecord =
-                            (ICertRecord) revokedCerts.nextElement();
+                                (ICertRecord) revokedCerts.nextElement();
                         //X509CertImpl cert = certRecord.getCertificate();
                         X509CertImpl cert = null;
                         Object o = certRecord.getCertificate();
@@ -680,9 +679,9 @@ public class UpdateDir extends CMSServlet {
                             // ca's self signed signing cert and
                             // server cert has no related request and
                             // have no metaInfo
-                            log(ILogger.LL_FAILURE,					
-                                CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
-                                    cert.getSerialNumber().toString(16)));
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
+                                            cert.getSerialNumber().toString(16)));
                         } else {
                             ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
                         }
@@ -691,9 +690,9 @@ public class UpdateDir extends CMSServlet {
 
                         if (ridString != null) {
                             RequestId rid = new RequestId(ridString);
-						
+
                             r = mCA.getRequestQueue().findRequest(rid);
-                        } 
+                        }
 
                         try {
                             l++;
@@ -704,32 +703,32 @@ public class UpdateDir extends CMSServlet {
                             }
                             i++;
                         } catch (Exception e) {
-                            log(ILogger.LL_FAILURE, 
-                                CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
-                                    certRecord.getSerialNumber().toString(16),
-                                    e.toString()));
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
+                                            certRecord.getSerialNumber().toString(16),
+                                            e.toString()));
                             revokedCertsError +=
                                     "Failed to unpublish certificate: 0x" +
-                                    certRecord.getSerialNumber().toString(16) +
-                                    ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
+                                            certRecord.getSerialNumber().toString(16) +
+                                            ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
                         }
                     }
                 }
                 if (i > 0 && i == l) {
                     header.addStringValue("revokedCertsUnpublished", "Success");
                     if (i == 1)
-                        header.addStringValue("revokedCertsError", i + 
-                            " revoked certificate is unpublished in the directory.");
+                        header.addStringValue("revokedCertsError", i +
+                                " revoked certificate is unpublished in the directory.");
                     else
-                        header.addStringValue("revokedCertsError", i + 
-                            " revoked certificates are unpublished in the directory.");
+                        header.addStringValue("revokedCertsError", i +
+                                " revoked certificates are unpublished in the directory.");
                 } else {
                     if (l == 0) {
                         header.addStringValue("revokedCertsUnpublished", "No");
                     } else {
                         header.addStringValue("revokedCertsUnpublished", "Failure");
-                        header.addStringValue("revokedCertsError", 
-                            revokedCertsError);
+                        header.addStringValue("revokedCertsError",
+                                revokedCertsError);
                     }
                 }
             } else {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
index f181e156..da78a38e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
@@ -122,242 +122,234 @@ import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cms.servlet.profile.SSLClientCertProvider;
 import com.netscape.cmsutil.scep.CRSPKIMessage;
 
-
 /**
  * This servlet deals with PKCS#10-based certificate requests from
  * CRS, now called SCEP, and defined at:
- *    http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt
+ * http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt
  * 
  * The router is hardcoded to look for the http://host:80/cgi-bin/pkiclient.exe
- *
+ * 
  * The HTTP parameters are 'operation' and 'message'
  * operation can be either 'GetCACert' or 'PKIOperation'
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class CRSEnrollment extends HttpServlet
-{
-  /**
+public class CRSEnrollment extends HttpServlet {
+    /**
      *
      */
     private static final long serialVersionUID = 8483002540957382369L;
-protected IProfileSubsystem     mProfileSubsystem = null;
-  protected String                mProfileId = null;
-  protected ICertAuthority        mAuthority;
-  protected IConfigStore          mConfig = null;
-  protected IAuthSubsystem        mAuthSubsystem;
-  protected String                mAppendDN=null;
-  protected String                mEntryObjectclass=null;
-  protected boolean               mCreateEntry=false;
-  protected boolean               mFlattenDN=false;
-
-  private   String                mAuthManagerName;
-  private   String                mSubstoreName;
-  private   boolean               mEnabled = false;
-  private   boolean               mUseCA = true;
-  private   String                mNickname = null;
-  private   String                mTokenName = "";
-  private   String                mHashAlgorithm = "SHA1";
-  private   String                mHashAlgorithmList = null;
-  private   String[]              mAllowedHashAlgorithm;
-  private   String                mConfiguredEncryptionAlgorithm = "DES3";
-  private   String                mEncryptionAlgorithm = "DES3";
-  private   String                mEncryptionAlgorithmList = null;
-  private   String[]              mAllowedEncryptionAlgorithm;
-  private   Random                mRandom = null;
-  private   int                   mNonceSizeLimit = 0;
-  protected ILogger mLogger =      CMS.getLogger();
-  private ICertificateAuthority ca;
-		/* for hashing challenge password */
-  protected MessageDigest mSHADigest = null;
-    
-  private static final String PROP_SUBSTORENAME   = "substorename";
-  private static final String PROP_AUTHORITY   = "authority";
-  private static final String PROP_CRS        = "crs";
-  private static final String PROP_CRSCA      = "casubsystem";
-  private static final String PROP_CRSAUTHMGR = "authName";
-  private static final String PROP_APPENDDN   = "appendDN";
-  private static final String PROP_CREATEENTRY= "createEntry";
-  private static final String PROP_FLATTENDN  = "flattenDN";
-  private static final String PROP_ENTRYOC    = "entryObjectclass";
-    
-  // URL parameters
-  private static final String URL_OPERATION   = "operation";
-  private static final String URL_MESSAGE     = "message";
-
-  // possible values for 'operation'
-  private static final String OP_GETCACERT    = "GetCACert";
-  private static final String OP_PKIOPERATION = "PKIOperation";
-
-  public static final String AUTH_PASSWORD    = "pwd";
-
-  public static final String AUTH_CREDS       = "AuthCreds";
-  public static final String AUTH_TOKEN       = "AuthToken";
-  public static final String AUTH_FAILED      = "AuthFailed";
- 
-  public static final String SANE_DNSNAME     = "DNSName";
-  public static final String SANE_IPADDRESS   = "IPAddress";
-
-  public static final String CERTINFO         = "CertInfo";
-  public static final String SUBJECTNAME      = "SubjectName";
-
-
-  public static ObjectIdentifier OID_UNSTRUCTUREDNAME    = null;
-  public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null;
-  public static ObjectIdentifier OID_SERIALNUMBER        = null;
-
-  public CRSEnrollment(){}
-
-  public static Hashtable<String, String> toHashtable(HttpServletRequest req) {
-       Hashtable<String, String> httpReqHash = new Hashtable<String, String>();
-       @SuppressWarnings("unchecked")
-	Enumeration<String> names = req.getParameterNames();
-       while (names.hasMoreElements()) {
-               String name = (String)names.nextElement();
-               httpReqHash.put(name, req.getParameter(name));
-       }
-       return httpReqHash;
-   }
-
-  public void init(ServletConfig sc) {
-      // Find the CertificateAuthority we should use for CRS.
-	  String crsCA = sc.getInitParameter(PROP_AUTHORITY);
-	  if (crsCA == null)
-		  crsCA = "ca";
-	  mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA);
-	  ca = (ICertificateAuthority)mAuthority;
-
-	  if (mAuthority == null) {
-          log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY",crsCA));
-	  }
-
-      try {
-          if (mAuthority instanceof ISubsystem) {
-              IConfigStore authorityConfig = ((ISubsystem)mAuthority).getConfigStore();
-              IConfigStore scepConfig = authorityConfig.getSubStore("scep");
-              mEnabled = scepConfig.getBoolean("enable", false);
-              mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1");
-              mConfiguredEncryptionAlgorithm = scepConfig.getString("encryptionAlgorithm", "DES3");
-              mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0);
-              mHashAlgorithmList = scepConfig.getString("allowedHashAlgorithms", "SHA1,SHA256,SHA512");
-              mAllowedHashAlgorithm = mHashAlgorithmList.split(",");
-              mEncryptionAlgorithmList = scepConfig.getString("allowedEncryptionAlgorithms", "DES3");
-              mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList.split(",");
-              mNickname = scepConfig.getString("nickname", ca.getNickname());
-              if (mNickname.equals(ca.getNickname())) {
-                  mTokenName = ca.getSigningUnit().getTokenName();
-              } else {
-                  mTokenName = scepConfig.getString("tokenname", "");
-                  mUseCA = false;
-              }
-              if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
-                    mTokenName.equalsIgnoreCase("Internal Key Storage Token") ||
-                    mTokenName.length() == 0)) {
-                  int i = mNickname.indexOf(':');
-                  if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) {
-                      mNickname = mTokenName + ":" + mNickname;
-                  }
-              }
-          }
-      } catch (EBaseException e) {
-          CMS.debug("CRSEnrollment: init: EBaseException: "+e);
-      } 
-      mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm;
-      CMS.debug("CRSEnrollment: init: SCEP support is "+((mEnabled)?"enabled":"disabled")+".");
-      CMS.debug("CRSEnrollment: init: SCEP nickname: "+mNickname);
-      CMS.debug("CRSEnrollment: init:   CA nickname: "+ca.getNickname());
-      CMS.debug("CRSEnrollment: init:    Token name: "+mTokenName);
-      CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: "+mUseCA);
-      CMS.debug("CRSEnrollment: init: mNonceSizeLimit: "+mNonceSizeLimit);
-      CMS.debug("CRSEnrollment: init: mHashAlgorithm: "+mHashAlgorithm);
-      CMS.debug("CRSEnrollment: init: mHashAlgorithmList: "+mHashAlgorithmList);
-      for (int i = 0; i < mAllowedHashAlgorithm.length; i++) {
-          mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim();
-          CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm["+i+"]="+mAllowedHashAlgorithm[i]);
-      }
-      CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: "+mEncryptionAlgorithm);
-      CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: "+mEncryptionAlgorithmList);
-      for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) {
-          mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i].trim();
-          CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm["+i+"]="+mAllowedEncryptionAlgorithm[i]);
-      }
-
-      try {
-	      mProfileSubsystem = (IProfileSubsystem)CMS.getSubsystem("profile");
-          mProfileId  = sc.getInitParameter("profileId");
-          CMS.debug("CRSEnrollment: init: mProfileId="+mProfileId);
-
-	      mAuthSubsystem   = (IAuthSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-          mAuthManagerName  = sc.getInitParameter(PROP_CRSAUTHMGR);
-          mAppendDN         = sc.getInitParameter(PROP_APPENDDN);
-		  String tmp = sc.getInitParameter(PROP_CREATEENTRY);
-		  if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
-			  mCreateEntry = true;
-		  else
-			  mCreateEntry = false;
-		  tmp = sc.getInitParameter(PROP_FLATTENDN);
-		  if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
-			  mFlattenDN = true;
-		  else
-			  mFlattenDN = false;
-          mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC);
-		  if (mEntryObjectclass == null)
-			  mEntryObjectclass = "cep";
-          mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME);
-		  if (mSubstoreName == null)
-			  mSubstoreName = "default";
-      } catch (Exception e) {
-      } 
-
-      OID_UNSTRUCTUREDNAME    = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDNAME");
-      OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDADDRESS");
-      OID_SERIALNUMBER        = X500NameAttrMap.getDefault().getOid("SERIALNUMBER");
-
-
-	try {
-      mSHADigest = MessageDigest.getInstance("SHA1");
+    protected IProfileSubsystem mProfileSubsystem = null;
+    protected String mProfileId = null;
+    protected ICertAuthority mAuthority;
+    protected IConfigStore mConfig = null;
+    protected IAuthSubsystem mAuthSubsystem;
+    protected String mAppendDN = null;
+    protected String mEntryObjectclass = null;
+    protected boolean mCreateEntry = false;
+    protected boolean mFlattenDN = false;
+
+    private String mAuthManagerName;
+    private String mSubstoreName;
+    private boolean mEnabled = false;
+    private boolean mUseCA = true;
+    private String mNickname = null;
+    private String mTokenName = "";
+    private String mHashAlgorithm = "SHA1";
+    private String mHashAlgorithmList = null;
+    private String[] mAllowedHashAlgorithm;
+    private String mConfiguredEncryptionAlgorithm = "DES3";
+    private String mEncryptionAlgorithm = "DES3";
+    private String mEncryptionAlgorithmList = null;
+    private String[] mAllowedEncryptionAlgorithm;
+    private Random mRandom = null;
+    private int mNonceSizeLimit = 0;
+    protected ILogger mLogger = CMS.getLogger();
+    private ICertificateAuthority ca;
+    /* for hashing challenge password */
+    protected MessageDigest mSHADigest = null;
+
+    private static final String PROP_SUBSTORENAME = "substorename";
+    private static final String PROP_AUTHORITY = "authority";
+    private static final String PROP_CRS = "crs";
+    private static final String PROP_CRSCA = "casubsystem";
+    private static final String PROP_CRSAUTHMGR = "authName";
+    private static final String PROP_APPENDDN = "appendDN";
+    private static final String PROP_CREATEENTRY = "createEntry";
+    private static final String PROP_FLATTENDN = "flattenDN";
+    private static final String PROP_ENTRYOC = "entryObjectclass";
+
+    // URL parameters
+    private static final String URL_OPERATION = "operation";
+    private static final String URL_MESSAGE = "message";
+
+    // possible values for 'operation'
+    private static final String OP_GETCACERT = "GetCACert";
+    private static final String OP_PKIOPERATION = "PKIOperation";
+
+    public static final String AUTH_PASSWORD = "pwd";
+
+    public static final String AUTH_CREDS = "AuthCreds";
+    public static final String AUTH_TOKEN = "AuthToken";
+    public static final String AUTH_FAILED = "AuthFailed";
+
+    public static final String SANE_DNSNAME = "DNSName";
+    public static final String SANE_IPADDRESS = "IPAddress";
+
+    public static final String CERTINFO = "CertInfo";
+    public static final String SUBJECTNAME = "SubjectName";
+
+    public static ObjectIdentifier OID_UNSTRUCTUREDNAME = null;
+    public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null;
+    public static ObjectIdentifier OID_SERIALNUMBER = null;
+
+    public CRSEnrollment() {
+    }
+
+    public static Hashtable<String, String> toHashtable(HttpServletRequest req) {
+        Hashtable<String, String> httpReqHash = new Hashtable<String, String>();
+        @SuppressWarnings("unchecked")
+        Enumeration<String> names = req.getParameterNames();
+        while (names.hasMoreElements()) {
+            String name = (String) names.nextElement();
+            httpReqHash.put(name, req.getParameter(name));
+        }
+        return httpReqHash;
+    }
+
+    public void init(ServletConfig sc) {
+        // Find the CertificateAuthority we should use for CRS.
+        String crsCA = sc.getInitParameter(PROP_AUTHORITY);
+        if (crsCA == null)
+            crsCA = "ca";
+        mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA);
+        ca = (ICertificateAuthority) mAuthority;
+
+        if (mAuthority == null) {
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY", crsCA));
+        }
+
+        try {
+            if (mAuthority instanceof ISubsystem) {
+                IConfigStore authorityConfig = ((ISubsystem) mAuthority).getConfigStore();
+                IConfigStore scepConfig = authorityConfig.getSubStore("scep");
+                mEnabled = scepConfig.getBoolean("enable", false);
+                mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1");
+                mConfiguredEncryptionAlgorithm = scepConfig.getString("encryptionAlgorithm", "DES3");
+                mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0);
+                mHashAlgorithmList = scepConfig.getString("allowedHashAlgorithms", "SHA1,SHA256,SHA512");
+                mAllowedHashAlgorithm = mHashAlgorithmList.split(",");
+                mEncryptionAlgorithmList = scepConfig.getString("allowedEncryptionAlgorithms", "DES3");
+                mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList.split(",");
+                mNickname = scepConfig.getString("nickname", ca.getNickname());
+                if (mNickname.equals(ca.getNickname())) {
+                    mTokenName = ca.getSigningUnit().getTokenName();
+                } else {
+                    mTokenName = scepConfig.getString("tokenname", "");
+                    mUseCA = false;
+                }
+                if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
+                        mTokenName.equalsIgnoreCase("Internal Key Storage Token") || mTokenName.length() == 0)) {
+                    int i = mNickname.indexOf(':');
+                    if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) {
+                        mNickname = mTokenName + ":" + mNickname;
+                    }
+                }
+            }
+        } catch (EBaseException e) {
+            CMS.debug("CRSEnrollment: init: EBaseException: " + e);
+        }
+        mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm;
+        CMS.debug("CRSEnrollment: init: SCEP support is " + ((mEnabled) ? "enabled" : "disabled") + ".");
+        CMS.debug("CRSEnrollment: init: SCEP nickname: " + mNickname);
+        CMS.debug("CRSEnrollment: init:   CA nickname: " + ca.getNickname());
+        CMS.debug("CRSEnrollment: init:    Token name: " + mTokenName);
+        CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: " + mUseCA);
+        CMS.debug("CRSEnrollment: init: mNonceSizeLimit: " + mNonceSizeLimit);
+        CMS.debug("CRSEnrollment: init: mHashAlgorithm: " + mHashAlgorithm);
+        CMS.debug("CRSEnrollment: init: mHashAlgorithmList: " + mHashAlgorithmList);
+        for (int i = 0; i < mAllowedHashAlgorithm.length; i++) {
+            mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim();
+            CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm[" + i + "]=" + mAllowedHashAlgorithm[i]);
+        }
+        CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: " + mEncryptionAlgorithm);
+        CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: " + mEncryptionAlgorithmList);
+        for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) {
+            mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i].trim();
+            CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm[" + i + "]=" + mAllowedEncryptionAlgorithm[i]);
+        }
+
+        try {
+            mProfileSubsystem = (IProfileSubsystem) CMS.getSubsystem("profile");
+            mProfileId = sc.getInitParameter("profileId");
+            CMS.debug("CRSEnrollment: init: mProfileId=" + mProfileId);
+
+            mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+            mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR);
+            mAppendDN = sc.getInitParameter(PROP_APPENDDN);
+            String tmp = sc.getInitParameter(PROP_CREATEENTRY);
+            if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
+                mCreateEntry = true;
+            else
+                mCreateEntry = false;
+            tmp = sc.getInitParameter(PROP_FLATTENDN);
+            if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
+                mFlattenDN = true;
+            else
+                mFlattenDN = false;
+            mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC);
+            if (mEntryObjectclass == null)
+                mEntryObjectclass = "cep";
+            mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME);
+            if (mSubstoreName == null)
+                mSubstoreName = "default";
+        } catch (Exception e) {
+        }
+
+        OID_UNSTRUCTUREDNAME = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDNAME");
+        OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDADDRESS");
+        OID_SERIALNUMBER = X500NameAttrMap.getDefault().getOid("SERIALNUMBER");
+
+        try {
+            mSHADigest = MessageDigest.getInstance("SHA1");
+        } catch (NoSuchAlgorithmException e) {
+        }
+
+        mRandom = new Random();
     }
-    catch (NoSuchAlgorithmException e) {
-      }
-
-      mRandom = new Random();
-  }
-
-
-  /**
-   *
-   * Service a CRS Request. It all starts here. This is where the message from the
-   * router is processed
-   *
-   * @param httpReq     The HttpServletRequest.
-   * @param httpResp    The HttpServletResponse.
-   *
-   */
-  public void service(HttpServletRequest httpReq,
+
+    /**
+     * 
+     * Service a CRS Request. It all starts here. This is where the message from the
+     * router is processed
+     * 
+     * @param httpReq The HttpServletRequest.
+     * @param httpResp The HttpServletResponse.
+     * 
+     */
+    public void service(HttpServletRequest httpReq,
                       HttpServletResponse httpResp)
-    throws ServletException
-    {
-		boolean running_state = CMS.isInRunningState();
-		if (!running_state)
-			throw new ServletException(
-				"CMS server is not ready to serve.");
+            throws ServletException {
+        boolean running_state = CMS.isInRunningState();
+        if (!running_state)
+            throw new ServletException(
+                    "CMS server is not ready to serve.");
 
         String operation = null;
-        String message   = null;
+        String message = null;
         mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm;
-        
-      
+
         // Parse the URL from the HTTP Request. Split it up into
         // a structure which enables us to read the form elements
         IArgBlock input = CMS.createArgBlock(toHashtable(httpReq));
-        
-        try {            
+
+        try {
             // Read in two form parameters - the router sets these
-            operation = (String)input.get(URL_OPERATION);
+            operation = (String) input.get(URL_OPERATION);
             CMS.debug("operation=" + operation);
-            message   = (String)input.get(URL_MESSAGE);
+            message = (String) input.get(URL_MESSAGE);
             CMS.debug("message=" + message);
-            
+
             if (!mEnabled) {
                 CMS.debug("CRSEnrollment: SCEP support is disabled.");
                 throw new ServletException("SCEP support is disabled.");
@@ -366,55 +358,48 @@ protected IProfileSubsystem     mProfileSubsystem = null;
                 // 'operation' is mandatory.
                 throw new ServletException("Bad request: operation missing from URL");
             }
-            
-            /** 
-             *  the router can make two kinds of requests
-             *  1) simple request for CA cert
-             *  2) encoded, signed, enveloped request for anything else (PKIOperation)
+
+            /**
+             * the router can make two kinds of requests
+             * 1) simple request for CA cert
+             * 2) encoded, signed, enveloped request for anything else (PKIOperation)
              */
-            
+
             if (operation.equals(OP_GETCACERT)) {
-                handleGetCACert(httpReq, httpResp);  
-            }
-            else if (operation.equals(OP_PKIOPERATION)) {
-                String decodeMode   = (String)input.get("decode");
+                handleGetCACert(httpReq, httpResp);
+            } else if (operation.equals(OP_PKIOPERATION)) {
+                String decodeMode = (String) input.get("decode");
                 if (decodeMode == null || decodeMode.equals("false")) {
-                  handlePKIOperation(httpReq, httpResp, message);
+                    handlePKIOperation(httpReq, httpResp, message);
                 } else {
-                  decodePKIMessage(httpReq, httpResp, message);
+                    decodePKIMessage(httpReq, httpResp, message);
                 }
-            }
-            else {
+            } else {
                 CMS.debug("Invalid operation " + operation);
-                throw new ServletException("unknown operation requested: "+operation);
+                throw new ServletException("unknown operation requested: " + operation);
             }
-                    
-        }
-        catch (ServletException e)
-        {
+
+        } catch (ServletException e) {
             CMS.debug("ServletException " + e);
             throw new ServletException(e.getMessage().toString());
+        } catch (Exception e) {
+            CMS.debug("Service exception " + e);
+            log(ILogger.LL_FAILURE, e.getMessage());
         }
-        catch (Exception e)
-            {
-                CMS.debug("Service exception " + e);
-                log(ILogger.LL_FAILURE,e.getMessage());
-            }
-        
+
     }
 
     /**
-     *  Log a message to the system log
+     * Log a message to the system log
      */
 
-
     private void log(int level, String msg) {
-        
+
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    level, "CEP Enrollment: "+msg);
+                    level, "CEP Enrollment: " + msg);
     }
 
-    private boolean isAlgorithmAllowed (String[] allowedAlgorithm, String algorithm) {
+    private boolean isAlgorithmAllowed(String[] allowedAlgorithm, String algorithm) {
         boolean allowed = false;
 
         if (algorithm != null && algorithm.length() > 0) {
@@ -429,7 +414,7 @@ protected IProfileSubsystem     mProfileSubsystem = null;
     }
 
     public IAuthToken authenticate(AuthCredentials credentials, IProfileAuthenticator authenticator,
-        HttpServletRequest request)  throws EBaseException {
+            HttpServletRequest request) throws EBaseException {
 
         // build credential
         Enumeration<String> authNames = authenticator.getValueNames();
@@ -445,314 +430,308 @@ protected IProfileSubsystem     mProfileSubsystem = null;
         credentials.set("clientHost", request.getRemoteHost());
         IAuthToken authToken = authenticator.authenticate(credentials);
         if (authToken == null) {
-          return null;
+            return null;
         }
         SessionContext sc = SessionContext.getContext();
         if (sc != null) {
-          sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
-          String userid = authToken.getInString(IAuthToken.USER_ID);
-          if (userid != null) {
-            sc.put(SessionContext.USER_ID, userid);
-          }
+            sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
+            String userid = authToken.getInString(IAuthToken.USER_ID);
+            if (userid != null) {
+                sc.put(SessionContext.USER_ID, userid);
+            }
         }
 
         return authToken;
     }
 
-  /**
-   *  Return the CA certificate back to the requestor.
-   *  This needs to be changed so that if the CA has a certificate chain,
-   *  the whole thing should get packaged as a PKIMessage (degnerate PKCS7 - no
-   *  signerInfo)
-   */
-    
-  public void handleGetCACert(HttpServletRequest httpReq,
-                              HttpServletResponse httpResp) 
-    throws ServletException {
-      java.security.cert.X509Certificate[]  chain = null;
-
-      CertificateChain certChain = mAuthority.getCACertChain();
-        
-      try {
-          if (certChain == null) {
-              throw new ServletException("Internal Error: cannot get CA Cert");
-          }
-
-          chain = certChain.getChain();
-        
-          byte[] bytes = null;
-		  
-          int i = 0;
-          String message   = (String)httpReq.getParameter(URL_MESSAGE);
-          CMS.debug("handleGetCACert message=" + message);
-          if (message != null) {
-            try {
-              int j = Integer.parseInt(message);
-              if (j < chain.length) {
-                i = j;
-              }
-            } catch (NumberFormatException e1) {
+    /**
+     * Return the CA certificate back to the requestor.
+     * This needs to be changed so that if the CA has a certificate chain,
+     * the whole thing should get packaged as a PKIMessage (degnerate PKCS7 - no
+     * signerInfo)
+     */
+
+    public void handleGetCACert(HttpServletRequest httpReq,
+                              HttpServletResponse httpResp)
+            throws ServletException {
+        java.security.cert.X509Certificate[] chain = null;
+
+        CertificateChain certChain = mAuthority.getCACertChain();
+
+        try {
+            if (certChain == null) {
+                throw new ServletException("Internal Error: cannot get CA Cert");
+            }
+
+            chain = certChain.getChain();
+
+            byte[] bytes = null;
+
+            int i = 0;
+            String message = (String) httpReq.getParameter(URL_MESSAGE);
+            CMS.debug("handleGetCACert message=" + message);
+            if (message != null) {
+                try {
+                    int j = Integer.parseInt(message);
+                    if (j < chain.length) {
+                        i = j;
+                    }
+                } catch (NumberFormatException e1) {
+                }
+            }
+            CMS.debug("handleGetCACert selected chain=" + i);
+
+            if (mUseCA) {
+                bytes = chain[i].getEncoded();
+            } else {
+                CryptoContext cx = new CryptoContext();
+                bytes = cx.getSigningCert().getEncoded();
+            }
+
+            httpResp.setContentType("application/x-x509-ca-cert");
+
+            // The following code may be used one day to encode
+            // the RA/CA cert chain for RA mode, but it will need some
+            // work.
+
+            /******
+             * SET certs = new SET();
+             * for (int i=0; i<chain.length; i++) {
+             * ANY cert = new ANY(chain[i].getEncoded());
+             * certs.addElement(cert);
+             * }
+             * 
+             * SignedData crsd = new SignedData(
+             * new SET(), // empty set of digestAlgorithmID's
+             * new ContentInfo(
+             * new OBJECT_IDENTIFIER(new long[] {1,2,840,113549,1,7,1}),
+             * null), //empty content
+             * certs,
+             * null, // no CRL's
+             * new SET() // empty SignerInfos
+             * );
+             * 
+             * ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, crsd);
+             * 
+             * ByteArrayOutputStream baos = new ByteArrayOutputStream();
+             * wrap.encode(baos);
+             * 
+             * bytes = baos.toByteArray();
+             * 
+             * httpResp.setContentType("application/x-x509-ca-ra-cert");
+             *****/
+
+            httpResp.setContentLength(bytes.length);
+            httpResp.getOutputStream().write(bytes);
+            httpResp.getOutputStream().flush();
+
+            CMS.debug("Output certificate chain:");
+            CMS.debug(bytes);
+        } catch (Exception e) {
+            CMS.debug("handleGetCACert exception " + e);
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT", e.getMessage()));
+            throw new ServletException("Failed sending DER encoded version of CA cert to client");
+        }
+
+    }
+
+    public String getPasswordFromP10(PKCS10 p10) {
+        PKCS10Attributes p10atts = p10.getAttributes();
+        Enumeration<PKCS10Attribute> e = p10atts.getElements();
+
+        try {
+            while (e.hasMoreElements()) {
+                PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement();
+                CertAttrSet attr = p10a.getAttributeValue();
+
+                if (attr.getName().equals(ChallengePassword.NAME)) {
+                    if (attr.get(ChallengePassword.PASSWORD) != null) {
+                        return (String) attr.get(ChallengePassword.PASSWORD);
+                    }
+                }
             }
-          }
-          CMS.debug("handleGetCACert selected chain=" + i);
-
-          if (mUseCA) {
-              bytes = chain[i].getEncoded();
-          } else {
-              CryptoContext cx = new CryptoContext();
-              bytes = cx.getSigningCert().getEncoded();
-          }
-
-          httpResp.setContentType("application/x-x509-ca-cert");
-
-
-// The following code may be used one day to encode
-// the RA/CA cert chain for RA mode, but it will need some
-// work.
-
-  /******
-              SET certs  = new SET();
-              for (int i=0; i<chain.length; i++) {
-                  ANY cert   = new ANY(chain[i].getEncoded());
-                  certs.addElement(cert);
-              }
-
-              SignedData crsd  = new SignedData(
-                      new SET(),         // empty set of digestAlgorithmID's
-                      new ContentInfo(
-                      new OBJECT_IDENTIFIER(new long[] {1,2,840,113549,1,7,1}),
-                                             null), //empty content
-                      certs,
-                      null,     // no CRL's
-                      new SET() // empty SignerInfos
-                      );
-
-              ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, crsd);
-
-              ByteArrayOutputStream baos = new ByteArrayOutputStream();
-              wrap.encode(baos);
-
-              bytes = baos.toByteArray();
-
-              httpResp.setContentType("application/x-x509-ca-ra-cert");
-  *****/ 
-
-          httpResp.setContentLength(bytes.length);
-          httpResp.getOutputStream().write(bytes);
-          httpResp.getOutputStream().flush();
-
-          CMS.debug("Output certificate chain:");
-          CMS.debug(bytes);
-      }
-      catch (Exception e) {
-          CMS.debug("handleGetCACert exception " + e);
-          log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT",e.getMessage()));
-          throw new ServletException("Failed sending DER encoded version of CA cert to client");
-      }
-
-  }
-    
-  public String getPasswordFromP10(PKCS10 p10) 
-  {
-     PKCS10Attributes p10atts = p10.getAttributes();
-     Enumeration<PKCS10Attribute> e = p10atts.getElements();
-              
-     try {
-       while (e.hasMoreElements()) {
-         PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement();
-         CertAttrSet attr = p10a.getAttributeValue();
-
-         if (attr.getName().equals(ChallengePassword.NAME)) {
-           if (attr.get(ChallengePassword.PASSWORD) != null) {
-             return (String)attr.get(ChallengePassword.PASSWORD);
-           }
-         }
-       }
-     } catch(Exception e1) {
-       // do nothing
-     }
-     return null;
-  }
-
-  /**
-   *  If the 'operation' is 'PKIOperation', the 'message' part of the URL is a
-   *  PKIMessage structure. We decode it to see what type message it is.
-   */
-
-  /**
-   * Decodes the PKI message and return information to RA.
-   */
-  public void decodePKIMessage(HttpServletRequest httpReq,
+        } catch (Exception e1) {
+            // do nothing
+        }
+        return null;
+    }
+
+    /**
+     * If the 'operation' is 'PKIOperation', the 'message' part of the URL is a
+     * PKIMessage structure. We decode it to see what type message it is.
+     */
+
+    /**
+     * Decodes the PKI message and return information to RA.
+     */
+    public void decodePKIMessage(HttpServletRequest httpReq,
                                  HttpServletResponse httpResp,
                                  String msg)
-    throws ServletException {
-
-      CryptoContext cx=null;
-
-      CRSPKIMessage req=null;
-        
-      byte[] decodedPKIMessage;
-      byte[] response=null;
-      String responseData = "";
-        
-      decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg);
-            
-      try {
-          ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage);
-
-          // We make two CRSPKIMessages. One of them, is the request, so we initialize
-          // it from the DER given to us from the router.
-          // The second is the response, and we'll fill this in as we go.
-
-          if (decodedPKIMessage.length < 50) {
-		  	throw new ServletException("CRS request is too small to be a real request ("+
-				decodedPKIMessage.length+" bytes)");
-			}
-		  try {
-          	req = new CRSPKIMessage(is);
-          	String ea = req.getEncryptionAlgorithm();
-            if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) {
-                CMS.debug("CRSEnrollment: decodePKIMessage:  Encryption algorithm '"+ea+
-                          "' is not allowed ("+mEncryptionAlgorithmList+").");
-                throw new ServletException("Encryption algorithm '"+ea+
-                                           "' is not allowed ("+mEncryptionAlgorithmList+").");
+            throws ServletException {
+
+        CryptoContext cx = null;
+
+        CRSPKIMessage req = null;
+
+        byte[] decodedPKIMessage;
+        byte[] response = null;
+        String responseData = "";
+
+        decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg);
+
+        try {
+            ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage);
+
+            // We make two CRSPKIMessages. One of them, is the request, so we initialize
+            // it from the DER given to us from the router.
+            // The second is the response, and we'll fill this in as we go.
+
+            if (decodedPKIMessage.length < 50) {
+                throw new ServletException("CRS request is too small to be a real request (" +
+                        decodedPKIMessage.length + " bytes)");
             }
-          	String da = req.getDigestAlgorithmName();
-            if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) {
-                CMS.debug("CRSEnrollment: decodePKIMessage:  Hashing algorithm '"+da+
-                          "' is not allowed ("+mHashAlgorithmList+").");
-                throw new ServletException("Hashing algorithm '"+da+
-                                           "' is not allowed ("+mHashAlgorithmList+").");
+            try {
+                req = new CRSPKIMessage(is);
+                String ea = req.getEncryptionAlgorithm();
+                if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) {
+                    CMS.debug("CRSEnrollment: decodePKIMessage:  Encryption algorithm '" + ea +
+                            "' is not allowed (" + mEncryptionAlgorithmList + ").");
+                    throw new ServletException("Encryption algorithm '" + ea +
+                                           "' is not allowed (" + mEncryptionAlgorithmList + ").");
+                }
+                String da = req.getDigestAlgorithmName();
+                if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) {
+                    CMS.debug("CRSEnrollment: decodePKIMessage:  Hashing algorithm '" + da +
+                            "' is not allowed (" + mHashAlgorithmList + ").");
+                    throw new ServletException("Hashing algorithm '" + da +
+                                           "' is not allowed (" + mHashAlgorithmList + ").");
+                }
+                if (ea != null) {
+                    mEncryptionAlgorithm = ea;
+                }
+            } catch (Exception e) {
+                CMS.debug(e);
+                throw new ServletException("Could not decode the request.");
             }
-          	if (ea != null) {
-          	    mEncryptionAlgorithm = ea;
-          	}
-		  }
-		  catch (Exception e) {
-            CMS.debug(e);
-		  	throw new ServletException("Could not decode the request.");
-		  }
-                
-          // Create a new crypto context for doing all the crypto operations
-          cx = new CryptoContext();
-
-          // Verify Signature on message (throws exception if sig bad)
-          verifyRequest(req,cx);
-          unwrapPKCS10(req,cx);
-
-          IProfile profile = mProfileSubsystem.getProfile(mProfileId);
-          if (profile == null) {
-              CMS.debug("Profile '" + mProfileId + "' not found.");
-              throw new ServletException("Profile '" + mProfileId + "' not found.");
-          } else {
-              CMS.debug("Found profile '" + mProfileId + "'.");
-          }
-
-          IProfileAuthenticator authenticator = null;
-          try {
-              CMS.debug("Retrieving authenticator");
-              authenticator = profile.getAuthenticator();
-              if (authenticator == null) {
-                  CMS.debug("Authenticator not found.");
-                  throw new ServletException("Authenticator not found.");
-              } else {
-                  CMS.debug("Got authenticator=" + authenticator.getClass().getName());
-              }
-          } catch (EProfileException e) {
-              throw new ServletException("Authenticator not found.");
-          }
-          AuthCredentials credentials = new AuthCredentials();
-          IAuthToken authToken = null;
-          // for ssl authentication; pass in servlet for retrieving
-          // ssl client certificates
-          SessionContext context = SessionContext.getContext();
-
-          // insert profile context so that input parameter can be retrieved
-          context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq));
-
-          try {
-              authToken = authenticate(credentials, authenticator, httpReq);
-          } catch (Exception e) {
-              CMS.debug("Authentication failure: "+ e.getMessage());
-              throw new ServletException("Authentication failure: "+ e.getMessage());
-          }
-          if (authToken == null) {
-              CMS.debug("Authentication failure.");
-              throw new ServletException("Authentication failure.");
-          }
-
-          // Deal with Transaction ID
-          String transactionID = req.getTransactionID();
-          responseData = responseData + 
-              "<TransactionID>" + transactionID + "</TransactionID>";
-
-          // End-User or RA's IP address
-          responseData = responseData + 
-              "<RemoteAddr>" + httpReq.getRemoteAddr() + "</RemoteAddr>";
-
-          responseData = responseData + 
-              "<RemoteHost>" + httpReq.getRemoteHost() + "</RemoteHost>";
-                
-          // Deal with Nonces
-          byte[] sn = req.getSenderNonce();
-                
-          // Deal with message type
-          String mt = req.getMessageType();
-          responseData = responseData + 
-              "<MessageType>" + mt + "</MessageType>";
-
-          PKCS10 p10 = (PKCS10)req.getP10();
-          X500Name p10subject      = p10.getSubjectName();
-          responseData = responseData + 
-              "<SubjectName>" + p10subject.toString() + "</SubjectName>";
-
-          String pkcs10Attr = "";
-              PKCS10Attributes p10atts = p10.getAttributes();
-              Enumeration<PKCS10Attribute> e = p10atts.getElements();
-              
-              while (e.hasMoreElements()) {
-                  PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement();
-                  CertAttrSet attr = p10a.getAttributeValue();
-
-
-                  if (attr.getName().equals(ChallengePassword.NAME)) {
-					  if (attr.get(ChallengePassword.PASSWORD) != null) {
-                                pkcs10Attr = pkcs10Attr + 
-                                         "<ChallengePassword><Password>" + (String)attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>";
-                      }
-                  
-                  }
-                  String extensionsStr = "";
-                  if (attr.getName().equals(ExtensionsRequested.NAME)) {
-
-					Enumeration<Extension> exts = ((ExtensionsRequested)attr).getExtensions().elements();
-					while (exts.hasMoreElements()) {
-						Extension ext =  exts.nextElement();
-
-						if (ext.getExtensionId().equals(
-							OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) {
-							DerOutputStream dos = new DerOutputStream();
-							SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension(
-									Boolean.valueOf(false),  // noncritical
-									ext.getExtensionValue());
-
-								
-							@SuppressWarnings("unchecked")
-							Vector<GeneralNameInterface> v = 
-                              (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME);
-
-							Enumeration<GeneralNameInterface> gne = v.elements();
+
+            // Create a new crypto context for doing all the crypto operations
+            cx = new CryptoContext();
+
+            // Verify Signature on message (throws exception if sig bad)
+            verifyRequest(req, cx);
+            unwrapPKCS10(req, cx);
+
+            IProfile profile = mProfileSubsystem.getProfile(mProfileId);
+            if (profile == null) {
+                CMS.debug("Profile '" + mProfileId + "' not found.");
+                throw new ServletException("Profile '" + mProfileId + "' not found.");
+            } else {
+                CMS.debug("Found profile '" + mProfileId + "'.");
+            }
+
+            IProfileAuthenticator authenticator = null;
+            try {
+                CMS.debug("Retrieving authenticator");
+                authenticator = profile.getAuthenticator();
+                if (authenticator == null) {
+                    CMS.debug("Authenticator not found.");
+                    throw new ServletException("Authenticator not found.");
+                } else {
+                    CMS.debug("Got authenticator=" + authenticator.getClass().getName());
+                }
+            } catch (EProfileException e) {
+                throw new ServletException("Authenticator not found.");
+            }
+            AuthCredentials credentials = new AuthCredentials();
+            IAuthToken authToken = null;
+            // for ssl authentication; pass in servlet for retrieving
+            // ssl client certificates
+            SessionContext context = SessionContext.getContext();
+
+            // insert profile context so that input parameter can be retrieved
+            context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq));
+
+            try {
+                authToken = authenticate(credentials, authenticator, httpReq);
+            } catch (Exception e) {
+                CMS.debug("Authentication failure: " + e.getMessage());
+                throw new ServletException("Authentication failure: " + e.getMessage());
+            }
+            if (authToken == null) {
+                CMS.debug("Authentication failure.");
+                throw new ServletException("Authentication failure.");
+            }
+
+            // Deal with Transaction ID
+            String transactionID = req.getTransactionID();
+            responseData = responseData +
+                    "<TransactionID>" + transactionID + "</TransactionID>";
+
+            // End-User or RA's IP address
+            responseData = responseData +
+                    "<RemoteAddr>" + httpReq.getRemoteAddr() + "</RemoteAddr>";
+
+            responseData = responseData +
+                    "<RemoteHost>" + httpReq.getRemoteHost() + "</RemoteHost>";
+
+            // Deal with Nonces
+            byte[] sn = req.getSenderNonce();
+
+            // Deal with message type
+            String mt = req.getMessageType();
+            responseData = responseData +
+                    "<MessageType>" + mt + "</MessageType>";
+
+            PKCS10 p10 = (PKCS10) req.getP10();
+            X500Name p10subject = p10.getSubjectName();
+            responseData = responseData +
+                    "<SubjectName>" + p10subject.toString() + "</SubjectName>";
+
+            String pkcs10Attr = "";
+            PKCS10Attributes p10atts = p10.getAttributes();
+            Enumeration<PKCS10Attribute> e = p10atts.getElements();
+
+            while (e.hasMoreElements()) {
+                PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement();
+                CertAttrSet attr = p10a.getAttributeValue();
+
+                if (attr.getName().equals(ChallengePassword.NAME)) {
+                    if (attr.get(ChallengePassword.PASSWORD) != null) {
+                        pkcs10Attr = pkcs10Attr +
+                                         "<ChallengePassword><Password>" + (String) attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>";
+                    }
+
+                }
+                String extensionsStr = "";
+                if (attr.getName().equals(ExtensionsRequested.NAME)) {
+
+                    Enumeration<Extension> exts = ((ExtensionsRequested) attr).getExtensions().elements();
+                    while (exts.hasMoreElements()) {
+                        Extension ext = exts.nextElement();
+
+                        if (ext.getExtensionId().equals(
+                                OIDMap.getOID(SubjectAlternativeNameExtension.IDENT))) {
+                            DerOutputStream dos = new DerOutputStream();
+                            SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension(
+                                    Boolean.valueOf(false), // noncritical
+                                    ext.getExtensionValue());
+
+                            @SuppressWarnings("unchecked")
+                            Vector<GeneralNameInterface> v =
+                                    (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+
+                            Enumeration<GeneralNameInterface> gne = v.elements();
 
                             StringBuffer subjAltNameStr = new StringBuffer();
-							while (gne.hasMoreElements()) {
-								GeneralNameInterface gni =  gne.nextElement();
-								if (gni instanceof GeneralName) {
-									GeneralName genName = (GeneralName) gni;
+                            while (gne.hasMoreElements()) {
+                                GeneralNameInterface gni = gne.nextElement();
+                                if (gni instanceof GeneralName) {
+                                    GeneralName genName = (GeneralName) gni;
 
-									String gn = genName.toString();
-									int colon = gn.indexOf(':');
-									String gnType = gn.substring(0,colon).trim();
-									String gnValue = gn.substring(colon+1).trim();
+                                    String gn = genName.toString();
+                                    int colon = gn.indexOf(':');
+                                    String gnType = gn.substring(0, colon).trim();
+                                    String gnValue = gn.substring(colon + 1).trim();
 
                                     subjAltNameStr.append("<");
                                     subjAltNameStr.append(gnType);
@@ -761,1453 +740,1393 @@ protected IProfileSubsystem     mProfileSubsystem = null;
                                     subjAltNameStr.append("</");
                                     subjAltNameStr.append(gnType);
                                     subjAltNameStr.append(">");
-								}
-							} // while
+                                }
+                            } // while
                             extensionsStr = "<SubjAltName>" +
-                                 subjAltNameStr.toString() + "</SubjAltName>";
-						} // if
-					} // while
-                    pkcs10Attr = pkcs10Attr + 
+                                    subjAltNameStr.toString() + "</SubjAltName>";
+                        } // if
+                    } // while
+                    pkcs10Attr = pkcs10Attr +
                                          "<Extensions>" + extensionsStr + "</Extensions>";
-				} // if extensions
-              } // while
-          responseData = responseData + 
-              "<PKCS10>" + pkcs10Attr + "</PKCS10>";
-
-      } catch (ServletException e) {
-          throw new ServletException(e.getMessage().toString());
-      } catch (CRSInvalidSignatureException e) {
-          CMS.debug("handlePKIMessage exception " + e);
-          CMS.debug(e);
-      } catch (Exception e) {
-          CMS.debug("handlePKIMessage exception " + e);
-          CMS.debug(e);
-          throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage());
-      }
-
-      // We have now processed the request, and need to make the response message
-      
-      try {   
-
-          responseData = "<XMLResponse>" + responseData + "</XMLResponse>";
-          // Get the response coding
-          response = responseData.getBytes();
-            
-          // Encode the httpResp into B64
-          httpResp.setContentType("application/xml");
-          httpResp.setContentLength(response.length);
-          httpResp.getOutputStream().write(response);
-          httpResp.getOutputStream().flush();
-
-          int i1 = responseData.indexOf("<Password>");
-          if (i1 > -1) {
-              i1 += 10; // 10 is a length of "<Password>"
-              int i2 = responseData.indexOf("</Password>", i1);
-              if (i2 > -1) {
-                  responseData = responseData.substring(0, i1) + "********" +
+                } // if extensions
+            } // while
+            responseData = responseData +
+                    "<PKCS10>" + pkcs10Attr + "</PKCS10>";
+
+        } catch (ServletException e) {
+            throw new ServletException(e.getMessage().toString());
+        } catch (CRSInvalidSignatureException e) {
+            CMS.debug("handlePKIMessage exception " + e);
+            CMS.debug(e);
+        } catch (Exception e) {
+            CMS.debug("handlePKIMessage exception " + e);
+            CMS.debug(e);
+            throw new ServletException("Failed to process message in CEP servlet: " + e.getMessage());
+        }
+
+        // We have now processed the request, and need to make the response message
+
+        try {
+
+            responseData = "<XMLResponse>" + responseData + "</XMLResponse>";
+            // Get the response coding
+            response = responseData.getBytes();
+
+            // Encode the httpResp into B64
+            httpResp.setContentType("application/xml");
+            httpResp.setContentLength(response.length);
+            httpResp.getOutputStream().write(response);
+            httpResp.getOutputStream().flush();
+
+            int i1 = responseData.indexOf("<Password>");
+            if (i1 > -1) {
+                i1 += 10; // 10 is a length of "<Password>"
+                int i2 = responseData.indexOf("</Password>", i1);
+                if (i2 > -1) {
+                    responseData = responseData.substring(0, i1) + "********" +
                                  responseData.substring(i2, responseData.length());
-              }
-          }
-
-          CMS.debug("Output (decoding) PKIOperation response:");
-          CMS.debug(responseData);
-      }
-      catch (Exception e) {
-          throw new ServletException("Failed to create response for CEP message"+e.getMessage());
-      }
-
-  }
-    
-  
-  /**
-   *   finds a request with this transaction ID.
-   *   If could not find any request - return null
-   *   If could only find 'rejected' or 'cancelled' requests, return null
-   *   If found 'pending' or 'completed' request - return that request
-   */
-    
-    
-  public void handlePKIOperation(HttpServletRequest httpReq,
+                }
+            }
+
+            CMS.debug("Output (decoding) PKIOperation response:");
+            CMS.debug(responseData);
+        } catch (Exception e) {
+            throw new ServletException("Failed to create response for CEP message" + e.getMessage());
+        }
+
+    }
+
+    /**
+     * finds a request with this transaction ID.
+     * If could not find any request - return null
+     * If could only find 'rejected' or 'cancelled' requests, return null
+     * If found 'pending' or 'completed' request - return that request
+     */
+
+    public void handlePKIOperation(HttpServletRequest httpReq,
                                  HttpServletResponse httpResp,
                                  String msg)
-    throws ServletException {
-
-
-      CryptoContext cx=null;
-
-      CRSPKIMessage req=null;
-      CRSPKIMessage crsResp=null;
-        
-      byte[] decodedPKIMessage;
-      byte[] response=null;
-      X509CertImpl cert = null;
-        
-      decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg);
-            
-      try {
-          ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage);
-
-          // We make two CRSPKIMessages. One of them, is the request, so we initialize
-          // it from the DER given to us from the router.
-          // The second is the response, and we'll fill this in as we go.
-
-          if (decodedPKIMessage.length < 50) {
-		  	throw new ServletException("CRS request is too small to be a real request ("+
-				decodedPKIMessage.length+" bytes)");
-			}
-		  try {
-          	req = new CRSPKIMessage(is);
-          	String ea = req.getEncryptionAlgorithm();
-            if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) {
-                CMS.debug("CRSEnrollment: handlePKIOperation:  Encryption algorithm '"+ea+
-                          "' is not allowed ("+mEncryptionAlgorithmList+").");
-                throw new ServletException("Encryption algorithm '"+ea+
-                                           "' is not allowed ("+mEncryptionAlgorithmList+").");
+            throws ServletException {
+
+        CryptoContext cx = null;
+
+        CRSPKIMessage req = null;
+        CRSPKIMessage crsResp = null;
+
+        byte[] decodedPKIMessage;
+        byte[] response = null;
+        X509CertImpl cert = null;
+
+        decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg);
+
+        try {
+            ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage);
+
+            // We make two CRSPKIMessages. One of them, is the request, so we initialize
+            // it from the DER given to us from the router.
+            // The second is the response, and we'll fill this in as we go.
+
+            if (decodedPKIMessage.length < 50) {
+                throw new ServletException("CRS request is too small to be a real request (" +
+                        decodedPKIMessage.length + " bytes)");
             }
-          	String da = req.getDigestAlgorithmName();
-            if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) {
-                CMS.debug("CRSEnrollment: handlePKIOperation:  Hashing algorithm '"+da+
-                          "' is not allowed ("+mHashAlgorithmList+").");
-                throw new ServletException("Hashing algorithm '"+da+
-                                           "' is not allowed ("+mHashAlgorithmList+").");
+            try {
+                req = new CRSPKIMessage(is);
+                String ea = req.getEncryptionAlgorithm();
+                if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) {
+                    CMS.debug("CRSEnrollment: handlePKIOperation:  Encryption algorithm '" + ea +
+                            "' is not allowed (" + mEncryptionAlgorithmList + ").");
+                    throw new ServletException("Encryption algorithm '" + ea +
+                                           "' is not allowed (" + mEncryptionAlgorithmList + ").");
+                }
+                String da = req.getDigestAlgorithmName();
+                if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) {
+                    CMS.debug("CRSEnrollment: handlePKIOperation:  Hashing algorithm '" + da +
+                            "' is not allowed (" + mHashAlgorithmList + ").");
+                    throw new ServletException("Hashing algorithm '" + da +
+                                           "' is not allowed (" + mHashAlgorithmList + ").");
+                }
+                if (ea != null) {
+                    mEncryptionAlgorithm = ea;
+                }
+                crsResp = new CRSPKIMessage();
+            } catch (ServletException e) {
+                throw new ServletException(e.getMessage().toString());
+            } catch (Exception e) {
+                CMS.debug(e);
+                throw new ServletException("Could not decode the request.");
+            }
+            crsResp.setMessageType(CRSPKIMessage.mType_CertRep);
+
+            // Create a new crypto context for doing all the crypto operations
+            cx = new CryptoContext();
+
+            // Verify Signature on message (throws exception if sig bad)
+            verifyRequest(req, cx);
+
+            // Deal with Transaction ID
+            String transactionID = req.getTransactionID();
+            if (transactionID == null) {
+                throw new ServletException("Error: malformed PKIMessage - missing transactionID");
+            } else {
+                crsResp.setTransactionID(transactionID);
+            }
+
+            // Deal with Nonces
+            byte[] sn = req.getSenderNonce();
+            if (sn == null) {
+                throw new ServletException("Error: malformed PKIMessage - missing sendernonce");
+            } else {
+                if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) {
+                    byte[] snLimited = (mNonceSizeLimit > 0) ? new byte[mNonceSizeLimit] : null;
+                    System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit);
+                    crsResp.setRecipientNonce(snLimited);
+                } else {
+                    crsResp.setRecipientNonce(sn);
+                }
+                byte[] serverNonce = new byte[16];
+                mRandom.nextBytes(serverNonce);
+                crsResp.setSenderNonce(serverNonce);
+                // crsResp.setSenderNonce(new byte[] {0});
+            }
+
+            // Deal with message type
+            String mt = req.getMessageType();
+            if (mt == null) {
+                throw new ServletException("Error: malformed PKIMessage - missing messageType");
             }
-          	if (ea != null) {
-          	    mEncryptionAlgorithm = ea;
-          	}
-          	crsResp = new CRSPKIMessage();
-		  }
-          catch (ServletException e) {
-              throw new ServletException(e.getMessage().toString());
-          }
-		  catch (Exception e) {
+
+            // now run appropriate code, depending on message type
+            if (mt.equals(CRSPKIMessage.mType_PKCSReq)) {
+                CMS.debug("Processing PKCSReq");
+                try {
+                    // Check if there is an existing request. If this returns non-null,
+                    // then the request is 'active' (either pending or completed) in 
+                    // which case, we compare the hash of the new request to the hash of the
+                    // one in the queue - if they are the same, I return the state of the 
+                    // original request - as if it was 'getCertInitial' message.
+                    // If the hashes are different, then the user attempted to enroll
+                    // for a new request with the same txid, which is not allowed - 
+                    // so we return 'failure'.
+
+                    IRequest cmsRequest = findRequestByTransactionID(req.getTransactionID(), true);
+
+                    // If there was no request (with a cert) with this transaction ID, 
+                    // process it as a new request
+
+                    cert = handlePKCSReq(httpReq, cmsRequest, req, crsResp, cx);
+
+                } catch (CRSFailureException e) {
+                    throw new ServletException("Couldn't handle CEP request (PKCSReq) - " + e.getMessage());
+                }
+            } else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) {
+                CMS.debug("Processing GetCertInitial");
+                cert = handleGetCertInitial(req, crsResp);
+            } else {
+                CMS.debug("Invalid request type " + mt);
+            }
+        } catch (ServletException e) {
+            throw new ServletException(e.getMessage().toString());
+        } catch (CRSInvalidSignatureException e) {
+            CMS.debug("handlePKIMessage exception " + e);
+            CMS.debug(e);
+            crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
+        } catch (Exception e) {
+            CMS.debug("handlePKIMessage exception " + e);
             CMS.debug(e);
-		  	throw new ServletException("Could not decode the request.");
-		  }
-		  crsResp.setMessageType(CRSPKIMessage.mType_CertRep);
-                
-          // Create a new crypto context for doing all the crypto operations
-          cx = new CryptoContext();
-
-          // Verify Signature on message (throws exception if sig bad)
-          verifyRequest(req,cx);
-                
-          // Deal with Transaction ID
-          String transactionID = req.getTransactionID();
-          if (transactionID == null) {
-              throw new ServletException("Error: malformed PKIMessage - missing transactionID");
-          }
-          else {
-              crsResp.setTransactionID(transactionID);
-          }
-                
-          // Deal with Nonces
-          byte[] sn = req.getSenderNonce();
-          if (sn == null) {
-              throw new ServletException("Error: malformed PKIMessage - missing sendernonce");
-          }
-          else {
-              if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) {
-                  byte[] snLimited = (mNonceSizeLimit > 0)? new byte[mNonceSizeLimit]: null;
-                  System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit);
-                  crsResp.setRecipientNonce(snLimited);
-              } else {
-                  crsResp.setRecipientNonce(sn);
-              }
-              byte[] serverNonce = new byte[16];
-              mRandom.nextBytes(serverNonce);
-              crsResp.setSenderNonce(serverNonce);
-              // crsResp.setSenderNonce(new byte[] {0});
-          }
-                
-          // Deal with message type
-          String mt = req.getMessageType();
-          if (mt == null) {
-              throw new ServletException("Error: malformed PKIMessage - missing messageType");
-          }
-
-          // now run appropriate code, depending on message type
-          if (mt.equals(CRSPKIMessage.mType_PKCSReq)) {
-              CMS.debug("Processing PKCSReq");
-              try {
-                // Check if there is an existing request. If this returns non-null,
-				// then the request is 'active' (either pending or completed) in 
-				// which case, we compare the hash of the new request to the hash of the
-                // one in the queue - if they are the same, I return the state of the 
-                // original request - as if it was 'getCertInitial' message.
-                // If the hashes are different, then the user attempted to enroll
-                // for a new request with the same txid, which is not allowed - 
-                // so we return 'failure'.
-
-				IRequest cmsRequest= findRequestByTransactionID(req.getTransactionID(),true);
-
-                // If there was no request (with a cert) with this transaction ID, 
-                // process it as a new request
-
-                cert = handlePKCSReq(httpReq, cmsRequest,req,crsResp,cx);
-                
-              }
-              catch (CRSFailureException e) {
-                  throw new ServletException("Couldn't handle CEP request (PKCSReq) - "+e.getMessage());
-              }
-          }
-          else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) {
-              CMS.debug("Processing GetCertInitial");
-              cert = handleGetCertInitial(req,crsResp);
-          } else {
-              CMS.debug("Invalid request type " + mt);
-          }
-      }
-      catch (ServletException e) {
-          throw new ServletException(e.getMessage().toString());
-      }
-      catch (CRSInvalidSignatureException e) {
-          CMS.debug("handlePKIMessage exception " + e);
-          CMS.debug(e);
-          crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
-      }
-      catch (Exception e) {
-          CMS.debug("handlePKIMessage exception " + e);
-          CMS.debug(e);
-          throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage());
-      }
-
-      // We have now processed the request, and need to make the response message
-      
-      try {   
-          // make the response
-          processCertRep(cx, cert,crsResp, req);
-
-          // Get the response coding
-          response = crsResp.getResponse();
-            
-          // Encode the crsResp into B64
-          httpResp.setContentType("application/x-pki-message");
-          httpResp.setContentLength(response.length);
-          httpResp.getOutputStream().write(response);
-          httpResp.getOutputStream().flush();
-
-          CMS.debug("Output PKIOperation response:");
-          CMS.debug(CMS.BtoA(response));
-      }
-      catch (Exception e) {
-          throw new ServletException("Failed to create response for CEP message"+e.getMessage());
-      }
-
-  }
-    
-  
-  /**
-   *   finds a request with this transaction ID.
-   *   If could not find any request - return null
-   *   If could only find 'rejected' or 'cancelled' requests, return null
-   *   If found 'pending' or 'completed' request - return that request
-   */
-    
-  public IRequest findRequestByTransactionID(String txid, boolean ignoreRejected)
-    throws EBaseException {
-
-      /* Check if certificate request has been completed */
-        
-      IRequestQueue rq  = ca.getRequestQueue();
-      IRequest foundRequest = null;
-
-      Enumeration<RequestId> rids    = rq.findRequestsBySourceId(txid);
-	  if (rids == null) { return null; }
-
-      int count=0;
-      while (rids.hasMoreElements()) {
-			RequestId rid =  rids.nextElement();
-			if (rid == null) {
-				continue;
-			}
-			
-      		IRequest request = rq.findRequest(rid);
-			if (request == null) {
-				continue;
-			}
-			if ( !ignoreRejected || 
-				request.getRequestStatus().equals(RequestStatus.PENDING) ||
-			    request.getRequestStatus().equals(RequestStatus.COMPLETE)) {
-				if (foundRequest != null) {
-				}
-			foundRequest = request;
-			}
-		}
-	 return foundRequest;
-  }
-    
-  /** 
-   *  Called if the router is requesting us to send it its certificate
-   *  Examine request queue for a request matching the transaction ID.
-   *  Ignore any rejected or cancelled requests.
-   *
-   *  If a request is found in the pending state, the response should be
-   *  'pending'
-   *
-   *  If a request is found in the completed state, the response should be
-   *  to return the certificate
-   *
-   *  If no request is found, the response should be to return null
-   *
-   */
-
-  public X509CertImpl handleGetCertInitial(CRSPKIMessage req,CRSPKIMessage resp) 
-  {
-      IRequest foundRequest=null;
-
-      // already done by handlePKIOperation
-      // resp.setRecipientNonce(req.getSenderNonce());
-      // resp.setSenderNonce(null);
-
-	  try {
-	  	foundRequest = findRequestByTransactionID(req.getTransactionID(),false);
-	  } catch (EBaseException e) {
-      }
-
-	  if (foundRequest == null) {
-	  	resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId);
-	  	resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-		return null;
-	  }
-
-      return makeResponseFromRequest(req,resp,foundRequest);
-  }
-
-
-  public void verifyRequest(CRSPKIMessage req, CryptoContext cx)     
-    throws  CRSInvalidSignatureException {
-
-      // Get Signed Data
-      
-      byte[] reqAAbytes = req.getAA();
-      byte[] reqAAsig = req.getAADigest();
-        
-  }
-
-
-  /**
-   *  Create an entry for this user in the publishing directory
-   *
-   */
-
-   private boolean createEntry(String dn)
-   {
-      boolean result = false;
-
-      IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor();
-      if (ldapPub == null || !ldapPub.enabled()) {
-          log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP")); 
-
-          return result;
-      }
-
-      ILdapConnFactory connFactory = ((IPublisherProcessor)ldapPub).getLdapConnModule().getLdapConnFactory();
-      if (connFactory == null) {
-          return result;
-      }
-
-      LDAPConnection connection=null;
-      try {
-         connection = connFactory.getConn();
-         String[] objectclasses = { "top", mEntryObjectclass };
-         LDAPAttribute ocAttrs = new LDAPAttribute("objectclass",objectclasses);
-
-         LDAPAttributeSet attrSet = new LDAPAttributeSet();
-         attrSet.add(ocAttrs);
-
-         LDAPEntry newEntry = new LDAPEntry(dn, attrSet);
-         connection.add(newEntry);
-         result=true;
-      }
-      catch (Exception e) {
-          log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS",dn));
-      }
-      finally {
-          try {
-             connFactory.returnConn(connection);
-          }
-          catch (Exception f) {}
-      }
-      return result;
+            throw new ServletException("Failed to process message in CEP servlet: " + e.getMessage());
+        }
+
+        // We have now processed the request, and need to make the response message
+
+        try {
+            // make the response
+            processCertRep(cx, cert, crsResp, req);
+
+            // Get the response coding
+            response = crsResp.getResponse();
+
+            // Encode the crsResp into B64
+            httpResp.setContentType("application/x-pki-message");
+            httpResp.setContentLength(response.length);
+            httpResp.getOutputStream().write(response);
+            httpResp.getOutputStream().flush();
+
+            CMS.debug("Output PKIOperation response:");
+            CMS.debug(CMS.BtoA(response));
+        } catch (Exception e) {
+            throw new ServletException("Failed to create response for CEP message" + e.getMessage());
+        }
+
+    }
+
+    /**
+     * finds a request with this transaction ID.
+     * If could not find any request - return null
+     * If could only find 'rejected' or 'cancelled' requests, return null
+     * If found 'pending' or 'completed' request - return that request
+     */
+
+    public IRequest findRequestByTransactionID(String txid, boolean ignoreRejected)
+            throws EBaseException {
+
+        /* Check if certificate request has been completed */
+
+        IRequestQueue rq = ca.getRequestQueue();
+        IRequest foundRequest = null;
+
+        Enumeration<RequestId> rids = rq.findRequestsBySourceId(txid);
+        if (rids == null) {
+            return null;
+        }
+
+        int count = 0;
+        while (rids.hasMoreElements()) {
+            RequestId rid = rids.nextElement();
+            if (rid == null) {
+                continue;
+            }
+
+            IRequest request = rq.findRequest(rid);
+            if (request == null) {
+                continue;
+            }
+            if (!ignoreRejected ||
+                    request.getRequestStatus().equals(RequestStatus.PENDING) ||
+                    request.getRequestStatus().equals(RequestStatus.COMPLETE)) {
+                if (foundRequest != null) {
+                }
+                foundRequest = request;
+            }
+        }
+        return foundRequest;
     }
 
+    /**
+     * Called if the router is requesting us to send it its certificate
+     * Examine request queue for a request matching the transaction ID.
+     * Ignore any rejected or cancelled requests.
+     * 
+     * If a request is found in the pending state, the response should be
+     * 'pending'
+     * 
+     * If a request is found in the completed state, the response should be
+     * to return the certificate
+     * 
+     * If no request is found, the response should be to return null
+     * 
+     */
+
+    public X509CertImpl handleGetCertInitial(CRSPKIMessage req, CRSPKIMessage resp) {
+        IRequest foundRequest = null;
+
+        // already done by handlePKIOperation
+        // resp.setRecipientNonce(req.getSenderNonce());
+        // resp.setSenderNonce(null);
+
+        try {
+            foundRequest = findRequestByTransactionID(req.getTransactionID(), false);
+        } catch (EBaseException e) {
+        }
+
+        if (foundRequest == null) {
+            resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId);
+            resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+            return null;
+        }
+
+        return makeResponseFromRequest(req, resp, foundRequest);
+    }
+
+    public void verifyRequest(CRSPKIMessage req, CryptoContext cx)
+            throws CRSInvalidSignatureException {
+
+        // Get Signed Data
+
+        byte[] reqAAbytes = req.getAA();
+        byte[] reqAAsig = req.getAADigest();
+
+    }
+
+    /**
+     * Create an entry for this user in the publishing directory
+     * 
+     */
+
+    private boolean createEntry(String dn) {
+        boolean result = false;
 
+        IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor();
+        if (ldapPub == null || !ldapPub.enabled()) {
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP"));
+
+            return result;
+        }
 
-  /**
-   *  Here we decrypt the PKCS10 message from the client
-   *
-   */
-    
-  public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx)
-    throws   ServletException, 
+        ILdapConnFactory connFactory = ((IPublisherProcessor) ldapPub).getLdapConnModule().getLdapConnFactory();
+        if (connFactory == null) {
+            return result;
+        }
+
+        LDAPConnection connection = null;
+        try {
+            connection = connFactory.getConn();
+            String[] objectclasses = { "top", mEntryObjectclass };
+            LDAPAttribute ocAttrs = new LDAPAttribute("objectclass", objectclasses);
+
+            LDAPAttributeSet attrSet = new LDAPAttributeSet();
+            attrSet.add(ocAttrs);
+
+            LDAPEntry newEntry = new LDAPEntry(dn, attrSet);
+            connection.add(newEntry);
+            result = true;
+        } catch (Exception e) {
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS", dn));
+        } finally {
+            try {
+                connFactory.returnConn(connection);
+            } catch (Exception f) {
+            }
+        }
+        return result;
+    }
+
+    /**
+     * Here we decrypt the PKCS10 message from the client
+     * 
+     */
+
+    public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx)
+            throws ServletException,
              CryptoManager.NotInitializedException,
-			 CryptoContext.CryptoContextException,
+             CryptoContext.CryptoContextException,
              CRSFailureException {
-        
-      byte[] decryptedP10bytes = null;
-      SymmetricKey sk;
-      SymmetricKey skinternal;
-      SymmetricKey.Type skt;
-      KeyWrapper kw;
-      Cipher cip;
-      EncryptionAlgorithm ea;
-      boolean errorInRequest = false;
-
-      // Unwrap the session key with the Cert server key
-	try {
-      kw = cx.getKeyWrapper();
-
-      kw.initUnwrap(cx.getPrivateKey(),null);
-
-      skt = SymmetricKey.Type.DES;
-      ea = EncryptionAlgorithm.DES_CBC;
-      if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
-          skt = SymmetricKey.Type.DES3;
-          ea = EncryptionAlgorithm.DES3_CBC;
-      }
-
-      sk = kw.unwrapSymmetric(req.getWrappedKey(),
+
+        byte[] decryptedP10bytes = null;
+        SymmetricKey sk;
+        SymmetricKey skinternal;
+        SymmetricKey.Type skt;
+        KeyWrapper kw;
+        Cipher cip;
+        EncryptionAlgorithm ea;
+        boolean errorInRequest = false;
+
+        // Unwrap the session key with the Cert server key
+        try {
+            kw = cx.getKeyWrapper();
+
+            kw.initUnwrap(cx.getPrivateKey(), null);
+
+            skt = SymmetricKey.Type.DES;
+            ea = EncryptionAlgorithm.DES_CBC;
+            if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
+                skt = SymmetricKey.Type.DES3;
+                ea = EncryptionAlgorithm.DES3_CBC;
+            }
+
+            sk = kw.unwrapSymmetric(req.getWrappedKey(),
                               skt,
                               SymmetricKey.Usage.DECRYPT,
-                              0);  // keylength is ignored
-          
-     skinternal = cx.getDESKeyGenerator().clone(sk);
-          
-     cip = skinternal.getOwningToken().getCipherContext(ea);
-          
-     cip.initDecrypt(skinternal,(new IVParameterSpec(req.getIV())));
-        
-     decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10());
-     CMS.debug("decryptedP10bytes:");
-     CMS.debug(decryptedP10bytes);
-          
-     req.setP10(new PKCS10(decryptedP10bytes));
-     } catch (Exception e) {
-        CMS.debug("failed to unwrap PKCS10 " + e);
-		throw new CRSFailureException("Could not unwrap PKCS10 blob: "+e.getMessage());
-     }
-          
-  }
-
-
-
-private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp)
-  throws CRSFailureException {
-
-      IRequest issueReq = null;
-      X509CertImpl issuedCert=null;
-      SubjectAlternativeNameExtension sane = null;
-      CertAttrSet requested_ext = null;
-
-      try {
-             PKCS10 p10 = req.getP10();
-
-             if (p10 == null) {
-			     crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
-		  	     crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-			     throw new CRSFailureException("Failed to decode pkcs10 from CEP request");
-		      }
-                
-              AuthCredentials authCreds = new AuthCredentials();
-
-              String challengePassword = null;
-              // Here, we make a new CertInfo - it's a new start for a certificate
-                    
-              X509CertInfo certInfo = CMS.getDefaultX509CertInfo();
-                
-              // get some stuff out of the request
-              X509Key key              = p10.getSubjectPublicKeyInfo();
-              X500Name p10subject      = p10.getSubjectName();
-
-              X500Name subject=null;
-
-              // The following code will copy all the attributes
-			  // into the AuthCredentials so they can be used for
-			  // authentication
-			  //
-			  // Optionally, you can re-map the subject name from:
-              //   one RDN, with many AVA's    to
-              //   many RDN's with one AVA in each.
-
-              Enumeration<RDN> rdne     = p10subject.getRDNs();
-              Vector<RDN>      rdnv = new Vector<RDN>();
-
-			  Hashtable<String, String> sanehash = new Hashtable<String, String>();
-
-              X500NameAttrMap xnap = X500NameAttrMap.getDefault();
-              while (rdne.hasMoreElements()) {
-                  RDN rdn = (RDN) rdne.nextElement();
-                  int i=0;
-                  AVA[] oldavas = rdn.getAssertion();
-                  for (i=0; i<rdn.getAssertionLength(); i++) {
-                      AVA[] newavas = new AVA[1];
-                      newavas[0]    = oldavas[i];
-					  
-				      authCreds.set(xnap.getName(oldavas[i].getOid()),
-					        oldavas[i].getValue().getAsString());
-					  
-					  if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) {
-						
-						  sanehash.put(SANE_DNSNAME,oldavas[i].getValue().getAsString());
-					  }	
-					  if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) {
-						  sanehash.put(SANE_IPADDRESS,oldavas[i].getValue().getAsString());
-					  }	
-
-                      RDN newrdn    = new RDN(newavas);
-					  if (mFlattenDN) {
-                          rdnv.addElement(newrdn);
-                      }
-                  }
-              }
-
-              if (mFlattenDN) subject  = new X500Name(rdnv);
-              else subject = p10subject;
-
-                
-				// create default key usage extension
-              KeyUsageExtension kue = new KeyUsageExtension();
-              kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true));
-              kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true));
-
-
-              PKCS10Attributes p10atts = p10.getAttributes();
-              Enumeration<PKCS10Attribute> e = p10atts.getElements();
-              
-              while (e.hasMoreElements()) {
-                  PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement();
-                  CertAttrSet attr = p10a.getAttributeValue();
-
-
-                  if (attr.getName().equals(ChallengePassword.NAME)) {
-					  if (attr.get(ChallengePassword.PASSWORD) != null) {
-		              		req.put(AUTH_PASSWORD,
-									(String)attr.get(ChallengePassword.PASSWORD));
-		              		req.put(ChallengePassword.NAME,
-                           		hashPassword(
-									(String)attr.get(ChallengePassword.PASSWORD)));
-							}
-                      }
-                  
-                  if (attr.getName().equals(ExtensionsRequested.NAME)) {
-
-					Enumeration<Extension> exts = ((ExtensionsRequested)attr).getExtensions().elements();
-					while (exts.hasMoreElements()) {
-						Extension ext = exts.nextElement();
-
-						if (ext.getExtensionId().equals(
-							OIDMap.getOID(KeyUsageExtension.IDENT)) ) {
-							
-							kue = new KeyUsageExtension(
-									new Boolean(false), // noncritical
-									ext.getExtensionValue());
-						}
-
-						if (ext.getExtensionId().equals(
-							OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) {
-							DerOutputStream dos = new DerOutputStream();
-							sane = new SubjectAlternativeNameExtension(
-									new Boolean(false),  // noncritical
-									ext.getExtensionValue());
-
-								
-							@SuppressWarnings("unchecked")
-							Vector<GeneralNameInterface> v =
-									(Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME);
-
-							Enumeration<GeneralNameInterface> gne = v.elements();
-
-							while (gne.hasMoreElements()) {
-								GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement();
-								if (gni instanceof GeneralName) {
-									GeneralName genName = (GeneralName) gni;
-
-									String gn = genName.toString();
-									int colon = gn.indexOf(':');
-									String gnType = gn.substring(0,colon).trim();
-									String gnValue = gn.substring(colon+1).trim();
-
-				      				authCreds.set(gnType,gnValue);
-								}
-							}
-						}
-					}
-                  }
-              }
-
-			  if (authCreds != null) req.put(AUTH_CREDS,authCreds);
-
-			try {
-			  if (sane == null)  sane = makeDefaultSubjectAltName(sanehash);
-			} catch (Exception sane_e) {
-				log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
-						sane_e.getMessage()));
-			}
-				
-                    
-
-		  try {
-              if (mAppendDN != null && ! mAppendDN.equals("")) {
-
-				  X500Name newSubject = new X500Name(subject.toString());
-                  subject = new X500Name( subject.toString().concat(","+mAppendDN));
-              }
-
-		  } catch (Exception sne) {
-	     	log(ILogger.LL_INFO, "Unable to use appendDN parameter: "+mAppendDN+". Error is "+sne.getMessage()+" Using unmodified subjectname");
-		  }
-
-			  if (subject != null) req.put(SUBJECTNAME, subject);
-
-              if (key == null || subject == null) {
-                  // log 
-                  //throw new ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10);
-              }
-
-
-
-              certInfo.set(X509CertInfo.VERSION,
+                              0); // keylength is ignored
+
+            skinternal = cx.getDESKeyGenerator().clone(sk);
+
+            cip = skinternal.getOwningToken().getCipherContext(ea);
+
+            cip.initDecrypt(skinternal, (new IVParameterSpec(req.getIV())));
+
+            decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10());
+            CMS.debug("decryptedP10bytes:");
+            CMS.debug(decryptedP10bytes);
+
+            req.setP10(new PKCS10(decryptedP10bytes));
+        } catch (Exception e) {
+            CMS.debug("failed to unwrap PKCS10 " + e);
+            throw new CRSFailureException("Could not unwrap PKCS10 blob: " + e.getMessage());
+        }
+
+    }
+
+    private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp)
+            throws CRSFailureException {
+
+        IRequest issueReq = null;
+        X509CertImpl issuedCert = null;
+        SubjectAlternativeNameExtension sane = null;
+        CertAttrSet requested_ext = null;
+
+        try {
+            PKCS10 p10 = req.getP10();
+
+            if (p10 == null) {
+                crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
+                crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+                throw new CRSFailureException("Failed to decode pkcs10 from CEP request");
+            }
+
+            AuthCredentials authCreds = new AuthCredentials();
+
+            String challengePassword = null;
+            // Here, we make a new CertInfo - it's a new start for a certificate
+
+            X509CertInfo certInfo = CMS.getDefaultX509CertInfo();
+
+            // get some stuff out of the request
+            X509Key key = p10.getSubjectPublicKeyInfo();
+            X500Name p10subject = p10.getSubjectName();
+
+            X500Name subject = null;
+
+            // The following code will copy all the attributes
+            // into the AuthCredentials so they can be used for
+            // authentication
+            //
+            // Optionally, you can re-map the subject name from:
+            //   one RDN, with many AVA's    to
+            //   many RDN's with one AVA in each.
+
+            Enumeration<RDN> rdne = p10subject.getRDNs();
+            Vector<RDN> rdnv = new Vector<RDN>();
+
+            Hashtable<String, String> sanehash = new Hashtable<String, String>();
+
+            X500NameAttrMap xnap = X500NameAttrMap.getDefault();
+            while (rdne.hasMoreElements()) {
+                RDN rdn = (RDN) rdne.nextElement();
+                int i = 0;
+                AVA[] oldavas = rdn.getAssertion();
+                for (i = 0; i < rdn.getAssertionLength(); i++) {
+                    AVA[] newavas = new AVA[1];
+                    newavas[0] = oldavas[i];
+
+                    authCreds.set(xnap.getName(oldavas[i].getOid()),
+                            oldavas[i].getValue().getAsString());
+
+                    if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) {
+
+                        sanehash.put(SANE_DNSNAME, oldavas[i].getValue().getAsString());
+                    }
+                    if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) {
+                        sanehash.put(SANE_IPADDRESS, oldavas[i].getValue().getAsString());
+                    }
+
+                    RDN newrdn = new RDN(newavas);
+                    if (mFlattenDN) {
+                        rdnv.addElement(newrdn);
+                    }
+                }
+            }
+
+            if (mFlattenDN)
+                subject = new X500Name(rdnv);
+            else
+                subject = p10subject;
+
+            // create default key usage extension
+            KeyUsageExtension kue = new KeyUsageExtension();
+            kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true));
+            kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true));
+
+            PKCS10Attributes p10atts = p10.getAttributes();
+            Enumeration<PKCS10Attribute> e = p10atts.getElements();
+
+            while (e.hasMoreElements()) {
+                PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement();
+                CertAttrSet attr = p10a.getAttributeValue();
+
+                if (attr.getName().equals(ChallengePassword.NAME)) {
+                    if (attr.get(ChallengePassword.PASSWORD) != null) {
+                        req.put(AUTH_PASSWORD,
+                                    (String) attr.get(ChallengePassword.PASSWORD));
+                        req.put(ChallengePassword.NAME,
+                                hashPassword(
+                                    (String) attr.get(ChallengePassword.PASSWORD)));
+                    }
+                }
+
+                if (attr.getName().equals(ExtensionsRequested.NAME)) {
+
+                    Enumeration<Extension> exts = ((ExtensionsRequested) attr).getExtensions().elements();
+                    while (exts.hasMoreElements()) {
+                        Extension ext = exts.nextElement();
+
+                        if (ext.getExtensionId().equals(
+                                OIDMap.getOID(KeyUsageExtension.IDENT))) {
+
+                            kue = new KeyUsageExtension(
+                                    new Boolean(false), // noncritical
+                                    ext.getExtensionValue());
+                        }
+
+                        if (ext.getExtensionId().equals(
+                                OIDMap.getOID(SubjectAlternativeNameExtension.IDENT))) {
+                            DerOutputStream dos = new DerOutputStream();
+                            sane = new SubjectAlternativeNameExtension(
+                                    new Boolean(false), // noncritical
+                                    ext.getExtensionValue());
+
+                            @SuppressWarnings("unchecked")
+                            Vector<GeneralNameInterface> v =
+                                    (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+
+                            Enumeration<GeneralNameInterface> gne = v.elements();
+
+                            while (gne.hasMoreElements()) {
+                                GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement();
+                                if (gni instanceof GeneralName) {
+                                    GeneralName genName = (GeneralName) gni;
+
+                                    String gn = genName.toString();
+                                    int colon = gn.indexOf(':');
+                                    String gnType = gn.substring(0, colon).trim();
+                                    String gnValue = gn.substring(colon + 1).trim();
+
+                                    authCreds.set(gnType, gnValue);
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+
+            if (authCreds != null)
+                req.put(AUTH_CREDS, authCreds);
+
+            try {
+                if (sane == null)
+                    sane = makeDefaultSubjectAltName(sanehash);
+            } catch (Exception sane_e) {
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
+                        sane_e.getMessage()));
+            }
+
+            try {
+                if (mAppendDN != null && !mAppendDN.equals("")) {
+
+                    X500Name newSubject = new X500Name(subject.toString());
+                    subject = new X500Name(subject.toString().concat("," + mAppendDN));
+                }
+
+            } catch (Exception sne) {
+                log(ILogger.LL_INFO, "Unable to use appendDN parameter: " + mAppendDN + ". Error is " + sne.getMessage() + " Using unmodified subjectname");
+            }
+
+            if (subject != null)
+                req.put(SUBJECTNAME, subject);
+
+            if (key == null || subject == null) {
+                // log 
+                //throw new ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10);
+            }
+
+            certInfo.set(X509CertInfo.VERSION,
                            new CertificateVersion(CertificateVersion.V3));
-                    
-              certInfo.set(X509CertInfo.SUBJECT,
+
+            certInfo.set(X509CertInfo.SUBJECT,
                            new CertificateSubjectName(subject));
-                    
-              certInfo.set(X509CertInfo.KEY,
+
+            certInfo.set(X509CertInfo.KEY,
                            new CertificateX509Key(key));
-              
-              CertificateExtensions ext = new CertificateExtensions();
-
-              if (kue != null) {
-                  ext.set(KeyUsageExtension.class.getSimpleName(), kue);
-              }
-
-              // add subjectAltName extension, if present
-              if (sane != null) {
-                  ext.set(SubjectAlternativeNameExtension.class.getSimpleName(), sane);
-              }
-
-              certInfo.set(X509CertInfo.EXTENSIONS,ext);
-
-			  req.put(CERTINFO, certInfo);
-      } catch (Exception e) {
-	     crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
-	     crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-	     return ;
-	  }   // NEED TO FIX
-  }
-                  
-
-  private SubjectAlternativeNameExtension makeDefaultSubjectAltName(Hashtable<String, String> ht) {
-
-    // if no subjectaltname extension was requested, we try to make it up
-    // from some of the elements of the subject name
-
-	int itemCount = ht.size();
-	GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()];
-
-	itemCount = 0;
-	Enumeration<String> en = ht.keys();
-    while (en.hasMoreElements()) {
-		String key = (String) en.nextElement();
-		if (key.equals(SANE_DNSNAME)) {
-			gn[itemCount++] = new DNSName((String)ht.get(key));
-		}
-		if (key.equals(SANE_IPADDRESS)) {
-			gn[itemCount++] = new IPAddressName((String)ht.get(key));
+
+            CertificateExtensions ext = new CertificateExtensions();
+
+            if (kue != null) {
+                ext.set(KeyUsageExtension.class.getSimpleName(), kue);
+            }
+
+            // add subjectAltName extension, if present
+            if (sane != null) {
+                ext.set(SubjectAlternativeNameExtension.class.getSimpleName(), sane);
+            }
+
+            certInfo.set(X509CertInfo.EXTENSIONS, ext);
+
+            req.put(CERTINFO, certInfo);
+        } catch (Exception e) {
+            crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
+            crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+            return;
+        } // NEED TO FIX
+    }
+
+    private SubjectAlternativeNameExtension makeDefaultSubjectAltName(Hashtable<String, String> ht) {
+
+        // if no subjectaltname extension was requested, we try to make it up
+        // from some of the elements of the subject name
+
+        int itemCount = ht.size();
+        GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()];
+
+        itemCount = 0;
+        Enumeration<String> en = ht.keys();
+        while (en.hasMoreElements()) {
+            String key = (String) en.nextElement();
+            if (key.equals(SANE_DNSNAME)) {
+                gn[itemCount++] = new DNSName((String) ht.get(key));
+            }
+            if (key.equals(SANE_IPADDRESS)) {
+                gn[itemCount++] = new IPAddressName((String) ht.get(key));
+            }
+        }
+
+        try {
+            return new SubjectAlternativeNameExtension(new GeneralNames(gn));
+        } catch (Exception e) {
+            log(ILogger.LL_INFO, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
+                    e.getMessage()));
+            return null;
         }
     }
 
-	try {
-		return new SubjectAlternativeNameExtension( new GeneralNames(gn) );
-	} catch (Exception e) {
-		log(ILogger.LL_INFO, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
-			e.getMessage()));	  
-		return null;
-	}
-  }
-              
-
-
-  // Perform authentication
-
-  /*
-   * if the authentication is set up for CEP, and the user provides
-   * some credential, an attempt is made to authenticate the user
-   * If this fails, this method will return true
-   * If it is sucessful, this method will return true and
-   * an authtoken will be in the request
-   *
-   * If authentication is not configured, this method will
-   * return false. The request will be processed in the usual
-   * way, but no authtoken will be in the request.
-   *
-   * In other word, this method returns true if the request
-   * should be aborted, false otherwise.
-   */
-
-  private boolean authenticateUser(CRSPKIMessage req) {
-		  boolean authenticationFailed = true;
-
-		  if (mAuthManagerName == null) {
-			return false;
-		  }
-
-		  String password = (String)req.get(AUTH_PASSWORD);
-
-          AuthCredentials authCreds = (AuthCredentials)req.get(AUTH_CREDS);
-
-		  if (authCreds == null) {
-			  authCreds = new AuthCredentials();
-		  }
-
-		  // authtoken starts as null
-          AuthToken token = null;
-
-          	  if (password != null && !password.equals(""))  {
-				try {
-               		authCreds.set(AUTH_PASSWORD,password);
-				} catch (Exception e) {}
-			  }
-			  
+    // Perform authentication
 
-                try {
-                 token = (AuthToken)mAuthSubsystem.authenticate(authCreds,mAuthManagerName);
-                   authCreds.delete(AUTH_PASSWORD);
-				// if we got here, the authenticate call must not have thrown
-				// an exception
-                   authenticationFailed = false;
-              	}
-              	catch (EInvalidCredentials ex) {
-                   // Invalid credentials - we must reject the request
-                   authenticationFailed = true;
-              	}
-              	catch (EMissingCredential mc) {
-                   // Misssing credential - we'll log, and process manually
-                   authenticationFailed = false;
-              	}
-              	catch (EBaseException ex) {
-                  // If there's some other error, we'll reject
-                  // So, we just continue on, - AUTH_TOKEN will not be set.
-              	}
-
-	 	 if (token != null) {
-	     	req.put(AUTH_TOKEN,token);
-		 }
-
-         return authenticationFailed;
-   }
-
-  private boolean areFingerprintsEqual(IRequest req, Hashtable<String, byte[]> fingerprints)
-  {
-	
-	Hashtable<String, Object> old_fprints = req.getExtDataInHashtable(IRequest.FINGERPRINTS);
-	if (old_fprints == null) { return false; }
-
-    byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5"));
-	byte[] new_md5 = (byte[]) fingerprints.get("MD5");
-
-	if (old_md5.length != new_md5.length) return false;
-	
-	for (int i=0;i<old_md5.length; i++) {
-		if (old_md5[i] != new_md5[i]) return false;
-	}
-	return true;
-  }
-
-  public X509CertImpl handlePKCSReq(HttpServletRequest httpReq,
-                                 IRequest cmsRequest, CRSPKIMessage req, 
-									CRSPKIMessage crsResp, CryptoContext cx)
-    throws   ServletException, 
+    /*
+     * if the authentication is set up for CEP, and the user provides
+     * some credential, an attempt is made to authenticate the user
+     * If this fails, this method will return true
+     * If it is sucessful, this method will return true and
+     * an authtoken will be in the request
+     *
+     * If authentication is not configured, this method will
+     * return false. The request will be processed in the usual
+     * way, but no authtoken will be in the request.
+     *
+     * In other word, this method returns true if the request
+     * should be aborted, false otherwise.
+     */
+
+    private boolean authenticateUser(CRSPKIMessage req) {
+        boolean authenticationFailed = true;
+
+        if (mAuthManagerName == null) {
+            return false;
+        }
+
+        String password = (String) req.get(AUTH_PASSWORD);
+
+        AuthCredentials authCreds = (AuthCredentials) req.get(AUTH_CREDS);
+
+        if (authCreds == null) {
+            authCreds = new AuthCredentials();
+        }
+
+        // authtoken starts as null
+        AuthToken token = null;
+
+        if (password != null && !password.equals("")) {
+            try {
+                authCreds.set(AUTH_PASSWORD, password);
+            } catch (Exception e) {
+            }
+        }
+
+        try {
+            token = (AuthToken) mAuthSubsystem.authenticate(authCreds, mAuthManagerName);
+            authCreds.delete(AUTH_PASSWORD);
+            // if we got here, the authenticate call must not have thrown
+            // an exception
+            authenticationFailed = false;
+        } catch (EInvalidCredentials ex) {
+            // Invalid credentials - we must reject the request
+            authenticationFailed = true;
+        } catch (EMissingCredential mc) {
+            // Misssing credential - we'll log, and process manually
+            authenticationFailed = false;
+        } catch (EBaseException ex) {
+            // If there's some other error, we'll reject
+            // So, we just continue on, - AUTH_TOKEN will not be set.
+        }
+
+        if (token != null) {
+            req.put(AUTH_TOKEN, token);
+        }
+
+        return authenticationFailed;
+    }
+
+    private boolean areFingerprintsEqual(IRequest req, Hashtable<String, byte[]> fingerprints) {
+
+        Hashtable<String, Object> old_fprints = req.getExtDataInHashtable(IRequest.FINGERPRINTS);
+        if (old_fprints == null) {
+            return false;
+        }
+
+        byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5"));
+        byte[] new_md5 = (byte[]) fingerprints.get("MD5");
+
+        if (old_md5.length != new_md5.length)
+            return false;
+
+        for (int i = 0; i < old_md5.length; i++) {
+            if (old_md5[i] != new_md5[i])
+                return false;
+        }
+        return true;
+    }
+
+    public X509CertImpl handlePKCSReq(HttpServletRequest httpReq,
+                                 IRequest cmsRequest, CRSPKIMessage req,
+                                    CRSPKIMessage crsResp, CryptoContext cx)
+            throws ServletException,
              CryptoManager.NotInitializedException,
              CRSFailureException {
 
-	try {
-       unwrapPKCS10(req,cx);
-	   Hashtable<String, byte[]> fingerprints = makeFingerPrints(req);
-
-       if (cmsRequest != null) {
-			if (areFingerprintsEqual(cmsRequest, fingerprints)) {
-               CMS.debug("created response from request");
-				return makeResponseFromRequest(req,crsResp,cmsRequest);
-			}
-			else {
-                CMS.debug("duplicated transaction id");
-		  		log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID"));	  
-		  		crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
-		  		crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-		  		return null;
-			}
-		}
-
-	   getDetailFromRequest(req,crsResp);
-	   boolean authFailed = authenticateUser(req);
- 
-	   if (authFailed) {
-          CMS.debug("authentication failed");
-		  log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH"));	  
-		  crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity);
-		  crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-
-
-          // perform audit log
-          String auditMessage = CMS.getLogMessage(
+        try {
+            unwrapPKCS10(req, cx);
+            Hashtable<String, byte[]> fingerprints = makeFingerPrints(req);
+
+            if (cmsRequest != null) {
+                if (areFingerprintsEqual(cmsRequest, fingerprints)) {
+                    CMS.debug("created response from request");
+                    return makeResponseFromRequest(req, crsResp, cmsRequest);
+                } else {
+                    CMS.debug("duplicated transaction id");
+                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID"));
+                    crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
+                    crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+                    return null;
+                }
+            }
+
+            getDetailFromRequest(req, crsResp);
+            boolean authFailed = authenticateUser(req);
+
+            if (authFailed) {
+                CMS.debug("authentication failed");
+                log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH"));
+                crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity);
+                crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+
+                // perform audit log
+                String auditMessage = CMS.getLogMessage(
                             "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5",
                             httpReq.getRemoteAddr(),
                             ILogger.FAILURE,
                             req.getTransactionID(),
                             "CRSEnrollment",
                             ILogger.SIGNED_AUDIT_EMPTY_VALUE);
-          ILogger signedAuditLogger = CMS.getSignedAuditLogger();
-          if (signedAuditLogger != null) {
-            signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-                     null, ILogger.S_SIGNED_AUDIT,
-                     ILogger.LL_SECURITY, auditMessage);
-          }
-
-		  return null;
-	   }
-	   else {
-		  IRequest ireq = postRequest(httpReq, req,crsResp);
-		
-
-          CMS.debug("created response");
-		  return makeResponseFromRequest(req,crsResp, ireq);
-	   }
-	} catch (CryptoContext.CryptoContextException e) {
-        CMS.debug("failed to decrypt the request " + e);
-		log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10",
-			e.getMessage()));	  
-		crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
-		crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-	} catch (EBaseException e) {
-        CMS.debug("operation failure - " + e);
-		log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED",
-			e.getMessage()));	  
-		crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError);
-		crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-	}
-	return null;
-  }
-
-
-//////   post the request 
-
-/*
-  needed:
-
-  token (authtoken)
-  certInfo
-  fingerprints       x
-  req.transactionID
-  crsResp
-*/  
-
-private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, CRSPKIMessage crsResp) 
-throws EBaseException {
-	 X500Name subject = (X500Name)req.get(SUBJECTNAME);
-
-     if (mCreateEntry) {
-		 if (subject == null) {
-             CMS.debug( "CRSEnrollment::postRequest() - subject is null!" );
-             return null;
-		 }
-         createEntry(subject.toString());
-     }
-
-     // use profile framework to handle SCEP
-     if (mProfileId != null) {
-       PKCS10 pkcs10data = req.getP10();
-       String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray());
-
-       // XXX authentication handling
-       CMS.debug("Found profile=" + mProfileId);
-       IProfile profile = mProfileSubsystem.getProfile(mProfileId);
-       if (profile == null) {
-         CMS.debug("profile " + mProfileId + " not found");
-         return null;
-       }
-       IProfileContext ctx = profile.createContext();
-
-       IProfileAuthenticator authenticator = null;
-       try {
-            CMS.debug("Retrieving authenticator");
-            authenticator = profile.getAuthenticator();
+                ILogger signedAuditLogger = CMS.getSignedAuditLogger();
+                if (signedAuditLogger != null) {
+                    signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
+                            null, ILogger.S_SIGNED_AUDIT,
+                            ILogger.LL_SECURITY, auditMessage);
+                }
+
+                return null;
+            } else {
+                IRequest ireq = postRequest(httpReq, req, crsResp);
+
+                CMS.debug("created response");
+                return makeResponseFromRequest(req, crsResp, ireq);
+            }
+        } catch (CryptoContext.CryptoContextException e) {
+            CMS.debug("failed to decrypt the request " + e);
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10",
+                    e.getMessage()));
+            crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
+            crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+        } catch (EBaseException e) {
+            CMS.debug("operation failure - " + e);
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED",
+                    e.getMessage()));
+            crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError);
+            crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+        }
+        return null;
+    }
+
+    //////   post the request 
+
+    /*
+      needed:
+
+      token (authtoken)
+      certInfo
+      fingerprints       x
+      req.transactionID
+      crsResp
+    */
+
+    private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, CRSPKIMessage crsResp)
+            throws EBaseException {
+        X500Name subject = (X500Name) req.get(SUBJECTNAME);
+
+        if (mCreateEntry) {
+            if (subject == null) {
+                CMS.debug("CRSEnrollment::postRequest() - subject is null!");
+                return null;
+            }
+            createEntry(subject.toString());
+        }
+
+        // use profile framework to handle SCEP
+        if (mProfileId != null) {
+            PKCS10 pkcs10data = req.getP10();
+            String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray());
+
+            // XXX authentication handling
+            CMS.debug("Found profile=" + mProfileId);
+            IProfile profile = mProfileSubsystem.getProfile(mProfileId);
+            if (profile == null) {
+                CMS.debug("profile " + mProfileId + " not found");
+                return null;
+            }
+            IProfileContext ctx = profile.createContext();
+
+            IProfileAuthenticator authenticator = null;
+            try {
+                CMS.debug("Retrieving authenticator");
+                authenticator = profile.getAuthenticator();
+                if (authenticator == null) {
+                    CMS.debug("No authenticator Found");
+                } else {
+                    CMS.debug("Got authenticator=" + authenticator.getClass().getName());
+                }
+            } catch (EProfileException e) {
+                // authenticator not installed correctly
+            }
+
+            IAuthToken authToken = null;
+
+            // for ssl authentication; pass in servlet for retrieving
+            // ssl client certificates
+            SessionContext context = SessionContext.getContext();
+
+            // insert profile context so that input parameter can be retrieved
+            context.put("profileContext", ctx);
+            context.put("sslClientCertProvider",
+                    new SSLClientCertProvider(httpReq));
+
+            String p10Password = getPasswordFromP10(pkcs10data);
+            AuthCredentials credentials = new AuthCredentials();
+            credentials.set("UID", httpReq.getRemoteAddr());
+            credentials.set("PWD", p10Password);
+
             if (authenticator == null) {
-              CMS.debug("No authenticator Found");
+                // XXX - to help caRouterCert to work, we need to 
+                // add authentication to caRouterCert
+                authToken = new AuthToken(null);
             } else {
-              CMS.debug("Got authenticator=" + authenticator.getClass().getName());
+                authToken = authenticate(credentials, authenticator, httpReq);
             }
-       } catch (EProfileException e) {
-            // authenticator not installed correctly
-       }
-
-       IAuthToken authToken = null;
-
-       // for ssl authentication; pass in servlet for retrieving
-       // ssl client certificates
-       SessionContext context = SessionContext.getContext();
-
-
-        // insert profile context so that input parameter can be retrieved
-       context.put("profileContext", ctx);
-       context.put("sslClientCertProvider",
-            new SSLClientCertProvider(httpReq));
-
-       String p10Password = getPasswordFromP10(pkcs10data);
-        AuthCredentials credentials = new AuthCredentials();
-        credentials.set("UID", httpReq.getRemoteAddr());
-        credentials.set("PWD", p10Password);
-
-       if (authenticator == null) {
-          // XXX - to help caRouterCert to work, we need to 
-          // add authentication to caRouterCert
-          authToken = new AuthToken(null);
-       } else { 
-         authToken = authenticate(credentials, authenticator, httpReq);
-       }
-
-       IRequest reqs[] = null;
-       CMS.debug("CRSEnrollment: Creating profile requests");
-       ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10");
-       ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
-       Locale locale = Locale.getDefault();
-       reqs = profile.createRequests(ctx, locale);
-       if (reqs == null) {
-         CMS.debug("CRSEnrollment: No request has been created");
-         return null;
-       } else {
-         CMS.debug("CRSEnrollment: Request (" + reqs.length + ") have been created");
-       }
-       // set transaction id
-       reqs[0].setSourceId(req.getTransactionID());
-       reqs[0].setExtData("profile", "true");
-       reqs[0].setExtData("profileId", mProfileId);
-       reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, IEnrollProfile.REQ_TYPE_PKCS10);
-       reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
-       reqs[0].setExtData("requestor_name", "");
-       reqs[0].setExtData("requestor_email", "");
-       reqs[0].setExtData("requestor_phone", "");
-       reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost());
-       reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr());
-       reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy());
-
-       CMS.debug("CRSEnrollment: Populating inputs");
-       profile.populateInput(ctx, reqs[0]);
-       CMS.debug("CRSEnrollment: Populating requests");
-       profile.populate(reqs[0]);
-
-       CMS.debug("CRSEnrollment: Submitting request");
-       profile.submit(authToken, reqs[0]);
-       CMS.debug("CRSEnrollment: Done submitting request");
-       profile.getRequestQueue().markAsServiced(reqs[0]);
-       CMS.debug("CRSEnrollment: Request marked as serviced");
-
-       return reqs[0];
-
-     }
-
-     IRequestQueue rq = ca.getRequestQueue();
-     IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST);
-
-	 AuthToken token = (AuthToken) req.get(AUTH_TOKEN);
-     if (token != null) { 
-          pkiReq.setExtData(IRequest.AUTH_TOKEN,token);
-     }
-
-     pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, IRequest.CEP_CERT);
-	 X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO);
-     pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo } );
-     pkiReq.setExtData("cepsubstore", mSubstoreName);
-
-	 try {
-	 	String chpwd = (String)req.get(ChallengePassword.NAME);
-        if (chpwd != null) {
-	 		pkiReq.setExtData("challengePhrase",
-				chpwd );
-		}
-	 } catch (Exception pwex) {
-	 }
-
-     Hashtable<?, ?> fingerprints = (Hashtable<?, ?>)req.get(IRequest.FINGERPRINTS);
-     if (fingerprints.size() > 0) {
-         Hashtable<String, String> encodedPrints = new Hashtable<String, String>(fingerprints.size());
-         Enumeration<?> e = fingerprints.keys();
-         while (e.hasMoreElements()) {
-             String key = (String)e.nextElement();
-             byte[] value = (byte[])fingerprints.get(key);
-             encodedPrints.put(key, CMS.BtoA(value));
-         }
-         pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints);
-	 }
-
-     pkiReq.setSourceId(req.getTransactionID());
-                 
-     rq.processRequest(pkiReq);
-
-     crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
-
-     mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+
+            IRequest reqs[] = null;
+            CMS.debug("CRSEnrollment: Creating profile requests");
+            ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10");
+            ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
+            Locale locale = Locale.getDefault();
+            reqs = profile.createRequests(ctx, locale);
+            if (reqs == null) {
+                CMS.debug("CRSEnrollment: No request has been created");
+                return null;
+            } else {
+                CMS.debug("CRSEnrollment: Request (" + reqs.length + ") have been created");
+            }
+            // set transaction id
+            reqs[0].setSourceId(req.getTransactionID());
+            reqs[0].setExtData("profile", "true");
+            reqs[0].setExtData("profileId", mProfileId);
+            reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, IEnrollProfile.REQ_TYPE_PKCS10);
+            reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
+            reqs[0].setExtData("requestor_name", "");
+            reqs[0].setExtData("requestor_email", "");
+            reqs[0].setExtData("requestor_phone", "");
+            reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost());
+            reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr());
+            reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy());
+
+            CMS.debug("CRSEnrollment: Populating inputs");
+            profile.populateInput(ctx, reqs[0]);
+            CMS.debug("CRSEnrollment: Populating requests");
+            profile.populate(reqs[0]);
+
+            CMS.debug("CRSEnrollment: Submitting request");
+            profile.submit(authToken, reqs[0]);
+            CMS.debug("CRSEnrollment: Done submitting request");
+            profile.getRequestQueue().markAsServiced(reqs[0]);
+            CMS.debug("CRSEnrollment: Request marked as serviced");
+
+            return reqs[0];
+
+        }
+
+        IRequestQueue rq = ca.getRequestQueue();
+        IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST);
+
+        AuthToken token = (AuthToken) req.get(AUTH_TOKEN);
+        if (token != null) {
+            pkiReq.setExtData(IRequest.AUTH_TOKEN, token);
+        }
+
+        pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, IRequest.CEP_CERT);
+        X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO);
+        pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo });
+        pkiReq.setExtData("cepsubstore", mSubstoreName);
+
+        try {
+            String chpwd = (String) req.get(ChallengePassword.NAME);
+            if (chpwd != null) {
+                pkiReq.setExtData("challengePhrase",
+                        chpwd);
+            }
+        } catch (Exception pwex) {
+        }
+
+        Hashtable<?, ?> fingerprints = (Hashtable<?, ?>) req.get(IRequest.FINGERPRINTS);
+        if (fingerprints.size() > 0) {
+            Hashtable<String, String> encodedPrints = new Hashtable<String, String>(fingerprints.size());
+            Enumeration<?> e = fingerprints.keys();
+            while (e.hasMoreElements()) {
+                String key = (String) e.nextElement();
+                byte[] value = (byte[]) fingerprints.get(key);
+                encodedPrints.put(key, CMS.BtoA(value));
+            }
+            pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints);
+        }
+
+        pkiReq.setSourceId(req.getTransactionID());
+
+        rq.processRequest(pkiReq);
+
+        crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
+
+        mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
                             AuditFormat.LEVEL,
                             AuditFormat.ENROLLMENTFORMAT,
                             new Object[] {
-                            pkiReq.getRequestId(),
-                            AuditFormat.FROMROUTER,
-                            mAuthManagerName == null ? AuditFormat.NOAUTH : mAuthManagerName,
-                            "pending",
-                            subject ,
-                            ""}
+                                    pkiReq.getRequestId(),
+                                    AuditFormat.FROMROUTER,
+                                    mAuthManagerName == null ? AuditFormat.NOAUTH : mAuthManagerName,
+                                    "pending",
+                                    subject,
+                                    "" }
                             );
-                  
-	  return pkiReq;
-  }
-
 
+        return pkiReq;
+    }
 
-  public Hashtable<String, byte[]> makeFingerPrints(CRSPKIMessage req) {
+    public Hashtable<String, byte[]> makeFingerPrints(CRSPKIMessage req) {
         Hashtable<String, byte[]> fingerprints = new Hashtable<String, byte[]>();
 
         MessageDigest md;
-        String[] hashes = new String[] {"MD2", "MD5", "SHA1", "SHA256", "SHA512"};
-        PKCS10 p10 = (PKCS10)req.getP10();
+        String[] hashes = new String[] { "MD2", "MD5", "SHA1", "SHA256", "SHA512" };
+        PKCS10 p10 = (PKCS10) req.getP10();
 
-        for (int i=0;i<hashes.length;i++) {
-		    try {
-               	md = MessageDigest.getInstance(hashes[i]);
-               	md.update(p10.getCertRequestInfo());
-               	fingerprints.put(hashes[i],md.digest());
-			}
-			catch (NoSuchAlgorithmException nsa) {}
+        for (int i = 0; i < hashes.length; i++) {
+            try {
+                md = MessageDigest.getInstance(hashes[i]);
+                md.update(p10.getCertRequestInfo());
+                fingerprints.put(hashes[i], md.digest());
+            } catch (NoSuchAlgorithmException nsa) {
+            }
         }
 
-		if (fingerprints != null) {
-	    	req.put(IRequest.FINGERPRINTS,fingerprints);
-		}
-		return fingerprints;
-  }
-
-  
-  // Take a look to see if the request was successful, and fill
-  // in the response message
+        if (fingerprints != null) {
+            req.put(IRequest.FINGERPRINTS, fingerprints);
+        }
+        return fingerprints;
+    }
 
+    // Take a look to see if the request was successful, and fill
+    // in the response message
 
-  private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, CRSPKIMessage crsResp,
-                                      IRequest pkiReq)
-    {
+    private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, CRSPKIMessage crsResp,
+                                      IRequest pkiReq) {
 
-        X509CertImpl issuedCert=null;
+        X509CertImpl issuedCert = null;
 
         RequestStatus status = pkiReq.getRequestStatus();
 
         String profileId = pkiReq.getExtDataInString("profileId");
         if (profileId != null) {
-          CMS.debug("CRSEnrollment: Found profile request");
-          X509CertImpl cert =
-                 pkiReq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
-          if (cert == null) {
-            CMS.debug("CRSEnrollment: No certificate has been found");
-          } else {
-            CMS.debug("CRSEnrollment: Found certificate");
-          }
-          crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
-          return cert;
+            CMS.debug("CRSEnrollment: Found profile request");
+            X509CertImpl cert =
+                    pkiReq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
+            if (cert == null) {
+                CMS.debug("CRSEnrollment: No certificate has been found");
+            } else {
+                CMS.debug("CRSEnrollment: Found certificate");
+            }
+            crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
+            return cert;
         }
 
-
-        if ( status.equals(RequestStatus.COMPLETE)) {
+        if (status.equals(RequestStatus.COMPLETE)) {
             Integer success = pkiReq.getExtDataInInteger(IRequest.RESULT);
 
-
             if (success.equals(IRequest.RES_SUCCESS)) {
                 // The cert was issued, lets send it back to the router
                 X509CertImpl[] issuedCertBuf =
-                  pkiReq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+                        pkiReq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
                 if (issuedCertBuf == null || issuedCertBuf.length == 0) {
                     //  writeError("Internal Error: Bad operation",httpReq,httpResp);
-                    CMS.debug( "CRSEnrollment::makeResponseFromRequest() - " +
-                               "Bad operation" );
+                    CMS.debug("CRSEnrollment::makeResponseFromRequest() - " +
+                               "Bad operation");
                     return null;
                 }
                 issuedCert = issuedCertBuf[0];
                 crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
-                            
-            }
-            else {  // status is not 'success' - there must've been a problem
-                            
+
+            } else { // status is not 'success' - there must've been a problem
+
                 crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
                 crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badAlg);
             }
-        }
-        else if (status.equals(RequestStatus.REJECTED_STRING) ||
+        } else if (status.equals(RequestStatus.REJECTED_STRING) ||
                  status.equals(RequestStatus.CANCELED_STRING)) {
-                crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-                crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
-            }
-        else  {   // not complete
+            crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+            crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
+        } else { // not complete
             crsResp.setPKIStatus(CRSPKIMessage.mStatus_PENDING);
         }
 
         return issuedCert;
     }
 
+    protected String hashPassword(String pwd) {
+        String salt = "lala123";
+        byte[] pwdDigest = mSHADigest.digest((salt + pwd).getBytes());
+        String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest);
+        return "{SHA}" + b64E;
+    }
 
+    /**
+     * Make the CRSPKIMESSAGE response
+     */
 
+    private void processCertRep(CryptoContext cx,
+                              X509CertImpl issuedCert,
+                              CRSPKIMessage crsResp,
+                              CRSPKIMessage crsReq)
+            throws CRSFailureException {
+        byte[] msgdigest = null;
+        byte[] encryptedDesKey = null;
 
+        try {
+            if (issuedCert != null) {
 
+                SymmetricKey sk;
+                SymmetricKey skinternal;
 
-  protected String hashPassword(String pwd) {
-        String salt = "lala123";
-        byte[] pwdDigest = mSHADigest.digest((salt+pwd).getBytes());
-        String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest);
-        return "{SHA}"+b64E;
-    }
+                KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
+                EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC;
+                if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
+                    kga = KeyGenAlgorithm.DES3;
+                    ea = EncryptionAlgorithm.DES3_CBC;
+                }
 
+                // 1. Make the Degenerated PKCS7 with the recipient's certificate in it
 
+                byte toBeEncrypted[] =
+                        crsResp.makeSignedRep(1, // version
+                                issuedCert.getEncoded()
+                                      );
 
+                // 2. Encrypt the above byte array with a new random DES key
 
-  /**
-   *  Make the CRSPKIMESSAGE response
-   */
+                sk = cx.getDESKeyGenerator().generate();
 
+                skinternal = cx.getInternalToken().getKeyGenerator(kga).clone(sk);
 
-  private void processCertRep(CryptoContext cx,
-                              X509CertImpl issuedCert,
-                              CRSPKIMessage crsResp,
-                              CRSPKIMessage crsReq) 
-    throws CRSFailureException {
-      byte[] msgdigest = null;
-      byte[] encryptedDesKey = null;
-        
-      try {
-          if (issuedCert != null) {
-                
-              SymmetricKey sk;
-              SymmetricKey skinternal;
-
-              KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
-              EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC;
-              if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
-                  kga = KeyGenAlgorithm.DES3;
-                  ea = EncryptionAlgorithm.DES3_CBC;
-              }
-
-              // 1. Make the Degenerated PKCS7 with the recipient's certificate in it
-                
-              byte toBeEncrypted[] =
-                crsResp.makeSignedRep(1,  // version
-                                      issuedCert.getEncoded()
-                                      );
-                
-              // 2. Encrypt the above byte array with a new random DES key
-                
-              sk = cx.getDESKeyGenerator().generate();
-                
-              skinternal = cx.getInternalToken().getKeyGenerator(kga).clone(sk);
-                
-              byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize());
-
-
-              // This should be changed to generate proper DES IV.
-
-              Cipher cipher = cx.getInternalToken().getCipherContext(ea);
-              IVParameterSpec desIV =
-                new IVParameterSpec(new byte[]{
-                    (byte)0xff, (byte)0x00,
-                      (byte)0xff, (byte)0x00,
-                      (byte)0xff, (byte)0x00,
-                      (byte)0xff, (byte)0x00 } );
-                
-              cipher.initEncrypt(sk,desIV);
-              byte[] encryptedData = cipher.doFinal(padded);
-                
-              crsResp.makeEncryptedContentInfo(desIV.getIV(),encryptedData, mEncryptionAlgorithm);
-                
-              // 3. Extract the recipient's public key
-                
-              PublicKey rcpPK = crsReq.getSignerPublicKey();
-                
-                
-              // 4. Encrypt the DES key with the public key
-                
-              // we have to move the key onto the interal token.
-              //skinternal = cx.getInternalKeyStorageToken().cloneKey(sk);
-              skinternal = cx.getInternalToken().cloneKey(sk);
-                
-              KeyWrapper kw = cx.getInternalKeyWrapper();
-              kw.initWrap(rcpPK, null);
-              encryptedDesKey = kw.wrap(skinternal);
-                
-              crsResp.setRcpIssuerAndSerialNumber(crsReq.getSgnIssuerAndSerialNumber());
-              crsResp.makeRecipientInfo(0, encryptedDesKey );
-                
-          }
-
-                
-          byte[] ed = crsResp.makeEnvelopedData(0);
-
-          // 7. Make Digest of SignedData Content 
-          MessageDigest md = MessageDigest.getInstance(mHashAlgorithm);
-          msgdigest = md.digest(ed);
-
-          crsResp.setMsgDigest(msgdigest);
-                
-      }
-        
-      catch (Exception e) {
-          throw new CRSFailureException("Failed to create inner response to CEP message: "+e.getMessage());
-      }
-        
-                        
-      // 5. Make a RecipientInfo
-        
-      // The issuer name & serial number here, should be that of
-      // the EE's self-signed Certificate
-      // [I can get it from the req blob, but later, I should
-      //  store the recipient's self-signed certificate with the request
-      //  so I can get at it later. I need to do this to support
-      //  'PENDING']
-        
-        
-      try {
-            
-          // 8. Make Authenticated Attributes
-          // we can just pull the transaction ID out of the request.
-          // Later, we will have to put it out of the Request queue,
-          // so we can support PENDING
-          crsResp.setTransactionID(crsReq.getTransactionID());
-          // recipientNonce and SenderNonce have already been set
-            
-          crsResp.makeAuthenticatedAttributes();
-          //      crsResp.makeAuthenticatedAttributes_old();                  
-            
-
-
-          // now package up the rest of the SignerInfo
-          {
-              byte[] signingcertbytes = cx.getSigningCert().getEncoded();
-                
-
-              Certificate.Template sgncert_t = new Certificate.Template();
-              Certificate sgncert =
-                (Certificate) sgncert_t.decode(new ByteArrayInputStream(signingcertbytes));
-                
-              IssuerAndSerialNumber sgniasn =
-                new IssuerAndSerialNumber(sgncert.getInfo().getIssuer(),
+                byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize());
+
+                // This should be changed to generate proper DES IV.
+
+                Cipher cipher = cx.getInternalToken().getCipherContext(ea);
+                IVParameterSpec desIV =
+                        new IVParameterSpec(new byte[] {
+                                (byte) 0xff, (byte) 0x00,
+                                (byte) 0xff, (byte) 0x00,
+                                (byte) 0xff, (byte) 0x00,
+                                (byte) 0xff, (byte) 0x00 });
+
+                cipher.initEncrypt(sk, desIV);
+                byte[] encryptedData = cipher.doFinal(padded);
+
+                crsResp.makeEncryptedContentInfo(desIV.getIV(), encryptedData, mEncryptionAlgorithm);
+
+                // 3. Extract the recipient's public key
+
+                PublicKey rcpPK = crsReq.getSignerPublicKey();
+
+                // 4. Encrypt the DES key with the public key
+
+                // we have to move the key onto the interal token.
+                //skinternal = cx.getInternalKeyStorageToken().cloneKey(sk);
+                skinternal = cx.getInternalToken().cloneKey(sk);
+
+                KeyWrapper kw = cx.getInternalKeyWrapper();
+                kw.initWrap(rcpPK, null);
+                encryptedDesKey = kw.wrap(skinternal);
+
+                crsResp.setRcpIssuerAndSerialNumber(crsReq.getSgnIssuerAndSerialNumber());
+                crsResp.makeRecipientInfo(0, encryptedDesKey);
+
+            }
+
+            byte[] ed = crsResp.makeEnvelopedData(0);
+
+            // 7. Make Digest of SignedData Content 
+            MessageDigest md = MessageDigest.getInstance(mHashAlgorithm);
+            msgdigest = md.digest(ed);
+
+            crsResp.setMsgDigest(msgdigest);
+
+        }
+
+        catch (Exception e) {
+            throw new CRSFailureException("Failed to create inner response to CEP message: " + e.getMessage());
+        }
+
+        // 5. Make a RecipientInfo
+
+        // The issuer name & serial number here, should be that of
+        // the EE's self-signed Certificate
+        // [I can get it from the req blob, but later, I should
+        //  store the recipient's self-signed certificate with the request
+        //  so I can get at it later. I need to do this to support
+        //  'PENDING']
+
+        try {
+
+            // 8. Make Authenticated Attributes
+            // we can just pull the transaction ID out of the request.
+            // Later, we will have to put it out of the Request queue,
+            // so we can support PENDING
+            crsResp.setTransactionID(crsReq.getTransactionID());
+            // recipientNonce and SenderNonce have already been set
+
+            crsResp.makeAuthenticatedAttributes();
+            //      crsResp.makeAuthenticatedAttributes_old();                  
+
+            // now package up the rest of the SignerInfo
+            {
+                byte[] signingcertbytes = cx.getSigningCert().getEncoded();
+
+                Certificate.Template sgncert_t = new Certificate.Template();
+                Certificate sgncert =
+                        (Certificate) sgncert_t.decode(new ByteArrayInputStream(signingcertbytes));
+
+                IssuerAndSerialNumber sgniasn =
+                        new IssuerAndSerialNumber(sgncert.getInfo().getIssuer(),
                                           sgncert.getInfo().getSerialNumber());
-                
-              crsResp.setSgnIssuerAndSerialNumber(sgniasn);
-                
-              // 10. Make SignerInfo
-              crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm);
-
-              // 11. Make SignedData
-              crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm);
-
-              crsResp.debug();
-          }
-      }
-      catch (Exception e) {
-          throw new CRSFailureException("Failed to create outer response to CEP request: "+e.getMessage());
-      }
-        
-        
-      // if debugging, dump out the response into a file
-        
-  }
-
-
-
-  class CryptoContext {
-    private CryptoManager cm;
-    private CryptoToken internalToken;
-    private CryptoToken keyStorageToken;
-    private CryptoToken internalKeyStorageToken;
-    private KeyGenerator DESkg;
-	private Enumeration<?> externalTokens = null;
-    private org.mozilla.jss.crypto.X509Certificate signingCert;
-    private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey;
-	private int signingCertKeySize = 0;
-
-
-    class CryptoContextException extends Exception {
-      /**
+
+                crsResp.setSgnIssuerAndSerialNumber(sgniasn);
+
+                // 10. Make SignerInfo
+                crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm);
+
+                // 11. Make SignedData
+                crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm);
+
+                crsResp.debug();
+            }
+        } catch (Exception e) {
+            throw new CRSFailureException("Failed to create outer response to CEP request: " + e.getMessage());
+        }
+
+        // if debugging, dump out the response into a file
+
+    }
+
+    class CryptoContext {
+        private CryptoManager cm;
+        private CryptoToken internalToken;
+        private CryptoToken keyStorageToken;
+        private CryptoToken internalKeyStorageToken;
+        private KeyGenerator DESkg;
+        private Enumeration<?> externalTokens = null;
+        private org.mozilla.jss.crypto.X509Certificate signingCert;
+        private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey;
+        private int signingCertKeySize = 0;
+
+        class CryptoContextException extends Exception {
+            /**
          *
          */
-        private static final long serialVersionUID = -1124116326126256475L;
-    public CryptoContextException() { super(); }
-      public CryptoContextException(String s) { super(s); }
-    }
+            private static final long serialVersionUID = -1124116326126256475L;
 
-    public CryptoContext()
-      throws CryptoContextException
-      {
-          try {
-              KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
-              if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
-                  kga = KeyGenAlgorithm.DES3;
-              }
-              cm = CryptoManager.getInstance();
-              internalToken = cm.getInternalCryptoToken();
-              DESkg = internalToken.getKeyGenerator(kga);
-              if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
-                  mTokenName.equalsIgnoreCase("Internal Key Storage Token") ||
-                  mTokenName.length() == 0) {
-                  keyStorageToken = cm.getInternalKeyStorageToken();
-                  internalKeyStorageToken = keyStorageToken;
-                  CMS.debug("CRSEnrollment: CryptoContext: internal token name: '"+mTokenName+"'");
-              } else {
-                  keyStorageToken = cm.getTokenByName(mTokenName);
-                  internalKeyStorageToken = null;
-              }
-              if (!mUseCA && internalKeyStorageToken == null) {
-                  PasswordCallback cb = CMS.getPasswordCallback(); 
-                  keyStorageToken.login(cb); // ONE_TIME by default.
-              }
-              signingCert = cm.findCertByNickname(mNickname);
-              signingCertPrivKey = cm.findPrivKeyByCert(signingCert);
-			  byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded();
-			  SEQUENCE.Template outer = SEQUENCE.getTemplate();
-			  outer.addElement( ANY.getTemplate() ); // algid
-			  outer.addElement( BIT_STRING.getTemplate() );
-			  SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, encPubKeyInfo);
-			  BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1);
-			  byte[] encPubKey = bs.getBits();
-			  if( bs.getPadCount() != 0) {
-			  	  throw new CryptoContextException("Internal error: Invalid Public key. Not an integral number of bytes.");
-			  }
-			  SEQUENCE.Template inner = new SEQUENCE.Template();
-			  inner.addElement( INTEGER.getTemplate());
-			  inner.addElement( INTEGER.getTemplate());
-			  SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, encPubKey);
-			  INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0);
-			  signingCertKeySize = modulus.bitLength();
-			  
-			  try {
-              FileOutputStream fos = new FileOutputStream("pubkey.der");
-              fos.write(signingCert.getPublicKey().getEncoded());
-              fos.close();
-			  } catch (Exception e) {}
-
-          }
-		  catch (InvalidBERException e) {
-		  	  throw new CryptoContextException("Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate");
-			  }
-          catch (CryptoManager.NotInitializedException e) {
-              throw new CryptoContextException("Crypto Manager not initialized");
-          }
-          catch (NoSuchAlgorithmException e) {
-              throw new CryptoContextException("Cannot create DES key generator");
-          }
-          catch (ObjectNotFoundException e) {
-              throw new CryptoContextException("Certificate not found: "+ca.getNickname());
-          }
-          catch (TokenException e) {
-              throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage());
-          }
-          catch (NoSuchTokenException e) {
-              throw new CryptoContextException("Crypto Token not found: "+e.getMessage());
-          }
-          catch (IncorrectPasswordException e) {
-              throw new CryptoContextException("Incorrect Password.");
-          }
-      }
-
-
-    public KeyGenerator getDESKeyGenerator() {
-        return DESkg;
-    }
+            public CryptoContextException() {
+                super();
+            }
 
-    public CryptoToken getInternalToken() {
-        return internalToken;
-    }
+            public CryptoContextException(String s) {
+                super(s);
+            }
+        }
 
-    public void setExternalTokens( Enumeration<?> tokens ) {
-        externalTokens = tokens;
-    }
+        public CryptoContext()
+                throws CryptoContextException {
+            try {
+                KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
+                if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
+                    kga = KeyGenAlgorithm.DES3;
+                }
+                cm = CryptoManager.getInstance();
+                internalToken = cm.getInternalCryptoToken();
+                DESkg = internalToken.getKeyGenerator(kga);
+                if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
+                        mTokenName.equalsIgnoreCase("Internal Key Storage Token") ||
+                        mTokenName.length() == 0) {
+                    keyStorageToken = cm.getInternalKeyStorageToken();
+                    internalKeyStorageToken = keyStorageToken;
+                    CMS.debug("CRSEnrollment: CryptoContext: internal token name: '" + mTokenName + "'");
+                } else {
+                    keyStorageToken = cm.getTokenByName(mTokenName);
+                    internalKeyStorageToken = null;
+                }
+                if (!mUseCA && internalKeyStorageToken == null) {
+                    PasswordCallback cb = CMS.getPasswordCallback();
+                    keyStorageToken.login(cb); // ONE_TIME by default.
+                }
+                signingCert = cm.findCertByNickname(mNickname);
+                signingCertPrivKey = cm.findPrivKeyByCert(signingCert);
+                byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded();
+                SEQUENCE.Template outer = SEQUENCE.getTemplate();
+                outer.addElement(ANY.getTemplate()); // algid
+                outer.addElement(BIT_STRING.getTemplate());
+                SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, encPubKeyInfo);
+                BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1);
+                byte[] encPubKey = bs.getBits();
+                if (bs.getPadCount() != 0) {
+                    throw new CryptoContextException("Internal error: Invalid Public key. Not an integral number of bytes.");
+                }
+                SEQUENCE.Template inner = new SEQUENCE.Template();
+                inner.addElement(INTEGER.getTemplate());
+                inner.addElement(INTEGER.getTemplate());
+                SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, encPubKey);
+                INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0);
+                signingCertKeySize = modulus.bitLength();
 
-    public Enumeration<?> getExternalTokens() {
-        return externalTokens;
-    }
+                try {
+                    FileOutputStream fos = new FileOutputStream("pubkey.der");
+                    fos.write(signingCert.getPublicKey().getEncoded());
+                    fos.close();
+                } catch (Exception e) {
+                }
 
-    public CryptoToken getInternalKeyStorageToken() {
-        return internalKeyStorageToken;
-    }
+            } catch (InvalidBERException e) {
+                throw new CryptoContextException("Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate");
+            } catch (CryptoManager.NotInitializedException e) {
+                throw new CryptoContextException("Crypto Manager not initialized");
+            } catch (NoSuchAlgorithmException e) {
+                throw new CryptoContextException("Cannot create DES key generator");
+            } catch (ObjectNotFoundException e) {
+                throw new CryptoContextException("Certificate not found: " + ca.getNickname());
+            } catch (TokenException e) {
+                throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage());
+            } catch (NoSuchTokenException e) {
+                throw new CryptoContextException("Crypto Token not found: " + e.getMessage());
+            } catch (IncorrectPasswordException e) {
+                throw new CryptoContextException("Incorrect Password.");
+            }
+        }
 
-    public CryptoToken getKeyStorageToken() {
-        return keyStorageToken;
-    }
+        public KeyGenerator getDESKeyGenerator() {
+            return DESkg;
+        }
 
-    public CryptoManager getCryptoManager() {
-        return cm;
-    }
+        public CryptoToken getInternalToken() {
+            return internalToken;
+        }
 
-    public KeyWrapper getKeyWrapper() 
-      throws CryptoContextException {
-        try {
-            return signingCertPrivKey.getOwningToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
+        public void setExternalTokens(Enumeration<?> tokens) {
+            externalTokens = tokens;
         }
-        catch (TokenException e) {
-            throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage());
+
+        public Enumeration<?> getExternalTokens() {
+            return externalTokens;
         }
-        catch (NoSuchAlgorithmException e) {
-            throw new CryptoContextException(e.getMessage());
+
+        public CryptoToken getInternalKeyStorageToken() {
+            return internalKeyStorageToken;
         }
-    }
 
-    public KeyWrapper getInternalKeyWrapper() 
-      throws CryptoContextException {
-        try {
-            return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
+        public CryptoToken getKeyStorageToken() {
+            return keyStorageToken;
         }
-        catch (TokenException e) {
-            throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage());
+
+        public CryptoManager getCryptoManager() {
+            return cm;
         }
-        catch (NoSuchAlgorithmException e) {
-            throw new CryptoContextException(e.getMessage());
+
+        public KeyWrapper getKeyWrapper()
+                throws CryptoContextException {
+            try {
+                return signingCertPrivKey.getOwningToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
+            } catch (TokenException e) {
+                throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage());
+            } catch (NoSuchAlgorithmException e) {
+                throw new CryptoContextException(e.getMessage());
+            }
         }
-    }
 
-    public org.mozilla.jss.crypto.PrivateKey getPrivateKey() {
-        return signingCertPrivKey;
-    }
+        public KeyWrapper getInternalKeyWrapper()
+                throws CryptoContextException {
+            try {
+                return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
+            } catch (TokenException e) {
+                throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage());
+            } catch (NoSuchAlgorithmException e) {
+                throw new CryptoContextException(e.getMessage());
+            }
+        }
 
-    public org.mozilla.jss.crypto.X509Certificate getSigningCert() {
-        return signingCert;
-    }
-        
-  }
+        public org.mozilla.jss.crypto.PrivateKey getPrivateKey() {
+            return signingCertPrivKey;
+        }
 
+        public org.mozilla.jss.crypto.X509Certificate getSigningCert() {
+            return signingCert;
+        }
 
-  /* General failure. The request/response cannot be processed. */
+    }
 
+    /* General failure. The request/response cannot be processed. */
 
-  class CRSFailureException extends Exception {
-    /**
+    class CRSFailureException extends Exception {
+        /**
      *
      */
-    private static final long serialVersionUID = 1962741611501549051L;
-    public CRSFailureException() { super(); }
-    public CRSFailureException(String s) { super(s); }
-  }
+        private static final long serialVersionUID = 1962741611501549051L;
 
-  class CRSInvalidSignatureException extends Exception {
-    /**
+        public CRSFailureException() {
+            super();
+        }
+
+        public CRSFailureException(String s) {
+            super(s);
+        }
+    }
+
+    class CRSInvalidSignatureException extends Exception {
+        /**
      *
      */
-    private static final long serialVersionUID = 9096408193567657944L;
-    public CRSInvalidSignatureException() { super(); }
-    public CRSInvalidSignatureException(String s) { super(s); }
-  }
+        private static final long serialVersionUID = 9096408193567657944L;
+
+        public CRSInvalidSignatureException() {
+            super();
+        }
 
-    
+        public CRSInvalidSignatureException(String s) {
+            super(s);
+        }
+    }
 
-  class CRSPolicyException extends Exception {
-      /**
+    class CRSPolicyException extends Exception {
+        /**
      *
      */
-    private static final long serialVersionUID = 5846593800658787396L;
-    public CRSPolicyException() { super(); }
-      public CRSPolicyException(String s) { super(s); }
-  }
+        private static final long serialVersionUID = 5846593800658787396L;
 
-}
+        public CRSPolicyException() {
+            super();
+        }
 
+        public CRSPolicyException(String s) {
+            super(s);
+        }
+    }
+
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
index 49a591f0..ff55dc9c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
@@ -35,109 +35,107 @@ import netscape.security.x509.CertAttrSet;
  */
 public class ChallengePassword implements CertAttrSet {
 
-  public static final String NAME = "ChallengePassword";
-  public static final String PASSWORD = "password";
-
-  private String cpw;
-
-
-  /**
-   * Get the password marshalled in this object
-   * @return the challenge password
-   */
-  public String toString() {
-    return cpw;
-  }
-
-  /**
-   * Create a ChallengePassword object
-   * @param stuff (must be of type byte[]) a DER-encoded by array following
-   *   The ASN.1 template for ChallenegePassword specified in the SCEP
-   *    documentation 
-   * @throws IOException if the DER encoded byt array was malformed, or if it
-   *     did not match the template
-   */
-   
-  public ChallengePassword(Object stuff) 
-  throws IOException {
-
-      ByteArrayInputStream is = new ByteArrayInputStream((byte[])stuff);
-      try {
-          decode(is);
-      } catch (Exception e) {
-          throw new IOException(e.getMessage());
-      }
-      
-  }
-
-  /**
-   * Currently Unimplemented 
-   */
-  public void encode(OutputStream out) 
-    throws CertificateException, IOException
-    { }
-
-  public void decode(InputStream in) 
-    throws CertificateException, IOException
-    { 
+    public static final String NAME = "ChallengePassword";
+    public static final String PASSWORD = "password";
+
+    private String cpw;
+
+    /**
+     * Get the password marshalled in this object
+     * 
+     * @return the challenge password
+     */
+    public String toString() {
+        return cpw;
+    }
+
+    /**
+     * Create a ChallengePassword object
+     * 
+     * @param stuff (must be of type byte[]) a DER-encoded by array following
+     *            The ASN.1 template for ChallenegePassword specified in the SCEP
+     *            documentation
+     * @throws IOException if the DER encoded byt array was malformed, or if it
+     *             did not match the template
+     */
+
+    public ChallengePassword(Object stuff)
+            throws IOException {
+
+        ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff);
+        try {
+            decode(is);
+        } catch (Exception e) {
+            throw new IOException(e.getMessage());
+        }
+
+    }
+
+    /**
+     * Currently Unimplemented
+     */
+    public void encode(OutputStream out)
+            throws CertificateException, IOException {
+    }
+
+    public void decode(InputStream in)
+            throws CertificateException, IOException {
         DerValue derVal = new DerValue(in);
 
         construct(derVal);
-        
+
+    }
+
+    private void construct(DerValue derVal) throws IOException {
+        try {
+            cpw = derVal.getPrintableString();
+        } catch (NullPointerException e) {
+            cpw = "";
+        }
+    }
+
+    /**
+     * Currently Unimplemented
+     */
+    public void set(String name, Object obj)
+            throws CertificateException, IOException {
     }
 
-  private void construct(DerValue derVal) throws IOException {
-	  try {
-      	cpw = derVal.getPrintableString();
-		}
-	  catch (NullPointerException e) {
-	  	cpw = "";
-		}
-  }
-
-  
-  /**
-   * Currently Unimplemented 
-   */
-  public void set(String name, Object obj)
-    throws CertificateException, IOException
-    { }
-
-  /**
-   * Get an attribute of this object. 
-   * @param name the name of the attribute of this object to get. The only 
-   * supported attribute is "password"
-   */
-  public Object get(String name) 
-    throws CertificateException, IOException 
-    { 
+    /**
+     * Get an attribute of this object.
+     * 
+     * @param name the name of the attribute of this object to get. The only
+     *            supported attribute is "password"
+     */
+    public Object get(String name)
+            throws CertificateException, IOException {
         if (name.equalsIgnoreCase(PASSWORD)) {
             return cpw;
-        }
-        else {
-            throw new IOException("Attribute name not recognized by "+
+        } else {
+            throw new IOException("Attribute name not recognized by " +
                                   "CertAttrSet: ChallengePassword");
         }
     }
-  
-  /**
-   * Currently Unimplemented
-   */
-  public void  delete(String name) 
-    throws CertificateException, IOException 
-    { }
-
-  /**
-   * @return an empty set of elements
-   */
-  public Enumeration<String> getAttributeNames()
-    { return (new Vector<String>()).elements();}
-
-  /**
-   * @return the String "ChallengePassword"
-   */
-  public String getName()
-    { return NAME;}
-
-   
+
+    /**
+     * Currently Unimplemented
+     */
+    public void delete(String name)
+            throws CertificateException, IOException {
+    }
+
+    /**
+     * @return an empty set of elements
+     */
+    public Enumeration<String> getAttributeNames() {
+        return (new Vector<String>()).elements();
+    }
+
+    /**
+     * @return the String "ChallengePassword"
+     */
+    public String getName() {
+        return NAME;
+    }
+
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java
index 6f689b34..b3a0f565 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java
@@ -30,51 +30,46 @@ import netscape.security.util.DerValue;
 import netscape.security.x509.CertAttrSet;
 import netscape.security.x509.Extension;
 
-
 public class ExtensionsRequested implements CertAttrSet {
 
+    public static final String NAME = "EXTENSIONS_REQUESTED";
 
-    public static final String  NAME = "EXTENSIONS_REQUESTED";
-    
     public static final String KUE_DIGITAL_SIGNATURE = "kue_digital_signature";
-    public static final String KUE_KEY_ENCIPHERMENT  = "kue_key_encipherment";
+    public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment";
 
     private String kue_digital_signature = "false";
-    private String kue_key_encipherment  = "false";
-    
+    private String kue_key_encipherment = "false";
+
     private Vector<Extension> exts = new Vector<Extension>();
 
     public ExtensionsRequested(Object stuff) throws IOException {
         ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff);
-        
+
         try {
             decode(is);
-        }
-        catch (Exception e) {
+        } catch (Exception e) {
             e.printStackTrace();
             throw new IOException(e.getMessage());
         }
     }
-    
-    public void encode(OutputStream out) 
-        throws CertificateException, IOException
-    { }
-    
-    public void decode(InputStream in) 
-        throws CertificateException, IOException
-    { 
+
+    public void encode(OutputStream out)
+            throws CertificateException, IOException {
+    }
+
+    public void decode(InputStream in)
+            throws CertificateException, IOException {
         DerValue derVal = new DerValue(in);
-        
+
         construct(derVal);
     }
-    
+
     public void set(String name, Object obj)
-        throws CertificateException, IOException
-    { }
-    
-    public Object get(String name) 
-        throws CertificateException, IOException 
-    { 
+            throws CertificateException, IOException {
+    }
+
+    public Object get(String name)
+            throws CertificateException, IOException {
         if (name.equalsIgnoreCase(KUE_DIGITAL_SIGNATURE)) {
             return kue_digital_signature;
         }
@@ -84,107 +79,99 @@ public class ExtensionsRequested implements CertAttrSet {
 
         throw new IOException("Unsupported attribute queried");
     }
-    
-    public void  delete(String name) 
-        throws CertificateException, IOException 
-    { 
+
+    public void delete(String name)
+            throws CertificateException, IOException {
+    }
+
+    public Enumeration<String> getAttributeNames() {
+        return (new Vector<String>()).elements();
+    }
+
+    public String getName() {
+        return NAME;
     }
 
-    public Enumeration<String> getAttributeNames()
-    { return (new Vector<String>()).elements();}
-    
-    public String getName()
-    { return NAME;}
-    
-
-
-/**
-   construct - expects this in the inputstream (from the router):
-
- 211 30   31:       SEQUENCE {
- 213 06   10:         OBJECT IDENTIFIER '2 16 840 1 113733 1 9 8'
- 225 31   17:         SET {
- 227 04   15:           OCTET STRING, encapsulates {
- 229 30   13:               SEQUENCE {
- 231 30   11:                 SEQUENCE {
- 233 06    3:                   OBJECT IDENTIFIER keyUsage (2 5 29 15)
- 238 04    4:                   OCTET STRING
-            :                   03 02 05 A0
-            :                   }
-            :                 }
-            :               }
-
-  or this (from IRE client):
-
- 262 30   51:       SEQUENCE {
- 264 06    9:         OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9 14)
- 275 31   38:         SET {
- 277 30   36:           SEQUENCE {
- 279 30   34:             SEQUENCE {
- 281 06    3:               OBJECT IDENTIFIER subjectAltName (2 5 29 17)
- 286 04   27:               OCTET STRING
-            :                 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61
-            :                 61 61 2E 6D 63 6F 6D 2E 63 6F 6D
-            :               }
-            :             }
-            :           }
-			:         }
-
-
- */
+    /**
+     * construct - expects this in the inputstream (from the router):
+     * 
+     * 211 30 31: SEQUENCE {
+     * 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 8'
+     * 225 31 17: SET {
+     * 227 04 15: OCTET STRING, encapsulates {
+     * 229 30 13: SEQUENCE {
+     * 231 30 11: SEQUENCE {
+     * 233 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
+     * 238 04 4: OCTET STRING
+     * : 03 02 05 A0
+     * : }
+     * : }
+     * : }
+     * 
+     * or this (from IRE client):
+     * 
+     * 262 30 51: SEQUENCE {
+     * 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9 14)
+     * 275 31 38: SET {
+     * 277 30 36: SEQUENCE {
+     * 279 30 34: SEQUENCE {
+     * 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
+     * 286 04 27: OCTET STRING
+     * : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61
+     * : 61 61 2E 6D 63 6F 6D 2E 63 6F 6D
+     * : }
+     * : }
+     * : }
+     * : }
+     */
     private void construct(DerValue dv) throws IOException {
 
-		DerInputStream stream = null;
-		DerValue[] dvs;
+        DerInputStream stream = null;
+        DerValue[] dvs;
 
-       	try {      // try decoding as sequence first
+        try { // try decoding as sequence first
 
-			stream = dv.toDerInputStream();
+            stream = dv.toDerInputStream();
 
-			DerValue stream_dv = stream.getDerValue();
-			stream.reset();
-	
+            DerValue stream_dv = stream.getDerValue();
+            stream.reset();
 
-           	dvs = stream.getSequence(2);
-       	}
-		catch (IOException ioe) {
-				// if it failed, the outer sequence may be
-				// encapsulated in an octet string, as in the first
-				// example above
+            dvs = stream.getSequence(2);
+        } catch (IOException ioe) {
+            // if it failed, the outer sequence may be
+            // encapsulated in an octet string, as in the first
+            // example above
 
-      		byte[]  octet_string = dv.getOctetString();
+            byte[] octet_string = dv.getOctetString();
 
-   		     	// Make a new input stream from the byte array,
-				// and re-parse it as a sequence.
+            // Make a new input stream from the byte array,
+            // and re-parse it as a sequence.
 
-   	 		dv = new DerValue(octet_string);
+            dv = new DerValue(octet_string);
 
-           	stream = dv.toDerInputStream();
-           	dvs = stream.getSequence(2);
-		}
+            stream = dv.toDerInputStream();
+            dvs = stream.getSequence(2);
+        }
 
-		// now, the stream will be in the correct format
-		stream.reset();
+        // now, the stream will be in the correct format
+        stream.reset();
 
-		while (true) {
-			DerValue ext_dv=null;
-			try {
-				ext_dv = stream.getDerValue();
-			}
-			catch (IOException ex) {
-				break;
-			}
+        while (true) {
+            DerValue ext_dv = null;
+            try {
+                ext_dv = stream.getDerValue();
+            } catch (IOException ex) {
+                break;
+            }
 
-			Extension ext = new Extension(ext_dv);
-			exts.addElement(ext);
-		}
+            Extension ext = new Extension(ext_dv);
+            exts.addElement(ext);
+        }
 
     }
 
-	public Vector<Extension> getExtensions() {
-		return exts;
-	}
+    public Vector<Extension> getExtensions() {
+        return exts;
+    }
 
 }
-
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java
index 759238d9..58c4276e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 
@@ -25,11 +24,10 @@ import com.netscape.certsrv.authentication.IAuthCredentials;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
 
-
 /**
  * Authentication Credentials as input to the authMgr
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthCredentials implements IAuthCredentials {
@@ -40,19 +38,21 @@ public class AuthCredentials implements IAuthCredentials {
     private Hashtable authCreds = null;
     // Inserted by bskim 
     private IArgBlock argblk = null;
+
     // Insert end
-    
+
     public AuthCredentials() {
         authCreds = new Hashtable();
     }
 
     /**
      * sets a credential with credential name and the credential
+     * 
      * @param name credential name
      * @param cred credential
      * @exception com.netscape.certsrv.base.EBaseException NullPointerException
      */
-    public void set(String name, Object cred)throws EBaseException {
+    public void set(String name, Object cred) throws EBaseException {
         if (cred == null) {
             throw new EBaseException("AuthCredentials.set()");
         }
@@ -62,7 +62,8 @@ public class AuthCredentials implements IAuthCredentials {
 
     /**
      * returns the credential to which the specified name is mapped in this
-     *	 credential set
+     * credential set
+     * 
      * @param name credential name
      * @return the named authentication credential
      */
@@ -72,8 +73,9 @@ public class AuthCredentials implements IAuthCredentials {
 
     /**
      * removes the name and its corresponding credential from this
-     *	 credential set.  This method does nothing if the named
-     *	 credential is not in the credential set.
+     * credential set. This method does nothing if the named
+     * credential is not in the credential set.
+     * 
      * @param name credential name
      */
     public void delete(String name) {
@@ -82,26 +84,26 @@ public class AuthCredentials implements IAuthCredentials {
 
     /**
      * returns an enumeration of the credentials in this credential
-     *	 set.  Use the Enumeration methods on the returned object to
-     *	 fetch the elements sequentially.
+     * set. Use the Enumeration methods on the returned object to
+     * fetch the elements sequentially.
+     * 
      * @return an enumeration of the values in this credential set
      * @see java.util.Enumeration
      */
     public Enumeration getElements() {
         return (authCreds.elements());
     }
-    
+
     // Inserted by bskim
     public void setArgBlock(IArgBlock blk) {
         argblk = blk;
         return;
-    }        
+    }
 
     // Insert end
-    
+
     public IArgBlock getArgBlock() {
         return argblk;
-    }        
+    }
     // Insert end
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java
index 3fac4a63..15b46e17 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -94,33 +93,33 @@ import com.netscape.certsrv.request.RequestStatus;
 
 /**
  * Utility CMCOutputTemplate
- *
+ * 
  * @version $ $, $Date$
  */
 public class CMCOutputTemplate {
     public CMCOutputTemplate() {
     }
 
-    public void createFullResponseWithFailedStatus(HttpServletResponse resp, 
-      SEQUENCE bpids, int code, UTF8String s) {
+    public void createFullResponseWithFailedStatus(HttpServletResponse resp,
+            SEQUENCE bpids, int code, UTF8String s) {
         SEQUENCE controlSeq = new SEQUENCE();
         SEQUENCE cmsSeq = new SEQUENCE();
         SEQUENCE otherMsgSeq = new SEQUENCE();
 
         int bpid = 1;
-        OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, 
-          new INTEGER(code), null);
+        OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+                new INTEGER(code), null);
         CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(
-          new INTEGER(CMCStatusInfo.FAILED),
-          bpids, s, otherInfo);
+                new INTEGER(CMCStatusInfo.FAILED),
+                bpids, s, otherInfo);
         TaggedAttribute tagattr = new TaggedAttribute(
-          new INTEGER(bpid++),
-          OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                new INTEGER(bpid++),
+                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
         controlSeq.addElement(tagattr);
 
         try {
             ResponseBody respBody = new ResponseBody(controlSeq,
-              cmsSeq, otherMsgSeq);
+                    cmsSeq, otherMsgSeq);
 
             SET certs = new SET();
             ContentInfo contentInfo = getContentInfo(respBody, certs);
@@ -137,13 +136,13 @@ public class CMCOutputTemplate {
             os.write(contentBytes);
             os.flush();
         } catch (Exception e) {
-            CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: " + e.toString());
             return;
         }
     }
 
-    public void createFullResponse(HttpServletResponse resp, IRequest []reqs,
-      String cert_request_type, int[] error_codes) {
+    public void createFullResponse(HttpServletResponse resp, IRequest[] reqs,
+            String cert_request_type, int[] error_codes) {
 
         SEQUENCE controlSeq = new SEQUENCE();
         SEQUENCE cmsSeq = new SEQUENCE();
@@ -157,32 +156,32 @@ public class CMCOutputTemplate {
         SEQUENCE success_bpids = null;
         SEQUENCE failed_bpids = null;
         if (cert_request_type.equals("crmf") ||
-          cert_request_type.equals("pkcs10")) {
+                cert_request_type.equals("pkcs10")) {
             String reqId = reqs[0].getRequestId().toString();
             OtherInfo otherInfo = null;
             if (error_codes[0] == 2) {
                 PendInfo pendInfo = new PendInfo(reqId, new Date());
                 otherInfo = new OtherInfo(OtherInfo.PEND, null,
-                  pendInfo);
+                        pendInfo);
             } else {
-                otherInfo = new OtherInfo(OtherInfo.FAIL, 
-                  new INTEGER(OtherInfo.BAD_REQUEST), null);
+                otherInfo = new OtherInfo(OtherInfo.FAIL,
+                        new INTEGER(OtherInfo.BAD_REQUEST), null);
             }
- 
+
             SEQUENCE bpids = new SEQUENCE();
             bpids.addElement(new INTEGER(1));
             CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING,
-              bpids, (String)null, otherInfo);
+                    bpids, (String) null, otherInfo);
             TaggedAttribute tagattr = new TaggedAttribute(
-              new INTEGER(bpid++),
-              OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                    new INTEGER(bpid++),
+                    OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
             controlSeq.addElement(tagattr);
         } else if (cert_request_type.equals("cmc")) {
             pending_bpids = new SEQUENCE();
             success_bpids = new SEQUENCE();
             failed_bpids = new SEQUENCE();
             if (reqs != null) {
-                for (int i=0; i<reqs.length; i++) {
+                for (int i = 0; i < reqs.length; i++) {
                     if (error_codes[i] == 0) {
                         success_bpids.addElement(new INTEGER(
                                 reqs[i].getExtDataInBigInteger("bodyPartId")));
@@ -192,77 +191,77 @@ public class CMCOutputTemplate {
                     } else {
                         failed_bpids.addElement(new INTEGER(
                                 reqs[i].getExtDataInBigInteger("bodyPartId")));
-                    } 
+                    }
                 }
             }
 
             TaggedAttribute tagattr = null;
             CMCStatusInfo cmcStatusInfo = null;
-            SEQUENCE identityBpids = (SEQUENCE)context.get("identityProof");
+            SEQUENCE identityBpids = (SEQUENCE) context.get("identityProof");
             if (identityBpids != null && identityBpids.size() > 0) {
-                OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, 
-                  new INTEGER(OtherInfo.BAD_IDENTITY), null);
+                OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+                        new INTEGER(OtherInfo.BAD_IDENTITY), null);
                 cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
-                  identityBpids, (String)null, otherInfo);
+                        identityBpids, (String) null, otherInfo);
                 tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++),  
-                  OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                        new INTEGER(bpid++),
+                        OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                 controlSeq.addElement(tagattr);
             }
 
-            SEQUENCE POPLinkWitnessBpids = (SEQUENCE)context.get("POPLinkWitness");
+            SEQUENCE POPLinkWitnessBpids = (SEQUENCE) context.get("POPLinkWitness");
             if (POPLinkWitnessBpids != null && POPLinkWitnessBpids.size() > 0) {
                 OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
-                  new INTEGER(OtherInfo.BAD_REQUEST), null); 
+                        new INTEGER(OtherInfo.BAD_REQUEST), null);
                 cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
-                  POPLinkWitnessBpids, (String)null, otherInfo);
+                        POPLinkWitnessBpids, (String) null, otherInfo);
                 tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++),  
-                  OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                        new INTEGER(bpid++),
+                        OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                 controlSeq.addElement(tagattr);
             }
 
             if (pending_bpids.size() > 0) {
-                cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, 
-                  pending_bpids, (String)null, null);
+                cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING,
+                        pending_bpids, (String) null, null);
                 tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++),
-                  OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                controlSeq.addElement(tagattr); 
-            } 
+                        new INTEGER(bpid++),
+                        OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                controlSeq.addElement(tagattr);
+            }
 
             if (success_bpids.size() > 0) {
                 boolean confirmRequired = false;
                 try {
-                  confirmRequired = 
-                    CMS.getConfigStore().getBoolean("cmc.cert.confirmRequired", 
-                    false);
-                } catch (Exception e) {        
+                    confirmRequired =
+                            CMS.getConfigStore().getBoolean("cmc.cert.confirmRequired",
+                                    false);
+                } catch (Exception e) {
                 }
                 if (confirmRequired) {
                     CMS.debug("CMCOutputTemplate: confirmRequired in the request");
-                    cmcStatusInfo = 
-                    new CMCStatusInfo(CMCStatusInfo.CONFIRM_REQUIRED, 
-                    success_bpids, (String)null, null);
+                    cmcStatusInfo =
+                            new CMCStatusInfo(CMCStatusInfo.CONFIRM_REQUIRED,
+                                    success_bpids, (String) null, null);
                 } else {
-                    cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, 
-                      success_bpids, (String)null, null);
+                    cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
+                            success_bpids, (String) null, null);
                 }
                 tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++),
-                  OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                controlSeq.addElement(tagattr); 
+                        new INTEGER(bpid++),
+                        OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                controlSeq.addElement(tagattr);
             }
 
             if (failed_bpids.size() > 0) {
-                OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, 
-                  new INTEGER(OtherInfo.BAD_REQUEST), null);
-                cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, 
-                  failed_bpids, (String)null, otherInfo);
+                OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+                        new INTEGER(OtherInfo.BAD_REQUEST), null);
+                cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
+                        failed_bpids, (String) null, otherInfo);
                 tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++),
-                  OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                controlSeq.addElement(tagattr); 
+                        new INTEGER(bpid++),
+                        OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                controlSeq.addElement(tagattr);
             }
         }
 
@@ -270,80 +269,80 @@ public class CMCOutputTemplate {
 
         try {
             // deal with controls
-            Integer nums = (Integer)(context.get("numOfControls"));
+            Integer nums = (Integer) (context.get("numOfControls"));
             if (nums != null && nums.intValue() > 0) {
                 TaggedAttribute attr =
-                  (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
+                        (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
                 if (attr != null) {
                     try {
                         processGetCertControl(attr, certs);
                     } catch (EBaseException ee) {
-                        CMS.debug("CMCOutputTemplate: "+ee.toString());
+                        CMS.debug("CMCOutputTemplate: " + ee.toString());
                         OtherInfo otherInfo1 = new OtherInfo(OtherInfo.FAIL,
-                          new INTEGER(OtherInfo.BAD_CERT_ID), null); 
+                                new INTEGER(OtherInfo.BAD_CERT_ID), null);
                         SEQUENCE bpids1 = new SEQUENCE();
                         bpids1.addElement(attr.getBodyPartID());
                         CMCStatusInfo cmcStatusInfo1 = new CMCStatusInfo(
-                          new INTEGER(CMCStatusInfo.FAILED),
-                          bpids1, null, otherInfo1);
+                                new INTEGER(CMCStatusInfo.FAILED),
+                                bpids1, null, otherInfo1);
                         TaggedAttribute tagattr1 = new TaggedAttribute(
-                          new INTEGER(bpid++),
-                          OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo1);
+                                new INTEGER(bpid++),
+                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo1);
                         controlSeq.addElement(tagattr1);
                     }
                 }
 
-                attr = 
-                  (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_dataReturn));
+                attr =
+                        (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_dataReturn));
                 if (attr != null)
                     bpid = processDataReturnControl(attr, controlSeq, bpid);
 
                 attr =
-                  (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_transactionId); 
+                        (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_transactionId);
                 if (attr != null)
                     bpid = processTransactionControl(attr, controlSeq, bpid);
 
                 attr =
-                  (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_senderNonce); 
+                        (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_senderNonce);
                 if (attr != null)
                     bpid = processSenderNonceControl(attr, controlSeq, bpid);
 
                 attr =
-                  (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_QueryPending); 
+                        (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_QueryPending);
                 if (attr != null)
-                    bpid = processQueryPendingControl(attr, controlSeq, bpid); 
+                    bpid = processQueryPendingControl(attr, controlSeq, bpid);
 
-                attr = 
-                  (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance);
+                attr =
+                        (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance);
 
-                if (attr != null) 
+                if (attr != null)
                     bpid = processConfirmCertAcceptanceControl(attr, controlSeq,
-                      bpid);
+                            bpid);
 
-                attr = 
-                  (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_revokeRequest);
+                attr =
+                        (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_revokeRequest);
 
-                if (attr != null) 
+                if (attr != null)
                     bpid = processRevokeRequestControl(attr, controlSeq,
-                      bpid);
+                            bpid);
             }
 
             if (success_bpids != null && success_bpids.size() > 0) {
-                for (int i=0; i<reqs.length; i++) {
+                for (int i = 0; i < reqs.length; i++) {
                     if (error_codes[i] == 0) {
-                        X509CertImpl impl = 
-                          (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
+                        X509CertImpl impl =
+                                (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
                         byte[] bin = impl.getEncoded();
                         Certificate.Template certTemplate = new Certificate.Template();
-                        Certificate cert = (Certificate)certTemplate.decode(
-                          new ByteArrayInputStream(bin));
+                        Certificate cert = (Certificate) certTemplate.decode(
+                                new ByteArrayInputStream(bin));
                         certs.addElement(cert);
                     }
                 }
             }
 
             ResponseBody respBody = new ResponseBody(controlSeq,
-              cmsSeq, otherMsgSeq);
+                    cmsSeq, otherMsgSeq);
 
             ContentInfo contentInfo = getContentInfo(respBody, certs);
             ByteArrayOutputStream fos = new ByteArrayOutputStream();
@@ -354,16 +353,16 @@ public class CMCOutputTemplate {
             resp.setContentType("application/pkcs7-mime");
             resp.setContentLength(contentBytes.length);
             OutputStream os = resp.getOutputStream();
-            os.write(contentBytes);  
+            os.write(contentBytes);
             os.flush();
         } catch (java.security.cert.CertificateEncodingException e) {
-            CMS.debug("CMCOutputTemplate exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate exception: " + e.toString());
         } catch (InvalidBERException e) {
-            CMS.debug("CMCOutputTemplate exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate exception: " + e.toString());
         } catch (IOException e) {
-            CMS.debug("CMCOutputTemplate exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate exception: " + e.toString());
         } catch (Exception e) {
-            CMS.debug("Exception: "+e.toString());
+            CMS.debug("Exception: " + e.toString());
         }
     }
 
@@ -371,48 +370,48 @@ public class CMCOutputTemplate {
         try {
             ICertificateAuthority ca = null;
             // add CA cert chain
-            ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+            ca = (ICertificateAuthority) CMS.getSubsystem("ca");
             CertificateChain certchains = ca.getCACertChain();
             java.security.cert.X509Certificate[] chains = certchains.getChain();
 
-            for (int i=0; i<chains.length; i++) {
+            for (int i = 0; i < chains.length; i++) {
                 Certificate.Template certTemplate = new Certificate.Template();
-                Certificate cert = (Certificate)certTemplate.decode(
-                  new ByteArrayInputStream(chains[i].getEncoded()));
+                Certificate cert = (Certificate) certTemplate.decode(
+                        new ByteArrayInputStream(chains[i].getEncoded()));
                 certs.addElement(cert);
             }
-    
+
             EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo(
-              OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody);
+                    OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody);
             org.mozilla.jss.crypto.X509Certificate x509CAcert = null;
             x509CAcert = ca.getCaX509Cert();
             X509CertImpl caimpl = new X509CertImpl(x509CAcert.getEncoded());
-            X500Name issuerName = (X500Name)caimpl.getIssuerDN();
+            X500Name issuerName = (X500Name) caimpl.getIssuerDN();
             byte[] issuerByte = issuerName.getEncoded();
-            ByteArrayInputStream istream = new  ByteArrayInputStream(issuerByte);
+            ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte);
             Name issuer = (Name) Name.getTemplate().decode(istream);
             IssuerAndSerialNumber ias = new IssuerAndSerialNumber(
-              issuer, new INTEGER(x509CAcert.getSerialNumber().toString()));
+                    issuer, new INTEGER(x509CAcert.getSerialNumber().toString()));
             SignerIdentifier si = new SignerIdentifier(
-              SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
+                    SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
             // use CA instance's default signature and digest algorithm
             SignatureAlgorithm signAlg = ca.getDefaultSignatureAlgorithm();
             org.mozilla.jss.crypto.PrivateKey privKey =
-              CryptoManager.getInstance().findPrivKeyByCert(x509CAcert);
-/*
-            org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType();
-            if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.RSA ) ) {
-                signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
-            } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) {
-                signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
-            } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) {
-                 signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest;
-            } else {
-                CMS.debug( "CMCOutputTemplate::getContentInfo() - "
-                         + "signAlg is unsupported!" );
-                return null;
-            }
-*/
+                    CryptoManager.getInstance().findPrivKeyByCert(x509CAcert);
+            /*
+                        org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType();
+                        if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.RSA ) ) {
+                            signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
+                        } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) {
+                            signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
+                        } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) {
+                             signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest;
+                        } else {
+                            CMS.debug( "CMCOutputTemplate::getContentInfo() - "
+                                     + "signAlg is unsupported!" );
+                            return null;
+                        }
+            */
             DigestAlgorithm digestAlg = signAlg.getDigestAlg();
             MessageDigest msgDigest = null;
             byte[] digest = null;
@@ -425,9 +424,9 @@ public class CMCOutputTemplate {
             digest = msgDigest.digest(ostream.toByteArray());
 
             SignerInfo signInfo = new
-              SignerInfo(si, null, null,
-              OBJECT_IDENTIFIER.id_cct_PKIResponse,
-              digest, signAlg, privKey);
+                    SignerInfo(si, null, null,
+                            OBJECT_IDENTIFIER.id_cct_PKIResponse,
+                            digest, signAlg, privKey);
             SET signInfos = new SET();
 
             signInfos.addElement(signInfo);
@@ -436,30 +435,30 @@ public class CMCOutputTemplate {
 
             if (digestAlg != null) {
                 AlgorithmIdentifier ai = new
-                  AlgorithmIdentifier(digestAlg.toOID(), null);
-    
+                        AlgorithmIdentifier(digestAlg.toOID(), null);
+
                 digestAlgs.addElement(ai);
             }
             SignedData signedData = new SignedData(digestAlgs,
-              enContentInfo, certs, null, signInfos);
+                    enContentInfo, certs, null, signInfos);
 
             ContentInfo contentInfo = new ContentInfo(signedData);
             CMS.debug("CMCOutputTemplate::getContentInfo() - done");
             return contentInfo;
         } catch (Exception e) {
-            CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: " + e.toString());
         }
-        return null;     
+        return null;
     }
 
-    public void createSimpleResponse(HttpServletResponse resp, IRequest []reqs) {
+    public void createSimpleResponse(HttpServletResponse resp, IRequest[] reqs) {
         SET certs = new SET();
         SessionContext context = SessionContext.getContext();
         try {
-            TaggedAttribute attr = 
-              (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
+            TaggedAttribute attr =
+                    (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
             processGetCertControl(attr, certs);
-        } catch (Exception e) { 
+        } catch (Exception e) {
             CMS.debug("CMCOutputTemplate: No certificate is found.");
         }
 
@@ -472,34 +471,34 @@ public class CMCOutputTemplate {
 
         try {
             if (reqs != null) {
-                for (int i=0; i<reqs.length; i++) {
-                    X509CertImpl impl = 
-                      (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
+                for (int i = 0; i < reqs.length; i++) {
+                    X509CertImpl impl =
+                            (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
                     byte[] bin = impl.getEncoded();
                     Certificate.Template certTemplate = new Certificate.Template();
-                    Certificate cert = 
-                      (Certificate)certTemplate.decode(new ByteArrayInputStream(bin));
+                    Certificate cert =
+                            (Certificate) certTemplate.decode(new ByteArrayInputStream(bin));
 
                     certs.addElement(cert);
                 }
 
                 // Get CA certs
-                ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+                ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
                 CertificateChain certchains = ca.getCACertChain();
                 java.security.cert.X509Certificate[] chains = certchains.getChain();
 
-                for (int i=0; i<chains.length; i++) {
+                for (int i = 0; i < chains.length; i++) {
                     Certificate.Template certTemplate = new Certificate.Template();
-                    Certificate cert = (Certificate)certTemplate.decode(
-                      new ByteArrayInputStream(chains[i].getEncoded()));
+                    Certificate cert = (Certificate) certTemplate.decode(
+                            new ByteArrayInputStream(chains[i].getEncoded()));
                     certs.addElement(cert);
                 }
             }
-       
+
             if (certs.size() == 0)
                 return;
             SignedData signedData = new SignedData(digestAlgorithms,
-              enContentInfo, certs, null, signedInfos);
+                    enContentInfo, certs, null, signedInfos);
 
             ContentInfo contentInfo = new ContentInfo(signedData);
             ByteArrayOutputStream fos = new ByteArrayOutputStream();
@@ -510,48 +509,48 @@ public class CMCOutputTemplate {
             resp.setContentType("application/pkcs7-mime");
             resp.setContentLength(contentBytes.length);
             OutputStream os = resp.getOutputStream();
-            os.write(contentBytes);  
+            os.write(contentBytes);
             os.flush();
         } catch (java.security.cert.CertificateEncodingException e) {
-            CMS.debug("CMCOutputTemplate exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate exception: " + e.toString());
         } catch (InvalidBERException e) {
-            CMS.debug("CMCOutputTemplate exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate exception: " + e.toString());
         } catch (IOException e) {
-            CMS.debug("CMCOutputTemplate exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate exception: " + e.toString());
         }
     }
 
     private int processConfirmCertAcceptanceControl(
-      TaggedAttribute attr, SEQUENCE controlSeq, int bpid) {
+            TaggedAttribute attr, SEQUENCE controlSeq, int bpid) {
         if (attr != null) {
             INTEGER bodyId = attr.getBodyPartID();
             SEQUENCE seq = new SEQUENCE();
-            seq.addElement(bodyId); 
+            seq.addElement(bodyId);
             SET values = attr.getValues();
             if (values != null && values.size() > 0) {
                 try {
-                    CMCCertId cmcCertId = 
-                      (CMCCertId)(ASN1Util.decode(CMCCertId.getTemplate(),
-                      ASN1Util.encode(values.elementAt(0))));
-                    BigInteger serialno = (BigInteger)(cmcCertId.getSerial());
-                    SEQUENCE issuers = cmcCertId.getIssuer(); 
+                    CMCCertId cmcCertId =
+                            (CMCCertId) (ASN1Util.decode(CMCCertId.getTemplate(),
+                                    ASN1Util.encode(values.elementAt(0))));
+                    BigInteger serialno = (BigInteger) (cmcCertId.getSerial());
+                    SEQUENCE issuers = cmcCertId.getIssuer();
                     //ANY issuer = (ANY)issuers.elementAt(0);
-                    ANY issuer = 
-                      (ANY)(ASN1Util.decode(ANY.getTemplate(),
-                      ASN1Util.encode(issuers.elementAt(0))));
+                    ANY issuer =
+                            (ANY) (ASN1Util.decode(ANY.getTemplate(),
+                                    ASN1Util.encode(issuers.elementAt(0))));
                     byte[] b = issuer.getEncoded();
                     X500Name n = new X500Name(b);
                     ICertificateAuthority ca = null;
-                    ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+                    ca = (ICertificateAuthority) CMS.getSubsystem("ca");
                     X500Name caName = ca.getX500Name();
                     boolean confirmAccepted = false;
                     if (n.toString().equalsIgnoreCase(caName.toString())) {
                         CMS.debug("CMCOutputTemplate: Issuer names are equal");
                         ICertificateRepository repository =
-                          (ICertificateRepository)ca.getCertificateRepository();
+                                (ICertificateRepository) ca.getCertificateRepository();
                         X509CertImpl impl = null;
                         try {
-                            repository.getX509Certificate(serialno); 
+                            repository.getX509Certificate(serialno);
                         } catch (EBaseException ee) {
                             CMS.debug("CMCOutputTemplate: Certificate in the confirm acceptance control was not found");
                         }
@@ -559,77 +558,77 @@ public class CMCOutputTemplate {
                     CMCStatusInfo cmcStatusInfo = null;
                     if (confirmAccepted) {
                         CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate exists in the certificate repository.");
-                        cmcStatusInfo = 
-                          new CMCStatusInfo(CMCStatusInfo.SUCCESS, seq,
-                          (String)null, null);
+                        cmcStatusInfo =
+                                new CMCStatusInfo(CMCStatusInfo.SUCCESS, seq,
+                                        (String) null, null);
                     } else {
                         CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate does not exist in the certificate repository.");
-                        OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, 
-                          new INTEGER(OtherInfo.BAD_CERT_ID), null);
-                        cmcStatusInfo = 
-                          new CMCStatusInfo(CMCStatusInfo.FAILED, seq,
-                          (String)null, otherInfo);
+                        OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+                                new INTEGER(OtherInfo.BAD_CERT_ID), null);
+                        cmcStatusInfo =
+                                new CMCStatusInfo(CMCStatusInfo.FAILED, seq,
+                                        (String) null, otherInfo);
                     }
                     TaggedAttribute statustagattr = new TaggedAttribute(
-                      new INTEGER(bpid++),
-                      OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                    controlSeq.addElement(statustagattr); 
+                            new INTEGER(bpid++),
+                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                    controlSeq.addElement(statustagattr);
                 } catch (Exception e) {
-                    CMS.debug("CMCOutputTemplate exception: "+e.toString());
+                    CMS.debug("CMCOutputTemplate exception: " + e.toString());
                 }
-            } 
+            }
         }
         return bpid;
     }
 
     private void processGetCertControl(TaggedAttribute attr, SET certs)
-      throws InvalidBERException, java.security.cert.CertificateEncodingException,
-      IOException, EBaseException {
+            throws InvalidBERException, java.security.cert.CertificateEncodingException,
+            IOException, EBaseException {
         if (attr != null) {
             SET vals = attr.getValues();
 
             if (vals.size() == 1) {
                 GetCert getCert =
-                  (GetCert)(ASN1Util.decode(GetCert.getTemplate(),
-                  ASN1Util.encode(vals.elementAt(0))));
-                BigInteger serialno = (BigInteger)(getCert.getSerialNumber());
-                ANY issuer = (ANY)getCert.getIssuer();
+                        (GetCert) (ASN1Util.decode(GetCert.getTemplate(),
+                                ASN1Util.encode(vals.elementAt(0))));
+                BigInteger serialno = (BigInteger) (getCert.getSerialNumber());
+                ANY issuer = (ANY) getCert.getIssuer();
                 byte b[] = issuer.getEncoded();
                 X500Name n = new X500Name(b);
-                ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+                ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
                 X500Name caName = ca.getX500Name();
                 if (!n.toString().equalsIgnoreCase(caName.toString())) {
                     CMS.debug("CMCOutputTemplate: Issuer names are equal in the GetCert Control");
                     throw new EBaseException("Certificate is not found");
                 }
                 ICertificateRepository repository =
-                  (ICertificateRepository)ca.getCertificateRepository();
+                        (ICertificateRepository) ca.getCertificateRepository();
                 X509CertImpl impl = repository.getX509Certificate(serialno);
                 byte[] bin = impl.getEncoded();
                 Certificate.Template certTemplate = new Certificate.Template();
                 Certificate cert =
-                  (Certificate)certTemplate.decode(new ByteArrayInputStream(bin));
+                        (Certificate) certTemplate.decode(new ByteArrayInputStream(bin));
                 certs.addElement(cert);
             }
         }
     }
- 
+
     private int processQueryPendingControl(TaggedAttribute attr,
-      SEQUENCE controlSeq, int bpid) {
+            SEQUENCE controlSeq, int bpid) {
         if (attr != null) {
             SET values = attr.getValues();
-            if (values != null  && values.size() > 0) {
+            if (values != null && values.size() > 0) {
                 SEQUENCE pending_bpids = new SEQUENCE();
                 SEQUENCE success_bpids = new SEQUENCE();
                 SEQUENCE failed_bpids = new SEQUENCE();
-                for (int i=0; i<values.size(); i++) {
+                for (int i = 0; i < values.size(); i++) {
                     try {
                         INTEGER reqId = (INTEGER)
-                          ASN1Util.decode(INTEGER.getTemplate(),
-                          ASN1Util.encode(values.elementAt(i)));
+                                ASN1Util.decode(INTEGER.getTemplate(),
+                                        ASN1Util.encode(values.elementAt(i)));
                         String requestId = new String(reqId.toByteArray());
 
-                        ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+                        ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
                         IRequestQueue queue = ca.getRequestQueue();
                         IRequest r = queue.findRequest(new RequestId(requestId));
                         if (r != null) {
@@ -649,43 +648,43 @@ public class CMCOutputTemplate {
 
                 if (pending_bpids.size() > 0) {
                     CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING,
-                      pending_bpids, (String)null, null);
+                            pending_bpids, (String) null, null);
                     TaggedAttribute tagattr = new TaggedAttribute(
-                      new INTEGER(bpid++),
-                      OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                            new INTEGER(bpid++),
+                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                     controlSeq.addElement(tagattr);
                 }
                 if (success_bpids.size() > 0) {
                     CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
-                      pending_bpids, (String)null, null);
+                            pending_bpids, (String) null, null);
                     TaggedAttribute tagattr = new TaggedAttribute(
-                      new INTEGER(bpid++),
-                      OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                            new INTEGER(bpid++),
+                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                     controlSeq.addElement(tagattr);
                 }
 
                 if (failed_bpids.size() > 0) {
                     CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
-                      pending_bpids, (String)null, null);
+                            pending_bpids, (String) null, null);
                     TaggedAttribute tagattr = new TaggedAttribute(
-                      new INTEGER(bpid++),
-                      OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                            new INTEGER(bpid++),
+                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                     controlSeq.addElement(tagattr);
                 }
 
-            } 
+            }
         }
         return bpid;
     }
 
-    private int processTransactionControl(TaggedAttribute attr, 
-      SEQUENCE controlSeq, int bpid) {
+    private int processTransactionControl(TaggedAttribute attr,
+            SEQUENCE controlSeq, int bpid) {
         if (attr != null) {
             SET transIds = attr.getValues();
             if (transIds != null) {
                 TaggedAttribute tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId,
-                  transIds);
+                        new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId,
+                        transIds);
                 controlSeq.addElement(tagattr);
             }
         }
@@ -694,16 +693,16 @@ public class CMCOutputTemplate {
     }
 
     private int processSenderNonceControl(TaggedAttribute attr,
-      SEQUENCE controlSeq, int bpid) {
+            SEQUENCE controlSeq, int bpid) {
         if (attr != null) {
             SET sNonce = attr.getValues();
             if (sNonce != null) {
                 TaggedAttribute tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce,
-                  sNonce);
+                        new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce,
+                        sNonce);
                 controlSeq.addElement(tagattr);
                 Date date = new Date();
-                String salt = "lala123"+date.toString();
+                String salt = "lala123" + date.toString();
                 byte[] dig;
                 try {
                     MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
@@ -714,8 +713,8 @@ public class CMCOutputTemplate {
 
                 String b64E = CMS.BtoA(dig);
                 tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce,
-                  new OCTET_STRING(b64E.getBytes()));
+                        new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce,
+                        new OCTET_STRING(b64E.getBytes()));
                 controlSeq.addElement(tagattr);
             }
         }
@@ -723,29 +722,29 @@ public class CMCOutputTemplate {
         return bpid;
     }
 
-    private int processDataReturnControl(TaggedAttribute attr, 
-      SEQUENCE controlSeq, int bpid) throws InvalidBERException {
+    private int processDataReturnControl(TaggedAttribute attr,
+            SEQUENCE controlSeq, int bpid) throws InvalidBERException {
 
         if (attr != null) {
             SET vals = attr.getValues();
-    
+
             if (vals.size() > 0) {
-                OCTET_STRING str = 
-                  (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(),
-                  ASN1Util.encode(vals.elementAt(0)))); 
+                OCTET_STRING str =
+                        (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(),
+                                ASN1Util.encode(vals.elementAt(0))));
                 TaggedAttribute tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++),
-                  OBJECT_IDENTIFIER.id_cmc_dataReturn, str);
-                controlSeq.addElement(tagattr); 
+                        new INTEGER(bpid++),
+                        OBJECT_IDENTIFIER.id_cmc_dataReturn, str);
+                controlSeq.addElement(tagattr);
             }
-        }      
+        }
 
         return bpid;
     }
 
-    private int processRevokeRequestControl(TaggedAttribute attr, 
-      SEQUENCE controlSeq, int bpid) throws InvalidBERException, EBaseException,
-      IOException {
+    private int processRevokeRequestControl(TaggedAttribute attr,
+            SEQUENCE controlSeq, int bpid) throws InvalidBERException, EBaseException,
+            IOException {
         boolean revoke = false;
         SessionContext context = SessionContext.getContext();
         if (attr != null) {
@@ -754,10 +753,10 @@ public class CMCOutputTemplate {
             SET vals = attr.getValues();
             if (vals.size() > 0) {
                 RevRequest revRequest =
-                  (RevRequest)(ASN1Util.decode(new RevRequest.Template(),
-                  ASN1Util.encode(vals.elementAt(0))));
+                        (RevRequest) (ASN1Util.decode(new RevRequest.Template(),
+                                ASN1Util.encode(vals.elementAt(0))));
                 OCTET_STRING str = revRequest.getSharedSecret();
-                INTEGER pid = attr.getBodyPartID(); 
+                INTEGER pid = attr.getBodyPartID();
                 TaggedAttribute tagattr = null;
                 INTEGER revokeCertSerial = revRequest.getSerialNumber();
                 BigInteger revokeSerial = new BigInteger(revokeCertSerial.toByteArray());
@@ -767,25 +766,25 @@ public class CMCOutputTemplate {
                         needVerify = CMS.getConfigStore().getBoolean("cmc.revokeCert.verify", true);
                     } catch (Exception e) {
                     }
-                    
+
                     if (needVerify) {
-                        Integer num1 = (Integer)context.get("numOfOtherMsgs");
+                        Integer num1 = (Integer) context.get("numOfOtherMsgs");
                         int num = num1.intValue();
-                        for (int i=0; i<num; i++) {
-                            OtherMsg data = (OtherMsg)context.get("otherMsg"+i);
-                            INTEGER dpid = data.getBodyPartID(); 
+                        for (int i = 0; i < num; i++) {
+                            OtherMsg data = (OtherMsg) context.get("otherMsg" + i);
+                            INTEGER dpid = data.getBodyPartID();
                             if (pid.longValue() == dpid.longValue()) {
-                                ANY msgValue = data.getOtherMsgValue(); 
-                                SignedData msgData = 
-                                  (SignedData)msgValue.decodeWith(SignedData.getTemplate());
+                                ANY msgValue = data.getOtherMsgValue();
+                                SignedData msgData =
+                                        (SignedData) msgValue.decodeWith(SignedData.getTemplate());
                                 if (!verifyRevRequestSignature(msgData)) {
                                     OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null);
                                     SEQUENCE failed_bpids = new SEQUENCE();
                                     failed_bpids.addElement(attrbpid);
-                                    cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+                                    cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
                                     tagattr = new TaggedAttribute(
-                                      new INTEGER(bpid++),
-                                      OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                                            new INTEGER(bpid++),
+                                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                                     controlSeq.addElement(tagattr);
                                     return bpid;
                                 }
@@ -794,7 +793,7 @@ public class CMCOutputTemplate {
                     }
 
                     revoke = true;
-                // check shared secret 
+                    // check shared secret 
                 } else {
                     ISharedToken tokenClass = null;
                     boolean sharedSecretFound = true;
@@ -810,15 +809,15 @@ public class CMCOutputTemplate {
                     }
 
                     try {
-                        tokenClass = (ISharedToken)Class.forName(name).newInstance();
+                        tokenClass = (ISharedToken) Class.forName(name).newInstance();
                     } catch (ClassNotFoundException e) {
-                        CMS.debug("EnrollProfile: Failed to find class name: "+name);
+                        CMS.debug("EnrollProfile: Failed to find class name: " + name);
                         sharedSecretFound = false;
                     } catch (InstantiationException e) {
-                        CMS.debug("EnrollProfile: Failed to instantiate class: "+name);
+                        CMS.debug("EnrollProfile: Failed to instantiate class: " + name);
                         sharedSecretFound = false;
                     } catch (IllegalAccessException e) {
-                        CMS.debug("EnrollProfile: Illegal access: "+name);
+                        CMS.debug("EnrollProfile: Illegal access: " + name);
                         sharedSecretFound = false;
                     }
 
@@ -827,10 +826,10 @@ public class CMCOutputTemplate {
                         OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null);
                         SEQUENCE failed_bpids = new SEQUENCE();
                         failed_bpids.addElement(attrbpid);
-                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
                         tagattr = new TaggedAttribute(
-                          new INTEGER(bpid++),
-                          OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                                new INTEGER(bpid++),
+                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                         controlSeq.addElement(tagattr);
                         return bpid;
                     }
@@ -846,10 +845,10 @@ public class CMCOutputTemplate {
                         OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null);
                         SEQUENCE failed_bpids = new SEQUENCE();
                         failed_bpids.addElement(attrbpid);
-                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
                         tagattr = new TaggedAttribute(
-                          new INTEGER(bpid++),
-                          OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                                new INTEGER(bpid++),
+                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                         controlSeq.addElement(tagattr);
                         return bpid;
                     }
@@ -864,23 +863,23 @@ public class CMCOutputTemplate {
                         OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null);
                         SEQUENCE failed_bpids = new SEQUENCE();
                         failed_bpids.addElement(attrbpid);
-                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
                         tagattr = new TaggedAttribute(
-                          new INTEGER(bpid++),
-                          OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                                new INTEGER(bpid++),
+                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                         controlSeq.addElement(tagattr);
                         return bpid;
                     }
-                } 
+                }
 
                 if (revoke) {
-                    ICertificateAuthority ca  = (ICertificateAuthority)CMS.getSubsystem("ca");
-                    ICertificateRepository repository = (ICertificateRepository)ca.getCertificateRepository();
+                    ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
+                    ICertificateRepository repository = (ICertificateRepository) ca.getCertificateRepository();
                     ICertRecord record = null;
                     try {
                         record = repository.readCertificateRecord(revokeSerial);
                     } catch (EBaseException ee) {
-                        CMS.debug("CMCOutputTemplate: Exception: "+ee.toString());
+                        CMS.debug("CMCOutputTemplate: Exception: " + ee.toString());
                     }
 
                     if (record == null) {
@@ -888,10 +887,10 @@ public class CMCOutputTemplate {
                         OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_CERT_ID), null);
                         SEQUENCE failed_bpids = new SEQUENCE();
                         failed_bpids.addElement(attrbpid);
-                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
                         tagattr = new TaggedAttribute(
-                          new INTEGER(bpid++),
-                          OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                                new INTEGER(bpid++),
+                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                         controlSeq.addElement(tagattr);
                         return bpid;
                     }
@@ -901,10 +900,10 @@ public class CMCOutputTemplate {
                         SEQUENCE success_bpids = new SEQUENCE();
                         success_bpids.addElement(attrbpid);
                         cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
-                          success_bpids, (String)null, null);
+                                success_bpids, (String) null, null);
                         tagattr = new TaggedAttribute(
-                          new INTEGER(bpid++),
-                          OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                                new INTEGER(bpid++),
+                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                         controlSeq.addElement(tagattr);
                         return bpid;
                     }
@@ -928,7 +927,7 @@ public class CMCOutputTemplate {
                     RevokedCertImpl revCertImpl = new RevokedCertImpl(impl.getSerialNumber(), CMS.getCurrentDate(), entryExtn);
                     RevokedCertImpl[] revCertImpls = new RevokedCertImpl[1];
                     revCertImpls[0] = revCertImpl;
-                    IRequestQueue queue =  ca.getRequestQueue();
+                    IRequestQueue queue = ca.getRequestQueue();
                     IRequest revReq = queue.newRequest(IRequest.REVOCATION_REQUEST);
                     revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
                     revReq.setExtData(IRequest.REVOKED_REASON,
@@ -941,17 +940,17 @@ public class CMCOutputTemplate {
                     RequestStatus stat = revReq.getRequestStatus();
                     if (stat == RequestStatus.COMPLETE) {
                         Integer result = revReq.getExtDataInInteger(IRequest.RESULT);
-                        CMS.debug("CMCOutputTemplate: revReq result = "+result);
+                        CMS.debug("CMCOutputTemplate: revReq result = " + result);
                         if (result.equals(IRequest.RES_ERROR)) {
                             CMS.debug("CMCOutputTemplate: revReq exception: " +
                                     revReq.getExtDataInString(IRequest.ERROR));
                             OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_REQUEST), null);
                             SEQUENCE failed_bpids = new SEQUENCE();
                             failed_bpids.addElement(attrbpid);
-                            cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+                            cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
                             tagattr = new TaggedAttribute(
-                              new INTEGER(bpid++),
-                              OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                                    new INTEGER(bpid++),
+                                    OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                             controlSeq.addElement(tagattr);
                             return bpid;
                         }
@@ -960,36 +959,36 @@ public class CMCOutputTemplate {
                     ILogger logger = CMS.getLogger();
                     String initiative = AuditFormat.FROMUSER;
                     logger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL,
-                      AuditFormat.DOREVOKEFORMAT, new Object[] {
-                      revReq.getRequestId(), initiative, "completed",
-                      impl.getSubjectDN(), 
-                      impl.getSerialNumber().toString(16),
-                      reason.toString()});
+                            AuditFormat.DOREVOKEFORMAT, new Object[] {
+                                    revReq.getRequestId(), initiative, "completed",
+                                    impl.getSubjectDN(),
+                                    impl.getSerialNumber().toString(16),
+                                    reason.toString() });
                     CMS.debug("CMCOutputTemplate: Certificate get revoked.");
                     SEQUENCE success_bpids = new SEQUENCE();
                     success_bpids.addElement(attrbpid);
                     cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
-                      success_bpids, (String)null, null);
+                            success_bpids, (String) null, null);
                     tagattr = new TaggedAttribute(
-                      new INTEGER(bpid++),
-                      OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                            new INTEGER(bpid++),
+                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                     controlSeq.addElement(tagattr);
                     return bpid;
                 } else {
                     OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null);
                     SEQUENCE failed_bpids = new SEQUENCE();
                     failed_bpids.addElement(attrbpid);
-                    cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+                    cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
                     tagattr = new TaggedAttribute(
-                      new INTEGER(bpid++),
-                      OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                            new INTEGER(bpid++),
+                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                     controlSeq.addElement(tagattr);
                     return bpid;
                 }
             }
         }
 
-        return bpid; 
+        return bpid;
     }
 
     private RevocationReason toRevocationReason(ENUMERATED n) {
@@ -998,7 +997,7 @@ public class CMCOutputTemplate {
             return RevocationReason.UNSPECIFIED;
         else if (code == RevRequest.affiliationChanged.getValue())
             return RevocationReason.AFFILIATION_CHANGED;
-        else if (code == RevRequest.cACompromise.getValue()) 
+        else if (code == RevRequest.cACompromise.getValue())
             return RevocationReason.CA_COMPROMISE;
         else if (code == RevRequest.certificateHold.getValue())
             return RevocationReason.CERTIFICATE_HOLD;
@@ -1022,33 +1021,33 @@ public class CMCOutputTemplate {
             EncapsulatedContentInfo ci = msgData.getContentInfo();
             OCTET_STRING content = ci.getContent();
             ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
-            TaggedAttribute tattr = (TaggedAttribute)(new TaggedAttribute.Template()).decode(s);
+            TaggedAttribute tattr = (TaggedAttribute) (new TaggedAttribute.Template()).decode(s);
             SET values = tattr.getValues();
             RevRequest revRequest = null;
             if (values != null && values.size() > 0)
                 revRequest =
-                  (RevRequest)(ASN1Util.decode(new RevRequest.Template(),
-                  ASN1Util.encode(values.elementAt(0))));
+                        (RevRequest) (ASN1Util.decode(new RevRequest.Template(),
+                                ASN1Util.encode(values.elementAt(0))));
 
             SET dias = msgData.getDigestAlgorithmIdentifiers();
             int numDig = dias.size();
             Hashtable<String, byte[]> digs = new Hashtable<String, byte[]>();
-            for (int i=0; i<numDig; i++) {
+            for (int i = 0; i < numDig; i++) {
                 AlgorithmIdentifier dai =
-                  (AlgorithmIdentifier) dias.elementAt(i);
+                        (AlgorithmIdentifier) dias.elementAt(i);
                 String name =
-                  DigestAlgorithm.fromOID(dai.getOID()).toString();
+                        DigestAlgorithm.fromOID(dai.getOID()).toString();
                 MessageDigest md =
-                  MessageDigest.getInstance(name);
+                        MessageDigest.getInstance(name);
                 byte[] digest = md.digest(content.toByteArray());
                 digs.put(name, digest);
             }
 
             SET sis = msgData.getSignerInfos();
-            int numSis = sis.size(); 
-            for (int i=0; i<numSis; i++) {
+            int numSis = sis.size();
+            for (int i = 0; i < numSis; i++) {
                 org.mozilla.jss.pkix.cms.SignerInfo si =
-                  (org.mozilla.jss.pkix.cms.SignerInfo)sis.elementAt(i);
+                        (org.mozilla.jss.pkix.cms.SignerInfo) sis.elementAt(i);
                 String name = si.getDigestAlgorithm().toString();
                 byte[] digest = digs.get(name);
                 if (digest == null) {
@@ -1060,21 +1059,21 @@ public class CMCOutputTemplate {
                 SignerIdentifier sid = si.getSignerIdentifier();
                 if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
                     org.mozilla.jss.pkix.cms.IssuerAndSerialNumber issuerAndSerialNumber =
-                      sid.getIssuerAndSerialNumber();
+                            sid.getIssuerAndSerialNumber();
                     java.security.cert.X509Certificate cert = null;
                     if (msgData.hasCertificates()) {
                         SET certs = msgData.getCertificates();
                         int numCerts = certs.size();
-                        for (int j=0; j<numCerts; j++) {
+                        for (int j = 0; j < numCerts; j++) {
                             org.mozilla.jss.pkix.cert.Certificate certJss =
-                              (Certificate) certs.elementAt(j);
-                            org.mozilla.jss.pkix.cert.CertificateInfo certI = 
-                              certJss.getInfo();
+                                    (Certificate) certs.elementAt(j);
+                            org.mozilla.jss.pkix.cert.CertificateInfo certI =
+                                    certJss.getInfo();
                             Name issuer = certI.getIssuer();
                             byte[] issuerB = ASN1Util.encode(issuer);
                             INTEGER sn = certI.getSerialNumber();
                             if (new String(issuerB).equalsIgnoreCase(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) &&
-                              sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
+                                    sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
                                 ByteArrayOutputStream os = new ByteArrayOutputStream();
                                 certJss.encode(os);
                                 cert = new X509CertImpl(os.toByteArray());
@@ -1082,23 +1081,23 @@ public class CMCOutputTemplate {
                             }
                         }
                     }
-    
+
                     if (cert != null) {
                         PublicKey pbKey = cert.getPublicKey();
-                        String type = ((X509Key)pbKey).getAlgorithm();
+                        String type = ((X509Key) pbKey).getAlgorithm();
                         PrivateKey.Type kType = PrivateKey.RSA;
                         if (type.equals("DSA"))
                             kType = PrivateKey.DSA;
-                        PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key)pbKey).getKey());
+                        PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key) pbKey).getKey());
                         si.verify(digest, ci.getContentType(), pubK);
                         return true;
                     }
-                } 
-            } 
-             
+                }
+            }
+
             return false;
         } catch (Exception e) {
-            CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: " + e.toString());
             return false;
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java
index 7f89297c..4d7c4cdd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
@@ -27,10 +26,9 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * CMSFile represents a file from the filesystem cached in memory
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSFile {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java
index bf4c3cf6..9a91cb72 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.io.File;
 import java.io.IOException;
 import java.util.Enumeration;
@@ -26,10 +25,9 @@ import java.util.Hashtable;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
-
 /**
  * CMSFileLoader - file cache.
- *
+ * 
  * @version $Revision$, $Date$
  */
 
@@ -52,7 +50,7 @@ public class CMSFileLoader {
     private int mMaxSize = MAX_SIZE;
 
     // number of files to clear when max is reached.
-    private int mClearSize = CLEAR_SIZE;  
+    private int mClearSize = CLEAR_SIZE;
 
     // whether to cache templates and forms only.
     private boolean mCacheTemplatesOnly = true;
@@ -63,7 +61,7 @@ public class CMSFileLoader {
     public void init(IConfigStore config) throws EBaseException {
         mMaxSize = config.getInteger(PROP_MAX_SIZE, MAX_SIZE);
         mClearSize = config.getInteger(PROP_CLEAR_SIZE, CLEAR_SIZE);
-        mCacheTemplatesOnly = 
+        mCacheTemplatesOnly =
                 config.getBoolean(PROP_CACHE_TEMPLATES_ONLY, true);
     }
 
@@ -103,7 +101,7 @@ public class CMSFileLoader {
         if (cmsFile == null || modified != lastModified) {
             // Changed by bskim
             //cmsFile = updateFile(absPath, file); 
-            cmsFile = updateFile(absPath, file, enc); 
+            cmsFile = updateFile(absPath, file, enc);
             // Change end
         }
         cmsFile.setLastAccess(System.currentTimeMillis());
@@ -112,9 +110,9 @@ public class CMSFileLoader {
 
     // Changed by bskim
     //private CMSFile updateFile(String absPath, File file) 
-    private CMSFile updateFile(String absPath, File file, String enc) 
-        // Change end
-        throws EBaseException, IOException {
+    private CMSFile updateFile(String absPath, File file, String enc)
+            // Change end
+            throws EBaseException, IOException {
         // clear if cache size exceeded.
         if (mLoadedFiles.size() >= mMaxSize) {
             clearSomeFiles();
@@ -131,18 +129,18 @@ public class CMSFileLoader {
         } else {
             cmsFile = new CMSFile(file);
         }
-        mLoadedFiles.put(absPath, cmsFile);  // replace old one if any.
+        mLoadedFiles.put(absPath, cmsFile); // replace old one if any.
         return cmsFile;
     }
 
     private synchronized void clearSomeFiles() {
 
         // recheck this in case some other thread has cleared it.
-        if (mLoadedFiles.size() < mMaxSize) 
+        if (mLoadedFiles.size() < mMaxSize)
             return;
 
-            // remove the LRU files.
-            // XXX could be optimized more.
+        // remove the LRU files.
+        // XXX could be optimized more.
         Enumeration elements = mLoadedFiles.elements();
 
         for (int i = mClearSize; i > 0; i--) {
@@ -160,4 +158,3 @@ public class CMSFileLoader {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java
index a76b1c75..7ae242ae 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for cms gateway.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  * @see java.util.ListResourceBundle
  */
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java
index b5c6e3c7..74d46bad 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.io.File;
 import java.io.IOException;
 import java.security.cert.X509Certificate;
@@ -41,10 +40,9 @@ import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This class is to hold some general method for servlets.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSGateway {
@@ -52,8 +50,8 @@ public class CMSGateway {
     private final static String PROP_ENABLE_ADMIN_ENROLL = "enableAdminEnroll";
 
     private final static String PROP_SERVER_XML = "server.xml";
-    public static final String CERT_ATTR = 
-        "javax.servlet.request.X509Certificate";
+    public static final String CERT_ATTR =
+            "javax.servlet.request.X509Certificate";
 
     protected static CMSFileLoader mFileLoader = new CMSFileLoader();
 
@@ -68,11 +66,11 @@ public class CMSGateway {
         mEnableFileServing = true;
         mConfig = CMS.getConfigStore().getSubStore(PROP_CMSGATEWAY);
         try {
-            mEnableAdminEnroll = 
+            mEnableAdminEnroll =
                     mConfig.getBoolean(PROP_ENABLE_ADMIN_ENROLL, false);
         } catch (EBaseException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM"));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM"));
         }
     }
 
@@ -88,7 +86,7 @@ public class CMSGateway {
 
             httpReqHash.put(name, req.getParameter(name));
         }
-        
+
         String ip = req.getRemoteAddr();
         if (ip != null)
             httpReqHash.put("clientHost", ip);
@@ -99,8 +97,8 @@ public class CMSGateway {
         return mEnableAdminEnroll;
     }
 
-    public static void setEnableAdminEnroll(boolean enableAdminEnroll) 
-        throws EBaseException {
+    public static void setEnableAdminEnroll(boolean enableAdminEnroll)
+            throws EBaseException {
         IConfigStore mainConfig = CMS.getConfigStore();
 
         //!!! Is it thread safe? xxxx
@@ -123,14 +121,14 @@ public class CMSGateway {
      * manager.
      */
     public static AuthCredentials getAuthCreds(
-        IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert)
-        throws EBaseException {
+            IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert)
+            throws EBaseException {
         // get credentials from http parameters.
         if (authMgr == null)
-          return null;
+            return null;
         String[] reqCreds = authMgr.getRequiredCreds();
         AuthCredentials creds = new AuthCredentials();
-        
+
         if (clientCert instanceof java.security.cert.X509Certificate) {
             try {
                 clientCert = new netscape.security.x509.X509CertImpl(clientCert.getEncoded());
@@ -144,8 +142,8 @@ public class CMSGateway {
 
             if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) {
                 // cert could be null;
-                creds.set(reqCred, new X509Certificate[] { clientCert}
-                );
+                creds.set(reqCred, new X509Certificate[] { clientCert }
+                        );
             } else {
                 String value = argBlock.getValueAsString(reqCred);
 
@@ -163,9 +161,9 @@ public class CMSGateway {
     protected final static String AUTHMGR_PARAM = "authenticator";
 
     public static AuthToken checkAuthManager(
-        HttpServletRequest httpReq, IArgBlock httpParams, 
-        X509Certificate cert, String authMgrName)
-        throws EBaseException {
+            HttpServletRequest httpReq, IArgBlock httpParams,
+            X509Certificate cert, String authMgrName)
+            throws EBaseException {
         IArgBlock httpArgs = httpParams;
 
         if (httpArgs == null)
@@ -181,43 +179,43 @@ public class CMSGateway {
         }
 
         if (authMgrName == null || authMgrName.length() == 0) {
-            throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1", 
+            throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1",
                         CMS.getLogMessage("CMSGW_AUTH_MAN_EXPECTED")));
         }
-		
-        IAuthManager authMgr = 
-            authSub.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
+
+        IAuthManager authMgr =
+                authSub.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
 
         authMgr = authSub.getAuthManager(authMgrName);
         if (authMgr == null)
             return null;
-        IAuthCredentials creds = 
-            getAuthCreds(authMgr, CMS.createArgBlock(toHashtable(httpReq)), cert);
+        IAuthCredentials creds =
+                getAuthCreds(authMgr, CMS.createArgBlock(toHashtable(httpReq)), cert);
         AuthToken authToken = null;
 
         try {
-            authToken = (AuthToken) authMgr.authenticate(creds);	
+            authToken = (AuthToken) authMgr.authenticate(creds);
         } catch (EBaseException e) {
             throw e;
         } catch (Exception e) {
             CMS.debug("CMSGateway: " + e);
             // catch all errors from authentication manager.
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2", 
+            throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2",
                         e.toString(), e.getMessage()));
         }
         return authToken;
     }
 
     public static void renderTemplate(
-        String templateName, 
-        HttpServletRequest req, 
-        HttpServletResponse resp,
-        ServletConfig servletConfig, 
-        CMSFileLoader fileLoader)
-        throws EBaseException, IOException {
-        CMSTemplate template = 
-            getTemplate(templateName, req, 
-                servletConfig, fileLoader, new Locale[1]);
+            String templateName,
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            ServletConfig servletConfig,
+            CMSFileLoader fileLoader)
+            throws EBaseException, IOException {
+        CMSTemplate template =
+                getTemplate(templateName, req,
+                        servletConfig, fileLoader, new Locale[1]);
         ServletOutputStream out = resp.getOutputStream();
 
         template.renderOutput(out, new CMSTemplateParams(null, null));
@@ -240,8 +238,8 @@ public class CMSGateway {
      * @param locale array of at least one to be filled with locale found.
      */
     public static File getLangFile(
-        HttpServletRequest req, File realpathFile, Locale[] locale)
-        throws IOException {
+            HttpServletRequest req, File realpathFile, Locale[] locale)
+            throws IOException {
         File file = null;
         String acceptLang = req.getHeader("accept-language");
 
@@ -258,7 +256,7 @@ public class CMSGateway {
                 }
                 String name = realpathFile.getName();
 
-                if (name == null) {  // filename should never be null.
+                if (name == null) { // filename should never be null.
                     throw new IOException("file has no name");
                 }
                 int i;
@@ -287,8 +285,8 @@ public class CMSGateway {
                     }
 
                     String langfilepath =
-                        parent + File.separatorChar +
-                        lang + File.separatorChar + name;
+                            parent + File.separatorChar +
+                                    lang + File.separatorChar + name;
 
                     file = new File(langfilepath);
                     if (file.exists()) {
@@ -311,54 +309,54 @@ public class CMSGateway {
     }
 
     /**
-     * get a template 
+     * get a template
      */
     protected static CMSTemplate getTemplate(
-        String templateName, 
-        HttpServletRequest httpReq, 
-        ServletConfig servletConfig, 
-        CMSFileLoader fileLoader, 
-        Locale[] locale)
-        throws EBaseException, IOException {
+            String templateName,
+            HttpServletRequest httpReq,
+            ServletConfig servletConfig,
+            CMSFileLoader fileLoader,
+            Locale[] locale)
+            throws EBaseException, IOException {
         // this converts to system dependent file seperator char.
         if (servletConfig == null) {
-	        CMS.debug( "CMSGateway:getTemplate() - servletConfig is null!" );
+            CMS.debug("CMSGateway:getTemplate() - servletConfig is null!");
             return null;
         }
         if (servletConfig.getServletContext() == null) {
         }
         if (templateName == null) {
         }
-        String realpath = 
-            servletConfig.getServletContext().getRealPath("/" + templateName);
+        String realpath =
+                servletConfig.getServletContext().getRealPath("/" + templateName);
         File realpathFile = new File(realpath);
-        File templateFile = 
-            getLangFile(httpReq, realpathFile, locale);
-        CMSTemplate template = 
-            //(CMSTemplate)fileLoader.getCMSFile(templateFile);
-            (CMSTemplate) fileLoader.getCMSFile(templateFile, httpReq.getCharacterEncoding());
+        File templateFile =
+                getLangFile(httpReq, realpathFile, locale);
+        CMSTemplate template =
+                //(CMSTemplate)fileLoader.getCMSFile(templateFile);
+                (CMSTemplate) fileLoader.getCMSFile(templateFile, httpReq.getCharacterEncoding());
 
         return template;
     }
 
     /**
      * Get the If-Modified-Since header and compare it to the millisecond
-     * epoch value passed in.  If there is no header, or there is a problem
-     * parsing the value, or if the file has been modified this will return 
+     * epoch value passed in. If there is no header, or there is a problem
+     * parsing the value, or if the file has been modified this will return
      * true, indicating the file has changed.
-     *
+     * 
      * @param lastModified The time value in milliseconds past the epoch to
-     * compare the If-Modified-Since header to.
+     *            compare the If-Modified-Since header to.
      */
     public static boolean modifiedSince(HttpServletRequest req, long lastModified) {
         long ifModSinceStr;
 
         try {
             ifModSinceStr = req.getDateHeader("If-Modified-Since");
-        }catch (IllegalArgumentException e) {
+        } catch (IllegalArgumentException e) {
             return true;
         }
-			
+
         if (ifModSinceStr < 0) {
             return true;
         }
@@ -371,4 +369,3 @@ public class CMSGateway {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java
index ca5abf03..62276df1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java
@@ -17,12 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
-
-
 /**
- * handy class containing cms templates to load & fill. 
- *
+ * handy class containing cms templates to load & fill.
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSLoadTemplate {
@@ -35,9 +32,9 @@ public class CMSLoadTemplate {
     }
 
     public CMSLoadTemplate(
-        String propName, String fillerPropName, 
-        String templateName, ICMSTemplateFiller filler) {
-		
+            String propName, String fillerPropName,
+            String templateName, ICMSTemplateFiller filler) {
+
         mPropName = propName;
         mFillerPropName = fillerPropName;
         mTemplateName = templateName;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java
index 27f1d3a5..822d8a0d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.util.Hashtable;
 import java.util.Vector;
 
@@ -35,7 +34,7 @@ import com.netscape.certsrv.request.RequestStatus;
 
 /**
  * This represents a user request.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSRequest {
@@ -72,7 +71,7 @@ public class CMSRequest {
     private IRequest mRequest = null;
 
     // whether request processed successfully
-    private Integer mStatus = SUCCESS; 
+    private Integer mStatus = SUCCESS;
 
     // exception message containing error that occured.
     // note exception could also be thrown seperately.
@@ -85,7 +84,7 @@ public class CMSRequest {
     Object mResult = null;
     Hashtable mResults = new Hashtable();
 
-	/**
+    /**
      * Constructor
      */
     public CMSRequest() {
@@ -133,7 +132,7 @@ public class CMSRequest {
         mServletConfig = servletConfig;
     }
 
-	/* 
+    /* 
      * set the servlet context. the servletcontext has detail
      * about the currently running request
      */
@@ -141,20 +140,21 @@ public class CMSRequest {
         mServletContext = servletContext;
     }
 
-	/**
-	 * Set request status. 
-	 * @param status request status. Allowed values are
-     * UNAUTHORIZED, SUCCESS, REJECTED, PENDING,  ERROR, SVC_PENDING
+    /**
+     * Set request status.
+     * 
+     * @param status request status. Allowed values are
+     *            UNAUTHORIZED, SUCCESS, REJECTED, PENDING, ERROR, SVC_PENDING
      * @throws IllegalArgumentException if status is not one of the above values
      */
     public void setStatus(Integer status) {
-        if ( !status.equals( UNAUTHORIZED ) && 
-             !status.equals( SUCCESS )      &&
-             !status.equals( REJECTED )     && 
-             !status.equals( PENDING )      &&
-             !status.equals( ERROR )        && 
-             !status.equals( SVC_PENDING )  &&
-             !status.equals( EXCEPTION ) ) { 
+        if (!status.equals(UNAUTHORIZED) &&
+                !status.equals(SUCCESS) &&
+                !status.equals(REJECTED) &&
+                !status.equals(PENDING) &&
+                !status.equals(ERROR) &&
+                !status.equals(SVC_PENDING) &&
+                !status.equals(EXCEPTION)) {
             throw new IllegalArgumentException(CMS.getLogMessage("CMSGW_BAD_REQ_STATUS"));
         }
         mStatus = status;
@@ -169,9 +169,9 @@ public class CMSRequest {
     }
 
     public void setErrorDescription(String descr) {
-        if (mErrorDescr == null) 
+        if (mErrorDescr == null)
             mErrorDescr = new Vector();
-        mErrorDescr.addElement(descr); 
+        mErrorDescr.addElement(descr);
     }
 
     public void setResult(Object result) {
@@ -259,13 +259,13 @@ public class CMSRequest {
         return null;
     }
 
-    /** 
-     * set default CMS status according to IRequest status. 
+    /**
+     * set default CMS status according to IRequest status.
      */
     public void setIRequestStatus() throws EBaseException {
         if (mRequest == null) {
-            EBaseException e = 
-                new ECMSGWException(CMS.getLogMessage("CMSGW_MISSING_REQUEST"));
+            EBaseException e =
+                    new ECMSGWException(CMS.getLogMessage("CMSGW_MISSING_REQUEST"));
 
             throw e;
         }
@@ -292,8 +292,8 @@ public class CMSRequest {
             RequestId reqId = mRequest.getRequestId();
 
             throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_UNEXPECTED_REQUEST_STATUS_2", 
-                        status.toString(), reqId.toString()));
+                    CMS.getLogMessage("CMSGW_UNEXPECTED_REQUEST_STATUS_2",
+                            status.toString(), reqId.toString()));
         }
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
index b90278fa..4625fb79 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileInputStream;
@@ -39,14 +38,13 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
- * File templates. This implementation will take 
+ * File templates. This implementation will take
  * an HTML file with a special customer tag
  * &lt;CMS_TEMPLATE&gt; and replace the tag with
  * a series of javascript variable definitions
  * (depending on the servlet)
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSTemplate extends CMSFile {
@@ -68,7 +66,7 @@ public class CMSTemplate extends CMSFile {
     public static final String TEMPLATE_TAG = "<CMS_TEMPLATE>";
 
     /* Character set for i18n */
-    
+
     /* Will be set by CMSServlet.getTemplate() */
     private String mCharset = null;
 
@@ -78,9 +76,10 @@ public class CMSTemplate extends CMSFile {
 
     /**
      * Constructor
+     * 
      * @param file template file to load
      * @param charset character set
-	 * @throws IOException if the there was an error opening the file
+     * @throws IOException if the there was an error opening the file
      */
     public CMSTemplate(File file, String charset) throws IOException, EBaseException {
         mCharset = charset;
@@ -89,8 +88,8 @@ public class CMSTemplate extends CMSFile {
         try {
             init(file);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, e.toString()));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_LOADING_TEMPLATE"));
         }
@@ -137,8 +136,8 @@ public class CMSTemplate extends CMSFile {
             log(ILogger.LL_FAILURE, CMS.getLogMessage(
                     "CMSGW_TEMPLATE_MISSING", mAbsPath, TEMPLATE_TAG));
             throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_MISSING_TEMPLATE_TAG_2", 
-                        TEMPLATE_TAG, mAbsPath));
+                    CMS.getLogMessage("CMSGW_MISSING_TEMPLATE_TAG_2",
+                            TEMPLATE_TAG, mAbsPath));
         }
         mPreOutput = content.substring(0, location);
         mPostOutput = content.substring(TEMPLATE_TAG.length() + location);
@@ -146,16 +145,17 @@ public class CMSTemplate extends CMSFile {
         return true;
     }
 
-	/**
-	 * Write a javascript representation of 'input' 
+    /**
+     * Write a javascript representation of 'input'
      * surrounded by SCRIPT tags to the outputstream
+     * 
      * @param rout the outputstream to write to
      * @param input the parameters to write
      */
     public void renderOutput(OutputStream rout, CMSTemplateParams input)
-        throws IOException {
+            throws IOException {
         Enumeration<String> e = null;
-        Enumeration<IArgBlock>  q = null;
+        Enumeration<IArgBlock> q = null;
         IArgBlock r = null;
         boolean headerBlock = false, fixedBlock = false, queryBlock = false;
         CMSTemplateParams data = (CMSTemplateParams) input;
@@ -165,7 +165,7 @@ public class CMSTemplate extends CMSFile {
             http_out = new HTTPOutputStreamWriter(rout);
         else
             http_out = new HTTPOutputStreamWriter(rout, mCharset);
-        
+
         try {
             templateLine out = new templateLine();
 
@@ -194,7 +194,7 @@ public class CMSTemplate extends CMSFile {
                 e = r.elements();
                 while (e.hasMoreElements()) {
                     headerBlock = true;
-                    String n =  e.nextElement();
+                    String n = e.nextElement();
                     Object v = r.getValue(n);
 
                     out.println("header." + n + " = " + renderValue(v) + ";");
@@ -228,7 +228,7 @@ public class CMSTemplate extends CMSFile {
                     out.println("record.SERVER_ATTRS = new Array;");
 
                     // Get a query record
-                    r =  q.nextElement();
+                    r = q.nextElement();
                     e = r.elements();
                     while (e.hasMoreElements()) {
                         String n = e.nextElement();
@@ -259,7 +259,7 @@ public class CMSTemplate extends CMSFile {
     /**
      * Ouput the pre-amble HTML Header including
      * the pre-output buffer.
-     *
+     * 
      * @param out output stream specified
      * @return success or error
      */
@@ -281,7 +281,7 @@ public class CMSTemplate extends CMSFile {
     /**
      * Output the post HTML tags and post-output
      * buffer.
-     *
+     * 
      * @param out output stream specified
      * @return success or error
      */
@@ -313,7 +313,8 @@ public class CMSTemplate extends CMSFile {
 
         /* create input stream, can throw IOException */
         FileInputStream inStream = new FileInputStream(template);
-        InputStreamReader inReader = new InputStreamReader(inStream, mCharset);;
+        InputStreamReader inReader = new InputStreamReader(inStream, mCharset);
+        ;
         BufferedReader in = new BufferedReader(inReader);
         StringBuffer buf = new StringBuffer();
         String line;
@@ -326,8 +327,8 @@ public class CMSTemplate extends CMSFile {
             in.close();
             inStream.close();
         } catch (IOException e) {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, e.getMessage()));
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, e.getMessage()));
         }
         return buf.toString();
     }
@@ -354,8 +355,8 @@ public class CMSTemplate extends CMSFile {
             }
         } else if (v instanceof BigInteger) {
             s = ((BigInteger) v).toString(10);
-        } else if (v instanceof Character && 
-            ((Character) v).equals(Character.valueOf((char) 0))) {
+        } else if (v instanceof Character &&
+                ((Character) v).equals(Character.valueOf((char) 0))) {
             s = "null";
         } else {
             s = "\"" + v.toString() + "\"";
@@ -381,25 +382,25 @@ public class CMSTemplate extends CMSFile {
         for (int i = 0; i < l; i++) {
             char c = in[i];
 
-            if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) {
+            if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) {
                 out[j++] = c;
                 continue;
             }
 
-            if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' ||
-                 in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' ||
-                 in[i+1] == '<' || in[i+1] == '>' ||
-                 in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) {
-                if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' &&
-                    (in[i+3] == 'c' || in[i+3] == 'e')) {
+            if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' ||
+                    in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' ||
+                    in[i + 1] == '<' || in[i + 1] == '>' ||
+                    in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
+                if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' &&
+                        (in[i + 3] == 'c' || in[i + 3] == 'e')) {
                     out[j++] = '\\';
-                    out[j++] = in[i+1];
-                    out[j++] = in[i+2];
-                    out[j++] = in[i+3];
+                    out[j++] = in[i + 1];
+                    out[j++] = in[i + 2];
+                    out[j++] = in[i + 3];
                     i += 3;
-                } else { 
+                } else {
                     out[j++] = '\\';
-                    out[j++] = in[i+1];
+                    out[j++] = in[i + 1];
                     i++;
                 }
                 continue;
@@ -457,9 +458,9 @@ public class CMSTemplate extends CMSFile {
         return new String(out, 0, j);
     }
 
-    /** 
-     * Like escapeJavaScriptString(String s) but also escape '[' for 
-     * HTML processing. 
+    /**
+     * Like escapeJavaScriptString(String s) but also escape '[' for
+     * HTML processing.
      */
     public static String escapeJavaScriptStringHTML(String v) {
         int l = v.length();
@@ -477,20 +478,20 @@ public class CMSTemplate extends CMSFile {
                 continue;
             }
 
-            if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' ||
-                 in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' ||
-                 in[i+1] == '<' || in[i+1] == '>' ||
-                 in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) {
-                if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' &&
-                    (in[i+3] == 'c' || in[i+3] == 'e')) {
+            if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' ||
+                    in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' ||
+                    in[i + 1] == '<' || in[i + 1] == '>' ||
+                    in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
+                if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' &&
+                        (in[i + 3] == 'c' || in[i + 3] == 'e')) {
                     out[j++] = '\\';
-                    out[j++] = in[i+1];
-                    out[j++] = in[i+2];
-                    out[j++] = in[i+3];
+                    out[j++] = in[i + 1];
+                    out[j++] = in[i + 2];
+                    out[j++] = in[i + 3];
                     i += 3;
-                } else { 
+                } else {
                     out[j++] = '\\';
-                    out[j++] = in[i+1];
+                    out[j++] = in[i + 1];
                     i++;
                 }
                 continue;
@@ -551,25 +552,24 @@ public class CMSTemplate extends CMSFile {
      * for debugging, return contents that would've been outputed.
      */
     public String getOutput(CMSTemplateParams input)
-        throws IOException {
+            throws IOException {
         debugOutputStream out = new debugOutputStream();
 
         renderOutput(out, input);
         return out.toString();
     }
 
-    private
-    class HTTPOutputStreamWriter extends OutputStreamWriter {
+    private class HTTPOutputStreamWriter extends OutputStreamWriter {
         public HTTPOutputStreamWriter(OutputStream out)
-            throws UnsupportedEncodingException {
+                throws UnsupportedEncodingException {
             super(out);
         }
-    
+
         public HTTPOutputStreamWriter(OutputStream out, String enc)
-            throws UnsupportedEncodingException {
+                throws UnsupportedEncodingException {
             super(out, enc);
         }
-    
+
         public void print(String s) throws IOException {
             write(s, 0, s.length());
             flush();
@@ -577,9 +577,9 @@ public class CMSTemplate extends CMSFile {
         }
     }
 
-
     private class templateLine {
         private StringBuffer s = new StringBuffer();
+
         void println(String p) {
             s.append('\n');
             s.append(p);
@@ -595,7 +595,6 @@ public class CMSTemplate extends CMSFile {
 
     }
 
-
     private static class debugOutputStream extends ServletOutputStream {
         private StringWriter mStringWriter = new StringWriter();
 
@@ -604,7 +603,7 @@ public class CMSTemplate extends CMSFile {
         }
 
         public void write(int b) throws IOException {
-            mStringWriter.write(b);			
+            mStringWriter.write(b);
         }
 
         public String toString() {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java
index 4f8cfc2a..ce2c26c3 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
 import com.netscape.certsrv.base.IArgBlock;
 
-
 /**
  * Holds template parameters
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSTemplateParams {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java
index 0cd1102d..e8b848f7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class represents a CMS gateway exception.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ECMSGWException extends EBaseException {
@@ -36,7 +34,7 @@ public class ECMSGWException extends EBaseException {
     /**
      * CA resource class name.
      */
-    private static final String CMSGW_RESOURCES = CMSGWResources.class.getName();		
+    private static final String CMSGW_RESOURCES = CMSGWResources.class.getName();
 
     /**
      * Constructs a CMS Gateway exception.
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java
index 6debd2c7..1c7d61c9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java
@@ -16,7 +16,6 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
- 
 
 import java.util.Enumeration;
 import java.util.Locale;
@@ -27,10 +26,9 @@ import com.netscape.certsrv.authority.IAuthority;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
 
-
 /**
- * Default error template filler 
- *
+ * Default error template filler
+ * 
  * @version $Revision$, $Date$
  */
 public class GenErrorTemplateFiller implements ICMSTemplateFiller {
@@ -38,14 +36,15 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller {
     }
 
     /**
-     * fill error details and description if any. 
+     * fill error details and description if any.
+     * 
      * @param cmsReq the CMS Request.
      * @param authority the authority
      * @param locale the locale of template.
      * @param e unexpected error. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(null, fixed);
 
@@ -53,14 +52,14 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller {
         if (cmsReq != null) {
             Integer sts = cmsReq.getStatus();
 
-            if (sts != null) 
+            if (sts != null)
                 fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
         } else {
-            CMS.debug( "GenErrorTemplateFiller::getTemplateParams() - " +
-                       "cmsReq is null!" );
+            CMS.debug("GenErrorTemplateFiller::getTemplateParams() - " +
+                       "cmsReq is null!");
             return null;
         }
-		
+
         // error 
         String ex = cmsReq.getError();
 
@@ -75,9 +74,9 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller {
             fixed.set(ICMSTemplateFiller.ERROR, ex);
         else if (cmsReq.getReason() != null)
             fixed.set(ICMSTemplateFiller.ERROR, cmsReq.getReason());
-            // Change end
-        
-            // error description if any.
+        // Change end
+
+        // error description if any.
         Vector descr = cmsReq.getErrorDescr();
 
         if (descr != null) {
@@ -88,17 +87,16 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller {
                 //System.out.println("Setting description "+elem.toString());
                 IArgBlock argBlock = CMS.createArgBlock();
 
-                argBlock.set(ICMSTemplateFiller.ERROR_DESCR, 
-                    elem);
+                argBlock.set(ICMSTemplateFiller.ERROR_DESCR,
+                        elem);
                 params.addRepeatRecord(argBlock);
             }
         }
 
         // this authority
-        if (authority != null) 
-            fixed.set(ICMSTemplateFiller.AUTHORITY, 
-                authority.getOfficialName());
+        if (authority != null)
+            fixed.set(ICMSTemplateFiller.AUTHORITY,
+                    authority.getOfficialName());
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java
index 15456865..1d479fef 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.OutputStream;
@@ -59,10 +58,9 @@ import com.netscape.certsrv.ra.IRegistrationAuthority;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.RequestId;
 
-
 /**
- * default Pending template filler 
- *
+ * default Pending template filler
+ * 
  * @version $Revision$, $Date$
  */
 public class GenPendingTemplateFiller implements ICMSTemplateFiller {
@@ -72,25 +70,26 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
     }
 
     /**
-     * fill error details and description if any. 
+     * fill error details and description if any.
+     * 
      * @param cmsReq CMS Request
      * @param authority this authority
      * @param locale locale of template.
      * @param e unexpected exception e. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(null, fixed);
 
-        if( cmsReq == null ) {
+        if (cmsReq == null) {
             return null;
         }
 
         // request status if any.
         Integer sts = cmsReq.getStatus();
 
-        if (sts != null) 
+        if (sts != null)
             fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
 
         // request id 
@@ -109,17 +108,17 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
                 PendInfo pendInfo = new PendInfo(reqId.toString(), new
                         Date());
                 OtherInfo otherInfo = new
-                    OtherInfo(OtherInfo.PEND, null, pendInfo);
+                        OtherInfo(OtherInfo.PEND, null, pendInfo);
                 SEQUENCE bpids = new SEQUENCE();
                 String[] reqIdArray =
-                    req.getExtDataInStringArray(IRequest.CMC_REQIDS);
+                        req.getExtDataInStringArray(IRequest.CMC_REQIDS);
 
                 for (int i = 0; i < reqIdArray.length; i++) {
                     bpids.addElement(new INTEGER(reqIdArray[i]));
                 }
                 CMCStatusInfo cmcStatusInfo = new
-                    CMCStatusInfo(CMCStatusInfo.PENDING, bpids,
-                        (String) null, otherInfo);
+                        CMCStatusInfo(CMCStatusInfo.PENDING, bpids,
+                                (String) null, otherInfo);
                 TaggedAttribute ta = new TaggedAttribute(new
                         INTEGER(bpid++),
                         OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
@@ -130,7 +129,7 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
                 // create recipientNonce
                 // create responseInfo if regInfo exist
                 String[] transIds =
-                    req.getExtDataInStringArray(IRequest.CMC_TRANSID);
+                        req.getExtDataInStringArray(IRequest.CMC_TRANSID);
                 SET ids = new SET();
 
                 for (int i = 0; i < transIds.length; i++) {
@@ -167,7 +166,7 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
                     dig = salt.getBytes();
                 }
                 String b64E = CMS.BtoA(dig);
-                String[] newNonce = {b64E};
+                String[] newNonce = { b64E };
 
                 ta = new TaggedAttribute(new
                             INTEGER(bpid++),
@@ -180,13 +179,13 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
                         SEQUENCE(), new
                         SEQUENCE());
                 EncapsulatedContentInfo ci = new
-                    EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse,
-                        rb);
+                        EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse,
+                                rb);
                 org.mozilla.jss.crypto.X509Certificate x509cert = null;
 
                 if (authority instanceof ICertificateAuthority) {
                     x509cert = ((ICertificateAuthority) authority).getCaX509Cert();
-                }else if (authority instanceof IRegistrationAuthority) {
+                } else if (authority instanceof IRegistrationAuthority) {
                     x509cert = ((IRegistrationAuthority) authority).getRACert();
                 }
                 if (x509cert == null)
@@ -194,12 +193,12 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
                 try {
                     X509CertImpl cert = new X509CertImpl(x509cert.getEncoded());
                     ByteArrayInputStream issuer1 = new
-                        ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded());
+                            ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded());
                     Name issuer = (Name) Name.getTemplate().decode(issuer1);
                     IssuerAndSerialNumber ias = new
-                        IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString()));
+                            IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString()));
                     SignerIdentifier si = new
-                        SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
+                            SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
 
                     // SHA1 is the default digest Alg for now.
                     DigestAlgorithm digestAlg = null;
@@ -207,14 +206,14 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
                     org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert);
                     org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType();
 
-                    if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA ) ) {
+                    if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) {
                         signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
-                    } else if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA ) ) {
+                    } else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) {
                         signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
                     } else {
-                        CMS.debug( "GenPendingTemplateFiller::getTemplateParams() - "
+                        CMS.debug("GenPendingTemplateFiller::getTemplateParams() - "
                                  + "keyType " + keyType.toString()
-                                 + " is unsupported!" );
+                                 + " is unsupported!");
                         return null;
                     }
 
@@ -224,7 +223,7 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
                     try {
                         SHADigest = MessageDigest.getInstance("SHA1");
                         digestAlg = DigestAlgorithm.SHA1;
-					
+
                         ByteArrayOutputStream ostream = new ByteArrayOutputStream();
 
                         rb.encode((OutputStream) ostream);
@@ -234,31 +233,31 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
                     }
 
                     SignerInfo signInfo = new
-                        SignerInfo(si, null, null,
-                            OBJECT_IDENTIFIER.id_cct_PKIResponse,
-                            digest, signAlg,
-                            privKey);
+                            SignerInfo(si, null, null,
+                                    OBJECT_IDENTIFIER.id_cct_PKIResponse,
+                                    digest, signAlg,
+                                    privKey);
                     SET signInfos = new SET();
 
                     signInfos.addElement(signInfo);
-					
+
                     SET digestAlgs = new SET();
 
                     if (digestAlg != null) {
                         AlgorithmIdentifier ai = new
-                            AlgorithmIdentifier(digestAlg.toOID(),
-                                null);
+                                AlgorithmIdentifier(digestAlg.toOID(),
+                                        null);
 
                         digestAlgs.addElement(ai);
                     }
-					
+
                     SignedData fResponse = new
-                        SignedData(digestAlgs, ci,
-                            null, null, signInfos);
+                            SignedData(digestAlgs, ci,
+                                    null, null, signInfos);
                     ContentInfo fullResponse = new
-                        ContentInfo(ContentInfo.SIGNED_DATA, fResponse);
+                            ContentInfo(ContentInfo.SIGNED_DATA, fResponse);
                     ByteArrayOutputStream ostream = new
-                        ByteArrayOutputStream();
+                            ByteArrayOutputStream();
 
                     fullResponse.encode((OutputStream) ostream);
                     byte[] fr = ostream.toByteArray();
@@ -270,9 +269,9 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
             }
         }
         // this authority
-        if (authority != null) 
-            fixed.set(ICMSTemplateFiller.AUTHORITY, 
-                authority.getOfficialName());
+        if (authority != null)
+            fixed.set(ICMSTemplateFiller.AUTHORITY,
+                    authority.getOfficialName());
         return params;
     }
 
@@ -286,4 +285,3 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
             return false;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java
index 798b7f0d..3dde1147 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java
@@ -16,7 +16,6 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
- 
 
 import java.util.Enumeration;
 import java.util.Locale;
@@ -27,10 +26,9 @@ import com.netscape.certsrv.authority.IAuthority;
 import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * default Service Pending template filler 
- *
+ * default Service Pending template filler
+ * 
  * @version $Revision$, $Date$
  */
 public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
@@ -46,7 +44,7 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
      * @param e unexpected exception e. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(null, fixed);
 
@@ -54,11 +52,11 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
         if (cmsReq != null) {
             Integer sts = cmsReq.getStatus();
 
-            if (sts != null) 
+            if (sts != null)
                 fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
         } else {
-            CMS.debug( "GenRejectedTemplateFiller::getTemplateParams() - " +
-                       "cmsReq is null!" );
+            CMS.debug("GenRejectedTemplateFiller::getTemplateParams() - " +
+                       "cmsReq is null!");
             return null;
         }
 
@@ -76,7 +74,7 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
 
                 while (msgs.hasMoreElements()) {
                     String ex = (String) msgs.nextElement();
-                    IArgBlock messageArgBlock = CMS.createArgBlock(); 
+                    IArgBlock messageArgBlock = CMS.createArgBlock();
 
                     messageArgBlock.set(POLICY_MESSAGE, ex);
                     params.addRepeatRecord(messageArgBlock);
@@ -86,10 +84,9 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
 
         // this authority
 
-        if (authority != null) 
-            fixed.set(ICMSTemplateFiller.AUTHORITY, 
-                authority.getOfficialName());
+        if (authority != null)
+            fixed.set(ICMSTemplateFiller.AUTHORITY,
+                    authority.getOfficialName());
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java
index ff3d4f8c..f6de3841 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java
@@ -16,7 +16,6 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
- 
 
 import java.util.Locale;
 
@@ -24,10 +23,9 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authority.IAuthority;
 import com.netscape.certsrv.base.IArgBlock;
 
-
 /**
- * default Success template filler 
- *
+ * default Success template filler
+ * 
  * @version $Revision$, $Date$
  */
 public class GenSuccessTemplateFiller implements ICMSTemplateFiller {
@@ -36,14 +34,15 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller {
     }
 
     /**
-     * fill error details and description if any. 
+     * fill error details and description if any.
+     * 
      * @param cmsReq CMS Request
      * @param authority this authority
      * @param locale locale of template.
      * @param e unexpected exception e. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(null, fixed);
 
@@ -51,15 +50,14 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller {
         if (cmsReq != null) {
             Integer sts = cmsReq.getStatus();
 
-            if (sts != null) 
+            if (sts != null)
                 fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
         }
 
         // this authority 
-        if (authority != null) 
-            fixed.set(ICMSTemplateFiller.AUTHORITY, 
-                authority.getOfficialName());
+        if (authority != null)
+            fixed.set(ICMSTemplateFiller.AUTHORITY,
+                    authority.getOfficialName());
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java
index d08b83a8..ec1b9777 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java
@@ -16,7 +16,6 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
- 
 
 import java.util.Locale;
 
@@ -25,10 +24,9 @@ import com.netscape.certsrv.authority.IAuthority;
 import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * default Service Pending template filler 
- *
+ * default Service Pending template filler
+ * 
  * @version $Revision$, $Date$
  */
 public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller {
@@ -38,14 +36,15 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller {
     }
 
     /**
-     * fill error details and description if any. 
+     * fill error details and description if any.
+     * 
      * @param cmsReq CMS Request
      * @param authority this authority
      * @param locale locale of template.
      * @param e unexpected exception e. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(null, fixed);
 
@@ -72,10 +71,9 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller {
         }
 
         // this authority
-        if (authority != null) 
-            fixed.set(ICMSTemplateFiller.AUTHORITY, 
-                authority.getOfficialName());
+        if (authority != null)
+            fixed.set(ICMSTemplateFiller.AUTHORITY,
+                    authority.getOfficialName());
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java
index befacf83..cab1b36e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java
@@ -16,7 +16,6 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
- 
 
 import java.util.Locale;
 
@@ -24,10 +23,9 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authority.IAuthority;
 import com.netscape.certsrv.base.IArgBlock;
 
-
 /**
- * default Unauthorized template filler 
- *
+ * default Unauthorized template filler
+ * 
  * @version $Revision$, $Date$
  */
 public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller {
@@ -36,14 +34,15 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller {
     }
 
     /**
-     * fill error details and description if any. 
+     * fill error details and description if any.
+     * 
      * @param cmsReq CMS Request
      * @param authority this authority
      * @param locale locale of template.
      * @param e unexpected exception e. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(null, fixed);
 
@@ -51,19 +50,18 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller {
         if (cmsReq != null) {
             Integer sts = cmsReq.getStatus();
 
-            if (sts != null) 
+            if (sts != null)
                 fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
         }
 
         // set unauthorized error
-        fixed.set(ICMSTemplateFiller.ERROR, 
-            new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")));
+        fixed.set(ICMSTemplateFiller.ERROR,
+                new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")));
 
         // this authority 
-        if (authority != null) 
-            fixed.set(ICMSTemplateFiller.AUTHORITY, 
-                authority.getOfficialName());
+        if (authority != null)
+            fixed.set(ICMSTemplateFiller.AUTHORITY,
+                    authority.getOfficialName());
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java
index 1ae6ee45..8b560d7b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java
@@ -16,7 +16,6 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
- 
 
 import java.util.Locale;
 
@@ -25,10 +24,9 @@ import com.netscape.certsrv.authority.IAuthority;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
 
-
 /**
- * default unexpected error template filler 
- *
+ * default unexpected error template filler
+ * 
  * @version $Revision$, $Date$
  */
 public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller {
@@ -37,41 +35,42 @@ public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller {
     }
 
     /**
-     * fill error details and description if any. 
+     * fill error details and description if any.
+     * 
      * @param cmsReq CMS Request
      * @param authority this authority
      * @param locale locale of template.
      * @param e unexpected exception e. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(null, fixed);
-		
+
         // When an exception occurs the exit is non-local which probably
         // will leave the requestStatus value set to something other
         // than CMSRequest.EXCEPTION, so force the requestStatus to 
         // EXCEPTION since it must be that if we're here. 
         Integer sts = CMSRequest.EXCEPTION;
-        if (cmsReq != null) cmsReq.setStatus(sts);
+        if (cmsReq != null)
+            cmsReq.setStatus(sts);
         fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
 
         // the unexpected error (exception)
-        if (e == null) 
+        if (e == null)
             e = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR"));
         String errMsg = null;
 
-        if (e instanceof EBaseException) 
+        if (e instanceof EBaseException)
             errMsg = ((EBaseException) e).toString(locale);
-        else 
+        else
             errMsg = e.toString();
         fixed.set(ICMSTemplateFiller.EXCEPTION, errMsg);
 
         // this authority
-        if (authority != null) 
-            fixed.set(ICMSTemplateFiller.AUTHORITY, 
-                authority.getOfficialName());
+        if (authority != null)
+            fixed.set(ICMSTemplateFiller.AUTHORITY,
+                    authority.getOfficialName());
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java
index ddd6f0a1..2d046f0e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.authority.IAuthority;
 
-
 /**
  * This interface represents a template filler.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICMSTemplateFiller {
@@ -34,18 +32,18 @@ public interface ICMSTemplateFiller {
     public final static String ERROR_DESCR = "errorDescription";
     public final static String EXCEPTION = "unexpectedError";
 
-    public static final String HOST = "host"; 
-    public static final String PORT = "port"; 
-    public static final String SCHEME = "scheme"; 
+    public static final String HOST = "host";
+    public static final String PORT = "port";
+    public static final String SCHEME = "scheme";
 
-    public static final String AUTHORITY = "authorityName"; 
+    public static final String AUTHORITY = "authorityName";
 
-    public static final String REQUEST_STATUS = "requestStatus"; 
+    public static final String REQUEST_STATUS = "requestStatus";
 
-    public static final String KEYREC_ID = "keyrecId"; 
-    public static final String REQUEST_ID = "requestId"; 
+    public static final String KEYREC_ID = "keyrecId";
+    public static final String REQUEST_ID = "requestId";
 
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e)
-        throws Exception;
+            CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e)
+            throws Exception;
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java
index 27ea5ec1..827f24f1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 /**
  * This represents raw JS parameters.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRawJS {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java
index ce1a5082..59c4a0fe 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.apps.CMS;
@@ -26,7 +25,6 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
  * A class represents a certificate server kernel. This
  * kernel contains a list of resident subsystems such
@@ -34,7 +32,7 @@ import com.netscape.certsrv.base.ISubsystem;
  * subsystems can be loaded into this kernel by specifying
  * parameters in the configuration store.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class IndexTemplateFiller implements ICMSTemplateFiller {
@@ -53,7 +51,7 @@ public class IndexTemplateFiller implements ICMSTemplateFiller {
     }
 
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) {
+            CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) {
         IArgBlock header = CMS.createArgBlock();
         IArgBlock ctx = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(header, ctx);
@@ -106,8 +104,8 @@ public class IndexTemplateFiller implements ICMSTemplateFiller {
         // from the caller. This parameter (selected) is used 
         // by header servlet
         try {
-            header.addStringValue("selected", 
-                cmsReq.getHttpParams().getValueAsString("selected"));
+            header.addStringValue("selected",
+                    cmsReq.getHttpParams().getValueAsString("selected"));
         } catch (EBaseException ex) {
         }
         header.addIntegerValue(OUT_TOTAL_COUNT, count);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java
index fb31fec1..f936e075 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 /**
  * This represents raw JS parameters.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class RawJS implements IRawJS {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java
index 580909cb..9c728c03 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.util.StringTokenizer;
 
 import javax.servlet.ServletConfig;
@@ -28,10 +27,9 @@ import com.netscape.certsrv.authorization.IAuthzSubsystem;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
-
 /**
  * Utility class
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class Utils {
@@ -45,13 +43,13 @@ public class Utils {
     public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz";
     public final static String AUTHZ_MGR_LDAP = "DirAclAuthz";
 
-    public static String initializeAuthz(ServletConfig sc, 
-        IAuthzSubsystem authz, String id) throws ServletException {
+    public static String initializeAuthz(ServletConfig sc,
+            IAuthzSubsystem authz, String id) throws ServletException {
         String srcType = AUTHZ_SRC_LDAP;
 
         try {
             IConfigStore authzConfig =
-                CMS.getConfigStore().getSubStore(AUTHZ_CONFIG_STORE);
+                    CMS.getConfigStore().getSubStore(AUTHZ_CONFIG_STORE);
 
             srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP);
         } catch (EBaseException e) {
@@ -64,7 +62,7 @@ public class Utils {
             CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", ""));
             aclMethod = sc.getInitParameter(PROP_AUTHZ_MGR);
             if (aclMethod != null &&
-                aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) {
+                    aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) {
                 String aclInfo = sc.getInitParameter(PROP_ACL);
 
                 if (aclInfo != null) {
@@ -95,7 +93,7 @@ public class Utils {
     }
 
     public static void addACLInfo(IAuthzSubsystem authz, String aclMethod,
-        String aclInfo) throws EBaseException {
+            String aclInfo) throws EBaseException {
 
         StringTokenizer tokenizer = new StringTokenizer(aclInfo, "#");
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
index b3809579..7defeeac 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.connector;
 
-
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStream;
@@ -58,12 +57,11 @@ import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
  * Clone servlet - part of the Clone Authority (CLA)
  * processes Revoked certs from its dependant clone CAs
- * service request and return status. 
- *
+ * service request and return status.
+ * 
  * @version $Revision$, $Date$
  */
 public class CloneServlet extends CMSServlet {
@@ -94,8 +92,8 @@ public class CloneServlet extends CMSServlet {
         mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
     }
 
-    public void service(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, IOException {
+    public void service(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException, IOException {
         boolean running_state = CMS.isInRunningState();
 
         if (!running_state)
@@ -134,10 +132,10 @@ public class CloneServlet extends CMSServlet {
         // ssl client auth for client auth to work.
 
         // get request method
-        method = req.getMethod(); 
+        method = req.getMethod();
 
         // get content length
-        len = req.getContentLength(); 
+        len = req.getContentLength();
 
         // get content, a base 64 encoded serialized request.
         if (len > 0) {
@@ -166,9 +164,9 @@ public class CloneServlet extends CMSServlet {
 
         try {
             peerCert = getPeerCert(req);
-        }catch (EBaseException e) {
-            mAuthority.log(ILogger.LL_SECURITY, 
-                CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
+        } catch (EBaseException e) {
+            mAuthority.log(ILogger.LL_SECURITY,
+                    CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
             resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
             return;
         }
@@ -203,8 +201,8 @@ public class CloneServlet extends CMSServlet {
             return;
         }
 
-        mAuthority.log(ILogger.LL_INFO, 
-            "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN());
+        mAuthority.log(ILogger.LL_INFO,
+                "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN());
 
         // authorize, any authenticated user are authorized
         AuthzToken authzToken = null;
@@ -243,13 +241,13 @@ public class CloneServlet extends CMSServlet {
             replymsg = processRequest(CCA_Id, CCAUserId, msg, token);
         } catch (IOException e) {
             e.printStackTrace();
-            mAuthority.log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+            mAuthority.log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
             resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
             return;
         } catch (EBaseException e) {
-            mAuthority.log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+            mAuthority.log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
             resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
             return;
         }
@@ -273,8 +271,8 @@ public class CloneServlet extends CMSServlet {
 
     //cfu ++change this to just check the subject and signer
     protected IAuthToken authenticate(
-        X509Certificate peerCert)
-        throws EBaseException {
+            X509Certificate peerCert)
+            throws EBaseException {
         try {
             // XXX using agent authentication now since we're only 
             // verifying that the cert belongs to a user in the db. 
@@ -285,32 +283,32 @@ public class CloneServlet extends CMSServlet {
 
             AuthCredentials creds = new AuthCredentials();
 
-            creds.set(IAuthManager.CRED_SSL_CLIENT_CERT, 
-                new X509Certificate[] {cert}
-            );
+            creds.set(IAuthManager.CRED_SSL_CLIENT_CERT,
+                    new X509Certificate[] { cert }
+                    );
 
-            IAuthToken token = mAuthSubsystem.authenticate(creds, 
+            IAuthToken token = mAuthSubsystem.authenticate(creds,
                     IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
 
             return token;
         } catch (CertificateException e) {
-            mAuthority.log(ILogger.LL_SECURITY, 
-                CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+            mAuthority.log(ILogger.LL_SECURITY,
+                    CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
         } catch (EInvalidCredentials e) {
-            mAuthority.log(ILogger.LL_SECURITY, 
-                CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+            mAuthority.log(ILogger.LL_SECURITY,
+                    CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
             throw e;
         } catch (EBaseException e) {
-            mAuthority.log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+            mAuthority.log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
             throw e;
         }
     }
 
     protected IPKIMessage processRequest(
-        String source, String sourceUserId, IPKIMessage msg, IAuthToken token) 
-        throws EBaseException {
+            String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
+            throws EBaseException {
         IPKIMessage replymsg = null;
         IRequest r = null;
         IRequestQueue queue = mAuthority.getRequestQueue();
@@ -331,8 +329,8 @@ public class CloneServlet extends CMSServlet {
                 mAuthority.log(ILogger.LL_FAILURE, errormsg);
                 throw new EBaseException(errormsg);
             } else {
-                mAuthority.log(ILogger.LL_INFO, 
-                    "Found request " + thisreqid + " for " + srcid);
+                mAuthority.log(ILogger.LL_INFO,
+                        "Found request " + thisreqid + " for " + srcid);
                 replymsg = CMS.getHttpPKIMessage();
                 replymsg.fromRequest(thisreq);
                 return replymsg;
@@ -348,7 +346,7 @@ public class CloneServlet extends CMSServlet {
         // setting requestor type must come after copy contents. because
         // requestor is a regular attribute.
         thisreq.setExtData(IRequest.REQUESTOR_TYPE,
-            IRequest.REQUESTOR_RA);
+                IRequest.REQUESTOR_RA);
         mAuthority.log(ILogger.LL_INFO, "Processing remote request " + srcid);
 
         // Set this so that request's updateBy is recorded
@@ -365,14 +363,14 @@ public class CloneServlet extends CMSServlet {
         //for audit log
         String agentID = sourceUserId;
         String initiative = AuditFormat.FROMRA + " trustedManagerID: " +
-            agentID + " remote reqID " + msg.getReqId();
+                agentID + " remote reqID " + msg.getReqId();
         String authMgr = AuditFormat.NOAUTH;
 
         if (token != null) {
-            authMgr = 
+            authMgr =
                     token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
         }
-		
+
         // Get the certificate info from the request
         X509CertInfo certInfo[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
@@ -380,36 +378,35 @@ public class CloneServlet extends CMSServlet {
             if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) {
                 if (certInfo != null) {
                     for (int i = 0; i < certInfo.length; i++) {
-                        mLogger.log(ILogger.EV_AUDIT, 
+                        mLogger.log(ILogger.EV_AUDIT,
+                                ILogger.S_OTHER,
+                                AuditFormat.LEVEL,
+                                AuditFormat.FORMAT,
+                                new Object[] {
+                                        thisreq.getRequestType(),
+                                        thisreq.getRequestId(),
+                                        initiative,
+                                        authMgr,
+                                        thisreq.getRequestStatus(),
+                                        certInfo[i].get(X509CertInfo.SUBJECT),
+                                        "" }
+                                );
+                    }
+                } else {
+                    mLogger.log(ILogger.EV_AUDIT,
                             ILogger.S_OTHER,
                             AuditFormat.LEVEL,
-                            AuditFormat.FORMAT,
+                            AuditFormat.NODNFORMAT,
                             new Object[] {
-                                thisreq.getRequestType(),
-                                thisreq.getRequestId(),
-                                initiative,
-                                authMgr,
-                                thisreq.getRequestStatus(),
-                                certInfo[i].get(X509CertInfo.SUBJECT),
-                                ""}
-                        );
-                    }
-                } else {
-                    mLogger.log(ILogger.EV_AUDIT, 
-                        ILogger.S_OTHER,
-                        AuditFormat.LEVEL,
-                        AuditFormat.NODNFORMAT,
-                        new Object[] {
-                            thisreq.getRequestType(),
-                            thisreq.getRequestId(),
-                            initiative,
-                            authMgr,
-                            thisreq.getRequestStatus()}
-                    );
+                                    thisreq.getRequestType(),
+                                    thisreq.getRequestId(),
+                                    initiative,
+                                    authMgr,
+                                    thisreq.getRequestStatus() }
+                            );
                 }
             } else {
-                if
-                (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) {
+                if (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) {
                     Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
 
                     if (result.equals(IRequest.RES_ERROR)) {
@@ -578,7 +575,7 @@ public class CloneServlet extends CMSServlet {
     }
 
     protected X509Certificate
-    getPeerCert(HttpServletRequest req) throws EBaseException {
+            getPeerCert(HttpServletRequest req) throws EBaseException {
         return getSSLClientCertificate(req);
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
index 67956bd8..8d1c78cd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
@@ -72,12 +72,11 @@ import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
  * Connector servlet
  * process requests from remote authority -
- * service request or return status. 
- *
+ * service request or return status.
+ * 
  * @version $Revision$, $Date$
  */
 public class ConnectorServlet extends CMSServlet {
@@ -96,13 +95,13 @@ public class ConnectorServlet extends CMSServlet {
     protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
     private final static String SIGNED_AUDIT_PROTECTION_METHOD_SSL = "ssl";
     private final static String SIGNED_AUDIT_PROTECTION_METHOD_UNKNOWN =
-        "unknown";
+            "unknown";
     private final static String LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5";
+            "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5";
     private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST =
-        "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
+            "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
     private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+            "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
 
     private final static byte EOL[] = { Character.LINE_SEPARATOR };
 
@@ -118,13 +117,13 @@ public class ConnectorServlet extends CMSServlet {
             mAuthority = (IAuthority)
                     CMS.getSubsystem(authority);
         mReqEncoder = CMS.getHttpRequestEncoder();
-		
+
         mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
     }
 
-    public void service(HttpServletRequest request, 
-        HttpServletResponse response)
-        throws ServletException, IOException {
+    public void service(HttpServletRequest request,
+            HttpServletResponse response)
+            throws ServletException, IOException {
 
         boolean running_state = CMS.isInRunningState();
 
@@ -167,10 +166,10 @@ public class ConnectorServlet extends CMSServlet {
         // ssl client auth for client auth to work.
 
         // get request method
-        method = req.getMethod(); 
+        method = req.getMethod();
 
         // get content length
-        len = request.getContentLength(); 
+        len = request.getContentLength();
 
         // get content, a base 64 encoded serialized request.
         if (len > 0) {
@@ -198,9 +197,9 @@ public class ConnectorServlet extends CMSServlet {
 
         try {
             peerCert = getPeerCert(req);
-        }catch (EBaseException e) {
-            mAuthority.log(ILogger.LL_SECURITY, 
-                CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
+        } catch (EBaseException e) {
+            mAuthority.log(ILogger.LL_SECURITY,
+                    CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
             resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
             return;
         }
@@ -231,8 +230,8 @@ public class ConnectorServlet extends CMSServlet {
             return;
         }
 
-        mAuthority.log(ILogger.LL_INFO, 
-            "Remote Authority authenticated: " + peerCert.getSubjectDN());
+        mAuthority.log(ILogger.LL_INFO,
+                "Remote Authority authenticated: " + peerCert.getSubjectDN());
 
         // authorize
         AuthzToken authzToken = null;
@@ -270,15 +269,15 @@ public class ConnectorServlet extends CMSServlet {
         } catch (IOException e) {
             CMS.debug("ConnectorServlet: service " + e.toString());
             CMS.debug(e);
-            mAuthority.log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+            mAuthority.log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
             resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
             return;
         } catch (EBaseException e) {
             CMS.debug("ConnectorServlet: service " + e.toString());
             CMS.debug(e);
-            mAuthority.log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+            mAuthority.log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
             resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
             return;
         } catch (Exception e) {
@@ -328,8 +327,8 @@ public class ConnectorServlet extends CMSServlet {
         try {
             info = request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
 
-         //   request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0"));
-            CertificateX509Key certKey = (CertificateX509Key)info.get(X509CertInfo.KEY);
+            //   request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0"));
+            CertificateX509Key certKey = (CertificateX509Key) info.get(X509CertInfo.KEY);
             if (certKey != null) {
                 byteStream = new ByteArrayOutputStream();
                 certKey.encode(byteStream);
@@ -369,13 +368,13 @@ public class ConnectorServlet extends CMSServlet {
                         certAlgOut.toByteArray());
             }
         } catch (Exception e) {
-            CMS.debug("ConnectorServlet: profile normalization " + 
-                e.toString());
+            CMS.debug("ConnectorServlet: profile normalization " +
+                    e.toString());
         }
 
         String profileId = request.getExtDataInString("profileId");
         IProfileSubsystem ps = (IProfileSubsystem)
-            CMS.getSubsystem("profile");
+                CMS.getSubsystem("profile");
         IEnrollProfile profile = null;
 
         // profile subsystem may not be available. In case of KRA for 
@@ -399,24 +398,19 @@ public class ConnectorServlet extends CMSServlet {
     /**
      * Process request
      * <P>
-     *
-     * (Certificate Request - all "agent" profile cert requests made through a
-     *  connector)
+     * 
+     * (Certificate Request - all "agent" profile cert requests made through a connector)
      * <P>
-     *
-     * (Certificate Request Processed - all automated "agent" profile based
-     *  cert acceptance made through a connector)
+     * 
+     * (Certificate Request Processed - all automated "agent" profile based cert acceptance made through a connector)
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a
-     * profile cert request is made (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
-     * certificate request has just been through the approval process
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS used when
-     * inter-CIMC_Boundary data transfer is successful (this is used when data
-     * does not need to be captured)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS used when inter-CIMC_Boundary data transfer is successful (this is used when data does not need to be captured)
      * </ul>
+     * 
      * @param source string containing source
      * @param sourceUserId string containing source user ID
      * @param msg PKI message
@@ -425,8 +419,8 @@ public class ConnectorServlet extends CMSServlet {
      * @return PKI message
      */
     protected IPKIMessage processRequest(
-        String source, String sourceUserId, IPKIMessage msg, IAuthToken token) 
-        throws EBaseException {
+            String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
+            throws EBaseException {
         String auditMessage = null;
         String auditSubjectID = sourceUserId;
         String auditProtectionMethod = SIGNED_AUDIT_PROTECTION_METHOD_SSL;
@@ -477,12 +471,12 @@ public class ConnectorServlet extends CMSServlet {
                 if (thisreq == null) {
                     // strange case.
                     String errormsg = "Cannot find request in request queue " +
-                        thisreqid;
+                            thisreqid;
 
                     mAuthority.log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage(
-                            "CMSGW_REQUEST_ID_NOT_FOUND_1",
-                            thisreqid.toString()));
+                            CMS.getLogMessage(
+                                    "CMSGW_REQUEST_ID_NOT_FOUND_1",
+                                    thisreqid.toString()));
 
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
@@ -501,8 +495,8 @@ public class ConnectorServlet extends CMSServlet {
 
                     throw new EBaseException(errormsg);
                 } else {
-                    mAuthority.log(ILogger.LL_INFO, 
-                        "Found request " + thisreqid + " for " + srcid);
+                    mAuthority.log(ILogger.LL_INFO,
+                            "Found request " + thisreqid + " for " + srcid);
                     replymsg = CMS.getHttpPKIMessage();
                     replymsg.fromRequest(thisreq);
 
@@ -527,8 +521,8 @@ public class ConnectorServlet extends CMSServlet {
 
             // if not found process request.
             thisreq = queue.newRequest(msg.getReqType());
-            CMS.debug("ConnectorServlet: created requestId=" + 
-                thisreq.getRequestId().toString());
+            CMS.debug("ConnectorServlet: created requestId=" +
+                    thisreq.getRequestId().toString());
             thisreq.setSourceId(srcid);
 
             // NOTE:  For the following signed audit message, since we only
@@ -537,23 +531,23 @@ public class ConnectorServlet extends CMSServlet {
             //        (which is the only exception designated by this method),
             //        then this code does NOT need to be contained within its
             //        own special try/catch block.
-            msg.toRequest( thisreq );
+            msg.toRequest(thisreq);
 
-            if( isProfileRequest( thisreq ) ) {
+            if (isProfileRequest(thisreq)) {
                 X509CertInfo info =
                                     thisreq.getExtDataInCertInfo(
-                                        IEnrollProfile.REQUEST_CERTINFO );
+                                            IEnrollProfile.REQUEST_CERTINFO);
 
                 try {
-                    CertificateSubjectName sn = ( CertificateSubjectName )
-                        info.get( X509CertInfo.SUBJECT );
+                    CertificateSubjectName sn = (CertificateSubjectName)
+                            info.get(X509CertInfo.SUBJECT);
 
                     // if the cert subject name is NOT MISSING, retrieve the
                     // actual "auditCertificateSubjectName" and "normalize"
                     // it
-                    if( sn != null ) {
+                    if (sn != null) {
                         subject = sn.toString();
-                        if( subject != null ) {
+                        if (subject != null) {
                             // NOTE:  This is ok even if the cert subject
                             //        name is "" (empty)!
                             auditCertificateSubjectName = subject.trim();
@@ -562,42 +556,42 @@ public class ConnectorServlet extends CMSServlet {
 
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditRequesterID,
-                        auditProfileID(),
-                        auditCertificateSubjectName );
+                            LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+                            auditSubjectID,
+                            ILogger.SUCCESS,
+                            auditRequesterID,
+                            auditProfileID(),
+                            auditCertificateSubjectName);
 
-                    audit( auditMessage );
-                } catch( CertificateException e ) {
-                    CMS.debug( "ConnectorServlet: processRequest "
-                             + e.toString() );
+                    audit(auditMessage);
+                } catch (CertificateException e) {
+                    CMS.debug("ConnectorServlet: processRequest "
+                             + e.toString());
 
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        auditProfileID(),
-                        auditCertificateSubjectName );
+                            LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditRequesterID,
+                            auditProfileID(),
+                            auditCertificateSubjectName);
 
-                    audit( auditMessage );
-                } catch( IOException e ) {
-                    CMS.debug( "ConnectorServlet: processRequest "
-                             + e.toString() );
+                    audit(auditMessage);
+                } catch (IOException e) {
+                    CMS.debug("ConnectorServlet: processRequest "
+                             + e.toString());
 
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        auditProfileID(),
-                        auditCertificateSubjectName );
+                            LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditRequesterID,
+                            auditProfileID(),
+                            auditCertificateSubjectName);
 
-                    audit( auditMessage );
+                    audit(auditMessage);
                 }
             }
 
@@ -606,9 +600,9 @@ public class ConnectorServlet extends CMSServlet {
             // setting requestor type must come after copy contents. because
             // requestor is a regular attribute.
             thisreq.setExtData(IRequest.REQUESTOR_TYPE,
-                IRequest.REQUESTOR_RA);
+                    IRequest.REQUESTOR_RA);
             mAuthority.log(ILogger.LL_INFO, "Processing remote request " +
-                srcid);
+                    srcid);
 
             // Set this so that request's updateBy is recorded
             SessionContext s = SessionContext.getContext();
@@ -622,52 +616,52 @@ public class ConnectorServlet extends CMSServlet {
             }
 
             CMS.debug("ConnectorServlet: calling processRequest instance=" +
-                thisreq);
+                    thisreq);
             if (isProfileRequest(thisreq)) {
                 normalizeProfileRequest(thisreq);
             }
 
             try {
-                queue.processRequest( thisreq );
+                queue.processRequest(thisreq);
 
-                if( isProfileRequest( thisreq ) ) {
+                if (isProfileRequest(thisreq)) {
                     // reset the "auditInfoCertValue"
-                    auditInfoCertValue = auditInfoCertValue( thisreq );
+                    auditInfoCertValue = auditInfoCertValue(thisreq);
 
-                    if( auditInfoCertValue != null ) {
-                        if( !( auditInfoCertValue.equals(
-                                   ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) {
+                    if (auditInfoCertValue != null) {
+                        if (!(auditInfoCertValue.equals(
+                                   ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
                             // store a message in the signed audit log file
                             auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.SUCCESS,
-                                auditRequesterID,
-                                ILogger.SIGNED_AUDIT_ACCEPTANCE,
-                                auditInfoCertValue );
-
-                            audit( auditMessage );
+                                    LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+                                    auditSubjectID,
+                                    ILogger.SUCCESS,
+                                    auditRequesterID,
+                                    ILogger.SIGNED_AUDIT_ACCEPTANCE,
+                                    auditInfoCertValue);
+
+                            audit(auditMessage);
                         }
                     }
                 }
-            } catch( EBaseException eAudit1 ) {
-                if( isProfileRequest( thisreq ) ) {
+            } catch (EBaseException eAudit1) {
+                if (isProfileRequest(thisreq)) {
                     // reset the "auditInfoCertValue"
-                    auditInfoCertValue = auditInfoCertValue( thisreq );
+                    auditInfoCertValue = auditInfoCertValue(thisreq);
 
-                    if( auditInfoCertValue != null ) {
-                        if( !( auditInfoCertValue.equals(
-                                   ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) {
+                    if (auditInfoCertValue != null) {
+                        if (!(auditInfoCertValue.equals(
+                                   ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
                             // store a message in the signed audit log file
                             auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                ILogger.SIGNED_AUDIT_ACCEPTANCE,
-                                auditInfoCertValue );
-
-                            audit( auditMessage );
+                                    LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+                                    auditSubjectID,
+                                    ILogger.FAILURE,
+                                    auditRequesterID,
+                                    ILogger.SIGNED_AUDIT_ACCEPTANCE,
+                                    auditInfoCertValue);
+
+                            audit(auditMessage);
                         }
                     }
                 }
@@ -681,23 +675,23 @@ public class ConnectorServlet extends CMSServlet {
             replymsg.fromRequest(thisreq);
 
             CMS.debug("ConnectorServlet: replymsg.reqStatus=" +
-                replymsg.getReqStatus());
+                    replymsg.getReqStatus());
 
             //for audit log
             String agentID = sourceUserId;
             String initiative = AuditFormat.FROMRA + " trustedManagerID: " +
-                agentID + " remote reqID " + msg.getReqId();
+                    agentID + " remote reqID " + msg.getReqId();
             String authMgr = AuditFormat.NOAUTH;
 
             if (token != null) {
-                authMgr = 
+                authMgr =
                         token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
             }
 
             if (isProfileRequest(thisreq)) {
                 // XXX audit log
-                CMS.debug("ConnectorServlet: done requestId=" + 
-                    thisreq.getRequestId().toString());
+                CMS.debug("ConnectorServlet: done requestId=" +
+                        thisreq.getRequestId().toString());
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
@@ -724,32 +718,32 @@ public class ConnectorServlet extends CMSServlet {
                 if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) {
                     if (x509Info != null) {
                         for (int i = 0; i < x509Info.length; i++) {
-                            mLogger.log(ILogger.EV_AUDIT, 
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.FORMAT,
+                                    new Object[] {
+                                            thisreq.getRequestType(),
+                                            thisreq.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            thisreq.getRequestStatus(),
+                                            x509Info[i].get(X509CertInfo.SUBJECT),
+                                            "" }
+                                    );
+                        }
+                    } else {
+                        mLogger.log(ILogger.EV_AUDIT,
                                 ILogger.S_OTHER,
                                 AuditFormat.LEVEL,
-                                AuditFormat.FORMAT,
+                                AuditFormat.NODNFORMAT,
                                 new Object[] {
-                                    thisreq.getRequestType(),
-                                    thisreq.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    thisreq.getRequestStatus(),
-                                    x509Info[i].get(X509CertInfo.SUBJECT),
-                                    ""}
-                            );
-                        }
-                    } else {
-                        mLogger.log(ILogger.EV_AUDIT, 
-                            ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.NODNFORMAT,
-                            new Object[] {
-                                thisreq.getRequestType(),
-                                thisreq.getRequestId(),
-                                initiative,
-                                authMgr,
-                                thisreq.getRequestStatus()}
-                        );
+                                        thisreq.getRequestType(),
+                                        thisreq.getRequestId(),
+                                        initiative,
+                                        authMgr,
+                                        thisreq.getRequestStatus() }
+                                );
                     }
                 } else {
                     if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) {
@@ -761,40 +755,40 @@ public class ConnectorServlet extends CMSServlet {
                             x509Certs =
                                     thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
-                            // return potentially more than one certificates. 
+                        // return potentially more than one certificates. 
                         if (x509Certs != null) {
                             for (int i = 0; i < x509Certs.length; i++) {
-                                mLogger.log(ILogger.EV_AUDIT, 
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.FORMAT,
+                                        new Object[] {
+                                                thisreq.getRequestType(),
+                                                thisreq.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                "completed",
+                                                x509Certs[i].getSubjectDN(),
+                                                "cert issued serial number: 0x" +
+                                                        x509Certs[i].getSerialNumber().toString(16) }
+                                        );
+                            }
+                        } else {
+                            mLogger.log(ILogger.EV_AUDIT,
                                     ILogger.S_OTHER,
                                     AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
+                                    AuditFormat.NODNFORMAT,
                                     new Object[] {
-                                        thisreq.getRequestType(),
-                                        thisreq.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        "completed",
-                                        x509Certs[i].getSubjectDN(),
-                                        "cert issued serial number: 0x" +
-                                        x509Certs[i].getSerialNumber().toString(16)}
-                                );
-                            }
-                        } else {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.NODNFORMAT,
-                                new Object[] {
-                                    thisreq.getRequestType(),
-                                    thisreq.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "completed"}
-                            );
+                                            thisreq.getRequestType(),
+                                            thisreq.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "completed" }
+                                    );
                         }
                     } else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) {
                         X509CertImpl[] certs =
-                            thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
+                                thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
                         X509CertImpl old_cert = certs[0];
 
                         certs = thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
@@ -802,36 +796,36 @@ public class ConnectorServlet extends CMSServlet {
 
                         if (old_cert != null && renewed_cert != null) {
                             mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.RENEWALFORMAT,
-                                new Object[] {
-                                    thisreq.getRequestId(), 
-                                    initiative,
-                                    authMgr,
-                                    "completed",
-                                    old_cert.getSubjectDN(),
-                                    old_cert.getSerialNumber().toString(16),
-                                    "new serial number: 0x" +
-                                    renewed_cert.getSerialNumber().toString(16)}
-                            );
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.RENEWALFORMAT,
+                                    new Object[] {
+                                            thisreq.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "completed",
+                                            old_cert.getSubjectDN(),
+                                            old_cert.getSerialNumber().toString(16),
+                                            "new serial number: 0x" +
+                                                    renewed_cert.getSerialNumber().toString(16) }
+                                    );
                         } else {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.NODNFORMAT,
-                                new Object[] {
-                                    thisreq.getRequestType(),
-                                    thisreq.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "completed with error"}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.NODNFORMAT,
+                                    new Object[] {
+                                            thisreq.getRequestType(),
+                                            thisreq.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "completed with error" }
+                                    );
                         }
                     } else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) {
                         Certificate[] oldCerts =
-                            thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
+                                thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
                         RevokedCertImpl crlentries[] =
-                            thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
+                                thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
                         CRLExtensions crlExts = crlentries[0].getExtensions();
                         int reason = 0;
 
@@ -839,7 +833,7 @@ public class ConnectorServlet extends CMSServlet {
                             Enumeration<Extension> enum1 = crlExts.getElements();
 
                             while (enum1.hasMoreElements()) {
-                                Extension ext =  enum1.nextElement();
+                                Extension ext = enum1.nextElement();
 
                                 if (ext instanceof CRLReasonExtension) {
                                     reason = ((CRLReasonExtension) ext).getReason().toInt();
@@ -853,7 +847,7 @@ public class ConnectorServlet extends CMSServlet {
 
                         if (result.equals(IRequest.RES_ERROR)) {
                             String[] svcErrors =
-                                thisreq.getExtDataInStringArray(IRequest.SVCERRORS);
+                                    thisreq.getExtDataInStringArray(IRequest.SVCERRORS);
 
                             if (svcErrors != null && svcErrors.length > 0) {
                                 for (int i = 0; i < svcErrors.length; i++) {
@@ -866,18 +860,18 @@ public class ConnectorServlet extends CMSServlet {
                                                     X509CertImpl cert = (X509CertImpl) oldCerts[j];
 
                                                     mLogger.log(ILogger.EV_AUDIT,
-                                                        ILogger.S_OTHER,
-                                                        AuditFormat.LEVEL,
-                                                        AuditFormat.DOREVOKEFORMAT,
-                                                        new Object[] {
-                                                            thisreq.getRequestId(), 
-                                                            initiative,
-                                                            "completed with error: " +
-                                                            err,
-                                                            cert.getSubjectDN(),
-                                                            cert.getSerialNumber().toString(16),
-                                                            RevocationReason.fromInt(reason).toString()}
-                                                    );
+                                                            ILogger.S_OTHER,
+                                                            AuditFormat.LEVEL,
+                                                            AuditFormat.DOREVOKEFORMAT,
+                                                            new Object[] {
+                                                                    thisreq.getRequestId(),
+                                                                    initiative,
+                                                                    "completed with error: " +
+                                                                            err,
+                                                                    cert.getSubjectDN(),
+                                                                    cert.getSerialNumber().toString(16),
+                                                                    RevocationReason.fromInt(reason).toString() }
+                                                            );
                                                 }
                                             }
                                         }
@@ -892,32 +886,32 @@ public class ConnectorServlet extends CMSServlet {
                                         X509CertImpl cert = (X509CertImpl) oldCerts[j];
 
                                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                            AuditFormat.LEVEL,
-                                            AuditFormat.DOREVOKEFORMAT,
-                                            new Object[] {
-                                                thisreq.getRequestId(), 
-                                                initiative,
-                                                "completed",
-                                                cert.getSubjectDN(),
-                                                cert.getSerialNumber().toString(16),
-                                                RevocationReason.fromInt(reason).toString()}
-                                        );
+                                                AuditFormat.LEVEL,
+                                                AuditFormat.DOREVOKEFORMAT,
+                                                new Object[] {
+                                                        thisreq.getRequestId(),
+                                                        initiative,
+                                                        "completed",
+                                                        cert.getSubjectDN(),
+                                                        cert.getSerialNumber().toString(16),
+                                                        RevocationReason.fromInt(reason).toString() }
+                                                );
                                     }
                                 }
                             }
                         }
                     } else {
-                        mLogger.log(ILogger.EV_AUDIT, 
-                            ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.NODNFORMAT,
-                            new Object[] {
-                                thisreq.getRequestType(),
-                                thisreq.getRequestId(),
-                                initiative,
-                                authMgr,
-                                "completed"}
-                        );
+                        mLogger.log(ILogger.EV_AUDIT,
+                                ILogger.S_OTHER,
+                                AuditFormat.LEVEL,
+                                AuditFormat.NODNFORMAT,
+                                new Object[] {
+                                        thisreq.getRequestType(),
+                                        thisreq.getRequestId(),
+                                        initiative,
+                                        authMgr,
+                                        "completed" }
+                                );
                     }
                 }
 
@@ -1001,7 +995,7 @@ public class ConnectorServlet extends CMSServlet {
     }
 
     protected X509Certificate
-    getPeerCert(HttpServletRequest req) throws EBaseException {
+            getPeerCert(HttpServletRequest req) throws EBaseException {
         return getSSLClientCertificate(req);
     }
 
@@ -1011,11 +1005,11 @@ public class ConnectorServlet extends CMSServlet {
 
     /**
      * Signed Audit Log
-     *
+     * 
      * This method is inherited by all extended "CMSServlet"s,
      * and is called to store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
     protected void audit(String msg) {
@@ -1027,20 +1021,20 @@ public class ConnectorServlet extends CMSServlet {
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     /**
      * Signed Audit Log Profile ID
-     *
+     * 
      * This method is inherited by all extended "EnrollProfile"s,
      * and is called to obtain the "ProfileID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message ProfileID
      */
     protected String auditProfileID() {
@@ -1062,11 +1056,11 @@ public class ConnectorServlet extends CMSServlet {
 
     /**
      * Signed Audit Log Info Certificate Value
-     *
+     * 
      * This method is called to obtain the certificate from the passed in
      * "X509CertImpl" for a signed audit log message.
      * <P>
-     *
+     * 
      * @param request a Request containing an X509CertImpl
      * @return cert string containing the certificate
      */
@@ -1122,4 +1116,3 @@ public class ConnectorServlet extends CMSServlet {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
index 2a024c3a..171aeb64 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
@@ -40,13 +40,11 @@ import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
-
 /**
  * GenerateKeyPairServlet
- *   handles "server-side key pair generation" requests from the
- * netkey RA. 
- *
+ * handles "server-side key pair generation" requests from the
+ * netkey RA.
+ * 
  * @author Christina Fu (cfu)
  * @version $Revision$, $Date$
  */
@@ -68,7 +66,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
 
     /**
      * Constructs GenerateKeyPair servlet.
-     *
+     * 
      */
     public GenerateKeyPairServlet() {
         super();
@@ -82,17 +80,17 @@ public class GenerateKeyPairServlet extends CMSServlet {
         if (authority != null)
             mAuthority = (IAuthority)
                     CMS.getSubsystem(authority);
-        
+
         mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
     }
 
     /**
      * Returns serlvet information.
-     *
+     * 
      * @return name of this servlet
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /*
@@ -109,8 +107,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
      *      * recovery blob (used for recovery)
      */
     private void processServerSideKeyGen(HttpServletRequest req,
-      HttpServletResponse resp) throws EBaseException
-    {
+            HttpServletResponse resp) throws EBaseException {
         IRequestQueue queue = mAuthority.getRequestQueue();
         IRequest thisreq = null;
 
@@ -123,8 +120,8 @@ public class GenerateKeyPairServlet extends CMSServlet {
         String rCUID = req.getParameter("CUID");
         String rUserid = req.getParameter("userid");
         String rdesKeyString = req.getParameter("drm_trans_desKey");
-	String rArchive = req.getParameter("archive");
-	String rKeysize = req.getParameter("keysize");
+        String rArchive = req.getParameter("archive");
+        String rKeysize = req.getParameter("keysize");
 
         if ((rCUID == null) || (rCUID.equals(""))) {
             CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: CUID");
@@ -136,19 +133,19 @@ public class GenerateKeyPairServlet extends CMSServlet {
             missingParam = true;
         }
 
-	if ((rKeysize == null) || (rKeysize.equals(""))) {
-	    rKeysize = "1024"; // default to 1024
-	}
+        if ((rKeysize == null) || (rKeysize.equals(""))) {
+            rKeysize = "1024"; // default to 1024
+        }
 
         if ((rdesKeyString == null) ||
-            (rdesKeyString.equals(""))) {
+                (rdesKeyString.equals(""))) {
             CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: DRM-transportKey-wrapped DES key");
             missingParam = true;
         }
 
         if ((rArchive == null) || (rArchive.equals(""))) {
             CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing key archival flag 'archive' ,default to true");
-	    rArchive = "true";
+            rArchive = "true";
         }
 
         String selectedToken = null;
@@ -160,17 +157,17 @@ public class GenerateKeyPairServlet extends CMSServlet {
             thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID);
             thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid);
             thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString);
-	    thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive);
-	    thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize);
+            thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive);
+            thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize);
 
-            queue.processRequest( thisreq );
+            queue.processRequest(thisreq);
             Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
             if (result != null) {
-		// sighs!  tps thinks 0 is good, and DRM thinks 1 is good
-		if (result.intValue() == 1)
-		    status = "0";
-		else
-		    status = result.toString();
+                // sighs!  tps thinks 0 is good, and DRM thinks 1 is good
+                if (result.intValue() == 1)
+                    status = "0";
+                else
+                    status = result.toString();
             } else
                 status = "7";
 
@@ -184,40 +181,40 @@ public class GenerateKeyPairServlet extends CMSServlet {
         String wrappedPrivKeyString = "";
         String publicKeyString = "";
 
-        if( thisreq == null ) {
-            CMS.debug( "GenerateKeyPairServlet::processServerSideKeyGen() - "
-                     + "thisreq is null!" );
-            throw new EBaseException( "thisreq is null" );
+        if (thisreq == null) {
+            CMS.debug("GenerateKeyPairServlet::processServerSideKeyGen() - "
+                     + "thisreq is null!");
+            throw new EBaseException("thisreq is null");
         }
 
         publicKeyString = thisreq.getExtDataInString("public_key");
         wrappedPrivKeyString = thisreq.getExtDataInString("wrappedUserPrivate");
 
-	String ivString = thisreq.getExtDataInString("iv_s");
+        String ivString = thisreq.getExtDataInString("iv_s");
 
         /*
           if (selectedToken == null)
           status = "4";
         */
-        if (!status.equals("0")) 
-            value = "status="+status;
+        if (!status.equals("0"))
+            value = "status=" + status;
         else {
             StringBuffer sb = new StringBuffer();
             sb.append("status=0&");
-			sb.append("wrapped_priv_key=");
-			sb.append(wrappedPrivKeyString);
-			sb.append("&iv_param=");
-			sb.append(ivString);
+            sb.append("wrapped_priv_key=");
+            sb.append(wrappedPrivKeyString);
+            sb.append("&iv_param=");
+            sb.append(ivString);
             sb.append("&public_key=");
-			sb.append(publicKeyString);
+            sb.append(publicKeyString);
             value = sb.toString();
 
         }
-        CMS.debug("processServerSideKeyGen:outputString.encode " +value);
+        CMS.debug("processServerSideKeyGen:outputString.encode " + value);
 
-        try{
+        try {
             resp.setContentLength(value.length());
-            CMS.debug("GenerateKeyPairServlet:outputString.length " +value.length());
+            CMS.debug("GenerateKeyPairServlet:outputString.length " + value.length());
             OutputStream ooss = resp.getOutputStream();
             ooss.write(value.getBytes());
             ooss.flush();
@@ -227,7 +224,6 @@ public class GenerateKeyPairServlet extends CMSServlet {
         }
     }
 
-
     /* 
     
      *   For GenerateKeyPair:
@@ -258,7 +254,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
 
         if (authzToken == null) {
 
-            try{
+            try {
                 resp.setContentType("text/html");
                 String value = "unauthorized=";
                 CMS.debug("GenerateKeyPairServlet: Unauthorized");
@@ -268,7 +264,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
                 ooss.write(value.getBytes());
                 ooss.flush();
                 mRenderResult = false;
-            }catch (Exception e) {
+            } catch (Exception e) {
                 CMS.debug("GenerateKeyPairServlet: " + e.toString());
             }
 
@@ -277,28 +273,28 @@ public class GenerateKeyPairServlet extends CMSServlet {
         }
 
         // begin Netkey serverSideKeyGen and archival
-	CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called");
-	processServerSideKeyGen(req, resp);
-	return;
+        CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called");
+        processServerSideKeyGen(req, resp);
+        return;
         // end Netkey functions
 
     }
 
-    /** XXX remember tocheck peer SSL cert and get RA id later
-     *
+    /**
+     * XXX remember tocheck peer SSL cert and get RA id later
+     * 
      * Serves HTTP admin request.
-     *
+     * 
      * @param req HTTP request
      * @param resp HTTP response
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         String scope = req.getParameter(Constants.OP_SCOPE);
         String op = req.getParameter(Constants.OP_TYPE);
 
-       super.service(req, resp);
+        super.service(req, resp);
 
- 
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
index fa454bd6..dfceddd9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
@@ -39,12 +39,11 @@ import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
  * TokenKeyRecoveryServlet
- *   handles "key recovery service" requests from the
+ * handles "key recovery service" requests from the
  * netkey TPS
- *
+ * 
  * @author Christina Fu (cfu)
  * @version $Revision$, $Date$
  */
@@ -65,7 +64,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
 
     /**
      * Constructs TokenKeyRecovery servlet.
-     *
+     * 
      */
     public TokenKeyRecoveryServlet() {
         super();
@@ -79,25 +78,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
         if (authority != null)
             mAuthority = (IAuthority)
                     CMS.getSubsystem(authority);
-        
+
         mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
     }
 
     /**
      * Returns serlvet information.
-     *
+     * 
      * @return name of this servlet
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
-   /**
+    /**
      * Process the HTTP request.
-     *
+     * 
      * @param s The URL to decode
      */
-     protected String URLdecode(String s) {
+    protected String URLdecode(String s) {
         if (s == null)
             return null;
         ByteArrayOutputStream out = new ByteArrayOutputStream(s.length());
@@ -117,7 +116,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
             }
         } // end for
         return out.toString();
-     }
+    }
 
     /*
      * processTokenKeyRecovery
@@ -144,12 +143,11 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
      *   desKey-wrapped-userPrivateKey=value2
      */
     private void processTokenKeyRecovery(HttpServletRequest req,
-      HttpServletResponse resp) throws EBaseException
-    {
+            HttpServletResponse resp) throws EBaseException {
         IRequestQueue queue = mAuthority.getRequestQueue();
         IRequest thisreq = null;
-        
-	//        IConfigStore sconfig = CMS.getConfigStore();
+
+        //        IConfigStore sconfig = CMS.getConfigStore();
         boolean missingParam = false;
         String status = "0";
 
@@ -158,7 +156,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
         String rCUID = req.getParameter("CUID");
         String rUserid = req.getParameter("userid");
         String rdesKeyString = req.getParameter("drm_trans_desKey");
-	String rCert = req.getParameter("cert");
+        String rCert = req.getParameter("cert");
 
         if ((rCUID == null) || (rCUID.equals(""))) {
             CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: CUID");
@@ -171,7 +169,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
         }
 
         if ((rdesKeyString == null) ||
-            (rdesKeyString.equals(""))) {
+                (rdesKeyString.equals(""))) {
             CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: DRM-transportKey-wrapped des key");
             missingParam = true;
         }
@@ -192,18 +190,18 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
             thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString);
             thisreq.setExtData(IRequest.NETKEY_ATTR_USER_CERT, rCert);
 
-	    //XXX auto process for netkey
-	    queue.processRequest( thisreq );
-	    //	    IService svc = (IService) new TokenKeyRecoveryService(kra);
-	    //	    svc.serviceRequest(thisreq);
+            //XXX auto process for netkey
+            queue.processRequest(thisreq);
+            //	    IService svc = (IService) new TokenKeyRecoveryService(kra);
+            //	    svc.serviceRequest(thisreq);
 
             Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
             if (result != null) {
-		// sighs!  tps thinks 0 is good, and drm thinks 1 is good
-		if (result.intValue() == 1)
-		    status ="0";
-		else
-		    status = result.toString();
+                // sighs!  tps thinks 0 is good, and drm thinks 1 is good
+                if (result.intValue() == 1)
+                    status = "0";
+                else
+                    status = result.toString();
             } else
                 status = "7";
 
@@ -218,25 +216,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
         String wrappedPrivKeyString = "";
         String publicKeyString = "";
         String ivString = "";
-	/* if is RECOVERY_PROTOTYPE
-        String recoveryBlobString = "";
+        /* if is RECOVERY_PROTOTYPE
+            String recoveryBlobString = "";
 
-        IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord");
-        byte publicKey_b[] = kr.getPublicKeyData();
+            IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord");
+            byte publicKey_b[] = kr.getPublicKeyData();
 
-        BigInteger serialNo = kr.getSerialNumber();
+            BigInteger serialNo = kr.getSerialNumber();
 
-        String serialNumberString =
-            com.netscape.cmsutil.util.Utils.SpecialEncode(serialNo.toByteArray());
+            String serialNumberString =
+                com.netscape.cmsutil.util.Utils.SpecialEncode(serialNo.toByteArray());
 
-        recoveryBlobString = (String)
-            thisreq.get("recoveryBlob");
-	*/
+            recoveryBlobString = (String)
+                thisreq.get("recoveryBlob");
+        */
 
-        if( thisreq == null ) {
-            CMS.debug( "TokenKeyRecoveryServlet::processTokenKeyRecovery() - "
-                     + "thisreq is null!" );
-            throw new EBaseException( "thisreq is null" );
+        if (thisreq == null) {
+            CMS.debug("TokenKeyRecoveryServlet::processTokenKeyRecovery() - "
+                     + "thisreq is null!");
+            throw new EBaseException("thisreq is null");
         }
 
         publicKeyString = thisreq.getExtDataInString("public_key");
@@ -247,8 +245,8 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
           if (selectedToken == null)
           status = "4";
         */
-        if (!status.equals("0")) 
-            value = "status="+status;
+        if (!status.equals("0"))
+            value = "status=" + status;
         else {
             StringBuffer sb = new StringBuffer();
             sb.append("status=0&");
@@ -259,13 +257,13 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
             sb.append("&iv_param=");
             sb.append(ivString);
             value = sb.toString();
-            
+
         }
-        CMS.debug("ProcessTokenKeyRecovery:outputString.encode " +value);
+        CMS.debug("ProcessTokenKeyRecovery:outputString.encode " + value);
 
-        try{
+        try {
             resp.setContentLength(value.length());
-            CMS.debug("TokenKeyRecoveryServlet:outputString.length " +value.length());
+            CMS.debug("TokenKeyRecoveryServlet:outputString.length " + value.length());
             OutputStream ooss = resp.getOutputStream();
             ooss.write(value.getBytes());
             ooss.flush();
@@ -275,7 +273,6 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
         }
     }
 
-
     /* 
      *   For TokenKeyRecovery
      *
@@ -305,7 +302,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
 
         if (authzToken == null) {
 
-            try{
+            try {
                 resp.setContentType("text/html");
                 String value = "unauthorized=";
                 CMS.debug("TokenKeyRecoveryServlet: Unauthorized");
@@ -315,7 +312,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
                 ooss.write(value.getBytes());
                 ooss.flush();
                 mRenderResult = false;
-            }catch (Exception e) {
+            } catch (Exception e) {
                 CMS.debug("TokenKeyRecoveryServlet: " + e.toString());
             }
 
@@ -324,28 +321,28 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
         }
 
         // begin Netkey serverSideKeyGen and archival
-	CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called");
-	processTokenKeyRecovery(req, resp);
-	return;
+        CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called");
+        processTokenKeyRecovery(req, resp);
+        return;
         // end Netkey functions
 
     }
 
-    /** XXX remember to check peer SSL cert and get RA id later
-     *
+    /**
+     * XXX remember to check peer SSL cert and get RA id later
+     * 
      * Serves HTTP admin request.
-     *
+     * 
      * @param req HTTP request
      * @param resp HTTP response
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         String scope = req.getParameter(Constants.OP_SCOPE);
         String op = req.getParameter(Constants.OP_TYPE);
 
-       super.service(req, resp);
+        super.service(req, resp);
 
- 
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java
index a2509287..8482e71b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.StringTokenizer;
 
@@ -41,19 +40,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class AdminAuthenticatePanel extends WizardPanelBase {
 
-    public AdminAuthenticatePanel() {}
+    public AdminAuthenticatePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Admin Authentication");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Admin Authentication");
         setId(id);
@@ -62,24 +62,24 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
     public boolean isSubPanel() {
         return true;
     }
-                                                                                
+
     /**
      * Should we skip this panel for the configuration.
      */
     public boolean shouldSkip() {
         CMS.debug("AdminAuthenticatePanel: should skip");
-                                                                                
+
         IConfigStore cs = CMS.getConfigStore();
         // if we are root, no need to get the certificate chain.
-                                                                                
+
         try {
-            String select = cs.getString("preop.subsystem.select","");
+            String select = cs.getString("preop.subsystem.select", "");
             if (select.equals("new")) {
                 return true;
             }
         } catch (EBaseException e) {
         }
-                                                                                
+
         return false;
     }
 
@@ -103,15 +103,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -125,12 +126,12 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
         IConfigStore config = CMS.getConfigStore();
 
         if (isPanelDone()) {
-            
+
             try {
                 String s = config.getString("preop.master.admin.uid", "");
                 String type = config.getString("preop.subsystem.select", "");
                 if (type.equals("clone"))
-                    context.put("uid", s); 
+                    context.put("uid", s);
                 else
                     context.put("uid", "");
             } catch (Exception e) {
@@ -170,7 +171,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
         cstype = toLowerCaseSubsystemType(cstype);
 
         if (subsystemtype.equals("clone")) {
-            CMS.debug("AdminAuthenticatePanel: this is the clone subsystem"); 
+            CMS.debug("AdminAuthenticatePanel: this is the clone subsystem");
             String uid = HttpInput.getUID(request, "uid");
             if (uid == null) {
                 context.put("errorString", "Uid is empty");
@@ -185,7 +186,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
             try {
                 host = config.getString("preop.master.hostname");
             } catch (Exception e) {
-                CMS.debug("AdminAuthenticatePanel update: "+e.toString());
+                CMS.debug("AdminAuthenticatePanel update: " + e.toString());
                 context.put("errorString", "Missing hostname for master");
                 throw new IOException("Missing hostname");
             }
@@ -193,7 +194,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
             try {
                 httpsport = config.getInteger("preop.master.httpsadminport");
             } catch (Exception e) {
-                CMS.debug("AdminAuthenticatePanel update: "+e.toString());
+                CMS.debug("AdminAuthenticatePanel update: " + e.toString());
                 context.put("errorString", "Missing port for master");
                 throw new IOException("Missing port");
             }
@@ -235,10 +236,10 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
                 c1.append("cloning.");
                 c1.append(t1);
                 c1.append(".pubkey.encoded");
-                
-                if (s1.length()!=0)
+
+                if (s1.length() != 0)
                     s1.append(",");
- 
+
                 s1.append(cstype);
                 s1.append(".");
                 s1.append(t1);
@@ -248,11 +249,11 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
                 c1.append(",preop.ca.hostname,preop.ca.httpport,preop.ca.httpsport,preop.ca.list,preop.ca.pkcs7,preop.ca.type");
             }
 
-            String content = "uid="+uid+"&pwd="+pwd+"&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString();
+            String content = "uid=" + uid + "&pwd=" + pwd + "&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + c1.toString() + "&substores=" + s1.toString();
 
             boolean success = updateConfigEntries(host, httpsport, true,
-              "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config,
-              response);
+                    "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config,
+                    response);
 
             try {
                 config.commit(false);
@@ -285,16 +286,15 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
      * If validiate() returns false, this method will be called.
      */
     public void displayError(HttpServletRequest request,
-        HttpServletResponse response,
-        Context context)
-    {
+            HttpServletResponse response,
+            Context context) {
         context.put("title", "Admin Authentication");
         context.put("password", "");
         context.put("panel", "admin/console/config/adminauthenticatepanel.vm");
     }
 
     private boolean isCertdbCloned(HttpServletRequest request,
-      Context context) {
+            Context context) {
         IConfigStore config = CMS.getConfigStore();
         String certList = "";
         try {
@@ -306,13 +306,13 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
                 String tokenname = config.getString("preop.module.token", "");
                 CryptoToken tok = cm.getTokenByName(tokenname);
                 CryptoStore store = tok.getCryptoStore();
-                String name1 = "preop.master."+token+".nickname";
+                String name1 = "preop.master." + token + ".nickname";
                 String nickname = config.getString(name1, "");
                 if (!tokenname.equals("Internal Key Storage Token") &&
-                  !tokenname.equals("internal"))
-                    nickname = tokenname+":"+nickname;
+                        !tokenname.equals("internal"))
+                    nickname = tokenname + ":" + nickname;
 
-                CMS.debug("AdminAuthenticatePanel isCertdbCloned: "+nickname);
+                CMS.debug("AdminAuthenticatePanel isCertdbCloned: " + nickname);
                 X509Certificate cert = cm.findCertByNickname(nickname);
                 if (cert == null)
                     return false;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
index 78bb9485..871177a1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
@@ -70,13 +69,14 @@ public class AdminPanel extends WizardPanelBase {
     private static final String ADMIN_UID = "admin";
     private final static String CERT_TAG = "admin";
 
-    public AdminPanel() {}
+    public AdminPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Administrator");
     }
@@ -101,14 +101,15 @@ public class AdminPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
                 null, /* no default parameter */
                 "Email address for an administrator");
@@ -152,7 +153,8 @@ public class AdminPanel extends WizardPanelBase {
         try {
             type = cs.getString("preop.ca.type", "");
             subsystemtype = cs.getString("cs.type", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         if (isPanelDone()) {
             try {
@@ -161,11 +163,12 @@ public class AdminPanel extends WizardPanelBase {
                 context.put("admin_pwd", "");
                 context.put("admin_pwd_again", "");
                 context.put("admin_uid", cs.getString("preop.admin.uid"));
-            } catch (Exception e) {}
+            } catch (Exception e) {
+            }
         } else {
             String def_admin_name = "";
             try {
-              def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId");
+                def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId");
             } catch (EBaseException e) {
             }
             context.put("admin_name", def_admin_name);
@@ -176,7 +179,7 @@ public class AdminPanel extends WizardPanelBase {
         }
         ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca");
 
-        if (ca == null) { 
+        if (ca == null) {
             context.put("ca", "false");
         } else {
             context.put("ca", "true");
@@ -186,13 +189,14 @@ public class AdminPanel extends WizardPanelBase {
         String domainname = "";
         try {
             domainname = cs.getString("securitydomain.name", "");
-        } catch (EBaseException e1) {}
+        } catch (EBaseException e1) {
+        }
         context.put("securityDomain", domainname);
         context.put("title", "Administrator");
         context.put("panel", "admin/console/config/adminpanel.vm");
         context.put("errorString", "");
         context.put("info", info);
-        
+
     }
 
     /**
@@ -200,8 +204,7 @@ public class AdminPanel extends WizardPanelBase {
      */
     public void validate(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) throws IOException
-    {
+            Context context) throws IOException {
         String pwd = HttpInput.getPassword(request, "__pwd");
         String pwd_again = HttpInput.getPassword(request, "__admin_password_again");
         String email = HttpInput.getEmail(request, "email");
@@ -256,13 +259,14 @@ public class AdminPanel extends WizardPanelBase {
         try {
             type = config.getString(PRE_CA_TYPE, "");
             subsystemtype = config.getString("cs.type", "");
-            security_domain_type = config.getString("securitydomain.select","");
+            security_domain_type = config.getString("securitydomain.select", "");
             selected_hierarchy = config.getString("preop.hierarchy.select", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca");
 
-        if (ca == null) { 
+        if (ca == null) {
             context.put("ca", "false");
         } else {
             context.put("ca", "true");
@@ -287,12 +291,12 @@ public class AdminPanel extends WizardPanelBase {
         }
 
         // REMINDER:  This panel is NOT used by "clones"
-        if( ca != null ) {
-            if( selected_hierarchy.equals( "root" ) ) {
-                CMS.debug( "AdminPanel update:  "
+        if (ca != null) {
+            if (selected_hierarchy.equals("root")) {
+                CMS.debug("AdminPanel update:  "
                          + "Root CA subsystem");
             } else {
-                CMS.debug( "AdminPanel update:  "
+                CMS.debug("AdminPanel update:  "
                          + "Subordinate CA subsystem");
             }
 
@@ -310,9 +314,9 @@ public class AdminPanel extends WizardPanelBase {
             int ca_port = -1;
 
             // REMINDER:  This panel is NOT used by "clones"
-            CMS.debug( "AdminPanel update:  "
+            CMS.debug("AdminPanel update:  "
                          + subsystemtype
-                         + " subsystem" );
+                         + " subsystem");
 
             if (type.equals("sdca")) {
                 try {
@@ -339,10 +343,11 @@ public class AdminPanel extends WizardPanelBase {
 
         try {
             config.commit(false);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         context.put("updateStatus", "success");
-    
+
     }
 
     private void createAdmin(HttpServletRequest request) throws IOException {
@@ -459,13 +464,15 @@ public class AdminPanel extends WizardPanelBase {
         try {
             sd_hostname = config.getString("securitydomain.host", "");
             sd_port = config.getInteger("securitydomain.httpseeport");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         String profileId = HttpInput.getID(request, "profileId");
         if (profileId == null) {
             try {
                 profileId = config.getString("preop.admincert.profile", "caAdminCert");
-            } catch (Exception e) {}
+            } catch (Exception e) {
+            }
         }
 
         String cert_request_type = HttpInput.getID(request, "cert_request_type");
@@ -474,7 +481,7 @@ public class AdminPanel extends WizardPanelBase {
         String session_id = CMS.getConfigSDSessionId();
         String subjectDN = HttpInput.getString(request, "subject");
 
-        String content = "profileId="+profileId+"&cert_request_type="+cert_request_type+"&cert_request="+cert_request+"&xmlOutput=true&sessionID="+session_id+"&subject="+subjectDN;
+        String content = "profileId=" + profileId + "&cert_request_type=" + cert_request_type + "&cert_request=" + cert_request + "&xmlOutput=true&sessionID=" + session_id + "&subject=" + subjectDN;
 
         HttpClient httpclient = new HttpClient();
         String c = null;
@@ -497,7 +504,7 @@ public class AdminPanel extends WizardPanelBase {
 
             c = httpresponse.getContent();
             CMS.debug("AdminPanel submitRequest: content=" + c);
-            
+
             // retrieve the request Id ad admin certificate
             if (c != null) {
                 try {
@@ -508,9 +515,9 @@ public class AdminPanel extends WizardPanelBase {
                     try {
                         parser = new XMLObject(bis);
                     } catch (Exception e) {
-                        CMS.debug( "AdminPanel::submitRequest() - "
-                                 + "Exception="+e.toString() );
-                        throw new IOException( e.toString() );
+                        CMS.debug("AdminPanel::submitRequest() - "
+                                 + "Exception=" + e.toString());
+                        throw new IOException(e.toString());
                     }
                     String status = parser.getValue("Status");
 
@@ -525,7 +532,7 @@ public class AdminPanel extends WizardPanelBase {
                         context.put("errorString", error);
                         throw new IOException(error);
                     }
- 
+
                     IConfigStore cs = CMS.getConfigStore();
                     String id = parser.getValue("Id");
 
@@ -539,7 +546,7 @@ public class AdminPanel extends WizardPanelBase {
                             + File.separator + "admin.b64";
 
                     cs.putString("preop.admincert.b64", dir);
-                    PrintStream ps = new PrintStream(new FileOutputStream(dir)); 
+                    PrintStream ps = new PrintStream(new FileOutputStream(dir));
 
                     ps.println(b64);
                     ps.flush();
@@ -564,9 +571,9 @@ public class AdminPanel extends WizardPanelBase {
         String cert_request_type = HttpInput.getID(request, "cert_request_type");
         IConfigStore cs = CMS.getConfigStore();
 
-        if( cs == null ) {
-            CMS.debug( "AdminPanel::createAdminCertificate() - cs is null!" );
-            throw new IOException( "cs is null" );
+        if (cs == null) {
+            CMS.debug("AdminPanel::createAdminCertificate() - cs is null!");
+            throw new IOException("cs is null");
         }
 
         String subject = "";
@@ -582,10 +589,10 @@ public class AdminPanel extends WizardPanelBase {
                         "AdminPanel createAdminCertificate: Exception="
                                 + e.toString());
             }
-        // this request is from IE. The VBScript has problem of generating
-        // certificate request if the subject name has E and UID components.
-        // For now, we always hardcoded the subject DN to be cn=NAME in 
-        // the IE browser.
+            // this request is from IE. The VBScript has problem of generating
+            // certificate request if the subject name has E and UID components.
+            // For now, we always hardcoded the subject DN to be cn=NAME in 
+            // the IE browser.
         } else if (cert_request_type.equals("pkcs10")) {
             try {
                 byte[] b = CMS.AtoB(cert_request);
@@ -594,33 +601,33 @@ public class AdminPanel extends WizardPanelBase {
                 x509key = pkcs10.getSubjectPublicKeyInfo();
             } catch (Exception e) {
                 CMS.debug("AdminPanel createAdminCertificate: Exception="
-                  + e.toString());
+                        + e.toString());
             }
         }
 
-        if( x509key == null ) {
-            CMS.debug( "AdminPanel::createAdminCertificate() - x509key is null!" );
-            throw new IOException( "x509key is null" );
+        if (x509key == null) {
+            CMS.debug("AdminPanel::createAdminCertificate() - x509key is null!");
+            throw new IOException("x509key is null");
         }
 
         try {
             cs.putString(PCERT_PREFIX + CERT_TAG + ".dn", subject);
             String caType = cs.getString(PCERT_PREFIX + CERT_TAG + ".type", "local");
             X509CertImpl impl = CertUtil.createLocalCert(cs, x509key,
-              PCERT_PREFIX, CERT_TAG, caType, context);
+                    PCERT_PREFIX, CERT_TAG, caType, context);
 
             // update the locally created request for renewal
-            CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request,cert_request_type, subject);
+            CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request, cert_request_type, subject);
 
             ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca");
             if (ca != null) {
                 createPKCS7(impl);
             }
             cs.putString("preop.admincert.serialno.0",
-              impl.getSerialNumber().toString(16));
+                    impl.getSerialNumber().toString(16));
         } catch (Exception e) {
             CMS.debug("AdminPanel createAdminCertificate: Exception="
-              + e.toString());
+                    + e.toString());
         }
     }
 
@@ -640,8 +647,9 @@ public class AdminPanel extends WizardPanelBase {
 
         try {
             type = cs.getString("preop.ca.type", "");
-        } catch (Exception e) {}
-        if (ca == null && type.equals("otherca")) { 
+        } catch (Exception e) {
+        }
+        if (ca == null && type.equals("otherca")) {
             info = "Since you do not join the Redhat CA network, the administrator's certificate will not be generated automatically.";
         }
         context.put("info", info);
@@ -655,7 +663,7 @@ public class AdminPanel extends WizardPanelBase {
     public boolean shouldSkip() {
         try {
             IConfigStore c = CMS.getConfigStore();
-            String s = c.getString("preop.subsystem.select",null);
+            String s = c.getString("preop.subsystem.select", null);
             if (s != null && s.equals("clone")) {
                 return true;
             }
@@ -665,11 +673,10 @@ public class AdminPanel extends WizardPanelBase {
         return false;
     }
 
-
     private void createPKCS7(X509CertImpl cert) {
         try {
             IConfigStore cs = CMS.getConfigStore();
-            ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+            ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
             CertificateChain cachain = ca.getCACertChain();
             X509Certificate[] cacerts = cachain.getChain();
             X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
@@ -681,7 +688,7 @@ public class AdminPanel extends WizardPanelBase {
 
             userChain[0] = cert;
             PKCS7 p7 = new PKCS7(new AlgorithmId[0],
-              new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
+                    new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
             ByteArrayOutputStream bos = new ByteArrayOutputStream();
 
             p7.encodeSignedData(bos);
@@ -689,7 +696,7 @@ public class AdminPanel extends WizardPanelBase {
             String p7Str = CMS.BtoA(p7Bytes);
             cs.putString("preop.admincert.pkcs7", CryptoUtil.normalizeCertStr(p7Str));
         } catch (Exception e) {
-            CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: "+e.toString());
+            CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: " + e.toString());
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
index a62b22b7..6bda8749 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 
 import javax.servlet.ServletConfig;
@@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class AgentAuthenticatePanel extends WizardPanelBase {
 
-    public AgentAuthenticatePanel() {}
+    public AgentAuthenticatePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Agent Authentication");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Agent Authentication");
         setId(id);
@@ -57,18 +57,18 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
     public boolean isSubPanel() {
         return true;
     }
-                                                                                
+
     /**
      * Should we skip this panel for the configuration.
      */
     public boolean shouldSkip() {
         CMS.debug("DisplayCertChainPanel: should skip");
-                                                                                
+
         IConfigStore cs = CMS.getConfigStore();
         // if we are root, no need to get the certificate chain.
-                                                                                
+
         try {
-            String select = cs.getString("securitydomain.select","");
+            String select = cs.getString("securitydomain.select", "");
             if (select.equals("new")) {
                 return true;
             }
@@ -78,7 +78,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
                 return true;
         } catch (EBaseException e) {
         }
-                                                                                
+
         return false;
     }
 
@@ -96,15 +96,16 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -118,14 +119,14 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
         IConfigStore config = CMS.getConfigStore();
 
         if (isPanelDone()) {
-            
+
             try {
                 String s = config.getString("preop.ca.agent.uid", "");
                 String type = config.getString("preop.hierarchy.select", "");
                 if (type.equals("root"))
                     context.put("uid", "");
                 else
-                    context.put("uid", s); 
+                    context.put("uid", s);
             } catch (Exception e) {
                 CMS.debug(e.toString());
             }
@@ -143,8 +144,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
      */
     public void validate(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) throws IOException 
-    {
+            Context context) throws IOException {
     }
 
     /**
@@ -182,34 +182,35 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
             try {
                 host = config.getString("preop.ca.hostname");
             } catch (Exception e) {
-                CMS.debug("AgentAuthenticatePanel update: "+e.toString());
+                CMS.debug("AgentAuthenticatePanel update: " + e.toString());
                 context.put("errorString", "Missing hostname");
                 throw new IOException("Missing hostname");
             }
-         
+
             try {
                 httpsport = config.getInteger("preop.ca.httpsport");
             } catch (Exception e) {
-                CMS.debug("AgentAuthenticatePanel update: "+e.toString());
+                CMS.debug("AgentAuthenticatePanel update: " + e.toString());
                 context.put("errorString", "Missing port");
                 throw new IOException("Missing port");
             }
 
-/*
-             // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from
-             //                        web.xml as part of CC interface review
-             boolean authenticated = authenticate(host, httpsport, true,
-             "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd);
+            /*
+                         // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from
+                         //                        web.xml as part of CC interface review
+                         boolean authenticated = authenticate(host, httpsport, true,
+                         "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd);
 
-             if (!authenticated) {
-                 context.put("errorString", "Wrong user id or password");
-                 throw new IOException("Wrong user id or password");
-             }
-*/
+                         if (!authenticated) {
+                             context.put("errorString", "Wrong user id or password");
+                             throw new IOException("Wrong user id or password");
+                         }
+            */
 
             try {
                 config.commit(false);
-            } catch (EBaseException e) {}
+            } catch (EBaseException e) {
+            }
         }
     }
 
@@ -217,9 +218,8 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
      * If validiate() returns false, this method will be called.
      */
     public void displayError(HttpServletRequest request,
-        HttpServletResponse response,
-        Context context)
-    {
+            HttpServletResponse response,
+            Context context) {
         context.put("password", "");
         context.put("title", "Agent Authentication");
         context.put("panel", "admin/console/config/agentauthenticatepanel.vm");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java
index ceab1d8d..6700b931 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 
 import javax.servlet.ServletConfig;
@@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class AuthenticatePanel extends WizardPanelBase {
 
-    public AuthenticatePanel() {}
+    public AuthenticatePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Authentication");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Authentication");
         setId(id);
@@ -62,21 +62,22 @@ public class AuthenticatePanel extends WizardPanelBase {
     public boolean isPanelDone() {
         IConfigStore cs = CMS.getConfigStore();
         try {
-            String s = cs.getString("preop.ca.agent.uid","");
+            String s = cs.getString("preop.ca.agent.uid", "");
             if (s == null || s.equals("")) {
                 return false;
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -90,14 +91,14 @@ public class AuthenticatePanel extends WizardPanelBase {
         IConfigStore config = CMS.getConfigStore();
 
         if (isPanelDone()) {
-            
+
             try {
                 String s = config.getString("preop.ca.agent.uid", "");
                 String type = config.getString("preop.hierarchy.select", "");
                 if (type.equals("root"))
                     context.put("uid", "");
                 else
-                    context.put("uid", s); 
+                    context.put("uid", s);
             } catch (Exception e) {
                 CMS.debug(e.toString());
             }
@@ -151,30 +152,31 @@ public class AuthenticatePanel extends WizardPanelBase {
             try {
                 host = config.getString("preop.ca.hostname");
             } catch (Exception e) {
-                CMS.debug("AuthenticatePanel update: "+e.toString());
+                CMS.debug("AuthenticatePanel update: " + e.toString());
                 context.put("errorString", "Missing hostname");
                 throw new IOException("Missing hostname");
             }
-         
+
             try {
                 httpsport = config.getInteger("preop.ca.httpsport");
             } catch (Exception e) {
-                CMS.debug("AuthenticatePanel update: "+e.toString());
+                CMS.debug("AuthenticatePanel update: " + e.toString());
                 context.put("errorString", "Missing port");
                 throw new IOException("Missing port");
             }
 
-             boolean authenticated = authenticate(host, httpsport, true,
-             "/ca/ee/ca/configSubsystem", "uid="+uid+"&pwd="+pwd);
+            boolean authenticated = authenticate(host, httpsport, true,
+                    "/ca/ee/ca/configSubsystem", "uid=" + uid + "&pwd=" + pwd);
 
-             if (!authenticated) {
-                 context.put("errorString", "Wrong user id or password");
-                 throw new IOException("Wrong user id or password");
-             }
+            if (!authenticated) {
+                context.put("errorString", "Wrong user id or password");
+                throw new IOException("Wrong user id or password");
+            }
 
             try {
                 config.commit(false);
-            } catch (EBaseException e) {}
+            } catch (EBaseException e) {
+            }
         }
     }
 
@@ -182,9 +184,8 @@ public class AuthenticatePanel extends WizardPanelBase {
      * If validiate() returns false, this method will be called.
      */
     public void displayError(HttpServletRequest request,
-        HttpServletResponse response,
-        Context context)
-    {
+            HttpServletResponse response,
+            Context context) {
         context.put("password", "");
         context.put("panel", "admin/console/config/authenticatepanel.vm");
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
index 77977808..c1529f25 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.CharConversionException;
 import java.io.IOException;
@@ -71,19 +70,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
 
 public class BackupKeyCertPanel extends WizardPanelBase {
 
-    public BackupKeyCertPanel() {}
+    public BackupKeyCertPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Export Keys and Certificates");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Export Keys and Certificates");
         setId(id);
@@ -105,11 +105,11 @@ public class BackupKeyCertPanel extends WizardPanelBase {
 
         try {
             String s = cs.getString("preop.module.token", "");
-            if (s.equals("Internal Key Storage Token")) 
+            if (s.equals("Internal Key Storage Token"))
                 return false;
         } catch (Exception e) {
         }
- 
+
         return true;
     }
 
@@ -122,15 +122,16 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -170,7 +171,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
      * Checks if the given parameters are valid.
      */
     public void validate(HttpServletRequest request,
-      HttpServletResponse response, Context context) throws IOException {
+            HttpServletResponse response, Context context) throws IOException {
         String select = HttpInput.getID(request, "choice");
         if (select.equals("backupkey")) {
             String pwd = request.getParameter("__pwd");
@@ -219,9 +220,8 @@ public class BackupKeyCertPanel extends WizardPanelBase {
      * If validiate() returns false, this method will be called.
      */
     public void displayError(HttpServletRequest request,
-        HttpServletResponse response,
-        Context context)
-    {
+            HttpServletResponse response,
+            Context context) {
         String select = "";
         try {
             select = HttpInput.getID(request, "choice");
@@ -242,8 +242,8 @@ public class BackupKeyCertPanel extends WizardPanelBase {
         context.put("panel", "admin/console/config/backupkeycertpanel.vm");
     }
 
-    public void backupKeysCerts(HttpServletRequest request) 
-      throws IOException {
+    public void backupKeysCerts(HttpServletRequest request)
+            throws IOException {
         CMS.debug("BackupKeyCertPanel backupKeysCerts: start");
         IConfigStore cs = CMS.getConfigStore();
         String certlist = "";
@@ -257,9 +257,9 @@ public class BackupKeyCertPanel extends WizardPanelBase {
         try {
             cm = CryptoManager.getInstance();
         } catch (Exception e) {
-            CMS.debug( "BackupKeyCertPanel::backupKeysCerts() - "
-                     + "Exception="+e.toString() );
-            throw new IOException( e.toString() );
+            CMS.debug("BackupKeyCertPanel::backupKeysCerts() - "
+                     + "Exception=" + e.toString());
+            throw new IOException(e.toString());
         }
 
         String pwd = request.getParameter("__pwd");
@@ -273,12 +273,12 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             String nickname = "";
             String modname = "";
             try {
-                nickname = cs.getString("preop.cert."+t+".nickname");
+                nickname = cs.getString("preop.cert." + t + ".nickname");
                 modname = cs.getString("preop.module.token");
             } catch (Exception e) {
             }
             if (!modname.equals("Internal Key Storage Token"))
-                nickname = modname+":"+nickname;
+                nickname = modname + ":" + nickname;
 
             X509Certificate x509cert = null;
             byte localKeyId[] = null;
@@ -288,7 +288,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             } catch (IOException e) {
                 throw e;
             } catch (Exception e) {
-                CMS.debug("BackupKeyCertPanel: Exception="+e.toString());
+                CMS.debug("BackupKeyCertPanel: Exception=" + e.toString());
                 throw new IOException("Failed to create pkcs12 file.");
             }
 
@@ -296,14 +296,14 @@ public class BackupKeyCertPanel extends WizardPanelBase {
                 PrivateKey pkey = cm.findPrivKeyByCert(x509cert);
                 addKeyBag(pkey, x509cert, pass, localKeyId, encSafeContents);
             } catch (Exception e) {
-                CMS.debug("BackupKeyCertPanel: Exception="+e.toString());
+                CMS.debug("BackupKeyCertPanel: Exception=" + e.toString());
                 throw new IOException("Failed to create pkcs12 file.");
             }
         } //while loop
-   
+
         X509Certificate[] cacerts = cm.getCACerts();
 
-        for (int i=0; i<cacerts.length; i++) {
+        for (int i = 0; i < cacerts.length; i++) {
             //String nickname = cacerts[i].getSubjectDN().toString();
             String nickname = null;
             try {
@@ -311,7 +311,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             } catch (IOException e) {
                 throw e;
             } catch (Exception e) {
-                CMS.debug("BackupKeyCertPanel backKeysCerts: Exception="+e.toString());
+                CMS.debug("BackupKeyCertPanel backKeysCerts: Exception=" + e.toString());
                 throw new IOException("Failed to create pkcs12 file.");
             }
         }
@@ -319,9 +319,9 @@ public class BackupKeyCertPanel extends WizardPanelBase {
         try {
             AuthenticatedSafes authSafes = new AuthenticatedSafes();
             authSafes.addSafeContents(safeContents);
-            authSafes.addSafeContents(encSafeContents);                  
+            authSafes.addSafeContents(encSafeContents);
             PFX pfx = new PFX(authSafes);
-            pfx.computeMacData(pass, null, 5); 
+            pfx.computeMacData(pass, null, 5);
             ByteArrayOutputStream bos = new ByteArrayOutputStream();
             pfx.encode(bos);
             byte[] output = bos.toByteArray();
@@ -329,13 +329,13 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             pass.clear();
             cs.commit(false);
         } catch (Exception e) {
-            CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception="+e.toString());
+            CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception=" + e.toString());
         }
     }
 
     private void addKeyBag(PrivateKey pkey, X509Certificate x509cert,
-      Password pass, byte[] localKeyId, SEQUENCE safeContents) 
-      throws IOException {
+            Password pass, byte[] localKeyId, SEQUENCE safeContents)
+            throws IOException {
         try {
             PasswordConverter passConverter = new PasswordConverter();
 
@@ -344,23 +344,23 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             byte[] priData = getEncodedKey(pkey);
 
             PrivateKeyInfo pki = (PrivateKeyInfo)
-              ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData);
+                    ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData);
             ASN1Value key = EncryptedPrivateKeyInfo.createPBE(
-              PBEAlgorithm.PBE_SHA1_DES3_CBC,
-              pass, salt, 1, passConverter, pki);
+                    PBEAlgorithm.PBE_SHA1_DES3_CBC,
+                    pass, salt, 1, passConverter, pki);
             SET keyAttrs = createBagAttrs(
-              x509cert.getSubjectDN().toString(), localKeyId);
-            SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, 
-              key, keyAttrs);
+                    x509cert.getSubjectDN().toString(), localKeyId);
+            SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG,
+                    key, keyAttrs);
             safeContents.addElement(keyBag);
         } catch (Exception e) {
-            CMS.debug("BackupKeyCertPanel getKeyBag: Exception="+e.toString());
+            CMS.debug("BackupKeyCertPanel getKeyBag: Exception=" + e.toString());
             throw new IOException("Failed to create pk12 file.");
         }
     }
 
-    private byte[] addCertBag(X509Certificate x509cert, String nickname, 
-      SEQUENCE safeContents) throws IOException {
+    private byte[] addCertBag(X509Certificate x509cert, String nickname,
+            SEQUENCE safeContents) throws IOException {
         byte[] localKeyId = null;
         try {
             ASN1Value cert = new OCTET_STRING(x509cert.getEncoded());
@@ -369,10 +369,10 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             if (nickname != null)
                 certAttrs = createBagAttrs(nickname, localKeyId);
             SafeBag certBag = new SafeBag(SafeBag.CERT_BAG,
-              new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs);
+                    new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs);
             safeContents.addElement(certBag);
         } catch (Exception e) {
-            CMS.debug("BackupKeyCertPanel addCertBag: "+e.toString());
+            CMS.debug("BackupKeyCertPanel addCertBag: " + e.toString());
             throw new IOException("Failed to create pk12 file.");
         }
 
@@ -386,7 +386,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3);
             SymmetricKey sk = kg.generate();
             KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
-            byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1};
+            byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
             IVParameterSpec param = new IVParameterSpec(iv);
             wrapper.initWrap(sk, param);
             byte[] enckey = wrapper.wrap(pkey);
@@ -395,14 +395,14 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             byte[] recovered = c.doFinal(enckey);
             return recovered;
         } catch (Exception e) {
-            CMS.debug("BackupKeyCertPanel getEncodedKey: Exception="+e.toString());
+            CMS.debug("BackupKeyCertPanel getEncodedKey: Exception=" + e.toString());
         }
 
         return null;
     }
 
-    private byte[] createLocalKeyId(X509Certificate cert) 
-      throws IOException {
+    private byte[] createLocalKeyId(X509Certificate cert)
+            throws IOException {
         try {
             // SHA1 hash of the X509Cert der encoding
             byte certDer[] = cert.getEncoded();
@@ -412,16 +412,16 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             md.update(certDer);
             return md.digest();
         } catch (CertificateEncodingException e) {
-            CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString());
+            CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + e.toString());
             throw new IOException("Failed to encode certificate.");
         } catch (NoSuchAlgorithmException e) {
-            CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString());
+            CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + e.toString());
             throw new IOException("No such algorithm supported.");
         }
     }
 
     private SET createBagAttrs(String nickName, byte localKeyId[])
-      throws IOException {
+            throws IOException {
         try {
             SET attrs = new SET();
             SEQUENCE nickNameAttr = new SEQUENCE();
@@ -442,7 +442,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             attrs.addElement(localKeyAttr);
             return attrs;
         } catch (CharConversionException e) {
-            CMS.debug("BackupKeyCertPanel createBagAttrs: Exception="+e.toString());
+            CMS.debug("BackupKeyCertPanel createBagAttrs: Exception=" + e.toString());
             throw new IOException("Failed to create PKCS12 file.");
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
index 01d06631..9bb81902 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 
@@ -30,7 +29,6 @@ import org.apache.velocity.servlet.VelocityServlet;
 
 import com.netscape.certsrv.apps.CMS;
 
-
 public class BaseServlet extends VelocityServlet {
 
     /**
@@ -53,7 +51,8 @@ public class BaseServlet extends VelocityServlet {
         if (pin == null) {
             try {
                 response.sendRedirect("login");
-            } catch (IOException e) {}
+            } catch (IOException e) {
+            }
             return false;
         }
         return true;
@@ -70,25 +69,25 @@ public class BaseServlet extends VelocityServlet {
             // __ (double underscores); however, in the event that
             // a security parameter slips through, we perform multiple
             // additional checks to insure that it is NOT displayed
-            if( pn.startsWith("__")                         ||
-                pn.endsWith("password")                     ||
-                pn.endsWith("passwd")                       ||
-                pn.endsWith("pwd")                          ||
-                pn.equalsIgnoreCase("admin_password_again") ||
-                pn.equalsIgnoreCase("directoryManagerPwd")  ||
-                pn.equalsIgnoreCase("bindpassword")         ||
-                pn.equalsIgnoreCase("bindpwd")              ||
-                pn.equalsIgnoreCase("passwd")               ||
-                pn.equalsIgnoreCase("password")             ||
-                pn.equalsIgnoreCase("pin")                  ||
-                pn.equalsIgnoreCase("pwd")                  ||
-                pn.equalsIgnoreCase("pwdagain")             ||
-                pn.equalsIgnoreCase("uPasswd") ) {
-               CMS.debug("BaseServlet::service() param name='" + pn +
-                         "' value='(sensitive)'" );
+            if (pn.startsWith("__") ||
+                    pn.endsWith("password") ||
+                    pn.endsWith("passwd") ||
+                    pn.endsWith("pwd") ||
+                    pn.equalsIgnoreCase("admin_password_again") ||
+                    pn.equalsIgnoreCase("directoryManagerPwd") ||
+                    pn.equalsIgnoreCase("bindpassword") ||
+                    pn.equalsIgnoreCase("bindpwd") ||
+                    pn.equalsIgnoreCase("passwd") ||
+                    pn.equalsIgnoreCase("password") ||
+                    pn.equalsIgnoreCase("pin") ||
+                    pn.equalsIgnoreCase("pwd") ||
+                    pn.equalsIgnoreCase("pwdagain") ||
+                    pn.equalsIgnoreCase("uPasswd")) {
+                CMS.debug("BaseServlet::service() param name='" + pn +
+                         "' value='(sensitive)'");
             } else {
-               CMS.debug("BaseServlet::service() param name='" + pn +
-                         "' value='" + httpReq.getParameter(pn) + "'" );
+                CMS.debug("BaseServlet::service() param name='" + pn +
+                         "' value='" + httpReq.getParameter(pn) + "'");
             }
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
index 33a0ff69..f80957d1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.net.URL;
 import java.util.StringTokenizer;
@@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class CAInfoPanel extends WizardPanelBase {
 
-    public CAInfoPanel() {}
+    public CAInfoPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("CA Information");
     }
 
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) 
-        throws ServletException {
+    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
+            throws ServletException {
         setPanelNo(panelno);
         setName("CA Information");
         setId(id);
@@ -82,14 +82,15 @@ public class CAInfoPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         return set;
     }
 
@@ -118,15 +119,18 @@ public class CAInfoPanel extends WizardPanelBase {
 
             try {
                 hostname = cs.getString("preop.ca.hostname");
-            } catch (Exception e) {}
+            } catch (Exception e) {
+            }
 
             try {
                 httpport = cs.getString("preop.ca.httpport");
-            } catch (Exception e) {}
+            } catch (Exception e) {
+            }
 
             try {
                 httpsport = cs.getString("preop.ca.httpsport");
-            } catch (Exception e) {}
+            } catch (Exception e) {
+            }
 
             if (type.equals("sdca")) {
                 context.put("check_sdca", "checked");
@@ -143,12 +147,12 @@ public class CAInfoPanel extends WizardPanelBase {
         String cstype = "CA";
         String portType = "SecurePort";
 
-/*
-        try {
-            cstype = cs.getString("cs.type", "");
-        } catch (EBaseException e) {}
-*/
-                                                                                
+        /*
+                try {
+                    cstype = cs.getString("cs.type", "");
+                } catch (EBaseException e) {}
+        */
+
         CMS.debug("CAInfoPanel: Ready to get url");
         Vector v = getUrlListFromSecurityDomain(cs, cstype, portType);
         v.addElement("External CA");
@@ -163,12 +167,13 @@ public class CAInfoPanel extends WizardPanelBase {
                 list.append(",");
             }
         }
-                                                                                
+
         try {
             cs.putString("preop.ca.list", list.toString());
             cs.commit(false);
-        } catch (Exception e) {}
-                                                                                
+        } catch (Exception e) {
+        }
+
         context.put("urls", v);
 
         context.put("sdcaHostname", hostname);
@@ -213,25 +218,26 @@ public class CAInfoPanel extends WizardPanelBase {
 
         String select = null;
         String index = request.getParameter("urls");
-        String url = ""; 
+        String url = "";
         if (index.startsWith("http")) {
-           // user may submit url directlry
-           url = index;
+            // user may submit url directlry
+            url = index;
         } else {
-          try {
-            int x = Integer.parseInt(index);
-            String list = config.getString("preop.ca.list", "");
-            StringTokenizer tokenizer = new StringTokenizer(list, ",");
-            int counter = 0;
-
-            while (tokenizer.hasMoreTokens()) {
-                url = tokenizer.nextToken();
-                if (counter == x) {
-                    break;
+            try {
+                int x = Integer.parseInt(index);
+                String list = config.getString("preop.ca.list", "");
+                StringTokenizer tokenizer = new StringTokenizer(list, ",");
+                int counter = 0;
+
+                while (tokenizer.hasMoreTokens()) {
+                    url = tokenizer.nextToken();
+                    if (counter == x) {
+                        break;
+                    }
+                    counter++;
                 }
-                counter++;
+            } catch (Exception e) {
             }
-          } catch (Exception e) {}
         }
 
         URL urlx = null;
@@ -240,7 +246,7 @@ public class CAInfoPanel extends WizardPanelBase {
             select = "otherca";
             config.putString("preop.ca.pkcs7", "");
             config.putInteger("preop.ca.certchain.size", 0);
-        } else { 
+        } else {
             select = "sdca";
 
             // parse URL (CA1 - https://...)
@@ -272,7 +278,8 @@ public class CAInfoPanel extends WizardPanelBase {
 
         try {
             config.commit(false);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
     }
 
     private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException {
@@ -301,9 +308,9 @@ public class CAInfoPanel extends WizardPanelBase {
         config.putString("preop.ca.hostname", hostname);
         config.putString("preop.ca.httpsport", httpsPortStr);
         ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
-        updateCertChainUsingSecureEEPort( config, "ca", hostname,
+        updateCertChainUsingSecureEEPort(config, "ca", hostname,
                                           httpsport, true, context,
-                                          certApprovalCallback );
+                                          certApprovalCallback);
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java
index fb8c2d9c..0aedded8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java
@@ -17,9 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
-
-
 public class Cert {
     private String mNickname = "";
     private String mTokenname = "";
@@ -116,8 +113,8 @@ public class Cert {
     }
 
     public String escapeForHTML(String s) {
-      s = s.replaceAll("\"", "&quot;");
-      return s;
+        s = s.replaceAll("\"", "&quot;");
+        return s;
     }
 
     public String getEscapedDN() {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java
index 30bcc78d..119dead0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.Locale;
 import java.util.StringTokenizer;
@@ -42,19 +41,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
 public class CertPrettyPrintPanel extends WizardPanelBase {
     private Vector mCerts = null;
 
-    public CertPrettyPrintPanel() {}
+    public CertPrettyPrintPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Certificates");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Certificates");
         setId(id);
@@ -63,7 +63,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
     public PropertySet getUsage() {
         // expects no input from client
         PropertySet set = new PropertySet();
-                                                                                
+
         return set;
     }
 
@@ -83,7 +83,8 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         return false;
     }
@@ -153,7 +154,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
                 } catch (Exception e) {
                     CMS.debug(
                             "CertPrettyPrintPanel: display() certTag " + certTag
-                            + " Exception caught: " + e.toString());
+                                    + " Exception caught: " + e.toString());
                 }
             }
         } catch (Exception e) {
@@ -192,7 +193,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
             config.commit(false);
         } catch (EBaseException e) {
             CMS.debug(
-                  "CertPrettyPrintPanel: update() Exception caught at config commit: "
+                    "CertPrettyPrintPanel: update() Exception caught at config commit: "
                             + e.toString());
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
index 5e783b1a..72e145d6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.Principal;
@@ -58,19 +57,20 @@ public class CertRequestPanel extends WizardPanelBase {
     private Vector mCerts = null;
     private WizardServlet mServlet = null;
 
-    public CertRequestPanel() {}
+    public CertRequestPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Requests & Certificates");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Requests and Certificates");
         mServlet = servlet;
@@ -80,13 +80,13 @@ public class CertRequestPanel extends WizardPanelBase {
     // XXX how do you do this?  There could be multiple certs.
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
                 null, /* no default parameters */
                 null);
 
         set.add("cert", certDesc);
-                                                                                
+
         return set;
     }
 
@@ -95,13 +95,13 @@ public class CertRequestPanel extends WizardPanelBase {
      */
     public boolean showApplyButton() {
         if (isPanelDone())
-          return false;
+            return false;
         else
-          return true;
+            return true;
     }
 
-    private boolean findCertificate(String tokenname, String nickname) 
-      throws IOException {
+    private boolean findCertificate(String tokenname, String nickname)
+            throws IOException {
         IConfigStore cs = CMS.getConfigStore();
         CryptoManager cm = null;
         try {
@@ -114,7 +114,7 @@ public class CertRequestPanel extends WizardPanelBase {
         boolean hardware = false;
         if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) {
             hardware = true;
-            fullnickname = tokenname+":"+nickname;
+            fullnickname = tokenname + ":" + nickname;
         }
 
         try {
@@ -126,16 +126,16 @@ public class CertRequestPanel extends WizardPanelBase {
                 return true;
             } catch (Exception ee) {
                 if (hardware) {
-                    CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding.");
-                    throw new IOException("The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding.");
+                    CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: " + fullnickname + " has been found on HSM. Please remove it before proceeding.");
+                    throw new IOException("The certificate with the same nickname: " + fullnickname + " has been found on HSM. Please remove it before proceeding.");
                 }
                 return true;
             }
         } catch (IOException e) {
-            CMS.debug("CertRequestPanel findCertificate: throw exception:"+e.toString());
+            CMS.debug("CertRequestPanel findCertificate: throw exception:" + e.toString());
             throw e;
         } catch (Exception e) {
-            CMS.debug("CertRequestPanel findCertificate: Exception="+e.toString());
+            CMS.debug("CertRequestPanel findCertificate: Exception=" + e.toString());
             return false;
         }
     }
@@ -148,13 +148,13 @@ public class CertRequestPanel extends WizardPanelBase {
         try {
             select = cs.getString("preop.subsystem.select", "");
             list = cs.getString("preop.cert.list", "");
-            tokenname = cs.getString("preop.module.token", "");      
+            tokenname = cs.getString("preop.module.token", "");
         } catch (Exception e) {
         }
 
         ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
-          ICertificateAuthority.ID);
-        
+                ICertificateAuthority.ID);
+
         if (ca != null) {
             CMS.debug("CertRequestPanel cleanup: get certificate repository");
             BigInteger beginS = null;
@@ -176,27 +176,26 @@ public class CertRequestPanel extends WizardPanelBase {
                 try {
                     cr.removeCertRecords(beginS, endS);
                 } catch (Exception e) {
-                    CMS.debug("CertRequestPanel cleanUp exception in removing all objects: "+e.toString());
+                    CMS.debug("CertRequestPanel cleanUp exception in removing all objects: " + e.toString());
                 }
-      
+
                 try {
-                    cr.resetSerialNumber(new BigInteger(beginNum,16));
+                    cr.resetSerialNumber(new BigInteger(beginNum, 16));
                 } catch (Exception e) {
-                    CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: "+e.toString());
+                    CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: " + e.toString());
                 }
             }
         }
 
-
         StringTokenizer st = new StringTokenizer(list, ",");
         String nickname = "";
         boolean enable = false;
         while (st.hasMoreTokens()) {
             String t = st.nextToken();
-          
+
             try {
-                enable = cs.getBoolean(PCERT_PREFIX+t+".enable", true);
-                nickname = cs.getString(PCERT_PREFIX +t+".nickname", "");
+                enable = cs.getBoolean(PCERT_PREFIX + t + ".enable", true);
+                nickname = cs.getString(PCERT_PREFIX + t + ".nickname", "");
             } catch (Exception e) {
             }
 
@@ -208,10 +207,10 @@ public class CertRequestPanel extends WizardPanelBase {
 
             if (findCertificate(tokenname, nickname)) {
                 try {
-                    CMS.debug("CertRequestPanel cleanup: deleting certificate ("+nickname+").");
-                        deleteCert(tokenname, nickname);
+                    CMS.debug("CertRequestPanel cleanup: deleting certificate (" + nickname + ").");
+                    deleteCert(tokenname, nickname);
                 } catch (Exception e) {
-                    CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" +nickname+"). Exception: " +e.toString());
+                    CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" + nickname + "). Exception: " + e.toString());
                 }
             }
         }
@@ -235,7 +234,8 @@ public class CertRequestPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         return false;
     }
@@ -254,9 +254,9 @@ public class CertRequestPanel extends WizardPanelBase {
 
                 CMS.debug(
                         "CertRequestPanel getCert: certTag=" + certTag
-                        + " cert=" + certs);
+                                + " cert=" + certs);
                 //get and set formated cert
-                if (!certs.startsWith("...")) { 
+                if (!certs.startsWith("...")) {
                     certf = CryptoUtil.certFormat(certs);
                 }
                 cert.setCert(certf);
@@ -266,7 +266,7 @@ public class CertRequestPanel extends WizardPanelBase {
                 CertPrettyPrint pp = new CertPrettyPrint(certb);
                 cert.setCertpp(pp.toString(Locale.getDefault()));
             } else {
-                CMS.debug( "CertRequestPanel::getCert() - cert is null!" );
+                CMS.debug("CertRequestPanel::getCert() - cert is null!");
                 return;
             }
             String userfriendlyname = config.getString(
@@ -285,18 +285,16 @@ public class CertRequestPanel extends WizardPanelBase {
     }
 
     public X509Key getECCX509Key(IConfigStore config, String certTag)
-                     throws Exception
-    {
+                     throws Exception {
         X509Key pubk = null;
         String pubKeyEncoded = config.getString(
                     PCERT_PREFIX + certTag + ".pubkey.encoded");
-        pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); 
+        pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded));
         return pubk;
     }
 
     public X509Key getRSAX509Key(IConfigStore config, String certTag)
-                     throws Exception
-    {
+                     throws Exception {
         X509Key pubk = null;
 
         String pubKeyModulus = config.getString(
@@ -305,7 +303,7 @@ public class CertRequestPanel extends WizardPanelBase {
                     PCERT_PREFIX + certTag + ".pubkey.exponent");
         pubk = CryptoUtil.getPublicX509Key(
                    CryptoUtil.string2byte(pubKeyModulus),
-                   CryptoUtil.string2byte(pubKeyPublicExponent)); 
+                   CryptoUtil.string2byte(pubKeyPublicExponent));
         return pubk;
     }
 
@@ -323,8 +321,8 @@ public class CertRequestPanel extends WizardPanelBase {
             } else if (pubKeyType.equals("ecc")) {
                 pubk = getECCX509Key(config, certTag);
             } else {
-                CMS.debug( "CertRequestPanel::handleCertRequest() - "
-                         + "pubKeyType " + pubKeyType + " is unsupported!" );
+                CMS.debug("CertRequestPanel::handleCertRequest() - "
+                         + "pubKeyType " + pubKeyType + " is unsupported!");
                 return;
             }
 
@@ -341,7 +339,7 @@ public class CertRequestPanel extends WizardPanelBase {
                     PCERT_PREFIX + certTag + ".privkey.id");
             CMS.debug("CertRequestPanel: privKeyID=" + privKeyID);
             byte[] keyIDb = CryptoUtil.string2byte(privKeyID);
-	      
+
             PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb);
 
             if (privk != null) {
@@ -349,7 +347,7 @@ public class CertRequestPanel extends WizardPanelBase {
             } else {
                 CMS.debug("CertRequestPanel: error getting private key null");
             }
-	    
+
             // construct cert request
             String caDN = config.getString(PCERT_PREFIX + certTag + ".dn");
 
@@ -361,7 +359,7 @@ public class CertRequestPanel extends WizardPanelBase {
             byte[] certReqb = certReq.toByteArray();
             String certReqs = CryptoUtil.base64Encode(certReqb);
             String certReqf = CryptoUtil.reqFormat(certReqs);
-		
+
             String subsystem = config.getString(
                             PCERT_PREFIX + certTag + ".subsystem");
             config.putString(subsystem + "." + certTag + ".certreq", certReqs);
@@ -410,7 +408,7 @@ public class CertRequestPanel extends WizardPanelBase {
                             PCERT_PREFIX + certTag + ".type");
 
                     c.setType(type);
-                    boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true);
+                    boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
                     c.setEnable(enable);
                     getCert(config, context, certTag, c);
 
@@ -458,7 +456,7 @@ public class CertRequestPanel extends WizardPanelBase {
             if (issuerDN.equals(subjectDN))
                 return true;
         } catch (Exception e) {
-            CMS.debug("CertRequestPanel findBootstrapServerCert Exception="+e.toString());
+            CMS.debug("CertRequestPanel findBootstrapServerCert Exception=" + e.toString());
         }
 
         return false;
@@ -472,7 +470,7 @@ public class CertRequestPanel extends WizardPanelBase {
 
             deleteCert("Internal Key Storage Token", nickname);
         } catch (Exception e) {
-            CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception="+e.toString());
+            CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception=" + e.toString());
         }
     }
 
@@ -502,7 +500,7 @@ public class CertRequestPanel extends WizardPanelBase {
 
             String tokenname = "";
             try {
-                tokenname = config.getString("preop.module.token", "");      
+                tokenname = config.getString("preop.module.token", "");
             } catch (Exception e) {
             }
 
@@ -510,11 +508,11 @@ public class CertRequestPanel extends WizardPanelBase {
                 Cert cert = (Cert) c.nextElement();
                 String certTag = cert.getCertTag();
                 String subsystem = cert.getSubsystem();
-                boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true);
+                boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
                 if (!enable)
                     continue;
 
-                if (hasErr) 
+                if (hasErr)
                     continue;
 
                 String nickname = cert.getNickname();
@@ -533,20 +531,20 @@ public class CertRequestPanel extends WizardPanelBase {
                             PCERT_PREFIX + certTag + ".keytype");
                     X509Key x509key = null;
                     if (pubKeyType.equals("rsa")) {
-                      x509key = getRSAX509Key(config, certTag);
+                        x509key = getRSAX509Key(config, certTag);
                     } else if (pubKeyType.equals("ecc")) {
-                      x509key = getECCX509Key(config, certTag);
+                        x509key = getECCX509Key(config, certTag);
                     }
-                        
+
                     if (findCertificate(tokenname, nickname)) {
                         if (!certTag.equals("sslserver"))
-                            continue; 
+                            continue;
                     }
-                    X509CertImpl impl = CertUtil.createLocalCert(config, x509key, 
+                    X509CertImpl impl = CertUtil.createLocalCert(config, x509key,
                             PCERT_PREFIX, certTag, cert.getType(), context);
 
                     if (impl != null) {
-                        byte[] certb = impl.getEncoded(); 
+                        byte[] certb = impl.getEncoded();
                         String certs = CryptoUtil.base64Encode(certb);
 
                         cert.setCert(certs);
@@ -574,13 +572,13 @@ public class CertRequestPanel extends WizardPanelBase {
                                             + certTag + " Exception: "
                                             + ee.toString());
                             CMS.debug("ok");
-//                            hasErr = true;
+                            //                            hasErr = true;
                         }
                     }
                 } else if (cert.getType().equals("remote")) {
                     if (b64 != null && b64.length() > 0
                             && !b64.startsWith("...")) {
-                        String b64chain = HttpInput.getCertChain(request, certTag+"_cc");
+                        String b64chain = HttpInput.getCertChain(request, certTag + "_cc");
                         CMS.debug(
                                 "CertRequestPanel: in update() process remote...import cert");
 
@@ -590,11 +588,11 @@ public class CertRequestPanel extends WizardPanelBase {
                             try {
                                 if (certTag.equals("sslserver") && findBootstrapServerCert())
                                     deleteBootstrapServerCert();
-                                if (findCertificate(tokenname, nickname)) { 
-                                        deleteCert(tokenname, nickname);
+                                if (findCertificate(tokenname, nickname)) {
+                                    deleteCert(tokenname, nickname);
                                 }
                             } catch (Exception e) {
-                                CMS.debug("CertRequestPanel update (remote): deleteCert Exception="+e.toString());
+                                CMS.debug("CertRequestPanel update (remote): deleteCert Exception=" + e.toString());
                             }
                             input = CryptoUtil.stripCertBrackets(input.trim());
                             String certs = CryptoUtil.normalizeCertStr(input);
@@ -619,21 +617,21 @@ public class CertRequestPanel extends WizardPanelBase {
                                     leaf = certchains[certchains.length - 1];
                                 }
 
-                                if( leaf == null ) {
-                                    CMS.debug( "CertRequestPanel::update() - "
-                                             + "leaf is null!" );
-                                    throw new IOException( "leaf is null" );
+                                if (leaf == null) {
+                                    CMS.debug("CertRequestPanel::update() - "
+                                             + "leaf is null!");
+                                    throw new IOException("leaf is null");
                                 }
 
                                 if (/*(certchains.length <= 1) &&*/
-				    (b64chain != null && b64chain.length() != 0)) {
-                                  CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain);
-                                  try {
-                                    CryptoUtil.importCertificateChain(
-				      CryptoUtil.normalizeCertAndReq(b64chain));
-                                  } catch (Exception e) {
-                                      CMS.debug("CertRequestPanel: importCertChain: Exception: "+e.toString());
-                                  }
+                                (b64chain != null && b64chain.length() != 0)) {
+                                    CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain);
+                                    try {
+                                        CryptoUtil.importCertificateChain(
+                                                CryptoUtil.normalizeCertAndReq(b64chain));
+                                    } catch (Exception e) {
+                                        CMS.debug("CertRequestPanel: importCertChain: Exception: " + e.toString());
+                                    }
                                 }
 
                                 InternalCertificate icert = (InternalCertificate) leaf;
@@ -651,17 +649,17 @@ public class CertRequestPanel extends WizardPanelBase {
                                                 + certTag + " Exception: "
                                                 + ee.toString());
                                 CMS.debug("ok");
-//                                hasErr=true;
+                                //                                hasErr=true;
                             }
                         } else {
                             CMS.debug("CertRequestPanel: in update() input null");
                             hasErr = true;
                         }
                     } else {
-                       CMS.debug("CertRequestPanel: in update() b64 not set");
-                       hasErr=true;
+                        CMS.debug("CertRequestPanel: in update() b64 not set");
+                        hasErr = true;
                     }
-                    
+
                 } else {
                     b64 = CryptoUtil.stripCertBrackets(b64.trim());
                     String certs = CryptoUtil.normalizeCertStr(b64);
@@ -671,10 +669,10 @@ public class CertRequestPanel extends WizardPanelBase {
                         if (certTag.equals("sslserver") && findBootstrapServerCert())
                             deleteBootstrapServerCert();
                         if (findCertificate(tokenname, nickname)) {
-                                deleteCert(tokenname, nickname);
+                            deleteCert(tokenname, nickname);
                         }
                     } catch (Exception ee) {
-                        CMS.debug("CertRequestPanel update: deleteCert Exception="+ee.toString());
+                        CMS.debug("CertRequestPanel update: deleteCert Exception=" + ee.toString());
                     }
 
                     try {
@@ -683,8 +681,8 @@ public class CertRequestPanel extends WizardPanelBase {
                         else
                             CryptoUtil.importUserCertificate(impl, nickname, false);
                     } catch (Exception ee) {
-                        CMS.debug("CertRequestPanel: Failed to import user certificate."+ee.toString());
-                        hasErr=true;
+                        CMS.debug("CertRequestPanel: Failed to import user certificate." + ee.toString());
+                        hasErr = true;
                     }
                 }
 
@@ -696,16 +694,16 @@ public class CertRequestPanel extends WizardPanelBase {
                 if (certTag.equals("signing") && subsystem.equals("ca")) {
                     String NickName = nickname;
                     if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
-                        NickName = tokenname+ ":"+ nickname;
+                        NickName = tokenname + ":" + nickname;
 
-                    CMS.debug("CertRequestPanel update: set trust on CA signing cert "+NickName);
+                    CMS.debug("CertRequestPanel update: set trust on CA signing cert " + NickName);
                     CryptoUtil.trustCertByNickname(NickName);
                     CMS.reinit(ICertificateAuthority.ID);
-                } 
+                }
             } //while loop
 
             if (hasErr == false) {
-              config.putBoolean("preop.CertRequestPanel.done", true);
+                config.putBoolean("preop.CertRequestPanel.done", true);
             }
             config.commit(false);
         } catch (Exception e) {
@@ -723,13 +721,13 @@ public class CertRequestPanel extends WizardPanelBase {
                 String tag = tokenizer.nextToken();
                 if (tag.equals("signing"))
                     continue;
-                String nickname = config.getString("preop.cert."+tag+".nickname", "");
+                String nickname = config.getString("preop.cert." + tag + ".nickname", "");
                 String tokenname = config.getString("preop.module.token", "");
                 if (!tokenname.equals("Internal Key Storage Token"))
-                    nickname = tokenname+":"+nickname;
+                    nickname = tokenname + ":" + nickname;
                 X509Certificate c = cm.findCertByNickname(nickname);
                 if (c instanceof InternalCertificate) {
-                    InternalCertificate ic = (InternalCertificate)c;
+                    InternalCertificate ic = (InternalCertificate) c;
                     ic.setSSLTrust(InternalCertificate.USER);
                     ic.setEmailTrust(InternalCertificate.USER);
                     if (tag.equals("audit_signing")) {
@@ -738,10 +736,10 @@ public class CertRequestPanel extends WizardPanelBase {
                         ic.setObjectSigningTrust(InternalCertificate.USER);
                     }
                 }
-            }  
+            }
         } catch (Exception e) {
         }
-        if (!hasErr) { 
+        if (!hasErr) {
             context.put("updateStatus", "success");
         } else {
             context.put("updateStatus", "failure");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index 3725149d..f87af9bd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -64,13 +64,12 @@ import com.netscape.cmsutil.http.HttpResponse;
 import com.netscape.cmsutil.http.JssSSLSocketFactory;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class CertUtil {
     static final int LINE_COUNT = 76;
 
-    public static X509CertImpl createRemoteCert(String hostname, 
-      int port, String content, HttpServletResponse response, WizardPanelBase panel)
-      throws IOException {
+    public static X509CertImpl createRemoteCert(String hostname,
+            int port, String content, HttpServletResponse response, WizardPanelBase panel)
+            throws IOException {
         HttpClient httpclient = new HttpClient();
         String c = null;
         CMS.debug("CertUtil createRemoteCert: content " + content);
@@ -104,9 +103,9 @@ public class CertUtil {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "CertUtil::createRemoteCert() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("CertUtil::createRemoteCert() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
                 String status = parser.getValue("Status");
 
@@ -136,7 +135,7 @@ public class CertUtil {
         return null;
     }
 
-    public static String getPKCS10(IConfigStore config, String prefix, 
+    public static String getPKCS10(IConfigStore config, String prefix,
             Cert certObj, Context context) throws IOException {
         String certTag = certObj.getCertTag();
 
@@ -147,29 +146,29 @@ public class CertUtil {
             String algorithm = config.getString(
                         prefix + certTag + ".keyalgorithm");
             if (pubKeyType.equals("rsa")) {
-              String pubKeyModulus = config.getString(
-                    prefix + certTag + ".pubkey.modulus");
-              String pubKeyPublicExponent = config.getString(
-                    prefix + certTag + ".pubkey.exponent");
-              pubk = CryptoUtil.getPublicX509Key(
-                    CryptoUtil.string2byte(pubKeyModulus),
-                    CryptoUtil.string2byte(pubKeyPublicExponent));
+                String pubKeyModulus = config.getString(
+                        prefix + certTag + ".pubkey.modulus");
+                String pubKeyPublicExponent = config.getString(
+                        prefix + certTag + ".pubkey.exponent");
+                pubk = CryptoUtil.getPublicX509Key(
+                        CryptoUtil.string2byte(pubKeyModulus),
+                        CryptoUtil.string2byte(pubKeyPublicExponent));
             } else if (pubKeyType.equals("ecc")) {
-                  String pubKeyEncoded = config.getString(
+                String pubKeyEncoded = config.getString(
                         prefix + certTag + ".pubkey.encoded");
-               pubk = CryptoUtil.getPublicX509ECCKey(
-                     CryptoUtil.string2byte(pubKeyEncoded));
+                pubk = CryptoUtil.getPublicX509ECCKey(
+                        CryptoUtil.string2byte(pubKeyEncoded));
             } else {
-               CMS.debug( "CertRequestPanel::getPKCS10() - "
-                        + "public key type is unsupported!" );
-                throw new IOException( "public key type is unsupported" );
+                CMS.debug("CertRequestPanel::getPKCS10() - "
+                        + "public key type is unsupported!");
+                throw new IOException("public key type is unsupported");
             }
 
             if (pubk != null) {
                 CMS.debug("CertRequestPanel: got public key");
             } else {
                 CMS.debug("CertRequestPanel: error getting public key null");
-                throw new IOException( "public key is null" );
+                throw new IOException("public key is null");
             }
             // get private key
             String privKeyID = config.getString(prefix + certTag + ".privkey.id");
@@ -201,15 +200,14 @@ public class CertUtil {
         }
     }
 
-
-/*
- * create requests so renewal can work on these initial certs
- */
+    /*
+     * create requests so renewal can work on these initial certs
+     */
     public static IRequest createLocalRequest(IRequestQueue queue, String serialNum, X509CertInfo info) throws EBaseException {
-//        RequestId rid = new RequestId(serialNum);
+        //        RequestId rid = new RequestId(serialNum);
         // just need a request, no need to get into a queue
-//        IRequest r = new EnrollmentRequest(rid);
-        CMS.debug("CertUtil: createLocalRequest for serial: "+ serialNum);
+        //        IRequest r = new EnrollmentRequest(rid);
+        CMS.debug("CertUtil: createLocalRequest for serial: " + serialNum);
         IRequest req = queue.newRequest("enrollment");
         CMS.debug("certUtil: newRequest called");
         req.setExtData("profile", "true");
@@ -224,7 +222,7 @@ public class CertUtil {
         req.setExtData("requestor_phone", "");
         req.setExtData("profileRemoteHost", "");
         req.setExtData("profileRemoteAddr", "");
-        req.setExtData("requestnotes","");
+        req.setExtData("requestnotes", "");
         req.setExtData("isencryptioncert", "false");
         req.setExtData("profileapprovedby", "system");
 
@@ -235,13 +233,12 @@ public class CertUtil {
         return req;
     }
 
-/**
- * update local cert request with the actual request
- * called from CertRequestPanel.java
- */
-    public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName)
-    {
-        try { 
+    /**
+     * update local cert request with the actual request
+     * called from CertRequestPanel.java
+     */
+    public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName) {
+        try {
             CMS.debug("Updating local request... certTag=" + certTag);
             RequestId rid = new RequestId(config.getString("preop.cert." + certTag + ".reqId"));
 
@@ -262,54 +259,56 @@ public class CertUtil {
                 }
                 queue.updateRequest(req);
             } else {
-		CMS.debug("CertUtil:updateLocalRequest - request queue = null");
+                CMS.debug("CertUtil:updateLocalRequest - request queue = null");
             }
         } catch (Exception e) {
             CMS.debug("CertUtil:updateLocalRequest - Exception:" + e.toString());
         }
     }
 
-/**
- * reads from the admin cert profile caAdminCert.profile and takes the first 
- * entry in the list of allowed algorithms.  Users that wish a different algorithm 
- * can specify it in the profile using default.params.signingAlg
- */
+    /**
+     * reads from the admin cert profile caAdminCert.profile and takes the first
+     * entry in the list of allowed algorithms. Users that wish a different algorithm
+     * can specify it in the profile using default.params.signingAlg
+     */
 
     public static String getAdminProfileAlgorithm(IConfigStore config) {
         String algorithm = "SHA256withRSA";
         try {
-            String caSigningKeyType = config.getString("preop.cert.signing.keytype","rsa");
+            String caSigningKeyType = config.getString("preop.cert.signing.keytype", "rsa");
             String pfile = config.getString("profile.caAdminCert.config");
             FileInputStream fis = new FileInputStream(pfile);
             DataInputStream in = new DataInputStream(fis);
             BufferedReader br = new BufferedReader(new InputStreamReader(in));
 
-           String strLine;
-           while ((strLine = br.readLine()) != null) {
-               String marker2 = "default.params.signingAlg=";
-               int indx = strLine.indexOf(marker2);
-               if (indx != -1) {
-                   String alg = strLine.substring(indx + marker2.length());
-                   if ((alg.length() > 0) && (!alg.equals("-"))) {
-                       algorithm = alg;
-                       break;
-                   };
-               };
-
-               String marker = "signingAlgsAllowed=";
-               indx = strLine.indexOf(marker);
-               if (indx != -1) {
-                   String[] algs = strLine.substring(indx + marker.length()).split(",");
-                   for (int i=0; i<algs.length; i++) {
-                       if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) ||
-                           (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC" ) != -1)) ) {
-                           algorithm = algs[i];
-                           break;
-                       }
-                   }
-               }
-           }
-           in.close();
+            String strLine;
+            while ((strLine = br.readLine()) != null) {
+                String marker2 = "default.params.signingAlg=";
+                int indx = strLine.indexOf(marker2);
+                if (indx != -1) {
+                    String alg = strLine.substring(indx + marker2.length());
+                    if ((alg.length() > 0) && (!alg.equals("-"))) {
+                        algorithm = alg;
+                        break;
+                    }
+                    ;
+                }
+                ;
+
+                String marker = "signingAlgsAllowed=";
+                indx = strLine.indexOf(marker);
+                if (indx != -1) {
+                    String[] algs = strLine.substring(indx + marker.length()).split(",");
+                    for (int i = 0; i < algs.length; i++) {
+                        if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) ||
+                                (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC") != -1))) {
+                            algorithm = algs[i];
+                            break;
+                        }
+                    }
+                }
+            }
+            in.close();
         } catch (Exception e) {
             CMS.debug("getAdminProfleAlgorithm: exception: " + e);
         }
@@ -324,14 +323,15 @@ public class CertUtil {
 
         try {
             profile = config.getString(prefix + certTag + ".profile");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         X509CertImpl cert = null;
         ICertificateAuthority ca = null;
         ICertificateRepository cr = null;
         RequestId reqId = null;
         String profileId = null;
-        IRequestQueue queue = null; 
+        IRequestQueue queue = null;
         IRequest req = null;
 
         try {
@@ -355,7 +355,7 @@ public class CertUtil {
                 CMS.debug("Creating local certificate... dn=" + dn);
                 info = CryptoUtil.createX509CertInfo(x509key, serialNo.intValue(), dn, dn, date,
                         date, keyAlgorithm);
-            } else { 
+            } else {
                 String issuerdn = config.getString("preop.cert.signing.dn", "");
                 CMS.debug("Creating local certificate... issuerdn=" + issuerdn);
                 CMS.debug("Creating local certificate... dn=" + dn);
@@ -375,7 +375,7 @@ public class CertUtil {
                 queue = ca.getRequestQueue();
                 if (queue != null) {
                     req = createLocalRequest(queue, serialNo.toString(), info);
-                    CMS.debug("CertUtil profile name= "+profile);
+                    CMS.debug("CertUtil profile name= " + profile);
                     req.setExtData("req_key", x509key.toString());
 
                     // store original profile id in cert request
@@ -387,7 +387,7 @@ public class CertUtil {
                         String name = profile.substring(0, idx);
                         req.setExtData("origprofileid", name);
                     }
-                    
+
                     // store mapped profile ID for use in renewal
                     profileId = processor.getProfileIDMapping();
                     req.setExtData("profileid", profileId);
@@ -399,7 +399,7 @@ public class CertUtil {
                     CMS.debug("certUtil: requestQueue null");
                 }
             } catch (Exception e) {
-                CMS.debug("Creating local request exception:"+e.toString());
+                CMS.debug("Creating local request exception:" + e.toString());
             }
 
             processor.populate(info);
@@ -410,36 +410,36 @@ public class CertUtil {
             PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID(
                     keyIDb);
 
-            if( caPrik == null ) {
-                CMS.debug( "CertUtil::createSelfSignedCert() - "
-                         + "CA private key is null!" );
-                throw new IOException( "CA private key is null" );
+            if (caPrik == null) {
+                CMS.debug("CertUtil::createSelfSignedCert() - "
+                         + "CA private key is null!");
+                throw new IOException("CA private key is null");
             } else {
                 CMS.debug("CertUtil createSelfSignedCert: got CA private key");
             }
 
             String keyAlgo = x509key.getAlgorithm();
             CMS.debug("key algorithm is " + keyAlgo);
-            String caSigningKeyType = 
-                 config.getString("preop.cert.signing.keytype","rsa");
-            String caSigningKeyAlgo = ""; 
-            if (type.equals("selfsign")) { 
-                 caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm","SHA256withRSA");
+            String caSigningKeyType =
+                    config.getString("preop.cert.signing.keytype", "rsa");
+            String caSigningKeyAlgo = "";
+            if (type.equals("selfsign")) {
+                caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm", "SHA256withRSA");
             } else {
-                 caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm","SHA256withRSA");
+                caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm", "SHA256withRSA");
             }
 
             CMS.debug("CA Signing Key type " + caSigningKeyType);
             CMS.debug("CA Signing Key algorithm " + caSigningKeyAlgo);
 
             if (caSigningKeyType.equals("ecc")) {
-              CMS.debug("CA signing cert is ECC");
-              cert = CryptoUtil.signECCCert(caPrik, info,
-                      caSigningKeyAlgo);
+                CMS.debug("CA signing cert is ECC");
+                cert = CryptoUtil.signECCCert(caPrik, info,
+                        caSigningKeyAlgo);
             } else {
-              CMS.debug("CA signing cert is not ecc");
-              cert = CryptoUtil.signCert(caPrik, info,
-                      caSigningKeyAlgo);
+                CMS.debug("CA signing cert is not ecc");
+                cert = CryptoUtil.signCert(caPrik, info,
+                        caSigningKeyAlgo);
             }
 
             if (cert != null) {
@@ -462,13 +462,13 @@ public class CertUtil {
             if (reqId != null) {
                 meta.set(ICertRecord.META_REQUEST_ID, reqId.toString());
             }
-        
+
             meta.set(ICertRecord.META_PROFILE_ID, profileId);
             record = (ICertRecord) cr.createCertRecord(
-                cert.getSerialNumber(), cert, meta);
+                    cert.getSerialNumber(), cert, meta);
         } catch (Exception e) {
             CMS.debug(
-                "NamePanel configCert: failed to add metainfo. Exception: " + e.toString());
+                    "NamePanel configCert: failed to add metainfo. Exception: " + e.toString());
         }
 
         try {
@@ -507,21 +507,21 @@ public class CertUtil {
 
     public static void addUserCertificate(X509CertImpl cert) {
         IConfigStore cs = CMS.getConfigStore();
-        int num=0;
+        int num = 0;
         try {
             num = cs.getInteger("preop.subsystem.count", 0);
         } catch (Exception e) {
         }
         IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
-        String id = "user"+num;
+        String id = "user" + num;
 
-        try { 
-          String sysType = cs.getString("cs.type", "");
-          String machineName = cs.getString("machineName", "");
-          String securePort = cs.getString("service.securePort", "");
-          id = sysType + "-" + machineName + "-" + securePort;
+        try {
+            String sysType = cs.getString("cs.type", "");
+            String machineName = cs.getString("machineName", "");
+            String securePort = cs.getString("service.securePort", "");
+            id = sysType + "-" + machineName + "-" + securePort;
         } catch (Exception e1) {
-          // ignore
+            // ignore
         }
 
         num++;
@@ -566,7 +566,7 @@ public class CertUtil {
             system.addUserCert(user);
             CMS.debug("CertUtil addUserCertificate: successfully add the user certificate");
         } catch (Exception e) {
-            CMS.debug("CertUtil addUserCertificate exception="+e.toString());
+            CMS.debug("CertUtil addUserCertificate exception=" + e.toString());
         }
 
         IGroup group = null;
@@ -603,17 +603,17 @@ public class CertUtil {
         }
         if (content.length() > 0)
             result.append(content);
-            result.append("\n");
+        result.append("\n");
 
         return result.toString();
     }
 
     public static boolean privateKeyExistsOnToken(String certTag,
-      String tokenname, String nickname) {
+            String tokenname, String nickname) {
         IConfigStore cs = CMS.getConfigStore();
         String givenid = "";
         try {
-            givenid = cs.getString("preop.cert."+certTag+".privkey.id");
+            givenid = cs.getString("preop.cert." + certTag + ".privkey.id");
         } catch (Exception e) {
             CMS.debug("CertUtil privateKeyExistsOnToken: we did not generate private key yet.");
             return false;
@@ -624,7 +624,7 @@ public class CertUtil {
         boolean hardware = false;
         if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) {
             hardware = true;
-            fullnickname = tokenname+":"+nickname;
+            fullnickname = tokenname + ":" + nickname;
         }
 
         X509Certificate cert = null;
@@ -633,7 +633,7 @@ public class CertUtil {
             cm = CryptoManager.getInstance();
             cert = cm.findCertByNickname(fullnickname);
         } catch (Exception e) {
-            CMS.debug("CertUtil privateKeyExistsOnToken: nickname="+fullnickname+" Exception:"+e.toString());
+            CMS.debug("CertUtil privateKeyExistsOnToken: nickname=" + fullnickname + " Exception:" + e.toString());
             return false;
         }
 
@@ -641,19 +641,19 @@ public class CertUtil {
         try {
             privKey = cm.findPrivKeyByCert(cert);
         } catch (Exception e) {
-            CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+") exception: "+e.toString());
+            CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + fullnickname + ") exception: " + e.toString());
             return false;
         }
 
         if (privKey == null) {
-            CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+")");
+            CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + fullnickname + ")");
             return false;
         } else {
             String str = "";
             try {
                 str = CryptoUtil.byte2string(privKey.getUniqueID());
             } catch (Exception e) {
-            CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: "+e.toString());
+                CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: " + e.toString());
             }
 
             if (str.equals(givenid)) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java
index b3c10b6e..a28ae76b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java
@@ -36,7 +36,6 @@ import com.netscape.cms.servlet.base.UserInfo;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class CheckIdentity extends CMSServlet {
 
     /**
@@ -52,6 +51,7 @@ public class CheckIdentity extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -61,7 +61,8 @@ public class CheckIdentity extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -74,12 +75,12 @@ public class CheckIdentity extends CMSServlet {
             authToken = authenticate(cmsReq);
         } catch (Exception e) {
             CMS.debug("CheckIdentity authentication failed");
-            log(ILogger.LL_FAILURE, 
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                    e.toString()));
+                            e.toString()));
             outputError(httpResp, "Error: Not authenticated");
             return;
-        } 
+        }
 
         try {
             XMLObject xmlObj = null;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java
index f2587300..5ae9bada 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.util.Enumeration;
 
 import javax.servlet.http.HttpServletRequest;
@@ -28,7 +27,6 @@ import org.apache.velocity.context.Context;
 
 import com.netscape.certsrv.apps.CMS;
 
-
 public abstract class ConfigBaseServlet extends BaseServlet {
     /**
      *
@@ -50,7 +48,7 @@ public abstract class ConfigBaseServlet extends BaseServlet {
     public abstract void display(HttpServletRequest request,
             HttpServletResponse response, Context context);
 
-    public abstract void update(HttpServletRequest request, 
+    public abstract void update(HttpServletRequest request,
             HttpServletResponse response, Context context);
 
     public abstract Template getTemplate(HttpServletRequest request,
@@ -68,25 +66,25 @@ public abstract class ConfigBaseServlet extends BaseServlet {
             // __ (double underscores); however, in the event that
             // a security parameter slips through, we perform multiple
             // additional checks to insure that it is NOT displayed
-            if( pn.startsWith("__")                         ||
-                pn.endsWith("password")                     ||
-                pn.endsWith("passwd")                       ||
-                pn.endsWith("pwd")                          ||
-                pn.equalsIgnoreCase("admin_password_again") ||
-                pn.equalsIgnoreCase("directoryManagerPwd")  ||
-                pn.equalsIgnoreCase("bindpassword")         ||
-                pn.equalsIgnoreCase("bindpwd")              ||
-                pn.equalsIgnoreCase("passwd")               ||
-                pn.equalsIgnoreCase("password")             ||
-                pn.equalsIgnoreCase("pin")                  ||
-                pn.equalsIgnoreCase("pwd")                  ||
-                pn.equalsIgnoreCase("pwdagain")             ||
-                pn.equalsIgnoreCase("uPasswd") ) {
-               CMS.debug("ConfigBaseServlet::service() param name='" + pn +
-                         "' value='(sensitive)'" );
+            if (pn.startsWith("__") ||
+                    pn.endsWith("password") ||
+                    pn.endsWith("passwd") ||
+                    pn.endsWith("pwd") ||
+                    pn.equalsIgnoreCase("admin_password_again") ||
+                    pn.equalsIgnoreCase("directoryManagerPwd") ||
+                    pn.equalsIgnoreCase("bindpassword") ||
+                    pn.equalsIgnoreCase("bindpwd") ||
+                    pn.equalsIgnoreCase("passwd") ||
+                    pn.equalsIgnoreCase("password") ||
+                    pn.equalsIgnoreCase("pin") ||
+                    pn.equalsIgnoreCase("pwd") ||
+                    pn.equalsIgnoreCase("pwdagain") ||
+                    pn.equalsIgnoreCase("uPasswd")) {
+                CMS.debug("ConfigBaseServlet::service() param name='" + pn +
+                         "' value='(sensitive)'");
             } else {
-               CMS.debug("ConfigBaseServlet::service() param name='" + pn +
-                         "' value='" + httpReq.getParameter(pn) + "'" );
+                CMS.debug("ConfigBaseServlet::service() param name='" + pn +
+                         "' value='" + httpReq.getParameter(pn) + "'");
             }
         }
     }
@@ -97,7 +95,7 @@ public abstract class ConfigBaseServlet extends BaseServlet {
     public Template process(HttpServletRequest request,
             HttpServletResponse response,
             Context context) {
-                                                                                
+
         if (CMS.debugOn()) {
             outputHttpParameters(request);
         }
@@ -107,16 +105,16 @@ public abstract class ConfigBaseServlet extends BaseServlet {
         } else {
             update(request, response, context);
         }
-                                                                                
+
         Template template = null;
-                                                                                
+
         try {
             context.put("name", "Velocity Test");
             template = getTemplate(request, response, context);
         } catch (Exception e) {
             System.err.println("Exception caught: " + e.getMessage());
         }
-                                                                                
+
         return template;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java
index d95c85d1..956c285b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java
@@ -20,16 +20,14 @@ package com.netscape.cms.servlet.csadmin;
 import org.mozilla.jss.crypto.X509Certificate;
 import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
 
-
-public class ConfigCertApprovalCallback 
-  implements SSLCertificateApprovalCallback {
+public class ConfigCertApprovalCallback
+        implements SSLCertificateApprovalCallback {
 
     public ConfigCertApprovalCallback() {
     }
 
     public boolean approve(X509Certificate cert,
-      SSLCertificateApprovalCallback.ValidityStatus status) {
-      return true;
+            SSLCertificateApprovalCallback.ValidityStatus status) {
+        return true;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java
index 37493b6b..b04de414 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
 import org.apache.velocity.app.Velocity;
 import org.apache.velocity.context.Context;
 
-
 public class ConfigCertReqServlet extends BaseServlet {
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java
index e7d88a35..ed1d9cc0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
 import org.apache.velocity.app.Velocity;
 import org.apache.velocity.context.Context;
 
-
 public class ConfigCloneServlet extends BaseServlet {
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java
index 08ebf08e..2b4a82a0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -28,7 +27,6 @@ import org.apache.velocity.context.Context;
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.IConfigStore;
 
-
 public class ConfigDatabaseServlet extends ConfigBaseServlet {
 
     /**
@@ -47,7 +45,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
 
         try {
             modified = cs.getString("preop.configDatabase.modified", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         if (modified.equals("true")) {
             return true;
@@ -75,7 +74,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
                 basedn = cs.getString("internaldb.basedn", "");
                 binddn = cs.getString("internaldb.ldapauth.bindDN", "");
                 database = cs.getString("internaldb.database", "");
-            } catch (Exception e) {}
+            } catch (Exception e) {
+            }
         } else {
             hostname = HOST;
             portStr = PORT;
@@ -113,7 +113,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
             int port = -1;
 
             try {
-                port = Integer.parseInt(portStr); 
+                port = Integer.parseInt(portStr);
                 cs.putInteger("internaldb.ldapconn.port", port);
             } catch (Exception e) {
                 errorString = "Port is invalid";
@@ -159,7 +159,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
                 CMS.debug("ConfigDatabaseServlet update: " + e.toString());
                 return;
             }
-            psStore.putString("internaldb", bindpwd); 
+            psStore.putString("internaldb", bindpwd);
         } else {
             errorString = "Bind password is empty string";
         }
@@ -189,7 +189,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
             Context context) {
         try {
             return Velocity.getTemplate("admin/console/config/config_db.vm");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
         return null;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java
index d04fbf2f..92e2ee39 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.FileNotFoundException;
 import java.io.IOException;
 
@@ -46,7 +45,8 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
     private CryptoManager mCryptoManager = null;
     private String mPwdFilePath = "";
 
-    public ConfigHSMLoginPanel() {}
+    public ConfigHSMLoginPanel() {
+    }
 
     public void init(ServletConfig config, int panelno) throws ServletException {
         try {
@@ -132,7 +132,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
             CMS.debug("ConfigHSMLoginPanel: passwrd file path: " + e.toString());
         }
         CMS.debug("ConfigHSMLoginPanel: checking if passwd in cache");
-        String tokPwd = pr.getPassword("hardware-"+tokName);
+        String tokPwd = pr.getPassword("hardware-" + tokName);
 
         boolean loggedIn = false;
 
@@ -157,48 +157,48 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
         password = new Password(tokPwd.toCharArray());
 
         try {
-		    if (token.passwordIsInitialized()) {
-		        CMS.debug(
-		                "ConfigHSMLoginPanel: loginToken():token password is initialized");
-		        if (!token.isLoggedIn()) {
-		            CMS.debug(
-		                    "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it");
-		            token.login(password);
-		            context.put("status", "justLoggedIn");
-		        } else {
-		            CMS.debug(
-		                    "ConfigHSMLoginPanel:Token has already logged on");
-		            context.put("status", "alreadyLoggedIn");
-		        }
-		    } else {
-		        CMS.debug(
-		                "ConfigHSMLoginPanel: loginToken():Token password not initialized");
-		        context.put("status", "tokenPasswordNotInitialized");
-		        rv = false;
-		    }
-
-		} catch (IncorrectPasswordException e) {
-		    context.put("status", "incorrectPassword");
-		    context.put("errorString", e.toString());
-		    CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
-		    rv = false;
-		} catch (Exception e) {
-		    CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
-		    context.put("errorString", e.toString());
-		    rv = false;
-		}
+            if (token.passwordIsInitialized()) {
+                CMS.debug(
+                        "ConfigHSMLoginPanel: loginToken():token password is initialized");
+                if (!token.isLoggedIn()) {
+                    CMS.debug(
+                            "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it");
+                    token.login(password);
+                    context.put("status", "justLoggedIn");
+                } else {
+                    CMS.debug(
+                            "ConfigHSMLoginPanel:Token has already logged on");
+                    context.put("status", "alreadyLoggedIn");
+                }
+            } else {
+                CMS.debug(
+                        "ConfigHSMLoginPanel: loginToken():Token password not initialized");
+                context.put("status", "tokenPasswordNotInitialized");
+                rv = false;
+            }
+
+        } catch (IncorrectPasswordException e) {
+            context.put("status", "incorrectPassword");
+            context.put("errorString", e.toString());
+            CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
+            rv = false;
+        } catch (Exception e) {
+            CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
+            context.put("errorString", e.toString());
+            rv = false;
+        }
         return rv;
     }
 
     // XXX how do you do this?
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* no default parameters */
 
         set.add(
                 "choice", choiceDesc);
-                                                                                
+
         return set;
     }
 
@@ -220,10 +220,10 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
             select = cs.getString("preop.subsystem.select", "");
         } catch (Exception e) {
         }
-     
-//        if (select.equals("clone"))
- //           return;
-      
+
+        //        if (select.equals("clone"))
+        //           return;
+
         CMS.debug("ConfigHSMLoginPanel: in update()");
 
         String uTokName = null;
@@ -233,7 +233,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
             uPasswd = HttpInput.getPassword(request, "__uPasswd");
         } catch (Exception e) {
         }
-     
+
         if (uPasswd == null) {
             CMS.debug("ConfigHSMLoginPanel: password not found");
             context.put("error", "no password");
@@ -270,13 +270,13 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
                 PlainPasswordWriter pw = new PlainPasswordWriter();
 
                 pw.init(mPwdFilePath);
-                pw.putPassword("hardware-"+uTokName, uPasswd);
+                pw.putPassword("hardware-" + uTokName, uPasswd);
                 pw.commit();
 
             } catch (FileNotFoundException e) {
                 CMS.debug(
                         "ConfigHSMLoginPanel: update(): Exception caught: "
-                                + e.toString() + " writing to "+ mPwdFilePath);
+                                + e.toString() + " writing to " + mPwdFilePath);
                 CMS.debug(
                         "ConfigHSMLoginPanel: update(): password not written to cache");
                 System.err.println("Exception caught: " + e.toString());
@@ -288,7 +288,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
                 System.err.println("Exception caught: " + e.toString());
                 context.put("error", "Exception:" + e.toString());
             }
-	    
+
         } // found password
 
         context.put("panel", "admin/console/config/config_hsmloginpanel.vm");
@@ -308,4 +308,3 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
         context.put("panel", "admin/console/config/config_hsmloginpanel.vm");
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java
index bfc6e278..9428ecce 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -39,7 +38,6 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.cmsutil.crypto.Module;
 
-
 public class ConfigHSMServlet extends ConfigBaseServlet {
     /**
      *
@@ -131,9 +129,9 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
                 } else {
                     CMS.debug(
                             "ConfigHSMServlet: token " + token.getName()
-                            + " not to be added");
+                                    + " not to be added");
                 }
-			    
+
             } catch (TokenException ex) {
                 CMS.debug("ConfigHSMServlet:" + ex.toString());
             }
@@ -165,11 +163,11 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
                 if ((cn == null) || (cn.equals(""))) {
                     break;
                 }
-		
+
                 CMS.debug("ConfigHSMServlet: got from config module: " + cn);
                 // create a Module object
                 Module module = new Module(cn, pn, img);
-		
+
                 if (mCurrModTable.containsKey(cn)) {
                     CMS.debug("ConfigHSMServlet: module found: " + cn);
                     module.setFound(true);
@@ -178,7 +176,7 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
 
                     loadModTokens(module, m);
                 }
-		
+
                 CMS.debug("ConfigHSMServlet: adding module " + cn);
                 // add module to set
                 if (!mSupportedModules.contains(module)) {
@@ -290,8 +288,8 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
             Context context) {
         try {
             return Velocity.getTemplate("admin/console/config/config_hsm.vm");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
         return null;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java
index 3b3b8a64..c65e559d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
 import org.apache.velocity.app.Velocity;
 import org.apache.velocity.context.Context;
 
-
 public class ConfigImportCertServlet extends BaseServlet {
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java
index 01917303..5d50193c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -30,7 +29,6 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 
-
 public class ConfigJoinServlet extends ConfigBaseServlet {
 
     /**
@@ -52,12 +50,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
 
     public boolean isPanelModified() {
         IConfigStore config = CMS.getConfigStore();
-      
+
         String cert = null;
 
         try {
             cert = config.getString("preop.join.cert", null);
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         if (cert == null || cert.equals("")) {
             return false;
         } else {
@@ -69,7 +68,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
      * Displays panel.
      */
     public void display(HttpServletRequest request,
-            HttpServletResponse response, 
+            HttpServletResponse response,
             Context context) {
         IConfigStore config = CMS.getConfigStore();
 
@@ -85,7 +84,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
                     CryptoUtil.string2byte(pubKeyPublicExponent),
                     CryptoUtil.string2byte(priKeyID));
             context.put("certreq", pkcs10);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         String select = "auto";
         boolean select_manual = true;
@@ -94,8 +94,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
             try {
                 select = config.getString("preop.join.select", null);
             } catch (EBaseException e) {
-                CMS.debug( "ConfigJoinServlet::display() - "
-                         + "Exception="+e.toString() );
+                CMS.debug("ConfigJoinServlet::display() - "
+                         + "Exception=" + e.toString());
                 return;
             }
             if (select.equals("auto")) {
@@ -109,12 +109,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
                     String cert = config.getString("preop.join.cert", "");
 
                     context.put("cert", cert);
-                } catch (EBaseException e) {}
+                } catch (EBaseException e) {
+                }
             }
         } else {
             context.put("cert", "");
         }
-        if (select_manual) { 
+        if (select_manual) {
             context.put("check_manual", "checked");
             context.put("check_auto", "");
         } else {
@@ -128,7 +129,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
      * Updates panel.
      */
     public void update(HttpServletRequest request,
-            HttpServletResponse response, 
+            HttpServletResponse response,
             Context context) {
         CMS.debug("JoinServlet: update");
         IConfigStore config = CMS.getConfigStore();
@@ -160,9 +161,10 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
             }
             config.putString("preop.join.select", select);
             config.commit(false);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
     }
-                                                                                
+
     public Template getTemplate(HttpServletRequest request,
             HttpServletResponse response,
             Context context) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java
index 895c75ac..44046fdc 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.util.Vector;
 
 import javax.servlet.http.HttpServletRequest;
@@ -32,7 +31,6 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.profile.CertInfoProfile;
 
-
 public class ConfigRootCAServlet extends ConfigBaseServlet {
 
     /**
@@ -54,12 +52,13 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
 
     public boolean isPanelModified() {
         IConfigStore config = CMS.getConfigStore();
-      
+
         String profile = null;
 
         try {
             profile = config.getString("preop.hierarchy.profile", null);
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         if (profile == null || profile.equals("")) {
             return false;
         } else {
@@ -73,7 +72,8 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
 
         try {
             instancePath = config.getString("instanceRoot");
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         String p[] = { "caCert.profile" };
         Vector profiles = new Vector();
 
@@ -81,13 +81,14 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
             try {
                 profiles.addElement(
                         new CertInfoProfile(instancePath + "/conf/" + p[i]));
-            } catch (Exception e) {}
+            } catch (Exception e) {
+            }
         }
         return profiles;
     }
 
     public void display(HttpServletRequest request,
-            HttpServletResponse response, 
+            HttpServletResponse response,
             Context context) {
         IConfigStore config = CMS.getConfigStore();
         String profile = null;
@@ -95,7 +96,8 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
         if (isPanelModified()) {
             try {
                 profile = config.getString("preop.hierarchy.profile", null);
-            } catch (EBaseException e) {}
+            } catch (EBaseException e) {
+            }
         }
         if (profile == null) {
             profile = "caCert.profile";
@@ -108,15 +110,16 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
     }
 
     public void update(HttpServletRequest request,
-            HttpServletResponse response, 
+            HttpServletResponse response,
             Context context) {
         String profile = request.getParameter("profile");
         IConfigStore config = CMS.getConfigStore();
 
         config.putString("preop.hierarchy.profile", profile);
         try {
-            config.commit(false); 
-        } catch (Exception e) {}
+            config.commit(false);
+        } catch (Exception e) {
+        }
         context.put("status", "update");
         context.put("error", "");
         Vector profiles = getProfiles();
@@ -124,7 +127,7 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
         context.put("profiles", profiles);
         context.put("selected_profile_id", profile);
     }
-                                                                                
+
     public Template getTemplate(HttpServletRequest request,
             HttpServletResponse response,
             Context context) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
index daf14c9e..377043d5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.net.URL;
 import java.util.StringTokenizer;
@@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class CreateSubsystemPanel extends WizardPanelBase {
 
-    public CreateSubsystemPanel() {}
+    public CreateSubsystemPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Subsystem Selection");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Subsystem Type");
         setId(id);
@@ -72,15 +72,16 @@ public class CreateSubsystemPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -112,8 +113,8 @@ public class CreateSubsystemPanel extends WizardPanelBase {
                     context.put("check_newsubsystem", "");
                     context.put("check_clonesubsystem", "checked");
                 }
-                context.put("subsystemName", 
-                   config.getString("preop.subsystem.name"));
+                context.put("subsystemName",
+                        config.getString("preop.subsystem.name"));
             } catch (Exception e) {
                 CMS.debug(e.toString());
             }
@@ -121,8 +122,8 @@ public class CreateSubsystemPanel extends WizardPanelBase {
             context.put("check_newsubsystem", "checked");
             context.put("check_clonesubsystem", "");
             try {
-              context.put("subsystemName", 
-               config.getString("preop.system.fullname"));
+                context.put("subsystemName",
+                        config.getString("preop.system.fullname"));
             } catch (Exception e) {
                 CMS.debug(e.toString());
             }
@@ -144,7 +145,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
         } catch (EBaseException e) {
         }
 
-        Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort" );
+        Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort");
 
         StringBuffer list = new StringBuffer();
         int size = v.size();
@@ -164,7 +165,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
             errorString = "Internal error, cs.type is missing from CS.cfg";
         }
 
-        if (list.length()==0)
+        if (list.length() == 0)
             context.put("disableClone", "true");
 
         context.put("panel", "admin/console/config/createsubsystempanel.vm");
@@ -196,8 +197,8 @@ public class CreateSubsystemPanel extends WizardPanelBase {
             throw new IOException("choice not found");
         }
 
-        config.putString("preop.subsystem.name", 
-              HttpInput.getName(request, "subsystemName"));
+        config.putString("preop.subsystem.name",
+                HttpInput.getName(request, "subsystemName"));
         if (select.equals("newsubsystem")) {
             config.putString("preop.subsystem.select", "new");
             config.putString("subsystem.select", "New");
@@ -209,7 +210,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
             }
 
             cstype = toLowerCaseSubsystemType(cstype);
-      
+
             config.putString("preop.subsystem.select", "clone");
             config.putString("subsystem.select", "Clone");
 
@@ -223,9 +224,9 @@ public class CreateSubsystemPanel extends WizardPanelBase {
             while (t.hasMoreTokens()) {
                 String tag = t.nextToken();
                 if (tag.equals("sslserver"))
-                    config.putBoolean(PCERT_PREFIX+tag+".enable", true);
-                else 
-                    config.putBoolean(PCERT_PREFIX+tag+".enable", false);
+                    config.putBoolean(PCERT_PREFIX + tag + ".enable", true);
+                else
+                    config.putBoolean(PCERT_PREFIX + tag + ".enable", false);
             }
 
             // get the master CA
@@ -254,10 +255,10 @@ public class CreateSubsystemPanel extends WizardPanelBase {
             String host = u.getHost();
             int https_ee_port = u.getPort();
 
-            String https_admin_port = getSecurityDomainAdminPort( config,
+            String https_admin_port = getSecurityDomainAdminPort(config,
                                                                   host,
                                                                   String.valueOf(https_ee_port),
-                                                                  cstype );
+                                                                  cstype);
 
             config.putString("preop.master.hostname", host);
             config.putInteger("preop.master.httpsport", https_ee_port);
@@ -265,12 +266,12 @@ public class CreateSubsystemPanel extends WizardPanelBase {
 
             ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
             if (cstype.equals("ca")) {
-                updateCertChainUsingSecureEEPort( config, "clone", host, https_ee_port,
-                                 true, context, certApprovalCallback );
+                updateCertChainUsingSecureEEPort(config, "clone", host, https_ee_port,
+                                 true, context, certApprovalCallback);
             }
 
-            getTokenInfo(config, cstype, host, https_ee_port, true, context, 
-              certApprovalCallback);
+            getTokenInfo(config, cstype, host, https_ee_port, true, context,
+                    certApprovalCallback);
         } else {
             CMS.debug("CreateSubsystemPanel: invalid choice " + select);
             errorString = "Invalid choice";
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
index e18d86cf..d3867e52 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileOutputStream;
@@ -64,7 +63,7 @@ import com.netscape.cmsutil.ldap.LDAPUtil;
 public class DatabasePanel extends WizardPanelBase {
 
     private static final String HOST = "localhost";
-    private static final String CLONE_HOST="Enter FQDN here";
+    private static final String CLONE_HOST = "Enter FQDN here";
     private static final String PORT = "389";
     private static final String BASEDN = "o=netscapeCertificateServer";
     private static final String BINDDN = "cn=Directory Manager";
@@ -74,19 +73,20 @@ public class DatabasePanel extends WizardPanelBase {
 
     private WizardServlet mServlet = null;
 
-    public DatabasePanel() {}
+    public DatabasePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Internal Database");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Internal Database");
         setId(id);
@@ -109,7 +109,8 @@ public class DatabasePanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         return false;
     }
@@ -120,7 +121,7 @@ public class DatabasePanel extends WizardPanelBase {
                 "Host name");
 
         set.add("hostname", hostDesc);
-      
+
         Descriptor portDesc = new Descriptor(IDescriptor.INTEGER, null, null,
                 "Port");
 
@@ -130,14 +131,14 @@ public class DatabasePanel extends WizardPanelBase {
                 "Base DN");
 
         set.add("basedn", basednDesc);
- 
+
         Descriptor binddnDesc = new Descriptor(IDescriptor.STRING, null, null,
                 "Bind DN");
 
         set.add("binddn", binddnDesc);
 
         Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, null,
-                "Bind Password"); 
+                "Bind Password");
 
         set.add("bindpwd", bindpwdDesc);
 
@@ -187,8 +188,8 @@ public class DatabasePanel extends WizardPanelBase {
                 basedn = cs.getString("internaldb.basedn", "");
                 binddn = cs.getString("internaldb.ldapauth.bindDN", "");
                 database = cs.getString("internaldb.database", "");
-            	secure =  cs.getString("internaldb.ldapconn.secureConn", "");
-            	cloneStartTLS =  cs.getString("internaldb.ldapconn.cloneStartTLS", "");
+                secure = cs.getString("internaldb.ldapconn.secureConn", "");
+                cloneStartTLS = cs.getString("internaldb.ldapconn.cloneStartTLS", "");
                 errorString = cs.getString("preop.database.errorString", "");
             } catch (Exception e) {
                 CMS.debug("DatabasePanel display: " + e.toString());
@@ -199,12 +200,12 @@ public class DatabasePanel extends WizardPanelBase {
             try {
                 basedn = cs.getString("internaldb.basedn", "");
             } catch (Exception e) {
-                CMS.debug( "DatabasePanel::display() - "
-                         + "Exception="+e.toString() );
+                CMS.debug("DatabasePanel::display() - "
+                         + "Exception=" + e.toString());
                 return;
             }
             binddn = BINDDN;
-            database = basedn.substring(basedn.lastIndexOf('=')+1);
+            database = basedn.substring(basedn.lastIndexOf('=') + 1);
             CMS.debug("Clone: database=" + database);
         } else {
             hostname = HOST;
@@ -223,11 +224,10 @@ public class DatabasePanel extends WizardPanelBase {
             boolean multipleEnable = false;
             try {
                 multipleEnable = cs.getBoolean(
-                  "internaldb.multipleSuffix.enable", false);
+                        "internaldb.multipleSuffix.enable", false);
             } catch (Exception e) {
             }
-      
-        
+
             if (multipleEnable)
                 basedn = "ou=" + instanceId + "," + suffix;
             else
@@ -243,15 +243,14 @@ public class DatabasePanel extends WizardPanelBase {
         context.put("binddn", binddn);
         context.put("bindpwd", bindpwd);
         context.put("database", database);
-        context.put("secureConn", (secure.equals("true")? "on":"off"));
-        context.put("cloneStartTLS", (cloneStartTLS.equals("true")? "on":"off"));
+        context.put("secureConn", (secure.equals("true") ? "on" : "off"));
+        context.put("cloneStartTLS", (cloneStartTLS.equals("true") ? "on" : "off"));
         context.put("panel", "admin/console/config/databasepanel.vm");
         context.put("errorString", errorString);
     }
 
     public void initParams(HttpServletRequest request, Context context)
-                   throws IOException
-    {
+                   throws IOException {
         IConfigStore config = CMS.getConfigStore();
         String select = "";
         try {
@@ -395,8 +394,7 @@ public class DatabasePanel extends WizardPanelBase {
     }
 
     private LDAPConnection getLocalLDAPConn(Context context, String secure)
-                throws IOException
-    {
+                throws IOException {
         IConfigStore cs = CMS.getConfigStore();
 
         String host = "";
@@ -409,7 +407,7 @@ public class DatabasePanel extends WizardPanelBase {
             host = cs.getString("internaldb.ldapconn.host");
             port = cs.getString("internaldb.ldapconn.port");
             binddn = cs.getString("internaldb.ldapauth.bindDN");
-            pwd = (String) context.get("bindpwd");    
+            pwd = (String) context.get("bindpwd");
             security = cs.getString("internaldb.ldapconn.secureConn");
         } catch (Exception e) {
             CMS.debug("DatabasePanel populateDB: " + e.toString());
@@ -428,12 +426,12 @@ public class DatabasePanel extends WizardPanelBase {
 
         LDAPConnection conn = null;
         if (security.equals("true")) {
-          CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap");
-          conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
-	} else {
-          CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap");
-          conn = new LDAPConnection();
-	}
+            CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap");
+            conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+        } else {
+            CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap");
+            conn = new LDAPConnection();
+        }
 
         CMS.debug("DatabasePanel connecting to " + host + ":" + p);
         try {
@@ -443,81 +441,78 @@ public class DatabasePanel extends WizardPanelBase {
             throw new IOException("Failed to connect to the internal database.");
         }
 
-      return conn;
+        return conn;
     }
 
-    private boolean deleteDir(File dir) 
-    {
+    private boolean deleteDir(File dir) {
         if (dir.isDirectory()) {
             String[] children = dir.list();
-            for (int i=0; i<children.length; i++) {
+            for (int i = 0; i < children.length; i++) {
                 boolean success = deleteDir(new File(dir, children[i]));
                 if (!success) {
                     return false;
                 }
             }
         }
-    
+
         // The directory is now empty so delete it
         return dir.delete();
-    } 
+    }
 
-    private void cleanupDB(LDAPConnection conn, String baseDN, String database) 
-    {
+    private void cleanupDB(LDAPConnection conn, String baseDN, String database) {
         String[] entries = {};
         String filter = "objectclass=*";
         LDAPSearchConstraints cons = null;
         String[] attrs = null;
-        String dn="";
+        String dn = "";
         try {
             CMS.debug("Deleting baseDN: " + baseDN);
             LDAPSearchResults res = conn.search(baseDN, LDAPConnection.SCOPE_BASE, filter,
-                attrs, true, cons);
-            if (res != null) 
-            	deleteEntries(res, conn, baseDN, entries);
+                    attrs, true, cons);
+            if (res != null)
+                deleteEntries(res, conn, baseDN, entries);
+        } catch (LDAPException e) {
         }
-        catch (LDAPException e) {}
-        
+
         try {
-           dn="cn=mapping tree, cn=config";
-           filter = "nsslapd-backend=" + database;
-           LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
-              attrs, true, cons);
-          if (res != null) {
-              while (res.hasMoreElements()) {
-                  dn = res.next().getDN();
-                  filter = "objectclass=*";
-                  LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
-                      attrs, true, cons);
-                  if (res2 != null) 
-              	      deleteEntries(res2, conn, dn, entries);
-              }
-          }
-        }
-        catch (LDAPException e) {}
+            dn = "cn=mapping tree, cn=config";
+            filter = "nsslapd-backend=" + database;
+            LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
+                    attrs, true, cons);
+            if (res != null) {
+                while (res.hasMoreElements()) {
+                    dn = res.next().getDN();
+                    filter = "objectclass=*";
+                    LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
+                            attrs, true, cons);
+                    if (res2 != null)
+                        deleteEntries(res2, conn, dn, entries);
+                }
+            }
+        } catch (LDAPException e) {
+        }
 
         try {
             dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config";
             LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
-                attrs, true, cons);
+                    attrs, true, cons);
             if (res != null) {
                 deleteEntries(res, conn, dn, entries);
-                String dbdir = getInstanceDir(conn) + "/db/" + database; 
-                if (dbdir != null) { 
-            	    CMS.debug(" Deleting dbdir " + dbdir);
+                String dbdir = getInstanceDir(conn) + "/db/" + database;
+                if (dbdir != null) {
+                    CMS.debug(" Deleting dbdir " + dbdir);
                     boolean success = deleteDir(new File(dbdir));
                     if (!success) {
                         CMS.debug("Unable to delete database directory " + dbdir);
                     }
                 }
             }
+        } catch (LDAPException e) {
         }
-        catch (LDAPException e) {}
     }
 
-
-    private void populateDB(HttpServletRequest request, Context context, String secure) 
-        throws IOException {
+    private void populateDB(HttpServletRequest request, Context context, String secure)
+            throws IOException {
         IConfigStore cs = CMS.getConfigStore();
 
         String baseDN = "";
@@ -542,41 +537,44 @@ public class DatabasePanel extends WizardPanelBase {
         boolean foundDatabase = false;
         try {
             LDAPEntry entry = conn.read(baseDN);
-            if (entry != null) foundBaseDN = true;
+            if (entry != null)
+                foundBaseDN = true;
         } catch (LDAPException e) {
-            switch( e.getLDAPResultCode() ) {
-                case LDAPException.NO_SUCH_OBJECT:
-                    break;
-                default:
-                    CMS.debug("DatabasePanel update: LDAPException " + e.toString());
-                    throw new IOException("Failed to create the database");
+            switch (e.getLDAPResultCode()) {
+            case LDAPException.NO_SUCH_OBJECT:
+                break;
+            default:
+                CMS.debug("DatabasePanel update: LDAPException " + e.toString());
+                throw new IOException("Failed to create the database");
             }
         }
 
         try {
             dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config";
             LDAPEntry entry = conn.read(dn);
-            if (entry != null) foundDatabase = true;
+            if (entry != null)
+                foundDatabase = true;
         } catch (LDAPException e) {
-            switch( e.getLDAPResultCode() ) {
-                case LDAPException.NO_SUCH_OBJECT:
-                    break;
-                default:
-                    CMS.debug("DatabasePanel update: LDAPException " + e.toString());
-                    throw new IOException("Failed to create the database");
+            switch (e.getLDAPResultCode()) {
+            case LDAPException.NO_SUCH_OBJECT:
+                break;
+            default:
+                CMS.debug("DatabasePanel update: LDAPException " + e.toString());
+                throw new IOException("Failed to create the database");
             }
         }
         try {
             dn = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config";
             LDAPEntry entry = conn.read(dn);
-            if (entry != null) foundDatabase = true;
+            if (entry != null)
+                foundDatabase = true;
         } catch (LDAPException e) {
-            switch( e.getLDAPResultCode() ) {
-                case LDAPException.NO_SUCH_OBJECT:
-                    break;
-                default:
-                    CMS.debug("DatabasePanel update: LDAPException " + e.toString());
-                    throw new IOException("Failed to create the database");
+            switch (e.getLDAPResultCode()) {
+            case LDAPException.NO_SUCH_OBJECT:
+                break;
+            default:
+                CMS.debug("DatabasePanel update: LDAPException " + e.toString());
+                throw new IOException("Failed to create the database");
             }
         }
 
@@ -584,8 +582,7 @@ public class DatabasePanel extends WizardPanelBase {
             CMS.debug("DatabasePanel update: This database has already been used.");
             if (remove == null) {
                 throw new IOException("This database has already been used. Select the checkbox below to remove all data and reuse this database");
-            }
-            else {
+            } else {
                 CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN");
                 cleanupDB(conn, baseDN, database);
                 foundBaseDN = false;
@@ -596,9 +593,8 @@ public class DatabasePanel extends WizardPanelBase {
         if (foundBaseDN) {
             CMS.debug("DatabasePanel update: This base DN has already been used.");
             if (remove == null) {
-                throw new IOException("This base DN ("+baseDN+") has already been used. Select the checkbox below to remove all data and reuse this base DN");
-            }
-            else {
+                throw new IOException("This base DN (" + baseDN + ") has already been used. Select the checkbox below to remove all data and reuse this base DN");
+            } else {
                 CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN");
                 cleanupDB(conn, baseDN, database);
                 foundBaseDN = false;
@@ -609,7 +605,7 @@ public class DatabasePanel extends WizardPanelBase {
         // create database
         try {
             LDAPAttributeSet attrs = new LDAPAttributeSet();
-            String oc[] = { "top", "extensibleObject", "nsBackendInstance"};
+            String oc[] = { "top", "extensibleObject", "nsBackendInstance" };
             attrs.add(new LDAPAttribute("objectClass", oc));
             attrs.add(new LDAPAttribute("cn", database));
             attrs.add(new LDAPAttribute("nsslapd-suffix", baseDN));
@@ -623,7 +619,7 @@ public class DatabasePanel extends WizardPanelBase {
 
         try {
             LDAPAttributeSet attrs = new LDAPAttributeSet();
-            String oc2[] = { "top", "extensibleObject", "nsMappingTree"};
+            String oc2[] = { "top", "extensibleObject", "nsMappingTree" };
             attrs.add(new LDAPAttribute("objectClass", oc2));
             attrs.add(new LDAPAttribute("cn", baseDN));
             attrs.add(new LDAPAttribute("nsslapd-backend", database));
@@ -644,19 +640,19 @@ public class DatabasePanel extends WizardPanelBase {
             String n = st.nextToken();
             String v = st.nextToken();
             LDAPAttributeSet attrs = new LDAPAttributeSet();
-            String oc3[] = { "top", "domain"};
+            String oc3[] = { "top", "domain" };
             if (n.equals("o")) {
-              oc3[1] = "organization";
+                oc3[1] = "organization";
             } else if (n.equals("ou")) {
-              oc3[1] = "organizationalUnit";
-            } 
+                oc3[1] = "organizationalUnit";
+            }
             attrs.add(new LDAPAttribute("objectClass", oc3));
             attrs.add(new LDAPAttribute(n, v));
             LDAPEntry entry = new LDAPEntry(baseDN, attrs);
             conn.add(entry);
         } catch (Exception e) {
             CMS.debug("Warning: suffix creation error - " + e.toString());
-            throw new IOException("Failed to create the base DN: "+baseDN);
+            throw new IOException("Failed to create the base DN: " + baseDN);
         }
 
         // check to see if the base dn exists
@@ -666,15 +662,17 @@ public class DatabasePanel extends WizardPanelBase {
             LDAPEntry entry = conn.read(baseDN);
 
             if (entry != null) {
-                foundBaseDN = true; 
+                foundBaseDN = true;
             }
-        } catch (LDAPException e) {}
+        } catch (LDAPException e) {
+        }
         boolean createBaseDN = true;
 
         boolean testing = false;
         try {
             testing = cs.getBoolean("internaldb.multipleSuffix.enable", false);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         if (!foundBaseDN) {
             if (!testing) {
@@ -697,7 +695,7 @@ public class DatabasePanel extends WizardPanelBase {
                 // support only one level creation - create new entry
                 // right under the suffix
                 LDAPAttributeSet attrs = new LDAPAttributeSet();
-                String oc[] = { "top", "organizationalUnit"};
+                String oc[] = { "top", "organizationalUnit" };
 
                 attrs.add(new LDAPAttribute("objectClass", oc));
                 attrs.add(new LDAPAttribute("ou", dns2[0]));
@@ -705,7 +703,7 @@ public class DatabasePanel extends WizardPanelBase {
 
                 try {
                     conn.add(entry);
-                    foundBaseDN = true; 
+                    foundBaseDN = true;
                     CMS.debug("DatabasePanel added " + baseDN);
                 } catch (LDAPException e) {
                     throw new IOException("Failed to create " + baseDN);
@@ -723,25 +721,26 @@ public class DatabasePanel extends WizardPanelBase {
         }
 
         if (select.equals("clone")) {
-          // if this is clone, add index before replication
-          // don't put in the schema or bad things will happen
-          
-          importLDIFS("preop.internaldb.ldif", conn);
-          importLDIFS("preop.internaldb.index_ldif", conn);
+            // if this is clone, add index before replication
+            // don't put in the schema or bad things will happen
+
+            importLDIFS("preop.internaldb.ldif", conn);
+            importLDIFS("preop.internaldb.index_ldif", conn);
         } else {
-          // data will be replicated from the master to the clone
-          // so clone does not need the data
-          //
+            // data will be replicated from the master to the clone
+            // so clone does not need the data
+            //
 
-          importLDIFS("preop.internaldb.schema.ldif", conn);         
-          importLDIFS("preop.internaldb.ldif", conn); 
-          importLDIFS("preop.internaldb.data_ldif", conn);
-          importLDIFS("preop.internaldb.index_ldif", conn);
+            importLDIFS("preop.internaldb.schema.ldif", conn);
+            importLDIFS("preop.internaldb.ldif", conn);
+            importLDIFS("preop.internaldb.data_ldif", conn);
+            importLDIFS("preop.internaldb.index_ldif", conn);
         }
 
         try {
             conn.disconnect();
-        } catch (LDAPException e) {}
+        } catch (LDAPException e) {
+        }
     }
 
     private void importLDIFS(String param, LDAPConnection conn) throws IOException {
@@ -751,11 +750,11 @@ public class DatabasePanel extends WizardPanelBase {
         CMS.debug("DatabasePanel populateDB param=" + param);
         try {
             v = cs.getString(param);
-        } catch (EBaseException e) {  
+        } catch (EBaseException e) {
             CMS.debug("DatabasePanel populateDB: " + e.toString());
             throw new IOException("Cant find ldif files.");
         }
- 
+
         StringTokenizer tokenizer = new StringTokenizer(v, ",");
         String baseDN = null;
         String database = null;
@@ -787,13 +786,12 @@ public class DatabasePanel extends WizardPanelBase {
         String instanceId = null;
 
         try {
-            instanceId = cs.getString("instanceId"); 
+            instanceId = cs.getString("instanceId");
         } catch (EBaseException e) {
             throw new IOException("instanceId is missing");
         }
 
-
-        String configDir = instancePath + File.separator + "conf"; 
+        String configDir = instancePath + File.separator + "conf";
 
         while (tokenizer.hasMoreTokens()) {
             String token = tokenizer.nextToken().trim();
@@ -846,11 +844,11 @@ public class DatabasePanel extends WizardPanelBase {
                         if (!endOfline) {
                             ps.println(s);
                         }
-                    } 
+                    }
                 }
                 in.close();
                 ps.close();
-            } catch (Exception e) { 
+            } catch (Exception e) {
                 CMS.debug("DBSubsystem popuateDB: " + e.toString());
                 throw new IOException(
                         "Problem of copying ldif file: " + filename);
@@ -867,7 +865,7 @@ public class DatabasePanel extends WizardPanelBase {
             HttpServletResponse response,
             Context context) throws IOException {
         IConfigStore cs = CMS.getConfigStore();
-	boolean hasErr = false;
+        boolean hasErr = false;
 
         boolean firsttime = false;
         context.put("firsttime", "false");
@@ -903,17 +901,17 @@ public class DatabasePanel extends WizardPanelBase {
         cs.putString("internaldb.ldapauth.bindDN", binddn);
         cs.putString("internaldb.database", database2);
         String secure = HttpInput.getCheckbox(request, "secureConn");
-        cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on")?"true":"false"));
+        cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on") ? "true" : "false"));
         String cloneStartTLS = HttpInput.getCheckbox(request, "cloneStartTLS");
-        cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on")?"true":"false"));
+        cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on") ? "true" : "false"));
 
         String remove = HttpInput.getID(request, "removeData");
         if (isPanelDone() && (remove == null || remove.equals(""))) {
-             /* if user submits the same data, they just want to skip 
-                to the next panel, no database population is required. */
-            if (hostname1.equals(hostname2) && 
-                portStr1.equals(portStr2) && 
-                database1.equals(database2)) {
+            /* if user submits the same data, they just want to skip 
+               to the next panel, no database population is required. */
+            if (hostname1.equals(hostname2) &&
+                    portStr1.equals(portStr2) &&
+                    database1.equals(database2)) {
                 context.put("updateStatus", "success");
                 return;
             }
@@ -921,15 +919,14 @@ public class DatabasePanel extends WizardPanelBase {
 
         mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
 
-
         try {
-            populateDB(request, context, (secure.equals("on")?"true":"false"));
+            populateDB(request, context, (secure.equals("on") ? "true" : "false"));
         } catch (IOException e) {
-            CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString());
+            CMS.debug("DatabasePanel update: populateDB Exception: " + e.toString());
             context.put("updateStatus", "failure");
             throw e;
         } catch (Exception e) {
-            CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString());
+            CMS.debug("DatabasePanel update: populateDB Exception: " + e.toString());
             context.put("errorString", e.toString());
             cs.putString("preop.database.errorString", e.toString());
             context.put("updateStatus", "failure");
@@ -950,11 +947,11 @@ public class DatabasePanel extends WizardPanelBase {
         } catch (Exception e) {
             CMS.debug("ConfigDatabaseServlet update: " + e.toString());
             context.put("updateStatus", "failure");
-            throw new IOException( e.toString() );
+            throw new IOException(e.toString());
         }
         psStore.putString("internaldb", bindpwd);
         psStore.putString("replicationdb", replicationpwd);
-        cs.putString("preop.internaldb.replicationpwd" , replicationpwd);
+        cs.putString("preop.internaldb.replicationpwd", replicationpwd);
         cs.putString("preop.database.removeData", "false");
 
         try {
@@ -983,57 +980,57 @@ public class DatabasePanel extends WizardPanelBase {
 
         // always populate the index the last
         try {
-          CMS.debug("Populating local indexes");
-          LDAPConnection conn = getLocalLDAPConn(context, 
-                            (secure.equals("on")?"true":"false"));
-          importLDIFS("preop.internaldb.post_ldif", conn);
-
-          /* For vlvtask, we need to check if the task has 
-             been completed or not.  Presence of nsTaskExitCode means task is complete
-           */
-          String wait_dn = cs.getString("preop.internaldb.wait_dn", "");
-          if (!wait_dn.equals("")) {
-            int i = 0;
-            LDAPEntry task = null;
-            boolean taskComplete = false;
-            CMS.debug("Checking wait_dn " + wait_dn);
-            do {
-              Thread.sleep(1000);
-              try {
-                task = conn.read(wait_dn, (String[])null);
-                if (task != null) {
-                   LDAPAttribute attr = task.getAttribute("nsTaskExitCode");
-                   if (attr != null) {
-                       taskComplete = true;
-                       String val = (String) attr.getStringValues().nextElement();
-                       if (val.compareTo("0") != 0) {
-                           CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val);
-                       } 
-                   } 
+            CMS.debug("Populating local indexes");
+            LDAPConnection conn = getLocalLDAPConn(context,
+                            (secure.equals("on") ? "true" : "false"));
+            importLDIFS("preop.internaldb.post_ldif", conn);
+
+            /* For vlvtask, we need to check if the task has 
+               been completed or not.  Presence of nsTaskExitCode means task is complete
+             */
+            String wait_dn = cs.getString("preop.internaldb.wait_dn", "");
+            if (!wait_dn.equals("")) {
+                int i = 0;
+                LDAPEntry task = null;
+                boolean taskComplete = false;
+                CMS.debug("Checking wait_dn " + wait_dn);
+                do {
+                    Thread.sleep(1000);
+                    try {
+                        task = conn.read(wait_dn, (String[]) null);
+                        if (task != null) {
+                            LDAPAttribute attr = task.getAttribute("nsTaskExitCode");
+                            if (attr != null) {
+                                taskComplete = true;
+                                String val = (String) attr.getStringValues().nextElement();
+                                if (val.compareTo("0") != 0) {
+                                    CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val);
+                                }
+                            }
+                        }
+                    } catch (LDAPException le) {
+                        CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")");
+                    } catch (Exception e) {
+                        CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ").");
+                    }
+                } while ((!taskComplete) && (i < 20));
+                if (i < 20) {
+                    CMS.debug("Done checking wait_dn " + wait_dn);
+                } else {
+                    CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout.");
                 }
-              } catch (LDAPException le) {
-                CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")");
-              } catch (Exception e) {
-                CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ").");
-              }
-            } while ((!taskComplete) && (i < 20));
-            if (i < 20) {
-              CMS.debug("Done checking wait_dn " + wait_dn);
-            } else {
-              CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout.");
             }
-          }
 
-          conn.disconnect();
-          CMS.debug("Done populating local indexes");
+            conn.disconnect();
+            CMS.debug("Done populating local indexes");
         } catch (Exception e) {
-          CMS.debug("Populating index failure - " + e);
+            CMS.debug("Populating index failure - " + e);
         }
 
         // setup replication after indexes have been created
         if (select.equals("clone")) {
             CMS.debug("Start setting up replication.");
-            setupReplication(request, context, (secure.equals("on")?"true":"false"), (cloneStartTLS.equals("on")?"true":"false"));
+            setupReplication(request, context, (secure.equals("on") ? "true" : "false"), (cloneStartTLS.equals("on") ? "true" : "false"));
             CMS.debug("Finish setting up replication.");
 
             try {
@@ -1048,25 +1045,24 @@ public class DatabasePanel extends WizardPanelBase {
             }
         }
 
-
         if (hasErr == false) {
-          cs.putBoolean("preop.Database.done", true);
-          try {
-            cs.commit(false);
-          } catch (EBaseException e) { 
-            CMS.debug(
-                  "DatabasePanel: update() Exception caught at config commit: "
-                            + e.toString());
-	  }
-	}
+            cs.putBoolean("preop.Database.done", true);
+            try {
+                cs.commit(false);
+            } catch (EBaseException e) {
+                CMS.debug(
+                        "DatabasePanel: update() Exception caught at config commit: "
+                                + e.toString());
+            }
+        }
         context.put("updateStatus", "success");
     }
 
     private void setupReplication(HttpServletRequest request,
-				  Context context, String secure, String cloneStartTLS) throws IOException {
+                  Context context, String secure, String cloneStartTLS) throws IOException {
         String bindpwd = HttpInput.getPassword(request, "__bindpwd");
         IConfigStore cs = CMS.getConfigStore();
- 
+
         String cstype = "";
         String machinename = "";
         String instanceId = "";
@@ -1078,13 +1074,12 @@ public class DatabasePanel extends WizardPanelBase {
         } catch (Exception e) {
         }
 
-
         //setup replication agreement
-        String masterAgreementName = "masterAgreement1-"+machinename+"-"+instanceId;
+        String masterAgreementName = "masterAgreement1-" + machinename + "-" + instanceId;
         cs.putString("internaldb.replication.master", masterAgreementName);
-        String cloneAgreementName = "cloneAgreement1-"+machinename+"-"+instanceId;
+        String cloneAgreementName = "cloneAgreement1-" + machinename + "-" + instanceId;
         cs.putString("internaldb.replication.consumer", cloneAgreementName);
- 
+
         try {
             cs.commit(false);
         } catch (Exception e) {
@@ -1119,18 +1114,18 @@ public class DatabasePanel extends WizardPanelBase {
             master2_replicationpwd = cs.getString("preop.internaldb.replicationpwd", "");
         } catch (Exception e) {
         }
-  
+
         LDAPConnection conn1 = null;
         LDAPConnection conn2 = null;
         if (secure.equals("true")) {
-          CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap");
-          conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
-          conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
-	} else {
-          CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap");
-          conn1 = new LDAPConnection();
-          conn2 = new LDAPConnection();
-	}
+            CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap");
+            conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+            conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+        } else {
+            CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap");
+            conn1 = new LDAPConnection();
+            conn2 = new LDAPConnection();
+        }
 
         String basedn = "";
         try {
@@ -1140,13 +1135,13 @@ public class DatabasePanel extends WizardPanelBase {
 
         try {
             conn1.connect(master1_hostname, master1_port, master1_binddn,
-              master1_bindpwd);
+                    master1_bindpwd);
             conn2.connect(master2_hostname, master2_port, master2_binddn,
-              master2_bindpwd);
+                    master2_bindpwd);
             String suffix = cs.getString("internaldb.basedn", "");
 
-            String replicadn = "cn=replica,cn=\""+suffix+"\",cn=mapping tree,cn=config";
-            CMS.debug("DatabasePanel setupReplication: replicadn="+replicadn);
+            String replicadn = "cn=replica,cn=\"" + suffix + "\",cn=mapping tree,cn=config";
+            CMS.debug("DatabasePanel setupReplication: replicadn=" + replicadn);
 
             String masterBindUser = "Replication Manager " + masterAgreementName;
             String cloneBindUser = "Replication Manager " + cloneAgreementName;
@@ -1168,16 +1163,16 @@ public class DatabasePanel extends WizardPanelBase {
 
             CMS.debug("DatabasePanel setupReplication: Finished enabling replication");
 
-            createReplicationAgreement(replicadn, conn1, masterAgreementName, 
-              master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS);
+            createReplicationAgreement(replicadn, conn1, masterAgreementName,
+                    master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS);
 
-            createReplicationAgreement(replicadn, conn2, cloneAgreementName, 
-              master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS);
+            createReplicationAgreement(replicadn, conn2, cloneAgreementName,
+                    master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS);
 
             // initialize consumer
             initializeConsumer(replicadn, conn1, masterAgreementName);
 
-            while (! replicationDone(replicadn, conn1, masterAgreementName)) {
+            while (!replicationDone(replicadn, conn1, masterAgreementName)) {
                 CMS.debug("DatabasePanel setupReplication: Waiting for replication to complete");
                 Thread.sleep(1000);
             }
@@ -1185,12 +1180,12 @@ public class DatabasePanel extends WizardPanelBase {
             String status = replicationStatus(replicadn, conn1, masterAgreementName);
             if (!status.startsWith("0 ")) {
                 CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " +
-                    status);
+                        status);
                 throw new IOException("consumer initialization failed. " + status);
-            } 
+            }
 
         } catch (Exception e) {
-            CMS.debug("DatabasePanel setupReplication: "+e.toString());
+            CMS.debug("DatabasePanel setupReplication: " + e.toString());
             throw new IOException("Failed to setup the replication for cloning.");
         }
     }
@@ -1203,15 +1198,15 @@ public class DatabasePanel extends WizardPanelBase {
             Context context) {
 
         try {
-          initParams(request, context);
-        } catch (IOException e) { 
+            initParams(request, context);
+        } catch (IOException e) {
         }
         context.put("title", "Database");
         context.put("panel", "admin/console/config/databasepanel.vm");
     }
 
     private void createReplicationManager(LDAPConnection conn, String bindUser, String pwd)
-      throws LDAPException {
+            throws LDAPException {
         LDAPAttributeSet attrs = null;
         LDAPEntry entry = null;
         String dn = "cn=" + bindUser + ",cn=config";
@@ -1231,11 +1226,11 @@ public class DatabasePanel extends WizardPanelBase {
                     conn.delete(dn);
                     conn.add(entry);
                 } catch (LDAPException ee) {
-                    CMS.debug("DatabasePanel createReplicationManager: "+ee.toString());
+                    CMS.debug("DatabasePanel createReplicationManager: " + ee.toString());
                 }
                 return;
             } else {
-                CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: "+e.toString());
+                CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: " + e.toString());
                 throw e;
             }
         }
@@ -1244,7 +1239,7 @@ public class DatabasePanel extends WizardPanelBase {
     }
 
     private void createChangeLog(LDAPConnection conn, String dir)
-      throws LDAPException {
+            throws LDAPException {
         LDAPAttributeSet attrs = null;
         LDAPEntry entry = null;
         String dn = "cn=changelog5,cn=config";
@@ -1259,17 +1254,17 @@ public class DatabasePanel extends WizardPanelBase {
         } catch (LDAPException e) {
             if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
                 CMS.debug("DatabasePanel createChangeLog: Changelog entry has already used");
-/* leave it, dont delete it because it will have operation error
-                try {
-                    conn.delete(dn);
-                    conn.add(entry);
-                } catch (LDAPException ee) {
-                    CMS.debug("DatabasePanel createChangeLog: "+ee.toString());
-                }
-*/
+                /* leave it, dont delete it because it will have operation error
+                                try {
+                                    conn.delete(dn);
+                                    conn.add(entry);
+                                } catch (LDAPException ee) {
+                                    CMS.debug("DatabasePanel createChangeLog: "+ee.toString());
+                                }
+                */
                 return;
             } else {
-                CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: "+e.toString());
+                CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: " + e.toString());
                 throw e;
             }
         }
@@ -1278,8 +1273,8 @@ public class DatabasePanel extends WizardPanelBase {
     }
 
     private int enableReplication(String replicadn, LDAPConnection conn, String bindUser, String basedn, int id)
-      throws LDAPException {
-        CMS.debug("DatabasePanel enableReplication: replicadn: "+replicadn);
+            throws LDAPException {
+        CMS.debug("DatabasePanel enableReplication: replicadn: " + replicadn);
         LDAPAttributeSet attrs = null;
         LDAPEntry entry = null;
         try {
@@ -1290,7 +1285,7 @@ public class DatabasePanel extends WizardPanelBase {
             attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn));
             attrs.add(new LDAPAttribute("nsDS5ReplicaType", "3"));
             attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN",
-              "cn=" + bindUser + ",cn=config"));
+                    "cn=" + bindUser + ",cn=config"));
             attrs.add(new LDAPAttribute("cn", "replica"));
             attrs.add(new LDAPAttribute("nsDS5ReplicaId", Integer.toString(id)));
             attrs.add(new LDAPAttribute("nsds5flags", "1"));
@@ -1300,47 +1295,47 @@ public class DatabasePanel extends WizardPanelBase {
             if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
                 /* BZ 470918 -we cant just add the new dn.  We need to do a replace instead 
                  * until the DS code is fixed */
-                CMS.debug("DatabasePanel enableReplication: "+replicadn+" has already been used");
-                
+                CMS.debug("DatabasePanel enableReplication: " + replicadn + " has already been used");
+
                 try {
                     entry = conn.read(replicadn);
                     LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN");
-                    attr.addValue( "cn=" + bindUser + ",cn=config");
+                    attr.addValue("cn=" + bindUser + ",cn=config");
                     LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr);
                     conn.modify(replicadn, mod);
                 } catch (LDAPException ee) {
-                    CMS.debug("DatabasePanel enableReplication: Failed to modify " 
-                        +replicadn+" entry. Exception: "+e.toString());
+                    CMS.debug("DatabasePanel enableReplication: Failed to modify "
+                            + replicadn + " entry. Exception: " + e.toString());
                 }
                 return id;
             } else {
-                CMS.debug("DatabasePanel enableReplication: Failed to create "+replicadn+" entry. Exception: "+e.toString());
+                CMS.debug("DatabasePanel enableReplication: Failed to create " + replicadn + " entry. Exception: " + e.toString());
                 return id;
             }
         }
 
-        CMS.debug("DatabasePanel enableReplication: Successfully create "+replicadn+" entry.");
+        CMS.debug("DatabasePanel enableReplication: Successfully create " + replicadn + " entry.");
         return id + 1;
     }
 
-    private void createReplicationAgreement(String replicadn, 
-      LDAPConnection conn, String name, String replicahost, int replicaport, 
-      String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException {
-        String dn = "cn="+name+","+replicadn;
-        CMS.debug("DatabasePanel createReplicationAgreement: dn: "+dn);
+    private void createReplicationAgreement(String replicadn,
+            LDAPConnection conn, String name, String replicahost, int replicaport,
+            String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException {
+        String dn = "cn=" + name + "," + replicadn;
+        CMS.debug("DatabasePanel createReplicationAgreement: dn: " + dn);
         LDAPEntry entry = null;
         LDAPAttributeSet attrs = null;
         try {
             attrs = new LDAPAttributeSet();
             attrs.add(new LDAPAttribute("objectclass", "top"));
             attrs.add(new LDAPAttribute("objectclass",
-              "nsds5replicationagreement"));
+                    "nsds5replicationagreement"));
             attrs.add(new LDAPAttribute("cn", name));
             attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn));
             attrs.add(new LDAPAttribute("nsDS5ReplicaHost", replicahost));
-            attrs.add(new LDAPAttribute("nsDS5ReplicaPort", ""+replicaport));
+            attrs.add(new LDAPAttribute("nsDS5ReplicaPort", "" + replicaport));
             attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN",
-              "cn=" + bindUser + ",cn=config"));
+                    "cn=" + bindUser + ",cn=config"));
             attrs.add(new LDAPAttribute("nsDS5ReplicaBindMethod", "Simple"));
             attrs.add(new LDAPAttribute("nsds5replicacredentials", replicapwd));
 
@@ -1351,50 +1346,50 @@ public class DatabasePanel extends WizardPanelBase {
             }
 
             CMS.debug("About to set description attr to " + name);
-            attrs.add(new LDAPAttribute("description",name));
+            attrs.add(new LDAPAttribute("description", name));
 
             entry = new LDAPEntry(dn, attrs);
             conn.add(entry);
         } catch (LDAPException e) {
             if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
-                CMS.debug("DatabasePanel createReplicationAgreement: "+dn+" has already used");
+                CMS.debug("DatabasePanel createReplicationAgreement: " + dn + " has already used");
                 try {
                     conn.delete(dn);
                 } catch (LDAPException ee) {
-                    CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString());
+                    CMS.debug("DatabasePanel createReplicationAgreement: " + ee.toString());
                     throw ee;
                 }
 
                 try {
                     conn.add(entry);
                 } catch (LDAPException ee) {
-                    CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString());
+                    CMS.debug("DatabasePanel createReplicationAgreement: " + ee.toString());
                     throw ee;
                 }
             } else {
-                CMS.debug("DatabasePanel createReplicationAgreement: Failed to create "+dn+" entry. Exception: "+e.toString());
+                CMS.debug("DatabasePanel createReplicationAgreement: Failed to create " + dn + " entry. Exception: " + e.toString());
                 throw e;
             }
         }
 
-        CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement "+name);
+        CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement " + name);
     }
 
-    private void initializeConsumer(String replicadn, LDAPConnection conn, 
-      String name) {
-        String dn = "cn="+name+","+replicadn;
-        CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: "+dn);
-        CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: "+conn.getHost() + " port: " + conn.getPort());
+    private void initializeConsumer(String replicadn, LDAPConnection conn,
+            String name) {
+        String dn = "cn=" + name + "," + replicadn;
+        CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: " + dn);
+        CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: " + conn.getHost() + " port: " + conn.getPort());
         try {
             LDAPAttribute attr = new LDAPAttribute("nsds5beginreplicarefresh",
-              "start");
+                    "start");
             LDAPModification mod = new LDAPModification(
-              LDAPModification.REPLACE, attr);
+                    LDAPModification.REPLACE, attr);
             CMS.debug("DatabasePanel initializeConsumer: start modifying");
             conn.modify(dn, mod);
             CMS.debug("DatabasePanel initializeConsumer: Finish modification.");
         } catch (LDAPException e) {
-            CMS.debug("DatabasePanel initializeConsumer: Failed to modify "+dn+" entry. Exception: "+e.toString());
+            CMS.debug("DatabasePanel initializeConsumer: Failed to modify " + dn + " entry. Exception: " + e.toString());
             return;
         } catch (Exception e) {
             CMS.debug("DatabasePanel initializeConsumer: exception " + e);
@@ -1405,33 +1400,33 @@ public class DatabasePanel extends WizardPanelBase {
             Thread.sleep(5000);
             CMS.debug("DatabasePanel initializeConsumer: finish sleeping.");
         } catch (InterruptedException ee) {
-            CMS.debug("DatabasePanel initializeConsumer: exception: "+ee.toString());
+            CMS.debug("DatabasePanel initializeConsumer: exception: " + ee.toString());
         }
 
         CMS.debug("DatabasePanel initializeConsumer: Successfully initialize consumer");
     }
 
-    private boolean replicationDone(String replicadn, LDAPConnection conn, String name) 
-      throws IOException {
-        String dn = "cn="+name+","+replicadn;
+    private boolean replicationDone(String replicadn, LDAPConnection conn, String name)
+            throws IOException {
+        String dn = "cn=" + name + "," + replicadn;
         String filter = "(objectclass=*)";
-        String[] attrs = {"nsds5beginreplicarefresh"};
+        String[] attrs = { "nsds5beginreplicarefresh" };
 
-        CMS.debug("DatabasePanel replicationDone: dn: "+dn);
+        CMS.debug("DatabasePanel replicationDone: dn: " + dn);
         try {
             LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
-              attrs, true);
+                    attrs, true);
 
             int count = results.getCount();
             if (count < 1) {
                 throw new IOException("Replication entry not found");
-            } 
-           
+            }
+
             LDAPEntry entry = results.next();
             LDAPAttribute refresh = entry.getAttribute("nsds5beginreplicarefresh");
             if (refresh == null) {
                 return true;
-            } 
+            }
             return false;
         } catch (Exception e) {
             CMS.debug("DatabasePanel replicationDone: exception " + e);
@@ -1439,29 +1434,29 @@ public class DatabasePanel extends WizardPanelBase {
         }
     }
 
-    private String replicationStatus(String replicadn, LDAPConnection conn, String name) 
-      throws IOException {
-        String dn = "cn="+name+","+replicadn;
+    private String replicationStatus(String replicadn, LDAPConnection conn, String name)
+            throws IOException {
+        String dn = "cn=" + name + "," + replicadn;
         String filter = "(objectclass=*)";
-        String[] attrs = {"nsds5replicalastinitstatus"};
+        String[] attrs = { "nsds5replicalastinitstatus" };
         String status = null;
 
-        CMS.debug("DatabasePanel replicationStatus: dn: "+dn);
+        CMS.debug("DatabasePanel replicationStatus: dn: " + dn);
         try {
             LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
-              attrs, false);
+                    attrs, false);
 
             int count = results.getCount();
             if (count < 1) {
                 throw new IOException("Replication entry not found");
-            } 
+            }
 
             LDAPEntry entry = results.next();
             LDAPAttribute attr = entry.getAttribute("nsds5replicalastinitstatus");
             if (attr != null) {
                 Enumeration valsInAttr = attr.getStringValues();
                 if (valsInAttr.hasMoreElements()) {
-                    return  (String)valsInAttr.nextElement();
+                    return (String) valsInAttr.nextElement();
                 } else {
                     throw new IOException("No value returned for nsds5replicalastinitstatus");
                 }
@@ -1475,35 +1470,35 @@ public class DatabasePanel extends WizardPanelBase {
     }
 
     private String getInstanceDir(LDAPConnection conn) {
-        String instancedir="";
+        String instancedir = "";
         try {
             String filter = "(objectclass=*)";
-            String[] attrs = {"nsslapd-directory"};
+            String[] attrs = { "nsslapd-directory" };
             LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config", LDAPv3.SCOPE_SUB,
-              filter, attrs, false);
+                    filter, attrs, false);
 
             while (results.hasMoreElements()) {
                 LDAPEntry entry = results.next();
                 String dn = entry.getDN();
-                CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: "+dn);
+                CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: " + dn);
                 LDAPAttributeSet entryAttrs = entry.getAttributeSet();
                 Enumeration attrsInSet = entryAttrs.getAttributes();
                 while (attrsInSet.hasMoreElements()) {
-                    LDAPAttribute nextAttr = (LDAPAttribute)attrsInSet.nextElement();
+                    LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement();
                     String attrName = nextAttr.getName();
-                    CMS.debug("DatabasePanel getInstanceDir: attribute name: "+attrName);
+                    CMS.debug("DatabasePanel getInstanceDir: attribute name: " + attrName);
                     Enumeration valsInAttr = nextAttr.getStringValues();
-                    while ( valsInAttr.hasMoreElements() ) {
-                        String nextValue = (String)valsInAttr.nextElement();
+                    while (valsInAttr.hasMoreElements()) {
+                        String nextValue = (String) valsInAttr.nextElement();
                         if (attrName.equalsIgnoreCase("nsslapd-directory")) {
-                            CMS.debug("DatabasePanel getInstanceDir: instanceDir="+nextValue);
-                            return nextValue.substring(0,nextValue.lastIndexOf("/db"));
+                            CMS.debug("DatabasePanel getInstanceDir: instanceDir=" + nextValue);
+                            return nextValue.substring(0, nextValue.lastIndexOf("/db"));
                         }
                     }
                 }
             }
         } catch (LDAPException e) {
-            CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: "+e.toString());
+            CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: " + e.toString());
         }
 
         return instancedir;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java
index d8fd7526..c44f6113 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
 import org.apache.velocity.app.Velocity;
 import org.apache.velocity.context.Context;
 
-
 public class DatabaseServlet extends BaseServlet {
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
index 1e1b6dec..d72984d2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.net.URLEncoder;
 import java.util.Locale;
@@ -42,25 +41,26 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
 
 public class DisplayCertChainPanel extends WizardPanelBase {
 
-    public DisplayCertChainPanel() {}
+    public DisplayCertChainPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Display Certificate Chain");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Display Certificate Chain");
         setId(id);
     }
- 
-    public boolean isSubPanel() { 
+
+    public boolean isSubPanel() {
         return true;
     }
 
@@ -70,7 +70,7 @@ public class DisplayCertChainPanel extends WizardPanelBase {
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         return set;
     }
 
@@ -86,8 +86,8 @@ public class DisplayCertChainPanel extends WizardPanelBase {
         IConfigStore cs = CMS.getConfigStore();
         // if we are root, no need to get the certificate chain.
 
-        try { 
-            String select = cs.getString("securitydomain.select","");
+        try {
+            String select = cs.getString("securitydomain.select", "");
             String type = cs.getString("preop.subsystem.select", "");
             String hierarchy = cs.getString("preop.hierarchy.select", "");
 
@@ -132,7 +132,8 @@ public class DisplayCertChainPanel extends WizardPanelBase {
 
         try {
             certchain_size = cs.getString(certChainConfigName, "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         int size = 0;
         Vector v = new Vector();
@@ -140,20 +141,22 @@ public class DisplayCertChainPanel extends WizardPanelBase {
         if (!certchain_size.equals("")) {
             try {
                 size = Integer.parseInt(certchain_size);
-            } catch (Exception e) {}         
+            } catch (Exception e) {
+            }
             for (int i = 0; i < size; i++) {
                 certChainConfigName = "preop." + type + ".certchain." + i;
                 try {
                     String c = cs.getString(certChainConfigName, "");
                     byte[] b_c = CryptoUtil.base64Decode(c);
                     CertPrettyPrint pp = new CertPrettyPrint(
-                            new X509CertImpl(b_c));                
+                            new X509CertImpl(b_c));
 
                     v.addElement(pp.toString(Locale.getDefault()));
-                } catch (Exception e) {}
+                } catch (Exception e) {
+                }
             }
         }
-       
+
         if (getId().equals("securitydomain")) {
             context.put("panelid", "securitydomain");
             context.put("panelname", "Security Domain Trust Verification");
@@ -184,7 +187,7 @@ public class DisplayCertChainPanel extends WizardPanelBase {
         importCertChain(getId());
 
         if (getId().equals("securitydomain")) {
-            int panel = getPanelNo()+1;
+            int panel = getPanelNo() + 1;
             IConfigStore cs = CMS.getConfigStore();
             try {
                 String sd_hostname = cs.getString("securitydomain.host", "");
@@ -192,23 +195,23 @@ public class DisplayCertChainPanel extends WizardPanelBase {
                 String cs_hostname = cs.getString("machineName", "");
                 int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1);
                 String subsystem = cs.getString("cs.type", "");
-                String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem;
+                String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem;
                 String encodedValue = URLEncoder.encode(urlVal, "UTF-8");
-                String sdurl =  "https://"+sd_hostname+":"+sd_port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue;
+                String sdurl = "https://" + sd_hostname + ":" + sd_port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue;
                 response.sendRedirect(sdurl);
 
                 // The user previously specified the CA Security Domain's
                 // SSL Admin port in the "Security Domain Panel";
                 // now retrieve this specified CA Security Domain's
                 // non-SSL EE, SSL Agent, and SSL EE ports:
-                cs.putString( "securitydomain.httpport", 
-                              getSecurityDomainPort( cs, "UnSecurePort" ) );
-                cs.putString("securitydomain.httpsagentport", 
-                              getSecurityDomainPort( cs, "SecureAgentPort" ) );
-                cs.putString("securitydomain.httpseeport", 
-                              getSecurityDomainPort( cs, "SecurePort" ) );
+                cs.putString("securitydomain.httpport",
+                              getSecurityDomainPort(cs, "UnSecurePort"));
+                cs.putString("securitydomain.httpsagentport",
+                              getSecurityDomainPort(cs, "SecureAgentPort"));
+                cs.putString("securitydomain.httpseeport",
+                              getSecurityDomainPort(cs, "SecurePort"));
             } catch (Exception ee) {
-                CMS.debug("DisplayCertChainPanel Exception="+ee.toString());
+                CMS.debug("DisplayCertChainPanel Exception=" + ee.toString());
             }
         }
         context.put("updateStatus", "success");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java
index 00871921..3bb8c73c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
 import org.apache.velocity.app.Velocity;
 import org.apache.velocity.context.Context;
 
-
 public class DisplayServlet extends BaseServlet {
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
index 9669ddb1..b330b705 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.net.URLEncoder;
@@ -58,22 +57,23 @@ public class DonePanel extends WizardPanelBase {
     public static final BigInteger BIG_ZERO = new BigInteger("0");
     public static final Long MINUS_ONE = Long.valueOf(-1);
     public static final String RESTART_SERVER_AFTER_CONFIGURATION =
-        "restart_server_after_configuration";
+            "restart_server_after_configuration";
     public static final String PKI_SECURITY_DOMAIN = "pki_security_domain";
 
-    public DonePanel() {}
+    public DonePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Done");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Done");
         setId(id);
@@ -88,15 +88,14 @@ public class DonePanel extends WizardPanelBase {
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
     private LDAPConnection getLDAPConn(Context context)
-            throws IOException
-    {
+            throws IOException {
         IConfigStore cs = CMS.getConfigStore();
 
         String host = "";
@@ -112,8 +111,8 @@ public class DonePanel extends WizardPanelBase {
             pwd = pwdStore.getPassword("internaldb");
         }
 
-        if ( pwd == null) {
-           throw new IOException("DonePanel: Failed to obtain password from password store");
+        if (pwd == null) {
+            throw new IOException("DonePanel: Failed to obtain password from password store");
         }
 
         try {
@@ -138,11 +137,11 @@ public class DonePanel extends WizardPanelBase {
 
         LDAPConnection conn = null;
         if (security.equals("true")) {
-          CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap");
-          conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+            CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap");
+            conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
         } else {
-          CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
-          conn = new LDAPConnection();
+            CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
+            conn = new LDAPConnection();
         }
 
         CMS.debug("DonePanel connecting to " + host + ":" + p);
@@ -153,10 +152,9 @@ public class DonePanel extends WizardPanelBase {
             throw new IOException("Failed to connect to the internal database.");
         }
 
-      return conn;
+        return conn;
     }
 
-
     /**
      * Display the panel.
      */
@@ -193,31 +191,32 @@ public class DonePanel extends WizardPanelBase {
             instanceRoot = cs.getString("instanceRoot");
             select = cs.getString("preop.subsystem.select", "");
             systemdService = cs.getString("pkicreate.systemd.servicename", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         String initDaemon = "";
         if (type.equals("CA")) {
-			initDaemon = "pki-cad";
+            initDaemon = "pki-cad";
         } else if (type.equals("KRA")) {
-			initDaemon = "pki-krad";
+            initDaemon = "pki-krad";
         } else if (type.equals("OCSP")) {
-			initDaemon = "pki-ocspd";
+            initDaemon = "pki-ocspd";
         } else if (type.equals("TKS")) {
-			initDaemon = "pki-tksd";
+            initDaemon = "pki-tksd";
         }
-        String os = System.getProperty( "os.name" );
-        if( os.equalsIgnoreCase( "Linux" ) ) {
-            if (! systemdService.equals("")) {
-                context.put( "initCommand", "/bin/systemctl");
-                context.put( "instanceId", systemdService );
+        String os = System.getProperty("os.name");
+        if (os.equalsIgnoreCase("Linux")) {
+            if (!systemdService.equals("")) {
+                context.put("initCommand", "/bin/systemctl");
+                context.put("instanceId", systemdService);
             } else {
-                context.put( "initCommand", "/sbin/service " + initDaemon );
-                context.put( "instanceId", instanceId );
+                context.put("initCommand", "/sbin/service " + initDaemon);
+                context.put("instanceId", instanceId);
             }
         } else {
             /* default case:  e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
-            context.put( "initCommand", "/etc/init.d/" + initDaemon );
-            context.put( "instanceId", instanceId );
+            context.put("initCommand", "/etc/init.d/" + initDaemon);
+            context.put("instanceId", instanceId);
         }
         context.put("title", "Done");
         context.put("panel", "admin/console/config/donepanel.vm");
@@ -233,7 +232,7 @@ public class DonePanel extends WizardPanelBase {
                 return;
             } else
                 context.put("csstate", "0");
-       
+
         } catch (Exception e) {
         }
 
@@ -280,11 +279,11 @@ public class DonePanel extends WizardPanelBase {
                 String basedn = cs.getString("internaldb.basedn");
                 String secdomain = cs.getString("securitydomain.name");
 
-                try {                
+                try {
                     // Create security domain ldap entry
                     String dn = "ou=Security Domain," + basedn;
                     CMS.debug("DonePanel: creating ldap entry : " + dn);
-                 
+
                     LDAPEntry entry = null;
                     LDAPAttributeSet attrs = null;
                     attrs = new LDAPAttributeSet();
@@ -305,10 +304,10 @@ public class DonePanel extends WizardPanelBase {
                     throw e;
                 }
 
-                try { 
+                try {
                     // create list containers
-                    String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"};
-                    for (int i=0; i< clist.length; i++) {
+                    String clist[] = { "CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList" };
+                    for (int i = 0; i < clist.length; i++) {
                         LDAPEntry entry = null;
                         LDAPAttributeSet attrs = null;
                         String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn;
@@ -320,9 +319,9 @@ public class DonePanel extends WizardPanelBase {
                         conn.add(entry);
                     }
                 } catch (Exception e) {
-                    CMS.debug("Unable to create security domain list groups" );
+                    CMS.debug("Unable to create security domain list groups");
                     throw e;
-                }  
+                }
 
                 try {
                     // Add this host (only CA can create new domain) 
@@ -340,8 +339,8 @@ public class DonePanel extends WizardPanelBase {
                     attrs.add(new LDAPAttribute("SecureAdminPort",
                               ownadminsport));
                     if (owneeclientauthsport != null) {
-                        attrs.add(new LDAPAttribute("SecureEEClientAuthPort", 
-                              owneeclientauthsport));
+                        attrs.add(new LDAPAttribute("SecureEEClientAuthPort",
+                                owneeclientauthsport));
                     }
                     attrs.add(new LDAPAttribute("UnSecurePort", ownport));
                     attrs.add(new LDAPAttribute("Clone", "FALSE"));
@@ -357,28 +356,29 @@ public class DonePanel extends WizardPanelBase {
                 CMS.debug("DonePanel display: finish updating domain info");
                 conn.disconnect();
             } catch (Exception e) {
-                CMS.debug("DonePanel display: "+e.toString());
+                CMS.debug("DonePanel display: " + e.toString());
             }
 
             int sd_admin_port_int = -1;
             try {
-                sd_admin_port_int = Integer.parseInt( sd_admin_port );
+                sd_admin_port_int = Integer.parseInt(sd_admin_port);
             } catch (Exception e) {
             }
 
             try {
                 // Fetch the "new" security domain and display it
-                CMS.debug( "Dump contents of new Security Domain . . ." );
-                String c = getDomainXML( sd_host, sd_admin_port_int, true );
-            } catch( Exception e ) {}
+                CMS.debug("Dump contents of new Security Domain . . .");
+                String c = getDomainXML(sd_host, sd_admin_port_int, true);
+            } catch (Exception e) {
+            }
 
             // Since this instance is a new Security Domain,
             // create an empty file to designate this fact.
             String security_domain = instanceRoot + "/conf/"
                                    + PKI_SECURITY_DOMAIN;
-            if( !Utils.isNT() ) {
-                Utils.exec( "touch " + security_domain );
-                Utils.exec( "chmod 00660 " + security_domain );
+            if (!Utils.isNT()) {
+                Utils.exec("touch " + security_domain);
+                Utils.exec("chmod 00660 " + security_domain);
             }
 
         } else { //existing domain
@@ -398,31 +398,31 @@ public class DonePanel extends WizardPanelBase {
                     cloneStr = "&clone=false";
 
                 String domainMasterStr = "";
-                if (cloneMaster) 
+                if (cloneMaster)
                     domainMasterStr = "&dm=true";
-                else 
-                    domainMasterStr = "&dm=false"; 
+                else
+                    domainMasterStr = "&dm=false";
                 String eecaStr = "";
-                if (owneeclientauthsport != null) 
-                    eecaStr="&eeclientauthsport=" + owneeclientauthsport;
+                if (owneeclientauthsport != null)
+                    eecaStr = "&eeclientauthsport=" + owneeclientauthsport;
 
-                updateDomainXML( sd_host, sd_agent_port_int, true,
-                                 "/ca/agent/ca/updateDomainXML", 
+                updateDomainXML(sd_host, sd_agent_port_int, true,
+                                 "/ca/agent/ca/updateDomainXML",
                                  "list=" + s
-                               + "&type=" + type
-                               + "&host=" + ownhost
-                               + "&name=" + subsystemName
-                               + "&sport=" + ownsport
-                               + domainMasterStr 
-                               + cloneStr
-                               + "&agentsport=" + ownagentsport
-                               + "&adminsport=" + ownadminsport
-                               + eecaStr 
-                               + "&httpport=" + ownport );
+                                         + "&type=" + type
+                                         + "&host=" + ownhost
+                                         + "&name=" + subsystemName
+                                         + "&sport=" + ownsport
+                                         + domainMasterStr
+                                         + cloneStr
+                                         + "&agentsport=" + ownagentsport
+                                         + "&adminsport=" + ownadminsport
+                                         + eecaStr
+                                         + "&httpport=" + ownport);
 
                 // Fetch the "updated" security domain and display it
-                CMS.debug( "Dump contents of updated Security Domain . . ." );
-                String c = getDomainXML( sd_host, sd_admin_port_int, true );
+                CMS.debug("Dump contents of updated Security Domain . . .");
+                String c = getDomainXML(sd_host, sd_admin_port_int, true);
             } catch (Exception e) {
                 context.put("errorString", "Failed to update the security domain on the domain master.");
                 //return;
@@ -439,7 +439,6 @@ public class DonePanel extends WizardPanelBase {
             CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" + e);
         }
 
-
         // need to push connector information to the CA
         if (type.equals("KRA") && !ca_host.equals("")) {
             try {
@@ -469,7 +468,7 @@ public class DonePanel extends WizardPanelBase {
 
             setupClientAuthUser();
         }
-        
+
         if (!select.equals("clone")) {
             if (type.equals("CA") || type.equals("KRA")) {
                 String beginRequestNumStr = "";
@@ -478,7 +477,7 @@ public class DonePanel extends WizardPanelBase {
                 String endSerialNumStr = "";
                 String requestIncStr = "";
                 String serialIncStr = "";
-              
+
                 try {
                     endRequestNumStr = cs.getString("dbs.endRequestNumber", "");
                     endSerialNumStr = cs.getString("dbs.endSerialNumber", "");
@@ -495,22 +494,22 @@ public class DonePanel extends WizardPanelBase {
                         serialdn = "ou=certificateRepository,ou=" + type.toLowerCase() + "," + basedn;
                     } else {
                         serialdn = "ou=keyRepository,ou=" + type.toLowerCase() + "," + basedn;
-                    } 
-                    LDAPAttribute attrSerialNextRange = new LDAPAttribute( "nextRange", endSerialNum.add(oneNum).toString());
-                    LDAPModification serialmod = new LDAPModification( LDAPModification.REPLACE, attrSerialNextRange );
-                    conn.modify( serialdn, serialmod );
+                    }
+                    LDAPAttribute attrSerialNextRange = new LDAPAttribute("nextRange", endSerialNum.add(oneNum).toString());
+                    LDAPModification serialmod = new LDAPModification(LDAPModification.REPLACE, attrSerialNextRange);
+                    conn.modify(serialdn, serialmod);
 
                     String requestdn = "ou=" + type.toLowerCase() + ",ou=requests," + basedn;
-                    LDAPAttribute attrRequestNextRange = new LDAPAttribute( "nextRange", endRequestNum.add(oneNum).toString());
-                    LDAPModification requestmod = new LDAPModification( LDAPModification.REPLACE, attrRequestNextRange );
-                    conn.modify( requestdn, requestmod );      
+                    LDAPAttribute attrRequestNextRange = new LDAPAttribute("nextRange", endRequestNum.add(oneNum).toString());
+                    LDAPModification requestmod = new LDAPModification(LDAPModification.REPLACE, attrRequestNextRange);
+                    conn.modify(requestdn, requestmod);
 
-                    conn.disconnect();            
+                    conn.disconnect();
                 } catch (Exception e) {
                     CMS.debug("Unable to update global next range numbers: " + e);
-                } 
+                }
             }
-        } 
+        }
 
         if (cloneMaster) {
             // cloning a domain master CA, the clone is also master of its domain
@@ -550,24 +549,30 @@ public class DonePanel extends WizardPanelBase {
 
             // more cloning variables needed for non-ca clones
 
-            if (! type.equals("CA")) {
+            if (!type.equals("CA")) {
                 String val = cs.getString("preop.ca.hostname", "");
-                if (val.compareTo("") != 0) cs.putString("cloning.ca.hostname", val);
+                if (val.compareTo("") != 0)
+                    cs.putString("cloning.ca.hostname", val);
 
                 val = cs.getString("preop.ca.httpport", "");
-                if (val.compareTo("") != 0) cs.putString("cloning.ca.httpport", val);
+                if (val.compareTo("") != 0)
+                    cs.putString("cloning.ca.httpport", val);
 
-                val =  cs.getString("preop.ca.httpsport", "");
-                if (val.compareTo("") != 0) cs.putString("cloning.ca.httpsport", val);
+                val = cs.getString("preop.ca.httpsport", "");
+                if (val.compareTo("") != 0)
+                    cs.putString("cloning.ca.httpsport", val);
 
                 val = cs.getString("preop.ca.list", "");
-                if (val.compareTo("") != 0) cs.putString("cloning.ca.list", val);
+                if (val.compareTo("") != 0)
+                    cs.putString("cloning.ca.list", val);
 
                 val = cs.getString("preop.ca.pkcs7", "");
-                if (val.compareTo("") != 0) cs.putString("cloning.ca.pkcs7", val);
+                if (val.compareTo("") != 0)
+                    cs.putString("cloning.ca.pkcs7", val);
 
                 val = cs.getString("preop.ca.type", "");
-                if (val.compareTo("") != 0) cs.putString("cloning.ca.type", val);
+                if (val.compareTo("") != 0)
+                    cs.putString("cloning.ca.type", val);
             }
 
             // save EC type for sslserver cert (if present)
@@ -581,9 +586,9 @@ public class DonePanel extends WizardPanelBase {
             // been restarted!
             String restart_server = instanceRoot + "/conf/"
                                   + RESTART_SERVER_AFTER_CONFIGURATION;
-            if( !Utils.isNT() ) {
-                Utils.exec( "touch " + restart_server );
-                Utils.exec( "chmod 00660 " + restart_server );
+            if (!Utils.isNT()) {
+                Utils.exec("touch " + restart_server);
+                Utils.exec("chmod 00660 " + restart_server);
             }
 
         } catch (Exception e) {
@@ -593,13 +598,12 @@ public class DonePanel extends WizardPanelBase {
         context.put("csstate", "1");
     }
 
-    private void setupClientAuthUser()
-    {
+    private void setupClientAuthUser() {
         IConfigStore cs = CMS.getConfigStore();
 
         // retrieve CA subsystem certificate from the CA
         IUGSubsystem system =
-          (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
+                (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
         String id = "";
         try {
             String b64 = getCASubsystemCert();
@@ -640,9 +644,8 @@ public class DonePanel extends WizardPanelBase {
         }
     }
 
-
-    private void updateOCSPConfig(HttpServletResponse response) 
-      throws IOException {
+    private void updateOCSPConfig(HttpServletResponse response)
+            throws IOException {
         IConfigStore config = CMS.getConfigStore();
         String cahost = "";
         int caport = -1;
@@ -661,7 +664,7 @@ public class DonePanel extends WizardPanelBase {
         int ocspport = Integer.parseInt(CMS.getAgentPort());
         int ocspagentport = Integer.parseInt(CMS.getAgentPort());
         String session_id = CMS.getConfigSDSessionId();
-        String content = "xmlOutput=true&sessionID="+session_id+"&ocsp_host="+ocsphost+"&ocsp_port="+ocspport;
+        String content = "xmlOutput=true&sessionID=" + session_id + "&ocsp_host=" + ocsphost + "&ocsp_port=" + ocspport;
 
         updateOCSPConfig(cahost, caport, true, content, response);
     }
@@ -675,7 +678,7 @@ public class DonePanel extends WizardPanelBase {
 
             if (b64.equals(""))
                 throw new IOException("Failed to get certificate chain.");
-  
+
             try {
                 // this could be a chain
                 X509Certificate[] certs = Cert.mapCertFromPKCS7(b64);
@@ -686,9 +689,9 @@ public class DonePanel extends WizardPanelBase {
                     } else {
                         leafCert = certs[0];
                     }
- 
-                    IOCSPAuthority ocsp = 
-                      (IOCSPAuthority)CMS.getSubsystem(IOCSPAuthority.ID);
+
+                    IOCSPAuthority ocsp =
+                            (IOCSPAuthority) CMS.getSubsystem(IOCSPAuthority.ID);
                     IDefStore defStore = ocsp.getDefaultStore();
 
                     // (1) need to normalize (sort) the chain
@@ -696,9 +699,9 @@ public class DonePanel extends WizardPanelBase {
                     // (2) store certificate (and certificate chain) into
                     // database
                     ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord(
-                      leafCert.getSubjectDN().getName(),
-                      BIG_ZERO,
-                      MINUS_ONE, null, null);
+                            leafCert.getSubjectDN().getName(),
+                            BIG_ZERO,
+                            MINUS_ONE, null, null);
 
                     try {
                         rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded());
@@ -748,7 +751,7 @@ public class DonePanel extends WizardPanelBase {
     }
 
     private void updateConnectorInfo(String ownagenthost, String ownagentsport)
-      throws IOException {
+            throws IOException {
         IConfigStore cs = CMS.getConfigStore();
         int port = -1;
         String url = "";
@@ -757,21 +760,21 @@ public class DonePanel extends WizardPanelBase {
         try {
             url = cs.getString("preop.ca.url", "");
             if (!url.equals("")) {
-              host = cs.getString("preop.ca.hostname", "");
-              port = cs.getInteger("preop.ca.httpsadminport", -1);
-              transportCert = cs.getString("kra.transport.cert", "");
+                host = cs.getString("preop.ca.hostname", "");
+                port = cs.getInteger("preop.ca.httpsadminport", -1);
+                transportCert = cs.getString("kra.transport.cert", "");
             }
         } catch (Exception e) {
         }
 
         if (host == null) {
-          CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required");
+            CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required");
         } else {
-          CMS.debug("DonePanel: Transport certificate is being setup in " + url);
-          String session_id = CMS.getConfigSDSessionId();
-          String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host="+ownagenthost+"&ca.connector.KRA.port="+ownagentsport+"&ca.connector.KRA.transportCert="+URLEncoder.encode(transportCert)+"&sessionID="+session_id; 
+            CMS.debug("DonePanel: Transport certificate is being setup in " + url);
+            String session_id = CMS.getConfigSDSessionId();
+            String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host=" + ownagenthost + "&ca.connector.KRA.port=" + ownagentsport + "&ca.connector.KRA.transportCert=" + URLEncoder.encode(transportCert) + "&sessionID=" + session_id;
 
-          updateConnectorInfo(host, port, true, content);
+            updateConnectorInfo(host, port, true, content);
         }
     }
 
@@ -802,12 +805,14 @@ public class DonePanel extends WizardPanelBase {
      */
     public void update(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) throws IOException {}
+            Context context) throws IOException {
+    }
 
     /**
      * If validiate() returns false, this method will be called.
      */
     public void displayError(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) {/* This should never be called */}
+            Context context) {/* This should never be called */
+    }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java
index 9d7fc22a..094aa716 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java
@@ -50,6 +50,7 @@ public class DownloadPKCS12 extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -59,7 +60,7 @@ public class DownloadPKCS12 extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         CMS.debug("DownloadPKCS12: processing...");
@@ -70,7 +71,7 @@ public class DownloadPKCS12 extends CMSServlet {
         mRenderResult = false;
 
         // check the pin from the session
-        String pin = (String)httpReq.getSession().getAttribute("pin");
+        String pin = (String) httpReq.getSession().getAttribute("pin");
         if (pin == null) {
             CMS.debug("DownloadPKCS12 process: Failed to get the pin from the cookie.");
             outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
@@ -101,16 +102,17 @@ public class DownloadPKCS12 extends CMSServlet {
             httpResp.getOutputStream().write(pkcs12);
             return;
         } catch (Exception e) {
-            CMS.debug("DownloadPKCS12 process: Exception="+e.toString());
+            CMS.debug("DownloadPKCS12 process: Exception=" + e.toString());
         }
     }
 
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
     protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
index 87cb7a7c..6c286e81 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.util.Locale;
@@ -40,7 +39,6 @@ import com.netscape.cms.servlet.base.UserInfo;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class GetCertChain extends CMSServlet {
 
     /**
@@ -56,6 +54,7 @@ public class GetCertChain extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -63,11 +62,12 @@ public class GetCertChain extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
      * <li>http.param op 'downloadBIN' - return the binary certificate chain
      * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -95,7 +95,7 @@ public class GetCertChain extends CMSServlet {
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1",
-                    e.toString()));
+                            e.toString()));
             outputError(httpResp,
                     "Error: Failed to encode the certificate chain");
         }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java
index c1010b46..1ff06416 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java
@@ -59,6 +59,7 @@ public class GetConfigEntries extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -67,11 +68,12 @@ public class GetConfigEntries extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
      * <li>http.param op 'downloadBIN' - return the binary certificate chain
      * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -84,12 +86,12 @@ public class GetConfigEntries extends CMSServlet {
             authToken = authenticate(cmsReq);
         } catch (Exception e) {
             CMS.debug("GetConfigEntries authentication failed");
-            log(ILogger.LL_FAILURE, 
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                    e.toString()));
+                            e.toString()));
             outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
             return;
-        } 
+        }
 
         // Construct an ArgBlock
         IArgBlock args = cmsReq.getHttpParams();
@@ -104,32 +106,32 @@ public class GetConfigEntries extends CMSServlet {
         try {
             xmlObj = new XMLObject();
         } catch (Exception e) {
-            CMS.debug("GetConfigEntries process: Exception: "+e.toString());
-            throw new EBaseException( e.toString() );
+            CMS.debug("GetConfigEntries process: Exception: " + e.toString());
+            throw new EBaseException(e.toString());
         }
 
         Node root = xmlObj.createRoot("XMLResponse");
         AuthzToken authzToken = null;
 
         try {
-           authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, 
+            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
                     "read");
         } catch (EAuthzAccessDenied e) {
-                log(ILogger.LL_FAILURE,
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-                outputError(httpResp, "Error: Not authorized");
-                return;
+            outputError(httpResp, "Error: Not authorized");
+            return;
         } catch (Exception e) {
-                log(ILogger.LL_FAILURE,
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-                outputError(httpResp,
+            outputError(httpResp,
                     "Error: Encountered problem during authorization.");
-                return;
+            return;
         }
 
         if (authzToken == null) {
-                outputError(httpResp, "Error: Not authorized");
-                return;
+            outputError(httpResp, "Error: Not authorized");
+            return;
         }
 
         if (op != null) {
@@ -140,9 +142,9 @@ public class GetConfigEntries extends CMSServlet {
                 String name1 = t.nextToken();
                 IConfigStore cs = config.getSubStore(name1);
                 Enumeration enum1 = cs.getPropertyNames();
-             
+
                 while (enum1.hasMoreElements()) {
-                    String name = name1+"."+enum1.nextElement();
+                    String name = name1 + "." + enum1.nextElement();
                     try {
                         String value = config.getString(name);
                         Node container = xmlObj.createContainer(root, "Config");
@@ -171,10 +173,10 @@ public class GetConfigEntries extends CMSServlet {
                         value = getLDAPPassword();
                     } else if (name.equals("internaldb.replication.password")) {
                         value = getReplicationPassword();
-                    } else 
+                    } else
                         continue;
                 }
-             
+
                 Node container = xmlObj.createContainer(root, "Config");
                 xmlObj.addItemToContainer(container, "name", name);
                 xmlObj.addItemToContainer(container, "value", value);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
index 74edda79..2c9cc41f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
@@ -45,7 +45,6 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 public class GetCookie extends CMSServlet {
 
     /**
@@ -58,9 +57,9 @@ public class GetCookie extends CMSServlet {
     private String mFormPath = null;
 
     private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
-        "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+            "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
     private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
-        "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
+            "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
 
     public GetCookie() {
         super();
@@ -68,6 +67,7 @@ public class GetCookie extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -78,12 +78,13 @@ public class GetCookie extends CMSServlet {
         mRandom = new Random();
         mErrorFormPath = sc.getInitParameter("errorTemplatePath");
         if (mOutputTemplatePath != null) {
-          mFormPath = mOutputTemplatePath;
+            mFormPath = mOutputTemplatePath;
         }
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -100,14 +101,14 @@ public class GetCookie extends CMSServlet {
         }
 
         IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock(); 
+        IArgBlock ctx = CMS.createArgBlock();
         CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
 
         CMSTemplate form = null;
         Locale[] locale = new Locale[1];
 
         String url = httpReq.getParameter("url");
-        CMS.debug("GetCookie before auth, url ="+url);
+        CMS.debug("GetCookie before auth, url =" + url);
         String url_e = "";
         URL u = null;
         try {
@@ -115,13 +116,13 @@ public class GetCookie extends CMSServlet {
             u = new URL(url_e);
         } catch (Exception eee) {
             throw new ECMSGWException(
-                  "GetCookie missing parameter: url");
+                    "GetCookie missing parameter: url");
         }
 
         int index2 = url_e.indexOf("subsystem=");
         String subsystem = "";
         if (index2 > 0) {
-            subsystem = url.substring(index2+10);
+            subsystem = url.substring(index2 + 10);
             int index1 = subsystem.indexOf("&");
             if (index1 > 0)
                 subsystem = subsystem.substring(0, index1);
@@ -131,9 +132,9 @@ public class GetCookie extends CMSServlet {
             authToken = authenticate(cmsReq);
         } catch (Exception e) {
             CMS.debug("GetCookie authentication failed");
-            log(ILogger.LL_FAILURE, 
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                    e.toString()));
+                            e.toString()));
             header.addStringValue("sd_uid", "");
             header.addStringValue("sd_pwd", "");
             header.addStringValue("host", u.getHost());
@@ -149,17 +150,17 @@ public class GetCookie extends CMSServlet {
                 form = getTemplate(mErrorFormPath, httpReq, locale);
             } catch (IOException eee) {
                 CMS.debug("GetCookie process: cant locate the form");
-/*
-                log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
-                throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-*/
-            }   
+                /*
+                                log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+                                throw new ECMSGWException(
+                                  CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                */
+            }
 
-            if( form == null ) {
+            if (form == null) {
                 CMS.debug("GetCookie::process() - form is null!");
-                throw new EBaseException( "form is null" );
+                throw new EBaseException("form is null");
             }
 
             try {
@@ -170,16 +171,16 @@ public class GetCookie extends CMSServlet {
                 form.renderOutput(out, argSet);
             } catch (IOException ee) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString()));
-                    throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                        CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString()));
+                throw new ECMSGWException(
+                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
             }
             return;
-        } 
+        }
 
         String cookie = "";
         String auditMessage = "";
-       
+
         if (authToken != null) {
             String uid = authToken.getInString("uid");
             String groupname = getGroupName(uid, subsystem);
@@ -195,7 +196,7 @@ public class GetCookie extends CMSServlet {
 
                 // assign cookie
                 long num = mRandom.nextLong();
-                cookie = num+"";
+                cookie = num + "";
                 ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable();
                 String addr = "";
                 try {
@@ -207,11 +208,11 @@ public class GetCookie extends CMSServlet {
                     ip = InetAddress.getByName(addr).toString();
                     int index = ip.indexOf("/");
                     if (index > 0)
-                        ip = ip.substring(index+1);
+                        ip = ip.substring(index + 1);
                 } catch (Exception e) {
                 }
 
-                String auditParams = "operation;;issue_token+token;;"+ cookie + "+ip;;" + ip +
+                String auditParams = "operation;;issue_token+token;;" + cookie + "+ip;;" + ip +
                               "+uid;;" + uid + "+groupname;;" + groupname;
 
                 int status = ctable.addEntry(cookie, ip, uid, groupname);
@@ -232,18 +233,18 @@ public class GetCookie extends CMSServlet {
                 }
 
                 try {
-                    String sd_url = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort();
+                    String sd_url = "https://" + CMS.getEESSLHost() + ":" + CMS.getEESSLPort();
                     if (!url.startsWith("$")) {
                         try {
                             form = getTemplate(mFormPath, httpReq, locale);
                         } catch (IOException e) {
                             CMS.debug("GetCookie process: cant locate the form");
-/*
-                            log(ILogger.LL_FAILURE,
-                              CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
-                            throw new ECMSGWException(
-                              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-*/
+                            /*
+                                                        log(ILogger.LL_FAILURE,
+                                                          CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+                                                        throw new ECMSGWException(
+                                                          CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                            */
                         }
 
                         header.addStringValue("url", url);
@@ -254,13 +255,13 @@ public class GetCookie extends CMSServlet {
                             ServletOutputStream out = httpResp.getOutputStream();
 
                             cmsReq.setStatus(CMSRequest.SUCCESS);
-							httpResp.setContentType("text/html");
-							form.renderOutput(out, argSet);
+                            httpResp.setContentType("text/html");
+                            form.renderOutput(out, argSet);
                         } catch (IOException e) {
                             log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+                                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
                             throw new ECMSGWException(
-                              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
                         }
                     }
                 } catch (Exception e) {
@@ -278,25 +279,25 @@ public class GetCookie extends CMSServlet {
 
     private String getGroupName(String uid, String subsystemname) {
         String groupname = "";
-        IUGSubsystem subsystem = 
-          (IUGSubsystem)(CMS.getSubsystem(IUGSubsystem.ID)); 
-        if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") && 
-          subsystemname.equals("CA")) {
+        IUGSubsystem subsystem =
+                (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
+        if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") &&
+                subsystemname.equals("CA")) {
             return "Enterprise CA Administrators";
         } else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators") &&
-          subsystemname.equals("KRA")) {
+                subsystemname.equals("KRA")) {
             return "Enterprise KRA Administrators";
         } else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators") &&
-          subsystemname.equals("OCSP")) {
+                subsystemname.equals("OCSP")) {
             return "Enterprise OCSP Administrators";
         } else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators") &&
-          subsystemname.equals("TKS")) {
+                subsystemname.equals("TKS")) {
             return "Enterprise TKS Administrators";
         } else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators") &&
-          subsystemname.equals("RA")) {
+                subsystemname.equals("RA")) {
             return "Enterprise RA Administrators";
         } else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators") &&
-          subsystemname.equals("TPS")) {
+                subsystemname.equals("TPS")) {
             return "Enterprise TPS Administrators";
         }
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
index f9e6c70e..04d88dba 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.util.Enumeration;
@@ -48,7 +47,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class GetDomainXML extends CMSServlet {
 
     /**
@@ -64,6 +62,7 @@ public class GetDomainXML extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -73,11 +72,12 @@ public class GetDomainXML extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
      * <li>http.param op 'downloadBIN' - return the binary certificate chain
      * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -95,8 +95,7 @@ public class GetDomainXML extends CMSServlet {
         try {
             secstore = cs.getString("securitydomain.store");
             basedn = cs.getString("internaldb.basedn");
-        }    
-        catch (Exception e)  {
+        } catch (Exception e) {
             CMS.debug("Unable to determine the security domain name or internal basedn. Please run the domaininfo migration script");
         }
 
@@ -129,7 +128,7 @@ public class GetDomainXML extends CMSServlet {
 
                     // this should return CAList, KRAList etc. 
                     LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
-                        attrs, true, cons);
+                            attrs, true, cons);
 
                     while (res.hasMoreElements()) {
                         int count = 0;
@@ -137,10 +136,10 @@ public class GetDomainXML extends CMSServlet {
                         String listName = dn.substring(3, dn.indexOf(","));
                         String subType = listName.substring(0, listName.indexOf("List"));
                         Node listNode = xmlObj.createContainer(domainInfo, listName);
-                        
+
                         filter = "objectclass=pkiSubsystem";
-                        LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, 
-                            attrs, false, cons);
+                        LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
+                                attrs, false, cons);
                         while (res2.hasMoreElements()) {
                             Node node = xmlObj.createContainer(listNode, subType);
                             LDAPEntry entry = res2.next();
@@ -149,32 +148,29 @@ public class GetDomainXML extends CMSServlet {
                             while (attrsInSet.hasMoreElements()) {
                                 LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement();
                                 String attrName = nextAttr.getName();
-                                if ((! attrName.equals("cn")) && (! attrName.equals("objectClass"))) {
+                                if ((!attrName.equals("cn")) && (!attrName.equals("objectClass"))) {
                                     String attrValue = (String) nextAttr.getStringValues().nextElement();
                                     xmlObj.addItemToContainer(node, securityDomainLDAPtoXML(attrName), attrValue);
                                 }
                             }
-                            count ++;
-                        }   
+                            count++;
+                        }
                         xmlObj.addItemToContainer(listNode, "SubsystemCount", Integer.toString(count));
                     }
 
                     // Add new xml object as string to response.
                     response.addItemToContainer(root, "DomainInfo", xmlObj.toXMLString());
-                }
-                catch (Exception e) {
+                } catch (Exception e) {
                     CMS.debug("GetDomainXML: Failed to read domain.xml from ldap " + e.toString());
                     status = FAILED;
-                }
-                finally {
-                    if ((conn != null) && (connFactory!= null)) {
+                } finally {
+                    if ((conn != null) && (connFactory != null)) {
                         CMS.debug("Releasing ldap connection");
                         connFactory.returnConn(conn);
                     }
                 }
-            }
-            else {
-                 // get data from file store
+            } else {
+                // get data from file store
 
                 String path = CMS.getConfigStore().getString("instanceRoot", "")
                         + "/conf/domain.xml";
@@ -194,10 +190,9 @@ public class GetDomainXML extends CMSServlet {
                     CMS.debug("GetDomainXML: Done Reading domain.xml...");
 
                     response.addItemToContainer(root, "DomainInfo", new String(buf));
-                }
-                catch (Exception e) {
-                   CMS.debug("Failed to read domain.xml from file" + e.toString());
-                   status = FAILED;
+                } catch (Exception e) {
+                    CMS.debug("Failed to read domain.xml from file" + e.toString());
+                    status = FAILED;
                 }
             }
 
@@ -211,16 +206,19 @@ public class GetDomainXML extends CMSServlet {
     }
 
     protected String securityDomainLDAPtoXML(String attribute) {
-        if (attribute.equals("host")) return "Host";
-        else return attribute;
+        if (attribute.equals("host"))
+            return "Host";
+        else
+            return attribute;
     }
 
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
     protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java
index 02fe36c1..28279f04 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -36,7 +35,6 @@ import com.netscape.cms.servlet.base.UserInfo;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class GetStatus extends CMSServlet {
 
     /**
@@ -52,6 +50,7 @@ public class GetStatus extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -59,18 +58,19 @@ public class GetStatus extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
-	IConfigStore config = CMS.getConfigStore();
+        IConfigStore config = CMS.getConfigStore();
 
         String outputString = null;
 
-	String state = config.getString("cs.state", "");
-	String type = config.getString("cs.type", "");
+        String state = config.getString("cs.state", "");
+        String type = config.getString("cs.type", "");
 
         try {
             XMLObject xmlObj = null;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java
index c1bf138e..7beda662 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -39,7 +38,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class GetSubsystemCert extends CMSServlet {
 
     /**
@@ -55,6 +53,7 @@ public class GetSubsystemCert extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -62,7 +61,7 @@ public class GetSubsystemCert extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
@@ -76,16 +75,16 @@ public class GetSubsystemCert extends CMSServlet {
             nickname = cs.getString("ca.subsystem.nickname", "");
             String tokenname = cs.getString("ca.subsystem.tokenname", "");
             if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
-                nickname = tokenname+":"+nickname;
+                nickname = tokenname + ":" + nickname;
         } catch (Exception e) {
         }
 
-        CMS.debug("GetSubsystemCert process: nickname="+nickname);
+        CMS.debug("GetSubsystemCert process: nickname=" + nickname);
         String s = "";
         try {
             CryptoManager cm = CryptoManager.getInstance();
             X509Certificate cert = cm.findCertByNickname(nickname);
- 
+
             if (cert == null) {
                 CMS.debug("GetSubsystemCert process: subsystem cert is null");
                 outputError(httpResp, "Error: Failed to get subsystem certificate.");
@@ -95,7 +94,7 @@ public class GetSubsystemCert extends CMSServlet {
             byte[] bytes = cert.getEncoded();
             s = CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bytes));
         } catch (Exception e) {
-            CMS.debug("GetSubsystemCert process: exception: "+e.toString());
+            CMS.debug("GetSubsystemCert process: exception: " + e.toString());
         }
 
         try {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java
index d7af0740..4d11af8a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java
@@ -52,6 +52,7 @@ public class GetTokenInfo extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -60,11 +61,12 @@ public class GetTokenInfo extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
      * <li>http.param op 'downloadBIN' - return the binary certificate chain
      * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -78,8 +80,8 @@ public class GetTokenInfo extends CMSServlet {
         try {
             xmlObj = new XMLObject();
         } catch (Exception e) {
-            CMS.debug("GetTokenInfo process: Exception: "+e.toString());
-            throw new EBaseException( e.toString() );
+            CMS.debug("GetTokenInfo process: Exception: " + e.toString());
+            throw new EBaseException(e.toString());
         }
 
         Node root = xmlObj.createRoot("XMLResponse");
@@ -97,7 +99,7 @@ public class GetTokenInfo extends CMSServlet {
             String name = t1.nextToken();
             if (name.equals("sslserver"))
                 continue;
-            name = "cloning."+name+".nickname";
+            name = "cloning." + name + ".nickname";
             String value = "";
 
             try {
@@ -105,7 +107,7 @@ public class GetTokenInfo extends CMSServlet {
             } catch (Exception ee) {
                 continue;
             }
-             
+
             Node container = xmlObj.createContainer(root, "Config");
             xmlObj.addItemToContainer(container, "name", name);
             xmlObj.addItemToContainer(container, "value", value);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java
index bc29b34a..ae55d2fb 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateEncodingException;
 import java.util.Locale;
@@ -63,6 +62,7 @@ public class GetTransportCert extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -72,7 +72,7 @@ public class GetTransportCert extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         CMS.debug("UpdateUpdater: processing...");
@@ -86,9 +86,9 @@ public class GetTransportCert extends CMSServlet {
             CMS.debug("GetTransportCert authentication successful.");
         } catch (Exception e) {
             CMS.debug("GetTransportCert: authentication failed.");
-            log(ILogger.LL_FAILURE, 
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                    e.toString()));
+                            e.toString()));
             outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
             return;
         }
@@ -101,19 +101,19 @@ public class GetTransportCert extends CMSServlet {
 
         AuthzToken authzToken = null;
         try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, 
-              "read");
+            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+                    "read");
             CMS.debug("GetTransportCert authorization successful.");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp, "Error: Not authorized");
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp,
-                "Error: Encountered problem during authorization.");
+                    "Error: Encountered problem during authorization.");
             return;
         }
 
@@ -126,17 +126,17 @@ public class GetTransportCert extends CMSServlet {
 
         IKeyRecoveryAuthority kra =
                 (IKeyRecoveryAuthority) mAuthority;
-            ITransportKeyUnit tu = kra.getTransportKeyUnit();
-            org.mozilla.jss.crypto.X509Certificate transportCert =
+        ITransportKeyUnit tu = kra.getTransportKeyUnit();
+        org.mozilla.jss.crypto.X509Certificate transportCert =
                 tu.getCertificate();
 
-            String mime64 = "";
+        String mime64 = "";
         try {
             mime64 = CMS.BtoA(transportCert.getEncoded());
             mime64 = com.netscape.cmsutil.util.Cert.normalizeCertStrAndReq(mime64);
-         } catch (CertificateEncodingException eee) {
+        } catch (CertificateEncodingException eee) {
             CMS.debug("GetTransportCert: Failed to encode certificate");
-         }
+        }
 
         // send success status back to the requestor
         try {
@@ -154,12 +154,13 @@ public class GetTransportCert extends CMSServlet {
         }
     }
 
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
     protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java
index a00b0fb7..9044dec0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 
 import javax.servlet.ServletConfig;
@@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class HierarchyPanel extends WizardPanelBase {
 
-    public HierarchyPanel() {}
+    public HierarchyPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("PKI Hierarchy");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("PKI Hierarchy");
         setId(id);
@@ -64,8 +64,8 @@ public class HierarchyPanel extends WizardPanelBase {
                     null);
             if (s != null && s.equals("clone")) {
                 // mark this panel as done
-                c.putString("preop.hierarchy.select","root");
-                c.putString("hierarchy.select","Clone");
+                c.putString("preop.hierarchy.select", "root");
+                c.putString("hierarchy.select", "Clone");
                 return true;
             }
         } catch (EBaseException e) {
@@ -89,15 +89,16 @@ public class HierarchyPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -117,7 +118,7 @@ public class HierarchyPanel extends WizardPanelBase {
                 if (s.equals("root")) {
                     context.put("check_root", "checked");
                 } else if (s.equals("join")) {
-                    context.put("check_join", "checked"); 
+                    context.put("check_join", "checked");
                 }
             } catch (Exception e) {
                 CMS.debug(e.toString());
@@ -163,16 +164,17 @@ public class HierarchyPanel extends WizardPanelBase {
         }
 
         if (select.equals("root")) {
-            config.putString("preop.hierarchy.select", "root"); 
-            config.putString("hierarchy.select", "Root"); 
+            config.putString("preop.hierarchy.select", "root");
+            config.putString("hierarchy.select", "Root");
             config.putString("preop.ca.type", "sdca");
             try {
                 config.commit(false);
-            } catch (EBaseException e) {}
+            } catch (EBaseException e) {
+            }
         } else if (select.equals("join")) {
             config.putString(PCERT_PREFIX + "signing.type", "remote");
             config.putString("preop.hierarchy.select", "join");
-            config.putString("hierarchy.select", "Subordinate"); 
+            config.putString("hierarchy.select", "Subordinate");
         } else {
             config.putString(PCERT_PREFIX + "signing.type", "remote");
             CMS.debug("HierarchyPanel: invalid choice " + select);
@@ -187,5 +189,6 @@ public class HierarchyPanel extends WizardPanelBase {
      */
     public void displayError(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) {}
+            Context context) {
+    }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
index d4f93a9b..9a220032 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.BufferedReader;
 import java.io.FileReader;
 import java.io.IOException;
@@ -47,19 +46,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
 
 public class ImportAdminCertPanel extends WizardPanelBase {
 
-    public ImportAdminCertPanel() {}
+    public ImportAdminCertPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Import Administrator's Certificate");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Import Administrator's Certificate");
         setId(id);
@@ -102,11 +102,12 @@ public class ImportAdminCertPanel extends WizardPanelBase {
         try {
             type = cs.getString("preop.ca.type", "");
             subsystemtype = cs.getString("cs.type", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         try {
             String serialno = cs.getString("preop.admincert.serialno.0");
-            
+
             context.put("serialNumber", serialno);
         } catch (Exception e) {
             context.put("errorString", "Failed to get serial number.");
@@ -135,7 +136,8 @@ public class ImportAdminCertPanel extends WizardPanelBase {
                     // to security domain host.
                     caHost = cs.getString("securitydomain.host", "");
                     caPort = cs.getString("securitydomain.httpsadminport", "");
-                } catch (Exception e) {}
+                } catch (Exception e) {
+                }
             } else if (type.equals("sdca")) {
                 try {
                     // this is a non-CA system that submitted its certs to a CA
@@ -143,7 +145,8 @@ public class ImportAdminCertPanel extends WizardPanelBase {
                     // request for the admin cert to this CA
                     caHost = cs.getString("preop.ca.hostname", "");
                     caPort = cs.getString("preop.ca.httpsadminport", "");
-                } catch (Exception e) {}
+                } catch (Exception e) {
+                }
             }
         } else {
             // for CAs, we always generate our own admin certs
@@ -151,7 +154,8 @@ public class ImportAdminCertPanel extends WizardPanelBase {
             try {
                 caHost = cs.getString("service.machineName", "");
                 caPort = cs.getString("pkicreate.admin_secure_port", "");
-            } catch (Exception e) {}
+            } catch (Exception e) {
+            }
         }
 
         String pkcs7 = "";
@@ -192,12 +196,13 @@ public class ImportAdminCertPanel extends WizardPanelBase {
             subsystemtype = cs.getString("cs.type", "");
             security_domain_type = cs.getString("securitydomain.select", "");
             selected_hierarchy = cs.getString("preop.hierarchy.select", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
                 ICertificateAuthority.ID);
 
-        if (ca == null) { 
+        if (ca == null) {
             context.put("ca", "false");
         } else {
             context.put("ca", "true");
@@ -207,17 +212,17 @@ public class ImportAdminCertPanel extends WizardPanelBase {
         X509CertImpl certs[] = new X509CertImpl[1];
 
         // REMINDER:  This panel is NOT used by "clones"
-        if( ca != null ) {
+        if (ca != null) {
             String serialno = null;
 
-            if( selected_hierarchy.equals( "root" ) ) {
-                CMS.debug( "ImportAdminCertPanel update:  "
+            if (selected_hierarchy.equals("root")) {
+                CMS.debug("ImportAdminCertPanel update:  "
                          + "Root CA subsystem - "
-                         + "(new Security Domain)" );
+                         + "(new Security Domain)");
             } else {
-                CMS.debug( "ImportAdminCertPanel update:  "
+                CMS.debug("ImportAdminCertPanel update:  "
                          + "Subordinate CA subsystem - "
-                         + "(new Security Domain)" );
+                         + "(new Security Domain)");
             }
 
             try {
@@ -234,35 +239,37 @@ public class ImportAdminCertPanel extends WizardPanelBase {
             try {
                 certs[0] = repost.getX509Certificate(
                         new BigInteger(serialno, 16));
-            } catch (Exception ee) {}
+            } catch (Exception ee) {
+            }
         } else {
             String dir = null;
 
             // REMINDER:  This panel is NOT used by "clones"
-            if( subsystemtype.equals( "CA" ) ) {
-                if( selected_hierarchy.equals( "root" ) ) {
-                    CMS.debug( "ImportAdminCertPanel update:  "
+            if (subsystemtype.equals("CA")) {
+                if (selected_hierarchy.equals("root")) {
+                    CMS.debug("ImportAdminCertPanel update:  "
                              + "Root CA subsystem - "
-                             + "(existing Security Domain)" );
+                             + "(existing Security Domain)");
                 } else {
-                    CMS.debug( "ImportAdminCertPanel update:  "
+                    CMS.debug("ImportAdminCertPanel update:  "
                              + "Subordinate CA subsystem - "
-                             + "(existing Security Domain)" );
+                             + "(existing Security Domain)");
                 }
             } else {
-                CMS.debug( "ImportAdminCertPanel update:  "
+                CMS.debug("ImportAdminCertPanel update:  "
                          + subsystemtype
-                         + " subsystem" );
+                         + " subsystem");
             }
 
             try {
-                dir = cs.getString("preop.admincert.b64", ""); 
+                dir = cs.getString("preop.admincert.b64", "");
                 CMS.debug("ImportAdminCertPanel update: dir=" + dir);
-            } catch (Exception ee) {}
+            } catch (Exception ee) {
+            }
 
             try {
                 BufferedReader reader = new BufferedReader(
-                  new FileReader(dir));
+                        new FileReader(dir));
                 String b64 = "";
 
                 StringBuffer sb = new StringBuffer();
@@ -289,7 +296,7 @@ public class ImportAdminCertPanel extends WizardPanelBase {
             user.setX509Certificates(certs);
             ug.addUserCert(user);
         } catch (LDAPException e) {
-            CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: "+e.toString());
+            CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: " + e.toString());
             if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
                 context.put("updateStatus", "failure");
                 throw new IOException(e.toString());
@@ -312,7 +319,7 @@ public class ImportAdminCertPanel extends WizardPanelBase {
     public boolean shouldSkip() {
         try {
             IConfigStore c = CMS.getConfigStore();
-            String s = c.getString("preop.subsystem.select",null);
+            String s = c.getString("preop.subsystem.select", null);
             if (s != null && s.equals("clone")) {
                 return true;
             }
@@ -322,7 +329,6 @@ public class ImportAdminCertPanel extends WizardPanelBase {
         return false;
     }
 
-
     /**
      * If validiate() returns false, this method will be called.
      */
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
index 0c2e7fa0..a26b2dc2 100755
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 
 import javax.servlet.ServletConfig;
@@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class ImportCAChainPanel extends WizardPanelBase {
 
-    public ImportCAChainPanel() {}
+    public ImportCAChainPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Import CA's Certificate Chain");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Import CA's Certificate Chain");
         setId(id);
@@ -89,7 +89,7 @@ public class ImportCAChainPanel extends WizardPanelBase {
             context.put("https_port", cs.getString("pkicreate.ee_secure_port"));
             context.put("http_port", cs.getString("pkicreate.unsecure_port"));
         } catch (EBaseException e) {
-            CMS.debug("ImportCACertChain:display: Exception: " + e.toString()); 
+            CMS.debug("ImportCACertChain:display: Exception: " + e.toString());
             context.put("errorString", "Error loading values for Import CA Certificate Panel");
         }
 
@@ -119,7 +119,6 @@ public class ImportCAChainPanel extends WizardPanelBase {
             Context context) throws IOException {
         IConfigStore cs = CMS.getConfigStore();
 
-
         context.put("errorString", "");
         context.put("title", "Import CA's Certificate Chain");
         context.put("panel", "admin/console/config/importcachainpanel.vm");
@@ -141,6 +140,7 @@ public class ImportCAChainPanel extends WizardPanelBase {
             context.put("http_port", cs.getString("pkicreate.unsecure_port"));
             context.put("title", "Import CA's Certificate Chain");
             context.put("panel", "admin/console/config/importcachainpanel.vm");
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java
index 3f54ec1c..3b8f3b81 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -61,6 +60,7 @@ public class ImportTransportCert extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -70,7 +70,7 @@ public class ImportTransportCert extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         CMS.debug("UpdateUpdater: processing...");
@@ -84,9 +84,9 @@ public class ImportTransportCert extends CMSServlet {
             CMS.debug("ImportTransportCert authentication successful.");
         } catch (Exception e) {
             CMS.debug("ImportTransportCert: authentication failed.");
-            log(ILogger.LL_FAILURE, 
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                    e.toString()));
+                            e.toString()));
             outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
             return;
         }
@@ -99,19 +99,19 @@ public class ImportTransportCert extends CMSServlet {
 
         AuthzToken authzToken = null;
         try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, 
-              "modify");
+            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+                    "modify");
             CMS.debug("ImportTransportCert authorization successful.");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp, "Error: Not authorized");
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp,
-                "Error: Encountered problem during authorization.");
+                    "Error: Encountered problem during authorization.");
             return;
         }
 
@@ -126,17 +126,17 @@ public class ImportTransportCert extends CMSServlet {
         String certsString = httpReq.getParameter("certificate");
 
         try {
-          CryptoManager cm = CryptoManager.getInstance();
-          CMS.debug("ImportTransportCert: Importing certificate");
-          org.mozilla.jss.crypto.X509Certificate cert = 
-            cm.importCACertPackage(CMS.AtoB(certsString));
-          String nickName = cert.getNickname();
-          CMS.debug("ImportTransportCert: nickname " + nickName);
-          cs.putString("tks.drm_transport_cert_nickname", nickName);
-          CMS.debug("ImportTransportCert: Commiting configuration");
-          cs.commit(false);
-
-        // send success status back to the requestor
+            CryptoManager cm = CryptoManager.getInstance();
+            CMS.debug("ImportTransportCert: Importing certificate");
+            org.mozilla.jss.crypto.X509Certificate cert =
+                    cm.importCACertPackage(CMS.AtoB(certsString));
+            String nickName = cert.getNickname();
+            CMS.debug("ImportTransportCert: nickname " + nickName);
+            cs.putString("tks.drm_transport_cert_nickname", nickName);
+            CMS.debug("ImportTransportCert: Commiting configuration");
+            cs.commit(false);
+
+            // send success status back to the requestor
             CMS.debug("ImportTransportCert: Sending response");
             XMLObject xmlObj = new XMLObject();
             Node root = xmlObj.createRoot("XMLResponse");
@@ -150,12 +150,13 @@ public class ImportTransportCert extends CMSServlet {
         }
     }
 
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
     protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
index a421302b..63b9aaf1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
@@ -39,8 +39,8 @@ import com.netscape.cmsutil.password.IPasswordStore;
  * This object stores the values for IP, uid and group based on the cookie id in LDAP.
  * Entries are stored under ou=Security Domain, ou=sessions, $basedn
  */
-public class LDAPSecurityDomainSessionTable 
-  implements ISecurityDomainSessionTable {
+public class LDAPSecurityDomainSessionTable
+        implements ISecurityDomainSessionTable {
 
     private long m_timeToLive;
 
@@ -48,8 +48,8 @@ public class LDAPSecurityDomainSessionTable
         m_timeToLive = timeToLive;
     }
 
-    public int addEntry(String sessionId, String ip, 
-      String uid, String group) {
+    public int addEntry(String sessionId, String ip,
+            String uid, String group) {
         IConfigStore cs = CMS.getConfigStore();
         LDAPConnection conn = null;
         boolean sessions_exists = true;
@@ -77,14 +77,14 @@ public class LDAPSecurityDomainSessionTable
             attrs.add(new LDAPAttribute("ou", "sessions"));
             entry = new LDAPEntry(sessionsdn, attrs);
             conn.add(entry);
-         } catch (Exception e) {
+        } catch (Exception e) {
             if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) {
                 // continue
             } else {
                 CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + e);
                 sessions_exists = false;
             }
-         }
+        }
 
         // add new entry
         try {
@@ -106,9 +106,9 @@ public class LDAPSecurityDomainSessionTable
                 CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId);
                 status = SUCCESS;
             }
-        } catch(Exception e) {
+        } catch (Exception e) {
             CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e);
-        } 
+        }
 
         try {
             conn.disconnect();
@@ -155,8 +155,9 @@ public class LDAPSecurityDomainSessionTable
 
             conn = getLDAPConn();
             LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
-            if (res.getCount() > 0) ret = true;
-        } catch(Exception e) {
+            if (res.getCount() > 0)
+                ret = true;
+        } catch (Exception e) {
             CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e);
         }
 
@@ -168,7 +169,6 @@ public class LDAPSecurityDomainSessionTable
         return ret;
     }
 
-
     public Enumeration<String> getSessionIds() {
         IConfigStore cs = CMS.getConfigStore();
         LDAPConnection conn = null;
@@ -188,13 +188,13 @@ public class LDAPSecurityDomainSessionTable
             }
         } catch (LDAPException e) {
             switch (e.getLDAPResultCode()) {
-                case LDAPException.NO_SUCH_OBJECT:
-                    CMS.debug("SecurityDomainSessionTable: getSessionIds():  no sessions have been created");
-                    break;
-                default:
-                    CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e);
+            case LDAPException.NO_SUCH_OBJECT:
+                CMS.debug("SecurityDomainSessionTable: getSessionIds():  no sessions have been created");
+                break;
+            default:
+                CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e);
             }
-        } catch(Exception e) {
+        } catch (Exception e) {
             CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e);
         }
 
@@ -211,18 +211,18 @@ public class LDAPSecurityDomainSessionTable
         IConfigStore cs = CMS.getConfigStore();
         LDAPConnection conn = null;
         String ret = null;
-        try { 
+        try {
             String basedn = cs.getString("internaldb.basedn");
             String sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
             String filter = "(cn=" + sessionId + ")";
             String[] attrs = { attr };
             conn = getLDAPConn();
             LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
-            if (res.getCount() > 0) { 
+            if (res.getCount() > 0) {
                 LDAPEntry entry = res.next();
                 ret = entry.getAttribute(attr).getStringValueArray()[0];
             }
-        } catch(Exception e) {
+        } catch (Exception e) {
             CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e);
         }
 
@@ -261,7 +261,7 @@ public class LDAPSecurityDomainSessionTable
     public int getSize() {
         IConfigStore cs = CMS.getConfigStore();
         LDAPConnection conn = null;
-        int ret =0;
+        int ret = 0;
 
         try {
             String basedn = cs.getString("internaldb.basedn");
@@ -272,7 +272,7 @@ public class LDAPSecurityDomainSessionTable
             conn = getLDAPConn();
             LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
             ret = res.getCount();
-        } catch(Exception e) {
+        } catch (Exception e) {
             CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e);
         }
 
@@ -286,8 +286,7 @@ public class LDAPSecurityDomainSessionTable
     }
 
     private LDAPConnection getLDAPConn()
-            throws IOException
-    {
+            throws IOException {
         IConfigStore cs = CMS.getConfigStore();
 
         String host = "";
@@ -303,8 +302,8 @@ public class LDAPSecurityDomainSessionTable
             pwd = pwdStore.getPassword("internaldb");
         }
 
-        if ( pwd == null) {
-           throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store");
+        if (pwd == null) {
+            throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store");
         }
 
         try {
@@ -329,11 +328,11 @@ public class LDAPSecurityDomainSessionTable
 
         LDAPConnection conn = null;
         if (security.equals("true")) {
-          //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap");
-          conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+            //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap");
+            conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
         } else {
-          //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
-          conn = new LDAPConnection();
+            //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
+            conn = new LDAPConnection();
         }
 
         //CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + p);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java
index e7fdbe3f..713cb170 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -27,7 +26,6 @@ import org.apache.velocity.context.Context;
 
 import com.netscape.certsrv.apps.CMS;
 
-
 public class LoginServlet extends BaseServlet {
 
     /**
@@ -52,7 +50,7 @@ public class LoginServlet extends BaseServlet {
             if (pin == null) {
                 context.put("error", "");
             } else {
-                String cspin = CMS.getConfigStore().getString("preop.pin");   
+                String cspin = CMS.getConfigStore().getString("preop.pin");
 
                 if (cspin != null && cspin.equals(pin)) {
                     // create session
@@ -62,7 +60,7 @@ public class LoginServlet extends BaseServlet {
                     return null;
                 } else {
                     context.put("error", "Login Failed");
-                } 
+                }
             }
             template = Velocity.getTemplate("admin/console/config/login.vm");
         } catch (Exception e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java
index a91ca979..760faed4 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -43,7 +42,7 @@ public class MainPageServlet extends CMSServlet {
      *
      */
     private static final long serialVersionUID = 2425301522251239666L;
-    private static final String PROP_AUTHORITY_ID="authorityId";
+    private static final String PROP_AUTHORITY_ID = "authorityId";
     private String mAuthorityId = null;
     private String mFormPath = null;
 
@@ -75,12 +74,12 @@ public class MainPageServlet extends CMSServlet {
             form = getTemplate(mFormPath, request, locale);
         } catch (IOException e) {
             CMS.debug("MainPageServlet process: cant locate the form");
-/*
-            log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-*/
+            /*
+                        log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+                        throw new ECMSGWException(
+                          CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+            */
         }
 
         process(argSet, header, ctx, request, response);
@@ -90,21 +89,21 @@ public class MainPageServlet extends CMSServlet {
             ServletOutputStream out = response.getOutputStream();
 
             cmsReq.setStatus(CMSRequest.SUCCESS);
-			response.setContentType("text/html");
-			form.renderOutput(out, argSet);
+            response.setContentType("text/html");
+            form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
     private void process(CMSTemplateParams argSet, IArgBlock header,
-      IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp)
-      throws EBaseException {
+            IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp)
+            throws EBaseException {
 
-        int num = 0;        
+        int num = 0;
         IArgBlock rarg = null;
         IConfigStore cs = CMS.getConfigStore();
         int state = 0;
@@ -125,8 +124,8 @@ public class MainPageServlet extends CMSServlet {
             rarg = CMS.createArgBlock();
             rarg.addStringValue("type", "admin");
             rarg.addStringValue("prefix", "http");
-            rarg.addIntegerValue("port", 
-              Integer.valueOf(CMS.getEENonSSLPort()).intValue());
+            rarg.addIntegerValue("port",
+                    Integer.valueOf(CMS.getEENonSSLPort()).intValue());
             rarg.addStringValue("host", host);
             rarg.addStringValue("uri", adminInterface);
             argSet.addRepeatRecord(rarg);
@@ -136,8 +135,8 @@ public class MainPageServlet extends CMSServlet {
                 rarg = CMS.createArgBlock();
                 rarg.addStringValue("type", "ee");
                 rarg.addStringValue("prefix", "https");
-                rarg.addIntegerValue("port", 
-                  Integer.valueOf(CMS.getEESSLPort()).intValue());
+                rarg.addIntegerValue("port",
+                        Integer.valueOf(CMS.getEESSLPort()).intValue());
                 rarg.addStringValue("host", host);
                 rarg.addStringValue("uri", eeInterface);
                 argSet.addRepeatRecord(rarg);
@@ -147,8 +146,8 @@ public class MainPageServlet extends CMSServlet {
                 rarg = CMS.createArgBlock();
                 rarg.addStringValue("type", "agent");
                 rarg.addStringValue("prefix", "https");
-                rarg.addIntegerValue("port", 
-                  Integer.valueOf(CMS.getAgentPort()).intValue());
+                rarg.addIntegerValue("port",
+                        Integer.valueOf(CMS.getAgentPort()).intValue());
                 rarg.addStringValue("host", host);
                 rarg.addStringValue("uri", agentInterface);
                 argSet.addRepeatRecord(rarg);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java
index 38185a33..f33b1023 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -50,19 +49,21 @@ public class ModulePanel extends WizardPanelBase {
     private Vector mOtherModules = null;
     private Hashtable mCurrModTable = new Hashtable();
     private WizardServlet mServlet = null;
-    public ModulePanel() {}
+
+    public ModulePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Key Store");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Key Store");
         setId(id);
@@ -71,7 +72,7 @@ public class ModulePanel extends WizardPanelBase {
 
     public void cleanUp() throws IOException {
         IConfigStore cs = CMS.getConfigStore();
-        cs.putBoolean("preop.ModulePanel.done",false);
+        cs.putBoolean("preop.ModulePanel.done", false);
     }
 
     public void loadCurrModTable() {
@@ -142,14 +143,14 @@ public class ModulePanel extends WizardPanelBase {
                 CMS.debug("ModulePanel: token logged in?" + token.isLoggedIn());
                 CMS.debug("ModulePanel: token is present?" + token.isPresent());
                 if (!token.getName().equals("Internal Crypto Services Token") &&
-                   !token.getName().equals("NSS Generic Crypto Services")) {
+                        !token.getName().equals("NSS Generic Crypto Services")) {
                     module.addToken(token);
                 } else {
                     CMS.debug(
                             "ModulePanel: token " + token.getName()
-                            + " not to be added");
+                                    + " not to be added");
                 }
-			    
+
             } catch (TokenException ex) {
                 CMS.debug("ModulePanel:" + ex.toString());
             }
@@ -181,11 +182,11 @@ public class ModulePanel extends WizardPanelBase {
                 if ((cn == null) || (cn.equals(""))) {
                     break;
                 }
-		
+
                 CMS.debug("ModulePanel: got from config module: " + cn);
                 // create a Module object
                 Module module = new Module(cn, pn, img);
-		
+
                 if (mCurrModTable.containsKey(cn)) {
                     CMS.debug("ModulePanel: module found: " + cn);
                     module.setFound(true);
@@ -194,7 +195,7 @@ public class ModulePanel extends WizardPanelBase {
 
                     loadModTokens(module, m);
                 }
-		
+
                 CMS.debug("ModulePanel: adding module " + cn);
                 // add module to set
                 if (!mSupportedModules.contains(module)) {
@@ -214,13 +215,13 @@ public class ModulePanel extends WizardPanelBase {
         // it a token choice.  Available tokens are discovered dynamically so
         // can't be a real CHOICE
         PropertySet set = new PropertySet();
-                                                                                
+
         Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
                 null, /* default parameter */
                 "module token selection");
 
         set.add("choice", tokenDesc);
-                                                                                
+
         return set;
     }
 
@@ -235,7 +236,8 @@ public class ModulePanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         return false;
     }
@@ -272,8 +274,8 @@ public class ModulePanel extends WizardPanelBase {
         context.put("oms", mOtherModules);
         context.put("sms", mSupportedModules);
         // context.put("status_token", "None");
-        String subpanelno =  String.valueOf(getPanelNo()+1);
-        CMS.debug("ModulePanel subpanelno =" +subpanelno);
+        String subpanelno = String.valueOf(getPanelNo() + 1);
+        CMS.debug("ModulePanel subpanelno =" + subpanelno);
         context.put("subpanelno", subpanelno);
         context.put("panel", "admin/console/config/modulepanel.vm");
     }
@@ -292,7 +294,7 @@ public class ModulePanel extends WizardPanelBase {
     public void update(HttpServletRequest request,
             HttpServletResponse response,
             Context context) throws IOException {
-	boolean hasErr = false;
+        boolean hasErr = false;
 
         try {
             // get the value of the choice
@@ -306,13 +308,13 @@ public class ModulePanel extends WizardPanelBase {
 
             IConfigStore config = CMS.getConfigStore();
             String oldtokenname = config.getString("preop.module.token", "");
-            if (!oldtokenname.equals(select)) 
+            if (!oldtokenname.equals(select))
                 mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
 
-	    if (hasErr == false) {
-              config.putString("preop.module.token", select);
-              config.putBoolean("preop.ModulePanel.done", true);
-	    }
+            if (hasErr == false) {
+                config.putString("preop.module.token", select);
+                config.putBoolean("preop.ModulePanel.done", true);
+            }
             config.commit(false);
             context.put("updateStatus", "success");
         } catch (Exception e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java
index a0a627ee..1c67654b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -27,7 +26,6 @@ import org.apache.velocity.context.Context;
 
 import com.netscape.certsrv.apps.CMS;
 
-
 public class ModuleServlet extends BaseServlet {
 
     /**
@@ -38,10 +36,10 @@ public class ModuleServlet extends BaseServlet {
     /**
      * Collect information on where keys are to be generated.
      * Once collected, write to CS.cfg:
-     *    "preop.module=soft"
-     *      or
-     *    "preop.module=hard"
-     *
+     * "preop.module=soft"
+     * or
+     * "preop.module=hard"
+     * 
      * <ul>
      * <li>http.param selection "soft" or "hard" for software token or hardware token
      * </ul>
@@ -76,7 +74,7 @@ public class ModuleServlet extends BaseServlet {
                     CMS.debug("ModuleServlet: illegal selection: " + selection);
                     context.put("error", "failed selection");
                 }
-		
+
             } else {
                 CMS.debug("ModuleServlet: no selection");
             }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
index ec3686e9..1a1fccdf 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
@@ -54,19 +53,20 @@ public class NamePanel extends WizardPanelBase {
     private Vector mCerts = null;
     private WizardServlet mServlet = null;
 
-    public NamePanel() {}
+    public NamePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Subject Names");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Subject Names");
         setId(id);
@@ -80,25 +80,25 @@ public class NamePanel extends WizardPanelBase {
         PropertySet set = new PropertySet();
 
         Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* no default parameter */ 
+                null, /* no default parameter */
                 "CA Signing Certificate's DN");
 
         set.add("caDN", caDN);
 
         Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* no default parameter */ 
+                null, /* no default parameter */
                 "SSL Server Certificate's DN");
 
         set.add("sslDN", sslDN);
 
         Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* no default parameter */ 
+                null, /* no default parameter */
                 "CA Subsystem Certificate's DN");
 
         set.add("subsystemDN", subsystemDN);
 
         Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* no default parameter */ 
+                null, /* no default parameter */
                 "OCSP Signing Certificate's DN");
 
         set.add("ocspDN", ocspDN);
@@ -124,7 +124,7 @@ public class NamePanel extends WizardPanelBase {
         StringTokenizer st = new StringTokenizer(list, ",");
         while (st.hasMoreTokens()) {
             String t = st.nextToken();
-            cs.remove("preop.cert."+t+".done");
+            cs.remove("preop.cert." + t + ".done");
         }
 
         try {
@@ -142,7 +142,8 @@ public class NamePanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         return false;
     }
@@ -185,10 +186,10 @@ public class NamePanel extends WizardPanelBase {
             cstype = config.getString("cs.type", "");
             context.put("select", select);
             if (cstype.equals("CA") && hselect.equals("root")) {
-                CMS.debug("NamePanel ca is root"); 
+                CMS.debug("NamePanel ca is root");
                 context.put("isRoot", "true");
             } else {
-                CMS.debug("NamePanel not ca or not root"); 
+                CMS.debug("NamePanel not ca or not root");
                 context.put("isRoot", "false");
             }
         } catch (Exception e) {
@@ -227,27 +228,27 @@ public class NamePanel extends WizardPanelBase {
 
                 String type = config.getString(PCERT_PREFIX + certTag + ".type");
                 c.setType(type);
-                boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true);
+                boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
                 c.setEnable(enable);
 
-                String cert = config.getString(subsystem +"."+certTag +".cert", "");
-                String certreq = 
-                  config.getString(subsystem + "." +certTag +".certreq", "");
+                String cert = config.getString(subsystem + "." + certTag + ".cert", "");
+                String certreq =
+                        config.getString(subsystem + "." + certTag + ".certreq", "");
 
                 String dn = config.getString(PCERT_PREFIX + certTag + ".dn");
-                boolean override = config.getBoolean(PCERT_PREFIX + certTag + 
-                  ".cncomponent.override", true);
-		//o_sd is to add o=secritydomainname
+                boolean override = config.getBoolean(PCERT_PREFIX + certTag +
+                        ".cncomponent.override", true);
+                //o_sd is to add o=secritydomainname
                 boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag +
-						 "o_securitydomain", true);
-		domainname = config.getString("securitydomain.name", "");
-		CMS.debug("NamePanel: display() override is "+override);
-		CMS.debug("NamePanel: display() o_securitydomain is "+o_sd);
-		CMS.debug("NamePanel: display() domainname is "+domainname);
+                         "o_securitydomain", true);
+                domainname = config.getString("securitydomain.name", "");
+                CMS.debug("NamePanel: display() override is " + override);
+                CMS.debug("NamePanel: display() o_securitydomain is " + o_sd);
+                CMS.debug("NamePanel: display() domainname is " + domainname);
 
                 boolean dnUpdated = false;
                 try {
-                    dnUpdated = config.getBoolean(PCERT_PREFIX+certTag+".updatedDN");
+                    dnUpdated = config.getBoolean(PCERT_PREFIX + certTag + ".updatedDN");
                 } catch (Exception e) {
                 }
 
@@ -259,16 +260,16 @@ public class NamePanel extends WizardPanelBase {
                     if (select.equals("clone") || dnUpdated) {
                         c.setDN(dn);
                     } else if (count != 0 && override && (cert.equals("") || certreq.equals(""))) {
-                        CMS.debug("NamePanel subsystemCount = "+count);
-                        c.setDN(dn + " "+count+ 
-                          ((!instanceId.equals(""))? (",OU=" + instanceId):"") +
-                          ((o_sd)? (",O=" + domainname):""));
-                        config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true);
+                        CMS.debug("NamePanel subsystemCount = " + count);
+                        c.setDN(dn + " " + count +
+                                ((!instanceId.equals("")) ? (",OU=" + instanceId) : "") +
+                                ((o_sd) ? (",O=" + domainname) : ""));
+                        config.putBoolean(PCERT_PREFIX + certTag + ".updatedDN", true);
                     } else {
-                        c.setDN(dn + 
-                            ((!instanceId.equals(""))? (",OU=" + instanceId):"") +
-                            ((o_sd)? (",O=" + domainname):""));
-                        config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true);
+                        c.setDN(dn +
+                                ((!instanceId.equals("")) ? (",OU=" + instanceId) : "") +
+                                ((o_sd) ? (",O=" + domainname) : ""));
+                        config.putBoolean(PCERT_PREFIX + certTag + ".updatedDN", true);
                     }
                 }
 
@@ -302,7 +303,8 @@ public class NamePanel extends WizardPanelBase {
         try {
             config.putString("preop.ca.list", list.toString());
             config.commit(false);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         context.put("urls", v);
 
@@ -338,20 +340,20 @@ public class NamePanel extends WizardPanelBase {
      * update some parameters for clones
      */
     public void updateCloneConfig(IConfigStore config)
-        throws EBaseException, IOException {
+            throws EBaseException, IOException {
         String cstype = config.getString("cs.type", null);
         cstype = toLowerCaseSubsystemType(cstype);
         if (cstype.equals("kra")) {
             String token = config.getString(PRE_CONF_CA_TOKEN);
             if (!token.equals("Internal Key Storage Token")) {
-                CMS.debug("NamePanel: updating configuration for KRA clone with hardware token");        
+                CMS.debug("NamePanel: updating configuration for KRA clone with hardware token");
                 String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem");
                 String storageNickname = getNickname(config, "storage");
                 String transportNickname = getNickname(config, "transport");
 
                 config.putString(subsystem + ".storageUnit.hardware", token);
-                config.putString(subsystem + ".storageUnit.nickName", token+":"+storageNickname);
-                config.putString(subsystem + ".transportUnit.nickName", token+":"+transportNickname);
+                config.putString(subsystem + ".storageUnit.nickName", token + ":" + storageNickname);
+                config.putString(subsystem + ".transportUnit.nickName", token + ":" + transportNickname);
                 config.commit(false);
             } else { // software token
                 // parameters already set
@@ -361,12 +363,12 @@ public class NamePanel extends WizardPanelBase {
         // audit signing cert
         String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", "");
         String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", "");
-	    if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) {
+        if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) {
             config.putString("log.instance.SignedAudit.signedAuditCertNickname",
-                audit_tk + ":" + audit_nn);
+                    audit_tk + ":" + audit_nn);
         } else {
             config.putString("log.instance.SignedAudit.signedAuditCertNickname",
-                audit_nn);
+                    audit_nn);
         }
     }
 
@@ -374,7 +376,7 @@ public class NamePanel extends WizardPanelBase {
      * get some of the "preop" parameters to persisting parameters
      */
     public void updateConfig(IConfigStore config, String certTag)
-        throws EBaseException, IOException {
+            throws EBaseException, IOException {
         String token = config.getString(PRE_CONF_CA_TOKEN);
         String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem");
         CMS.debug("NamePanel: subsystem " + subsystem);
@@ -393,30 +395,30 @@ public class NamePanel extends WizardPanelBase {
         String cstype = config.getString("cs.type", null);
         cstype = toLowerCaseSubsystemType(cstype);
         if (cstype.equals("kra")) {
-	    if (!token.equals("Internal Key Storage Token")) {
-	      if (certTag.equals("storage")) {
-                config.putString(subsystem + ".storageUnit.hardware", token);
-                config.putString(subsystem + ".storageUnit.nickName", token+":"+nickname);
-	      } else if (certTag.equals("transport")) {
-                config.putString(subsystem + ".transportUnit.nickName", token+":"+nickname);
-          }
-	    } else { // software token
-	      if (certTag.equals("storage")) {
-                config.putString(subsystem + ".storageUnit.nickName", nickname);
-	      } else if (certTag.equals("transport")) {
-                config.putString(subsystem + ".transportUnit.nickName", nickname);
-              }
-	    }
+            if (!token.equals("Internal Key Storage Token")) {
+                if (certTag.equals("storage")) {
+                    config.putString(subsystem + ".storageUnit.hardware", token);
+                    config.putString(subsystem + ".storageUnit.nickName", token + ":" + nickname);
+                } else if (certTag.equals("transport")) {
+                    config.putString(subsystem + ".transportUnit.nickName", token + ":" + nickname);
+                }
+            } else { // software token
+                if (certTag.equals("storage")) {
+                    config.putString(subsystem + ".storageUnit.nickName", nickname);
+                } else if (certTag.equals("transport")) {
+                    config.putString(subsystem + ".transportUnit.nickName", nickname);
+                }
+            }
         }
 
         String serverCertNickname = nickname;
         String path = CMS.getConfigStore().getString("instanceRoot", "");
         if (certTag.equals("sslserver")) {
-	        if (!token.equals("Internal Key Storage Token")) {
-                serverCertNickname = token+":"+nickname;
+            if (!token.equals("Internal Key Storage Token")) {
+                serverCertNickname = token + ":" + nickname;
             }
-            File file = new File(path+"/conf/serverCertNick.conf");
-            PrintStream ps = new PrintStream(new FileOutputStream(path+"/conf/serverCertNick.conf"));
+            File file = new File(path + "/conf/serverCertNick.conf");
+            PrintStream ps = new PrintStream(new FileOutputStream(path + "/conf/serverCertNick.conf"));
             ps.println(serverCertNickname);
             ps.close();
         }
@@ -424,13 +426,13 @@ public class NamePanel extends WizardPanelBase {
         config.putString(subsystem + "." + certTag + ".nickname", nickname);
         config.putString(subsystem + "." + certTag + ".tokenname", token);
         if (certTag.equals("audit_signing")) {
-	      if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
-            config.putString("log.instance.SignedAudit.signedAuditCertNickname",
-                token + ":" + nickname);
-          } else {
-            config.putString("log.instance.SignedAudit.signedAuditCertNickname",
-                nickname);
-          }
+            if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
+                config.putString("log.instance.SignedAudit.signedAuditCertNickname",
+                        token + ":" + nickname);
+            } else {
+                config.putString("log.instance.SignedAudit.signedAuditCertNickname",
+                        nickname);
+            }
         }
         /*
         config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm",
@@ -438,9 +440,9 @@ public class NamePanel extends WizardPanelBase {
          */
 
         // for system certs verification
-	    if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
+        if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
             config.putString(subsystem + ".cert." + certTag + ".nickname",
-                token + ":" +  nickname);
+                    token + ":" + nickname);
         } else {
             config.putString(subsystem + ".cert." + certTag + ".nickname", nickname);
         }
@@ -459,7 +461,7 @@ public class NamePanel extends WizardPanelBase {
 
         IConfigStore config = CMS.getConfigStore();
         String caType = certObj.getType();
-        CMS.debug("NamePanel: in configCert caType is "+ caType);
+        CMS.debug("NamePanel: in configCert caType is " + caType);
         X509CertImpl cert = null;
         String certTag = certObj.getCertTag();
 
@@ -469,13 +471,13 @@ public class NamePanel extends WizardPanelBase {
                 String v = config.getString("preop.ca.type", "");
 
                 CMS.debug("NamePanel configCert: remote CA");
-                String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, 
-                  certObj, context);
+                String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX,
+                        certObj, context);
                 certObj.setRequest(pkcs10);
                 String subsystem = config.getString(
                         PCERT_PREFIX + certTag + ".subsystem");
                 config.putString(subsystem + "." + certTag + ".certreq", pkcs10);
-                String profileId = config.getString(PCERT_PREFIX+certTag+".profile");
+                String profileId = config.getString(PCERT_PREFIX + certTag + ".profile");
                 String session_id = CMS.getConfigSDSessionId();
                 String sd_hostname = "";
                 int sd_ee_port = -1;
@@ -483,15 +485,15 @@ public class NamePanel extends WizardPanelBase {
                     sd_hostname = config.getString("securitydomain.host", "");
                     sd_ee_port = config.getInteger("securitydomain.httpseeport", -1);
                 } catch (Exception ee) {
-                    CMS.debug("NamePanel: configCert() exception caught:"+ee.toString());
+                    CMS.debug("NamePanel: configCert() exception caught:" + ee.toString());
                 }
                 String sysType = config.getString("cs.type", "");
                 String machineName = config.getString("machineName", "");
                 String securePort = config.getString("service.securePort", "");
                 if (certTag.equals("subsystem")) {
-                    String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id;
-                    cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, 
-                      content, response, this);
+                    String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id;
+                    cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port,
+                            content, response, this);
                     if (cert == null) {
                         throw new IOException("Error: remote certificate is null");
                     }
@@ -504,18 +506,18 @@ public class NamePanel extends WizardPanelBase {
                     } catch (Exception ee) {
                     }
 
-                    String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id;
-                    cert = CertUtil.createRemoteCert(ca_hostname, ca_port, 
-                      content, response, this);
+                    String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id;
+                    cert = CertUtil.createRemoteCert(ca_hostname, ca_port,
+                            content, response, this);
                     if (cert == null) {
                         throw new IOException("Error: remote certificate is null");
                     }
                 } else if (v.equals("otherca")) {
                     config.putString(subsystem + "." + certTag + ".cert",
                             "...paste certificate here...");
-                } else {  
+                } else {
                     CMS.debug("NamePanel: no preop.ca.type is provided");
-                }    
+                }
             } else { // not remote CA, ie, self-signed or local
                 ISubsystem ca = CMS.getSubsystem(ICertificateAuthority.ID);
 
@@ -524,76 +526,76 @@ public class NamePanel extends WizardPanelBase {
 
                     CMS.debug(
                             "The value for " + s
-                            + " should be remote, nothing else.");
+                                    + " should be remote, nothing else.");
                     throw new IOException(
                             "The value for " + s + " should be remote");
-                } 
-      
+                }
+
                 String pubKeyType = config.getString(
                         PCERT_PREFIX + certTag + ".keytype");
                 if (pubKeyType.equals("rsa")) {
 
-                  String pubKeyModulus = config.getString(
-                        PCERT_PREFIX + certTag + ".pubkey.modulus");
-                  String pubKeyPublicExponent = config.getString(
-                        PCERT_PREFIX + certTag + ".pubkey.exponent");
-                  String subsystem = config.getString(
-                        PCERT_PREFIX + certTag + ".subsystem");
+                    String pubKeyModulus = config.getString(
+                            PCERT_PREFIX + certTag + ".pubkey.modulus");
+                    String pubKeyPublicExponent = config.getString(
+                            PCERT_PREFIX + certTag + ".pubkey.exponent");
+                    String subsystem = config.getString(
+                            PCERT_PREFIX + certTag + ".subsystem");
 
-                  if (certTag.equals("signing")) {
-                    X509Key x509key = CryptoUtil.getPublicX509Key(
-                            CryptoUtil.string2byte(pubKeyModulus),
-                            CryptoUtil.string2byte(pubKeyPublicExponent));
-
-                    cert = CertUtil.createLocalCert(config, x509key,
-                            PCERT_PREFIX, certTag, caType, context);
-                  } else {
-                    String cacert = config.getString("ca.signing.cert", "");
-
-                    if (cacert.equals("") || cacert.startsWith("...")) {
-                        certObj.setCert(
-                                "...certificate be generated internally...");
-                        config.putString(subsystem + "." + certTag + ".cert",
-                                "...certificate be generated internally...");
-                    } else {
+                    if (certTag.equals("signing")) {
                         X509Key x509key = CryptoUtil.getPublicX509Key(
                                 CryptoUtil.string2byte(pubKeyModulus),
                                 CryptoUtil.string2byte(pubKeyPublicExponent));
 
                         cert = CertUtil.createLocalCert(config, x509key,
                                 PCERT_PREFIX, certTag, caType, context);
+                    } else {
+                        String cacert = config.getString("ca.signing.cert", "");
+
+                        if (cacert.equals("") || cacert.startsWith("...")) {
+                            certObj.setCert(
+                                    "...certificate be generated internally...");
+                            config.putString(subsystem + "." + certTag + ".cert",
+                                    "...certificate be generated internally...");
+                        } else {
+                            X509Key x509key = CryptoUtil.getPublicX509Key(
+                                    CryptoUtil.string2byte(pubKeyModulus),
+                                    CryptoUtil.string2byte(pubKeyPublicExponent));
+
+                            cert = CertUtil.createLocalCert(config, x509key,
+                                    PCERT_PREFIX, certTag, caType, context);
+                        }
                     }
-                  }
                 } else if (pubKeyType.equals("ecc")) {
-                  String pubKeyEncoded = config.getString(
-                        PCERT_PREFIX + certTag + ".pubkey.encoded");
-                  String subsystem = config.getString(
-                        PCERT_PREFIX + certTag + ".subsystem");
-
-                  if (certTag.equals("signing")) {
+                    String pubKeyEncoded = config.getString(
+                            PCERT_PREFIX + certTag + ".pubkey.encoded");
+                    String subsystem = config.getString(
+                            PCERT_PREFIX + certTag + ".subsystem");
 
-                    X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded));
-                    cert = CertUtil.createLocalCert(config, x509key,
-                            PCERT_PREFIX, certTag, caType, context);
-                  } else {
-                    String cacert = config.getString("ca.signing.cert", "");
-
-                    if (cacert.equals("") || cacert.startsWith("...")) {
-                        certObj.setCert(
-                                "...certificate be generated internally...");
-                        config.putString(subsystem + "." + certTag + ".cert",
-                                "...certificate be generated internally...");
-                    } else {
-                        X509Key x509key = CryptoUtil.getPublicX509ECCKey(
-                                CryptoUtil.string2byte(pubKeyEncoded));
+                    if (certTag.equals("signing")) {
 
+                        X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded));
                         cert = CertUtil.createLocalCert(config, x509key,
                                 PCERT_PREFIX, certTag, caType, context);
+                    } else {
+                        String cacert = config.getString("ca.signing.cert", "");
+
+                        if (cacert.equals("") || cacert.startsWith("...")) {
+                            certObj.setCert(
+                                    "...certificate be generated internally...");
+                            config.putString(subsystem + "." + certTag + ".cert",
+                                    "...certificate be generated internally...");
+                        } else {
+                            X509Key x509key = CryptoUtil.getPublicX509ECCKey(
+                                    CryptoUtil.string2byte(pubKeyEncoded));
+
+                            cert = CertUtil.createLocalCert(config, x509key,
+                                    PCERT_PREFIX, certTag, caType, context);
+                        }
                     }
-                  }
                 } else {
-                   // invalid key type
-                   CMS.debug("Invalid key type " + pubKeyType);
+                    // invalid key type
+                    CMS.debug("Invalid key type " + pubKeyType);
                 }
                 if (cert != null) {
                     if (certTag.equals("subsystem"))
@@ -605,7 +607,7 @@ public class NamePanel extends WizardPanelBase {
                 byte[] certb = cert.getEncoded();
                 String certs = CryptoUtil.base64Encode(certb);
 
-               // certObj.setCert(certs);
+                // certObj.setCert(certs);
                 String subsystem = config.getString(
                         PCERT_PREFIX + certTag + ".subsystem");
                 config.putString(subsystem + "." + certTag + ".cert", certs);
@@ -617,58 +619,57 @@ public class NamePanel extends WizardPanelBase {
             CMS.debug("NamePanel configCert() exception caught:" + e.toString());
         }
     }
- 
+
     public void configCertWithTag(HttpServletRequest request,
             HttpServletResponse response,
-            Context context, String tag) throws IOException 
-   {
-            CMS.debug("NamePanel: configCertWithTag start");
-            Enumeration c = mCerts.elements();
-            IConfigStore config = CMS.getConfigStore();
-         
-            while (c.hasMoreElements()) {
-                Cert cert = (Cert) c.nextElement();
-                String ct = cert.getCertTag(); 
-                CMS.debug("NamePanel: configCertWithTag ct=" + ct + 
-                        " tag=" +tag);
-                if (ct.equals(tag)) {
-                    try {
-                        String nickname = HttpInput.getNickname(request, ct + "_nick");
-                        if (nickname != null) {
-                            CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname);
-                            config.putString(PCERT_PREFIX  + ct + ".nickname", nickname);
-                            cert.setNickname(nickname);
-                            config.commit(false);
-			}
-                        String dn = HttpInput.getDN(request, ct);
-                        if (dn != null) {
-                            config.putString(PCERT_PREFIX + ct + ".dn", dn);
-                            config.commit(false);
-                        }
-                    } catch (Exception e) {
-                        CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString());
-                    }
+            Context context, String tag) throws IOException {
+        CMS.debug("NamePanel: configCertWithTag start");
+        Enumeration c = mCerts.elements();
+        IConfigStore config = CMS.getConfigStore();
 
-                    configCert(request, response, context, cert);
-                    CMS.debug("NamePanel: configCertWithTag done with tag=" + tag);
-                    return;
+        while (c.hasMoreElements()) {
+            Cert cert = (Cert) c.nextElement();
+            String ct = cert.getCertTag();
+            CMS.debug("NamePanel: configCertWithTag ct=" + ct +
+                        " tag=" + tag);
+            if (ct.equals(tag)) {
+                try {
+                    String nickname = HttpInput.getNickname(request, ct + "_nick");
+                    if (nickname != null) {
+                        CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname);
+                        config.putString(PCERT_PREFIX + ct + ".nickname", nickname);
+                        cert.setNickname(nickname);
+                        config.commit(false);
+                    }
+                    String dn = HttpInput.getDN(request, ct);
+                    if (dn != null) {
+                        config.putString(PCERT_PREFIX + ct + ".dn", dn);
+                        config.commit(false);
+                    }
+                } catch (Exception e) {
+                    CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString());
                 }
-           }
-            CMS.debug("NamePanel: configCertWithTag done");
+
+                configCert(request, response, context, cert);
+                CMS.debug("NamePanel: configCertWithTag done with tag=" + tag);
+                return;
+            }
+        }
+        CMS.debug("NamePanel: configCertWithTag done");
     }
 
     private boolean inputChanged(HttpServletRequest request)
-      throws IOException {
-        IConfigStore config = CMS.getConfigStore();         
-       
+            throws IOException {
+        IConfigStore config = CMS.getConfigStore();
+
         boolean hasChanged = false;
         try {
             Enumeration c = mCerts.elements();
 
             while (c.hasMoreElements()) {
                 Cert cert = (Cert) c.nextElement();
-                String ct = cert.getCertTag(); 
-                boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true);
+                String ct = cert.getCertTag();
+                boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
                 if (!enable)
                     continue;
 
@@ -679,10 +680,10 @@ public class NamePanel extends WizardPanelBase {
                 if (!olddn.equals(dn))
                     hasChanged = true;
 
-               String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname");
-               String nick = HttpInput.getNickname(request, ct + "_nick");
-               if (!oldnick.equals(nick))
-                   hasChanged = true;
+                String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname");
+                String nick = HttpInput.getNickname(request, ct + "_nick");
+                if (!oldnick.equals(nick))
+                    hasChanged = true;
 
             }
         } catch (Exception e) {
@@ -690,34 +691,34 @@ public class NamePanel extends WizardPanelBase {
 
         return hasChanged;
     }
-   
-    public String getURL(HttpServletRequest request, IConfigStore config)
-    {
+
+    public String getURL(HttpServletRequest request, IConfigStore config) {
         String index = request.getParameter("urls");
-        if (index == null){
-          return null;
+        if (index == null) {
+            return null;
         }
         String url = "";
         if (index.startsWith("http")) {
-           // user may submit url directlry
-           url = index;
+            // user may submit url directlry
+            url = index;
         } else {
-          try {
-            int x = Integer.parseInt(index);
-            String list = config.getString("preop.ca.list", "");
-            StringTokenizer tokenizer = new StringTokenizer(list, ",");
-            int counter = 0;
-
-            while (tokenizer.hasMoreTokens()) {
-                url = tokenizer.nextToken();
-                if (counter == x) {
-                    break;
+            try {
+                int x = Integer.parseInt(index);
+                String list = config.getString("preop.ca.list", "");
+                StringTokenizer tokenizer = new StringTokenizer(list, ",");
+                int counter = 0;
+
+                while (tokenizer.hasMoreTokens()) {
+                    url = tokenizer.nextToken();
+                    if (counter == x) {
+                        break;
+                    }
+                    counter++;
                 }
-                counter++;
+            } catch (Exception e) {
             }
-          } catch (Exception e) {}
         }
-       return url;
+        return url;
     }
 
     /**
@@ -727,7 +728,7 @@ public class NamePanel extends WizardPanelBase {
             HttpServletResponse response,
             Context context) throws IOException {
         CMS.debug("NamePanel: in update()");
-	boolean hasErr = false;
+        boolean hasErr = false;
 
         if (inputChanged(request)) {
             mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
@@ -736,7 +737,7 @@ public class NamePanel extends WizardPanelBase {
             return;
         }
 
-        IConfigStore config = CMS.getConfigStore();         
+        IConfigStore config = CMS.getConfigStore();
 
         String hselect = "";
         ISubsystem subsystem = CMS.getSubsystem(ICertificateAuthority.ID);
@@ -750,13 +751,13 @@ public class NamePanel extends WizardPanelBase {
                 configCertWithTag(request, response, context, "sslserver");
                 String url = getURL(request, config);
                 if (url != null && !url.equals("External CA")) {
-                   // preop.ca.url and admin port are required for setting KRA connector
-                   url = url.substring(url.indexOf("https"));
-                   config.putString("preop.ca.url", url);
+                    // preop.ca.url and admin port are required for setting KRA connector
+                    url = url.substring(url.indexOf("https"));
+                    config.putString("preop.ca.url", url);
 
-                   URL urlx = new URL(url);
-                   updateCloneSDCAInfo(request, context, urlx.getHost(),
-                        Integer.toString(urlx.getPort()));
+                    URL urlx = new URL(url);
+                    updateCloneSDCAInfo(request, context, urlx.getHost(),
+                            Integer.toString(urlx.getPort()));
 
                 }
                 updateCloneConfig(config);
@@ -771,49 +772,50 @@ public class NamePanel extends WizardPanelBase {
         }
 
         //if no hselect, then not CA
-      if (hselect.equals("") || hselect.equals("join")) {
-        String select = null;
-        String url = getURL(request, config);
-
-        URL urlx = null;
-
-        if (url.equals("External CA")) {
-            CMS.debug("NamePanel: external CA selected");
-            select = "otherca";
-            config.putString("preop.ca.type", "otherca");
-            if (subsystem != null) {
-                config.putString(PCERT_PREFIX+"signing.type", "remote");
-            }
+        if (hselect.equals("") || hselect.equals("join")) {
+            String select = null;
+            String url = getURL(request, config);
+
+            URL urlx = null;
+
+            if (url.equals("External CA")) {
+                CMS.debug("NamePanel: external CA selected");
+                select = "otherca";
+                config.putString("preop.ca.type", "otherca");
+                if (subsystem != null) {
+                    config.putString(PCERT_PREFIX + "signing.type", "remote");
+                }
 
-            config.putString("preop.ca.pkcs7", "");
-            config.putInteger("preop.ca.certchain.size", 0);
-            context.put("check_otherca", "checked");
-            CMS.debug("NamePanel: update: this is the external CA.");
-        } else {
-            CMS.debug("NamePanel: local CA selected");
-            select = "sdca";
-            // parse URL (CA1 - https://...)
-            url = url.substring(url.indexOf("https"));
-            config.putString("preop.ca.url", url);
-
-            urlx = new URL(url);
-            config.putString("preop.ca.type", "sdca");
-            CMS.debug("NamePanel: update: this is a CA in the security domain.");
-            context.put("check_sdca", "checked");
-            sdca(request, context, urlx.getHost(),
-                    Integer.toString(urlx.getPort()));
-            if (subsystem != null) {
-                config.putString(PCERT_PREFIX + "signing.type", "remote");
-                config.putString(PCERT_PREFIX + "signing.profile",
-                        "caInstallCACert");
+                config.putString("preop.ca.pkcs7", "");
+                config.putInteger("preop.ca.certchain.size", 0);
+                context.put("check_otherca", "checked");
+                CMS.debug("NamePanel: update: this is the external CA.");
+            } else {
+                CMS.debug("NamePanel: local CA selected");
+                select = "sdca";
+                // parse URL (CA1 - https://...)
+                url = url.substring(url.indexOf("https"));
+                config.putString("preop.ca.url", url);
+
+                urlx = new URL(url);
+                config.putString("preop.ca.type", "sdca");
+                CMS.debug("NamePanel: update: this is a CA in the security domain.");
+                context.put("check_sdca", "checked");
+                sdca(request, context, urlx.getHost(),
+                        Integer.toString(urlx.getPort()));
+                if (subsystem != null) {
+                    config.putString(PCERT_PREFIX + "signing.type", "remote");
+                    config.putString(PCERT_PREFIX + "signing.profile",
+                            "caInstallCACert");
+                }
             }
-        }
 
-        try {
-            config.commit(false);
-        } catch (Exception e) {}
+            try {
+                config.commit(false);
+            } catch (Exception e) {
+            }
 
-     }
+        }
 
         try {
 
@@ -821,13 +823,13 @@ public class NamePanel extends WizardPanelBase {
 
             while (c.hasMoreElements()) {
                 Cert cert = (Cert) c.nextElement();
-                String ct = cert.getCertTag(); 
+                String ct = cert.getCertTag();
                 String tokenname = cert.getTokenname();
-                boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true);
+                boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
                 if (!enable)
                     continue;
 
-                boolean certDone = config.getBoolean(PCERT_PREFIX+ct+".done", false);
+                boolean certDone = config.getBoolean(PCERT_PREFIX + ct + ".done", false);
                 if (certDone)
                     continue;
 
@@ -850,32 +852,32 @@ public class NamePanel extends WizardPanelBase {
 
                 try {
                     configCert(request, response, context, cert);
-                    config.putBoolean("preop.cert."+cert.getCertTag()+".done", 
-                      true);
+                    config.putBoolean("preop.cert." + cert.getCertTag() + ".done",
+                            true);
                     config.commit(false);
                 } catch (Exception e) {
                     CMS.debug(
                             "NamePanel: update() exception caught:"
                                     + e.toString());
-		    hasErr = true;
+                    hasErr = true;
                     System.err.println("Exception caught: " + e.toString());
                 }
 
             } // while 
-	        if (hasErr == false) {
-              config.putBoolean("preop.NamePanel.done", true);
-              config.commit(false);
-	        }
+            if (hasErr == false) {
+                config.putBoolean("preop.NamePanel.done", true);
+                config.commit(false);
+            }
 
         } catch (Exception e) {
             CMS.debug("NamePanel: Exception caught: " + e.toString());
             System.err.println("Exception caught: " + e.toString());
         }// try
 
-
         try {
             config.commit(false);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         if (!hasErr) {
             context.put("updateStatus", "success");
@@ -897,15 +899,15 @@ public class NamePanel extends WizardPanelBase {
 
         // Retrieve the associated HTTPS Admin port so that it
         // may be stored for use with ImportAdminCertPanel
-        https_admin_port = getSecurityDomainAdminPort( config,
+        https_admin_port = getSecurityDomainAdminPort(config,
                                                        hostname,
                                                        httpsPortStr,
-                                                       "CA" );
+                                                       "CA");
 
         int httpsport = -1;
 
         try {
-             httpsport = Integer.parseInt(httpsPortStr);
+            httpsport = Integer.parseInt(httpsPortStr);
         } catch (Exception e) {
             CMS.debug(
                     "NamePanel update: Https port is not valid. Exception: "
@@ -934,15 +936,15 @@ public class NamePanel extends WizardPanelBase {
 
         // Retrieve the associated HTTPS Admin port so that it
         // may be stored for use with ImportAdminCertPanel
-        https_admin_port = getSecurityDomainAdminPort( config,
+        https_admin_port = getSecurityDomainAdminPort(config,
                                                        hostname,
                                                        httpsPortStr,
-                                                       "CA" );
+                                                       "CA");
 
         int httpsport = -1;
 
         try {
-             httpsport = Integer.parseInt(httpsPortStr);
+            httpsport = Integer.parseInt(httpsPortStr);
         } catch (Exception e) {
             CMS.debug(
                     "NamePanel update: Https port is not valid. Exception: "
@@ -954,21 +956,19 @@ public class NamePanel extends WizardPanelBase {
         config.putString("preop.ca.httpsport", httpsPortStr);
         config.putString("preop.ca.httpsadminport", https_admin_port);
         ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
-        updateCertChainUsingSecureEEPort( config, "ca", hostname,
+        updateCertChainUsingSecureEEPort(config, "ca", hostname,
                                           httpsport, true, context,
-                                          certApprovalCallback );
+                                          certApprovalCallback);
         try {
-           CMS.debug("Importing CA chain");
-           importCertChain("ca");
+            CMS.debug("Importing CA chain");
+            importCertChain("ca");
         } catch (Exception e1) {
-           CMS.debug("Failed in importing CA chain");
+            CMS.debug("Failed in importing CA chain");
         }
     }
 
-
     public void initParams(HttpServletRequest request, Context context)
-                   throws IOException
-    {
+                   throws IOException {
         context.put("certs", mCerts);
     }
 
@@ -977,10 +977,9 @@ public class NamePanel extends WizardPanelBase {
      */
     public void displayError(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) 
-    {
+            Context context) {
         try {
-          initParams(request, context);
+            initParams(request, context);
         } catch (IOException e) {
         }
         context.put("title", "Subject Names");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java
index cf37fdff..8ca70bd4 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
@@ -53,7 +52,7 @@ import com.netscape.cmsutil.xml.XMLObject;
  * This servlet creates a TPS user in the CA,
  * and it associates TPS's server certificate to
  * the user. Finally, it addes the user to the
- * administrator group. This procedure will 
+ * administrator group. This procedure will
  * allows TPS to connect to the CA for certificate
  * issuance.
  */
@@ -68,8 +67,7 @@ public class RegisterUser extends CMSServlet {
     private final static String AUTH_FAILURE = "2";
     private String mGroupName = null;
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
-        "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
-
+            "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
 
     public RegisterUser() {
         super();
@@ -77,6 +75,7 @@ public class RegisterUser extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -88,7 +87,7 @@ public class RegisterUser extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         CMS.debug("UpdateUpdater: processing...");
@@ -102,9 +101,9 @@ public class RegisterUser extends CMSServlet {
             CMS.debug("RegisterUser authentication successful.");
         } catch (Exception e) {
             CMS.debug("RegisterUser: authentication failed.");
-            log(ILogger.LL_FAILURE, 
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                    e.toString()));
+                            e.toString()));
             outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
             return;
         }
@@ -117,19 +116,19 @@ public class RegisterUser extends CMSServlet {
 
         AuthzToken authzToken = null;
         try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, 
-              "modify");
+            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+                    "modify");
             CMS.debug("RegisterUser authorization successful.");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp, "Error: Not authorized");
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp,
-                "Error: Encountered problem during authorization.");
+                    "Error: Encountered problem during authorization.");
             return;
         }
 
@@ -150,93 +149,93 @@ public class RegisterUser extends CMSServlet {
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
-        String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + 
-                             "+Resource;;"+ uid +
-                             "+fullname;;"+ name + 
+        String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" +
+                             "+Resource;;" + uid +
+                             "+fullname;;" + name +
                              "+state;;1" +
                              "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>";
 
-        IUGSubsystem ugsys = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG);
+        IUGSubsystem ugsys = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
 
         IUser user = null;
         boolean foundByCert = false;
         X509Certificate certs[] = new X509Certificate[1];
         try {
 
-          byte bCert[] = null;
-          X509CertImpl cert = null;
-          bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString));
-          cert = new X509CertImpl(bCert);
-          certs[0] = (X509Certificate)cert;
-
-          // test to see if the cert already belongs to a user
-          ICertUserLocator cul = ugsys.getCertUserLocator();
-          com.netscape.certsrv.usrgrp.Certificates c =
-            new com.netscape.certsrv.usrgrp.Certificates(certs);
-          user = (IUser) cul.locateUser(c);
+            byte bCert[] = null;
+            X509CertImpl cert = null;
+            bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString));
+            cert = new X509CertImpl(bCert);
+            certs[0] = (X509Certificate) cert;
+
+            // test to see if the cert already belongs to a user
+            ICertUserLocator cul = ugsys.getCertUserLocator();
+            com.netscape.certsrv.usrgrp.Certificates c =
+                    new com.netscape.certsrv.usrgrp.Certificates(certs);
+            user = (IUser) cul.locateUser(c);
         } catch (Exception ec) {
-            CMS.debug("RegisterUser: exception thrown: "+ec.toString());
+            CMS.debug("RegisterUser: exception thrown: " + ec.toString());
         }
         if (user == null) {
-          CMS.debug("RegisterUser NOT found user by cert");
-          try { 
-            user = ugsys.getUser(uid);
-            CMS.debug("RegisterUser found user by uid "+uid);
-          } catch (Exception eee) {
-          } 
+            CMS.debug("RegisterUser NOT found user by cert");
+            try {
+                user = ugsys.getUser(uid);
+                CMS.debug("RegisterUser found user by uid " + uid);
+            } catch (Exception eee) {
+            }
         } else {
-          foundByCert = true;
-          CMS.debug("RegisterUser found user by cert");
+            foundByCert = true;
+            CMS.debug("RegisterUser found user by cert");
         }
-    
-        try { 
-
-          if (user == null) {
-            // create user only if such user does not exist
-            user = ugsys.createUser(uid);
-            user.setFullName(name);
-            user.setState("1");
-            user.setUserType("");
-            user.setEmail("");
-            user.setPhone("");
-            user.setPassword("");
-
-            ugsys.addUser(user);
-            CMS.debug("RegisterUser created user " + uid);
-            auditMessage = CMS.getLogMessage(
+
+        try {
+
+            if (user == null) {
+                // create user only if such user does not exist
+                user = ugsys.createUser(uid);
+                user.setFullName(name);
+                user.setState("1");
+                user.setUserType("");
+                user.setEmail("");
+                user.setPhone("");
+                user.setPassword("");
+
+                ugsys.addUser(user);
+                CMS.debug("RegisterUser created user " + uid);
+                auditMessage = CMS.getLogMessage(
                               LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
                               auditSubjectID,
                               ILogger.SUCCESS,
                               auditParams);
-            audit(auditMessage);
-          }
-
-          // extract all line separators
-          StringBuffer sb = new StringBuffer();
-          for (int i = 0; i < certsString.length(); i++) {
-              if (!Character.isWhitespace(certsString.charAt(i))) {
-                  sb.append(certsString.charAt(i));
-              }
-          }
-          certsString = sb.toString();
-
-          auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" +
-                        "+Resource;;"+ uid +
-                        "+cert;;"+certsString;
-
-          user.setX509Certificates(certs);
-          if (!foundByCert) {
-            ugsys.addUserCert(user);
-            CMS.debug("RegisterUser added user certificate");
-            auditMessage = CMS.getLogMessage(
+                audit(auditMessage);
+            }
+
+            // extract all line separators
+            StringBuffer sb = new StringBuffer();
+            for (int i = 0; i < certsString.length(); i++) {
+                if (!Character.isWhitespace(certsString.charAt(i))) {
+                    sb.append(certsString.charAt(i));
+                }
+            }
+            certsString = sb.toString();
+
+            auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" +
+                        "+Resource;;" + uid +
+                        "+cert;;" + certsString;
+
+            user.setX509Certificates(certs);
+            if (!foundByCert) {
+                ugsys.addUserCert(user);
+                CMS.debug("RegisterUser added user certificate");
+                auditMessage = CMS.getLogMessage(
                               LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
                               auditSubjectID,
                               ILogger.SUCCESS,
                               auditParams);
-            audit(auditMessage);
-          } else
-            CMS.debug("RegisterUser no need to add user certificate");
-         } catch (Exception eee) {
+                audit(auditMessage);
+            } else
+                CMS.debug("RegisterUser no need to add user certificate");
+        } catch (Exception eee) {
             CMS.debug("RegisterUser error " + eee.toString());
             auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
@@ -249,20 +248,19 @@ public class RegisterUser extends CMSServlet {
             return;
         }
 
-
         // add user to the group
         auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" +
-                      "+Resource;;"+ mGroupName;
+                      "+Resource;;" + mGroupName;
         try {
             Enumeration groups = ugsys.findGroups(mGroupName);
-            IGroup group = (IGroup)groups.nextElement();
+            IGroup group = (IGroup) groups.nextElement();
 
             auditParams += "+user;;";
             Enumeration members = group.getMemberNames();
             while (members.hasMoreElements()) {
                 auditParams += (String) members.nextElement();
                 if (members.hasMoreElements()) {
-                    auditParams +=",";
+                    auditParams += ",";
                 }
             }
 
@@ -280,15 +278,15 @@ public class RegisterUser extends CMSServlet {
 
                 audit(auditMessage);
             }
-         } catch (Exception e) {
-             auditMessage = CMS.getLogMessage(
+        } catch (Exception e) {
+            auditMessage = CMS.getLogMessage(
                                LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
                                auditSubjectID,
                                ILogger.FAILURE,
                                auditParams);
 
-             audit(auditMessage);
-         }
+            audit(auditMessage);
+        }
 
         // send success status back to the requestor
         try {
@@ -305,12 +303,13 @@ public class RegisterUser extends CMSServlet {
         }
     }
 
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
     protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
index 76f5a749..cc62fede 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.FileInputStream;
@@ -76,19 +75,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class RestoreKeyCertPanel extends WizardPanelBase {
 
-    public RestoreKeyCertPanel() {}
+    public RestoreKeyCertPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Import Keys and Certificates");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Import Keys and Certificates");
         setId(id);
@@ -99,18 +99,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
      */
     public boolean shouldSkip() {
         CMS.debug("RestoreKeyCertPanel: should skip");
-                                                                                
+
         IConfigStore cs = CMS.getConfigStore();
         // if we are root, no need to get the certificate chain.
-                                                                                
+
         try {
-            String select = cs.getString("preop.subsystem.select","");
+            String select = cs.getString("preop.subsystem.select", "");
             if (select.equals("clone")) {
                 return false;
             }
         } catch (EBaseException e) {
         }
-                                                                                
+
         return true;
     }
 
@@ -138,15 +138,16 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -160,7 +161,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
         IConfigStore config = CMS.getConfigStore();
 
         if (isPanelDone()) {
-            
+
             try {
                 String s = config.getString("preop.pk12.path", "");
                 String type = config.getString("preop.subsystem.select", "");
@@ -201,7 +202,6 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
         //    throw new IOException("Path is empty");
         // }
 
-        
         if (s != null && !s.equals("")) {
             s = HttpInput.getPassword(request, "__password");
             if (s == null || s.equals("")) {
@@ -217,15 +217,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
      */
     public void update(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) throws IOException 
-    {
+            Context context) throws IOException {
         IConfigStore config = CMS.getConfigStore();
         String path = HttpInput.getString(request, "path");
         if (path == null || path.equals("")) {
-              // skip to next panel
+            // skip to next panel
             config.putBoolean("preop.restorekeycert.done", true);
             try {
-              config.commit(false);
+                config.commit(false);
             } catch (EBaseException e) {
             }
             getConfigEntriesFromMaster(request, response, context);
@@ -233,7 +232,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
             return;
         }
         String pwd = HttpInput.getPassword(request, "__password");
-        
+
         String tokenn = "";
         String instanceRoot = "";
 
@@ -246,7 +245,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
         if (tokenn.equals("Internal Key Storage Token")) {
             byte b[] = new byte[1000000];
             FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" + path);
-            while (fis.available() > 0) 
+            while (fis.available() > 0)
                 fis.read(b);
             fis.close();
 
@@ -256,10 +255,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
             PFX pfx = null;
             boolean verifypfx = false;
             try {
-                pfx = (PFX)(new PFX.Template()).decode(bis);
-                verifypfx = pfx.verifyAuthSafes(password, reason); 
+                pfx = (PFX) (new PFX.Template()).decode(bis);
+                verifypfx = pfx.verifyAuthSafes(password, reason);
             } catch (Exception e) {
-                CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString());
+                CMS.debug("RestoreKeyCertPanel update: Exception=" + e.toString());
             }
 
             if (verifypfx) {
@@ -267,50 +266,50 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                 AuthenticatedSafes safes = pfx.getAuthSafes();
                 Vector pkeyinfo_collection = new Vector();
                 Vector cert_collection = new Vector();
-                for (int i=0; i<safes.getSize(); i++) {
+                for (int i = 0; i < safes.getSize(); i++) {
                     try {
-                        SEQUENCE scontent = safes.getSafeContentsAt(null, i); 
-                        for (int j=0; j<scontent.size(); j++) {
-                            SafeBag bag = (SafeBag)scontent.elementAt(j);
+                        SEQUENCE scontent = safes.getSafeContentsAt(null, i);
+                        for (int j = 0; j < scontent.size(); j++) {
+                            SafeBag bag = (SafeBag) scontent.elementAt(j);
                             OBJECT_IDENTIFIER oid = bag.getBagType();
                             if (oid.equals(SafeBag.PKCS8_SHROUDED_KEY_BAG)) {
-                                EncryptedPrivateKeyInfo privkeyinfo = 
-                                  (EncryptedPrivateKeyInfo)bag.getInterpretedBagContent();
+                                EncryptedPrivateKeyInfo privkeyinfo =
+                                        (EncryptedPrivateKeyInfo) bag.getInterpretedBagContent();
                                 PasswordConverter passConverter = new PasswordConverter();
                                 PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt(password, new PasswordConverter());
                                 Vector pkeyinfo_v = new Vector();
                                 pkeyinfo_v.addElement(pkeyinfo);
                                 SET bagAttrs = bag.getBagAttributes();
-                                for (int k=0; k<bagAttrs.size(); k++) {
-                                    Attribute attrs = (Attribute)bagAttrs.elementAt(k);
+                                for (int k = 0; k < bagAttrs.size(); k++) {
+                                    Attribute attrs = (Attribute) bagAttrs.elementAt(k);
                                     OBJECT_IDENTIFIER aoid = attrs.getType();
                                     if (aoid.equals(SafeBag.FRIENDLY_NAME)) {
                                         SET val = attrs.getValues();
-                                        ANY ss = (ANY)val.elementAt(0);
+                                        ANY ss = (ANY) val.elementAt(0);
                                         ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded());
-                                        BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis);
+                                        BMPString sss = (BMPString) (new BMPString.Template()).decode(bbis);
                                         String s = sss.toString();
                                         pkeyinfo_v.addElement(s);
                                     }
                                 }
                                 pkeyinfo_collection.addElement(pkeyinfo_v);
                             } else if (oid.equals(SafeBag.CERT_BAG)) {
-                                CertBag cbag = (CertBag)bag.getInterpretedBagContent();    
-                                OCTET_STRING str = (OCTET_STRING)cbag.getInterpretedCert();
+                                CertBag cbag = (CertBag) bag.getInterpretedBagContent();
+                                OCTET_STRING str = (OCTET_STRING) cbag.getInterpretedCert();
                                 byte[] x509cert = str.toByteArray();
                                 Vector cert_v = new Vector();
                                 cert_v.addElement(x509cert);
                                 SET bagAttrs = bag.getBagAttributes();
-                         
+
                                 if (bagAttrs != null) {
-                                    for (int k=0; k<bagAttrs.size(); k++) {
-                                        Attribute attrs = (Attribute)bagAttrs.elementAt(k);
+                                    for (int k = 0; k < bagAttrs.size(); k++) {
+                                        Attribute attrs = (Attribute) bagAttrs.elementAt(k);
                                         OBJECT_IDENTIFIER aoid = attrs.getType();
                                         if (aoid.equals(SafeBag.FRIENDLY_NAME)) {
                                             SET val = attrs.getValues();
-                                            ANY ss = (ANY)val.elementAt(0);
+                                            ANY ss = (ANY) val.elementAt(0);
                                             ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded());
-                                            BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis);
+                                            BMPString sss = (BMPString) (new BMPString.Template()).decode(bbis);
                                             String s = sss.toString();
                                             cert_v.addElement(s);
                                         }
@@ -321,10 +320,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                             }
                         }
                     } catch (Exception e) {
-                        CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString());
+                        CMS.debug("RestoreKeyCertPanel update: Exception=" + e.toString());
                     }
                 }
-            
+
                 importkeycert(pkeyinfo_collection, cert_collection);
             } else {
                 context.put("updateStatus", "failure");
@@ -342,7 +341,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
         cstype = toLowerCaseSubsystemType(cstype);
 
         if (subsystemtype.equals("clone")) {
-            CMS.debug("RestoreKeyCertPanel: this is the clone subsystem"); 
+            CMS.debug("RestoreKeyCertPanel: this is the clone subsystem");
             boolean cloneReady = isCertdbCloned(request, context);
             if (!cloneReady) {
                 CMS.debug("RestoreKeyCertPanel update: clone does not have all the certificates.");
@@ -363,7 +362,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
     }
 
     private void getConfigEntriesFromMaster(HttpServletRequest request,
-      HttpServletResponse response, Context context) throws IOException {
+            HttpServletResponse response, Context context) throws IOException {
         try {
             IConfigStore config = CMS.getConfigStore();
             String cstype = "";
@@ -388,14 +387,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
 
                 String content = "";
                 if (cstype.equals("ca") || cstype.equals("kra")) {
-                    content = "type=request&xmlOutput=true&sessionID="+session_id;
+                    content = "type=request&xmlOutput=true&sessionID=" + session_id;
                     CMS.debug("http content=" + content);
                     updateNumberRange(master_hostname, master_ee_port, true, content, "request", response);
 
-                    content = "type=serialNo&xmlOutput=true&sessionID="+session_id;
+                    content = "type=serialNo&xmlOutput=true&sessionID=" + session_id;
                     updateNumberRange(master_hostname, master_ee_port, true, content, "serialNo", response);
 
-                    content = "type=replicaId&xmlOutput=true&sessionID="+session_id;
+                    content = "type=replicaId&xmlOutput=true&sessionID=" + session_id;
                     updateNumberRange(master_hostname, master_ee_port, true, content, "replicaId", response);
                 }
 
@@ -406,7 +405,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                 }
 
                 StringBuffer c1 = new StringBuffer();
-                StringBuffer s1 = new StringBuffer(); 
+                StringBuffer s1 = new StringBuffer();
                 StringTokenizer tok = new StringTokenizer(list, ",");
                 while (tok.hasMoreTokens()) {
                     String t1 = tok.nextToken();
@@ -438,8 +437,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                     c1.append(t1);
                     c1.append(".pubkey.encoded");
 
-
-                    if (s1.length()!=0)
+                    if (s1.length() != 0)
                         s1.append(",");
 
                     s1.append(cstype);
@@ -449,18 +447,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
 
                 if (!cstype.equals("ca")) {
                     c1.append(",cloning.ca.hostname,cloning.ca.httpport,cloning.ca.httpsport,cloning.ca.list,cloning.ca.pkcs7,cloning.ca.type");
-                } 
+                }
 
                 if (cstype.equals("ca")) {
                     /* get ca connector details */
-                    if (s1.length()!=0)
+                    if (s1.length() != 0)
                         s1.append(",");
                     s1.append("ca.connector.KRA");
                 }
 
-                content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString()+"&xmlOutput=true&sessionID="+session_id;
+                content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + c1.toString() + "&substores=" + s1.toString() + "&xmlOutput=true&sessionID=" + session_id;
                 boolean success = updateConfigEntries(master_hostname, master_port, true,
-                  "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, response);
+                        "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config, response);
                 if (!success) {
                     context.put("errorString", "Failed to get configuration entries from the master");
                     throw new IOException("Failed to get configuration entries from the master");
@@ -473,7 +471,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
             } catch (IOException eee) {
                 throw eee;
             } catch (Exception eee) {
-                CMS.debug("RestoreKeyCertPanel: update exception caught:"+eee.toString());
+                CMS.debug("RestoreKeyCertPanel: update exception caught:" + eee.toString());
             }
 
         } catch (IOException ee) {
@@ -491,38 +489,38 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                 String s = st.nextToken();
                 if (s.equals("sslserver"))
                     continue;
-                String name = "preop.master."+s+".nickname";
+                String name = "preop.master." + s + ".nickname";
                 String nickname = cs.getString(name, "");
                 CryptoManager cm = CryptoManager.getInstance();
                 X509Certificate xcert = null;
                 try {
                     xcert = cm.findCertByNickname(nickname);
                 } catch (Exception ee) {
-                    CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString());
+                    CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + ee.toString());
                 }
                 CryptoToken ct = cm.getInternalKeyStorageToken();
                 CryptoStore store = ct.getCryptoStore();
                 try {
                     store.deleteCert(xcert);
                 } catch (Exception ee) {
-                    CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString());
+                    CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + ee.toString());
                 }
             }
         } catch (Exception e) {
-            CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+e.toString());
-        } 
+            CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + e.toString());
+        }
     }
 
     private org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType(PublicKey pubkey) {
-      CMS.debug("Key Algorithm '"+pubkey.getAlgorithm()+"'");
-      if (pubkey.getAlgorithm().equals("EC")) {
-        return org.mozilla.jss.crypto.PrivateKey.Type.EC;
-      }
-      return org.mozilla.jss.crypto.PrivateKey.Type.RSA;
+        CMS.debug("Key Algorithm '" + pubkey.getAlgorithm() + "'");
+        if (pubkey.getAlgorithm().equals("EC")) {
+            return org.mozilla.jss.crypto.PrivateKey.Type.EC;
+        }
+        return org.mozilla.jss.crypto.PrivateKey.Type.RSA;
     }
 
-    private void importkeycert(Vector pkeyinfo_collection, 
-      Vector cert_collection) throws IOException {
+    private void importkeycert(Vector pkeyinfo_collection,
+            Vector cert_collection) throws IOException {
         CryptoManager cm = null;
         try {
             cm = CryptoManager.getInstance();
@@ -532,12 +530,12 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
         // delete all existing certificates first
         deleteExistingCerts();
 
-        for (int i=0; i<pkeyinfo_collection.size(); i++) {
+        for (int i = 0; i < pkeyinfo_collection.size(); i++) {
             try {
-                Vector pkeyinfo_v = (Vector)pkeyinfo_collection.elementAt(i);
-                PrivateKeyInfo pkeyinfo = (PrivateKeyInfo)pkeyinfo_v.elementAt(0);
-                String nickname = (String)pkeyinfo_v.elementAt(1);
-                byte[] x509cert = getX509Cert(nickname, cert_collection); 
+                Vector pkeyinfo_v = (Vector) pkeyinfo_collection.elementAt(i);
+                PrivateKeyInfo pkeyinfo = (PrivateKeyInfo) pkeyinfo_v.elementAt(0);
+                String nickname = (String) pkeyinfo_v.elementAt(1);
+                byte[] x509cert = getX509Cert(nickname, cert_collection);
                 X509Certificate cert = cm.importCACertPackage(x509cert);
                 ByteArrayOutputStream bos = new ByteArrayOutputStream();
                 pkeyinfo.encode(bos);
@@ -550,32 +548,32 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                 try {
                     store.deleteCert(cert);
                 } catch (Exception ee) {
-                    CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString());
+                    CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + ee.toString());
                 }
 
                 KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3);
                 SymmetricKey sk = kg.generate();
-                byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1};
+                byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
                 IVParameterSpec param = new IVParameterSpec(iv);
                 Cipher c = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD);
                 c.initEncrypt(sk, param);
                 byte[] encpkey = c.doFinal(pkey);
-                
+
                 KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
                 wrapper.initUnwrap(sk, param);
                 org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publickey), publickey);
 
             } catch (Exception e) {
-                CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString());
+                CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + e.toString());
             }
         }
 
-        for (int i=0; i<cert_collection.size(); i++) {
+        for (int i = 0; i < cert_collection.size(); i++) {
             try {
-                Vector cert_v = (Vector)cert_collection.elementAt(i);
-                byte[] cert = (byte[])cert_v.elementAt(0);
+                Vector cert_v = (Vector) cert_collection.elementAt(i);
+                byte[] cert = (byte[]) cert_v.elementAt(0);
                 if (cert_v.size() > 1) {
-                    String name = (String)cert_v.elementAt(1);
+                    String name = (String) cert_v.elementAt(1);
                     // we need to delete the trusted CA certificate if it is
                     // the same as the ca signing certificate
                     if (isCASigningCert(name)) {
@@ -586,10 +584,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                             CMS.debug("RestoreKeyCertPanel deleteCert: this is pk11store");
                             if (store instanceof PK11Store) {
                                 try {
-                                    PK11Store pk11store = (PK11Store)store;
+                                    PK11Store pk11store = (PK11Store) store;
                                     pk11store.deleteCertOnly(certchain);
                                 } catch (Exception ee) {
-                                    CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString());
+                                    CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + ee.toString());
                                 }
                             }
                         }
@@ -598,18 +596,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                     X509Certificate xcert = cm.importUserCACertPackage(cert, name);
                     if (name.startsWith("caSigningCert")) {
                         // we need to change the trust attribute to CT
-                        InternalCertificate icert = (InternalCertificate)xcert;
-                        icert.setSSLTrust(InternalCertificate.TRUSTED_CA 
-                          | InternalCertificate.TRUSTED_CLIENT_CA
-                          | InternalCertificate.VALID_CA);
+                        InternalCertificate icert = (InternalCertificate) xcert;
+                        icert.setSSLTrust(InternalCertificate.TRUSTED_CA
+                                | InternalCertificate.TRUSTED_CLIENT_CA
+                                | InternalCertificate.VALID_CA);
                     } else if (name.startsWith("auditSigningCert")) {
-                        InternalCertificate icert = (InternalCertificate)xcert;
+                        InternalCertificate icert = (InternalCertificate) xcert;
                         icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER);
                     }
                 } else
                     cm.importCACertPackage(cert);
             } catch (Exception e) {
-                CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString());
+                CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + e.toString());
             }
         }
     }
@@ -628,15 +626,15 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
         return false;
     }
 
-    private X509Certificate getX509CertFromToken(byte[] cert) 
-      throws IOException {
+    private X509Certificate getX509CertFromToken(byte[] cert)
+            throws IOException {
         try {
             X509CertImpl impl = new X509CertImpl(cert);
             String issuer_impl = impl.getIssuerDN().toString();
             BigInteger serial_impl = impl.getSerialNumber();
             CryptoManager cm = CryptoManager.getInstance();
             X509Certificate[] permcerts = cm.getPermCerts();
-            for (int i=0; i<permcerts.length; i++) {
+            for (int i = 0; i < permcerts.length; i++) {
                 String issuer_p = permcerts[i].getSubjectDN().toString();
                 BigInteger serial_p = permcerts[i].getSerialNumber();
                 if (issuer_p.equals(issuer_impl) && serial_p.compareTo(serial_impl) == 0) {
@@ -644,25 +642,25 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                 }
             }
         } catch (Exception e) {
-            CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception="+e.toString());
+            CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception=" + e.toString());
         }
 
         return null;
     }
 
-    private byte[] getX509Cert(String nickname, Vector cert_collection) 
-      throws IOException {
-        for (int i=0; i<cert_collection.size(); i++) {
-            Vector v = (Vector)cert_collection.elementAt(i);
-            byte[] b = (byte[])v.elementAt(0);
+    private byte[] getX509Cert(String nickname, Vector cert_collection)
+            throws IOException {
+        for (int i = 0; i < cert_collection.size(); i++) {
+            Vector v = (Vector) cert_collection.elementAt(i);
+            byte[] b = (byte[]) v.elementAt(0);
             X509CertImpl impl = null;
             try {
                 impl = new X509CertImpl(b);
             } catch (Exception e) {
-                CMS.debug("RestoreKeyCertPanel getX509Cert: Exception="+e.toString());
-                throw new IOException( e.toString() );
+                CMS.debug("RestoreKeyCertPanel getX509Cert: Exception=" + e.toString());
+                throw new IOException(e.toString());
             }
-            Principal subjectdn = impl.getSubjectDN();    
+            Principal subjectdn = impl.getSubjectDN();
             if (LDAPDN.equals(subjectdn.toString(), nickname))
                 return b;
         }
@@ -674,9 +672,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
      * If validiate() returns false, this method will be called.
      */
     public void displayError(HttpServletRequest request,
-        HttpServletResponse response,
-        Context context)
-    {
+            HttpServletResponse response,
+            Context context) {
         context.put("title", "Import Keys and Certificates");
         context.put("password", "");
         context.put("path", "");
@@ -684,7 +681,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
     }
 
     private boolean isCertdbCloned(HttpServletRequest request,
-      Context context) {
+            Context context) {
         IConfigStore config = CMS.getConfigStore();
         String certList = "";
         try {
@@ -698,13 +695,13 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                 String tokenname = config.getString("preop.module.token", "");
                 CryptoToken tok = cm.getTokenByName(tokenname);
                 CryptoStore store = tok.getCryptoStore();
-                String name1 = "preop.master."+token+".nickname";
+                String name1 = "preop.master." + token + ".nickname";
                 String nickname = config.getString(name1, "");
                 if (!tokenname.equals("Internal Key Storage Token") &&
-                  !tokenname.equals("internal"))
-                    nickname = tokenname+":"+nickname;
+                        !tokenname.equals("internal"))
+                    nickname = tokenname + ":" + nickname;
 
-                CMS.debug("RestoreKeyCertPanel isCertdbCloned: "+nickname);
+                CMS.debug("RestoreKeyCertPanel isCertdbCloned: " + nickname);
                 X509Certificate cert = cm.findCertByNickname(nickname);
                 if (cert == null)
                     return false;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java
index 854e8f10..0c066268 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java
@@ -34,19 +34,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class SavePKCS12Panel extends WizardPanelBase {
 
-    public SavePKCS12Panel() {}
+    public SavePKCS12Panel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Save Keys and Certificates");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Save Keys and Certificates");
         setId(id);
@@ -60,11 +61,11 @@ public class SavePKCS12Panel extends WizardPanelBase {
 
         try {
             boolean enable = cs.getBoolean("preop.backupkeys.enable", false);
-            if (!enable) 
+            if (!enable)
                 return true;
         } catch (Exception e) {
         }
- 
+
         return false;
     }
 
@@ -77,13 +78,14 @@ public class SavePKCS12Panel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         return set;
     }
 
@@ -116,7 +118,7 @@ public class SavePKCS12Panel extends WizardPanelBase {
      * Checks if the given parameters are valid.
      */
     public void validate(HttpServletRequest request,
-      HttpServletResponse response, Context context) throws IOException {
+            HttpServletResponse response, Context context) throws IOException {
     }
 
     /**
@@ -134,9 +136,8 @@ public class SavePKCS12Panel extends WizardPanelBase {
      * If validiate() returns false, this method will be called.
      */
     public void displayError(HttpServletRequest request,
-        HttpServletResponse response,
-        Context context)
-    {
+            HttpServletResponse response,
+            Context context) {
         context.put("title", "Save Keys and Certificates");
         context.put("panel", "admin/console/config/savepkcs12panel.vm");
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java
index 3a5d82d1..42165b08 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.net.URL;
 import java.net.URLDecoder;
 
@@ -59,9 +58,9 @@ public class SecurityDomainLogin extends BaseServlet {
             int index = url.indexOf("subsystem=");
             String subsystem = "";
             if (index > 0) {
-                subsystem = url.substring(index+10);
+                subsystem = url.substring(index + 10);
                 int index1 = subsystem.indexOf("&");
-                if (index1 > 0) 
+                if (index1 > 0)
                     subsystem = subsystem.substring(0, index1);
             }
             context.put("sd_uid", "");
@@ -70,14 +69,14 @@ public class SecurityDomainLogin extends BaseServlet {
             context.put("host", u.getHost());
             context.put("sdhost", CMS.getEESSLHost());
             if (subsystem.equals("KRA")) {
-              subsystem = "DRM";
+                subsystem = "DRM";
             }
             context.put("subsystem", subsystem);
             // The "securitydomain.name" property ONLY resides in the "CS.cfg"
             // associated with the CS subsystem hosting the security domain.
             IConfigStore cs = CMS.getConfigStore();
             String sdname = cs.getString("securitydomain.name", "");
-            context.put("name", sdname); 
+            context.put("name", sdname);
             template = Velocity.getTemplate("admin/console/config/securitydomainloginpanel.vm");
         } catch (Exception e) {
             System.err.println("Exception caught: " + e.getMessage());
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
index 90a6aeb0..7e45f019 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URL;
@@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class SecurityDomainPanel extends WizardPanelBase {
 
-    public SecurityDomainPanel() {}
+    public SecurityDomainPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Security Domain");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Security Domain");
         setId(id);
@@ -72,15 +72,16 @@ public class SecurityDomainPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -136,7 +137,8 @@ public class SecurityDomainPanel extends WizardPanelBase {
             context.put("https_ee_port", CMS.getEESSLPort());
             context.put("https_admin_port", CMS.getAdminPort());
             context.put("sdomainAdminURL", default_admin_url);
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         context.put("panel", "admin/console/config/securitydomainpanel.vm");
         context.put("errorString", errorString);
@@ -163,12 +165,12 @@ public class SecurityDomainPanel extends WizardPanelBase {
                     }
                     if (count == numTokens) // skip the last element (e.g. com)
                         continue;
-                    sb.append((defaultDomain.length()==0)? "":" ");
+                    sb.append((defaultDomain.length() == 0) ? "" : " ");
                     sb.append(capitalize(n));
                 }
-                defaultDomain = sb.toString() + " "+ "Domain";
+                defaultDomain = sb.toString() + " " + "Domain";
                 name = defaultDomain;
-                CMS.debug("SecurityDomainPanel: defaultDomain generated:"+ name);
+                CMS.debug("SecurityDomainPanel: defaultDomain generated:" + name);
             } catch (MalformedURLException e) {
                 errorString = "Malformed URL";
                 // not being able to come up with default domain name is ok
@@ -176,54 +178,53 @@ public class SecurityDomainPanel extends WizardPanelBase {
         }
         context.put("sdomainName", name);
 
-        if( default_admin_url != null ) {
+        if (default_admin_url != null) {
             String r = null;
 
             try {
                 // check to see if "default" security domain exists
                 // on local machine
-                URL u = new URL( default_admin_url );
+                URL u = new URL(default_admin_url);
 
                 String hostname = u.getHost();
                 int port = u.getPort();
-                ConfigCertApprovalCallback
-                certApprovalCallback = new ConfigCertApprovalCallback();
-                r = pingCS( hostname, port, true, certApprovalCallback );
+                ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
+                r = pingCS(hostname, port, true, certApprovalCallback);
             } catch (Exception e) {
-                CMS.debug( "SecurityDomainPanel: exception caught: "
-                         + e.toString() );
+                CMS.debug("SecurityDomainPanel: exception caught: "
+                         + e.toString());
             }
- 
-            if( r != null ) {
+
+            if (r != null) {
                 // "default" security domain exists on local machine;
                 // fill "sdomainURL" in with "default" security domain
                 // as an initial "guess"
-                CMS.debug( "SecurityDomainPanel: pingCS returns: "+r );
-                context.put( "sdomainURL", default_admin_url );
+                CMS.debug("SecurityDomainPanel: pingCS returns: " + r);
+                context.put("sdomainURL", default_admin_url);
             } else {
                 // "default" security domain does NOT exist on local machine;
                 // leave "sdomainURL" blank
-                CMS.debug( "SecurityDomainPanel: pingCS no successful response" );
-                context.put( "sdomainURL", "" );
+                CMS.debug("SecurityDomainPanel: pingCS no successful response");
+                context.put("sdomainURL", "");
             }
         }
 
         // Information for "existing" Security Domain CAs
         String initDaemon = "pki-cad";
         String instanceId = "&lt;security_domain_instance_name&gt;";
-        String os = System.getProperty( "os.name" );
-        if( os.equalsIgnoreCase( "Linux" ) ) {
-            if (! systemdService.equals("")) {
-                context.put( "initCommand", "/usr/bin/pkicontrol" );
-                context.put( "instanceId", "ca " + systemdService );
+        String os = System.getProperty("os.name");
+        if (os.equalsIgnoreCase("Linux")) {
+            if (!systemdService.equals("")) {
+                context.put("initCommand", "/usr/bin/pkicontrol");
+                context.put("instanceId", "ca " + systemdService);
             } else {
-                context.put( "initCommand", "/sbin/service " + initDaemon );
-                context.put( "instanceId", instanceId );
+                context.put("initCommand", "/sbin/service " + initDaemon);
+                context.put("instanceId", instanceId);
             }
         } else {
             /* default case:  e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
-            context.put( "initCommand", "/etc/init.d/" + initDaemon );
-            context.put( "instanceId", instanceId );
+            context.put("initCommand", "/etc/init.d/" + initDaemon);
+            context.put("instanceId", instanceId);
         }
     }
 
@@ -231,7 +232,7 @@ public class SecurityDomainPanel extends WizardPanelBase {
         if (s.length() == 0) {
             return s;
         } else {
-            return s.substring(0,1).toUpperCase() + s.substring(1);
+            return s.substring(0, 1).toUpperCase() + s.substring(1);
         }
     }
 
@@ -241,7 +242,7 @@ public class SecurityDomainPanel extends WizardPanelBase {
     public void validate(HttpServletRequest request,
             HttpServletResponse response,
             Context context) throws IOException {
-       
+
         String select = HttpInput.getID(request, "choice");
         if (select.equals("newdomain")) {
             String name = HttpInput.getSecurityDomainName(request, "sdomainName");
@@ -251,50 +252,48 @@ public class SecurityDomainPanel extends WizardPanelBase {
                 throw new IOException("Missing name value for the security domain");
             }
         } else if (select.equals("existingdomain")) {
-            CMS.debug( "SecurityDomainPanel: validating "
-                     + "SSL Admin HTTPS . . ." );
-            String admin_url = HttpInput.getURL( request, "sdomainURL" );
-            if( admin_url == null || admin_url.equals("") ) {
-                initParams( request, context );
+            CMS.debug("SecurityDomainPanel: validating "
+                     + "SSL Admin HTTPS . . .");
+            String admin_url = HttpInput.getURL(request, "sdomainURL");
+            if (admin_url == null || admin_url.equals("")) {
+                initParams(request, context);
                 context.put("updateStatus", "validate-failure");
-                throw new IOException( "Missing SSL Admin HTTPS url value "
-                                     + "for the security domain" );
+                throw new IOException("Missing SSL Admin HTTPS url value "
+                                     + "for the security domain");
             } else {
                 String r = null;
 
                 try {
-                    URL u = new URL( admin_url );
+                    URL u = new URL(admin_url);
 
                     String hostname = u.getHost();
                     int admin_port = u.getPort();
-                    ConfigCertApprovalCallback
-                    certApprovalCallback = new ConfigCertApprovalCallback();
-                    r = pingCS( hostname, admin_port, true,
-                                certApprovalCallback );
-                } catch( Exception e ) {
-                    CMS.debug( "SecurityDomainPanel: exception caught: "
-                             + e.toString() );
+                    ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
+                    r = pingCS(hostname, admin_port, true,
+                                certApprovalCallback);
+                } catch (Exception e) {
+                    CMS.debug("SecurityDomainPanel: exception caught: "
+                             + e.toString());
                     context.put("updateStatus", "validate-failure");
-                    throw new IOException( "Illegal SSL Admin HTTPS url value "
-                                         + "for the security domain" );
+                    throw new IOException("Illegal SSL Admin HTTPS url value "
+                                         + "for the security domain");
                 }
 
                 if (r != null) {
                     CMS.debug("SecurityDomainPanel: pingAdminCS returns: "
-                             + r );
-                    context.put( "sdomainURL", admin_url );
+                             + r);
+                    context.put("sdomainURL", admin_url);
                 } else {
-                    CMS.debug( "SecurityDomainPanel: pingAdminCS "
-                             + "no successful response for SSL Admin HTTPS" );
-                    context.put( "sdomainURL", "" );
+                    CMS.debug("SecurityDomainPanel: pingAdminCS "
+                             + "no successful response for SSL Admin HTTPS");
+                    context.put("sdomainURL", "");
                 }
             }
         }
     }
 
-    public void initParams(HttpServletRequest request, Context context) 
-                   throws IOException 
-    {
+    public void initParams(HttpServletRequest request, Context context)
+                   throws IOException {
         IConfigStore config = CMS.getConfigStore();
         try {
             context.put("cstype", config.getString("cs.type"));
@@ -306,7 +305,7 @@ public class SecurityDomainPanel extends WizardPanelBase {
             context.put("check_newdomain", "checked");
             context.put("check_existingdomain", "");
         } else if (select.equals("existingdomain")) {
-            context.put("check_newdomain", ""); 
+            context.put("check_newdomain", "");
             context.put("check_existingdomain", "checked");
         }
 
@@ -340,29 +339,30 @@ public class SecurityDomainPanel extends WizardPanelBase {
         if (select.equals("newdomain")) {
             config.putString("preop.securitydomain.select", "new");
             config.putString("securitydomain.select", "new");
-            config.putString("preop.securitydomain.name", 
-              HttpInput.getDomainName(request, "sdomainName"));
-            config.putString("securitydomain.name", 
-              HttpInput.getDomainName(request, "sdomainName"));
-            config.putString("securitydomain.host", 
-              CMS.getEENonSSLHost());
-            config.putString("securitydomain.httpport", 
-              CMS.getEENonSSLPort());
-            config.putString("securitydomain.httpsagentport", 
-              CMS.getAgentPort());
-            config.putString("securitydomain.httpseeport", 
-              CMS.getEESSLPort());
-            config.putString("securitydomain.httpsadminport", 
-              CMS.getAdminPort());
+            config.putString("preop.securitydomain.name",
+                    HttpInput.getDomainName(request, "sdomainName"));
+            config.putString("securitydomain.name",
+                    HttpInput.getDomainName(request, "sdomainName"));
+            config.putString("securitydomain.host",
+                    CMS.getEENonSSLHost());
+            config.putString("securitydomain.httpport",
+                    CMS.getEENonSSLPort());
+            config.putString("securitydomain.httpsagentport",
+                    CMS.getAgentPort());
+            config.putString("securitydomain.httpseeport",
+                    CMS.getEESSLPort());
+            config.putString("securitydomain.httpsadminport",
+                    CMS.getAdminPort());
 
             // make sure the subsystem certificate is issued by the security  
             // domain
             config.putString("preop.cert.subsystem.type", "local");
             config.putString("preop.cert.subsystem.profile", "subsystemCert.profile");
-   
+
             try {
                 config.commit(false);
-            } catch (EBaseException e) {}
+            } catch (EBaseException e) {
+            }
 
             String instanceRoot = "";
             try {
@@ -383,31 +383,32 @@ public class SecurityDomainPanel extends WizardPanelBase {
             String hostname = "";
             int admin_port = -1;
 
-            if( admin_url != null ) {
+            if (admin_url != null) {
                 try {
-                    URL admin_u = new URL( admin_url );
+                    URL admin_u = new URL(admin_url);
 
                     hostname = admin_u.getHost();
                     admin_port = admin_u.getPort();
-                } catch( MalformedURLException e ) {
+                } catch (MalformedURLException e) {
                     errorString = "Malformed SSL Admin HTTPS URL";
                     context.put("updateStatus", "failure");
-                    throw new IOException( errorString );
+                    throw new IOException(errorString);
                 }
 
-                context.put( "sdomainURL", admin_url );
-                config.putString( "securitydomain.host", hostname );
-                config.putInteger( "securitydomain.httpsadminport",
-                                   admin_port );
+                context.put("sdomainURL", admin_url);
+                config.putString("securitydomain.host", hostname);
+                config.putInteger("securitydomain.httpsadminport",
+                                   admin_port);
             }
 
             try {
                 config.commit(false);
-            } catch (EBaseException e) {}
+            } catch (EBaseException e) {
+            }
 
             ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
-            updateCertChain( config, "securitydomain", hostname, admin_port,
-                             true, context, certApprovalCallback );
+            updateCertChain(config, "securitydomain", hostname, admin_port,
+                             true, context, certApprovalCallback);
         } else {
             CMS.debug("SecurityDomainPanel: invalid choice " + select);
             errorString = "Invalid choice";
@@ -425,7 +426,8 @@ public class SecurityDomainPanel extends WizardPanelBase {
             context.put("wizardname", config.getString("preop.wizard.name"));
             context.put("panelname", "Security Domain Configuration");
             context.put("systemname", config.getString("preop.system.name"));
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         context.put("errorString", errorString);
         context.put("updateStatus", "success");
@@ -446,32 +448,33 @@ public class SecurityDomainPanel extends WizardPanelBase {
 
         try {
             default_admin_url = config.getString("preop.securitydomain.admin_url", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
-        if( default_admin_url != null ) {
+        if (default_admin_url != null) {
             String r = null;
 
             try {
                 // check to see if "default" security domain exists
                 // on local machine
-                URL u = new URL( default_admin_url );
+                URL u = new URL(default_admin_url);
 
                 String hostname = u.getHost();
                 int port = u.getPort();
-                ConfigCertApprovalCallback
-                certApprovalCallback = new ConfigCertApprovalCallback();
-                r = pingCS( hostname, port, true, certApprovalCallback );
-            } catch (Exception e) {}
- 
-            if( r != null ) {
+                ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
+                r = pingCS(hostname, port, true, certApprovalCallback);
+            } catch (Exception e) {
+            }
+
+            if (r != null) {
                 // "default" security domain exists on local machine;
                 // refill "sdomainURL" in with "default" security domain
                 // as an initial "guess"
-                context.put( "sdomainURL", default_admin_url );
+                context.put("sdomainURL", default_admin_url);
             } else {
                 // "default" security domain does NOT exist on local machine;
                 // leave "sdomainURL" blank
-                context.put( "sdomainURL", "" );
+                context.put("sdomainURL", "");
             }
         }
 
@@ -483,19 +486,20 @@ public class SecurityDomainPanel extends WizardPanelBase {
             context.put("https_admin_port", CMS.getAdminPort());
             context.put("sdomainAdminURL",
                         config.getString("preop.securitydomain.admin_url"));
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         // Information for "existing" Security Domain CAs
         String initDaemon = "pki-cad";
         String instanceId = "&lt;security_domain_instance_name&gt;";
-        String os = System.getProperty( "os.name" );
-        if( os.equalsIgnoreCase( "Linux" ) ) {
-            context.put( "initCommand", "/sbin/service " + initDaemon );
-            context.put( "instanceId", instanceId );
+        String os = System.getProperty("os.name");
+        if (os.equalsIgnoreCase("Linux")) {
+            context.put("initCommand", "/sbin/service " + initDaemon);
+            context.put("instanceId", instanceId);
         } else {
             /* default case:  e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
-            context.put( "initCommand", "/etc/init.d/" + initDaemon );
-            context.put( "instanceId", instanceId );
+            context.put("initCommand", "/etc/init.d/" + initDaemon);
+            context.put("instanceId", instanceId);
         }
 
         context.put("title", "Security Domain");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
index 75cc0fb6..d15ca5ad 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
@@ -27,8 +27,8 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable;
 /**
  * This object stores the values for IP, uid and group based on the cookie id.
  */
-public class SecurityDomainSessionTable 
-  implements ISecurityDomainSessionTable {
+public class SecurityDomainSessionTable
+        implements ISecurityDomainSessionTable {
 
     private Hashtable<String, Vector<Comparable<?>>> m_sessions;
     private long m_timeToLive;
@@ -38,8 +38,8 @@ public class SecurityDomainSessionTable
         m_timeToLive = timeToLive;
     }
 
-    public int addEntry(String sessionId, String ip, 
-      String uid, String group) {
+    public int addEntry(String sessionId, String ip,
+            String uid, String group) {
         Vector<Comparable<?>> v = new Vector<Comparable<?>>();
         v.addElement(ip);
         v.addElement(uid);
@@ -67,28 +67,28 @@ public class SecurityDomainSessionTable
     public String getIP(String sessionId) {
         Vector<Comparable<?>> v = m_sessions.get(sessionId);
         if (v != null)
-            return (String)v.elementAt(0);
+            return (String) v.elementAt(0);
         return null;
     }
 
     public String getUID(String sessionId) {
         Vector<Comparable<?>> v = m_sessions.get(sessionId);
         if (v != null)
-            return (String)v.elementAt(1);
+            return (String) v.elementAt(1);
         return null;
     }
 
     public String getGroup(String sessionId) {
         Vector<Comparable<?>> v = m_sessions.get(sessionId);
         if (v != null)
-            return (String)v.elementAt(2);
+            return (String) v.elementAt(2);
         return null;
     }
 
     public long getBeginTime(String sessionId) {
         Vector<Comparable<?>> v = m_sessions.get(sessionId);
-        if (v != null) { 
-            Long n = (Long)v.elementAt(3);
+        if (v != null) {
+            Long n = (Long) v.elementAt(3);
             if (n != null)
                 return n.longValue();
         }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
index c3a1e325..49cadb9c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
@@ -29,7 +29,7 @@ public class SessionTimer extends TimerTask {
     private ISecurityDomainSessionTable m_sessiontable = null;
     private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
     private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
-        "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+            "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
 
     public SessionTimer(ISecurityDomainSessionTable table) {
         super();
@@ -39,15 +39,15 @@ public class SessionTimer extends TimerTask {
     public void run() {
         Enumeration keys = m_sessiontable.getSessionIds();
         while (keys.hasMoreElements()) {
-            String sessionId = (String)keys.nextElement();
+            String sessionId = (String) keys.nextElement();
             long beginTime = m_sessiontable.getBeginTime(sessionId);
             Date nowDate = new Date();
             long nowTime = nowDate.getTime();
             long timeToLive = m_sessiontable.getTimeToLive();
-            if ((nowTime-beginTime) > timeToLive) {
+            if ((nowTime - beginTime) > timeToLive) {
                 m_sessiontable.removeEntry(sessionId);
                 CMS.debug("SessionTimer run: successfully remove the session id entry from the table.");
-                
+
                 // audit message
                 String auditParams = "operation;;expire_token+token;;" + sessionId;
                 String auditMessage = CMS.getLogMessage(
@@ -62,9 +62,7 @@ public class SessionTimer extends TimerTask {
                                        ILogger.LL_SECURITY,
                                        auditMessage);
 
-                
             }
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
index 0e6a507a..a008d259 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.security.KeyPair;
 import java.security.NoSuchAlgorithmException;
@@ -54,13 +53,14 @@ public class SizePanel extends WizardPanelBase {
     private String default_rsa_key_size;
     private boolean mShowSigning = false;
 
-    public SizePanel() {}
+    public SizePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) 
-        throws ServletException {
+    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Key Pairs");
         setId(id);
@@ -69,19 +69,19 @@ public class SizePanel extends WizardPanelBase {
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE,
                 "default,custom", null, /* no default parameter */
                 "If 'default', the key size will be configured automatically. If 'custom', the key size will be set to the value of the parameter 'custom_size'.");
 
         set.add("choice", choiceDesc);
-                                                                                
+
         Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
                 null, /* no default parameter */
                 "Custom Key Size");
 
         set.add("custom_size", customSizeDesc);
-                                                                                
+
         return set;
     }
 
@@ -105,7 +105,8 @@ public class SizePanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         return false;
     }
@@ -118,7 +119,7 @@ public class SizePanel extends WizardPanelBase {
             Context context) {
         CMS.debug("SizePanel: display()");
         try {
-          initParams(request, context);
+            initParams(request, context);
         } catch (IOException e) {
         }
 
@@ -134,12 +135,12 @@ public class SizePanel extends WizardPanelBase {
         }
 
         try {
-            default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256"); 
+            default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256");
         } catch (Exception e) {
         }
 
         try {
-            default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048"); 
+            default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048");
         } catch (Exception e) {
         }
 
@@ -180,12 +181,13 @@ public class SizePanel extends WizardPanelBase {
                         PCERT_PREFIX + certTag + ".signing.required",
                         false);
                 c.setSigningRequired(signingRequired);
-                if (signingRequired) mShowSigning = true;
+                if (signingRequired)
+                    mShowSigning = true;
 
                 String userfriendlyname = config.getString(
                         PCERT_PREFIX + certTag + ".userfriendlyname");
                 c.setUserFriendlyName(userfriendlyname);
-                boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); 
+                boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
                 c.setEnable(enable);
                 mCerts.addElement(c);
             }// while
@@ -236,13 +238,13 @@ public class SizePanel extends WizardPanelBase {
             if (select1.equals("clone")) {
                 // preset the sslserver dn for cloning case
                 try {
-                   String val = config.getString("preop.cert.sslserver.dn", "");
-                   config.putString("preop.cert.sslserver.dn", val+",o=clone");
+                    String val = config.getString("preop.cert.sslserver.dn", "");
+                    config.putString("preop.cert.sslserver.dn", val + ",o=clone");
                 } catch (Exception ee) {
                 }
             }
         }
-            
+
         String token = "";
         try {
             token = config.getString(PRE_CONF_CA_TOKEN, "");
@@ -251,7 +253,7 @@ public class SizePanel extends WizardPanelBase {
             while (c.hasMoreElements()) {
                 Cert cert = (Cert) c.nextElement();
                 String ct = cert.getCertTag();
-                boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); 
+                boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
                 if (!enable)
                     continue;
 
@@ -280,28 +282,28 @@ public class SizePanel extends WizardPanelBase {
                 }
                 CMS.debug(
                         "SizePanel: update() keysize choice selected:" + select);
-                String oldkeysize = 
-                  config.getString(PCERT_PREFIX+ct+".keysize.size", "");
-                String oldkeytype = 
-                  config.getString(PCERT_PREFIX + ct + ".keytype", "");
-                String oldkeyalgorithm = 
-                  config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
-                String oldsigningalgorithm = 
-                  config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
+                String oldkeysize =
+                        config.getString(PCERT_PREFIX + ct + ".keysize.size", "");
+                String oldkeytype =
+                        config.getString(PCERT_PREFIX + ct + ".keytype", "");
+                String oldkeyalgorithm =
+                        config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
+                String oldsigningalgorithm =
+                        config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
                 String oldcurvename =
-                  config.getString(PCERT_PREFIX + ct + ".curvename.name", "");
+                        config.getString(PCERT_PREFIX + ct + ".curvename.name", "");
 
                 if (select.equals("default")) {
                     // XXXrenaming these...keep for now just in case
                     config.putString("preop.keysize.select", "default");
                     if (keytype != null && keytype.equals("ecc")) {
-                      config.putString("preop.curvename.custom_name",
-                            default_ecc_curve_name);
-                      config.putString("preop.curvename.name", default_ecc_curve_name);
+                        config.putString("preop.curvename.custom_name",
+                                default_ecc_curve_name);
+                        config.putString("preop.curvename.name", default_ecc_curve_name);
                     } else {
-                      config.putString("preop.keysize.custom_size",
-                            default_rsa_key_size);
-                      config.putString("preop.keysize.size", default_rsa_key_size);
+                        config.putString("preop.keysize.custom_size",
+                                default_rsa_key_size);
+                        config.putString("preop.keysize.size", default_rsa_key_size);
                     }
 
                     config.putString(PCERT_PREFIX + ct + ".keytype", keytype);
@@ -311,31 +313,31 @@ public class SizePanel extends WizardPanelBase {
                             "default");
 
                     if (keytype != null && keytype.equals("ecc")) {
-                      config.putString(PCERT_PREFIX + ct + 
-                            ".curvename.custom_name",
-                            default_ecc_curve_name);
-                      config.putString(PCERT_PREFIX + ct + ".curvename.name",
-                            default_ecc_curve_name);
+                        config.putString(PCERT_PREFIX + ct +
+                                ".curvename.custom_name",
+                                default_ecc_curve_name);
+                        config.putString(PCERT_PREFIX + ct + ".curvename.name",
+                                default_ecc_curve_name);
                     } else {
-                      config.putString(PCERT_PREFIX + ct + 
-                            ".keysize.custom_size",
-                            default_rsa_key_size);
-                      config.putString(PCERT_PREFIX + ct + ".keysize.size",
-                            default_rsa_key_size);
+                        config.putString(PCERT_PREFIX + ct +
+                                ".keysize.custom_size",
+                                default_rsa_key_size);
+                        config.putString(PCERT_PREFIX + ct + ".keysize.size",
+                                default_rsa_key_size);
                     }
                 } else if (select.equals("custom")) {
                     // XXXrenaming these...keep for now just in case
                     config.putString("preop.keysize.select", "custom");
                     if (keytype != null && keytype.equals("ecc")) {
-                        config.putString("preop.curvename.name", 
-                            HttpInput.getString(request, ct + "_custom_curvename"));
+                        config.putString("preop.curvename.name",
+                                HttpInput.getString(request, ct + "_custom_curvename"));
                         config.putString("preop.curvename.custom_name",
-                            HttpInput.getString(request, ct + "_custom_curvename"));
+                                HttpInput.getString(request, ct + "_custom_curvename"));
                     } else {
-                        config.putString("preop.keysize.size", 
-                            HttpInput.getKeySize(request, ct + "_custom_size", keytype));
+                        config.putString("preop.keysize.size",
+                                HttpInput.getKeySize(request, ct + "_custom_size", keytype));
                         config.putString("preop.keysize.custom_size",
-                            HttpInput.getKeySize(request, ct + "_custom_size", keytype));
+                                HttpInput.getKeySize(request, ct + "_custom_size", keytype));
                     }
 
                     config.putString(PCERT_PREFIX + ct + ".keytype", keytype);
@@ -346,42 +348,42 @@ public class SizePanel extends WizardPanelBase {
 
                     if (keytype != null && keytype.equals("ecc")) {
                         config.putString(PCERT_PREFIX + ct + ".curvename.custom_name",
-                            HttpInput.getString(request, ct + "_custom_curvename"));
+                                HttpInput.getString(request, ct + "_custom_curvename"));
                         config.putString(PCERT_PREFIX + ct + ".curvename.name",
-                            HttpInput.getString(request, ct + "_custom_curvename"));
+                                HttpInput.getString(request, ct + "_custom_curvename"));
                     } else {
                         config.putString(PCERT_PREFIX + ct + ".keysize.custom_size",
-                            HttpInput.getKeySize(request, ct + "_custom_size"));
+                                HttpInput.getKeySize(request, ct + "_custom_size"));
                         config.putString(PCERT_PREFIX + ct + ".keysize.size",
-                            HttpInput.getKeySize(request, ct + "_custom_size"));
+                                HttpInput.getKeySize(request, ct + "_custom_size"));
                     }
                 } else {
                     CMS.debug("SizePanel: invalid choice " + select);
                     throw new IOException("invalid choice " + select);
                 }
 
-                String newkeysize = 
-                  config.getString(PCERT_PREFIX+ct+".keysize.size", "");
-                String newkeytype = 
-                  config.getString(PCERT_PREFIX + ct + ".keytype", "");
-                String newkeyalgorithm = 
-                  config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
-                String newsigningalgorithm = 
-                  config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
-                String newcurvename = 
-                  config.getString(PCERT_PREFIX+ct+".curvename.name", "");
-
-                if (!oldkeysize.equals(newkeysize) || 
-                  !oldkeytype.equals(newkeytype) ||
-                  !oldkeyalgorithm.equals(newkeyalgorithm) ||
-                  !oldsigningalgorithm.equals(newsigningalgorithm) ||
-                  !oldcurvename.equals(newcurvename))
+                String newkeysize =
+                        config.getString(PCERT_PREFIX + ct + ".keysize.size", "");
+                String newkeytype =
+                        config.getString(PCERT_PREFIX + ct + ".keytype", "");
+                String newkeyalgorithm =
+                        config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
+                String newsigningalgorithm =
+                        config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
+                String newcurvename =
+                        config.getString(PCERT_PREFIX + ct + ".curvename.name", "");
+
+                if (!oldkeysize.equals(newkeysize) ||
+                        !oldkeytype.equals(newkeytype) ||
+                        !oldkeyalgorithm.equals(newkeyalgorithm) ||
+                        !oldsigningalgorithm.equals(newsigningalgorithm) ||
+                        !oldcurvename.equals(newcurvename))
                     hasChanged = true;
             }// while
 
             try {
                 config.commit(false);
-            } catch (EBaseException e) { 
+            } catch (EBaseException e) {
                 CMS.debug("SizePanel: update() Exception caught at config commit: " + e.toString());
             }
 
@@ -393,7 +395,7 @@ public class SizePanel extends WizardPanelBase {
                 context.put("updateStatus", "success");
                 return;
             }
-        } catch (IOException e) { 
+        } catch (IOException e) {
             CMS.debug("SizePanel: update() IOException caught: " + e.toString());
             context.put("updateStatus", "failure");
             throw e;
@@ -401,7 +403,7 @@ public class SizePanel extends WizardPanelBase {
             CMS.debug("SizePanel: update() NumberFormatException caught: " + e.toString());
             context.put("updateStatus", "failure");
             throw e;
-        } catch (Exception e) { 
+        } catch (Exception e) {
             CMS.debug("SizePanel: update() Exception caught: " + e.toString());
         }
 
@@ -414,7 +416,7 @@ public class SizePanel extends WizardPanelBase {
             String friendlyName = ct;
             boolean enable = true;
             try {
-                enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true);
+                enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
                 friendlyName = config.getString(PCERT_PREFIX + ct + ".userfriendlyname", ct);
             } catch (Exception e) {
             }
@@ -425,15 +427,15 @@ public class SizePanel extends WizardPanelBase {
             try {
                 String keytype = config.getString(PCERT_PREFIX + ct + ".keytype");
                 String keyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm");
-                                                                               
+
                 if (keytype.equals("rsa")) {
                     int keysize = config.getInteger(
-                        PCERT_PREFIX + ct + ".keysize.size");
+                            PCERT_PREFIX + ct + ".keysize.size");
 
                     createRSAKeyPair(token, keysize, config, ct);
                 } else {
                     String curveName = config.getString(
-                        PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name);
+                            PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name);
                     createECCKeyPair(token, curveName, config, ct);
                 }
                 config.commit(false);
@@ -441,31 +443,30 @@ public class SizePanel extends WizardPanelBase {
                 CMS.debug(e);
                 CMS.debug("SizePanel: key generation failure: " + e.toString());
                 context.put("updateStatus", "failure");
-                throw new IOException("key generation failure for the certificate: " + friendlyName + 
+                throw new IOException("key generation failure for the certificate: " + friendlyName +
                                       ".  See the logs for details.");
             }
         } // while
 
         if (hasErr == false) {
-          config.putBoolean("preop.SizePanel.done", true);
-          try {
-            config.commit(false);
-          } catch (EBaseException e) { 
-            CMS.debug(
-                  "SizePanel: update() Exception caught at config commit: "
-                            + e.toString());
-	  }
-	}
+            config.putBoolean("preop.SizePanel.done", true);
+            try {
+                config.commit(false);
+            } catch (EBaseException e) {
+                CMS.debug(
+                        "SizePanel: update() Exception caught at config commit: "
+                                + e.toString());
+            }
+        }
         CMS.debug("SizePanel: update() done");
         context.put("updateStatus", "success");
 
     }
 
-    public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct) 
-            throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException
-    {
-        CMS.debug("Generating ECC key pair with curvename="+ curveName +
-                    ", token="+token);
+    public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct)
+            throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException {
+        CMS.debug("Generating ECC key pair with curvename=" + curveName +
+                    ", token=" + token);
         KeyPair pair = null;
         /*
          * default ssl server cert to ECDHE unless stated otherwise
@@ -488,48 +489,48 @@ public class SizePanel extends WizardPanelBase {
 
         // ECDHE needs "SIGN" but no "DERIVE"
         org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = {
-            org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
+                org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
         };
 
         // ECDH needs "DERIVE" but no any kind of "SIGN"
         org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = {
-            org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
-            org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
+                org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
+                org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
         };
 
         do {
-          if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) {
-              CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
-              pair = CryptoUtil.generateECCKeyPair(token, curveName,
-                    null,
-                    ECDH_usages_mask);
-          } else {
-              if (ct.equals("sslserver")) {
-                CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
-              }
-              pair = CryptoUtil.generateECCKeyPair(token, curveName,
-                    null,
-                    usages_mask);
-          }
-
-          // XXX - store curve , w
-          byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
-          String kid = CryptoUtil.byte2string(id);
-          config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
-
-          // try to locate the private key
-            org.mozilla.jss.crypto.PrivateKey privk = 
-                CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
-            if (privk == null)  {
-              CMS.debug("Found bad ECC key id " + kid);
-              pair = null;
+            if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) {
+                CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
+                pair = CryptoUtil.generateECCKeyPair(token, curveName,
+                        null,
+                        ECDH_usages_mask);
+            } else {
+                if (ct.equals("sslserver")) {
+                    CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
+                }
+                pair = CryptoUtil.generateECCKeyPair(token, curveName,
+                        null,
+                        usages_mask);
+            }
+
+            // XXX - store curve , w
+            byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
+            String kid = CryptoUtil.byte2string(id);
+            config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
+
+            // try to locate the private key
+            org.mozilla.jss.crypto.PrivateKey privk =
+                    CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
+            if (privk == null) {
+                CMS.debug("Found bad ECC key id " + kid);
+                pair = null;
             }
         } while (pair == null);
 
-        CMS.debug("Public key class " + pair.getPublic().getClass().getName()); 
+        CMS.debug("Public key class " + pair.getPublic().getClass().getName());
         byte encoded[] = pair.getPublic().getEncoded();
         config.putString(PCERT_PREFIX + ct + ".pubkey.encoded",
-          CryptoUtil.byte2string(encoded));
+                CryptoUtil.byte2string(encoded));
 
         String keyAlgo = "";
         try {
@@ -537,25 +538,24 @@ public class SizePanel extends WizardPanelBase {
         } catch (Exception e1) {
         }
 
-        setSigningAlgorithm(ct, keyAlgo, config); 
+        setSigningAlgorithm(ct, keyAlgo, config);
     }
 
-    public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct) 
-            throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException
-    {
+    public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct)
+            throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException {
         /* generate key pair */
         KeyPair pair = null;
         do {
-          pair = CryptoUtil.generateRSAKeyPair(token, keysize);
-          byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
-          String kid =  CryptoUtil.byte2string(id);
-          config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
-          // try to locate the private key
-          org.mozilla.jss.crypto.PrivateKey privk = 
-                CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
-            if (privk == null)  {
-              CMS.debug("Found bad RSA key id " + kid);
-              pair = null;
+            pair = CryptoUtil.generateRSAKeyPair(token, keysize);
+            byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
+            String kid = CryptoUtil.byte2string(id);
+            config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
+            // try to locate the private key
+            org.mozilla.jss.crypto.PrivateKey privk =
+                    CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
+            if (privk == null) {
+                CMS.debug("Found bad RSA key id " + kid);
+                pair = null;
             }
         } while (pair == null);
 
@@ -563,9 +563,9 @@ public class SizePanel extends WizardPanelBase {
         byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent().toByteArray();
 
         config.putString(PCERT_PREFIX + ct + ".pubkey.modulus",
-            CryptoUtil.byte2string(modulus));
+                CryptoUtil.byte2string(modulus));
         config.putString(PCERT_PREFIX + ct + ".pubkey.exponent",
-            CryptoUtil.byte2string(exponent));
+                CryptoUtil.byte2string(exponent));
 
         String keyAlgo = "";
         try {
@@ -573,41 +573,40 @@ public class SizePanel extends WizardPanelBase {
         } catch (Exception e1) {
         }
 
-        setSigningAlgorithm(ct, keyAlgo, config); 
+        setSigningAlgorithm(ct, keyAlgo, config);
     }
 
     public void setSigningAlgorithm(String ct, String keyAlgo, IConfigStore config) {
         String systemType = "";
         try {
-          systemType = config.getString("preop.system.name");
+            systemType = config.getString("preop.system.name");
         } catch (Exception e1) {
         }
         if (systemType.equalsIgnoreCase("CA")) {
-          if (ct.equals("signing")) {
-            config.putString("ca.signing.defaultSigningAlgorithm",
+            if (ct.equals("signing")) {
+                config.putString("ca.signing.defaultSigningAlgorithm",
                            keyAlgo);
-            config.putString("ca.crl.MasterCRL.signingAlgorithm",
+                config.putString("ca.crl.MasterCRL.signingAlgorithm",
                            keyAlgo);
-          } else if (ct.equals("ocsp_signing")) {
-            config.putString("ca.ocsp_signing.defaultSigningAlgorithm",
+            } else if (ct.equals("ocsp_signing")) {
+                config.putString("ca.ocsp_signing.defaultSigningAlgorithm",
                            keyAlgo);
-          }
+            }
         } else if (systemType.equalsIgnoreCase("OCSP")) {
-          if (ct.equals("signing")) {
-             config.putString("ocsp.signing.defaultSigningAlgorithm",
+            if (ct.equals("signing")) {
+                config.putString("ocsp.signing.defaultSigningAlgorithm",
                            keyAlgo);
-           }
+            }
         } else if (systemType.equalsIgnoreCase("KRA") ||
-               systemType.equalsIgnoreCase("DRM")) {
-           if (ct.equals("transport")) {
+                systemType.equalsIgnoreCase("DRM")) {
+            if (ct.equals("transport")) {
                 config.putString("kra.transportUnit.signingAlgorithm", keyAlgo);
-           }
+            }
         }
     }
 
     public void initParams(HttpServletRequest request, Context context)
-                   throws IOException
-    {
+                   throws IOException {
         IConfigStore config = CMS.getConfigStore();
         String s = "";
         try {
@@ -646,7 +645,7 @@ public class SizePanel extends WizardPanelBase {
             HttpServletResponse response,
             Context context) {
         try {
-          initParams(request, context);
+            initParams(request, context);
         } catch (IOException e) {
         }
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
index cf59e07c..2372b309 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
@@ -51,6 +51,7 @@ public class TokenAuthenticate extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -58,13 +59,14 @@ public class TokenAuthenticate extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
-	IConfigStore config = CMS.getConfigStore();
+        IConfigStore config = CMS.getConfigStore();
 
         String sessionId = httpReq.getParameter("sessionID");
         CMS.debug("TokenAuthentication: sessionId=" + sessionId);
@@ -85,9 +87,9 @@ public class TokenAuthenticate extends CMSServlet {
             CMS.debug("TokenAuthentication: found session");
             if (checkIP) {
                 String hostname = table.getIP(sessionId);
-                if (! hostname.equals(givenHost)) {
-                    CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost=" 
-                        + givenHost + " are different");
+                if (!hostname.equals(givenHost)) {
+                    CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost="
+                            + givenHost + " are different");
                     CMS.debug("TokenAuthenticate authenticate failed, wrong hostname.");
                     outputError(httpResp, "Error: Failed Authentication");
                     return;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java
index cf699c61..bba1f378 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class UpdateConnector extends CMSServlet {
 
     /**
@@ -62,6 +60,7 @@ public class UpdateConnector extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -71,7 +70,7 @@ public class UpdateConnector extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         CMS.debug("UpdateConnector: processing...");
@@ -85,9 +84,9 @@ public class UpdateConnector extends CMSServlet {
             CMS.debug("UpdateConnector authentication successful.");
         } catch (Exception e) {
             CMS.debug("UpdateConnector: authentication failed.");
-            log(ILogger.LL_FAILURE, 
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                    e.toString()));
+                            e.toString()));
             outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
             return;
         }
@@ -100,19 +99,19 @@ public class UpdateConnector extends CMSServlet {
 
         AuthzToken authzToken = null;
         try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, 
-              "modify");
+            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+                    "modify");
             CMS.debug("UpdateConnector authorization successful.");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp, "Error: Not authorized");
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp,
-                "Error: Encountered problem during authorization.");
+                    "Error: Encountered problem during authorization.");
             return;
         }
 
@@ -125,7 +124,7 @@ public class UpdateConnector extends CMSServlet {
 
         Enumeration list = httpReq.getParameterNames();
         while (list.hasMoreElements()) {
-            String name = (String)list.nextElement();
+            String name = (String) list.nextElement();
             String val = httpReq.getParameter(name);
             if (name != null && name.startsWith("ca.connector")) {
                 CMS.debug("Adding connector update name=" + name + " val=" + val);
@@ -134,24 +133,24 @@ public class UpdateConnector extends CMSServlet {
                 CMS.debug("Skipping connector update name=" + name + " val=" + val);
             }
         }
- 
-        try { 
+
+        try {
             String nickname = cs.getString("ca.subsystem.nickname", "");
             String tokenname = cs.getString("ca.subsystem.tokenname", "");
             if (!tokenname.equals("Internal Key Storage Token"))
-                nickname = tokenname+":"+nickname;
+                nickname = tokenname + ":" + nickname;
             cs.putString("ca.connector.KRA.nickName", nickname);
             cs.commit(false);
         } catch (Exception e) {
         }
 
         // start the connector
-        try { 
+        try {
             ICertificateAuthority ca = (ICertificateAuthority)
-                CMS.getSubsystem("ca");
-            ICAService caService = (ICAService)ca.getCAService();
+                    CMS.getSubsystem("ca");
+            ICAService caService = (ICAService) ca.getCAService();
             IConnector kraConnector = caService.getConnector(
-                cs.getSubStore("ca.connector.KRA"));
+                    cs.getSubStore("ca.connector.KRA"));
             caService.setKRAConnector(kraConnector);
             kraConnector.start();
         } catch (Exception e) {
@@ -173,12 +172,13 @@ public class UpdateConnector extends CMSServlet {
         }
     }
 
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
     protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
index c9fe27ef..0476e26d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
@@ -55,7 +54,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class UpdateDomainXML extends CMSServlet {
 
     /**
@@ -65,9 +63,9 @@ public class UpdateDomainXML extends CMSServlet {
     private final static String SUCCESS = "0";
     private final static String FAILED = "1";
     private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
-        "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+            "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
-        "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
 
     public UpdateDomainXML() {
         super();
@@ -75,6 +73,7 @@ public class UpdateDomainXML extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -101,20 +100,19 @@ public class UpdateDomainXML extends CMSServlet {
                 status = FAILED;
                 CMS.debug("Failed to delete entry" + e.toString());
             }
-       } catch (Exception e) {
-            CMS.debug("Failed to delete entry" + e.toString()); 
-       } finally { 
+        } catch (Exception e) {
+            CMS.debug("Failed to delete entry" + e.toString());
+        } finally {
             try {
-                if ((conn != null) && (connFactory!= null)) {
+                if ((conn != null) && (connFactory != null)) {
                     CMS.debug("Releasing ldap connection");
                     connFactory.returnConn(conn);
                 }
-            }
-            catch (Exception e) {
+            } catch (Exception e) {
                 CMS.debug("Error releasing the ldap connection" + e.toString());
             }
-       }
-       return status;
+        }
+        return status;
     }
 
     private String modify_ldap(String dn, LDAPModification mod) {
@@ -135,23 +133,21 @@ public class UpdateDomainXML extends CMSServlet {
                 status = FAILED;
                 CMS.debug("Failed to modify entry" + e.toString());
             }
-       } catch (Exception e) {
+        } catch (Exception e) {
             CMS.debug("Failed to modify entry" + e.toString());
-       } finally {
+        } finally {
             try {
-                if ((conn != null) && (connFactory!= null)) {
+                if ((conn != null) && (connFactory != null)) {
                     CMS.debug("Releasing ldap connection");
                     connFactory.returnConn(conn);
                 }
-            }
-            catch (Exception e) {
+            } catch (Exception e) {
                 CMS.debug("Error releasing the ldap connection" + e.toString());
             }
-       }
-       return status;
+        }
+        return status;
     }
 
-
     private String add_to_ldap(LDAPEntry entry, String dn) {
         CMS.debug("UpdateDomainXML: add_to_ldap: starting");
         String status = SUCCESS;
@@ -172,37 +168,35 @@ public class UpdateDomainXML extends CMSServlet {
                     conn.delete(dn);
                     conn.add(entry);
                 } catch (LDAPException ee) {
-                    CMS.debug("UpdateDomainXML: Error when replacing existing entry "+ee.toString());
+                    CMS.debug("UpdateDomainXML: Error when replacing existing entry " + ee.toString());
                     status = FAILED;
                 }
             } else {
-                CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: "+e.toString());
+                CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: " + e.toString());
                 status = FAILED;
             }
         } catch (Exception e) {
             CMS.debug("Failed to add entry" + e.toString());
         } finally {
             try {
-                if ((conn != null) && (connFactory!= null)) {
+                if ((conn != null) && (connFactory != null)) {
                     CMS.debug("Releasing ldap connection");
                     connFactory.returnConn(conn);
                 }
-            }
-            catch (Exception e) {
+            } catch (Exception e) {
                 CMS.debug("Error releasing the ldap connection" + e.toString());
             }
-       }
-       return status;
+        }
+        return status;
     }
 
-
-
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
      * <li>http.param op 'downloadBIN' - return the binary certificate chain
      * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -219,7 +213,7 @@ public class UpdateDomainXML extends CMSServlet {
             authToken = authenticate(cmsReq);
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
             return;
         }
@@ -233,19 +227,19 @@ public class UpdateDomainXML extends CMSServlet {
         AuthzToken authzToken = null;
 
         try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, 
-                "modify");
+            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+                    "modify");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp, AUTH_FAILURE, "Error: Not authorized");
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp,
-                AUTH_FAILURE, 
-                "Error: Encountered problem during authorization.");
+                    AUTH_FAILURE,
+                    "Error: Encountered problem during authorization.");
             return;
         }
         if (authzToken == null) {
@@ -272,7 +266,7 @@ public class UpdateDomainXML extends CMSServlet {
         String missing = "";
         if ((host == null) || host.equals("")) {
             missing += " host ";
-        } 
+        }
         if ((name == null) || name.equals("")) {
             missing += " name ";
         }
@@ -286,20 +280,20 @@ public class UpdateDomainXML extends CMSServlet {
             clone = "false";
         }
 
-        if (! missing.equals("")) {
-            CMS.debug("UpdateDomainXML process: required parameters:" + missing + 
+        if (!missing.equals("")) {
+            CMS.debug("UpdateDomainXML process: required parameters:" + missing +
                       "not provided in request");
-            outputError(httpResp, "Error: required parameters: "  + missing + 
+            outputError(httpResp, "Error: required parameters: " + missing +
                         "not provided in request");
             return;
         }
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
-        String auditParams = "host;;"+host+"+name;;"+name+"+sport;;"+sport+
-                             "+clone;;"+clone+"+type;;"+type;
+        String auditParams = "host;;" + host + "+name;;" + name + "+sport;;" + sport +
+                             "+clone;;" + clone + "+type;;" + type;
         if (operation != null) {
-            auditParams += "+operation;;"+operation;
+            auditParams += "+operation;;" + operation;
         } else {
             auditParams += "+operation;;add";
         }
@@ -312,8 +306,7 @@ public class UpdateDomainXML extends CMSServlet {
         try {
             basedn = cs.getString("internaldb.basedn");
             secstore = cs.getString("securitydomain.store");
-        }
-        catch (Exception e)  {
+        } catch (Exception e) {
             CMS.debug("Unable to determine security domain name or basedn. Please run the domaininfo migration script");
         }
 
@@ -326,7 +319,7 @@ public class UpdateDomainXML extends CMSServlet {
             String listName = type + "List";
             String cn = host + ":";
 
-            if ((adminsport!= null) && (adminsport != "")) {
+            if ((adminsport != null) && (adminsport != "")) {
                 cn += adminsport;
             } else {
                 cn += sport;
@@ -361,64 +354,63 @@ public class UpdateDomainXML extends CMSServlet {
             attrs.add(new LDAPAttribute("clone", clone.toUpperCase()));
             attrs.add(new LDAPAttribute("SubsystemName", name));
             entry = new LDAPEntry(dn, attrs);
- 
-            if ((operation !=  null) && (operation.equals("remove"))) {
-                    status = remove_from_ldap(dn);
-                    String adminUserDN;
-                    if ((agentsport != null) && (!agentsport.equals(""))) {
-                        adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn;
-                    } else {
-                        adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn;
-                    }
-                    String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" +
-                                             "+resource;;"+adminUserDN;
-                    if (status.equals(SUCCESS)) {
-                        // remove the user for this subsystem's admin
-                        status2 = remove_from_ldap(adminUserDN);
-                        if (status2.equals(SUCCESS)) {
-                            auditMessage = CMS.getLogMessage(
+
+            if ((operation != null) && (operation.equals("remove"))) {
+                status = remove_from_ldap(dn);
+                String adminUserDN;
+                if ((agentsport != null) && (!agentsport.equals(""))) {
+                    adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn;
+                } else {
+                    adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn;
+                }
+                String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" +
+                                             "+resource;;" + adminUserDN;
+                if (status.equals(SUCCESS)) {
+                    // remove the user for this subsystem's admin
+                    status2 = remove_from_ldap(adminUserDN);
+                    if (status2.equals(SUCCESS)) {
+                        auditMessage = CMS.getLogMessage(
                                                LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
                                                auditSubjectID,
                                                ILogger.SUCCESS,
                                                userAuditParams);
-                            audit(auditMessage);
+                        audit(auditMessage);
 
-                            // remove this user from the subsystem group
-                            userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" +
+                        // remove this user from the subsystem group
+                        userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" +
                                               "+source;;UpdateDomainXML" +
-                                              "+resource;;Subsystem Group+user;;"+adminUserDN;
-                            dn = "cn=Subsystem Group, ou=groups," + basedn;
-                            LDAPModification mod = new LDAPModification(LDAPModification.DELETE, 
+                                              "+resource;;Subsystem Group+user;;" + adminUserDN;
+                        dn = "cn=Subsystem Group, ou=groups," + basedn;
+                        LDAPModification mod = new LDAPModification(LDAPModification.DELETE,
                                 new LDAPAttribute("uniqueMember", adminUserDN));
-                            status2 = modify_ldap(dn, mod);
-                            if (status2.equals(SUCCESS)) {
-                                auditMessage = CMS.getLogMessage(
+                        status2 = modify_ldap(dn, mod);
+                        if (status2.equals(SUCCESS)) {
+                            auditMessage = CMS.getLogMessage(
                                                    LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
                                                    auditSubjectID,
                                                    ILogger.SUCCESS,
                                                    userAuditParams);
-                            } else {
-                                auditMessage = CMS.getLogMessage(
+                        } else {
+                            auditMessage = CMS.getLogMessage(
                                                    LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
                                                    auditSubjectID,
                                                    ILogger.FAILURE,
                                                    userAuditParams);
-                            }
-                            audit(auditMessage);
-                        } else { // error deleting user
-                            auditMessage = CMS.getLogMessage(
+                        }
+                        audit(auditMessage);
+                    } else { // error deleting user
+                        auditMessage = CMS.getLogMessage(
                                                LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
                                                auditSubjectID,
                                                ILogger.FAILURE,
                                                userAuditParams);
-                            audit(auditMessage);
-                        }
+                        audit(auditMessage);
                     }
+                }
             } else {
-                    status = add_to_ldap(entry, dn);
+                status = add_to_ldap(entry, dn);
             }
-        }
-        else { 
+        } else {
             // update the domain.xml file
             String path = CMS.getConfigStore().getString("instanceRoot", "")
                     + "/conf/domain.xml";
@@ -430,7 +422,7 @@ public class UpdateDomainXML extends CMSServlet {
                 CMS.debug("UpdateDomainXML: Inserting new domain info");
                 XMLObject parser = new XMLObject(new FileInputStream(path));
                 Node n = parser.getContainer(list);
-                int count =0;
+                int count = 0;
 
                 if ((operation != null) && (operation.equals("remove"))) {
                     // delete node
@@ -444,11 +436,11 @@ public class UpdateDomainXML extends CMSServlet {
                         Vector v_host = parser.getValuesFromContainer(nn, "Host");
                         Vector v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort");
                         if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host))
-                            && (v_adminport.elementAt(0).equals(adminsport))) {
-                                Node parent = nn.getParentNode();
-                                Node remNode = parent.removeChild(nn);
-                                count --;
-                                break;
+                                && (v_adminport.elementAt(0).equals(adminsport))) {
+                            Node parent = nn.getParentNode();
+                            Node remNode = parent.removeChild(nn);
+                            count--;
+                            break;
                         }
                     }
                 } else {
@@ -463,33 +455,33 @@ public class UpdateDomainXML extends CMSServlet {
                     parser.addItemToContainer(parent, "UnSecurePort", httpport);
                     parser.addItemToContainer(parent, "DomainManager", domainmgr.toUpperCase());
                     parser.addItemToContainer(parent, "Clone", clone.toUpperCase());
-                    count ++;
+                    count++;
                 }
                 //update count 
 
                 String countS = "";
                 NodeList nlist = n.getChildNodes();
                 Node countnode = null;
-                for (int i=0; i<nlist.getLength(); i++) {
-                    Element nn = (Element)nlist.item(i);
+                for (int i = 0; i < nlist.getLength(); i++) {
+                    Element nn = (Element) nlist.item(i);
                     String tagname = nn.getTagName();
                     if (tagname.equals("SubsystemCount")) {
                         countnode = nn;
                         NodeList nlist1 = nn.getChildNodes();
                         Node nn1 = nlist1.item(0);
-                        countS  = nn1.getNodeValue();
+                        countS = nn1.getNodeValue();
                         break;
                     }
                 }
 
-                CMS.debug("UpdateDomainXML process: SubsystemCount="+countS);
+                CMS.debug("UpdateDomainXML process: SubsystemCount=" + countS);
                 try {
-                        count += Integer.parseInt(countS);
+                    count += Integer.parseInt(countS);
                 } catch (Exception ee) {
                 }
 
                 Node nn2 = n.removeChild(countnode);
-                parser.addItemToContainer(n, "SubsystemCount", ""+count);
+                parser.addItemToContainer(n, "SubsystemCount", "" + count);
 
                 // recreate domain.xml
                 CMS.debug("UpdateDomainXML: Recreating domain.xml");
@@ -503,7 +495,7 @@ public class UpdateDomainXML extends CMSServlet {
             }
 
         }
-  
+
         if (status.equals(SUCCESS)) {
             auditMessage = CMS.getLogMessage(
                                LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
@@ -520,11 +512,11 @@ public class UpdateDomainXML extends CMSServlet {
         }
         audit(auditMessage);
 
-       if (status.equals(SUCCESS) && status2.equals(SUCCESS)) {
-         status = SUCCESS;
-       } else {
-         status = FAILED;
-       }
+        if (status.equals(SUCCESS) && status2.equals(SUCCESS)) {
+            status = SUCCESS;
+        } else {
+            status = FAILED;
+        }
 
         try {
             // send success status back to the requestor
@@ -537,22 +529,24 @@ public class UpdateDomainXML extends CMSServlet {
 
             outputResult(httpResp, "application/xml", cb);
         } catch (Exception e) {
-                CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString());
+            CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString());
         }
     }
 
     protected String securityDomainXMLtoLDAP(String xmltag) {
-        if (xmltag.equals("Host")) return "host";
-        else return xmltag;
+        if (xmltag.equals("Host"))
+            return "host";
+        else
+            return xmltag;
     }
 
-
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
     protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
index 0a1787aa..894afa5f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Locale;
@@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class UpdateNumberRange extends CMSServlet {
 
     /**
@@ -56,7 +54,7 @@ public class UpdateNumberRange extends CMSServlet {
     private final static String FAILED = "1";
     private final static String AUTH_FAILURE = "2";
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER =
-        "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1";
+            "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1";
 
     public UpdateNumberRange() {
         super();
@@ -64,6 +62,7 @@ public class UpdateNumberRange extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -73,11 +72,12 @@ public class UpdateNumberRange extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
      * <li>http.param op 'downloadBIN' - return the binary certificate chain
      * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -96,18 +96,18 @@ public class UpdateNumberRange extends CMSServlet {
         AuthzToken authzToken = null;
 
         try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, 
-                "modify");
+            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+                    "modify");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp, "Error: Not authorized");
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp,
-                "Error: Encountered problem during authorization.");
+                    "Error: Encountered problem during authorization.");
             return;
         }
         if (authzToken == null) {
@@ -131,13 +131,13 @@ public class UpdateNumberRange extends CMSServlet {
             BigInteger oneNum = new BigInteger("1");
             String endNumConfig = null;
             String cloneNumConfig = null;
-            String nextEndConfig = null; 
+            String nextEndConfig = null;
             int radix = 10;
 
             IRepository repo = null;
             if (cstype.equals("KRA")) {
                 IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(
-                     IKeyRecoveryAuthority.ID);
+                        IKeyRecoveryAuthority.ID);
                 if (type.equals("request")) {
                     repo = kra.getRequestQueue().getRequestRepository();
                 } else if (type.equals("serialNo")) {
@@ -147,7 +147,7 @@ public class UpdateNumberRange extends CMSServlet {
                 }
             } else { // CA
                 ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
-                     ICertificateAuthority.ID);
+                        ICertificateAuthority.ID);
                 if (type.equals("request")) {
                     repo = ca.getRequestQueue().getRequestRepository();
                 } else if (type.equals("serialNo")) {
@@ -161,22 +161,22 @@ public class UpdateNumberRange extends CMSServlet {
             // This needs to be done beforehand to ensure that we always have enough 
             // replica numbers
             if (type.equals("replicaId")) {
-               CMS.debug("Checking replica number ranges");
-               repo.checkRanges();
+                CMS.debug("Checking replica number ranges");
+                repo.checkRanges();
             }
-               
+
             if (type.equals("request")) {
                 radix = 10;
                 endNumConfig = "dbs.endRequestNumber";
                 cloneNumConfig = "dbs.requestCloneTransferNumber";
                 nextEndConfig = "dbs.nextEndRequestNumber";
             } else if (type.equals("serialNo")) {
-                radix=16;
+                radix = 16;
                 endNumConfig = "dbs.endSerialNumber";
                 cloneNumConfig = "dbs.serialCloneTransferNumber";
                 nextEndConfig = "dbs.nextEndSerialNumber";
             } else if (type.equals("replicaId")) {
-                radix=10;
+                radix = 10;
                 endNumConfig = "dbs.endReplicaNumber";
                 cloneNumConfig = "dbs.replicaCloneTransferNumber";
                 nextEndConfig = "dbs.nextEndReplicaNumber";
@@ -192,11 +192,11 @@ public class UpdateNumberRange extends CMSServlet {
                 String nextEndNumStr = cs.getString(nextEndConfig, "");
                 BigInteger endNum2 = new BigInteger(nextEndNumStr, radix);
                 CMS.debug("Transferring from the end of on-deck range");
-				String newValStr = endNum2.subtract(decrement).toString(radix);
-				repo.setNextMaxSerial(newValStr);
-				cs.putString(nextEndConfig, newValStr);
-				beginNum = endNum2.subtract(decrement).add(oneNum);
-				endNum = endNum2;
+                String newValStr = endNum2.subtract(decrement).toString(radix);
+                repo.setNextMaxSerial(newValStr);
+                cs.putString(nextEndConfig, newValStr);
+                beginNum = endNum2.subtract(decrement).add(oneNum);
+                endNum = endNum2;
             } else {
                 CMS.debug("Transferring from the end of the current range");
                 String newValStr = beginNum.subtract(oneNum).toString(radix);
@@ -204,10 +204,9 @@ public class UpdateNumberRange extends CMSServlet {
                 cs.putString(endNumConfig, newValStr);
             }
 
-
-            if( beginNum == null ) {
-                CMS.debug( "UpdateNumberRange::process() - " +
-                           "beginNum is null!" );
+            if (beginNum == null) {
+                CMS.debug("UpdateNumberRange::process() - " +
+                           "beginNum is null!");
                 auditMessage = CMS.getLogMessage(
                                    LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
                                    auditSubjectID,
@@ -219,7 +218,7 @@ public class UpdateNumberRange extends CMSServlet {
 
             // Enable serial number management in master for certs and requests
             if (type.equals("replicaId")) {
-               repo.setEnableSerialMgmt(true);
+                repo.setEnableSerialMgmt(true);
             }
 
             // insert info
@@ -248,7 +247,7 @@ public class UpdateNumberRange extends CMSServlet {
             audit(auditMessage);
 
         } catch (Exception e) {
-            CMS.debug("UpdateNumberRange: Failed to update number range. Exception: "+e.toString());
+            CMS.debug("UpdateNumberRange: Failed to update number range. Exception: " + e.toString());
 
             auditMessage = CMS.getLogMessage(
                                LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
@@ -261,12 +260,13 @@ public class UpdateNumberRange extends CMSServlet {
         }
     }
 
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
     protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
index 2339c4c7..2d3e33f9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
@@ -40,7 +40,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class UpdateOCSPConfig extends CMSServlet {
 
     /**
@@ -57,6 +56,7 @@ public class UpdateOCSPConfig extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -81,18 +81,18 @@ public class UpdateOCSPConfig extends CMSServlet {
         AuthzToken authzToken = null;
 
         try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, 
-                "modify");
+            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+                    "modify");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp, "Error: Not authorized");
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp,
-                "Error: Encountered problem during authorization.");
+                    "Error: Encountered problem during authorization.");
             return;
         }
         if (authzToken == null) {
@@ -108,31 +108,31 @@ public class UpdateOCSPConfig extends CMSServlet {
             nickname = cs.getString("ca.subsystem.nickname", "");
             String tokenname = cs.getString("ca.subsystem.tokenname", "");
             if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
-                nickname = tokenname+":"+nickname;
+                nickname = tokenname + ":" + nickname;
         } catch (Exception e) {
         }
 
-        CMS.debug("UpdateOCSPConfig process: nickname="+nickname);
+        CMS.debug("UpdateOCSPConfig process: nickname=" + nickname);
 
         String ocsphost = httpReq.getParameter("ocsp_host");
         String ocspport = httpReq.getParameter("ocsp_port");
         try {
             cs.putString("ca.publish.enable", "true");
-            cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", 
-              ocsphost);
-            cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", 
-              ocspport);
-            cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName", 
-              nickname);
+            cs.putString("ca.publish.publisher.instance.OCSPPublisher.host",
+                    ocsphost);
+            cs.putString("ca.publish.publisher.instance.OCSPPublisher.port",
+                    ocspport);
+            cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName",
+                    nickname);
             cs.putString("ca.publish.publisher.instance.OCSPPublisher.path",
-              "/ocsp/agent/ocsp/addCRL");
+                    "/ocsp/agent/ocsp/addCRL");
             cs.putString("ca.publish.publisher.instance.OCSPPublisher.pluginName", "OCSPPublisher");
             cs.putString("ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", "true");
             cs.putString("ca.publish.rule.instance.ocsprule.enable", "true");
             cs.putString("ca.publish.rule.instance.ocsprule.mapper", "NoMap");
             cs.putString("ca.publish.rule.instance.ocsprule.pluginName", "Rule");
-            cs.putString("ca.publish.rule.instance.ocsprule.publisher", 
-              "OCSPPublisher");
+            cs.putString("ca.publish.rule.instance.ocsprule.publisher",
+                    "OCSPPublisher");
             cs.putString("ca.publish.rule.instance.ocsprule.type", "crl");
             cs.commit(false);
             // insert info
@@ -147,17 +147,18 @@ public class UpdateOCSPConfig extends CMSServlet {
 
             outputResult(httpResp, "application/xml", cb);
         } catch (Exception e) {
-            CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: "+e.toString());
+            CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: " + e.toString());
             outputError(httpResp, "Error: Failed to update OCSP configuration.");
         }
     }
 
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
     protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java
index 7b1c9959..4224c4eb 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 
 import javax.servlet.ServletConfig;
@@ -35,13 +34,14 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class WelcomePanel extends WizardPanelBase {
 
-    public WelcomePanel() {}
+    public WelcomePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) 
-        throws ServletException {
+    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Welcome");
         setId(id);
@@ -52,19 +52,20 @@ public class WelcomePanel extends WizardPanelBase {
         cs.putBoolean("preop.welcome.done", false);
     }
 
-    public boolean isPanelDone() { 
+    public boolean isPanelDone() {
         IConfigStore cs = CMS.getConfigStore();
         try {
             return cs.getBoolean("preop.welcome.done");
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -80,7 +81,7 @@ public class WelcomePanel extends WizardPanelBase {
         try {
             context.put("cstype", cs.getString("cs.type"));
             context.put("wizardname", cs.getString("preop.wizard.name"));
-            context.put("panelname", 
+            context.put("panelname",
                     cs.getString("preop.system.fullname") + " Configuration Wizard");
             context.put("systemname",
                     cs.getString("preop.system.name"));
@@ -90,7 +91,8 @@ public class WelcomePanel extends WizardPanelBase {
                     cs.getString("preop.product.name"));
             context.put("productversion",
                     cs.getString("preop.product.version"));
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         context.put("panel", "admin/console/config/welcomepanel.vm");
     }
 
@@ -112,7 +114,8 @@ public class WelcomePanel extends WizardPanelBase {
         try {
             cs.putBoolean("preop.welcome.done", true);
             cs.commit(false);
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
     }
 
     /**
@@ -120,5 +123,6 @@ public class WelcomePanel extends WizardPanelBase {
      */
     public void displayError(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) {/* This should never be called */}
+            Context context) {/* This should never be called */
+    }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java
index 06eb63ff..f5a96bc8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
 import org.apache.velocity.app.Velocity;
 import org.apache.velocity.context.Context;
 
-
 public class WelcomeServlet extends BaseServlet {
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
index a2a7d5df..c7910bc8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.net.ConnectException;
@@ -95,15 +94,13 @@ public class WizardPanelBase implements IWizardPanel {
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException 
-    {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         mPanelNo = panelno;
     }
 
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) 
-        throws ServletException 
-    {
+    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
+            throws ServletException {
         mPanelNo = panelno;
     }
 
@@ -142,7 +139,7 @@ public class WizardPanelBase implements IWizardPanel {
 
         return set;
     }
-   
+
     /**
      * Should we skip this panel?
      */
@@ -187,7 +184,8 @@ public class WizardPanelBase implements IWizardPanel {
      */
     public void display(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) {}
+            Context context) {
+    }
 
     /**
      * Checks if the given parameters are valid.
@@ -202,14 +200,16 @@ public class WizardPanelBase implements IWizardPanel {
      */
     public void update(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) throws IOException {}
+            Context context) throws IOException {
+    }
 
     /**
      * If validiate() returns false, this method will be called.
      */
     public void displayError(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) {}
+            Context context) {
+    }
 
     /**
      * Retrieves locale based on the request.
@@ -233,7 +233,8 @@ public class WizardPanelBase implements IWizardPanel {
 
         try {
             instanceID = config.getString("instanceId", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         String nickname = certTag + "Cert cert-" + instanceID;
         String preferredNickname = null;
@@ -241,7 +242,8 @@ public class WizardPanelBase implements IWizardPanel {
         try {
             preferredNickname = config.getString(
                     PCERT_PREFIX + certTag + ".nickname", null);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         if (preferredNickname != null) {
             nickname = preferredNickname;
@@ -250,7 +252,7 @@ public class WizardPanelBase implements IWizardPanel {
     }
 
     public void updateDomainXML(String hostname, int port, boolean https,
-      String servlet, String uri) throws IOException {
+            String servlet, String uri) throws IOException {
         CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port);
         IConfigStore cs = CMS.getConfigStore();
         String nickname = "";
@@ -258,17 +260,18 @@ public class WizardPanelBase implements IWizardPanel {
         try {
             nickname = cs.getString("preop.cert.subsystem.nickname", "");
             tokenname = cs.getString("preop.module.token", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         if (!tokenname.equals("") &&
-            !tokenname.equals("Internal Key Storage Token") &&
-            !tokenname.equals("internal")) {
-              nickname = tokenname+":"+nickname;
+                !tokenname.equals("Internal Key Storage Token") &&
+                !tokenname.equals("internal")) {
+            nickname = tokenname + ":" + nickname;
         }
 
         CMS.debug("WizardPanelBase updateDomainXML nickname=" + nickname);
         CMS.debug("WizardPanelBase: start sending updateDomainXML request");
-        String c = getHttpResponse(hostname, port, https, servlet, uri, nickname); 
+        String c = getHttpResponse(hostname, port, https, servlet, uri, nickname);
         CMS.debug("WizardPanelBase: done sending updateDomainXML request");
 
         if (c != null) {
@@ -278,9 +281,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     obj = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::updateDomainXML() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::updateDomainXML() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = obj.getValue("Status");
@@ -291,7 +294,7 @@ public class WizardPanelBase implements IWizardPanel {
                 } else {
                     String error = obj.getValue("Error");
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase: updateDomainXML: " + e.toString());
                 throw e;
@@ -302,8 +305,8 @@ public class WizardPanelBase implements IWizardPanel {
         }
     }
 
-    public int getSubsystemCount( String hostname, int https_admin_port,
-                                  boolean https, String type )
+    public int getSubsystemCount(String hostname, int https_admin_port,
+                                  boolean https, String type)
                                   throws IOException {
         CMS.debug("WizardPanelBase getSubsystemCount start");
         String c = getDomainXML(hostname, https_admin_port, true);
@@ -311,12 +314,12 @@ public class WizardPanelBase implements IWizardPanel {
             try {
                 ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
                 XMLObject obj = new XMLObject(bis);
-                String containerName = type+"List";
+                String containerName = type + "List";
                 Node n = obj.getContainer(containerName);
                 NodeList nlist = n.getChildNodes();
                 String countS = "";
-                for (int i=0; i<nlist.getLength(); i++) {
-                    Element nn = (Element)nlist.item(i);
+                for (int i = 0; i < nlist.getLength(); i++) {
+                    Element nn = (Element) nlist.item(i);
                     String tagname = nn.getTagName();
                     if (tagname.equals("SubsystemCount")) {
                         NodeList nlist1 = nn.getChildNodes();
@@ -325,7 +328,7 @@ public class WizardPanelBase implements IWizardPanel {
                         break;
                     }
                 }
-                CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount="+countS);
+                CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount=" + countS);
                 int num = 0;
 
                 if (countS != null && !countS.equals("")) {
@@ -337,7 +340,7 @@ public class WizardPanelBase implements IWizardPanel {
 
                 return num;
             } catch (Exception e) {
-                CMS.debug("WizardPanelBase: getSubsystemCount: "+e.toString());
+                CMS.debug("WizardPanelBase: getSubsystemCount: " + e.toString());
                 throw new IOException(e.toString());
             }
         }
@@ -345,12 +348,12 @@ public class WizardPanelBase implements IWizardPanel {
         return -1;
     }
 
-    public String getDomainXML( String hostname, int https_admin_port,
-                               boolean https ) 
+    public String getDomainXML(String hostname, int https_admin_port,
+                               boolean https)
                                throws IOException {
         CMS.debug("WizardPanelBase getDomainXML start");
-        String c = getHttpResponse( hostname, https_admin_port, https,
-                                    "/ca/admin/ca/getDomainXML", null, null );
+        String c = getHttpResponse(hostname, https_admin_port, https,
+                                    "/ca/admin/ca/getDomainXML", null, null);
         if (c != null) {
             try {
                 ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
@@ -359,9 +362,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::getDomainXML() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::getDomainXML() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -374,12 +377,12 @@ public class WizardPanelBase implements IWizardPanel {
                     CMS.debug(
                             "WizardPanelBase getDomainXML: domainInfo="
                                     + domainInfo);
-                    return domainInfo; 
+                    return domainInfo;
                 } else {
                     String error = parser.getValue("Error");
 
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase: getDomainXML: " + e.toString());
                 throw e;
@@ -392,29 +395,29 @@ public class WizardPanelBase implements IWizardPanel {
         return null;
     }
 
-    public String getSubsystemCert(String host, int port, boolean https) 
-      throws IOException {
+    public String getSubsystemCert(String host, int port, boolean https)
+            throws IOException {
         CMS.debug("WizardPanelBase getSubsystemCert start");
-        String c = getHttpResponse(host, port, https, 
-          "/ca/admin/ca/getSubsystemCert", null, null);
+        String c = getHttpResponse(host, port, https,
+                "/ca/admin/ca/getSubsystemCert", null, null);
         if (c != null) {
             try {
-                ByteArrayInputStream bis = 
-                  new ByteArrayInputStream(c.getBytes());
+                ByteArrayInputStream bis =
+                        new ByteArrayInputStream(c.getBytes());
                 XMLObject parser = null;
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::getSubsystemCert() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::getSubsystemCert() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
                 String status = parser.getValue("Status");
                 if (status.equals(SUCCESS)) {
                     String s = parser.getValue("Cert");
                     return s;
                 } else
-                    return null; 
+                    return null;
             } catch (Exception e) {
             }
         }
@@ -423,10 +426,10 @@ public class WizardPanelBase implements IWizardPanel {
     }
 
     public void updateConnectorInfo(String host, int port, boolean https,
-      String content) throws IOException {
+            String content) throws IOException {
         CMS.debug("WizardPanelBase updateConnectorInfo start");
-        String c = getHttpResponse(host, port, https, 
-          "/ca/admin/ca/updateConnector", content, null);
+        String c = getHttpResponse(host, port, https,
+                "/ca/admin/ca/updateConnector", content, null);
         if (c != null) {
             try {
                 ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
@@ -435,9 +438,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::updateConnectorInfo() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::updateConnectorInfo() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -447,7 +450,7 @@ public class WizardPanelBase implements IWizardPanel {
                 if (!status.equals(SUCCESS)) {
                     String error = parser.getValue("Error");
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString());
                 throw e;
@@ -458,16 +461,16 @@ public class WizardPanelBase implements IWizardPanel {
         }
     }
 
-    public String getCertChainUsingSecureAdminPort( String hostname,
+    public String getCertChainUsingSecureAdminPort(String hostname,
                                                     int https_admin_port,
                                                     boolean https,
                                                     ConfigCertApprovalCallback
-                                                    certApprovalCallback )
+                                                    certApprovalCallback)
                                                     throws IOException {
         CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort start");
-        String c = getHttpResponse( hostname, https_admin_port, https,
+        String c = getHttpResponse(hostname, https_admin_port, https,
                                     "/ca/admin/ca/getCertChain", null, null,
-                                    certApprovalCallback );
+                                    certApprovalCallback);
 
         if (c != null) {
             try {
@@ -477,9 +480,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::getCertChainUsingSecureAdminPort() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::getCertChainUsingSecureAdminPort() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -493,12 +496,12 @@ public class WizardPanelBase implements IWizardPanel {
                     CMS.debug(
                             "WizardPanelBase getCertChainUsingSecureAdminPort: certchain="
                                     + certchain);
-                    return certchain; 
+                    return certchain;
                 } else {
                     String error = parser.getValue("Error");
 
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString());
                 throw e;
@@ -511,16 +514,16 @@ public class WizardPanelBase implements IWizardPanel {
         return null;
     }
 
-    public String getCertChainUsingSecureEEPort( String hostname,
+    public String getCertChainUsingSecureEEPort(String hostname,
                                                  int https_ee_port,
                                                  boolean https,
                                                  ConfigCertApprovalCallback
-                                                 certApprovalCallback )
+                                                 certApprovalCallback)
                                                  throws IOException {
         CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort start");
-        String c = getHttpResponse( hostname, https_ee_port, https,
+        String c = getHttpResponse(hostname, https_ee_port, https,
                                     "/ca/ee/ca/getCertChain", null, null,
-                                    certApprovalCallback );
+                                    certApprovalCallback);
 
         if (c != null) {
             try {
@@ -530,9 +533,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::getCertChainUsingSecureEEPort() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::getCertChainUsingSecureEEPort() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -546,12 +549,12 @@ public class WizardPanelBase implements IWizardPanel {
                     CMS.debug(
                             "WizardPanelBase getCertChainUsingSecureEEPort: certchain="
                                     + certchain);
-                    return certchain; 
+                    return certchain;
                 } else {
                     String error = parser.getValue("Error");
 
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString());
                 throw e;
@@ -565,8 +568,8 @@ public class WizardPanelBase implements IWizardPanel {
     }
 
     public boolean updateConfigEntries(String hostname, int port, boolean https,
-      String servlet, String uri, IConfigStore config, 
-      HttpServletResponse response) throws IOException {
+            String servlet, String uri, IConfigStore config,
+            HttpServletResponse response) throws IOException {
         CMS.debug("WizardPanelBase updateConfigEntries start");
         String c = getHttpResponse(hostname, port, https, servlet, uri, null);
 
@@ -578,9 +581,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::updateConfigEntries() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::updateConfigEntries() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -594,11 +597,11 @@ public class WizardPanelBase implements IWizardPanel {
                     } catch (Exception e) {
                         CMS.debug("WizardPanelBase::updateConfigEntries() - unable to get cs.type: " + e.toString());
                     }
-              
-                    Document doc = parser.getDocument(); 
+
+                    Document doc = parser.getDocument();
                     NodeList list = doc.getElementsByTagName("name");
                     int len = list.getLength();
-                    for (int i=0; i<len; i++) {
+                    for (int i = 0; i < len; i++) {
                         Node n = list.item(i);
                         NodeList nn = n.getChildNodes();
                         String name = nn.item(0).getNodeValue();
@@ -606,14 +609,14 @@ public class WizardPanelBase implements IWizardPanel {
                         nn = parent.getChildNodes();
                         int len1 = nn.getLength();
                         String v = "";
-                        for (int j=0; j<len1; j++) {
+                        for (int j = 0; j < len1; j++) {
                             Node nv = nn.item(j);
                             String val = nv.getNodeName();
                             if (val.equals("value")) {
                                 NodeList n2 = nv.getChildNodes();
                                 if (n2.getLength() > 0)
-                                    v = n2.item(0).getNodeValue(); 
-                                break;    
+                                    v = n2.item(0).getNodeValue();
+                                break;
                             }
                         }
 
@@ -625,7 +628,7 @@ public class WizardPanelBase implements IWizardPanel {
                             config.putString("preop.internaldb.master.binddn", v);
                         } else if (name.equals("internaldb.basedn")) {
                             config.putString(name, v);
-                            config.putString("preop.internaldb.master.basedn", v); 
+                            config.putString("preop.internaldb.master.basedn", v);
                         } else if (name.equals("internaldb.ldapauth.password")) {
                             config.putString("preop.internaldb.master.bindpwd", v);
                         } else if (name.equals("internaldb.replication.password")) {
@@ -649,7 +652,7 @@ public class WizardPanelBase implements IWizardPanel {
                             config.putString("preop.master.storage.nickname", v);
                             config.putString("kra.storageUnit.nickName", v);
                             config.putString("preop.cert.storage.nickname", v);
-                        } else if  (name.equals("cloning.audit_signing.nickname")) {
+                        } else if (name.equals("cloning.audit_signing.nickname")) {
                             config.putString("preop.master.audit_signing.nickname", v);
                             config.putString("preop.cert.audit_signing.nickname", v);
                             config.putString(name, v);
@@ -686,7 +689,7 @@ public class WizardPanelBase implements IWizardPanel {
                     String error = parser.getValue("Error");
 
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString());
                 throw e;
@@ -713,9 +716,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::authenticate() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::authenticate() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -729,7 +732,7 @@ public class WizardPanelBase implements IWizardPanel {
                 } else {
                     String error = parser.getValue("Error");
                     return false;
-                } 
+                }
             } catch (Exception e) {
                 CMS.debug("WizardPanelBase: authenticate: " + e.toString());
                 throw new IOException(e.toString());
@@ -739,12 +742,12 @@ public class WizardPanelBase implements IWizardPanel {
         return false;
     }
 
-    public void updateOCSPConfig(String hostname, int port, boolean https, 
-        String content, HttpServletResponse response) 
-      throws IOException {
+    public void updateOCSPConfig(String hostname, int port, boolean https,
+            String content, HttpServletResponse response)
+            throws IOException {
         CMS.debug("WizardPanelBase updateOCSPConfig start");
-        String c = getHttpResponse(hostname, port, https, 
-          "/ca/ee/ca/updateOCSPConfig", content, null);
+        String c = getHttpResponse(hostname, port, https,
+                "/ca/ee/ca/updateOCSPConfig", content, null);
         if (c == null || c.equals("")) {
             CMS.debug("WizardPanelBase updateOCSPConfig: content is null.");
             throw new IOException("The server you want to contact is not available");
@@ -756,9 +759,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::updateOCSPConfig() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::updateOCSPConfig() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -774,7 +777,7 @@ public class WizardPanelBase implements IWizardPanel {
                     String error = parser.getValue("Error");
 
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase updateOCSPConfig: " + e.toString());
                 throw e;
@@ -785,10 +788,10 @@ public class WizardPanelBase implements IWizardPanel {
         }
     }
 
-    public void updateNumberRange(String hostname, int port, boolean https, 
-        String content, String type, HttpServletResponse response) 
-      throws IOException {
-        CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname + 
+    public void updateNumberRange(String hostname, int port, boolean https,
+            String content, String type, HttpServletResponse response)
+            throws IOException {
+        CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname +
                                 " port=" + port);
         IConfigStore cs = CMS.getConfigStore();
         String cstype = "";
@@ -798,13 +801,13 @@ public class WizardPanelBase implements IWizardPanel {
         }
 
         cstype = toLowerCaseSubsystemType(cstype);
-        String c = getHttpResponse(hostname, port, https, 
-          "/"+cstype+"/ee/"+cstype+"/updateNumberRange", content, null);
+        String c = getHttpResponse(hostname, port, https,
+                "/" + cstype + "/ee/" + cstype + "/updateNumberRange", content, null);
         if (c == null || c.equals("")) {
             CMS.debug("WizardPanelBase updateNumberRange: content is null.");
             throw new IOException("The server you want to contact is not available");
         } else {
-            CMS.debug("content="+c);
+            CMS.debug("content=" + c);
             try {
                 ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
                 XMLObject parser = null;
@@ -812,9 +815,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::updateNumberRange() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::updateNumberRange() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -843,7 +846,7 @@ public class WizardPanelBase implements IWizardPanel {
                     String error = parser.getValue("Error");
 
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase: updateNumberRange: " + e.toString());
                 CMS.debug(e);
@@ -856,9 +859,9 @@ public class WizardPanelBase implements IWizardPanel {
         }
     }
 
-    public int getPort(String hostname, int port, boolean https, 
-            String portServlet, boolean sport) 
-        throws IOException {
+    public int getPort(String hostname, int port, boolean https,
+            String portServlet, boolean sport)
+            throws IOException {
         CMS.debug("WizardPanelBase getPort start");
         String c = getHttpResponse(hostname, port, https, portServlet,
                 "secure=" + sport, null);
@@ -871,9 +874,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::getPort() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::getPort() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -889,7 +892,7 @@ public class WizardPanelBase implements IWizardPanel {
                     String error = parser.getValue("Error");
 
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase: getPort: " + e.toString());
                 throw e;
@@ -903,14 +906,14 @@ public class WizardPanelBase implements IWizardPanel {
     }
 
     public String getHttpResponse(String hostname, int port, boolean secure,
-      String uri, String content, String clientnickname) throws IOException {
+            String uri, String content, String clientnickname) throws IOException {
         return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null);
     }
 
-    public String getHttpResponse(String hostname, int port, boolean secure, 
-      String uri, String content, String clientnickname, 
-      SSLCertificateApprovalCallback certApprovalCallback) 
-      throws IOException {
+    public String getHttpResponse(String hostname, int port, boolean secure,
+            String uri, String content, String clientnickname,
+            SSLCertificateApprovalCallback certApprovalCallback)
+            throws IOException {
         HttpClient httpclient = null;
         String c = null;
 
@@ -960,8 +963,8 @@ public class WizardPanelBase implements IWizardPanel {
         return c;
     }
 
-    public boolean isSDHostDomainMaster (IConfigStore config) {
-        String dm="false";
+    public boolean isSDHostDomainMaster(IConfigStore config) {
+        String dm = "false";
         try {
             String hostname = config.getString("securitydomain.host");
             int httpsadminport = config.getInteger("securitydomain.httpsadminport");
@@ -971,40 +974,40 @@ public class WizardPanelBase implements IWizardPanel {
 
             CMS.debug("Getting DomainMaster from security domain");
 
-            ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() );
-            XMLObject parser = new XMLObject( bis );
+            ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+            XMLObject parser = new XMLObject(bis);
             Document doc = parser.getDocument();
-            NodeList nodeList = doc.getElementsByTagName( "CA" );
+            NodeList nodeList = doc.getElementsByTagName("CA");
 
             int len = nodeList.getLength();
-            for( int i = 0; i < len; i++ ) {
+            for (int i = 0; i < len; i++) {
                 Vector v_hostname =
-                       parser.getValuesFromContainer( nodeList.item(i),
-                                                      "Host" );
+                        parser.getValuesFromContainer(nodeList.item(i),
+                                                      "Host");
 
                 Vector v_https_admin_port =
-                       parser.getValuesFromContainer( nodeList.item(i),
-                                                      "SecureAdminPort" );
+                        parser.getValuesFromContainer(nodeList.item(i),
+                                                      "SecureAdminPort");
 
                 Vector v_domain_mgr =
-                       parser.getValuesFromContainer( nodeList.item(i),
-                                                      "DomainManager" );
+                        parser.getValuesFromContainer(nodeList.item(i),
+                                                      "DomainManager");
 
-                if( v_hostname.elementAt( 0 ).equals( hostname ) &&
-                    v_https_admin_port.elementAt( 0 ).equals( Integer.toString(httpsadminport) ) ) {
-                    dm = v_domain_mgr.elementAt( 0 ).toString();
+                if (v_hostname.elementAt(0).equals(hostname) &&
+                        v_https_admin_port.elementAt(0).equals(Integer.toString(httpsadminport))) {
+                    dm = v_domain_mgr.elementAt(0).toString();
                     break;
                 }
             }
         } catch (Exception e) {
-            CMS.debug( e.toString() );
+            CMS.debug(e.toString());
         }
         return dm.equalsIgnoreCase("true");
     }
- 
-    public Vector getMasterUrlListFromSecurityDomain( IConfigStore config,
+
+    public Vector getMasterUrlListFromSecurityDomain(IConfigStore config,
                                                       String type,
-                                                      String portType ) {
+                                                      String portType) {
         Vector v = new Vector();
 
         try {
@@ -1026,13 +1029,13 @@ public class WizardPanelBase implements IWizardPanel {
                 list = "TKSList";
             }
 
-            CMS.debug( "Getting " + portType + " from Security Domain ..." );
-            if( !portType.equals( "UnSecurePort" )    &&
-                !portType.equals( "SecureAgentPort" ) &&
-                !portType.equals( "SecurePort" )      &&
-                !portType.equals( "SecureAdminPort" ) ) {
-                CMS.debug( "getPortFromSecurityDomain:  " +
-                           "unknown port type " + portType );
+            CMS.debug("Getting " + portType + " from Security Domain ...");
+            if (!portType.equals("UnSecurePort") &&
+                    !portType.equals("SecureAgentPort") &&
+                    !portType.equals("SecurePort") &&
+                    !portType.equals("SecureAdminPort")) {
+                CMS.debug("getPortFromSecurityDomain:  " +
+                           "unknown port type " + portType);
                 return v;
             }
 
@@ -1050,8 +1053,8 @@ public class WizardPanelBase implements IWizardPanel {
             CMS.debug("Len " + len);
             for (int i = 0; i < len; i++) {
                 Vector v_clone = parser.getValuesFromContainer(nodeList.item(i),
-                  "Clone");
-                String clone = (String)v_clone.elementAt(0);
+                        "Clone");
+                String clone = (String) v_clone.elementAt(0);
                 if (clone.equalsIgnoreCase("true"))
                     continue;
                 Vector v_name = parser.getValuesFromContainer(nodeList.item(i),
@@ -1061,11 +1064,11 @@ public class WizardPanelBase implements IWizardPanel {
                 Vector v_port = parser.getValuesFromContainer(nodeList.item(i),
                         portType);
 
-                v.addElement( v_name.elementAt(0)
+                v.addElement(v_name.elementAt(0)
                             + " - https://"
                             + v_host.elementAt(0)
                             + ":"
-                            + v_port.elementAt(0) );
+                            + v_port.elementAt(0));
             }
         } catch (Exception e) {
             CMS.debug(e.toString());
@@ -1074,9 +1077,9 @@ public class WizardPanelBase implements IWizardPanel {
         return v;
     }
 
-    public Vector getUrlListFromSecurityDomain( IConfigStore config,
+    public Vector getUrlListFromSecurityDomain(IConfigStore config,
                                                 String type,
-                                                String portType ) {
+                                                String portType) {
         Vector v = new Vector();
 
         try {
@@ -1098,13 +1101,13 @@ public class WizardPanelBase implements IWizardPanel {
                 list = "TKSList";
             }
 
-            CMS.debug( "Getting " + portType + " from Security Domain ..." );
-            if( !portType.equals( "UnSecurePort" )    &&
-                !portType.equals( "SecureAgentPort" ) &&
-                !portType.equals( "SecurePort" )      &&
-                !portType.equals( "SecureAdminPort" ) ) {
-                CMS.debug( "getPortFromSecurityDomain:  " +
-                           "unknown port type " + portType );
+            CMS.debug("Getting " + portType + " from Security Domain ...");
+            if (!portType.equals("UnSecurePort") &&
+                    !portType.equals("SecureAgentPort") &&
+                    !portType.equals("SecurePort") &&
+                    !portType.equals("SecureAdminPort")) {
+                CMS.debug("getPortFromSecurityDomain:  " +
+                           "unknown port type " + portType);
                 return v;
             }
 
@@ -1132,17 +1135,17 @@ public class WizardPanelBase implements IWizardPanel {
 
                 if (v_host.elementAt(0).equals(hostname) && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) {
                     // add security domain CA to the beginning of list
-                    v.add( 0, v_name.elementAt(0)
+                    v.add(0, v_name.elementAt(0)
                             + " - https://"
                             + v_host.elementAt(0)
                             + ":"
-                            + v_port.elementAt(0) );
+                            + v_port.elementAt(0));
                 } else {
-                    v.addElement( v_name.elementAt(0)
+                    v.addElement(v_name.elementAt(0)
                             + " - https://"
                             + v_host.elementAt(0)
                             + ":"
-                            + v_port.elementAt(0) );
+                            + v_port.elementAt(0));
                 }
             }
         } catch (Exception e) {
@@ -1154,155 +1157,155 @@ public class WizardPanelBase implements IWizardPanel {
 
     // Given an HTTPS Hostname and EE port,
     // retrieve the associated HTTPS Admin port
-    public String getSecurityDomainAdminPort( IConfigStore config,
+    public String getSecurityDomainAdminPort(IConfigStore config,
                                               String hostname,
                                               String https_ee_port,
-                                              String cstype ) {
+                                              String cstype) {
         String https_admin_port = new String();
 
         try {
-            String sd_hostname = config.getString( "securitydomain.host" );
+            String sd_hostname = config.getString("securitydomain.host");
             int sd_httpsadminport =
-                config.getInteger( "securitydomain.httpsadminport" );
+                    config.getInteger("securitydomain.httpsadminport");
 
-            CMS.debug( "Getting domain.xml from CA ..." );
-            String c = getDomainXML( sd_hostname, sd_httpsadminport, true );
+            CMS.debug("Getting domain.xml from CA ...");
+            String c = getDomainXML(sd_hostname, sd_httpsadminport, true);
 
-            CMS.debug( "Getting associated HTTPS Admin port from " +
+            CMS.debug("Getting associated HTTPS Admin port from " +
                        "HTTPS Hostname '" + hostname +
-                       "' and EE port '" + https_ee_port + "'" );
-            ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() );
-            XMLObject parser = new XMLObject( bis );
+                       "' and EE port '" + https_ee_port + "'");
+            ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+            XMLObject parser = new XMLObject(bis);
             Document doc = parser.getDocument();
-            NodeList nodeList = doc.getElementsByTagName( cstype.toUpperCase() );
+            NodeList nodeList = doc.getElementsByTagName(cstype.toUpperCase());
 
             int len = nodeList.getLength();
-            for( int i = 0; i < len; i++ ) {
+            for (int i = 0; i < len; i++) {
                 Vector v_hostname =
-                       parser.getValuesFromContainer( nodeList.item(i),
-                                                      "Host" );
+                        parser.getValuesFromContainer(nodeList.item(i),
+                                                      "Host");
 
                 Vector v_https_ee_port =
-                       parser.getValuesFromContainer( nodeList.item(i),
-                                                      "SecurePort" );
+                        parser.getValuesFromContainer(nodeList.item(i),
+                                                      "SecurePort");
 
                 Vector v_https_admin_port =
-                       parser.getValuesFromContainer( nodeList.item(i),
-                                                      "SecureAdminPort" );
+                        parser.getValuesFromContainer(nodeList.item(i),
+                                                      "SecureAdminPort");
 
-                if( v_hostname.elementAt( 0 ).equals( hostname ) &&
-                    v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) {
+                if (v_hostname.elementAt(0).equals(hostname) &&
+                        v_https_ee_port.elementAt(0).equals(https_ee_port)) {
                     https_admin_port =
-                                v_https_admin_port.elementAt( 0 ).toString();
+                                v_https_admin_port.elementAt(0).toString();
                     break;
                 }
             }
         } catch (Exception e) {
-            CMS.debug( e.toString() );
+            CMS.debug(e.toString());
         }
 
-        return( https_admin_port );
+        return (https_admin_port);
     }
 
-    public String getSecurityDomainPort( IConfigStore config,
-                                         String portType ) {
+    public String getSecurityDomainPort(IConfigStore config,
+                                         String portType) {
         String port = new String();
 
         try {
-            String hostname = config.getString( "securitydomain.host" );
+            String hostname = config.getString("securitydomain.host");
             int httpsadminport =
-                config.getInteger( "securitydomain.httpsadminport" );
-
-            CMS.debug( "Getting domain.xml from CA ..." );
-            String c = getDomainXML( hostname, httpsadminport, true );
-
-            CMS.debug( "Getting " + portType + " from Security Domain ..." );
-            if( !portType.equals( "UnSecurePort" )    &&
-                !portType.equals( "SecureAgentPort" ) &&
-                !portType.equals( "SecurePort" )      &&
-                !portType.equals( "SecureAdminPort" ) ) {
-                CMS.debug( "getPortFromSecurityDomain:  " +
-                           "unknown port type " + portType );
+                    config.getInteger("securitydomain.httpsadminport");
+
+            CMS.debug("Getting domain.xml from CA ...");
+            String c = getDomainXML(hostname, httpsadminport, true);
+
+            CMS.debug("Getting " + portType + " from Security Domain ...");
+            if (!portType.equals("UnSecurePort") &&
+                    !portType.equals("SecureAgentPort") &&
+                    !portType.equals("SecurePort") &&
+                    !portType.equals("SecureAdminPort")) {
+                CMS.debug("getPortFromSecurityDomain:  " +
+                           "unknown port type " + portType);
                 return "";
             }
 
-            ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() );
-            XMLObject parser = new XMLObject( bis );
+            ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+            XMLObject parser = new XMLObject(bis);
             Document doc = parser.getDocument();
-            NodeList nodeList = doc.getElementsByTagName( "CA" );
+            NodeList nodeList = doc.getElementsByTagName("CA");
 
             int len = nodeList.getLength();
-            for( int i = 0; i < len; i++ ) {
+            for (int i = 0; i < len; i++) {
                 Vector v_admin_port =
-                       parser.getValuesFromContainer( nodeList.item(i),
-                                                      "SecureAdminPort" );
+                        parser.getValuesFromContainer(nodeList.item(i),
+                                                      "SecureAdminPort");
 
                 Vector v_port = null;
-                if( portType.equals( "UnSecurePort" ) ) {
-                    v_port = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "UnSecurePort" );
-                } else if( portType.equals( "SecureAgentPort" ) ) {
-                    v_port = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "SecureAgentPort" );
-                } else if( portType.equals( "SecurePort" ) ) {
-                    v_port = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "SecurePort" );
-                } else if( portType.equals( "SecureAdminPort" ) ) {
-                    v_port = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "SecureAdminPort" );
+                if (portType.equals("UnSecurePort")) {
+                    v_port = parser.getValuesFromContainer(nodeList.item(i),
+                                                            "UnSecurePort");
+                } else if (portType.equals("SecureAgentPort")) {
+                    v_port = parser.getValuesFromContainer(nodeList.item(i),
+                                                            "SecureAgentPort");
+                } else if (portType.equals("SecurePort")) {
+                    v_port = parser.getValuesFromContainer(nodeList.item(i),
+                                                            "SecurePort");
+                } else if (portType.equals("SecureAdminPort")) {
+                    v_port = parser.getValuesFromContainer(nodeList.item(i),
+                                                            "SecureAdminPort");
                 }
 
-                if( ( v_port != null ) &&
-                    ( v_admin_port.elementAt( 0 ).equals(
-                      Integer.toString( httpsadminport ) ) ) ) {
-                    port = v_port.elementAt( 0 ).toString();
+                if ((v_port != null) &&
+                        (v_admin_port.elementAt(0).equals(
+                                Integer.toString(httpsadminport)))) {
+                    port = v_port.elementAt(0).toString();
                     break;
                 }
             }
         } catch (Exception e) {
-            CMS.debug( e.toString() );
+            CMS.debug(e.toString());
         }
 
-        return( port );
+        return (port);
     }
 
-    public String pingCS( String hostname, int port, boolean https,
-                          SSLCertificateApprovalCallback certApprovalCallback )
-        throws IOException {
-        CMS.debug( "WizardPanelBase pingCS: started" );
+    public String pingCS(String hostname, int port, boolean https,
+                          SSLCertificateApprovalCallback certApprovalCallback)
+            throws IOException {
+        CMS.debug("WizardPanelBase pingCS: started");
 
-        String c = getHttpResponse( hostname, port, https,
-                                    "/ca/admin/ca/getStatus", 
-                                    null, null, certApprovalCallback );
+        String c = getHttpResponse(hostname, port, https,
+                                    "/ca/admin/ca/getStatus",
+                                    null, null, certApprovalCallback);
 
-        if( c != null ) {
+        if (c != null) {
             try {
                 ByteArrayInputStream bis = new
-                                           ByteArrayInputStream( c.getBytes() );
+                                           ByteArrayInputStream(c.getBytes());
                 XMLObject parser = null;
                 String state = null;
 
                 try {
-                    parser = new XMLObject( bis );
-                    CMS.debug( "WizardPanelBase pingCS: got XML parsed" );
-                    state = parser.getValue( "State" );
+                    parser = new XMLObject(bis);
+                    CMS.debug("WizardPanelBase pingCS: got XML parsed");
+                    state = parser.getValue("State");
 
-                    if( state != null ) {
-                        CMS.debug( "WizardPanelBase pingCS: state=" + state );
+                    if (state != null) {
+                        CMS.debug("WizardPanelBase pingCS: state=" + state);
                     }
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase: pingCS: parser failed"
-                             + e.toString() );
+                    CMS.debug("WizardPanelBase: pingCS: parser failed"
+                             + e.toString());
                 }
 
                 return state;
-            } catch( Exception e ) {
-                CMS.debug( "WizardPanelBase: pingCS: " + e.toString() );
-                throw new IOException( e.toString() );
+            } catch (Exception e) {
+                CMS.debug("WizardPanelBase: pingCS: " + e.toString());
+                throw new IOException(e.toString());
             }
         }
 
-        CMS.debug( "WizardPanelBase pingCS: stopped" );
+        CMS.debug("WizardPanelBase pingCS: stopped");
         return null;
     }
 
@@ -1311,7 +1314,7 @@ public class WizardPanelBase implements IWizardPanel {
         if (s.equals("CA")) {
             x = "ca";
         } else if (s.equals("KRA")) {
-            x = "kra"; 
+            x = "kra";
         } else if (s.equals("OCSP")) {
             x = "ocsp";
         } else if (s.equals("TKS")) {
@@ -1321,14 +1324,14 @@ public class WizardPanelBase implements IWizardPanel {
         return x;
     }
 
-    public void getTokenInfo(IConfigStore config, String type, String host, 
-      int https_ee_port, boolean https, Context context, 
-      ConfigCertApprovalCallback certApprovalCallback) throws IOException {
+    public void getTokenInfo(IConfigStore config, String type, String host,
+            int https_ee_port, boolean https, Context context,
+            ConfigCertApprovalCallback certApprovalCallback) throws IOException {
         CMS.debug("WizardPanelBase getTokenInfo start");
-        String uri = "/"+type+"/ee/"+type+"/getTokenInfo";
-        CMS.debug("WizardPanelBase getTokenInfo: uri="+uri);
+        String uri = "/" + type + "/ee/" + type + "/getTokenInfo";
+        CMS.debug("WizardPanelBase getTokenInfo: uri=" + uri);
         String c = getHttpResponse(host, https_ee_port, https, uri, null, null,
-          certApprovalCallback);
+                certApprovalCallback);
         if (c != null) {
             try {
                 ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
@@ -1337,9 +1340,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::getTokenInfo() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::getTokenInfo() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -1350,7 +1353,7 @@ public class WizardPanelBase implements IWizardPanel {
                     Document doc = parser.getDocument();
                     NodeList list = doc.getElementsByTagName("name");
                     int len = list.getLength();
-                    for (int i=0; i<len; i++) {
+                    for (int i = 0; i < len; i++) {
                         Node n = list.item(i);
                         NodeList nn = n.getChildNodes();
                         String name = nn.item(0).getNodeValue();
@@ -1358,17 +1361,17 @@ public class WizardPanelBase implements IWizardPanel {
                         nn = parent.getChildNodes();
                         int len1 = nn.getLength();
                         String v = "";
-                        for (int j=0; j<len1; j++) {
+                        for (int j = 0; j < len1; j++) {
                             Node nv = nn.item(j);
                             String val = nv.getNodeName();
                             if (val.equals("value")) {
                                 NodeList n2 = nv.getChildNodes();
                                 if (n2.getLength() > 0)
                                     v = n2.item(0).getNodeValue();
-                                break;    
+                                break;
                             }
                         }
-                        if (name.equals("cloning.signing.nickname")) {                            
+                        if (name.equals("cloning.signing.nickname")) {
                             config.putString("preop.master.signing.nickname", v);
                             config.putString(type + ".cert.signing.nickname", v);
                             config.putString(name, v);
@@ -1406,19 +1409,20 @@ public class WizardPanelBase implements IWizardPanel {
                     }
 
                     // reset nicknames for system cert verification
-                    String token = config.getString("preop.module.token", 
+                    String token = config.getString("preop.module.token",
                                                     "Internal Key Storage Token");
-                    if (! token.equals("Internal Key Storage Token")) {
+                    if (!token.equals("Internal Key Storage Token")) {
                         String certlist = config.getString("preop.cert.list");
 
                         StringTokenizer t1 = new StringTokenizer(certlist, ",");
                         while (t1.hasMoreTokens()) {
                             String tag = t1.nextToken();
-                            if (tag.equals("sslserver")) continue;
-                            config.putString(type + ".cert." + tag + ".nickname", 
-                                token + ":" + 
-                                config.getString(type + ".cert." + tag + ".nickname", ""));
-                        } 
+                            if (tag.equals("sslserver"))
+                                continue;
+                            config.putString(type + ".cert." + tag + ".nickname",
+                                    token + ":" +
+                                            config.getString(type + ".cert." + tag + ".nickname", ""));
+                        }
                     }
                 } else {
                     String error = parser.getValue("Error");
@@ -1431,7 +1435,7 @@ public class WizardPanelBase implements IWizardPanel {
                 CMS.debug("WizardPanelBase: getTokenInfo: " + e.toString());
                 throw new IOException(e.toString());
             }
-        }           
+        }
     }
 
     public void importCertChain(String id) throws IOException {
@@ -1442,31 +1446,32 @@ public class WizardPanelBase implements IWizardPanel {
 
         try {
             pkcs7 = config.getString(configName, "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         if (pkcs7.length() > 0) {
             try {
                 CryptoUtil.importCertificateChain(pkcs7);
             } catch (Exception e) {
-                CMS.debug("DisplayCertChainPanel importCertChain: Exception: "+e.toString());
+                CMS.debug("DisplayCertChainPanel importCertChain: Exception: " + e.toString());
             }
         }
     }
 
     public void updateCertChain(IConfigStore config, String name, String host,
-      int https_admin_port, boolean https, Context context) throws IOException {
-        updateCertChain( config, name, host, https_admin_port,
-                         https, context, null );
+            int https_admin_port, boolean https, Context context) throws IOException {
+        updateCertChain(config, name, host, https_admin_port,
+                         https, context, null);
     }
 
     public void updateCertChain(IConfigStore config, String name, String host,
-      int https_admin_port, boolean https, Context context, 
-      ConfigCertApprovalCallback certApprovalCallback) throws IOException {
-        String certchain = getCertChainUsingSecureAdminPort( host,
+            int https_admin_port, boolean https, Context context,
+            ConfigCertApprovalCallback certApprovalCallback) throws IOException {
+        String certchain = getCertChainUsingSecureAdminPort(host,
                                                              https_admin_port,
                                                              https,
-                                                             certApprovalCallback );
-        config.putString("preop."+name+".pkcs7", certchain);
+                                                             certApprovalCallback);
+        config.putString("preop." + name + ".pkcs7", certchain);
 
         byte[] decoded = CryptoUtil.base64Decode(certchain);
         java.security.cert.X509Certificate[] b_certchain = null;
@@ -1475,7 +1480,7 @@ public class WizardPanelBase implements IWizardPanel {
             b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded);
         } catch (Exception e) {
             context.put("errorString",
-              "Failed to get the certificate chain.");
+                    "Failed to get the certificate chain.");
             return;
         }
 
@@ -1483,7 +1488,7 @@ public class WizardPanelBase implements IWizardPanel {
         if (b_certchain != null) {
             size = b_certchain.length;
         }
-        config.putInteger("preop."+name+".certchain.size", size);
+        config.putInteger("preop." + name + ".certchain.size", size);
         for (int i = 0; i < size; i++) {
             byte[] bb = null;
 
@@ -1491,11 +1496,11 @@ public class WizardPanelBase implements IWizardPanel {
                 bb = b_certchain[i].getEncoded();
             } catch (Exception e) {
                 context.put("errorString",
-                  "Failed to get the der-encoded certificate chain.");
+                        "Failed to get the der-encoded certificate chain.");
                 return;
             }
-            config.putString("preop."+name+".certchain." + i,
-              CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
+            config.putString("preop." + name + ".certchain." + i,
+                    CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
         }
 
         try {
@@ -1504,16 +1509,16 @@ public class WizardPanelBase implements IWizardPanel {
         }
     }
 
-    public void updateCertChainUsingSecureEEPort( IConfigStore config,
+    public void updateCertChainUsingSecureEEPort(IConfigStore config,
                                                   String name, String host,
                                                   int https_ee_port,
                                                   boolean https,
-                                                  Context context, 
-                                                  ConfigCertApprovalCallback certApprovalCallback ) throws IOException {
-        String certchain = getCertChainUsingSecureEEPort( host, https_ee_port,
+                                                  Context context,
+                                                  ConfigCertApprovalCallback certApprovalCallback) throws IOException {
+        String certchain = getCertChainUsingSecureEEPort(host, https_ee_port,
                                                           https,
                                                           certApprovalCallback);
-        config.putString("preop."+name+".pkcs7", certchain);
+        config.putString("preop." + name + ".pkcs7", certchain);
 
         byte[] decoded = CryptoUtil.base64Decode(certchain);
         java.security.cert.X509Certificate[] b_certchain = null;
@@ -1522,7 +1527,7 @@ public class WizardPanelBase implements IWizardPanel {
             b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded);
         } catch (Exception e) {
             context.put("errorString",
-              "Failed to get the certificate chain.");
+                    "Failed to get the certificate chain.");
             return;
         }
 
@@ -1530,7 +1535,7 @@ public class WizardPanelBase implements IWizardPanel {
         if (b_certchain != null) {
             size = b_certchain.length;
         }
-        config.putInteger("preop."+name+".certchain.size", size);
+        config.putInteger("preop." + name + ".certchain.size", size);
         for (int i = 0; i < size; i++) {
             byte[] bb = null;
 
@@ -1538,11 +1543,11 @@ public class WizardPanelBase implements IWizardPanel {
                 bb = b_certchain[i].getEncoded();
             } catch (Exception e) {
                 context.put("errorString",
-                  "Failed to get the der-encoded certificate chain.");
+                        "Failed to get the der-encoded certificate chain.");
                 return;
             }
-            config.putString("preop."+name+".certchain." + i,
-              CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
+            config.putString("preop." + name + ".certchain." + i,
+                    CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
         }
 
         try {
@@ -1558,26 +1563,26 @@ public class WizardPanelBase implements IWizardPanel {
             CryptoStore store = tok.getCryptoStore();
             String fullnickname = nickname;
             if (!tokenname.equals("") &&
-                !tokenname.equals("Internal Key Storage Token") &&
-                !tokenname.equals("internal"))
-                  fullnickname = tokenname+":"+nickname;
+                    !tokenname.equals("Internal Key Storage Token") &&
+                    !tokenname.equals("internal"))
+                fullnickname = tokenname + ":" + nickname;
 
-            CMS.debug("WizardPanelBase deleteCert: nickname="+fullnickname);
+            CMS.debug("WizardPanelBase deleteCert: nickname=" + fullnickname);
             org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(fullnickname);
 
             if (store instanceof PK11Store) {
                 CMS.debug("WizardPanelBase deleteCert: this is pk11store");
-                PK11Store pk11store = (PK11Store)store;
+                PK11Store pk11store = (PK11Store) store;
                 pk11store.deleteCertOnly(cert);
                 CMS.debug("WizardPanelBase deleteCert: cert deleted successfully");
             }
         } catch (Exception e) {
-            CMS.debug("WizardPanelBase deleteCert: Exception="+e.toString());
+            CMS.debug("WizardPanelBase deleteCert: Exception=" + e.toString());
         }
     }
 
     public void deleteEntries(LDAPSearchResults res, LDAPConnection conn,
-      String dn, String[] entries) {
+            String dn, String[] entries) {
         String[] attrs = null;
         LDAPSearchConstraints cons = null;
         String filter = "objectclass=*";
@@ -1595,23 +1600,23 @@ public class WizardPanelBase implements IWizardPanel {
                 }
             }
         } catch (Exception ee) {
-            CMS.debug("WizardPanelBase deleteEntries: Exception="+ee.toString());
+            CMS.debug("WizardPanelBase deleteEntries: Exception=" + ee.toString());
         }
     }
 
     public void deleteEntry(LDAPConnection conn, String dn, String[] entries) {
         try {
-            for (int i=0; i<entries.length; i++) {
+            for (int i = 0; i < entries.length; i++) {
                 if (LDAPDN.equals(dn, entries[i])) {
-                    CMS.debug("WizardPanelBase deleteEntry: entry with this dn "+dn+" is not deleted.");
+                    CMS.debug("WizardPanelBase deleteEntry: entry with this dn " + dn + " is not deleted.");
                     return;
                 }
             }
 
-            CMS.debug("WizardPanelBase deleteEntry: deleting dn="+dn);
+            CMS.debug("WizardPanelBase deleteEntry: deleting dn=" + dn);
             conn.delete(dn);
         } catch (Exception e) {
-            CMS.debug("WizardPanelBase deleteEntry: Exception="+e.toString());
+            CMS.debug("WizardPanelBase deleteEntry: Exception=" + e.toString());
         }
     }
 
@@ -1624,12 +1629,12 @@ public class WizardPanelBase implements IWizardPanel {
             int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1);
             int panel = getPanelNo();
             String subsystem = cs.getString("cs.type", "");
-            String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem;
+            String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem;
             String encodedValue = URLEncoder.encode(urlVal, "UTF-8");
-            String sdurl =  "https://"+hostname+":"+port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue;
+            String sdurl = "https://" + hostname + ":" + port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue;
             response.sendRedirect(sdurl);
         } catch (Exception e) {
-            CMS.debug("WizardPanelBase reloginSecurityDomain: Exception="+e.toString());
+            CMS.debug("WizardPanelBase reloginSecurityDomain: Exception=" + e.toString());
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java
index bbfa4b39..c7532c7a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java
@@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse;
 
 import com.netscape.certsrv.apps.CMS;
 
-public class AdminRequestFilter implements Filter
-{
+public class AdminRequestFilter implements Filter {
     private static final String HTTPS_SCHEME = "https";
     private static final String HTTPS_PORT = "https_port";
     private static final String HTTPS_ROLE = "Admin";
     private static final String PROXY_PORT = "proxy_port";
 
     private FilterConfig config;
-    
+
     /* Create a new AdminRequestFilter */
-    public AdminRequestFilter() {}
-    
-    public void init( FilterConfig filterConfig )
-                throws ServletException
-    {
+    public AdminRequestFilter() {
+    }
+
+    public void init(FilterConfig filterConfig)
+                throws ServletException {
         this.config = filterConfig;
     }
-    
-    public void doFilter( ServletRequest request, 
+
+    public void doFilter(ServletRequest request,
                           ServletResponse response,
-                          FilterChain chain )
+                          FilterChain chain)
                 throws java.io.IOException,
-                       ServletException
-    {
+                       ServletException {
         String filterName = getClass().getName();
 
         String scheme = null;
@@ -64,32 +62,32 @@ public class AdminRequestFilter implements Filter
         String param_active = null;
 
         // CMS.debug("Entering the admin filter");
-        param_active = config.getInitParameter( "active");
+        param_active = config.getInitParameter("active");
 
-        if( request instanceof HttpServletRequest ) {
-            HttpServletResponse resp = ( HttpServletResponse ) response;
+        if (request instanceof HttpServletRequest) {
+            HttpServletResponse resp = (HttpServletResponse) response;
 
             // RFC 1738:  verify that scheme is "https"
             scheme = request.getScheme();
-            if( ! scheme.equals( HTTPS_SCHEME ) ) {
+            if (!scheme.equals(HTTPS_SCHEME)) {
                 msg = "The scheme MUST be '" + HTTPS_SCHEME
-                    + "', NOT '" + scheme + "'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg );
+                        + "', NOT '" + scheme + "'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
                 return;
             }
 
             // Always obtain an "https" port from request
             port = request.getLocalPort();
-            request_port = Integer.toString( port );
+            request_port = Integer.toString(port);
 
             // Always obtain the "https" port passed in as a parameter
-            param_https_port = config.getInitParameter( HTTPS_PORT );
-            if( param_https_port == null ) {
+            param_https_port = config.getInitParameter(HTTPS_PORT);
+            if (param_https_port == null) {
                 msg = "The <param-name> '" + HTTPS_PORT
-                    + "' </param-name> " + "MUST be specified in 'web.xml'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
+                        + "' </param-name> " + "MUST be specified in 'web.xml'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
                 return;
             }
 
@@ -97,29 +95,29 @@ public class AdminRequestFilter implements Filter
             boolean bad_port = false;
 
             // Compare the request and param "https" ports
-            if( ! param_https_port.equals( request_port ) ) {
+            if (!param_https_port.equals(request_port)) {
                 String uri = ((HttpServletRequest) request).getRequestURI();
-                if (param_proxy_port != null) {  
+                if (param_proxy_port != null) {
                     if (!param_proxy_port.equals(request_port)) {
                         msg = "Use HTTPS port '" + param_https_port
-                            + "' or proxy port '" + param_proxy_port
-                            + "' instead of '" + request_port
-                            + "' when performing " + HTTPS_ROLE + " tasks!";
+                                + "' or proxy port '" + param_proxy_port
+                                + "' instead of '" + request_port
+                                + "' when performing " + HTTPS_ROLE + " tasks!";
                         bad_port = true;
                     }
                 } else {
                     msg = "Use HTTPS port '" + param_https_port
-                        + "' instead of '" + request_port
-                        + "' when performing " + HTTPS_ROLE + " tasks!";
+                            + "' instead of '" + request_port
+                            + "' when performing " + HTTPS_ROLE + " tasks!";
                     bad_port = true;
                 }
                 if (bad_port) {
-                    CMS.debug( filterName + ":  " + msg );
-                    CMS.debug( filterName + ": uri is " + uri);
-                    if ((param_active != null) &&(param_active.equals("false"))) {
+                    CMS.debug(filterName + ":  " + msg);
+                    CMS.debug(filterName + ": uri is " + uri);
+                    if ((param_active != null) && (param_active.equals("false"))) {
                         CMS.debug("Filter is disabled .. continuing");
                     } else {
-                        resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+                        resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
                         return;
                     }
                 }
@@ -128,11 +126,9 @@ public class AdminRequestFilter implements Filter
 
         // CMS.debug("Exiting the admin filter");
 
-        chain.doFilter( request, response );
+        chain.doFilter(request, response);
     }
-    
-    public void destroy()
-    {
+
+    public void destroy() {
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java
index 1ae44a64..4225aed7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java
@@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse;
 
 import com.netscape.certsrv.apps.CMS;
 
-public class AgentRequestFilter implements Filter
-{
+public class AgentRequestFilter implements Filter {
     private static final String HTTPS_SCHEME = "https";
     private static final String HTTPS_PORT = "https_port";
     private static final String HTTPS_ROLE = "Agent";
     private static final String PROXY_PORT = "proxy_port";
 
     private FilterConfig config;
-    
+
     /* Create a new AgentRequestFilter */
-    public AgentRequestFilter() {}
-    
-    public void init( FilterConfig filterConfig )
-                throws ServletException
-    {
+    public AgentRequestFilter() {
+    }
+
+    public void init(FilterConfig filterConfig)
+                throws ServletException {
         this.config = filterConfig;
     }
-    
-    public void doFilter( ServletRequest request, 
+
+    public void doFilter(ServletRequest request,
                           ServletResponse response,
-                          FilterChain chain )
+                          FilterChain chain)
                 throws java.io.IOException,
-                       ServletException
-    {
+                       ServletException {
         String filterName = getClass().getName();
 
         String scheme = null;
@@ -65,32 +63,32 @@ public class AgentRequestFilter implements Filter
         String param_active = null;
 
         // CMS.debug("Entering the agent filter");
-        param_active = config.getInitParameter( "active");
+        param_active = config.getInitParameter("active");
 
-        if( request instanceof HttpServletRequest ) {
-            HttpServletResponse resp = ( HttpServletResponse ) response;
+        if (request instanceof HttpServletRequest) {
+            HttpServletResponse resp = (HttpServletResponse) response;
 
             // RFC 1738:  verify that scheme is "https"
             scheme = request.getScheme();
-            if( ! scheme.equals( HTTPS_SCHEME ) ) {
+            if (!scheme.equals(HTTPS_SCHEME)) {
                 msg = "The scheme MUST be '" + HTTPS_SCHEME
-                    + "', NOT '" + scheme + "'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg );
+                        + "', NOT '" + scheme + "'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
                 return;
             }
 
             // Always obtain an "https" port from request
             port = request.getLocalPort();
-            request_port = Integer.toString( port );
+            request_port = Integer.toString(port);
 
             // Always obtain the "https" port passed in as a parameter
-            param_https_port = config.getInitParameter( HTTPS_PORT );
-            if( param_https_port == null ) {
+            param_https_port = config.getInitParameter(HTTPS_PORT);
+            if (param_https_port == null) {
                 msg = "The <param-name> '" + HTTPS_PORT
-                    + "' </param-name> " + "MUST be specified in 'web.xml'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
+                        + "' </param-name> " + "MUST be specified in 'web.xml'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
                 return;
             }
 
@@ -98,29 +96,29 @@ public class AgentRequestFilter implements Filter
             boolean bad_port = false;
 
             // Compare the request and param "https" ports
-            if( ! param_https_port.equals( request_port ) ) {
+            if (!param_https_port.equals(request_port)) {
                 String uri = ((HttpServletRequest) request).getRequestURI();
                 if (param_proxy_port != null) {
                     if (!param_proxy_port.equals(request_port)) {
                         msg = "Use HTTPS port '" + param_https_port
-                            + "' or proxy port '" + param_proxy_port 
-                            + "' instead of '" + request_port
-                            + "' when performing " + HTTPS_ROLE + " tasks!";
+                                + "' or proxy port '" + param_proxy_port
+                                + "' instead of '" + request_port
+                                + "' when performing " + HTTPS_ROLE + " tasks!";
                         bad_port = true;
                     }
                 } else {
                     msg = "Use HTTPS port '" + param_https_port
-                        + "' instead of '" + request_port
-                        + "' when performing " + HTTPS_ROLE + " tasks!";
+                            + "' instead of '" + request_port
+                            + "' when performing " + HTTPS_ROLE + " tasks!";
                     bad_port = true;
                 }
                 if (bad_port) {
-                    CMS.debug( filterName + ":  " + msg );
-                    CMS.debug( filterName + ": uri is " + uri);
-                    if ((param_active != null) &&(param_active.equals("false"))) {
+                    CMS.debug(filterName + ":  " + msg);
+                    CMS.debug(filterName + ": uri is " + uri);
+                    if ((param_active != null) && (param_active.equals("false"))) {
                         CMS.debug("Filter is disabled .. continuing");
                     } else {
-                        resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+                        resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
                         return;
                     }
                 }
@@ -128,11 +126,9 @@ public class AgentRequestFilter implements Filter
         }
         // CMS.debug("Exiting the Agent filter");
 
-        chain.doFilter( request, response );
+        chain.doFilter(request, response);
     }
-    
-    public void destroy()
-    {
+
+    public void destroy() {
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java
index 8b53c6c6..8c62cd31 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java
@@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse;
 
 import com.netscape.certsrv.apps.CMS;
 
-public class EEClientAuthRequestFilter implements Filter
-{
+public class EEClientAuthRequestFilter implements Filter {
     private static final String HTTPS_SCHEME = "https";
     private static final String HTTPS_PORT = "https_port";
     private static final String HTTPS_ROLE = "EE Client Auth";
     private static final String PROXY_PORT = "proxy_port";
 
     private FilterConfig config;
-    
+
     /* Create a new EEClientAuthRequestFilter */
-    public EEClientAuthRequestFilter() {}
-    
-    public void init( FilterConfig filterConfig )
-                throws ServletException
-    {
+    public EEClientAuthRequestFilter() {
+    }
+
+    public void init(FilterConfig filterConfig)
+                throws ServletException {
         this.config = filterConfig;
     }
-    
-    public void doFilter( ServletRequest request, 
+
+    public void doFilter(ServletRequest request,
                           ServletResponse response,
-                          FilterChain chain )
+                          FilterChain chain)
                 throws java.io.IOException,
-                       ServletException
-    {
+                       ServletException {
         String filterName = getClass().getName();
 
         String scheme = null;
@@ -64,32 +62,32 @@ public class EEClientAuthRequestFilter implements Filter
         String param_proxy_port = null;
 
         // CMS.debug("Entering the EECA filter");
-        param_active = config.getInitParameter( "active");
+        param_active = config.getInitParameter("active");
 
-        if( request instanceof HttpServletRequest ) {
-            HttpServletResponse resp = ( HttpServletResponse ) response;
+        if (request instanceof HttpServletRequest) {
+            HttpServletResponse resp = (HttpServletResponse) response;
 
             // RFC 1738:  verify that scheme is "https"
             scheme = request.getScheme();
-            if( ! scheme.equals( HTTPS_SCHEME ) ) {
+            if (!scheme.equals(HTTPS_SCHEME)) {
                 msg = "The scheme MUST be '" + HTTPS_SCHEME
-                    + "', NOT '" + scheme + "'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg );
+                        + "', NOT '" + scheme + "'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
                 return;
             }
 
             // Always obtain an "https" port from request
             port = request.getLocalPort();
-            request_port = Integer.toString( port );
+            request_port = Integer.toString(port);
 
             // Always obtain the "https" port passed in as a parameter
-            param_https_port = config.getInitParameter( HTTPS_PORT );
-            if( param_https_port == null ) {
+            param_https_port = config.getInitParameter(HTTPS_PORT);
+            if (param_https_port == null) {
                 msg = "The <param-name> '" + HTTPS_PORT
-                    + "' </param-name> " + "MUST be specified in 'web.xml'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
+                        + "' </param-name> " + "MUST be specified in 'web.xml'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
                 return;
             }
 
@@ -97,41 +95,39 @@ public class EEClientAuthRequestFilter implements Filter
             boolean bad_port = false;
 
             // Compare the request and param "https" ports
-            if( ! param_https_port.equals( request_port ) ) {
+            if (!param_https_port.equals(request_port)) {
                 String uri = ((HttpServletRequest) request).getRequestURI();
                 if (param_proxy_port != null) {
                     if (!param_proxy_port.equals(request_port)) {
                         msg = "Use HTTPS port '" + param_https_port
-                            + "' or proxy port '" + param_proxy_port
-                            + "' instead of '" + request_port
-                            + "' when performing " + HTTPS_ROLE + " tasks!";
+                                + "' or proxy port '" + param_proxy_port
+                                + "' instead of '" + request_port
+                                + "' when performing " + HTTPS_ROLE + " tasks!";
                         bad_port = true;
                     }
                 } else {
                     msg = "Use HTTPS port '" + param_https_port
-                        + "' instead of '" + request_port
-                        + "' when performing " + HTTPS_ROLE + " tasks!";
+                            + "' instead of '" + request_port
+                            + "' when performing " + HTTPS_ROLE + " tasks!";
                     bad_port = true;
                 }
                 if (bad_port) {
-                    CMS.debug( filterName + ":  " + msg );
-                    CMS.debug( filterName + ": uri is " + uri);
-                    if ((param_active != null) &&(param_active.equals("false"))) {
+                    CMS.debug(filterName + ":  " + msg);
+                    CMS.debug(filterName + ": uri is " + uri);
+                    if ((param_active != null) && (param_active.equals("false"))) {
                         CMS.debug("Filter is disabled .. continuing");
                     } else {
-                        resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+                        resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
                         return;
                     }
                 }
             }
         }
-       // CMS.debug("exiting the EECA filter");
+        // CMS.debug("exiting the EECA filter");
 
-        chain.doFilter( request, response );
+        chain.doFilter(request, response);
     }
-    
-    public void destroy()
-    {
+
+    public void destroy() {
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java
index f66cf087..8a8bea01 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java
@@ -28,8 +28,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import com.netscape.certsrv.apps.CMS;
 
-public class EERequestFilter implements Filter
-{
+public class EERequestFilter implements Filter {
     private static final String HTTP_SCHEME = "http";
     private static final String HTTP_PORT = "http_port";
     private static final String HTTP_ROLE = "EE";
@@ -40,22 +39,21 @@ public class EERequestFilter implements Filter
     private static final String PROXY_HTTP_PORT = "proxy_http_port";
 
     private FilterConfig config;
-    
+
     /* Create a new EERequestFilter */
-    public EERequestFilter() {}
-    
-    public void init( FilterConfig filterConfig )
-                throws ServletException
-    {
+    public EERequestFilter() {
+    }
+
+    public void init(FilterConfig filterConfig)
+                throws ServletException {
         this.config = filterConfig;
     }
-    
-    public void doFilter( ServletRequest request, 
+
+    public void doFilter(ServletRequest request,
                           ServletResponse response,
-                          FilterChain chain )
+                          FilterChain chain)
                 throws java.io.IOException,
-                       ServletException
-    {
+                       ServletException {
         String filterName = getClass().getName();
 
         String scheme = null;
@@ -70,45 +68,45 @@ public class EERequestFilter implements Filter
         String param_active = null;
 
         // CMS.debug("Entering the EE filter");
-        param_active = config.getInitParameter( "active");
+        param_active = config.getInitParameter("active");
 
-        if( request instanceof HttpServletRequest ) {
-            HttpServletResponse resp = ( HttpServletResponse ) response;
+        if (request instanceof HttpServletRequest) {
+            HttpServletResponse resp = (HttpServletResponse) response;
 
             // RFC 1738:  verify that scheme is either "http" or "https"
             scheme = request.getScheme();
-            if( ( ! scheme.equals( HTTP_SCHEME ) ) &&
-                ( ! scheme.equals( HTTPS_SCHEME ) ) ) {
+            if ((!scheme.equals(HTTP_SCHEME)) &&
+                    (!scheme.equals(HTTPS_SCHEME))) {
                 msg = "The scheme MUST be either '" + HTTP_SCHEME
-                    + "' or '" + HTTPS_SCHEME
-                    + "', NOT '" + scheme + "'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg );
-                return; 
+                        + "' or '" + HTTPS_SCHEME
+                        + "', NOT '" + scheme + "'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
+                return;
             }
 
             // Always obtain either an "http" or an "https" port from request
             port = request.getLocalPort();
-            request_port = Integer.toString( port );
+            request_port = Integer.toString(port);
 
             // Always obtain the "http" port passed in as a parameter
-            param_http_port = config.getInitParameter( HTTP_PORT );
-            if( param_http_port == null ) {
+            param_http_port = config.getInitParameter(HTTP_PORT);
+            if (param_http_port == null) {
                 msg = "The <param-name> '" + HTTP_PORT
-                    + "' </param-name> " + "MUST be specified in 'web.xml'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
-                return; 
+                        + "' </param-name> " + "MUST be specified in 'web.xml'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
+                return;
             }
 
             // Always obtain the "https" port passed in as a parameter
-            param_https_port = config.getInitParameter( HTTPS_PORT );
-            if( param_https_port == null ) {
+            param_https_port = config.getInitParameter(HTTPS_PORT);
+            if (param_https_port == null) {
                 msg = "The <param-name> '" + HTTPS_PORT
-                    + "' </param-name> " + "MUST be specified in 'web.xml'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
-                return; 
+                        + "' </param-name> " + "MUST be specified in 'web.xml'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
+                return;
             }
 
             param_proxy_http_port = config.getInitParameter(PROXY_HTTP_PORT);
@@ -119,58 +117,58 @@ public class EERequestFilter implements Filter
             // the request and param "http" ports;
             // otherwise, if the scheme is "https", compare
             // the request and param "https" ports
-            if( scheme.equals( HTTP_SCHEME ) ) {
-                if( ! param_http_port.equals( request_port ) ) {
+            if (scheme.equals(HTTP_SCHEME)) {
+                if (!param_http_port.equals(request_port)) {
                     String uri = ((HttpServletRequest) request).getRequestURI();
-                    if (param_proxy_http_port != null) {  
+                    if (param_proxy_http_port != null) {
                         if (!param_proxy_http_port.equals(request_port)) {
                             msg = "Use HTTP port '" + param_http_port
-                                + "' or proxy port '" + param_proxy_http_port
-                                + "' instead of '" + request_port
-                                + "' when performing " + HTTP_ROLE + " tasks!";
+                                    + "' or proxy port '" + param_proxy_http_port
+                                    + "' instead of '" + request_port
+                                    + "' when performing " + HTTP_ROLE + " tasks!";
                             bad_port = true;
                         }
                     } else {
                         msg = "Use HTTP port '" + param_http_port
-                            + "' instead of '" + request_port
-                            + "' when performing " + HTTP_ROLE + " tasks!";
+                                + "' instead of '" + request_port
+                                + "' when performing " + HTTP_ROLE + " tasks!";
                         bad_port = true;
                     }
                     if (bad_port) {
-                        CMS.debug( filterName + ":  " + msg );
-                        CMS.debug( filterName + ": uri is " + uri);
-                        if ((param_active != null) &&(param_active.equals("false"))) {
+                        CMS.debug(filterName + ":  " + msg);
+                        CMS.debug(filterName + ": uri is " + uri);
+                        if ((param_active != null) && (param_active.equals("false"))) {
                             CMS.debug("Filter is disabled .. continuing");
                         } else {
-                            resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+                            resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
                             return;
                         }
                     }
                 }
-            } else if( scheme.equals( HTTPS_SCHEME ) ) {
-                if( ! param_https_port.equals( request_port ) ) {
+            } else if (scheme.equals(HTTPS_SCHEME)) {
+                if (!param_https_port.equals(request_port)) {
                     String uri = ((HttpServletRequest) request).getRequestURI();
-                    if (param_proxy_port != null) {  
+                    if (param_proxy_port != null) {
                         if (!param_proxy_port.equals(request_port)) {
                             msg = "Use HTTPS port '" + param_https_port
-                                + "' or proxy port '" + param_proxy_port
-                                + "' instead of '" + request_port
-                                + "' when performing " + HTTPS_ROLE + " tasks!";
+                                    + "' or proxy port '" + param_proxy_port
+                                    + "' instead of '" + request_port
+                                    + "' when performing " + HTTPS_ROLE + " tasks!";
                             bad_port = true;
                         }
                     } else {
                         msg = "Use HTTPS port '" + param_https_port
-                            + "' instead of '" + request_port
-                            + "' when performing " + HTTPS_ROLE + " tasks!";
+                                + "' instead of '" + request_port
+                                + "' when performing " + HTTPS_ROLE + " tasks!";
                         bad_port = true;
                     }
                     if (bad_port) {
-                        CMS.debug( filterName + ":  " + msg );
-                        CMS.debug( filterName + ": uri is " + uri);
-                        if ((param_active != null) &&(param_active.equals("false"))) {
+                        CMS.debug(filterName + ":  " + msg);
+                        CMS.debug(filterName + ": uri is " + uri);
+                        if ((param_active != null) && (param_active.equals("false"))) {
                             CMS.debug("Filter is disabled .. continuing");
                         } else {
-                            resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+                            resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
                             return;
                         }
                     }
@@ -180,11 +178,9 @@ public class EERequestFilter implements Filter
         }
         // CMS.debug("Exiting the EE filter");
 
-        chain.doFilter( request, response );
+        chain.doFilter(request, response);
     }
-    
-    public void destroy()
-    {
+
+    public void destroy() {
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java
index 166036a9..d7c3ffae 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Locale;
@@ -43,13 +42,12 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * A class representing a recoverKey servlet. This servlet
  * shows key information and presents a list of text boxes
  * so that recovery agents can type in their identifiers
  * and passwords.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ConfirmRecoverBySerial extends CMSServlet {
@@ -59,8 +57,8 @@ public class ConfirmRecoverBySerial extends CMSServlet {
      */
     private static final long serialVersionUID = 2221819191344494389L;
     private final static String INFO = "recoverBySerial";
-    private final static String TPL_FILE = 
-        "confirmRecoverBySerial.template";
+    private final static String TPL_FILE =
+            "confirmRecoverBySerial.template";
 
     private final static String IN_SERIALNO = "serialNumber";
     private final static String OUT_SERIALNO = IN_SERIALNO;
@@ -95,22 +93,22 @@ public class ConfirmRecoverBySerial extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
-     * Serves HTTP request. The format of this request is 
+     * Serves HTTP request. The format of this request is
      * as follows:
-     *   confirmRecoverBySerial?
-     *     [serialNumber=<serialno>]
+     * confirmRecoverBySerial?
+     * [serialNumber=<serialno>]
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
 
         // Note that we should try to handle all the exceptions
         // instead of passing it up back to the servlet 
         // framework.
-		
+
         HttpServletRequest req = cmsReq.getHttpReq();
         HttpServletResponse resp = cmsReq.getHttpResp();
 
@@ -123,9 +121,9 @@ public class ConfirmRecoverBySerial extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -147,8 +145,8 @@ public class ConfirmRecoverBySerial extends CMSServlet {
 
             process(argSet, header, seqNum, req, resp, locale[0]);
         } catch (NumberFormatException e) {
-            header.addStringValue(OUT_ERROR, 
-                CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+            header.addStringValue(OUT_ERROR,
+                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
         }
 
         try {
@@ -157,10 +155,10 @@ public class ConfirmRecoverBySerial extends CMSServlet {
             resp.setContentType("text/html");
             form.renderOutput(out, argSet);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
     }
@@ -169,17 +167,17 @@ public class ConfirmRecoverBySerial extends CMSServlet {
      * Requests for a list of agent passwords.
      */
     private void process(CMSTemplateParams argSet,
-        IArgBlock header, int seq, 
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale) {
+            IArgBlock header, int seq,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale) {
         try {
             header.addIntegerValue(OUT_SERIALNO, seq);
             header.addIntegerValue(OUT_M,
-                mRecoveryService.getNoOfRequiredAgents());
+                    mRecoveryService.getNoOfRequiredAgents());
             header.addStringValue(OUT_OP,
-                req.getParameter(OUT_OP));
+                    req.getParameter(OUT_OP));
             header.addStringValue(OUT_SERVICE_URL,
-                req.getRequestURI());
+                    req.getRequestURI());
 
             IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger(
                         Integer.toString(seq)));
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java
index 510f1ac3..a3490d89 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Locale;
@@ -44,11 +43,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Display a specific Key Archival Request
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DisplayBySerial extends CMSServlet {
@@ -78,7 +76,7 @@ public class DisplayBySerial extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "displayBySerial.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -94,8 +92,8 @@ public class DisplayBySerial extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
@@ -103,7 +101,7 @@ public class DisplayBySerial extends CMSServlet {
      * <ul>
      * <li>http.param serialNumber serial number of the key archival request
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -119,10 +117,10 @@ public class DisplayBySerial extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -137,9 +135,9 @@ public class DisplayBySerial extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         // Note that we should try to handle all the exceptions
@@ -159,7 +157,7 @@ public class DisplayBySerial extends CMSServlet {
             process(argSet, header, seqNum, req, resp, locale[0]);
         } catch (NumberFormatException e) {
             header.addStringValue(OUT_ERROR,
-                CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
         }
 
         try {
@@ -169,9 +167,9 @@ public class DisplayBySerial extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
@@ -179,15 +177,15 @@ public class DisplayBySerial extends CMSServlet {
      * Display information about a particular key.
      */
     private void process(CMSTemplateParams argSet,
-        IArgBlock header, int seq, 
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale) {
+            IArgBlock header, int seq,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale) {
         try {
             header.addStringValue(OUT_OP,
-                req.getParameter(OUT_OP));
+                    req.getParameter(OUT_OP));
             header.addStringValue(OUT_SERVICE_URL,
-                req.getRequestURI());
-            IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new 
+                    req.getRequestURI());
+            IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new
                     BigInteger(Integer.toString(seq)));
 
             KeyRecordParser.fillRecordIntoArg(rec, header);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java
index 2ef78c64..1ef0ba40 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Locale;
@@ -45,11 +44,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Display a Specific Key Archival Request, and initiate
  * key recovery process
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DisplayBySerialForRecovery extends CMSServlet {
@@ -80,7 +78,7 @@ public class DisplayBySerialForRecovery extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "displayBySerialForRecovery.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -95,17 +93,17 @@ public class DisplayBySerialForRecovery extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param serialNumber  request ID of key archival request
-     * <li>http.param publicKeyData  
+     * <li>http.param serialNumber request ID of key archival request
+     * <li>http.param publicKeyData
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -121,10 +119,10 @@ public class DisplayBySerialForRecovery extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -139,9 +137,9 @@ public class DisplayBySerialForRecovery extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         // Note that we should try to handle all the exceptions
@@ -159,12 +157,12 @@ public class DisplayBySerialForRecovery extends CMSServlet {
                 seqNum = Integer.parseInt(
                             req.getParameter(IN_SERIALNO));
             }
-            process(argSet, header, 
-                req.getParameter("publicKeyData"),
-                seqNum, req, resp, locale[0]);
+            process(argSet, header,
+                    req.getParameter("publicKeyData"),
+                    seqNum, req, resp, locale[0]);
         } catch (NumberFormatException e) {
             header.addStringValue(OUT_ERROR,
-                CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
         } catch (Exception e) {
             e.printStackTrace();
             System.out.println(e.toString());
@@ -176,9 +174,9 @@ public class DisplayBySerialForRecovery extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
     }
@@ -187,23 +185,23 @@ public class DisplayBySerialForRecovery extends CMSServlet {
      * Display information about a particular key.
      */
     private synchronized void process(CMSTemplateParams argSet,
-        IArgBlock header, String publicKeyData, int seq, 
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale) {
+            IArgBlock header, String publicKeyData, int seq,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale) {
         try {
             header.addIntegerValue("noOfRequiredAgents",
-                mService.getNoOfRequiredAgents());
+                    mService.getNoOfRequiredAgents());
             header.addStringValue(OUT_OP,
-                req.getParameter(OUT_OP));
+                    req.getParameter(OUT_OP));
             header.addStringValue("keySplitting",
-                CMS.getConfigStore().getString("kra.keySplitting"));
+                    CMS.getConfigStore().getString("kra.keySplitting"));
             header.addStringValue(OUT_SERVICE_URL,
-                req.getRequestURI());
+                    req.getRequestURI());
             if (publicKeyData != null) {
                 header.addStringValue("publicKeyData",
-                    publicKeyData);
+                        publicKeyData);
             }
-            IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new 
+            IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new
                     BigInteger(Integer.toString(seq)));
 
             KeyRecordParser.fillRecordIntoArg(rec, header);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java
index d4baf181..a86a676b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -34,11 +33,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * Retrieve Transport Certificate used to 
+ * Retrieve Transport Certificate used to
  * wrap Private key Archival requests
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DisplayTransport extends CMSServlet {
@@ -67,13 +65,13 @@ public class DisplayTransport extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
      * Process the HTTP request.
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -98,21 +96,21 @@ public class DisplayTransport extends CMSServlet {
         }
 
         try {
-            IKeyRecoveryAuthority kra = 
-                (IKeyRecoveryAuthority) mAuthority;
+            IKeyRecoveryAuthority kra =
+                    (IKeyRecoveryAuthority) mAuthority;
             ITransportKeyUnit tu = kra.getTransportKeyUnit();
             org.mozilla.jss.crypto.X509Certificate transportCert =
-                tu.getCertificate();
+                    tu.getCertificate();
 
             resp.setStatus(HttpServletResponse.SC_OK);
             resp.setContentType("text/html");
-            String content = ""; 
+            String content = "";
 
             content += "<HTML><PRE>";
-            String mime64 = 
-                "-----BEGIN CERTIFICATE-----\n" + 
-                CMS.BtoA(transportCert.getEncoded()) + 
-                "-----END CERTIFICATE-----\n";
+            String mime64 =
+                    "-----BEGIN CERTIFICATE-----\n" +
+                            CMS.BtoA(transportCert.getEncoded()) +
+                            "-----END CERTIFICATE-----\n";
 
             content += mime64;
             content += "</PRE></HTML>";
@@ -120,9 +118,9 @@ public class DisplayTransport extends CMSServlet {
             resp.getOutputStream().write(content.getBytes());
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java
index 9fbad7a6..bc23e635 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Hashtable;
@@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * View the Key Recovery Request 
- *
+ * View the Key Recovery Request
+ * 
  * @version $Revision$, $Date$
  */
 public class ExamineRecovery extends CMSServlet {
@@ -100,8 +98,8 @@ public class ExamineRecovery extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
@@ -109,7 +107,7 @@ public class ExamineRecovery extends CMSServlet {
      * <ul>
      * <li>http.param recoveryID recovery request ID
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
 
@@ -127,10 +125,10 @@ public class ExamineRecovery extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -145,9 +143,9 @@ public class ExamineRecovery extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -158,9 +156,9 @@ public class ExamineRecovery extends CMSServlet {
         EBaseException error = null;
 
         try {
-            process(argSet, header, 
-                req.getParameter("recoveryID"),
-                req, resp, locale[0]);
+            process(argSet, header,
+                    req.getParameter("recoveryID"),
+                    req, resp, locale[0]);
         } catch (EBaseException e) {
             error = e;
         } catch (Exception e) {
@@ -184,12 +182,12 @@ public class ExamineRecovery extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  ServletOutputStream out = resp.getOutputStream();
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    ServletOutputStream out = resp.getOutputStream();
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
@@ -197,9 +195,9 @@ public class ExamineRecovery extends CMSServlet {
             }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
@@ -208,41 +206,40 @@ public class ExamineRecovery extends CMSServlet {
      * provided by the administrator.
      */
     private void process(CMSTemplateParams argSet,
-        IArgBlock header, String recoveryID,
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale) 
-        throws EBaseException {
+            IArgBlock header, String recoveryID,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale)
+            throws EBaseException {
         try {
             header.addStringValue(OUT_OP,
-                req.getParameter(OUT_OP));
+                    req.getParameter(OUT_OP));
             header.addStringValue(OUT_SERVICE_URL,
-                req.getRequestURI());
+                    req.getRequestURI());
             header.addStringValue("keySplitting",
-                CMS.getConfigStore().getString("kra.keySplitting"));
+                    CMS.getConfigStore().getString("kra.keySplitting"));
             Hashtable params = mService.getRecoveryParams(
                     recoveryID);
 
             if (params == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
+                        CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
             }
-            String keyID = (String)params.get("keyID");
-            header.addStringValue("serialNumber", keyID); 
+            String keyID = (String) params.get("keyID");
+            header.addStringValue("serialNumber", keyID);
             header.addStringValue("recoveryID", recoveryID);
 
-            IKeyRepository mKeyDB = 
-              ((IKeyRecoveryAuthority) mAuthority).getKeyRepository();
+            IKeyRepository mKeyDB =
+                    ((IKeyRecoveryAuthority) mAuthority).getKeyRepository();
             IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new
                     BigInteger(keyID));
             KeyRecordParser.fillRecordIntoArg(rec, header);
-                                                                                
 
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, "Error e " + e);
             throw e;
-        } 
+        }
 
         /*
          catch (Exception e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java
index 4bd4d45b..79bb937e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Check to see if a Key Recovery Request has been approved
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class GetApprovalStatus extends CMSServlet {
@@ -81,7 +79,7 @@ public class GetApprovalStatus extends CMSServlet {
      * initialize the servlet. This servlet uses the template files
      * "getApprovalStatus.template" and "finishRecovery.template"
      * to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -95,8 +93,8 @@ public class GetApprovalStatus extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
@@ -104,7 +102,7 @@ public class GetApprovalStatus extends CMSServlet {
      * <ul>
      * <li>http.param recoveryID request ID to check
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -148,12 +146,12 @@ public class GetApprovalStatus extends CMSServlet {
 
             if (params == null) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
+                        CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
+                        CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
             }
             header.addStringValue("serialNumber",
-                (String) params.get("keyID"));
+                    (String) params.get("keyID"));
 
             int requiredNumber = mService.getNoOfRequiredAgents();
 
@@ -174,7 +172,7 @@ public class GetApprovalStatus extends CMSServlet {
 
                 if (pkcs12 != null) {
                     rComplete = 1;
-                    header.addStringValue(OUT_STATUS, "complete");        
+                    header.addStringValue(OUT_STATUS, "complete");
 
                     /*
                      mService.destroyRecoveryParams(recoveryID);
@@ -193,8 +191,8 @@ public class GetApprovalStatus extends CMSServlet {
                      */
                 } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) {
                     // error in recovery process 
-                    header.addStringValue(OUT_ERROR, 
-                        ((IKeyRecoveryAuthority) mService).getError(recoveryID));
+                    header.addStringValue(OUT_ERROR,
+                            ((IKeyRecoveryAuthority) mService).getError(recoveryID));
                     rComplete = 1;
                 } else {
                     // pk12 hasn't been created yet.
@@ -210,16 +208,16 @@ public class GetApprovalStatus extends CMSServlet {
                 mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FINISH;
             } else {
                 mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FILE;
-            }    
+            }
             if (mOutputTemplatePath != null)
                 mFormPath = mOutputTemplatePath;
             try {
                 form = getTemplate(mFormPath, req, locale);
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                        CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
             }
 
             ServletOutputStream out = resp.getOutputStream();
@@ -228,9 +226,9 @@ public class GetApprovalStatus extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
index cea08af3..4a962838 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -42,11 +41,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Get the recovered key in PKCS#12 format
- *   - for asynchronous key recovery only
- *
+ * - for asynchronous key recovery only
+ * 
  */
 public class GetAsyncPk12 extends CMSServlet {
 
@@ -67,13 +65,11 @@ public class GetAsyncPk12 extends CMSServlet {
     private com.netscape.certsrv.kra.IKeyService mService = null;
     private final static String OUT_STATUS = "status";
 
-    private final static String
-        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
+    private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
+            "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
 
-    private final static String
-        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
-        "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
+    private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
+            "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
 
     private String mFormPath = null;
 
@@ -87,7 +83,7 @@ public class GetAsyncPk12 extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "finishAsyncRecovery.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -103,8 +99,8 @@ public class GetAsyncPk12 extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
@@ -112,7 +108,7 @@ public class GetAsyncPk12 extends CMSServlet {
      * <ul>
      * <li>http.param reqID request id for recovery
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -132,10 +128,10 @@ public class GetAsyncPk12 extends CMSServlet {
                         mAuthzResourceName, "download");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -150,9 +146,9 @@ public class GetAsyncPk12 extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -173,9 +169,9 @@ public class GetAsyncPk12 extends CMSServlet {
                 agent = (String) sContext.get(SessionContext.USER_ID);
             }
 
-            if (agent == null ) {
-                CMS.debug( "GetAsyncPk12::process() - agent is null!" );
-                throw new EBaseException( "agent is null" );
+            if (agent == null) {
+                CMS.debug("GetAsyncPk12::process() - agent is null!");
+                throw new EBaseException("agent is null");
             }
 
             String initAgent = "undefined";
@@ -183,18 +179,18 @@ public class GetAsyncPk12 extends CMSServlet {
 
             if ((initAgent.equals("undefined")) || !agent.equals(initAgent)) {
                 log(ILogger.LL_SECURITY,
-                    CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3",
-                        reqID, initAgent));
+                        CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3",
+                                reqID, initAgent));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC",
-                        reqID, initAgent));
+                        CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC",
+                                reqID, initAgent));
             }
 
             // The async recovery request must be in "approved" state
             //  i.e. all required # of recovery agents approved
             if (mService.isApprovedAsyncKeyRecovery(reqID) != true) {
                 CMS.debug("GetAsyncPk12::process() - # required recovery agents not met");
-                throw new EBaseException( "# required recovery agents not met" );
+                throw new EBaseException("# required recovery agents not met");
             }
 
             String password = req.getParameter(IN_PASSWORD);
@@ -202,11 +198,11 @@ public class GetAsyncPk12 extends CMSServlet {
 
             if (password == null || password.equals("")) {
                 header.addStringValue(OUT_ERROR, "PKCS12 password not found");
-                throw new EBaseException( "PKCS12 password not found" );
+                throw new EBaseException("PKCS12 password not found");
             }
             if (passwordAgain == null || !passwordAgain.equals(password)) {
                 header.addStringValue(OUT_ERROR, "PKCS12 password not matched");
-                throw new EBaseException( "PKCS12 password not matched" );
+                throw new EBaseException("PKCS12 password not matched");
             }
 
             // got all approval, return pk12
@@ -219,23 +215,23 @@ public class GetAsyncPk12 extends CMSServlet {
                     mRenderResult = false;
 
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
-                        agent,
-                        ILogger.SUCCESS,
-                        reqID,
-                        "");
+                            LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
+                            agent,
+                            ILogger.SUCCESS,
+                            reqID,
+                            "");
 
-                     audit(auditMessage);
+                    audit(auditMessage);
 
                     return;
                 } catch (IOException e) {
                     header.addStringValue(OUT_ERROR,
-                        CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                            CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
                 }
             } else if (((IKeyRecoveryAuthority) mService).getError(reqID) != null) {
                 // error in recovery process 
-                header.addStringValue(OUT_ERROR, 
-                    ((IKeyRecoveryAuthority) mService).getError(reqID));
+                header.addStringValue(OUT_ERROR,
+                        ((IKeyRecoveryAuthority) mService).getError(reqID));
             } else {
                 // pk12 hasn't been created yet. Shouldn't get here
             }
@@ -245,11 +241,11 @@ public class GetAsyncPk12 extends CMSServlet {
 
         if ((agent != null) && (reqID != null)) {
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
-                agent,
-                ILogger.FAILURE,
-                reqID,
-                "");
+                    LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
+                    agent,
+                    ILogger.FAILURE,
+                    reqID,
+                    "");
 
             audit(auditMessage);
         }
@@ -261,9 +257,9 @@ public class GetAsyncPk12 extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java
index b3651774..f27e966d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.util.Hashtable;
 import java.util.Locale;
@@ -43,10 +42,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Get the recovered key in PKCS#12 format
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class GetPk12 extends CMSServlet {
@@ -66,13 +64,11 @@ public class GetPk12 extends CMSServlet {
     private com.netscape.certsrv.kra.IKeyService mService = null;
     private final static String OUT_STATUS = "status";
 
-    private final static String
-        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
+    private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
+            "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
 
-    private final static String
-        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
-        "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
+    private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
+            "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
 
     private String mFormPath = null;
 
@@ -86,7 +82,7 @@ public class GetPk12 extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "finishRecovery.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -102,8 +98,8 @@ public class GetPk12 extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
@@ -111,7 +107,7 @@ public class GetPk12 extends CMSServlet {
      * <ul>
      * <li>http.param recoveryID ID of request to recover
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -131,10 +127,10 @@ public class GetPk12 extends CMSServlet {
                         mAuthzResourceName, "download");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -149,9 +145,9 @@ public class GetPk12 extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -170,9 +166,9 @@ public class GetPk12 extends CMSServlet {
 
             if (params == null) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
+                        CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
+                        CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
             }
 
             // only the init DRM agent can get the pkcs12
@@ -181,26 +177,26 @@ public class GetPk12 extends CMSServlet {
                 agent = (String) sContext.get(SessionContext.USER_ID);
             }
 
-            if (agent == null ) {
-                CMS.debug( "GetPk12::process() - agent is null!" );
-                throw new EBaseException( "agent is null" );
+            if (agent == null) {
+                CMS.debug("GetPk12::process() - agent is null!");
+                throw new EBaseException("agent is null");
             }
 
-            String initAgent = (String) params.get("agent");     
+            String initAgent = (String) params.get("agent");
 
             if (!agent.equals(initAgent)) {
                 log(ILogger.LL_SECURITY,
-                    
-                    CMS.getLogMessage("CMSGW_INVALID_AGENT_3",
+
+                CMS.getLogMessage("CMSGW_INVALID_AGENT_3",
                         recoveryID,
                         initAgent));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_AGENT",
-                            agent, initAgent, recoveryID));
+                        CMS.getUserMessage("CMS_GW_INVALID_AGENT",
+                                agent, initAgent, recoveryID));
             }
 
             header.addStringValue("serialNumber",
-                (String) params.get("keyID"));
+                    (String) params.get("keyID"));
 
             // got all approval, return pk12
             byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID);
@@ -213,23 +209,23 @@ public class GetPk12 extends CMSServlet {
                     mRenderResult = false;
 
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
-                        agent,
-                        ILogger.SUCCESS,
-                        recoveryID,
-                        "");
+                            LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
+                            agent,
+                            ILogger.SUCCESS,
+                            recoveryID,
+                            "");
 
                     audit(auditMessage);
 
                     return;
                 } catch (IOException e) {
                     header.addStringValue(OUT_ERROR,
-                        CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                            CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
                 }
             } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) {
                 // error in recovery process
-                header.addStringValue(OUT_ERROR, 
-                    ((IKeyRecoveryAuthority) mService).getError(recoveryID));
+                header.addStringValue(OUT_ERROR,
+                        ((IKeyRecoveryAuthority) mService).getError(recoveryID));
             } else {
                 // pk12 hasn't been created yet. Shouldn't get here
             }
@@ -239,11 +235,11 @@ public class GetPk12 extends CMSServlet {
 
         if ((agent != null) && (recoveryID != null)) {
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
-                agent,
-                ILogger.FAILURE,
-                recoveryID,
-                "");
+                    LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
+                    agent,
+                    ILogger.FAILURE,
+                    recoveryID,
+                    "");
 
             audit(auditMessage);
         }
@@ -255,9 +251,9 @@ public class GetPk12 extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
index a868f47c..dad21487 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
@@ -40,10 +40,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Approve an asynchronous key recovery request
- *
+ * 
  */
 public class GrantAsyncRecovery extends CMSServlet {
 
@@ -69,7 +68,7 @@ public class GrantAsyncRecovery extends CMSServlet {
     private String mFormPath = null;
 
     private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN =
-        "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
+            "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
 
     /**
      * Constructs EA servlet.
@@ -81,7 +80,7 @@ public class GrantAsyncRecovery extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * 'grantAsyncRecovery.template' to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -98,8 +97,8 @@ public class GrantAsyncRecovery extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
@@ -107,9 +106,9 @@ public class GrantAsyncRecovery extends CMSServlet {
      * <ul>
      * <li>http.param reqID request ID of the request to approve
      * <li>http.param agentID User ID of the agent approving the request
-
+     * 
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -128,10 +127,10 @@ public class GrantAsyncRecovery extends CMSServlet {
                         mAuthzResourceName, "recover");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -146,9 +145,9 @@ public class GrantAsyncRecovery extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -161,13 +160,13 @@ public class GrantAsyncRecovery extends CMSServlet {
         CMS.debug("GrantAsyncRecovery: process() agent uid=" + agentID);
         CMS.debug("GrantAsyncRecovery: process() request id=" + req.getParameter("reqID"));
         try {
-            process(argSet, header, 
-                req.getParameter("reqID"),
-                agentID,
-                req, resp, locale[0]);
+            process(argSet, header,
+                    req.getParameter("reqID"),
+                    agentID,
+                    req, resp, locale[0]);
         } catch (NumberFormatException e) {
             header.addStringValue(OUT_ERROR,
-                CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
         }
         try {
             ServletOutputStream out = resp.getOutputStream();
@@ -176,9 +175,9 @@ public class GrantAsyncRecovery extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
     }
@@ -186,12 +185,11 @@ public class GrantAsyncRecovery extends CMSServlet {
     /**
      * Update agent approval list
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used
-     * whenever DRM agents login as recovery agents to approve key recovery
-     * requests
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used whenever DRM agents login as recovery agents to approve key recovery requests
      * </ul>
+     * 
      * @param argSet CMS template parameters
      * @param header argument block
      * @param reqID string containing the recovery request ID
@@ -201,10 +199,10 @@ public class GrantAsyncRecovery extends CMSServlet {
      * @param locale the system locale
      */
     private void process(CMSTemplateParams argSet,
-        IArgBlock header, String reqID,
-        String agentID,
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale) {
+            IArgBlock header, String reqID,
+            String agentID,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale) {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditRequestID = reqID;
@@ -234,9 +232,9 @@ public class GrantAsyncRecovery extends CMSServlet {
 
         try {
             header.addStringValue(OUT_OP,
-                req.getParameter(OUT_OP));
+                    req.getParameter(OUT_OP));
             header.addStringValue(OUT_SERVICE_URL,
-                req.getRequestURI());
+                    req.getRequestURI());
 
             // update approving agent list
             mService.addAgentAsyncKeyRecovery(reqID, agentID);
@@ -281,4 +279,3 @@ public class GrantAsyncRecovery extends CMSServlet {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java
index 9a7238be..a7069644 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.util.Hashtable;
 import java.util.Locale;
@@ -42,10 +41,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Approve a key recovery request
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class GrantRecovery extends CMSServlet {
@@ -74,7 +72,7 @@ public class GrantRecovery extends CMSServlet {
     private String mFormPath = null;
 
     private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN =
-        "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
+            "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
 
     /**
      * Constructs EA servlet.
@@ -86,7 +84,7 @@ public class GrantRecovery extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * 'grantRecovery.template' to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -103,19 +101,19 @@ public class GrantRecovery extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
      * Process the HTTP request.
      * <ul>
      * <li>http.param recoveryID ID of the request to approve
-     * <li>http.param agentID    User ID of the agent approving the request
-     * <li>http.param agentPWD   Password of the agent approving the request
-
+     * <li>http.param agentID User ID of the agent approving the request
+     * <li>http.param agentPWD Password of the agent approving the request
+     * 
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -132,10 +130,10 @@ public class GrantRecovery extends CMSServlet {
                         mAuthzResourceName, "recover");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -150,9 +148,9 @@ public class GrantRecovery extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -166,14 +164,14 @@ public class GrantRecovery extends CMSServlet {
             agentID = req.getParameter("agentID");
         }
         try {
-            process(argSet, header, 
-                req.getParameter("recoveryID"),
-                agentID,
-                req.getParameter("agentPWD"),
-                req, resp, locale[0]);
+            process(argSet, header,
+                    req.getParameter("recoveryID"),
+                    agentID,
+                    req.getParameter("agentPWD"),
+                    req, resp, locale[0]);
         } catch (NumberFormatException e) {
             header.addStringValue(OUT_ERROR,
-                CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
         }
         try {
             ServletOutputStream out = resp.getOutputStream();
@@ -182,9 +180,9 @@ public class GrantRecovery extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
     }
@@ -193,12 +191,11 @@ public class GrantRecovery extends CMSServlet {
      * Recovers a key. The p12 will be protected by the password
      * provided by the administrator.
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used
-     * whenever DRM agents login as recovery agents to approve key recovery
-     * requests
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used whenever DRM agents login as recovery agents to approve key recovery requests
      * </ul>
+     * 
      * @param argSet CMS template parameters
      * @param header argument block
      * @param recoveryID string containing the recovery ID
@@ -209,10 +206,10 @@ public class GrantRecovery extends CMSServlet {
      * @param locale the system locale
      */
     private void process(CMSTemplateParams argSet,
-        IArgBlock header, String recoveryID,
-        String agentID, String agentPWD,
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale) {
+            IArgBlock header, String recoveryID,
+            String agentID, String agentPWD,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale) {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditRecoveryID = recoveryID;
@@ -242,15 +239,15 @@ public class GrantRecovery extends CMSServlet {
 
         try {
             header.addStringValue(OUT_OP,
-                req.getParameter(OUT_OP));
+                    req.getParameter(OUT_OP));
             header.addStringValue(OUT_SERVICE_URL,
-                req.getRequestURI());
+                    req.getRequestURI());
 
             Hashtable h = mService.getRecoveryParams(recoveryID);
 
             if (h == null) {
-                header.addStringValue(OUT_ERROR, 
-                    "No such token found");
+                header.addStringValue(OUT_ERROR,
+                        "No such token found");
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
@@ -265,13 +262,13 @@ public class GrantRecovery extends CMSServlet {
                 return;
             }
             header.addStringValue("serialNumber",
-                (String) h.get("keyID"));
+                    (String) h.get("keyID"));
 
             mService.addDistributedCredential(recoveryID, agentID, agentPWD);
             header.addStringValue("agentID",
-                agentID);
+                    agentID);
             header.addStringValue("recoveryID",
-                recoveryID);
+                    recoveryID);
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -310,4 +307,3 @@ public class GrantRecovery extends CMSServlet {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java
index 9ce8585f..1171236b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.util.Date;
 
 import com.netscape.certsrv.apps.CMS;
@@ -28,7 +27,7 @@ import com.netscape.certsrv.dbs.keydb.IKeyRecord;
 
 /**
  * Output a 'pretty print' of a Key Archival record
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class KeyRecordParser {
@@ -44,28 +43,27 @@ public class KeyRecordParser {
     public final static String OUT_RECOVERED_BY = "recoveredBy";
     public final static String OUT_RECOVERED_ON = "recoveredOn";
 
-
     /**
      * Fills key record into argument block.
      */
-    public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg) 
-        throws EBaseException {
+    public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg)
+            throws EBaseException {
         if (rec == null)
             return;
         rarg.addStringValue(OUT_STATE,
-            rec.getState().toString());
+                rec.getState().toString());
         rarg.addStringValue(OUT_OWNER_NAME,
-            rec.getOwnerName());
+                rec.getOwnerName());
         rarg.addIntegerValue(OUT_SERIALNO,
-            rec.getSerialNumber().intValue());
+                rec.getSerialNumber().intValue());
         rarg.addStringValue(OUT_KEY_ALGORITHM,
-            rec.getAlgorithm());
+                rec.getAlgorithm());
         // Possible Enhancement: sun's BASE64Encode is not 
         // fast. We may may to have our native implmenetation.
         IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":");
 
         rarg.addStringValue(OUT_PUBLIC_KEY,
-            pp.toHexString(rec.getPublicKeyData(), 0, 20));
+                pp.toHexString(rec.getPublicKeyData(), 0, 20));
         Integer keySize = rec.getKeySize();
 
         if (keySize == null) {
@@ -74,16 +72,16 @@ public class KeyRecordParser {
             rarg.addIntegerValue(OUT_KEY_LEN, keySize.intValue());
         }
         rarg.addStringValue(OUT_ARCHIVED_BY,
-            rec.getArchivedBy());
+                rec.getArchivedBy());
         rarg.addLongValue(OUT_ARCHIVED_ON,
-            rec.getCreateTime().getTime() / 1000);
+                rec.getCreateTime().getTime() / 1000);
         Date dateOfRevocation[] = rec.getDateOfRevocation();
 
         if (dateOfRevocation != null) {
-            rarg.addStringValue(OUT_RECOVERED_BY, 
-                "null");
-            rarg.addStringValue(OUT_RECOVERED_ON, 
-                "null"); 
+            rarg.addStringValue(OUT_RECOVERED_BY,
+                    "null");
+            rarg.addStringValue(OUT_RECOVERED_ON,
+                    "null");
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
index edcd2bdf..8abafa15 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Hashtable;
@@ -51,7 +50,7 @@ import com.netscape.cmsutil.util.Cert;
 
 /**
  * A class representing a recoverBySerial servlet.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class RecoverBySerial extends CMSServlet {
@@ -108,22 +107,22 @@ public class RecoverBySerial extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
      * Serves HTTP request. The format of this request is as follows:
-     *   recoverBySerial?
-     *     [serialNumber=<number>]
-     *     [uid#=<uid>]
-     *     [pwd#=<password>]
-     *     [localAgents=yes|null]
-     *     [recoveryID=recoveryID]
-     *     [pkcs12Password=<password of pkcs12>]
-     *     [pkcs12PasswordAgain=<password of pkcs12>]
-     *     [pkcs12Delivery=<delivery mechanism for pkcs12>]
-     *     [cert=<encryption certificate>]
+     * recoverBySerial?
+     * [serialNumber=<number>]
+     * [uid#=<uid>]
+     * [pwd#=<password>]
+     * [localAgents=yes|null]
+     * [recoveryID=recoveryID]
+     * [pkcs12Password=<password of pkcs12>]
+     * [pkcs12PasswordAgain=<password of pkcs12>]
+     * [pkcs12Delivery=<delivery mechanism for pkcs12>]
+     * [cert=<encryption certificate>]
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
 
@@ -138,10 +137,10 @@ public class RecoverBySerial extends CMSServlet {
                         mAuthzResourceName, "recover");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -156,9 +155,9 @@ public class RecoverBySerial extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -197,46 +196,46 @@ public class RecoverBySerial extends CMSServlet {
                also be listed in the request.
              */
             if ((initAsyncRecovery != null) &&
-                   initAsyncRecovery.equalsIgnoreCase("ON")) {
-              process(form, argSet, header,
-                  req.getParameter(IN_SERIALNO),
-                  req.getParameter(IN_CERT),
-                  req, resp, locale[0]);
-
-              int requiredNumber = mService.getNoOfRequiredAgents();
-              header.addIntegerValue("noOfRequiredAgents", requiredNumber);
+                    initAsyncRecovery.equalsIgnoreCase("ON")) {
+                process(form, argSet, header,
+                        req.getParameter(IN_SERIALNO),
+                        req.getParameter(IN_CERT),
+                        req, resp, locale[0]);
+
+                int requiredNumber = mService.getNoOfRequiredAgents();
+                header.addIntegerValue("noOfRequiredAgents", requiredNumber);
             } else {
                 String recoveryID = req.getParameter("recoveryID");
 
                 if (recoveryID != null && !recoveryID.equals("")) {
-                  ctx.put(SessionContext.RECOVERY_ID,
-                    req.getParameter("recoveryID"));
+                    ctx.put(SessionContext.RECOVERY_ID,
+                            req.getParameter("recoveryID"));
+                }
+                byte pkcs12[] = process(form, argSet, header,
+                        req.getParameter(IN_SERIALNO),
+                        req.getParameter("localAgents"),
+                        req.getParameter(IN_PASSWORD),
+                        req.getParameter(IN_PASSWORD_AGAIN),
+                        req.getParameter(IN_CERT),
+                        req.getParameter(IN_DELIVERY),
+                        req.getParameter(IN_NICKNAME),
+                        req, resp, locale[0]);
+
+                if (pkcs12 != null) {
+                    //resp.setStatus(HttpServletResponse.SC_OK);
+                    resp.setContentType("application/x-pkcs12");
+                    //resp.setContentLength(pkcs12.length);
+                    resp.getOutputStream().write(pkcs12);
+                    mRenderResult = false;
+                    return;
                 }
-              byte pkcs12[] = process(form, argSet, header, 
-                    req.getParameter(IN_SERIALNO), 
-                    req.getParameter("localAgents"),
-                    req.getParameter(IN_PASSWORD),
-                    req.getParameter(IN_PASSWORD_AGAIN),
-                    req.getParameter(IN_CERT),
-                    req.getParameter(IN_DELIVERY),
-                    req.getParameter(IN_NICKNAME),
-                    req, resp, locale[0]);
-
-              if (pkcs12 != null) {
-                //resp.setStatus(HttpServletResponse.SC_OK);
-                resp.setContentType("application/x-pkcs12");
-                //resp.setContentLength(pkcs12.length);
-                resp.getOutputStream().write(pkcs12);
-                mRenderResult = false;
-                return;
-              }
             }
         } catch (NumberFormatException e) {
             header.addStringValue(OUT_ERROR,
-                CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
         } catch (IOException e) {
             header.addStringValue(OUT_ERROR,
-                CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
         } finally {
             SessionContext.releaseContext();
         }
@@ -249,9 +248,9 @@ public class RecoverBySerial extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -260,10 +259,10 @@ public class RecoverBySerial extends CMSServlet {
     /**
      * Async Key Recovery - request initiation
      */
-    private void  process(CMSTemplate form, CMSTemplateParams argSet,
-        IArgBlock header, String seq, String cert,
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale) {
+    private void process(CMSTemplate form, CMSTemplateParams argSet,
+            IArgBlock header, String seq, String cert,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale) {
 
         // seq is the key id
         if (seq == null) {
@@ -291,22 +290,22 @@ public class RecoverBySerial extends CMSServlet {
 
         try {
             String reqID = mService.initAsyncKeyRecovery(
-                  new BigInteger(seq), x509cert,
+                    new BigInteger(seq), x509cert,
                       (String) sContext.get(SessionContext.USER_ID));
             header.addStringValue(OUT_SERIALNO, req.getParameter(IN_SERIALNO));
             header.addStringValue("requestID", reqID);
         } catch (EBaseException e) {
             String error =
-                "Failed to recover key for key id " +
-                seq + ".\nException: " + e.toString();
+                    "Failed to recover key for key id " +
+                            seq + ".\nException: " + e.toString();
 
             CMS.getLogger().log(ILogger.EV_SYSTEM,
-                ILogger.S_KRA, ILogger.LL_FAILURE, error);
+                    ILogger.S_KRA, ILogger.LL_FAILURE, error);
             try {
                 ((IKeyRecoveryAuthority) mService).createError(seq, error);
             } catch (EBaseException eb) {
                 CMS.getLogger().log(ILogger.EV_SYSTEM,
-                    ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
+                        ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
             }
         }
         return;
@@ -317,11 +316,11 @@ public class RecoverBySerial extends CMSServlet {
      * provided by the administrator.
      */
     private byte[] process(CMSTemplate form, CMSTemplateParams argSet,
-        IArgBlock header, String seq, String localAgents,
-        String password, String passwordAgain,
-        String cert, String delivery, String nickname,
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale) {
+            IArgBlock header, String seq, String localAgents,
+            String password, String passwordAgain,
+            String cert, String delivery, String nickname,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale) {
         if (seq == null) {
             header.addStringValue(OUT_ERROR, "sequence number not found");
             return null;
@@ -360,65 +359,65 @@ public class RecoverBySerial extends CMSServlet {
             if (sContext != null) {
                 agent = (String) sContext.get(SessionContext.USER_ID);
             }
-	   if (CMS.getConfigStore().getBoolean("kra.keySplitting")) {
-            if (localAgents == null) {
-                String recoveryID = req.getParameter("recoveryID");
+            if (CMS.getConfigStore().getBoolean("kra.keySplitting")) {
+                if (localAgents == null) {
+                    String recoveryID = req.getParameter("recoveryID");
 
-                if (recoveryID == null || recoveryID.equals("")) {
-                    header.addStringValue(OUT_ERROR, "No recovery ID specified");
-                    return null;
-                }
-                Hashtable params = mService.createRecoveryParams(recoveryID);
+                    if (recoveryID == null || recoveryID.equals("")) {
+                        header.addStringValue(OUT_ERROR, "No recovery ID specified");
+                        return null;
+                    }
+                    Hashtable params = mService.createRecoveryParams(recoveryID);
 
-                params.put("keyID", req.getParameter(IN_SERIALNO));
+                    params.put("keyID", req.getParameter(IN_SERIALNO));
 
-                header.addStringValue("recoveryID", recoveryID);
+                    header.addStringValue("recoveryID", recoveryID);
 
-                params.put("agent", agent);
+                    params.put("agent", agent);
 
-                // new thread to wait for pk12
-                Thread waitThread = new WaitApprovalThread(recoveryID,
-                        seq, password, x509cert, delivery, nickname,
-                        SessionContext.getContext());
+                    // new thread to wait for pk12
+                    Thread waitThread = new WaitApprovalThread(recoveryID,
+                            seq, password, x509cert, delivery, nickname,
+                            SessionContext.getContext());
 
-                waitThread.start();
-                return null;
-            } else {
-                Vector v = new Vector();
-
-                for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) {
-                    String uid = req.getParameter(IN_UID + i);
-                    String pwd = req.getParameter(IN_PWD + i);
-
-                    if (uid != null && pwd != null && !uid.equals("") &&
-                        !pwd.equals("")) {
-                        v.addElement(new Credential(uid, pwd));
-                    } else {
+                    waitThread.start();
+                    return null;
+                } else {
+                    Vector v = new Vector();
+
+                    for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) {
+                        String uid = req.getParameter(IN_UID + i);
+                        String pwd = req.getParameter(IN_PWD + i);
+
+                        if (uid != null && pwd != null && !uid.equals("") &&
+                                !pwd.equals("")) {
+                            v.addElement(new Credential(uid, pwd));
+                        } else {
+                            header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided");
+                            return null;
+                        }
+                    }
+                    if (v.size() != mService.getNoOfRequiredAgents()) {
                         header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided");
                         return null;
                     }
+                    creds = new Credential[v.size()];
+                    v.copyInto(creds);
                 }
-                if (v.size() != mService.getNoOfRequiredAgents()) {
-                    header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided");
-                    return null;
-                }
-                creds = new Credential[v.size()];
-                v.copyInto(creds);
-            }
 
-            header.addStringValue(OUT_OP,
-                req.getParameter(OUT_OP));
-            header.addIntegerValue(OUT_SERIALNO, 
-                Integer.parseInt(seq));
-            header.addStringValue(OUT_SERVICE_URL,
-                req.getRequestURI());
-            byte pkcs12[] = mService.doKeyRecovery(
-                    new BigInteger(seq),
-                    creds, password, x509cert,	
-                    delivery, nickname, agent);
-
-            return pkcs12;
-          } else {
+                header.addStringValue(OUT_OP,
+                        req.getParameter(OUT_OP));
+                header.addIntegerValue(OUT_SERIALNO,
+                        Integer.parseInt(seq));
+                header.addStringValue(OUT_SERVICE_URL,
+                        req.getRequestURI());
+                byte pkcs12[] = mService.doKeyRecovery(
+                        new BigInteger(seq),
+                        creds, password, x509cert,
+                        delivery, nickname, agent);
+
+                return pkcs12;
+            } else {
                 String recoveryID = req.getParameter("recoveryID");
 
                 if (recoveryID == null || recoveryID.equals("")) {
@@ -440,7 +439,7 @@ public class RecoverBySerial extends CMSServlet {
 
                 waitThread.start();
                 return null;
-          }
+            }
         } catch (EBaseException e) {
             header.addStringValue(OUT_ERROR, e.toString(locale));
         } catch (Exception e) {
@@ -462,24 +461,24 @@ public class RecoverBySerial extends CMSServlet {
         String theNickname = null;
         SessionContext theSc = null;
 
-        /** 
+        /**
          * Wait approval thread constructor including thread name
          */
         public WaitApprovalThread(String recoveryID, String seq,
-            String password, X509CertImpl cert,
-            String delivery, String nickname, SessionContext sc) {
+                String password, X509CertImpl cert,
+                String delivery, String nickname, SessionContext sc) {
             super();
-            super.setName("waitApproval." + recoveryID + "-" + 
-                (Thread.activeCount() + 1));
+            super.setName("waitApproval." + recoveryID + "-" +
+                    (Thread.activeCount() + 1));
             theRecoveryID = recoveryID;
             theSeq = seq;
             thePassword = password;
             theCert = cert;
             theDelivery = delivery;
             theNickname = nickname;
-            theSc = sc;    
+            theSc = sc;
         }
-        
+
         public void run() {
             SessionContext.setContext(theSc);
             Credential creds[] = null;
@@ -487,17 +486,17 @@ public class RecoverBySerial extends CMSServlet {
             try {
                 creds = mService.getDistributedCredentials(theRecoveryID);
             } catch (EBaseException e) {
-                String error = 
-                    "Failed to get required approvals for recovery id " +
-                    theRecoveryID + ".\nException: " + e.toString();
+                String error =
+                        "Failed to get required approvals for recovery id " +
+                                theRecoveryID + ".\nException: " + e.toString();
 
                 CMS.getLogger().log(ILogger.EV_SYSTEM,
-                    ILogger.S_KRA, ILogger.LL_FAILURE, error);
+                        ILogger.S_KRA, ILogger.LL_FAILURE, error);
                 try {
                     ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error);
                 } catch (EBaseException eb) {
                     CMS.getLogger().log(ILogger.EV_SYSTEM,
-                        ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
+                            ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
                 }
                 return;
             }
@@ -514,16 +513,16 @@ public class RecoverBySerial extends CMSServlet {
                 ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, pkcs12);
             } catch (EBaseException e) {
                 String error =
-                    "Failed to recover key for recovery id " +
-                    theRecoveryID + ".\nException: " + e.toString();
+                        "Failed to recover key for recovery id " +
+                                theRecoveryID + ".\nException: " + e.toString();
 
                 CMS.getLogger().log(ILogger.EV_SYSTEM,
-                    ILogger.S_KRA, ILogger.LL_FAILURE, error);
+                        ILogger.S_KRA, ILogger.LL_FAILURE, error);
                 try {
                     ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error);
                 } catch (EBaseException eb) {
                     CMS.getLogger().log(ILogger.EV_SYSTEM,
-                        ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
+                            ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
                 }
             }
             return;
@@ -531,4 +530,3 @@ public class RecoverBySerial extends CMSServlet {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java
index c0fdd02e..b6693ee6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -48,7 +47,7 @@ import com.netscape.cms.servlet.common.ECMSGWException;
 
 /**
  * Retrieve archived keys matching search criteria
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class SrchKey extends CMSServlet {
@@ -74,7 +73,7 @@ public class SrchKey extends CMSServlet {
     private final static String OUT_ERROR = "errorDetails";
     private final static String OUT_ARCHIVER = "archiverName";
     private final static String OUT_SERVICE_URL = "serviceURL";
-    private final static String OUT_TOTAL_COUNT = "totalRecordCount"; 
+    private final static String OUT_TOTAL_COUNT = "totalRecordCount";
     private final static String OUT_TEMPLATE = "templateName";
 
     private IKeyRepository mKeyDB = null;
@@ -93,20 +92,20 @@ public class SrchKey extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "srchKey.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
         mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
 
-		/* maxReturns doesn't seem to do anything useful in this
+        /* maxReturns doesn't seem to do anything useful in this
            servlet!!! */
         try {
             String tmp =
-                sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
+                    sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
 
-            if (tmp == null)	
+            if (tmp == null)
                 mMaxReturns = 100;
             else
                 mMaxReturns = Integer.parseInt(tmp);
@@ -132,20 +131,20 @@ public class SrchKey extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param maxCount      maximum number of matches to show in result
-     * <li>http.param maxResults    maximum number of matches to run in ldapsearch
-     * <li>http.param queryFilter   ldap-style filter to search with
+     * <li>http.param maxCount maximum number of matches to show in result
+     * <li>http.param maxResults maximum number of matches to run in ldapsearch
+     * <li>http.param queryFilter ldap-style filter to search with
      * <li>http.param querySentinel ID of first request to show
-     * <li>http.param timeLimit     number of seconds to limit ldap search to
+     * <li>http.param timeLimit number of seconds to limit ldap search to
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -162,10 +161,10 @@ public class SrchKey extends CMSServlet {
                         mAuthzResourceName, "list");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -180,9 +179,9 @@ public class SrchKey extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         // process query if authentication is successful
@@ -213,11 +212,11 @@ public class SrchKey extends CMSServlet {
             if (timeLimitStr != null && timeLimitStr.length() > 0)
                 timeLimit = Integer.parseInt(timeLimitStr);
             process(argSet, header, ctx, maxCount, maxResults,
-                timeLimit, sentinel,
-                req.getParameter(IN_FILTER), req, resp, locale[0]);
+                    timeLimit, sentinel,
+                    req.getParameter(IN_FILTER), req, resp, locale[0]);
         } catch (NumberFormatException e) {
             header.addStringValue(OUT_ERROR,
-                CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
         }
 
         try {
@@ -227,9 +226,9 @@ public class SrchKey extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
     }
@@ -238,53 +237,53 @@ public class SrchKey extends CMSServlet {
      * Process the key search.
      */
     private void process(CMSTemplateParams argSet,
-        IArgBlock header, IArgBlock ctx, 
-        int maxCount, int maxResults, int timeLimit, int sentinel, String filter, 
-        HttpServletRequest req, HttpServletResponse resp, Locale locale) {
+            IArgBlock header, IArgBlock ctx,
+            int maxCount, int maxResults, int timeLimit, int sentinel, String filter,
+            HttpServletRequest req, HttpServletResponse resp, Locale locale) {
 
         try {
             // Fill header
-            header.addStringValue(OUT_OP, 
-                req.getParameter(OUT_OP));
+            header.addStringValue(OUT_OP,
+                    req.getParameter(OUT_OP));
             header.addStringValue(OUT_ARCHIVER,
-                mAuthName.toString());
+                    mAuthName.toString());
             // STRANGE: IE does not like the following:
             //      header.addStringValue(OUT_SERVICE_URL,
             //	req.getRequestURI());
             // XXX
             header.addStringValue(OUT_SERVICE_URL,
-                "/kra?");
+                    "/kra?");
             header.addStringValue(OUT_TEMPLATE,
-                TPL_FILE);
+                    TPL_FILE);
             header.addStringValue(OUT_FILTER,
-                filter);
+                    filter);
 
             if (timeLimit == -1 || timeLimit > mTimeLimits) {
                 CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits);
                 timeLimit = mTimeLimits;
             }
             CMS.debug("Start searching ... timelimit=" + timeLimit);
-            Enumeration e = mKeyDB.searchKeys(filter, 
+            Enumeration e = mKeyDB.searchKeys(filter,
                     maxResults, timeLimit);
             int count = 0;
 
             if (e == null) {
-                header.addStringValue(OUT_SENTINEL, 	
-                    null);
+                header.addStringValue(OUT_SENTINEL,
+                        null);
             } else {
                 while (e.hasMoreElements()) {
                     IKeyRecord rec = (IKeyRecord)
-                        e.nextElement();
+                            e.nextElement();
                     // rec is null when we specify maxResults
                     // DS will return an err=4, which triggers
                     // a LDAPException.SIZE_LIMIT_ExCEEDED
                     // in DSSearchResults.java
                     if (rec != null) {
-                      IArgBlock rarg = CMS.createArgBlock();
+                        IArgBlock rarg = CMS.createArgBlock();
 
-                      KeyRecordParser.fillRecordIntoArg(rec, rarg);
-                      argSet.addRepeatRecord(rarg);
-                      count++;
+                        KeyRecordParser.fillRecordIntoArg(rec, rarg);
+                        argSet.addRepeatRecord(rarg);
+                        count++;
                     }
                 }
             }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java
index 56a1817e..828ef0e6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -48,8 +47,8 @@ import com.netscape.cms.servlet.common.ECMSGWException;
 
 /**
  * Retrieve archived keys matching given public key material
- *
- *
+ * 
+ * 
  * @version $Revision$, $Date$
  */
 public class SrchKeyForRecovery extends CMSServlet {
@@ -75,7 +74,7 @@ public class SrchKeyForRecovery extends CMSServlet {
     private final static String OUT_ERROR = "errorDetails";
     private final static String OUT_ARCHIVER = "archiverName";
     private final static String OUT_SERVICE_URL = "serviceURL";
-    private final static String OUT_TOTAL_COUNT = "totalRecordCount"; 
+    private final static String OUT_TOTAL_COUNT = "totalRecordCount";
     private final static String OUT_TEMPLATE = "templateName";
 
     private IKeyRepository mKeyDB = null;
@@ -94,7 +93,7 @@ public class SrchKeyForRecovery extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "srchKeyForRecovery.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -103,9 +102,9 @@ public class SrchKeyForRecovery extends CMSServlet {
 
         try {
             String tmp =
-                sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
+                    sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
 
-            if (tmp == null)	
+            if (tmp == null)
                 mMaxReturns = 100;
             else
                 mMaxReturns = Integer.parseInt(tmp);
@@ -131,20 +130,20 @@ public class SrchKeyForRecovery extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param maxCount      maximum number of matches to show in result
-     * <li>http.param maxResults    maximum number of matches to run in ldapsearch
+     * <li>http.param maxCount maximum number of matches to show in result
+     * <li>http.param maxResults maximum number of matches to run in ldapsearch
      * <li>http.param publicKeyData public key data to search on
      * <li>http.param querySentinel ID of first request to show
-     * <li>http.param timeLimit     number of seconds to limit ldap search to
+     * <li>http.param timeLimit number of seconds to limit ldap search to
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
 
@@ -161,10 +160,10 @@ public class SrchKeyForRecovery extends CMSServlet {
                         mAuthzResourceName, "list");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -179,11 +178,11 @@ public class SrchKeyForRecovery extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
-		
+
         // process query if authentication is successful
         IArgBlock header = CMS.createArgBlock();
         IArgBlock ctx = CMS.createArgBlock();
@@ -213,10 +212,10 @@ public class SrchKeyForRecovery extends CMSServlet {
             if (timeLimitStr != null && timeLimitStr.length() > 0)
                 timeLimit = Integer.parseInt(timeLimitStr);
             process(argSet, header, ctx, maxCount, maxResults, timeLimit, sentinel,
-                req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]);
+                    req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]);
         } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
             error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
         }
 
@@ -230,12 +229,12 @@ public class SrchKeyForRecovery extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  ServletOutputStream out = resp.getOutputStream();
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    ServletOutputStream out = resp.getOutputStream();
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
@@ -243,9 +242,9 @@ public class SrchKeyForRecovery extends CMSServlet {
             }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
@@ -253,31 +252,31 @@ public class SrchKeyForRecovery extends CMSServlet {
      * Process the key search.
      */
     private void process(CMSTemplateParams argSet,
-        IArgBlock header, IArgBlock ctx, 
-        int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData,
-        String filter, 
-        HttpServletRequest req, HttpServletResponse resp, Locale locale) 
-        throws EBaseException {
+            IArgBlock header, IArgBlock ctx,
+            int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData,
+            String filter,
+            HttpServletRequest req, HttpServletResponse resp, Locale locale)
+            throws EBaseException {
 
         try {
             // Fill header
-            header.addStringValue(OUT_OP, 
-                req.getParameter(OUT_OP));
+            header.addStringValue(OUT_OP,
+                    req.getParameter(OUT_OP));
             header.addStringValue(OUT_ARCHIVER,
-                mAuthName.toString());
+                    mAuthName.toString());
             // STRANGE: IE does not like the following:
             //      header.addStringValue(OUT_SERVICE_URL,
             //	req.getRequestURI());
             // XXX
             header.addStringValue(OUT_SERVICE_URL,
-                "/kra?");
+                    "/kra?");
             header.addStringValue(OUT_TEMPLATE,
-                TPL_FILE);
+                    TPL_FILE);
             header.addStringValue(OUT_FILTER,
-                filter);
+                    filter);
             if (publicKeyData != null) {
                 header.addStringValue("publicKeyData",
-                    publicKeyData);
+                        publicKeyData);
             }
 
             if (timeLimit == -1 || timeLimit > mTimeLimits) {
@@ -290,21 +289,21 @@ public class SrchKeyForRecovery extends CMSServlet {
 
             if (e == null) {
                 header.addStringValue(OUT_SENTINEL,
-                    null);
+                        null);
             } else {
                 while (e.hasMoreElements()) {
                     IKeyRecord rec = (IKeyRecord)
-                        e.nextElement();
+                            e.nextElement();
                     // rec is null when we specify maxResults
                     // DS will return an err=4, which triggers
                     // a LDAPException.SIZE_LIMIT_ExCEEDED 
                     // in DSSearchResults.java
                     if (rec != null) {
-                      IArgBlock rarg = CMS.createArgBlock();
+                        IArgBlock rarg = CMS.createArgBlock();
 
-                      KeyRecordParser.fillRecordIntoArg(rec, rarg);
-                      argSet.addRepeatRecord(rarg);
-                      count++;
+                        KeyRecordParser.fillRecordIntoArg(rec, rarg);
+                        argSet.addRepeatRecord(rarg);
+                        count++;
                     }
                 }
             }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
index c365d0f8..93936ca1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.ocsp;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.X509Certificate;
@@ -46,22 +45,21 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cmsutil.util.Cert;
 
-
 /**
  * Configure the CA to respond to OCSP requests for a CA
- *
+ * 
  * @version $Revision$ $Date$
  */
 public class AddCAServlet extends CMSServlet {
-	
+
     /**
      *
      */
     private static final long serialVersionUID = 1065151608542115340L;
     public static final String BEGIN_HEADER =
-        "-----BEGIN CERTIFICATE-----";
+            "-----BEGIN CERTIFICATE-----";
     public static final String END_HEADER =
-        "-----END CERTIFICATE-----";
+            "-----END CERTIFICATE-----";
 
     public static final BigInteger BIG_ZERO = new BigInteger("0");
     public static final Long MINUS_ONE = Long.valueOf(-1);
@@ -71,9 +69,9 @@ public class AddCAServlet extends CMSServlet {
     private IOCSPAuthority mOCSPAuthority = null;
 
     private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST =
-        "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3";
+            "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3";
     private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3";
+            "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3";
 
     public AddCAServlet() {
         super();
@@ -82,7 +80,7 @@ public class AddCAServlet extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "addCA.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -100,19 +98,15 @@ public class AddCAServlet extends CMSServlet {
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param cert ca certificate. The format is base-64, DER
-     *    encoded, wrapped with -----BEGIN CERTIFICATE-----, 
-     *    -----END CERTIFICATE----- strings 
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when
-     * a CA is attempted to be added to the OCSP responder
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED
-     * used when an add CA request to the OCSP Responder is processed
+     * <li>http.param cert ca certificate. The format is base-64, DER encoded, wrapped with -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when a CA is attempted to be added to the OCSP responder
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED used when an add CA request to the OCSP Responder is processed
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
         HttpServletResponse resp = cmsReq.getHttpResp();
         String auditMessage = null;
@@ -143,9 +137,9 @@ public class AddCAServlet extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -153,10 +147,10 @@ public class AddCAServlet extends CMSServlet {
         CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
 
         if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
-               auditSubjectID.equals(ILogger.UNIDENTIFIED))  {
+                auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
             String uid = authToken.getInString(IAuthToken.USER_ID);
             if (uid != null) {
-                CMS.debug("AddCAServlet: auditSubjectID set to "+uid);
+                CMS.debug("AddCAServlet: auditSubjectID set to " + uid);
                 auditSubjectID = uid;
             }
         }
@@ -164,12 +158,12 @@ public class AddCAServlet extends CMSServlet {
 
         if (b64 == null) {
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
-                auditSubjectID,
-                ILogger.FAILURE,
-                ILogger.SIGNED_AUDIT_EMPTY_VALUE);
+                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
+                    auditSubjectID,
+                    ILogger.FAILURE,
+                    ILogger.SIGNED_AUDIT_EMPTY_VALUE);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
             throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_CERT"));
         }
@@ -177,32 +171,32 @@ public class AddCAServlet extends CMSServlet {
         auditCA = Cert.normalizeCertStr(Cert.stripCertBrackets(b64.trim()));
         // record the fact that a request to add CA is made
         auditMessage = CMS.getLogMessage(
-            LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
-            auditSubjectID,
-            ILogger.SUCCESS,
-            auditCA);
+                LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
+                auditSubjectID,
+                ILogger.SUCCESS,
+                auditCA);
 
-        audit( auditMessage );
+        audit(auditMessage);
 
         if (b64.indexOf(BEGIN_HEADER) == -1) {
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                auditSubjectID,
-                ILogger.FAILURE,
-                auditCASubjectDN);
+                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+                    auditSubjectID,
+                    ILogger.FAILURE,
+                    auditCASubjectDN);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
             throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_HEADER"));
         }
         if (b64.indexOf(END_HEADER) == -1) {
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                auditSubjectID,
-                ILogger.FAILURE,
-                auditCASubjectDN);
+                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+                    auditSubjectID,
+                    ILogger.FAILURE,
+                    auditCASubjectDN);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
             throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_FOOTER"));
         }
@@ -215,17 +209,17 @@ public class AddCAServlet extends CMSServlet {
         try {
             X509Certificate cert = Cert.mapCert(b64);
 
-            if( cert == null ) {
-                CMS.debug( "AddCAServlet::process() - cert is null!" );
+            if (cert == null) {
+                CMS.debug("AddCAServlet::process() - cert is null!");
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCASubjectDN);
+                        LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCASubjectDN);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
-                throw new EBaseException( "cert is null" );
+                throw new EBaseException("cert is null");
             } else {
                 certs = new X509Certificate[1];
             }
@@ -247,15 +241,15 @@ public class AddCAServlet extends CMSServlet {
                 auditCASubjectDN = leafCert.getSubjectDN().getName();
             } catch (Exception e) {
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCASubjectDN);
+                        LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCASubjectDN);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
+                        CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
             }
         }
         if (certs != null && certs.length > 0) {
@@ -264,32 +258,32 @@ public class AddCAServlet extends CMSServlet {
             // (2) store certificate (and certificate chain) into
             // database
             ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord(
-                    leafCert.getSubjectDN().getName(),  
-                    BIG_ZERO, 
+                    leafCert.getSubjectDN().getName(),
+                    BIG_ZERO,
                     MINUS_ONE, null, null);
 
             try {
                 rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded());
             } catch (Exception e) {
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCASubjectDN);
+                        LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCASubjectDN);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 // error
             }
             defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec);
             log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName());
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                auditSubjectID,
-                ILogger.SUCCESS,
-                auditCASubjectDN);
+                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+                    auditSubjectID,
+                    ILogger.SUCCESS,
+                    auditCASubjectDN);
 
-            audit( auditMessage );
+            audit(auditMessage);
         }
 
         try {
@@ -297,18 +291,18 @@ public class AddCAServlet extends CMSServlet {
             String error = null;
 
             String xmlOutput = req.getParameter("xml");
-			if (xmlOutput != null && xmlOutput.equals("true")) {
-			  outputXML(resp, argSet);
-			} else {
-			  resp.setContentType("text/html");
-			  form.renderOutput(out, argSet);
-			  cmsReq.setStatus(CMSRequest.SUCCESS);
-			}
+            if (xmlOutput != null && xmlOutput.equals("true")) {
+                outputXML(resp, argSet);
+            } else {
+                resp.setContentType("text/html");
+                form.renderOutput(out, argSet);
+                cmsReq.setStatus(CMSRequest.SUCCESS);
+            }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
index 029d396b..8a3ea60b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.ocsp;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CRLException;
@@ -55,10 +54,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cmsutil.util.Cert;
 
-
 /**
  * Update the OCSP responder with a new CRL
- *
+ * 
  * @version $Revision$ $Date$
  */
 public class AddCRLServlet extends CMSServlet {
@@ -68,18 +66,18 @@ public class AddCRLServlet extends CMSServlet {
      */
     private static final long serialVersionUID = 1476080474638590902L;
     public static final String BEGIN_HEADER =
-        "-----BEGIN CERTIFICATE REVOCATION LIST-----";
+            "-----BEGIN CERTIFICATE REVOCATION LIST-----";
     public static final String END_HEADER =
-        "-----END CERTIFICATE REVOCATION LIST-----";
+            "-----END CERTIFICATE REVOCATION LIST-----";
 
     private final static String TPL_FILE = "addCRL.template";
     private String mFormPath = null;
     private IOCSPAuthority mOCSPAuthority = null;
 
     private final static String LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL =
-        "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3";
+            "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3";
     private final static String LOGGING_SIGNED_AUDIT_CRL_VALIDATION =
-        "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2";
+            "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2";
 
     public AddCRLServlet() {
         super();
@@ -88,7 +86,7 @@ public class AddCRLServlet extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "addCRL.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -105,31 +103,28 @@ public class AddCRLServlet extends CMSServlet {
     /**
      * Process the HTTP request.
      * <P>
-     *
+     * 
      * <ul>
-     * <li>http.param crl certificate revocation list, base-64, DER encoded
-     *     wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----,
-     *     -----END CERTIFICATE REVOCATION LIST----- strings
+     * <li>http.param crl certificate revocation list, base-64, DER encoded wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----, -----END CERTIFICATE REVOCATION LIST----- strings
      * <li>http.param noui if true, use minimal hardcoded text response
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL used when CRLs are
-     * retrieved by the OCSP Responder ("agent" or "EE")
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_VALIDATION used when CRL is
-     * retrieved and validation process occurs ("agent" or "EE")
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL used when CRLs are retrieved by the OCSP Responder ("agent" or "EE")
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_VALIDATION used when CRL is retrieved and validation process occurs ("agent" or "EE")
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      * @exception EBaseException an error has occurred
      */
     protected synchronized void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         boolean CRLFetched = false;
         boolean CRLValidated = false;
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditCRLNum = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
 
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
         if (statsSub != null) {
-          statsSub.startTiming("add_crl", true /* main action */);
+            statsSub.startTiming("add_crl", true /* main action */);
         }
 
         try {
@@ -152,42 +147,43 @@ public class AddCRLServlet extends CMSServlet {
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCRLNum );
+                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCRLNum);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 return;
             }
 
             if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
-                   auditSubjectID.equals(ILogger.UNIDENTIFIED))  {
+                    auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
                 if (authToken != null) {
                     String uid = authToken.getInString(IAuthToken.USER_ID);
                     if (uid != null) {
-                        CMS.debug("AddCAServlet: auditSubjectID set to "+uid);
+                        CMS.debug("AddCAServlet: auditSubjectID set to " + uid);
                         auditSubjectID = uid;
                     }
-                } 
+                }
             }
             log(ILogger.LL_INFO, "AddCRLServlet");
             String b64 = cmsReq.getHttpReq().getParameter("crl");
-            if (CMS.debugOn()) CMS.debug("AddCRLServlet: b64=" + b64);
+            if (CMS.debugOn())
+                CMS.debug("AddCRLServlet: b64=" + b64);
 
             if (b64 == null) {
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCRLNum );
+                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCRLNum);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_MISSING_CRL"));
+                        CMS.getUserMessage("CMS_GW_MISSING_CRL"));
             }
 
             String nouiParm = cmsReq.getHttpReq().getParameter("noui");
@@ -209,20 +205,20 @@ public class AddCRLServlet extends CMSServlet {
                 }
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+                        CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
                                       e.toString()));
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCRLNum );
+                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCRLNum);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
             }
 
             IArgBlock header = CMS.createArgBlock();
@@ -231,32 +227,32 @@ public class AddCRLServlet extends CMSServlet {
 
             if (b64.indexOf(BEGIN_HEADER) == -1) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER"));
+                        CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER"));
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCRLNum );
+                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCRLNum);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
                                           "CMS_GW_MISSING_CRL_HEADER"));
             }
             if (b64.indexOf(END_HEADER) == -1) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER"));
+                        CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER"));
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCRLNum );
+                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCRLNum);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
                                           "CMS_GW_MISSING_CRL_FOOTER"));
@@ -270,30 +266,30 @@ public class AddCRLServlet extends CMSServlet {
                 long startTime = CMS.getCurrentDate().getTime();
                 CMS.debug("AddCRLServlet: mapCRL start startTime=" + startTime);
                 if (statsSub != null) {
-                  statsSub.startTiming("decode_crl");
+                    statsSub.startTiming("decode_crl");
                 }
-                crl = mapCRL1( b64 );
+                crl = mapCRL1(b64);
                 if (statsSub != null) {
-                  statsSub.endTiming("decode_crl");
+                    statsSub.endTiming("decode_crl");
                 }
                 long endTime = CMS.getCurrentDate().getTime();
-                CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime + 
-                   " diff=" + (endTime - startTime));
+                CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime +
+                        " diff=" + (endTime - startTime));
 
                 // Retrieve the actual CRL number
                 BigInteger crlNum = crl.getCRLNumber();
-                if( crlNum != null ) {
+                if (crlNum != null) {
                     auditCRLNum = crlNum.toString();
                 }
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                    auditSubjectID,
-                    ILogger.SUCCESS,
-                    auditCRLNum );
+                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+                        auditSubjectID,
+                        ILogger.SUCCESS,
+                        auditCRLNum);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 // acknowledge that the CRL has been retrieved
                 CRLFetched = true;
@@ -302,18 +298,18 @@ public class AddCRLServlet extends CMSServlet {
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCRLNum );
+                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCRLNum);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
+                        CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
             }
-            log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " + 
-                crl.getIssuerDN().getName());
+            log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " +
+                    crl.getIssuerDN().getName());
 
             ICRLIssuingPointRecord pt = null;
 
@@ -322,94 +318,94 @@ public class AddCRLServlet extends CMSServlet {
                             crl.getIssuerDN().getName());
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND",
-                    crl.getIssuerDN().getName()));
+                        CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND",
+                                crl.getIssuerDN().getName()));
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
-                    auditSubjectID,
-                    ILogger.FAILURE );
+                        LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
+                        auditSubjectID,
+                        ILogger.FAILURE);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
+                        CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
             }
             log(ILogger.LL_INFO, "AddCRLServlet: IssuingPoint " +
-                pt.getThisUpdate());
+                    pt.getThisUpdate());
 
             // verify CRL
             byte caCertData[] = pt.getCACert();
             if (caCertData != null) {
-              try {
-                X509CertImpl caCert = new X509CertImpl(caCertData);
-                CMS.debug("AddCRLServlet: start verify");
-
-                CryptoManager cmanager = CryptoManager.getInstance();
-                org.mozilla.jss.crypto.X509Certificate jssCert = null;
                 try {
-                      jssCert = cmanager.importCACertPackage(
-                         caCert.getEncoded());
-                } catch (Exception e2) {
-                      CMS.debug("AddCRLServlet: importCACertPackage " + 
-                        e2.toString());
-                      throw new EBaseException( e2.toString() );
-                }
+                    X509CertImpl caCert = new X509CertImpl(caCertData);
+                    CMS.debug("AddCRLServlet: start verify");
 
-                if (statsSub != null) {
-                  statsSub.startTiming("verify_crl");
-                }
-                crl.verify(jssCert.getPublicKey(), "Mozilla-JSS");
-                if (statsSub != null) {
-                  statsSub.endTiming("verify_crl");
-                }
-                CMS.debug("AddCRLServlet: done verify");
+                    CryptoManager cmanager = CryptoManager.getInstance();
+                    org.mozilla.jss.crypto.X509Certificate jssCert = null;
+                    try {
+                        jssCert = cmanager.importCACertPackage(
+                                caCert.getEncoded());
+                    } catch (Exception e2) {
+                        CMS.debug("AddCRLServlet: importCACertPackage " +
+                                e2.toString());
+                        throw new EBaseException(e2.toString());
+                    }
 
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
-                    auditSubjectID,
-                    ILogger.SUCCESS );
+                    if (statsSub != null) {
+                        statsSub.startTiming("verify_crl");
+                    }
+                    crl.verify(jssCert.getPublicKey(), "Mozilla-JSS");
+                    if (statsSub != null) {
+                        statsSub.endTiming("verify_crl");
+                    }
+                    CMS.debug("AddCRLServlet: done verify");
 
-                audit( auditMessage );
+                    // store a message in the signed audit log file
+                    auditMessage = CMS.getLogMessage(
+                            LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
+                            auditSubjectID,
+                            ILogger.SUCCESS);
 
-                // acknowledge that the CRL has been validated
-                CRLValidated = true;
-              } catch (Exception e) {
-                CMS.debug("AddCRLServlet: failed to verify CRL " + e.toString());
-                CMS.debug(e);
-                log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND",
-                    crl.getIssuerDN().getName()));
+                    audit(auditMessage);
 
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
-                    auditSubjectID,
-                    ILogger.FAILURE );
+                    // acknowledge that the CRL has been validated
+                    CRLValidated = true;
+                } catch (Exception e) {
+                    CMS.debug("AddCRLServlet: failed to verify CRL " + e.toString());
+                    CMS.debug(e);
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND",
+                                    crl.getIssuerDN().getName()));
 
-                audit( auditMessage );
+                    // store a message in the signed audit log file
+                    auditMessage = CMS.getLogMessage(
+                            LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
+                            auditSubjectID,
+                            ILogger.FAILURE);
 
-                throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
-              }
+                    audit(auditMessage);
+
+                    throw new ECMSGWException(
+                            CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
+                }
             }
 
-            if ((pt.getThisUpdate() != null) && 
-                (pt.getThisUpdate().getTime() >=
-                 crl.getThisUpdate().getTime())) {
+            if ((pt.getThisUpdate() != null) &&
+                    (pt.getThisUpdate().getTime() >=
+                    crl.getThisUpdate().getTime())) {
                 // error, the uploaded CRL is older than the current
                 CMS.debug("AddCRLServlet: no update, CRL is older");
                 log(ILogger.LL_INFO,
-                    "AddCRLServlet: no update, received CRL is older " +
-                    "than current CRL");
+                        "AddCRLServlet: no update, received CRL is older " +
+                                "than current CRL");
                 if (noUI) {
                     try {
                         resp.setContentType("application/text");
-                        resp.getOutputStream().write("status=1\n".getBytes()); 
+                        resp.getOutputStream().write("status=1\n".getBytes());
                         resp.getOutputStream().write(
-                            "error=Sent CRL is older than the current CRL\n".getBytes()); 
+                                "error=Sent CRL is older than the current CRL\n".getBytes());
                         resp.getOutputStream().flush();
                         cmsReq.setStatus(CMSRequest.SUCCESS);
 
@@ -430,20 +426,20 @@ public class AddCRLServlet extends CMSServlet {
                     //        already been logged at this point!
 
                     throw new ECMSGWException(CMS.getUserMessage(
-                        "CMS_GW_OLD_CRL_ERROR"));
+                            "CMS_GW_OLD_CRL_ERROR"));
                 }
             }
 
             if (crl.isDeltaCRL()) {
                 CMS.debug("AddCRLServlet: no update, Delta CRLs are not supported.");
-                log(ILogger.LL_INFO, "AddCRLServlet: no update, "+
-                    CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED"));
+                log(ILogger.LL_INFO, "AddCRLServlet: no update, " +
+                        CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED"));
                 if (noUI) {
                     try {
                         resp.setContentType("application/text");
-                        resp.getOutputStream().write("status=1\n".getBytes()); 
+                        resp.getOutputStream().write("status=1\n".getBytes());
                         resp.getOutputStream().write(
-                            "error=Delta CRLs are not supported.\n".getBytes()); 
+                                "error=Delta CRLs are not supported.\n".getBytes());
                         resp.getOutputStream().flush();
                         cmsReq.setStatus(CMSRequest.SUCCESS);
 
@@ -465,26 +461,26 @@ public class AddCRLServlet extends CMSServlet {
 
             IRepositoryRecord repRec = defStore.createRepositoryRecord();
 
-            repRec.set(IRepositoryRecord.ATTR_SERIALNO, 
-                new BigInteger(Long.toString(crl.getThisUpdate().getTime())));
+            repRec.set(IRepositoryRecord.ATTR_SERIALNO,
+                    new BigInteger(Long.toString(crl.getThisUpdate().getTime())));
             try {
                 defStore.addRepository(
-                    crl.getIssuerDN().getName(),
-                    Long.toString(crl.getThisUpdate().getTime()),
-                    repRec);
+                        crl.getIssuerDN().getName(),
+                        Long.toString(crl.getThisUpdate().getTime()),
+                        repRec);
                 log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CRL Updated " +
-                    Long.toString(crl.getThisUpdate().getTime()));
+                        Long.toString(crl.getThisUpdate().getTime()));
             } catch (Exception e) {
-              CMS.debug("AddCRLServlet: add repository e=" + e.toString());
+                CMS.debug("AddCRLServlet: add repository e=" + e.toString());
             }
-            log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " + 
-                Long.toString(crl.getThisUpdate().getTime()));
+            log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " +
+                    Long.toString(crl.getThisUpdate().getTime()));
 
             if (defStore.waitOnCRLUpdate()) {
                 defStore.updateCRL(crl);
             } else {
-               // when the CRL large, the thread is terminiated by the
-               // servlet framework before it can finish its work
+                // when the CRL large, the thread is terminiated by the
+                // servlet framework before it can finish its work
                 UpdateCRLThread uct = new UpdateCRLThread(defStore, crl);
 
                 uct.start();
@@ -496,25 +492,25 @@ public class AddCRLServlet extends CMSServlet {
                 if (noUI) {
                     CMS.debug("AddCRLServlet: return result noUI=true");
                     resp.setContentType("application/text");
-                    resp.getOutputStream().write("status=0".getBytes()); 
+                    resp.getOutputStream().write("status=0".getBytes());
                     resp.getOutputStream().flush();
                     cmsReq.setStatus(CMSRequest.SUCCESS);
                 } else {
                     CMS.debug("AddCRLServlet: return result noUI=false");
                     String xmlOutput = req.getParameter("xml");
                     if (xmlOutput != null && xmlOutput.equals("true")) {
-                      outputXML(resp, argSet);
+                        outputXML(resp, argSet);
                     } else {
-                      resp.setContentType("text/html");
-                      form.renderOutput(out, argSet);
-                      cmsReq.setStatus(CMSRequest.SUCCESS);
+                        resp.setContentType("text/html");
+                        form.renderOutput(out, argSet);
+                        cmsReq.setStatus(CMSRequest.SUCCESS);
                     }
                 }
             } catch (IOException e) {
                 CMS.debug("AddCRLServlet: return result error=" + e.toString());
                 mOCSPAuthority.log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
-                        e.toString()));
+                        CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
+                                e.toString()));
 
                 // NOTE:  The signed audit events
                 //        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and
@@ -522,38 +518,38 @@ public class AddCRLServlet extends CMSServlet {
                 //        already been logged at this point!
 
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
             }
-        } catch( EBaseException eAudit1 ) {
-            if( !CRLFetched ) {
+        } catch (EBaseException eAudit1) {
+            if (!CRLFetched) {
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCRLNum );
+                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCRLNum);
 
-                audit( auditMessage );
+                audit(auditMessage);
             } else {
-                if( !CRLValidated ) {
+                if (!CRLValidated) {
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
-                        auditSubjectID,
-                        ILogger.FAILURE );
+                            LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
+                            auditSubjectID,
+                            ILogger.FAILURE);
 
-                    audit( auditMessage );
+                    audit(auditMessage);
                 }
             }
             throw eAudit1;
         }
         if (statsSub != null) {
-          statsSub.endTiming("add_crl");
+            statsSub.endTiming("add_crl");
         }
     }
 
     public X509CRLImpl mapCRL1(String mime64)
-        throws IOException {
+            throws IOException {
         mime64 = Cert.stripCRLBrackets(mime64.trim());
 
         byte rawPub[] = CMS.AtoB(mime64);
@@ -568,21 +564,20 @@ public class AddCRLServlet extends CMSServlet {
     }
 }
 
-
 class UpdateCRLThread extends Thread {
     private IDefStore mDefStore = null;
     private X509CRL mCRL = null;
 
     public UpdateCRLThread(
-        IDefStore defStore, X509CRL crl) {
+            IDefStore defStore, X509CRL crl) {
         mDefStore = defStore;
         mCRL = crl;
     }
 
     public void run() {
         try {
-            if (!((X509CRLImpl)mCRL).areEntriesIncluded())
-                mCRL = new X509CRLImpl(((X509CRLImpl)mCRL).getEncoded());
+            if (!((X509CRLImpl) mCRL).areEntriesIncluded())
+                mCRL = new X509CRLImpl(((X509CRLImpl) mCRL).getEncoded());
             mDefStore.updateCRL(mCRL);
         } catch (CRLException e) {
         } catch (X509ExtensionException e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java
index 3e5d1f49..4c734cee 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.ocsp;
 
-
 import java.io.IOException;
 import java.security.cert.X509CRLEntry;
 import java.security.cert.X509Certificate;
@@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cmsutil.util.Cert;
 
-
 /**
- * Check the status of a specific certificate 
- *
+ * Check the status of a specific certificate
+ * 
  * @version $Revision$ $Date$
  */
 public class CheckCertServlet extends CMSServlet {
@@ -61,9 +59,9 @@ public class CheckCertServlet extends CMSServlet {
      */
     private static final long serialVersionUID = 7782198059640825050L;
     public static final String BEGIN_HEADER =
-        "-----BEGIN CERTIFICATE-----";
+            "-----BEGIN CERTIFICATE-----";
     public static final String END_HEADER =
-        "-----END CERTIFICATE-----";
+            "-----END CERTIFICATE-----";
 
     public static final String ATTR_STATUS = "status";
     public static final String ATTR_ISSUERDN = "issuerDN";
@@ -85,7 +83,7 @@ public class CheckCertServlet extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "checkCert.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -102,14 +100,13 @@ public class CheckCertServlet extends CMSServlet {
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param cert certificate to check. Base64, DER encoded, wrapped
-     * in -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings
+     * <li>http.param cert certificate to check. Base64, DER encoded, wrapped in -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
         HttpServletResponse resp = cmsReq.getHttpResp();
 
@@ -136,9 +133,9 @@ public class CheckCertServlet extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -177,9 +174,9 @@ public class CheckCertServlet extends CMSServlet {
         header.addStringValue(ATTR_SUBJECTDN, cert.getSubjectDN().getName());
         header.addStringValue(ATTR_SERIALNO, "0x" + cert.getSerialNumber().toString(16));
         try {
-            X509CRLImpl	crl = null;
+            X509CRLImpl crl = null;
 
-            crl = new X509CRLImpl(pt.getCRL()); 
+            crl = new X509CRLImpl(pt.getCRL());
             X509CRLEntry crlentry = crl.getRevokedCertificate(cert.getSerialNumber());
 
             if (crlentry == null) {
@@ -201,18 +198,18 @@ public class CheckCertServlet extends CMSServlet {
             String error = null;
 
             String xmlOutput = req.getParameter("xml");
-			if (xmlOutput != null && xmlOutput.equals("true")) {
-			  outputXML(resp, argSet);
-			} else {
-			  resp.setContentType("text/html");
-			  form.renderOutput(out, argSet);
-			  cmsReq.setStatus(CMSRequest.SUCCESS);
-			}
+            if (xmlOutput != null && xmlOutput.equals("true")) {
+                outputXML(resp, argSet);
+            } else {
+                resp.setContentType("text/html");
+                form.renderOutput(out, argSet);
+                cmsReq.setStatus(CMSRequest.SUCCESS);
+            }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java
index 704c759c..1aaf1d6e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.ocsp;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -41,11 +40,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * Retrieve information about the number of OCSP requests the OCSP 
+ * Retrieve information about the number of OCSP requests the OCSP
  * has serviced
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class GetOCSPInfo extends CMSServlet {
@@ -63,7 +61,7 @@ public class GetOCSPInfo extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template
      * file "getOCSPInfo.template" to render the result page.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -79,14 +77,13 @@ public class GetOCSPInfo extends CMSServlet {
 
     }
 
-
     /**
-	 * Process the HTTP request. 
-     *
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
@@ -98,10 +95,10 @@ public class GetOCSPInfo extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -115,7 +112,7 @@ public class GetOCSPInfo extends CMSServlet {
         if (!(mAuthority instanceof IOCSPService)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+                    CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -126,10 +123,10 @@ public class GetOCSPInfo extends CMSServlet {
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -147,8 +144,8 @@ public class GetOCSPInfo extends CMSServlet {
         header.addLongValue("totalData", ca.getOCSPTotalData());
         long secs = 0;
         if (ca.getOCSPRequestTotalTime() != 0) {
-             secs = (ca.getNumOCSPRequest() * 1000) / ca.getOCSPRequestTotalTime();
-        } 
+            secs = (ca.getNumOCSPRequest() * 1000) / ca.getOCSPRequestTotalTime();
+        }
         header.addLongValue("ReqSec", secs);
         try {
             ServletOutputStream out = httpResp.getOutputStream();
@@ -157,10 +154,10 @@ public class GetOCSPInfo extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java
index 063d8513..6b9d2094 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.ocsp;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Date;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Show the list of CA's that the OCSP responder can service
- *
+ * 
  * @version $Revision$ $Date$
  */
 public class ListCAServlet extends CMSServlet {
@@ -58,9 +56,9 @@ public class ListCAServlet extends CMSServlet {
      */
     private static final long serialVersionUID = 3764395161795483452L;
     public static final String BEGIN_HEADER =
-        "-----BEGIN CERTIFICATE-----";
+            "-----BEGIN CERTIFICATE-----";
     public static final String END_HEADER =
-        "-----END CERTIFICATE-----";
+            "-----END CERTIFICATE-----";
 
     private final static String TPL_FILE = "listCAs.template";
     private String mFormPath = null;
@@ -73,7 +71,7 @@ public class ListCAServlet extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "listCAs.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -89,11 +87,11 @@ public class ListCAServlet extends CMSServlet {
 
     /**
      * Process the HTTP request.
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
         HttpServletResponse resp = cmsReq.getHttpResp();
 
@@ -120,9 +118,9 @@ public class ListCAServlet extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -133,12 +131,12 @@ public class ListCAServlet extends CMSServlet {
         Enumeration recs = defStore.searchAllCRLIssuingPointRecord(100);
 
         // show the current CRL number if present
-        header.addStringValue("stateCount", 
-            Integer.toString(defStore.getStateCount()));
+        header.addStringValue("stateCount",
+                Integer.toString(defStore.getStateCount()));
 
         while (recs.hasMoreElements()) {
-            ICRLIssuingPointRecord rec = 
-                (ICRLIssuingPointRecord) recs.nextElement();
+            ICRLIssuingPointRecord rec =
+                    (ICRLIssuingPointRecord) recs.nextElement();
             IArgBlock rarg = CMS.createArgBlock();
             String thisId = rec.getId();
 
@@ -163,17 +161,17 @@ public class ListCAServlet extends CMSServlet {
                 rarg.addLongValue("NumRevoked", 0);
             } else {
                 if (rc.longValue() == -1) {
-                  rarg.addStringValue("NumRevoked", "UNKNOWN");
-		} else {
-                  rarg.addLongValue("NumRevoked", rc.longValue());
+                    rarg.addStringValue("NumRevoked", "UNKNOWN");
+                } else {
+                    rarg.addLongValue("NumRevoked", rc.longValue());
                 }
             }
 
             BigInteger crlNumber = rec.getCRLNumber();
             if (crlNumber == null || crlNumber.equals(new BigInteger("-1"))) {
-                  rarg.addStringValue("CRLNumber", "UNKNOWN");
+                rarg.addStringValue("CRLNumber", "UNKNOWN");
             } else {
-                  rarg.addStringValue("CRLNumber", crlNumber.toString());
+                rarg.addStringValue("CRLNumber", crlNumber.toString());
             }
 
             rarg.addLongValue("ReqCount", defStore.getReqCount(thisId));
@@ -185,18 +183,18 @@ public class ListCAServlet extends CMSServlet {
             String error = null;
 
             String xmlOutput = req.getParameter("xml");
-			if (xmlOutput != null && xmlOutput.equals("true")) {
-			  outputXML(resp, argSet);
-			} else {
-			  resp.setContentType("text/html");
-			  form.renderOutput(out, argSet);
-			  cmsReq.setStatus(CMSRequest.SUCCESS);
-			}
+            if (xmlOutput != null && xmlOutput.equals("true")) {
+                outputXML(resp, argSet);
+            } else {
+                resp.setContentType("text/html");
+                form.renderOutput(out, argSet);
+                cmsReq.setStatus(CMSRequest.SUCCESS);
+            }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java
index cfc91975..24c16384 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.ocsp;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
@@ -47,11 +46,10 @@ import com.netscape.cmsutil.ocsp.ResponseData;
 import com.netscape.cmsutil.ocsp.SingleResponse;
 import com.netscape.cmsutil.ocsp.TBSRequest;
 
-
 /**
  * Process OCSP messages, According to RFC 2560
  * See http://www.ietf.org/rfc/rfc2560.txt
- *
+ * 
  * @version $Revision$ $Date$
  */
 public class OCSPServlet extends CMSServlet {
@@ -65,7 +63,7 @@ public class OCSPServlet extends CMSServlet {
     public final static String PROP_MAX_REQUEST_SIZE = "MaxRequestSize";
     public final static String PROP_ID = "ID";
 
-    private int m_maxRequestSize=5000;
+    private int m_maxRequestSize = 5000;
 
     public OCSPServlet() {
         super();
@@ -74,35 +72,36 @@ public class OCSPServlet extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "ImportCert.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
         String s = sc.getInitParameter(PROP_MAX_REQUEST_SIZE);
         if (s != null) {
-        try {
-            m_maxRequestSize = Integer.parseInt(s);
-        } catch (Exception e) {}
-       }
+            try {
+                m_maxRequestSize = Integer.parseInt(s);
+            } catch (Exception e) {
+            }
+        }
 
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * This method is invoked when the OCSP service receives a OCSP
      * request. Based on RFC 2560, the request should have the OCSP
      * request in the HTTP body as binary blob.
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
         if (statsSub != null) {
-          statsSub.startTiming("ocsp", true /* main action */);
+            statsSub.startTiming("ocsp", true /* main action */);
         }
 
         IAuthToken authToken = authenticate(cmsReq);
@@ -119,12 +118,12 @@ public class OCSPServlet extends CMSServlet {
             cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
             return;
         }
-        
+
         CMS.debug("Servlet Path=" + httpReq.getServletPath());
         CMS.debug("RequestURI=" + httpReq.getRequestURI());
-        String pathInfo =  httpReq.getPathInfo();
+        String pathInfo = httpReq.getPathInfo();
         if (pathInfo != null && pathInfo.indexOf('%') != -1) {
-          pathInfo = URLDecoder.decode(pathInfo);
+            pathInfo = URLDecoder.decode(pathInfo);
         }
         CMS.debug("PathInfo=" + pathInfo);
 
@@ -136,46 +135,46 @@ public class OCSPServlet extends CMSServlet {
             String method = httpReq.getMethod();
             CMS.debug("Method=" + method);
             if (method != null && method.equals("POST")) {
-              int reqlen = httpReq.getContentLength();
-
-              if (reqlen == -1) {
-                 throw new Exception("OCSPServlet: Content-Length not supplied");
-              }
-              if (reqlen == 0) {
-                 throw new Exception("OCSPServlet: Invalid Content-Length");
-              }
-              if (reqlen > m_maxRequestSize) {
-                 throw new Exception("OCSPServlet: Client sending too much OCSP request data ("+reqlen+")");
-              }
-
-              // for debugging
-              reqbuf = new byte[reqlen];
-              int bytesread = 0;
-              boolean partial = false;
-
-              while (bytesread < reqlen) {
-                int r = is.read(reqbuf, bytesread, reqlen - bytesread);
-                if (r == -1) {
-                    throw new Exception("OCSPServlet: Client did not supply enough OCSP data");
+                int reqlen = httpReq.getContentLength();
+
+                if (reqlen == -1) {
+                    throw new Exception("OCSPServlet: Content-Length not supplied");
+                }
+                if (reqlen == 0) {
+                    throw new Exception("OCSPServlet: Invalid Content-Length");
+                }
+                if (reqlen > m_maxRequestSize) {
+                    throw new Exception("OCSPServlet: Client sending too much OCSP request data (" + reqlen + ")");
                 }
-                bytesread += r;
-                if (partial == false) {
-                    if (bytesread < reqlen) {
-                        partial = true;
+
+                // for debugging
+                reqbuf = new byte[reqlen];
+                int bytesread = 0;
+                boolean partial = false;
+
+                while (bytesread < reqlen) {
+                    int r = is.read(reqbuf, bytesread, reqlen - bytesread);
+                    if (r == -1) {
+                        throw new Exception("OCSPServlet: Client did not supply enough OCSP data");
+                    }
+                    bytesread += r;
+                    if (partial == false) {
+                        if (bytesread < reqlen) {
+                            partial = true;
+                        }
                     }
                 }
-              }
-              is = new ByteArrayInputStream(reqbuf);
+                is = new ByteArrayInputStream(reqbuf);
             } else {
-              // GET method
-              if ( (pathInfo == null)              ||
-                   (pathInfo.equals( "" ) )        ||
-                   (pathInfo.substring(1) == null) ||
-                   (pathInfo.substring(1).equals( "" ) ) ) {
-                  throw new Exception("OCSPServlet: OCSP request not provided in GET method");
-              }
-              is = new ByteArrayInputStream(
-                com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1)));
+                // GET method
+                if ((pathInfo == null) ||
+                        (pathInfo.equals("")) ||
+                        (pathInfo.substring(1) == null) ||
+                        (pathInfo.substring(1).equals(""))) {
+                    throw new Exception("OCSPServlet: OCSP request not provided in GET method");
+                }
+                is = new ByteArrayInputStream(
+                        com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1)));
             }
 
             // (1) retrieve OCSP request
@@ -183,22 +182,23 @@ public class OCSPServlet extends CMSServlet {
             OCSPResponse response = null;
 
             try {
-                OCSPRequest.Template reqTemplate = 
-                    new OCSPRequest.Template();
+                OCSPRequest.Template reqTemplate =
+                        new OCSPRequest.Template();
 
-                if ( (is == null) ||
-                     (is.toString().equals( "" ) ) ) {
-                    throw new Exception( "OCSPServlet: OCSP request is "
+                if ((is == null) ||
+                        (is.toString().equals(""))) {
+                    throw new Exception("OCSPServlet: OCSP request is "
                                        + "empty or malformed");
                 }
                 ocspReq = (OCSPRequest) reqTemplate.decode(is);
-                if ( (ocspReq == null) ||
-                     (ocspReq.toString().equals( "" ) ) ) {
-                    throw new Exception( "OCSPServlet: Decoded OCSP request "
+                if ((ocspReq == null) ||
+                        (ocspReq.toString().equals(""))) {
+                    throw new Exception("OCSPServlet: Decoded OCSP request "
                                        + "is empty or malformed");
                 }
                 response = ((IOCSPService) mAuthority).validate(ocspReq);
-            } catch (Exception e) {;
+            } catch (Exception e) {
+                ;
                 CMS.debug("OCSPServlet: " + e.toString());
             }
 
@@ -219,8 +219,8 @@ public class OCSPServlet extends CMSServlet {
                     CMS.debug("OCSPServlet: " + CMS.BtoA(ASN1Util.encode(ocspReq)));
                     TBSRequest tbsReq = ocspReq.getTBSRequest();
                     for (int i = 0; i < tbsReq.getRequestCount(); i++) {
-                       com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i);
-                       CMS.debug("Serial Number: " + req.getCertID().getSerialNumber());
+                        com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i);
+                        CMS.debug("Serial Number: " + req.getCertID().getSerialNumber());
                     }
                     CMS.debug("OCSPServlet: OCSP Response Size:");
                     CMS.debug("OCSPServlet: " + Integer.toString(respbytes.length));
@@ -232,17 +232,17 @@ public class OCSPServlet extends CMSServlet {
                     } else if (rbytes.getObjectIdentifier().equals(
                                ResponseBytes.OCSP_BASIC)) {
                         BasicOCSPResponse basicRes = (BasicOCSPResponse)
-                        BasicOCSPResponse.getTemplate().decode(
-                        new ByteArrayInputStream(rbytes.getResponse().toByteArray()));
+                                BasicOCSPResponse.getTemplate().decode(
+                                        new ByteArrayInputStream(rbytes.getResponse().toByteArray()));
                         if (basicRes == null) {
                             CMS.debug("Basic Res is null");
                         } else {
                             ResponseData data = basicRes.getResponseData();
                             for (int i = 0; i < data.getResponseCount(); i++) {
                                 SingleResponse res = data.getResponseAt(i);
-                                CMS.debug("Serial Number: " + 
-                                          res.getCertID().getSerialNumber()  + 
-                                          " Status: " + 
+                                CMS.debug("Serial Number: " +
+                                          res.getCertID().getSerialNumber() +
+                                          " Status: " +
                                           res.getCertStatus().getClass().getName());
                             }
                         }
@@ -250,14 +250,14 @@ public class OCSPServlet extends CMSServlet {
                 }
 
                 httpResp.setContentType("application/ocsp-response");
-             
+
                 httpResp.setContentLength(respbytes.length);
                 OutputStream ooss = httpResp.getOutputStream();
 
                 ooss.write(respbytes);
                 ooss.flush();
                 if (statsSub != null) {
-                  statsSub.endTiming("ocsp");
+                    statsSub.endTiming("ocsp");
                 }
 
                 mRenderResult = false;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java
index 3ec72bb8..d747bd4b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.ocsp;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -41,10 +40,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Configure the CA to no longer respond to OCSP requests for a CA
- *
+ * 
  * @version $Revision: 1274 $ $Date: 2010-09-07 22:14:41 -0700 (Tue, 07 Sep 2010) $
  */
 public class RemoveCAServlet extends CMSServlet {
@@ -58,12 +56,12 @@ public class RemoveCAServlet extends CMSServlet {
     private IOCSPAuthority mOCSPAuthority = null;
 
     private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST =
-        "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3";
+            "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3";
     private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3";
+            "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3";
 
     private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE =
-        "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3";
+            "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3";
 
     public RemoveCAServlet() {
         super();
@@ -72,7 +70,7 @@ public class RemoveCAServlet extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "addCA.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -90,18 +88,15 @@ public class RemoveCAServlet extends CMSServlet {
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param  ca id. The format is string.
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when
-     * a CA is attempted to be removed from the OCSP responder
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS
-     * and LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used when 
-     * a remove CA request to the OCSP Responder is processed successfully or not.
+     * <li>http.param ca id. The format is string.
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when a CA is attempted to be removed from the OCSP responder
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS and LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used when a remove CA request to the OCSP Responder is processed successfully or not.
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
         HttpServletResponse resp = cmsReq.getHttpResp();
         String auditMessage = null;
@@ -132,9 +127,9 @@ public class RemoveCAServlet extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -142,79 +137,78 @@ public class RemoveCAServlet extends CMSServlet {
         CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
 
         if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
-               auditSubjectID.equals(ILogger.UNIDENTIFIED))  {
+                auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
             String uid = authToken.getInString(IAuthToken.USER_ID);
             if (uid != null) {
-                CMS.debug("RemoveCAServlet: auditSubjectID set to "+uid);
+                CMS.debug("RemoveCAServlet: auditSubjectID set to " + uid);
                 auditSubjectID = uid;
             }
         }
 
-       String caID = cmsReq.getHttpReq().getParameter("caID");
-
+        String caID = cmsReq.getHttpReq().getParameter("caID");
 
-       if (caID == null) {
-           auditMessage = CMS.getLogMessage(
-               LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
-               auditSubjectID,
-               ILogger.FAILURE,
-               ILogger.SIGNED_AUDIT_EMPTY_VALUE);
+        if (caID == null) {
+            auditMessage = CMS.getLogMessage(
+                    LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
+                    auditSubjectID,
+                    ILogger.FAILURE,
+                    ILogger.SIGNED_AUDIT_EMPTY_VALUE);
 
-           throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_ID"));
-       }
+            throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_ID"));
+        }
 
-       auditMessage = CMS.getLogMessage(
+        auditMessage = CMS.getLogMessage(
                 LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST,
                 auditSubjectID,
                 ILogger.SUCCESS,
                 caID);
 
-       audit( auditMessage );
+        audit(auditMessage);
 
-       IDefStore defStore = mOCSPAuthority.getDefaultStore();
+        IDefStore defStore = mOCSPAuthority.getDefaultStore();
 
-       try { 
-        defStore.deleteCRLIssuingPointRecord(caID);
+        try {
+            defStore.deleteCRLIssuingPointRecord(caID);
 
-       } catch (EBaseException e) {
+        } catch (EBaseException e) {
 
-           auditMessage = CMS.getLogMessage(
-               LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
-               auditSubjectID,
-               ILogger.FAILURE,
-               caID);
-           audit( auditMessage );
+            auditMessage = CMS.getLogMessage(
+                    LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
+                    auditSubjectID,
+                    ILogger.FAILURE,
+                    caID);
+            audit(auditMessage);
 
-           CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " + caID);
-           throw new EBaseException(e.toString());
+            CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " + caID);
+            throw new EBaseException(e.toString());
         }
 
         CMS.debug("RemoveCAServlet::process: CRL IssuingPoint for CA successfully removed: " + caID);
 
         auditMessage = CMS.getLogMessage(
-             LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,
-             auditSubjectID,
-             ILogger.SUCCESS,
-             caID);
-        audit( auditMessage );
+                LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,
+                auditSubjectID,
+                ILogger.SUCCESS,
+                caID);
+        audit(auditMessage);
 
         try {
             ServletOutputStream out = resp.getOutputStream();
             String error = null;
 
             String xmlOutput = req.getParameter("xml");
-			if (xmlOutput != null && xmlOutput.equals("true")) {
-			  outputXML(resp, argSet);
-			} else {
-			  resp.setContentType("text/html");
-			  form.renderOutput(out, argSet);
-			  cmsReq.setStatus(CMSRequest.SUCCESS);
-			}
+            if (xmlOutput != null && xmlOutput.equals("true")) {
+                outputXML(resp, argSet);
+            } else {
+                resp.setContentType("text/html");
+                form.renderOutput(out, argSet);
+                cmsReq.setStatus(CMSRequest.SUCCESS);
+            }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
index 1e44dad1..f2b3f57a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.processors;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -72,11 +71,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Process CMC messages according to RFC 2797
  * See http://www.ietf.org/rfc/rfc2797.txt
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMCProcessor extends PKIProcessor {
@@ -95,18 +93,18 @@ public class CMCProcessor extends PKIProcessor {
     }
 
     public void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
     }
 
     public void fillCertInfo(
-        String protocolString, X509CertInfo certInfo,
-        IAuthToken authToken, IArgBlock httpParams)
-        throws EBaseException {
+            String protocolString, X509CertInfo certInfo,
+            IAuthToken authToken, IArgBlock httpParams)
+            throws EBaseException {
     }
 
     public X509CertInfo[] fillCertInfoArray(
-        String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
-        throws EBaseException {
+            String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
+            throws EBaseException {
 
         CMS.debug("CMCProcessor: In CMCProcessor.fillCertInfoArray!");
         String cmc = protocolString;
@@ -114,17 +112,16 @@ public class CMCProcessor extends PKIProcessor {
         try {
             byte[] cmcBlob = CMS.AtoB(cmc);
             ByteArrayInputStream cmcBlobIn =
-                new ByteArrayInputStream(cmcBlob);
+                    new ByteArrayInputStream(cmcBlob);
 
             org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo)
-                org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
+                    org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
 
-            if
-            (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent())
+            if (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent())
                 throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT"));
 
             SignedData cmcFullReq = (SignedData)
-                cmcReq.getInterpretedContent();
+                    cmcReq.getInterpretedContent();
 
             EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
 
@@ -132,7 +129,7 @@ public class CMCProcessor extends PKIProcessor {
 
             if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) {
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_NO_PKIDATA"));
+                        CMS.getUserMessage("CMS_GW_NO_PKIDATA"));
             }
             OCTET_STRING content = ci.getContent();
 
@@ -144,7 +141,7 @@ public class CMCProcessor extends PKIProcessor {
             int numReqs = reqSequence.size();
             X509CertInfo[] certInfoArray = new X509CertInfo[numReqs];
             String[] reqIdArray = new String[numReqs];
-            
+
             for (int i = 0; i < numReqs; i++) {
                 // decode message.
                 TaggedRequest taggedRequest = (TaggedRequest) reqSequence.elementAt(i);
@@ -158,7 +155,7 @@ public class CMCProcessor extends PKIProcessor {
                     reqIdArray[i] = String.valueOf(p10Id);
 
                     CertificationRequest p10 =
-                        tcr.getCertificationRequest();
+                            tcr.getCertificationRequest();
 
                     // transfer to sun class
                     ByteArrayOutputStream ostream = new ByteArrayOutputStream();
@@ -195,7 +192,7 @@ public class CMCProcessor extends PKIProcessor {
 
                     reqIdArray[i] = String.valueOf(srcId);
 
-                    certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams); 
+                    certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams);
 
                 } else {
                     throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT"));
@@ -209,12 +206,12 @@ public class CMCProcessor extends PKIProcessor {
 
             for (int i = 0; i < numDig; i++) {
                 AlgorithmIdentifier dai =
-                    (AlgorithmIdentifier) dais.elementAt(i);
+                        (AlgorithmIdentifier) dais.elementAt(i);
                 String name =
-                    DigestAlgorithm.fromOID(dai.getOID()).toString();
+                        DigestAlgorithm.fromOID(dai.getOID()).toString();
 
                 MessageDigest md =
-                    MessageDigest.getInstance(name);
+                        MessageDigest.getInstance(name);
 
                 byte[] digest = md.digest(content.toByteArray());
 
@@ -226,8 +223,8 @@ public class CMCProcessor extends PKIProcessor {
 
             for (int i = 0; i < numSis; i++) {
                 org.mozilla.jss.pkix.cms.SignerInfo si =
-                    (org.mozilla.jss.pkix.cms.SignerInfo)
-                    sis.elementAt(i);
+                        (org.mozilla.jss.pkix.cms.SignerInfo)
+                        sis.elementAt(i);
 
                 String name = si.getDigestAlgorithm().toString();
                 byte[] digest = (byte[]) digs.get(name);
@@ -243,8 +240,7 @@ public class CMCProcessor extends PKIProcessor {
 
                 SignerIdentifier sid = si.getSignerIdentifier();
 
-                if
-                (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
+                if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
                     IssuerAndSerialNumber issuerAndSerialNumber = sid.getIssuerAndSerialNumber();
                     // find from the certs in the signedData
                     X509Certificate cert = null;
@@ -255,20 +251,19 @@ public class CMCProcessor extends PKIProcessor {
 
                         for (int j = 0; j < numCerts; j++) {
                             Certificate certJss =
-                                (Certificate) certs.elementAt(j);
+                                    (Certificate) certs.elementAt(j);
                             CertificateInfo certI =
-                                certJss.getInfo();
+                                    certJss.getInfo();
                             Name issuer = certI.getIssuer();
                             byte[] issuerB = ASN1Util.encode(issuer);
 
                             INTEGER sn = certI.getSerialNumber();
 
-                            if (
-                                new String(issuerB).equals(new
+                            if (new String(issuerB).equals(new
                                     String(ASN1Util.encode(issuerAndSerialNumber.getIssuer())))
-                                && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
+                                    && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
                                 ByteArrayOutputStream os = new
-                                    ByteArrayOutputStream();
+                                        ByteArrayOutputStream();
 
                                 certJss.encode(os);
                                 cert = new X509CertImpl(os.toByteArray());
@@ -296,8 +291,8 @@ public class CMCProcessor extends PKIProcessor {
                         } else {
                         }
                         PK11PubKey pubK =
-                            PK11PubKey.fromRaw(keyType,
-                                ((X509Key) signKey).getKey());
+                                PK11PubKey.fromRaw(keyType,
+                                        ((X509Key) signKey).getKey());
 
                         si.verify(digest, id, pubK);
                     }
@@ -321,8 +316,7 @@ public class CMCProcessor extends PKIProcessor {
                         j++;
                     }
                     if (signKey == null) {
-                        throw new
-                            ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR",
+                        throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR",
                                 "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request."));
                     } else {
                         PrivateKey.Type keyType = null;
@@ -352,7 +346,7 @@ public class CMCProcessor extends PKIProcessor {
 
             for (int i = 0; i < numControls; i++) {
                 TaggedAttribute control =
-                    (TaggedAttribute) controls.elementAt(i);
+                        (TaggedAttribute) controls.elementAt(i);
                 OBJECT_IDENTIFIER type = control.getType();
                 SET values = control.getValues();
                 int numVals = values.size();
@@ -364,7 +358,7 @@ public class CMCProcessor extends PKIProcessor {
                         vals = new String[numVals];
                     for (int j = 0; j < numVals; j++) {
                         ANY val = (ANY)
-                            values.elementAt(j);
+                                values.elementAt(j);
                         INTEGER transId = (INTEGER) ((ANY) val).decodeWith(
                                 INTEGER.getTemplate());
 
@@ -374,17 +368,16 @@ public class CMCProcessor extends PKIProcessor {
                     }
                     if (vals != null)
                         req.setExtData(IRequest.CMC_TRANSID, vals);
-                } else if
-                (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
+                } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
                     String[] vals = null;
 
                     if (numVals > 0)
                         vals = new String[numVals];
                     for (int j = 0; j < numVals; j++) {
                         ANY val = (ANY)
-                            values.elementAt(j);
+                                values.elementAt(j);
                         OCTET_STRING nonce = (OCTET_STRING)
-                            ((ANY) val).decodeWith(OCTET_STRING.getTemplate());
+                                ((ANY) val).decodeWith(OCTET_STRING.getTemplate());
 
                         if (nonce != null) {
                             vals[j] = new String(nonce.toByteArray());
@@ -409,27 +402,27 @@ public class CMCProcessor extends PKIProcessor {
             return certInfoArray;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
         } catch (InvalidBERException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
         } catch (InvalidKeyException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
-        }catch (Exception e) {
+                    CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+        } catch (Exception e) {
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString()));
+                    CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString()));
         }
 
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
index 27648758..dcfb3eae 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.processors;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -56,11 +55,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Process CRMF requests, according to RFC 2511
  * See http://www.ietf.org/rfc/rfc2511.txt
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CRMFProcessor extends PKIProcessor {
@@ -70,7 +68,7 @@ public class CRMFProcessor extends PKIProcessor {
     private boolean enforcePop = false;
 
     private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION =
-        "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
+            "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
 
     public CRMFProcessor() {
         super();
@@ -84,22 +82,22 @@ public class CRMFProcessor extends PKIProcessor {
     }
 
     public void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
     }
 
     /**
      * Verify Proof of Possession (POP)
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof
-     * of possession is checked during certificate enrollment
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof of possession is checked during certificate enrollment
      * </ul>
+     * 
      * @param certReqMsg the certificate request message
      * @exception EBaseException an error has occurred
      */
     private void verifyPOP(CertReqMsg certReqMsg)
-        throws EBaseException {
+            throws EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -118,59 +116,59 @@ public class CRMFProcessor extends PKIProcessor {
 
                         // store a message in the signed audit log file
                         auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-                            auditSubjectID,
-                            ILogger.SUCCESS );
+                                LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+                                auditSubjectID,
+                                ILogger.SUCCESS);
 
-                        audit( auditMessage );
+                        audit(auditMessage);
                     } catch (Exception e) {
                         CMS.debug("CRMFProcessor: Failed POP verify!");
 
                         log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
+                                CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
 
                         // store a message in the signed audit log file
                         auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-                            auditSubjectID,
-                            ILogger.FAILURE );
+                                LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+                                auditSubjectID,
+                                ILogger.FAILURE);
 
-                        audit( auditMessage );
+                        audit(auditMessage);
 
                         throw new ECMSGWException(
-                            CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
+                                CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
                     }
                 }
             } else {
                 if (enforcePop == true) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
+                            CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
 
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-                        auditSubjectID,
-                        ILogger.FAILURE );
+                            LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+                            auditSubjectID,
+                            ILogger.FAILURE);
 
-                    audit( auditMessage );
+                    audit(auditMessage);
 
                     throw new ECMSGWException(
-                        CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
+                            CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
                 }
             }
-        } catch( EBaseException eAudit1 ) {
+        } catch (EBaseException eAudit1) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-                auditSubjectID,
-                ILogger.FAILURE );
+                    LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+                    auditSubjectID,
+                    ILogger.FAILURE);
 
-            audit( auditMessage );
+            audit(auditMessage);
         }
     }
 
-    public X509CertInfo  processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams)
-        throws EBaseException {
+    public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams)
+            throws EBaseException {
         CMS.debug("CRMFProcessor::processIndividualRequest!");
 
         try {
@@ -205,21 +203,21 @@ public class CRMFProcessor extends PKIProcessor {
             if (certTemplate.hasSubject()) {
                 Name subjectdn = certTemplate.getSubject();
                 ByteArrayOutputStream subjectEncStream =
-                    new ByteArrayOutputStream();
+                        new ByteArrayOutputStream();
 
                 subjectdn.encode(subjectEncStream);
                 byte[] subjectEnc = subjectEncStream.toByteArray();
                 X500Name subject = new X500Name(subjectEnc);
 
                 certInfo.set(X509CertInfo.SUBJECT,
-                    new CertificateSubjectName(subject));
+                        new CertificateSubjectName(subject));
             } else if (authToken == null ||
-                authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
+                    authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
                 // No subject name - error!
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+                        CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+                        CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
             }
 
             // get extensions
@@ -243,10 +241,10 @@ public class CRMFProcessor extends PKIProcessor {
 
                 for (int j = 0; j < numexts; j++) {
                     org.mozilla.jss.pkix.cert.Extension jssext =
-                        certTemplate.extensionAt(j);
+                            certTemplate.extensionAt(j);
                     boolean isCritical = jssext.getCritical();
                     org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
-                        jssext.getExtnId();
+                            jssext.getExtnId();
                     long[] numbers = jssoid.getNumbers();
                     int[] oidNumbers = new int[numbers.length];
 
@@ -254,23 +252,23 @@ public class CRMFProcessor extends PKIProcessor {
                         oidNumbers[k] = (int) numbers[k];
                     }
                     ObjectIdentifier oid =
-                        new ObjectIdentifier(oidNumbers);
+                            new ObjectIdentifier(oidNumbers);
                     org.mozilla.jss.asn1.OCTET_STRING jssvalue =
-                        jssext.getExtnValue();
+                            jssext.getExtnValue();
                     ByteArrayOutputStream jssvalueout =
-                        new ByteArrayOutputStream();
+                            new ByteArrayOutputStream();
 
                     jssvalue.encode(jssvalueout);
                     byte[] extValue = jssvalueout.toByteArray();
 
                     Extension ext =
-                        new Extension(oid, isCritical, extValue);
+                            new Extension(oid, isCritical, extValue);
 
                     extensions.parseExtension(ext);
                 }
 
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
 
             }
@@ -283,7 +281,7 @@ public class CRMFProcessor extends PKIProcessor {
             // formulation.
             // -- CRMFfillCert
             if (authToken != null &&
-                authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
+                    authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
                 // if authenticated override subect name, validity and
                 // extensions if any from authtoken.
                 fillCertInfoFromAuthToken(certInfo, authToken);
@@ -300,31 +298,31 @@ public class CRMFProcessor extends PKIProcessor {
 
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
         } /* catch (InvalidBERException e) {
-         log(ILogger.LL_FAILURE,
-         CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString()));
-         throw new ECMSGWException(
-         CMSGWResources.ERROR_CRMF_TO_CERTINFO);
-         } */ catch (InvalidKeyException e) {
+          log(ILogger.LL_FAILURE,
+          CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString()));
+          throw new ECMSGWException(
+          CMSGWResources.ERROR_CRMF_TO_CERTINFO);
+          } */catch (InvalidKeyException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
         }
 
     }
 
     public X509CertInfo[] fillCertInfoArray(
-        String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
-        throws EBaseException {
+            String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
+            throws EBaseException {
 
         CMS.debug("CRMFProcessor.fillCertInfoArray!");
 
@@ -333,10 +331,10 @@ public class CRMFProcessor extends PKIProcessor {
         try {
             byte[] crmfBlob = CMS.AtoB(crmf);
             ByteArrayInputStream crmfBlobIn =
-                new ByteArrayInputStream(crmfBlob);
+                    new ByteArrayInputStream(crmfBlob);
 
             SEQUENCE crmfMsgs = (SEQUENCE)
-                new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
+                    new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
 
             int nummsgs = crmfMsgs.size();
             X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs];
@@ -344,7 +342,7 @@ public class CRMFProcessor extends PKIProcessor {
             for (int i = 0; i < nummsgs; i++) {
                 // decode message.
                 CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i);
-             
+
                 CertRequest certReq = certReqMsg.getCertReq();
                 INTEGER certReqId = certReq.getCertReqId();
                 int srcId = certReqId.intValue();
@@ -360,15 +358,14 @@ public class CRMFProcessor extends PKIProcessor {
             return certInfoArray;
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
         } catch (InvalidBERException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java
index d021f653..9139f888 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java
@@ -17,19 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.processors;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
  * This represents the request parser.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPKIProcessor {
 
     public void process(CMSRequest cmsReq)
-        throws EBaseException;
+            throws EBaseException;
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java
index cc035033..cfe9754a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.processors;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 
@@ -37,11 +36,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * KeyGenProcess parses Certificate request matching the
  * KEYGEN tag format used by Netscape Communicator 4.x
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class KeyGenProcessor extends PKIProcessor {
@@ -56,13 +54,13 @@ public class KeyGenProcessor extends PKIProcessor {
     }
 
     public void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
     }
 
     public void fillCertInfo(
-        String protocolString, X509CertInfo certInfo,
-        IAuthToken authToken, IArgBlock httpParams)
-        throws EBaseException {
+            String protocolString, X509CertInfo certInfo,
+            IAuthToken authToken, IArgBlock httpParams)
+            throws EBaseException {
 
         CMS.debug("KeyGenProcessor: fillCertInfo");
 
@@ -72,7 +70,7 @@ public class KeyGenProcessor extends PKIProcessor {
 
         KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo(
                 PKIProcessor.SUBJECT_KEYGEN_INFO, null);
-    
+
         // fill key
         X509Key key = null;
 
@@ -80,20 +78,20 @@ public class KeyGenProcessor extends PKIProcessor {
         if (key == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO"));
+                    CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO"));
         }
         try {
             certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE,
-                "Could not set key into certInfo from keygen. Error " + e);
+                    "Could not set key into certInfo from keygen. Error " + e);
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
+                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
+                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
         }
 
         String authMgr = mServlet.getAuthMgr();
@@ -106,12 +104,12 @@ public class KeyGenProcessor extends PKIProcessor {
             if (authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
                 // allow special case for agent gateway in admin enroll
                 // and bulk issuance.
-                if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) && 
-                    !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
+                if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) &&
+                        !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+                            CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+                            CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
                 }
                 fillCertInfoFromForm(certInfo, httpParams);
             } else {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
index 53d38455..dad4b64a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.processors;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 
@@ -46,12 +45,11 @@ import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * PKCS10Processor process Certificate Requests in
  * PKCS10 format, as defined here:
  * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PKCS10Processor extends PKIProcessor {
@@ -61,7 +59,7 @@ public class PKCS10Processor extends PKIProcessor {
     private final String USE_INTERNAL_PKCS10 = "internal";
 
     public PKCS10Processor() {
-    
+
         super();
     }
 
@@ -71,24 +69,24 @@ public class PKCS10Processor extends PKIProcessor {
     }
 
     public void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
     }
 
-    public    void fillCertInfo(
-        PKCS10 pkcs10, X509CertInfo certInfo,
-        IAuthToken authToken, IArgBlock httpParams)
-        throws EBaseException {
+    public void fillCertInfo(
+            PKCS10 pkcs10, X509CertInfo certInfo,
+            IAuthToken authToken, IArgBlock httpParams)
+            throws EBaseException {
 
         mPkcs10 = pkcs10;
-    
-        fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams); 
+
+        fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams);
 
     }
 
     public void fillCertInfo(
-        String protocolString, X509CertInfo certInfo,
-        IAuthToken authToken, IArgBlock httpParams)
-        throws EBaseException {
+            String protocolString, X509CertInfo certInfo,
+            IAuthToken authToken, IArgBlock httpParams)
+            throws EBaseException {
 
         PKCS10 p10 = null;
 
@@ -99,8 +97,8 @@ public class PKCS10Processor extends PKIProcessor {
         } else if (protocolString.equals(USE_INTERNAL_PKCS10)) {
             p10 = mPkcs10;
         } else {
-            CMS.debug( "PKCS10Processor::fillCertInfo() - p10 is null!" );
-            throw new EBaseException( "p10 is null" );
+            CMS.debug("PKCS10Processor::fillCertInfo() - p10 is null!");
+            throw new EBaseException("p10 is null");
         }
 
         if (mServlet == null) {
@@ -123,7 +121,7 @@ public class PKCS10Processor extends PKIProcessor {
             certInfo.set(X509CertInfo.KEY, certKey);
         } catch (CertificateException e) {
             EBaseException ex = new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
 
             log(ILogger.LL_FAILURE, ex.toString());
             throw ex;
@@ -140,31 +138,31 @@ public class PKCS10Processor extends PKIProcessor {
         if (subject != null) {
             try {
                 certInfo.set(X509CertInfo.SUBJECT,
-                    new CertificateSubjectName(subject));
+                        new CertificateSubjectName(subject));
                 log(ILogger.LL_INFO,
-                    "Setting subject name " + subject + " from p10.");
+                        "Setting subject name " + subject + " from p10.");
             } catch (CertificateException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+                        CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+                        CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+                        CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+                        CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
             } catch (Exception e) {
                 // if anything bad happens in X500 name parsing,
                 // this will catch it.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+                        CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+                        CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
             }
         } else if (authToken == null ||
-            authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
+                authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10"));
+                    CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10"));
             throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10"));
         }
 
@@ -177,12 +175,12 @@ public class PKCS10Processor extends PKIProcessor {
 
             if (p10Attrs != null) {
                 PKCS10Attribute p10Attr = (PKCS10Attribute)
-                    (p10Attrs.getAttribute(CertificateExtensions.NAME));
+                        (p10Attrs.getAttribute(CertificateExtensions.NAME));
 
                 if (p10Attr != null && p10Attr.getAttributeId().equals(
                         PKCS9Attribute.EXTENSION_REQUEST_OID)) {
                     Extensions exts0 = (Extensions)
-                        (p10Attr.getAttributeValue());
+                            (p10Attr.getAttributeValue());
                     DerOutputStream extOut = new DerOutputStream();
 
                     exts0.encode(extOut);
@@ -196,23 +194,23 @@ public class PKCS10Processor extends PKIProcessor {
                 }
             }
             CMS.debug(
-                "PKCS10Processor: Seted cert extensions from pkcs10. ");
+                    "PKCS10Processor: Seted cert extensions from pkcs10. ");
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
+                    CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
             throw new ECMSGWException(
                     CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
 
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
+                    CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
             throw new ECMSGWException(
                     CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
         } catch (Exception e) {
             // if anything bad happens in extensions parsing,
             // this will catch it.
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
+                    CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
             throw new ECMSGWException(
                     CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
         }
@@ -223,8 +221,8 @@ public class PKCS10Processor extends PKIProcessor {
         String authMgr = mServlet.getAuthMgr();
 
         if (authToken != null &&
-            authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null &&
-            !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) { 
+                authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null &&
+                !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) {
             fillCertInfoFromAuthToken(certInfo, authToken);
         }
 
@@ -233,12 +231,12 @@ public class PKCS10Processor extends PKIProcessor {
         // from the http parameters.
         if (mServletId.equals(PKIProcessor.ADMIN_ENROLL_SERVLET_ID)) {
             fillValidityFromForm(certInfo, httpParams);
-        }    
-      
+        }
+
     }
 
     private PKCS10 getPKCS10(IArgBlock httpParams)
-        throws EBaseException {
+            throws EBaseException {
 
         PKCS10 pkcs10 = null;
 
@@ -277,7 +275,7 @@ public class PKCS10Processor extends PKIProcessor {
             try {
                 // coming from server cut & paste blob.
                 pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null);
-            }catch (Exception ex) {
+            } catch (Exception ex) {
                 ex.printStackTrace();
             }
         }
@@ -286,4 +284,4 @@ public class PKCS10Processor extends PKIProcessor {
 
     }
 
-}  
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
index 625808d7..df7b0c3d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.processors;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Date;
@@ -42,10 +41,9 @@ import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Process Certificate Requests
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PKIProcessor implements IPKIProcessor {
@@ -57,7 +55,7 @@ public class PKIProcessor implements IPKIProcessor {
     public static final String PKCS10_REQUEST = "pkcs10Request";
     public static final String SUBJECT_KEYGEN_INFO = "subjectKeyGenInfo";
 
-    protected CMSRequest mRequest = null;   
+    protected CMSRequest mRequest = null;
 
     protected HttpServletRequest httpReq = null;
     protected String mServletId = null;
@@ -84,18 +82,18 @@ public class PKIProcessor implements IPKIProcessor {
     }
 
     public void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
     }
 
     protected void fillCertInfo(
-        String protocolString, X509CertInfo certInfo, 
-        IAuthToken authToken, IArgBlock httpParams)
-        throws EBaseException { 
+            String protocolString, X509CertInfo certInfo,
+            IAuthToken authToken, IArgBlock httpParams)
+            throws EBaseException {
     }
 
     protected X509CertInfo[] fillCertInfoArray(
-        String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
-        throws EBaseException {
+            String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
+            throws EBaseException {
         return null;
     }
 
@@ -106,8 +104,8 @@ public class PKIProcessor implements IPKIProcessor {
      * requests not authenticated will need to be approved by an agent.
      */
     public static void fillCertInfoFromAuthToken(
-        X509CertInfo certInfo, IAuthToken authToken)
-        throws EBaseException {
+            X509CertInfo certInfo, IAuthToken authToken)
+            throws EBaseException {
         // override subject, validity and extensions from auth token
         // CA determines algorithm, version and issuer.
         // take key from keygen, cmc, pkcs10 or crmf.
@@ -116,60 +114,60 @@ public class PKIProcessor implements IPKIProcessor {
         // subject name.
         try {
             String subjectname =
-                authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
+                    authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
 
             if (subjectname != null) {
                 CertificateSubjectName certSubject = (CertificateSubjectName)
-                    new CertificateSubjectName(new X500Name(subjectname));
+                        new CertificateSubjectName(new X500Name(subjectname));
 
                 certInfo.set(X509CertInfo.SUBJECT, certSubject);
                 log(ILogger.LL_INFO,
-                    "cert subject set to " + certSubject + " from authtoken");
+                        "cert subject set to " + certSubject + " from authtoken");
             }
         } catch (CertificateException e) {
             log(ILogger.LL_WARN,
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
-                    e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
+                            e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
         } catch (IOException e) {
             log(ILogger.LL_WARN,
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME",
-                    e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME",
+                            e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
         }
 
         // validity
         try {
             CertificateValidity validity = null;
             Date notBefore =
-                authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
+                    authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
             Date notAfter =
-                authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
+                    authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
 
             if (notBefore != null && notAfter != null) {
                 validity = new CertificateValidity(notBefore, notAfter);
                 certInfo.set(X509CertInfo.VALIDITY, validity);
                 log(ILogger.LL_INFO,
-                    "cert validity set to " + validity + " from authtoken");
+                        "cert validity set to " + validity + " from authtoken");
             }
         } catch (CertificateException e) {
             log(ILogger.LL_WARN,
-                CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
         } catch (IOException e) {
             log(ILogger.LL_WARN,
-                CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
         }
 
         // extensions
         try {
             CertificateExtensions extensions =
-                authToken.getInCertExts(X509CertInfo.EXTENSIONS);
+                    authToken.getInCertExts(X509CertInfo.EXTENSIONS);
 
             if (extensions != null) {
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
@@ -177,14 +175,14 @@ public class PKIProcessor implements IPKIProcessor {
             }
         } catch (CertificateException e) {
             log(ILogger.LL_WARN,
-                CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
         } catch (IOException e) {
             log(ILogger.LL_WARN,
-                CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
         }
     }
 
@@ -195,8 +193,8 @@ public class PKIProcessor implements IPKIProcessor {
      * all be seen by and agent.
      */
     public static void fillCertInfoFromForm(
-        X509CertInfo certInfo, IArgBlock httpParams)
-        throws EBaseException {
+            X509CertInfo certInfo, IArgBlock httpParams)
+            throws EBaseException {
 
         CMS.debug("PKIProcessor: fillCertInfoFromForm");
         // subject name.
@@ -205,41 +203,41 @@ public class PKIProcessor implements IPKIProcessor {
 
             if (subject == null) {
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM"));
+                        CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM"));
             }
 
             X500Name x500name = new X500Name(subject);
 
             certInfo.set(
-                X509CertInfo.SUBJECT, new CertificateSubjectName(x500name));
+                    X509CertInfo.SUBJECT, new CertificateSubjectName(x500name));
 
             fillValidityFromForm(certInfo, httpParams);
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
         } catch (IllegalArgumentException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS"));
+                    CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR"));
         }
 
         // requested extensions.
         // let polcies form extensions from http input.
     }
 
-    public static  void fillValidityFromForm(
-        X509CertInfo certInfo, IArgBlock httpParams)
-        throws EBaseException {
+    public static void fillValidityFromForm(
+            X509CertInfo certInfo, IArgBlock httpParams)
+            throws EBaseException {
         CMS.debug("PKIProcessor: fillValidityFromForm!");
         try {
             String notValidBeforeStr = httpParams.getValueAsString("notValidBefore", null);
@@ -267,43 +265,43 @@ public class PKIProcessor implements IPKIProcessor {
                         validity = new CertificateValidity(notBefore, notAfter);
                         certInfo.set(X509CertInfo.VALIDITY, validity);
                         log(ILogger.LL_INFO,
-                            "cert validity set to " + validity + " from authtoken");
+                                "cert validity set to " + validity + " from authtoken");
                     }
                 }
             }
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
         }
     }
 
     /**
      * log according to authority category.
      */
-    public static void  log(int event, int level, String msg) {
+    public static void log(int event, int level, String msg) {
         CMS.getLogger().log(event, ILogger.S_OTHER, level,
-            "PKIProcessor " + ": " + msg);
+                "PKIProcessor " + ": " + msg);
     }
 
     public static void log(int level, String msg) {
         CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
-            "PKIProcessor " + ": " + msg);
+                "PKIProcessor " + ": " + msg);
     }
 
     /**
      * Signed Audit Log
-     *
+     * 
      * This method is inherited by all extended "CMSServlet"s,
      * and is called to store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
     protected void audit(String msg) {
@@ -315,20 +313,20 @@ public class PKIProcessor implements IPKIProcessor {
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     /**
      * Signed Audit Log Subject ID
-     *
+     * 
      * This method is inherited by all extended "CMSServlet"s,
      * and is called to obtain the "SubjectID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message SubjectID
      */
     protected String auditSubjectID() {
@@ -358,4 +356,3 @@ public class PKIProcessor implements IPKIProcessor {
         return subjectID;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
index da24d2c2..dafdb33d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.profile;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 
@@ -46,10 +45,9 @@ import com.netscape.certsrv.template.ArgList;
 import com.netscape.certsrv.template.ArgSet;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
  * Toggle the approval state of a profile
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileApproveServlet extends ProfileServlet {
@@ -59,10 +57,10 @@ public class ProfileApproveServlet extends ProfileServlet {
      */
     private static final long serialVersionUID = 3956879326742839550L;
     private static final String PROP_AUTHORITY_ID = "authorityId";
-    private String mAuthorityId = null; 
+    private String mAuthorityId = null;
 
     private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL =
-        "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4";
+            "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4";
     private final static String OP_APPROVE = "approve";
     private final static String OP_DISAPPROVE = "disapprove";
 
@@ -73,7 +71,7 @@ public class ProfileApproveServlet extends ProfileServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "ImportCert.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -84,13 +82,12 @@ public class ProfileApproveServlet extends ProfileServlet {
     /**
      * Process the HTTP request.
      * <P>
-     *
+     * 
      * <ul>
      * <li>http.param profileId the id of the profile to change
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an
-     * agent approves/disapproves a cert profile set by the administrator for
-     * automatic approval
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an agent approves/disapproves a cert profile set by the administrator for automatic approval
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      * @exception EBaseException an error has occurred
      */
@@ -126,8 +123,8 @@ public class ProfileApproveServlet extends ProfileServlet {
                 auditSubjectID = auditSubjectID();
                 CMS.debug(e.toString());
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
-                        e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+                                e.toString()));
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_AUTHENTICATION_ERROR"));
@@ -153,12 +150,12 @@ public class ProfileApproveServlet extends ProfileServlet {
                             mAuthzResourceName, "approve");
             } catch (EAuthzAccessDenied e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
-                        e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+                                e.toString()));
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
-                        e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+                                e.toString()));
             }
 
             if (authzToken == null) {
@@ -214,8 +211,8 @@ public class ProfileApproveServlet extends ProfileServlet {
             IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId);
 
             if (authority == null) {
-                CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId + 
-                    " not found");
+                CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId +
+                        " not found");
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_INTERNAL_ERROR"));
@@ -236,8 +233,8 @@ public class ProfileApproveServlet extends ProfileServlet {
             IRequestQueue queue = authority.getRequestQueue();
 
             if (queue == null) {
-                CMS.debug("ProfileApproveServlet: Request Queue of " + 
-                    mAuthorityId + " not found");
+                CMS.debug("ProfileApproveServlet: Request Queue of " +
+                        mAuthorityId + " not found");
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_INTERNAL_ERROR"));
@@ -265,31 +262,31 @@ public class ProfileApproveServlet extends ProfileServlet {
 
             try {
                 if (ps.isProfileEnable(profileId)) {
-                  if (ps.checkOwner()) {
-                    if (ps.getProfileEnableBy(profileId).equals(userid)) {
-                        ps.disableProfile(profileId);
-                    } else {
-                        // only enableBy can disable profile
-                        args.set(ARG_ERROR_CODE, "1");
-                        args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                                "CMS_PROFILE_NOT_OWNER"));
-                        outputTemplate(request, response, args); 
-
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
+                    if (ps.checkOwner()) {
+                        if (ps.getProfileEnableBy(profileId).equals(userid)) {
+                            ps.disableProfile(profileId);
+                        } else {
+                            // only enableBy can disable profile
+                            args.set(ARG_ERROR_CODE, "1");
+                            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+                                    "CMS_PROFILE_NOT_OWNER"));
+                            outputTemplate(request, response, args);
+
+                            // store a message in the signed audit log file
+                            auditMessage = CMS.getLogMessage(
                                     LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
                                     auditSubjectID,
                                     ILogger.FAILURE,
                                     auditProfileID,
                                     auditProfileOp);
 
-                        audit(auditMessage);
+                            audit(auditMessage);
 
-                        return;
+                            return;
+                        }
+                    } else {
+                        ps.disableProfile(profileId);
                     }
-                  } else {
-                     ps.disableProfile(profileId);
-                  }
                 } else {
                     ps.enableProfile(profileId, userid);
                 }
@@ -305,8 +302,8 @@ public class ProfileApproveServlet extends ProfileServlet {
                 audit(auditMessage);
             } catch (EProfileException e) {
                 // profile not enabled
-                CMS.debug("ProfileApproveServlet: profile not error " + 
-                    e.toString());
+                CMS.debug("ProfileApproveServlet: profile not error " +
+                        e.toString());
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_INTERNAL_ERROR"));
@@ -356,8 +353,8 @@ public class ProfileApproveServlet extends ProfileServlet {
             profile = ps.getProfile(profileId);
         } catch (EProfileException e) {
             // profile not found
-            CMS.debug("ProfileApproveServlet: profile not found " + 
-                e.toString());
+            CMS.debug("ProfileApproveServlet: profile not found " +
+                    e.toString());
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, e.toString());
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
@@ -386,13 +383,13 @@ public class ProfileApproveServlet extends ProfileServlet {
             while (policyIds.hasMoreElements()) {
                 String id = (String) policyIds.nextElement();
                 IProfilePolicy policy = (IProfilePolicy)
-                    profile.getProfilePolicy(setId, id);
+                        profile.getProfilePolicy(setId, id);
 
                 // (3) query all the profile policies
                 // (4) default plugins convert request parameters
                 //     into string http parameters
                 handlePolicy(list, response, locale,
-                    id, policy);
+                        id, policy);
             }
             ArgSet setArg = new ArgSet();
 
@@ -403,8 +400,8 @@ public class ProfileApproveServlet extends ProfileServlet {
         args.set(ARG_POLICY_SET_LIST, setlist);
 
         args.set(ARG_PROFILE_ID, profileId);
-        args.set(ARG_PROFILE_IS_ENABLED, 
-            Boolean.toString(ps.isProfileEnable(profileId)));
+        args.set(ARG_PROFILE_IS_ENABLED,
+                Boolean.toString(ps.isProfileEnable(profileId)));
         args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId));
         args.set(ARG_PROFILE_NAME, profile.getName(locale));
         args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
@@ -413,8 +410,8 @@ public class ProfileApproveServlet extends ProfileServlet {
         outputTemplate(request, response, args);
     }
 
-    private void handlePolicy(ArgList list, ServletResponse response, 
-        Locale locale, String id, IProfilePolicy policy) {
+    private void handlePolicy(ArgList list, ServletResponse response,
+            Locale locale, String id, IProfilePolicy policy) {
         ArgSet set = new ArgSet();
 
         set.set(ARG_POLICY_ID, id);
@@ -434,19 +431,19 @@ public class ProfileApproveServlet extends ProfileServlet {
                 String defName = (String) defNames.nextElement();
                 IDescriptor defDesc = def.getValueDescriptor(locale, defName);
                 if (defDesc == null) {
-                  CMS.debug("defName=" + defName);
+                    CMS.debug("defName=" + defName);
                 } else {
-                  String defSyntax = defDesc.getSyntax();
-                  String defConstraint = defDesc.getConstraint();
-                  String defValueName = defDesc.getDescription(locale);
-                  String defValue = null;
-
-                  defset.set(ARG_DEF_ID, defName);
-                  defset.set(ARG_DEF_SYNTAX, defSyntax);
-                  defset.set(ARG_DEF_CONSTRAINT, defConstraint);
-                  defset.set(ARG_DEF_NAME, defValueName);
-                  defset.set(ARG_DEF_VAL, defValue);
-                  deflist.add(defset);
+                    String defSyntax = defDesc.getSyntax();
+                    String defConstraint = defDesc.getConstraint();
+                    String defValueName = defDesc.getDescription(locale);
+                    String defValue = null;
+
+                    defset.set(ARG_DEF_ID, defName);
+                    defset.set(ARG_DEF_SYNTAX, defSyntax);
+                    defset.set(ARG_DEF_CONSTRAINT, defConstraint);
+                    defset.set(ARG_DEF_NAME, defValueName);
+                    defset.set(ARG_DEF_VAL, defValue);
+                    deflist.add(defset);
                 }
             }
         }
@@ -463,11 +460,11 @@ public class ProfileApproveServlet extends ProfileServlet {
 
     /**
      * Signed Audit Log Profile ID
-     *
+     * 
      * This method is called to obtain the "ProfileID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @param req HTTP request
      * @return id string containing the signed audit log message ProfileID
      */
@@ -493,14 +490,14 @@ public class ProfileApproveServlet extends ProfileServlet {
 
     /**
      * Signed Audit Log Profile Operation
-     *
+     * 
      * This method is called to obtain the "Profile Operation" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @param req HTTP request
      * @return operation string containing either OP_APPROVE, OP_DISAPPROVE,
-     *     or SIGNED_AUDIT_EMPTY_VALUE
+     *         or SIGNED_AUDIT_EMPTY_VALUE
      */
     private String auditProfileOp(HttpServletRequest req) {
         // if no signed audit object exists, bail
@@ -509,12 +506,12 @@ public class ProfileApproveServlet extends ProfileServlet {
         }
 
         if (mProfileSubId == null ||
-            mProfileSubId.equals("")) {
+                mProfileSubId.equals("")) {
             mProfileSubId = IProfileSubsystem.ID;
         }
 
         IProfileSubsystem ps = (IProfileSubsystem)
-            CMS.getSubsystem(mProfileSubId);
+                CMS.getSubsystem(mProfileSubId);
 
         if (ps == null) {
             return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -533,4 +530,3 @@ public class ProfileApproveServlet extends ProfileServlet {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java
index 4da41f7a..8581b3ca 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.profile;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 
@@ -38,10 +37,9 @@ import com.netscape.certsrv.template.ArgList;
 import com.netscape.certsrv.template.ArgSet;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
  * List all enabled profiles.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileListServlet extends ProfileServlet {
@@ -53,7 +51,7 @@ public class ProfileListServlet extends ProfileServlet {
 
     private static final String PROP_AUTHORITY_ID = "authorityId";
 
-    private String mAuthorityId = null; 
+    private String mAuthorityId = null;
 
     public ProfileListServlet() {
         super();
@@ -62,7 +60,7 @@ public class ProfileListServlet extends ProfileServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "ImportCert.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -72,7 +70,7 @@ public class ProfileListServlet extends ProfileServlet {
 
     /**
      * Process the HTTP request.
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -93,10 +91,10 @@ public class ProfileListServlet extends ProfileServlet {
                         mAuthzResourceName, "list");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -115,17 +113,17 @@ public class ProfileListServlet extends ProfileServlet {
         }
         CMS.debug("ProfileListServlet: SubId=" + mProfileSubId);
         IProfileSubsystem ps = (IProfileSubsystem)
-            CMS.getSubsystem(mProfileSubId);
+                CMS.getSubsystem(mProfileSubId);
 
         if (ps == null) {
-            CMS.debug("ProfileListServlet: ProfileSubsystem " + 
-                mProfileSubId + " not found");
+            CMS.debug("ProfileListServlet: ProfileSubsystem " +
+                    mProfileSubId + " not found");
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_INTERNAL_ERROR"));
             outputTemplate(request, response, args);
             return;
-        } 
+        }
 
         ArgList list = new ArgList();
         Enumeration e = ps.getProfileIds();
@@ -139,13 +137,13 @@ public class ProfileListServlet extends ProfileServlet {
                     profile = ps.getProfile(id);
                 } catch (EBaseException e1) {
                     // skip bad profile
-                    CMS.debug("ProfileListServlet: profile " + id + 
-                        " not found (skipped) " + e1.toString());
+                    CMS.debug("ProfileListServlet: profile " + id +
+                            " not found (skipped) " + e1.toString());
                     continue;
                 }
                 if (profile == null) {
-                    CMS.debug("ProfileListServlet: profile " + id + 
-                        " not found (skipped)");
+                    CMS.debug("ProfileListServlet: profile " + id +
+                            " not found (skipped)");
                     continue;
                 }
 
@@ -155,16 +153,16 @@ public class ProfileListServlet extends ProfileServlet {
                 ArgSet profileArgs = new ArgSet();
 
                 profileArgs.set(ARG_PROFILE_IS_ENABLED,
-                    Boolean.toString(ps.isProfileEnable(id)));
+                        Boolean.toString(ps.isProfileEnable(id)));
                 profileArgs.set(ARG_PROFILE_ENABLED_BY,
-                    ps.getProfileEnableBy(id));
+                        ps.getProfileEnableBy(id));
                 profileArgs.set(ARG_PROFILE_ID, id);
-                profileArgs.set(ARG_PROFILE_IS_VISIBLE, 
-                    Boolean.toString(profile.isVisible()));
+                profileArgs.set(ARG_PROFILE_IS_VISIBLE,
+                        Boolean.toString(profile.isVisible()));
                 profileArgs.set(ARG_PROFILE_NAME, name);
                 profileArgs.set(ARG_PROFILE_DESC, desc);
                 list.add(profileArgs);
-            
+
             }
         }
         args.set(ARG_RECORD, list);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
index 33233275..ede2416e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.profile;
 
-
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.Date;
@@ -63,10 +62,9 @@ import com.netscape.certsrv.template.ArgSet;
 import com.netscape.certsrv.util.IStatsSubsystem;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
  * This servlet approves profile-based request.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileProcessServlet extends ProfileServlet {
@@ -79,9 +77,9 @@ public class ProfileProcessServlet extends ProfileServlet {
     private Nonces mNonces = null;
 
     private final static String SIGNED_AUDIT_CERT_REQUEST_REASON =
-        "requestNotes";
+            "requestNotes";
     private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+            "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
 
     public ProfileProcessServlet() {
     }
@@ -103,9 +101,9 @@ public class ProfileProcessServlet extends ProfileServlet {
         HttpServletRequest request = cmsReq.getHttpReq();
         HttpServletResponse response = cmsReq.getHttpResp();
 
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
         if (statsSub != null) {
-          statsSub.startTiming("approval", true /* main action */);
+            statsSub.startTiming("approval", true /* main action */);
         }
 
         IAuthToken authToken = null;
@@ -119,13 +117,13 @@ public class ProfileProcessServlet extends ProfileServlet {
             } catch (EBaseException e) {
                 CMS.debug("ProfileProcessServlet: " + e.toString());
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-                args.set(ARG_ERROR_CODE, "1"); 
-                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, 
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                args.set(ARG_ERROR_CODE, "1");
+                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_AUTHENTICATION_ERROR"));
                 outputTemplate(request, response, args);
                 if (statsSub != null) {
-                  statsSub.endTiming("approval");
+                    statsSub.endTiming("approval");
                 }
                 return;
             }
@@ -138,10 +136,10 @@ public class ProfileProcessServlet extends ProfileServlet {
                         mAuthzResourceName, "approve");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -150,7 +148,7 @@ public class ProfileProcessServlet extends ProfileServlet {
                     "CMS_AUTHORIZATION_ERROR"));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
@@ -171,7 +169,7 @@ public class ProfileProcessServlet extends ProfileServlet {
             } else {
                 CMS.debug("ProfileProcessServlet:  Missing nonce");
             }
-            CMS.debug("ProfileProcessServlet:  nonceVerified="+nonceVerified);
+            CMS.debug("ProfileProcessServlet:  nonceVerified=" + nonceVerified);
             if (!nonceVerified) {
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
@@ -194,7 +192,7 @@ public class ProfileProcessServlet extends ProfileServlet {
         }
         CMS.debug("ProfileProcessServlet: SubId=" + mProfileSubId);
         IProfileSubsystem ps = (IProfileSubsystem)
-            CMS.getSubsystem(mProfileSubId);
+                CMS.getSubsystem(mProfileSubId);
 
         if (ps == null) {
             CMS.debug("ProfileProcessServlet: ProfileSubsystem not found");
@@ -203,7 +201,7 @@ public class ProfileProcessServlet extends ProfileServlet {
                     "CMS_INTERNAL_ERROR"));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
@@ -213,13 +211,13 @@ public class ProfileProcessServlet extends ProfileServlet {
 
         if (authority == null) {
             CMS.debug("ProfileProcessServlet: Authority " + mAuthorityId +
-                " not found");
+                    " not found");
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_INTERNAL_ERROR"));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
@@ -227,13 +225,13 @@ public class ProfileProcessServlet extends ProfileServlet {
 
         if (queue == null) {
             CMS.debug("ProfileProcessServlet: Request Queue of " +
-                mAuthorityId + " not found");
+                    mAuthorityId + " not found");
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_INTERNAL_ERROR"));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
@@ -247,7 +245,7 @@ public class ProfileProcessServlet extends ProfileServlet {
                     "CMS_REQUEST_ID_NOT_FOUND"));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
@@ -259,8 +257,8 @@ public class ProfileProcessServlet extends ProfileServlet {
             req = queue.findRequest(new RequestId(requestId));
         } catch (EBaseException e) {
             // request not found
-            CMS.debug("ProfileProcessServlet: request not found requestId=" + 
-                requestId + " " + e.toString());
+            CMS.debug("ProfileProcessServlet: request not found requestId=" +
+                    requestId + " " + e.toString());
         }
         if (req == null) {
             args.set(ARG_ERROR_CODE, "1");
@@ -268,12 +266,12 @@ public class ProfileProcessServlet extends ProfileServlet {
                     "CMS_REQUEST_NOT_FOUND", requestId));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
 
-	// check if the request is in one of the terminal states
+        // check if the request is in one of the terminal states
         if (!req.getRequestStatus().equals(RequestStatus.PENDING)) {
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
@@ -281,7 +279,7 @@ public class ProfileProcessServlet extends ProfileServlet {
             args.set(ARG_REQUEST_ID, requestId);
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
@@ -296,7 +294,7 @@ public class ProfileProcessServlet extends ProfileServlet {
                     "CMS_PROFILE_ID_NOT_FOUND"));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
@@ -309,20 +307,19 @@ public class ProfileProcessServlet extends ProfileServlet {
                     "CMS_OP_NOT_FOUND"));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
 
-
         IProfile profile = null;
 
         try {
             profile = ps.getProfile(profileId);
         } catch (EProfileException e) {
             // profile not found
-            CMS.debug("ProfileProcessServlet: profile not found " + 
-                " " + " profileId=" + profileId + " " + e.toString());
+            CMS.debug("ProfileProcessServlet: profile not found " +
+                    " " + " profileId=" + profileId + " " + e.toString());
         }
         if (profile == null) {
             args.set(ARG_ERROR_CODE, "1");
@@ -330,7 +327,7 @@ public class ProfileProcessServlet extends ProfileServlet {
                     "CMS_PROFILE_NOT_FOUND", profileId));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
@@ -348,12 +345,11 @@ public class ProfileProcessServlet extends ProfileServlet {
                     "CMS_PROFILE_ID_NOT_ENABLED"));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
 
-
         args.set(ARG_ERROR_CODE, "0");
         args.set(ARG_ERROR_REASON, "");
 
@@ -375,7 +371,7 @@ public class ProfileProcessServlet extends ProfileServlet {
                         args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION"));
                         outputTemplate(request, response, args);
                         if (statsSub != null) {
-                          statsSub.endTiming("approval");
+                            statsSub.endTiming("approval");
                         }
                         return;
                     }
@@ -414,14 +410,14 @@ public class ProfileProcessServlet extends ProfileServlet {
                     args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION"));
                     outputTemplate(request, response, args);
                     if (statsSub != null) {
-                      statsSub.endTiming("approval");
+                        statsSub.endTiming("approval");
                     }
                     return;
                 }
             }
 
             // commit request to the storage
-            if (!op.equals("validate")) { 
+            if (!op.equals("validate")) {
                 try {
                     if (op.equals("approve")) {
                         queue.markAsServiced(req);
@@ -429,40 +425,40 @@ public class ProfileProcessServlet extends ProfileServlet {
                         queue.updateRequest(req);
                     }
                 } catch (EBaseException e) {
-                    CMS.debug("ProfileProcessServlet: Request commit error " + 
-                        e.toString());
+                    CMS.debug("ProfileProcessServlet: Request commit error " +
+                            e.toString());
                     // save request to disk
                     args.set(ARG_ERROR_CODE, "1");
                     args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                             "CMS_INTERNAL_ERROR"));
                     outputTemplate(request, response, args);
                     if (statsSub != null) {
-                      statsSub.endTiming("approval");
+                        statsSub.endTiming("approval");
                     }
                     return;
                 }
             }
         } catch (ERejectException e) {
-            CMS.debug("ProfileProcessServlet: execution rejected " + 
-                e.toString());
+            CMS.debug("ProfileProcessServlet: execution rejected " +
+                    e.toString());
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_PROFILE_REJECTED", e.toString()));
         } catch (EDeferException e) {
-            CMS.debug("ProfileProcessServlet: execution defered " + 
-                e.toString());
+            CMS.debug("ProfileProcessServlet: execution defered " +
+                    e.toString());
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_PROFILE_DEFERRED", e.toString()));
         } catch (EPropertyException e) {
-            CMS.debug("ProfileProcessServlet: execution error " + 
-                e.toString());
+            CMS.debug("ProfileProcessServlet: execution error " +
+                    e.toString());
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_PROFILE_PROPERTY_ERROR", e.toString()));
         } catch (EProfileException e) {
-            CMS.debug("ProfileProcessServlet: execution error " + 
-                e.toString());
+            CMS.debug("ProfileProcessServlet: execution error " +
+                    e.toString());
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_INTERNAL_ERROR"));
@@ -475,15 +471,15 @@ public class ProfileProcessServlet extends ProfileServlet {
         args.set(ARG_PROFILE_ID, profileId);
         outputTemplate(request, response, args);
         if (statsSub != null) {
-          statsSub.endTiming("approval");
+            statsSub.endTiming("approval");
         }
     }
- 
+
     public boolean grantPermission(IRequest req, IAuthToken token) {
 
         try {
             boolean enable = CMS.getConfigStore().getBoolean("request.assignee.enable",
-              false);
+                    false);
             if (!enable)
                 return true;
             String owner = req.getRequestOwner();
@@ -496,32 +492,32 @@ public class ProfileProcessServlet extends ProfileServlet {
                 return true;
         } catch (Exception e) {
         }
-   
+
         return false;
     }
 
     /**
      * Check if the request creation time is older than the profile
-     * lastModified attribute. 
+     * lastModified attribute.
      */
-    protected void checkProfileVersion(IProfile profile, IRequest req, 
-        Locale locale) throws EProfileException {
+    protected void checkProfileVersion(IProfile profile, IRequest req,
+            Locale locale) throws EProfileException {
         IConfigStore profileConfig = profile.getConfigStore();
         if (profileConfig != null) {
             String lastModified = null;
             try {
-              lastModified = profileConfig.getString("lastModified","");
+                lastModified = profileConfig.getString("lastModified", "");
             } catch (EBaseException e) {
-              CMS.debug(e.toString());
-              throw new EProfileException( e.toString() );
+                CMS.debug(e.toString());
+                throw new EProfileException(e.toString());
             }
             if (!lastModified.equals("")) {
                 Date profileModifiedAt = new Date(Long.parseLong(lastModified));
-                CMS.debug("ProfileProcessServlet: Profile Last Modified=" + 
-                  profileModifiedAt);
+                CMS.debug("ProfileProcessServlet: Profile Last Modified=" +
+                        profileModifiedAt);
                 Date reqCreatedAt = req.getCreationTime();
-                CMS.debug("ProfileProcessServlet: Request Created At=" + 
-                   reqCreatedAt);
+                CMS.debug("ProfileProcessServlet: Request Created At=" +
+                        reqCreatedAt);
                 if (profileModifiedAt.after(reqCreatedAt)) {
                     CMS.debug("Profile Newer Than Request");
                     throw new ERejectException("Profile Newer Than Request");
@@ -531,18 +527,18 @@ public class ProfileProcessServlet extends ProfileServlet {
     }
 
     protected void assignRequest(ServletRequest request, ArgSet args,
-        IRequest req, 
-        IRequestQueue queue, IProfile profile, Locale locale)
-        throws EProfileException {
+            IRequest req,
+            IRequestQueue queue, IProfile profile, Locale locale)
+            throws EProfileException {
 
         String id = auditSubjectID();
         req.setRequestOwner(id);
     }
 
     protected void unassignRequest(ServletRequest request, ArgSet args,
-        IRequest req, 
-        IRequestQueue queue, IProfile profile, Locale locale)
-        throws EProfileException {
+            IRequest req,
+            IRequestQueue queue, IProfile profile, Locale locale)
+            throws EProfileException {
 
         req.setRequestOwner("");
     }
@@ -551,14 +547,13 @@ public class ProfileProcessServlet extends ProfileServlet {
      * Cancel request
      * <P>
      * 
-     * (Certificate Request Processed - a manual "agent" profile based cert
-     *  cancellation)
+     * (Certificate Request Processed - a manual "agent" profile based cert cancellation)
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
-     * certificate request has just been through the approval process
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
      * </ul>
+     * 
      * @param request the servlet request
      * @param args argument set
      * @param req the certificate request
@@ -566,12 +561,12 @@ public class ProfileProcessServlet extends ProfileServlet {
      * @param profile this profile
      * @param locale the system locale
      * @exception EProfileException an error related to this profile has
-     * occurred
+     *                occurred
      */
     protected void cancelRequest(ServletRequest request, ArgSet args,
-        IRequest req, 
-        IRequestQueue queue, IProfile profile, Locale locale)
-        throws EProfileException {
+            IRequest req,
+            IRequestQueue queue, IProfile profile, Locale locale)
+            throws EProfileException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditRequesterID = auditRequesterID(req);
@@ -608,14 +603,13 @@ public class ProfileProcessServlet extends ProfileServlet {
      * Reject request
      * <P>
      * 
-     * (Certificate Request Processed - a manual "agent" profile based cert
-     *  rejection)
+     * (Certificate Request Processed - a manual "agent" profile based cert rejection)
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
-     * certificate request has just been through the approval process
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
      * </ul>
+     * 
      * @param request the servlet request
      * @param args argument set
      * @param req the certificate request
@@ -623,12 +617,12 @@ public class ProfileProcessServlet extends ProfileServlet {
      * @param profile this profile
      * @param locale the system locale
      * @exception EProfileException an error related to this profile has
-     * occurred
+     *                occurred
      */
     protected void rejectRequest(ServletRequest request, ArgSet args,
-        IRequest req, 
-        IRequestQueue queue, IProfile profile, Locale locale) 
-        throws EProfileException {
+            IRequest req,
+            IRequestQueue queue, IProfile profile, Locale locale)
+            throws EProfileException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditRequesterID = auditRequesterID(req);
@@ -665,14 +659,13 @@ public class ProfileProcessServlet extends ProfileServlet {
      * Approve request
      * <P>
      * 
-     * (Certificate Request Processed - a manual "agent" profile based cert
-     *  acceptance)
+     * (Certificate Request Processed - a manual "agent" profile based cert acceptance)
      * <P>
      * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
-     * certificate request has just been through the approval process
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
      * </ul>
+     * 
      * @param request the servlet request
      * @param args argument set
      * @param req the certificate request
@@ -680,12 +673,12 @@ public class ProfileProcessServlet extends ProfileServlet {
      * @param profile this profile
      * @param locale the system locale
      * @exception EProfileException an error related to this profile has
-     * occurred
+     *                occurred
      */
-    protected void approveRequest(ServletRequest request, ArgSet args, 
-        IRequest req, 
-        IRequestQueue queue, IProfile profile, Locale locale) 
-        throws EProfileException {
+    protected void approveRequest(ServletRequest request, ArgSet args,
+            IRequest req,
+            IRequestQueue queue, IProfile profile, Locale locale)
+            throws EProfileException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditRequesterID = auditRequesterID(req);
@@ -709,33 +702,33 @@ public class ProfileProcessServlet extends ProfileServlet {
                         while (outputNames.hasMoreElements()) {
                             ArgSet outputset = new ArgSet();
                             String outputName =
-                                outputNames.nextElement();
+                                    outputNames.nextElement();
                             IDescriptor outputDesc =
-                                profileOutput.getValueDescriptor(locale,
-                                    outputName);
+                                    profileOutput.getValueDescriptor(locale,
+                                            outputName);
 
                             if (outputDesc == null)
                                 continue;
                             String outputSyntax = outputDesc.getSyntax();
                             String outputConstraint =
-                                outputDesc.getConstraint();
+                                    outputDesc.getConstraint();
                             String outputValueName =
-                                outputDesc.getDescription(locale);
+                                    outputDesc.getDescription(locale);
                             String outputValue = null;
 
                             try {
                                 outputValue = profileOutput.getValue(
-                                            outputName, 
+                                            outputName,
                                             locale, req);
                             } catch (EProfileException e) {
                                 CMS.debug("ProfileSubmitServlet: " +
-                                    e.toString());
+                                        e.toString());
                             }
 
                             outputset.set(ARG_OUTPUT_ID, outputName);
                             outputset.set(ARG_OUTPUT_SYNTAX, outputSyntax);
                             outputset.set(ARG_OUTPUT_CONSTRAINT,
-                                outputConstraint);
+                                    outputConstraint);
                             outputset.set(ARG_OUTPUT_NAME, outputValueName);
                             outputset.set(ARG_OUTPUT_VAL, outputValue);
                             outputlist.add(outputset);
@@ -775,13 +768,12 @@ public class ProfileProcessServlet extends ProfileServlet {
             CMS.debug("ProfileProcessServlet: about to throw EProfileException because of bad profile execute.");
             throw new EProfileException(eAudit1.toString());
 
-            
         }
     }
 
-    protected void updateValues(ServletRequest request, IRequest req, 
-        IRequestQueue queue, IProfile profile, Locale locale)
-        throws ERejectException, EDeferException, EPropertyException {
+    protected void updateValues(ServletRequest request, IRequest req,
+            IRequestQueue queue, IProfile profile, Locale locale)
+            throws ERejectException, EDeferException, EPropertyException {
         String profileSetId = req.getExtDataInString("profileSetId");
 
         Enumeration policies = profile.getProfilePolicies(profileSetId);
@@ -813,17 +805,17 @@ public class ProfileProcessServlet extends ProfileServlet {
         }
     }
 
-    protected void validate(Locale locale, int count, 
-        IProfilePolicy policy, IRequest req, ServletRequest request) 
-        throws ERejectException, EDeferException {
+    protected void validate(Locale locale, int count,
+            IProfilePolicy policy, IRequest req, ServletRequest request)
+            throws ERejectException, EDeferException {
         IPolicyConstraint con = policy.getConstraint();
 
         con.validate(req);
     }
 
-    protected void setValue(Locale locale, int count, 
-        IProfilePolicy policy, IRequest req, ServletRequest request) 
-        throws EPropertyException {
+    protected void setValue(Locale locale, int count,
+            IProfilePolicy policy, IRequest req, ServletRequest request)
+            throws EPropertyException {
         // handle default policy
         IPolicyDefault def = policy.getDefault();
         Enumeration defNames = def.getValueNames();
@@ -838,11 +830,11 @@ public class ProfileProcessServlet extends ProfileServlet {
 
     /**
      * Signed Audit Log Requester ID
-     *
+     * 
      * This method is called to obtain the "RequesterID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @param request the actual request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -868,11 +860,11 @@ public class ProfileProcessServlet extends ProfileServlet {
 
     /**
      * Signed Audit Log Info Value
-     *
+     * 
      * This method is called to obtain the "reason" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @param request the actual request
      * @return reason string containing the signed audit log message reason
      */
@@ -887,7 +879,7 @@ public class ProfileProcessServlet extends ProfileServlet {
         if (request != null) {
             // overwrite "reason" if and only if "info" != null
             String info =
-                request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON);
+                    request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON);
 
             if (info != null) {
                 reason = info.trim();
@@ -904,11 +896,11 @@ public class ProfileProcessServlet extends ProfileServlet {
 
     /**
      * Signed Audit Log Info Certificate Value
-     *
+     * 
      * This method is called to obtain the certificate from the passed in
      * "X509CertImpl" for a signed audit log message.
      * <P>
-     *
+     * 
      * @param x509cert an X509CertImpl
      * @return cert string containing the certificate
      */
@@ -941,7 +933,7 @@ public class ProfileProcessServlet extends ProfileServlet {
             // extract all line separators from the "base64Data"
             StringBuffer sb = new StringBuffer();
             for (int i = 0; i < base64Data.length(); i++) {
-                  if (!Character.isWhitespace(base64Data.charAt(i))) {
+                if (!Character.isWhitespace(base64Data.charAt(i))) {
                     sb.append(base64Data.charAt(i));
                 }
             }
@@ -961,4 +953,3 @@ public class ProfileProcessServlet extends ProfileServlet {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java
index 00840dd8..11aaa749 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.profile;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Random;
@@ -54,10 +53,9 @@ import com.netscape.certsrv.template.ArgList;
 import com.netscape.certsrv.template.ArgSet;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
  * This servlet allows reviewing of profile-based request.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileReviewServlet extends ProfileServlet {
@@ -69,7 +67,7 @@ public class ProfileReviewServlet extends ProfileServlet {
 
     private static final String PROP_AUTHORITY_ID = "authorityId";
 
-    private String mAuthorityId = null; 
+    private String mAuthorityId = null;
     private Random mRandom = null;
     private Nonces mNonces = null;
 
@@ -79,7 +77,7 @@ public class ProfileReviewServlet extends ProfileServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "ImportCert.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -101,7 +99,7 @@ public class ProfileReviewServlet extends ProfileServlet {
      * <ul>
      * <li>http.param requestId the ID of the profile to review
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -120,13 +118,13 @@ public class ProfileReviewServlet extends ProfileServlet {
             } catch (EBaseException e) {
                 CMS.debug("ReviewReqServlet: " + e.toString());
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-                args.set(ARG_ERROR_CODE, "1"); 
-                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, 
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                args.set(ARG_ERROR_CODE, "1");
+                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_AUTHENTICATION_ERROR"));
                 outputTemplate(request, response, args);
                 return;
-            }    
+            }
         }
 
         AuthzToken authzToken = null;
@@ -136,15 +134,15 @@ public class ProfileReviewServlet extends ProfileServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
-            args.set(ARG_ERROR_CODE, "1"); 
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, 
+            args.set(ARG_ERROR_CODE, "1");
+            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_AUTHORIZATION_ERROR"));
             outputTemplate(request, response, args);
             return;
@@ -158,7 +156,7 @@ public class ProfileReviewServlet extends ProfileServlet {
         }
         CMS.debug("ProfileReviewServlet: SubId=" + mProfileSubId);
         IProfileSubsystem ps = (IProfileSubsystem)
-            CMS.getSubsystem(mProfileSubId);
+                CMS.getSubsystem(mProfileSubId);
 
         if (ps == null) {
             CMS.debug("ProfileReviewServlet: ProfileSubsystem not found");
@@ -174,7 +172,7 @@ public class ProfileReviewServlet extends ProfileServlet {
 
         if (authority == null) {
             CMS.debug("ProfileReviewServlet: Authority " + mAuthorityId +
-                " not found");
+                    " not found");
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_INTERNAL_ERROR"));
@@ -185,7 +183,7 @@ public class ProfileReviewServlet extends ProfileServlet {
 
         if (queue == null) {
             CMS.debug("ProfileReviewServlet: Request Queue of " +
-                mAuthorityId + " not found");
+                    mAuthorityId + " not found");
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_INTERNAL_ERROR"));
@@ -201,8 +199,8 @@ public class ProfileReviewServlet extends ProfileServlet {
             req = queue.findRequest(new RequestId(requestId));
         } catch (EBaseException e) {
             // request not found
-            CMS.debug("ProfileReviewServlet: request not found requestId=" + 
-                requestId + " " + e.toString());
+            CMS.debug("ProfileReviewServlet: request not found requestId=" +
+                    requestId + " " + e.toString());
         }
         if (req == null) {
             args.set(ARG_ERROR_CODE, "1");
@@ -214,16 +212,16 @@ public class ProfileReviewServlet extends ProfileServlet {
 
         String profileId = req.getExtDataInString("profileId");
 
-        CMS.debug("ProfileReviewServlet: requestId=" + 
-            requestId + " profileId=" + profileId);
+        CMS.debug("ProfileReviewServlet: requestId=" +
+                requestId + " profileId=" + profileId);
         IProfile profile = null;
 
         try {
             profile = ps.getProfile(profileId);
         } catch (EProfileException e) {
             // profile not found
-            CMS.debug("ProfileReviewServlet: profile not found requestId=" + 
-                requestId + " profileId=" + profileId + " " + e.toString());
+            CMS.debug("ProfileReviewServlet: profile not found requestId=" +
+                    requestId + " profileId=" + profileId + " " + e.toString());
         }
         if (profile == null) {
             args.set(ARG_ERROR_CODE, "1");
@@ -232,27 +230,27 @@ public class ProfileReviewServlet extends ProfileServlet {
             outputTemplate(request, response, args);
             return;
         }
-		
+
         String profileSetId = req.getExtDataInString("profileSetId");
 
         CMS.debug("ProfileReviewServlet: profileSetId=" + profileSetId);
-        Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0)?
-                                 profile.getProfilePolicyIds(profileSetId): null;
+        Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0) ?
+                                 profile.getProfilePolicyIds(profileSetId) : null;
         int count = 0;
         ArgList list = new ArgList();
 
         if (policyIds != null) {
-            while (policyIds.hasMoreElements()) { 
+            while (policyIds.hasMoreElements()) {
                 String id = (String) policyIds.nextElement();
                 IProfilePolicy policy = (IProfilePolicy)
-                    profile.getProfilePolicy(req.getExtDataInString("profileSetId"),
-                        id);
+                        profile.getProfilePolicy(req.getExtDataInString("profileSetId"),
+                                id);
 
                 // (3) query all the profile policies
                 // (4) default plugins convert request parameters into string
                 //     http parameters
                 handlePolicy(list, response, locale,
-                    id, policy, req);
+                        id, policy, req);
                 count++;
             }
         }
@@ -269,34 +267,34 @@ public class ProfileReviewServlet extends ProfileServlet {
         args.set(ARG_REQUEST_TYPE, req.getRequestType());
         args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString());
         if (req.getRequestOwner() == null) {
-          args.set(ARG_REQUEST_OWNER, "");
+            args.set(ARG_REQUEST_OWNER, "");
         } else {
-          args.set(ARG_REQUEST_OWNER, req.getRequestOwner());
+            args.set(ARG_REQUEST_OWNER, req.getRequestOwner());
         }
         args.set(ARG_REQUEST_CREATION_TIME, req.getCreationTime().toString());
-        args.set(ARG_REQUEST_MODIFICATION_TIME, 	
-            req.getModificationTime().toString());
+        args.set(ARG_REQUEST_MODIFICATION_TIME,
+                req.getModificationTime().toString());
 
         args.set(ARG_PROFILE_ID, profileId);
-        args.set(ARG_PROFILE_APPROVED_BY, 
-            req.getExtDataInString("profileApprovedBy"));
+        args.set(ARG_PROFILE_APPROVED_BY,
+                req.getExtDataInString("profileApprovedBy"));
         args.set(ARG_PROFILE_SET_ID, req.getExtDataInString("profileSetId"));
         if (profile.isVisible()) {
-          args.set(ARG_PROFILE_IS_VISIBLE, "true");
+            args.set(ARG_PROFILE_IS_VISIBLE, "true");
         } else {
-          args.set(ARG_PROFILE_IS_VISIBLE, "false");
+            args.set(ARG_PROFILE_IS_VISIBLE, "false");
         }
         args.set(ARG_PROFILE_NAME, profile.getName(locale));
         args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
-        args.set(ARG_PROFILE_REMOTE_HOST, 
-            req.getExtDataInString("profileRemoteHost"));
-        args.set(ARG_PROFILE_REMOTE_ADDR, 
-            req.getExtDataInString("profileRemoteAddr"));
+        args.set(ARG_PROFILE_REMOTE_HOST,
+                req.getExtDataInString("profileRemoteHost"));
+        args.set(ARG_PROFILE_REMOTE_ADDR,
+                req.getExtDataInString("profileRemoteAddr"));
         if (req.getExtDataInString("requestNotes") == null) {
             args.set(ARG_REQUEST_NOTES, "");
         } else {
-            args.set(ARG_REQUEST_NOTES, 
-                req.getExtDataInString("requestNotes"));
+            args.set(ARG_REQUEST_NOTES,
+                    req.getExtDataInString("requestNotes"));
         }
 
         args.set(ARG_RECORD, list);
@@ -358,7 +356,7 @@ public class ProfileReviewServlet extends ProfileServlet {
             while (outputIds.hasMoreElements()) {
                 String outputId = (String) outputIds.nextElement();
                 IProfileOutput profileOutput = profile.getProfileOutput(outputId
-                    );
+                        );
 
                 Enumeration outputNames = profileOutput.getValueNames();
 
@@ -366,9 +364,9 @@ public class ProfileReviewServlet extends ProfileServlet {
                     while (outputNames.hasMoreElements()) {
                         ArgSet outputset = new ArgSet();
                         String outputName = (String) outputNames.nextElement
-                            ();
+                                ();
                         IDescriptor outputDesc =
-                            profileOutput.getValueDescriptor(locale, outputName);
+                                profileOutput.getValueDescriptor(locale, outputName);
 
                         if (outputDesc == null)
                             continue;
@@ -382,7 +380,7 @@ public class ProfileReviewServlet extends ProfileServlet {
                                         locale, req);
                         } catch (EProfileException e) {
                             CMS.debug("ProfileSubmitServlet: " + e.toString(
-                                ));
+                                    ));
                         }
 
                         outputset.set(ARG_OUTPUT_ID, outputName);
@@ -401,9 +399,9 @@ public class ProfileReviewServlet extends ProfileServlet {
         outputTemplate(request, response, args);
     }
 
-    private void handlePolicy(ArgList list, ServletResponse response, 
-        Locale locale, String id, IProfilePolicy policy, 
-        IRequest req) {
+    private void handlePolicy(ArgList list, ServletResponse response,
+            Locale locale, String id, IProfilePolicy policy,
+            IRequest req) {
         ArgSet set = new ArgSet();
 
         set.set(ARG_POLICY_ID, id);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java
index 813af8f6..462c628b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.profile;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 
@@ -48,10 +47,9 @@ import com.netscape.certsrv.template.ArgList;
 import com.netscape.certsrv.template.ArgSet;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
  * Retrieve detailed information of a particular profile.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileSelectServlet extends ProfileServlet {
@@ -61,7 +59,7 @@ public class ProfileSelectServlet extends ProfileServlet {
      */
     private static final long serialVersionUID = -3765390650830903602L;
     private static final String PROP_AUTHORITY_ID = "authorityId";
-    private String mAuthorityId = null; 
+    private String mAuthorityId = null;
 
     public ProfileSelectServlet() {
     }
@@ -76,7 +74,7 @@ public class ProfileSelectServlet extends ProfileServlet {
      * <ul>
      * <li>http.param profileId the id of the profile to select
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -96,7 +94,7 @@ public class ProfileSelectServlet extends ProfileServlet {
             } catch (EBaseException e) {
                 CMS.debug("ProcessReqServlet: " + e.toString());
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_AUTHENTICATION_ERROR"));
@@ -112,10 +110,10 @@ public class ProfileSelectServlet extends ProfileServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -134,7 +132,7 @@ public class ProfileSelectServlet extends ProfileServlet {
         }
         CMS.debug("ProfileSelectServlet: SubId=" + mProfileSubId);
         IProfileSubsystem ps = (IProfileSubsystem)
-            CMS.getSubsystem(mProfileSubId);
+                CMS.getSubsystem(mProfileSubId);
 
         if (ps == null) {
             CMS.debug("ProfileSelectServlet: ProfileSubsystem not found");
@@ -150,7 +148,7 @@ public class ProfileSelectServlet extends ProfileServlet {
 
         if (authority == null) {
             CMS.debug("ProfileSelectServlet: Authority " + mAuthorityId +
-                " not found");
+                    " not found");
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_INTERNAL_ERROR"));
@@ -161,7 +159,7 @@ public class ProfileSelectServlet extends ProfileServlet {
 
         if (queue == null) {
             CMS.debug("ProfileSelectServlet: Request Queue of " +
-                mAuthorityId + " not found");
+                    mAuthorityId + " not found");
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_INTERNAL_ERROR"));
@@ -179,8 +177,8 @@ public class ProfileSelectServlet extends ProfileServlet {
             profile = ps.getProfile(profileId);
         } catch (EProfileException e) {
             // profile not found
-            CMS.debug("ProfileSelectServlet: profile not found profileId=" + 
-                profileId + " " + e.toString());
+            CMS.debug("ProfileSelectServlet: profile not found profileId=" +
+                    profileId + " " + e.toString());
         }
         if (profile == null) {
             args.set(ARG_ERROR_CODE, "1");
@@ -189,7 +187,7 @@ public class ProfileSelectServlet extends ProfileServlet {
             outputTemplate(request, response, args);
             return;
         }
-		
+
         ArgList setlist = new ArgList();
         Enumeration policySetIds = profile.getProfilePolicySetIds();
 
@@ -204,13 +202,13 @@ public class ProfileSelectServlet extends ProfileServlet {
                     while (policyIds.hasMoreElements()) {
                         String id = (String) policyIds.nextElement();
                         IProfilePolicy policy = (IProfilePolicy)
-                            profile.getProfilePolicy(setId, id);
+                                profile.getProfilePolicy(setId, id);
 
                         // (3) query all the profile policies
                         // (4) default plugins convert request parameters into string
                         //     http parameters
                         handlePolicy(list, response, locale,
-                            id, policy);
+                                id, policy);
                     }
                 }
                 ArgSet setArg = new ArgSet();
@@ -224,29 +222,29 @@ public class ProfileSelectServlet extends ProfileServlet {
 
         args.set(ARG_PROFILE_ID, profileId);
         args.set(ARG_PROFILE_IS_ENABLED,
-            Boolean.toString(ps.isProfileEnable(profileId)));
+                Boolean.toString(ps.isProfileEnable(profileId)));
         args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId));
         args.set(ARG_PROFILE_NAME, profile.getName(locale));
-        args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); 
-        args.set(ARG_PROFILE_IS_VISIBLE, 
-            Boolean.toString(profile.isVisible()));
+        args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
+        args.set(ARG_PROFILE_IS_VISIBLE,
+                Boolean.toString(profile.isVisible()));
         args.set(ARG_ERROR_CODE, "0");
         args.set(ARG_ERROR_REASON, "");
 
         try {
-          boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false);
-          if (keyArchivalEnabled == true) {
-            CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true");
-
-            // output transport certificate if present
-            args.set("transportCert", 
-            CMS.getConfigStore().getString("ca.connector.KRA.transportCert", ""));
-          } else {
-            CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false");
-            args.set("transportCert",  "");
-          }
+            boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false);
+            if (keyArchivalEnabled == true) {
+                CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true");
+
+                // output transport certificate if present
+                args.set("transportCert",
+                        CMS.getConfigStore().getString("ca.connector.KRA.transportCert", ""));
+            } else {
+                CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false");
+                args.set("transportCert", "");
+            }
         } catch (EBaseException e) {
-          CMS.debug("ProfileSelectServlet: exception caught:"+e.toString());
+            CMS.debug("ProfileSelectServlet: exception caught:" + e.toString());
         }
 
         // build authentication
@@ -259,7 +257,7 @@ public class ProfileSelectServlet extends ProfileServlet {
             // authenticator not installed correctly
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_AUTHENTICATION_MANAGER_NOT_FOUND", 	
+                    "CMS_AUTHENTICATION_MANAGER_NOT_FOUND",
                     profile.getAuthenticatorId()));
             outputTemplate(request, response, args);
             return;
@@ -272,8 +270,8 @@ public class ProfileSelectServlet extends ProfileServlet {
                 while (authNames.hasMoreElements()) {
                     ArgSet authset = new ArgSet();
                     String authName = (String) authNames.nextElement();
-                    IDescriptor authDesc = 
-                        authenticator.getValueDescriptor(locale, authName);
+                    IDescriptor authDesc =
+                            authenticator.getValueDescriptor(locale, authName);
 
                     if (authDesc == null)
                         continue;
@@ -291,8 +289,8 @@ public class ProfileSelectServlet extends ProfileServlet {
             args.set(ARG_AUTH_LIST, authlist);
             args.set(ARG_AUTH_NAME, authenticator.getName(locale));
             args.set(ARG_AUTH_DESC, authenticator.getText(locale));
-            args.set(ARG_AUTH_IS_SSL, 
-                Boolean.toString(authenticator.isSSLClientRequired()));
+            args.set(ARG_AUTH_IS_SSL,
+                    Boolean.toString(authenticator.isSSLClientRequired()));
         }
 
         // build input list
@@ -309,10 +307,10 @@ public class ProfileSelectServlet extends ProfileServlet {
 
                     ArgSet inputpluginset = new ArgSet();
                     inputpluginset.set(ARG_INPUT_PLUGIN_ID, inputId);
-                    inputpluginset.set(ARG_INPUT_PLUGIN_NAME, 
-                        profileInput.getName(locale));
-                    inputpluginset.set(ARG_INPUT_PLUGIN_DESC, 
-                        profileInput.getText(locale));
+                    inputpluginset.set(ARG_INPUT_PLUGIN_NAME,
+                            profileInput.getName(locale));
+                    inputpluginset.set(ARG_INPUT_PLUGIN_DESC,
+                            profileInput.getText(locale));
                     inputPluginlist.add(inputpluginset);
 
                     Enumeration inputNames = profileInput.getValueNames();
@@ -352,8 +350,8 @@ public class ProfileSelectServlet extends ProfileServlet {
         outputTemplate(request, response, args);
     }
 
-    private void handlePolicy(ArgList list, ServletResponse response, 
-        Locale locale, String id, IProfilePolicy policy) {
+    private void handlePolicy(ArgList list, ServletResponse response,
+            Locale locale, String id, IProfilePolicy policy) {
         ArgSet set = new ArgSet();
 
         set.set(ARG_POLICY_ID, id);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
index 46f3797d..368e3659 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.profile;
 
-
 import java.io.BufferedReader;
 import java.io.ByteArrayOutputStream;
 import java.io.FileReader;
@@ -46,10 +45,9 @@ import com.netscape.cms.servlet.base.UserInfo;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.Utils;
 
-
 /**
  * This servlet is the base class of all profile servlets.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileServlet extends CMSServlet {
@@ -67,12 +65,12 @@ public class ProfileServlet extends CMSServlet {
     public final static String ARG_REQUEST_ID = "requestId";
     public final static String ARG_REQUEST_TYPE = "requestType";
     public final static String ARG_REQUEST_STATUS = "requestStatus";
-    public final static String ARG_REQUEST_OWNER = 
-        "requestOwner";
-    public final static String ARG_REQUEST_CREATION_TIME = 
-        "requestCreationTime";
-    public final static String ARG_REQUEST_MODIFICATION_TIME = 
-        "requestModificationTime";
+    public final static String ARG_REQUEST_OWNER =
+            "requestOwner";
+    public final static String ARG_REQUEST_CREATION_TIME =
+            "requestCreationTime";
+    public final static String ARG_REQUEST_MODIFICATION_TIME =
+            "requestModificationTime";
     public final static String ARG_REQUEST_NONCE = "nonce";
 
     public final static String ARG_AUTH_ID = "authId";
@@ -166,15 +164,15 @@ public class ProfileServlet extends CMSServlet {
         super();
     }
 
-	/**
+    /**
      * initialize the servlet. Servlets implementing this method
      * must specify the template to use as a parameter called
      * "templatePath" in the servletConfig
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
 
-    public void init(ServletConfig sc) throws ServletException { 
+    public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
         mTemplate = sc.getServletContext().getRealPath(
                     sc.getInitParameter(PROP_TEMPLATE));
@@ -193,47 +191,44 @@ public class ProfileServlet extends CMSServlet {
         }
     }
 
-    protected String escapeXML(String v)
-    {
-       if (v == null) {
-         return "";
-       }
-       v = v.replaceAll("&", "&amp;");
-       return v;
+    protected String escapeXML(String v) {
+        if (v == null) {
+            return "";
+        }
+        v = v.replaceAll("&", "&amp;");
+        return v;
     }
 
-    protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v)
-    {
-            ps.println("<" + name + ">");
-            if (v != null) {
-              if (v instanceof ArgList) {
-                 ArgList list = (ArgList)v;
-                 ps.println("<list>");
-                 for (int i = 0; i < list.size(); i++) {
-                   outputArgValueAsXML(ps, name, list.get(i));
-                 }
-                 ps.println("</list>");
-              } else if (v instanceof ArgString) {
-                 ArgString str = (ArgString)v;
-                 ps.println(escapeXML(str.getValue()));
-              } else if (v instanceof ArgSet) {
-                 ArgSet set = (ArgSet)v;
-                  ps.println("<set>");
-                  Enumeration names = set.getNames();
-                  while (names.hasMoreElements()) {
-                    String n = (String)names.nextElement();
+    protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) {
+        ps.println("<" + name + ">");
+        if (v != null) {
+            if (v instanceof ArgList) {
+                ArgList list = (ArgList) v;
+                ps.println("<list>");
+                for (int i = 0; i < list.size(); i++) {
+                    outputArgValueAsXML(ps, name, list.get(i));
+                }
+                ps.println("</list>");
+            } else if (v instanceof ArgString) {
+                ArgString str = (ArgString) v;
+                ps.println(escapeXML(str.getValue()));
+            } else if (v instanceof ArgSet) {
+                ArgSet set = (ArgSet) v;
+                ps.println("<set>");
+                Enumeration names = set.getNames();
+                while (names.hasMoreElements()) {
+                    String n = (String) names.nextElement();
                     outputArgValueAsXML(ps, n, set.get(n));
-                  }
-                 ps.println("</set>");
-              } else {
-                  ps.println(v);
-              }
+                }
+                ps.println("</set>");
+            } else {
+                ps.println(v);
             }
-            ps.println("</" + name + ">");
+        }
+        ps.println("</" + name + ">");
     }
 
-    protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args)
-    {
+    protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) {
         PrintStream ps = new PrintStream(bos);
         ps.println("<xml>");
         outputArgValueAsXML(ps, "output", args);
@@ -241,9 +236,9 @@ public class ProfileServlet extends CMSServlet {
         ps.flush();
     }
 
-    public void outputTemplate(HttpServletRequest request, 
+    public void outputTemplate(HttpServletRequest request,
                    HttpServletResponse response, ArgSet args)
-        throws EBaseException {
+            throws EBaseException {
 
         String xmlOutput = request.getParameter("xml");
         if (xmlOutput != null && xmlOutput.equals("true")) {
@@ -251,32 +246,31 @@ public class ProfileServlet extends CMSServlet {
             ByteArrayOutputStream bos = new ByteArrayOutputStream();
             outputThisAsXML(bos, args);
             try {
-              response.setContentLength(bos.size());
-              bos.writeTo(response.getOutputStream());
+                response.setContentLength(bos.size());
+                bos.writeTo(response.getOutputStream());
             } catch (Exception e) {
                 CMS.debug("outputTemplate error " + e);
             }
             return;
         }
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
         if (statsSub != null) {
-          statsSub.startTiming("output_template");
+            statsSub.startTiming("output_template");
         }
         BufferedReader reader = null;
         try {
             reader = new BufferedReader(
-                    new FileReader(mTemplate));		
+                    new FileReader(mTemplate));
 
             response.setContentType("text/html; charset=UTF-8");
 
             PrintWriter writer = response.getWriter();
 
-
             // output template
             String line = null;
 
             do {
-                line = reader.readLine();	
+                line = reader.readLine();
                 if (line != null) {
                     if (line.indexOf("<CMS_TEMPLATE>") == -1) {
                         writer.println(line);
@@ -287,21 +281,20 @@ public class ProfileServlet extends CMSServlet {
                         writer.println("</script>");
                     }
                 }
-            }
-            while (line != null);
+            } while (line != null);
             reader.close();
         } catch (IOException e) {
-           CMS.debug(e);
-           throw new EBaseException(e.toString());
+            CMS.debug(e);
+            throw new EBaseException(e.toString());
         } finally {
-          if (statsSub != null) {
-            statsSub.endTiming("output_template");
-          }
+            if (statsSub != null) {
+                statsSub.endTiming("output_template");
+            }
         }
     }
 
     protected void outputArgList(PrintWriter writer, String name, ArgList list)
-        throws IOException {	
+            throws IOException {
 
         String h_name = null;
 
@@ -342,27 +335,27 @@ public class ProfileServlet extends CMSServlet {
             char c = in[i];
 
             /* presumably this gives better performance */
-            if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) { 
+            if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) {
                 out[j++] = c;
                 continue;
             }
 
             /* some inputs are coming in as '\' and 'n' */
             /* see BZ 500736 for details */
-            if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' ||
-                 in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' ||
-                 in[i+1] == '<' || in[i+1] == '>' ||
-                 in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) {
-                if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' &&
-                    (in[i+3] == 'c' || in[i+3] == 'e')) {
+            if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' ||
+                    in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' ||
+                    in[i + 1] == '<' || in[i + 1] == '>' ||
+                    in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
+                if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' &&
+                        (in[i + 3] == 'c' || in[i + 3] == 'e')) {
                     out[j++] = '\\';
-                    out[j++] = in[i+1];
-                    out[j++] = in[i+2];
-                    out[j++] = in[i+3];
+                    out[j++] = in[i + 1];
+                    out[j++] = in[i + 2];
+                    out[j++] = in[i + 3];
                     i += 3;
-                } else { 
+                } else {
                     out[j++] = '\\';
-                    out[j++] = in[i+1];
+                    out[j++] = in[i + 1];
                     i++;
                 }
                 continue;
@@ -421,18 +414,18 @@ public class ProfileServlet extends CMSServlet {
     }
 
     protected void outputArgString(PrintWriter writer, String name, ArgString str)
-        throws IOException {	
+            throws IOException {
         String s = str.getValue();
 
         // sub \n with "\n"
         if (s != null) {
-            s = escapeJavaScriptString(s); 
+            s = escapeJavaScriptString(s);
         }
         writer.println(name + "=\"" + s + "\";");
     }
 
     protected void outputArgSet(PrintWriter writer, String name, ArgSet set)
-        throws IOException {	
+            throws IOException {
         Enumeration e = set.getNames();
 
         while (e.hasMoreElements()) {
@@ -456,7 +449,7 @@ public class ProfileServlet extends CMSServlet {
     }
 
     protected void outputData(PrintWriter writer, ArgSet set)
-        throws IOException {	
+            throws IOException {
         if (set == null)
             return;
         Enumeration e = set.getNames();
@@ -486,12 +479,12 @@ public class ProfileServlet extends CMSServlet {
      */
     protected void log(int event, int level, String msg) {
         mLogger.log(event, mLogCategory, level,
-            "Servlet " + mId + ": " + msg);
+                "Servlet " + mId + ": " + msg);
     }
 
     protected void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level,
-            "Servlet " + mId + ": " + msg);
+                "Servlet " + mId + ": " + msg);
     }
 
     /**
@@ -512,8 +505,7 @@ public class ProfileServlet extends CMSServlet {
     }
 
     protected void renderResult(CMSRequest cmsReq)
-        throws IOException {
+            throws IOException {
         // do nothing
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
index b00b13a9..3a2a91da 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.profile;
 
-
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.security.cert.CertificateEncodingException;
@@ -65,10 +64,9 @@ import com.netscape.cms.servlet.common.AuthCredentials;
 import com.netscape.cms.servlet.common.CMCOutputTemplate;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
  * This servlet submits end-user request into the profile framework.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileSubmitCMCServlet extends ProfileServlet {
@@ -89,27 +87,26 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
     private String requestBinary = null;
     private String requestB64 = null;
 
-    private final static String[]
-        SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
-            
-            /* 0 */ "automated profile cert request rejection:  "
+    private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
+
+    /* 0 */"automated profile cert request rejection:  "
             + "indeterminate reason for inability to process "
             + "cert request due to an EBaseException"
         };
     private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+            "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
 
     public ProfileSubmitCMCServlet() {
     }
 
     /**
-     * initialize the servlet. And instance of this servlet can 
+     * initialize the servlet. And instance of this servlet can
      * be set up to always issue certificates against a certain profile
      * by setting the 'profileId' configuration in the servletConfig
      * If not, the user must specify the profileID when submitting the request
      * 
      * "ImportCert.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -158,7 +155,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
     }
 
     public IAuthToken authenticate(IProfileAuthenticator authenticator,
-        HttpServletRequest request)  throws EBaseException {
+            HttpServletRequest request) throws EBaseException {
         AuthCredentials credentials = new AuthCredentials();
 
         // build credential
@@ -177,19 +174,19 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
         IAuthToken authToken = authenticator.authenticate(credentials);
 
         SessionContext sc = SessionContext.getContext();
-        if (sc != null) { 
-          sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); 
-          String userid = authToken.getInString(IAuthToken.USER_ID);
-          if (userid != null) { 
-            sc.put(SessionContext.USER_ID, userid); 
-          }
+        if (sc != null) {
+            sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
+            String userid = authToken.getInString(IAuthToken.USER_ID);
+            if (userid != null) {
+                sc.put(SessionContext.USER_ID, userid);
+            }
         }
 
         return authToken;
     }
 
     private void setInputsIntoRequest(HttpServletRequest request, IProfile
-profile, IRequest req) {
+            profile, IRequest req) {
         Enumeration inputIds = profile.getProfileInputIds();
 
         if (inputIds != null) {
@@ -215,15 +212,14 @@ profile, IRequest req) {
      * Process the HTTP request
      * <P>
      * 
-     * (Certificate Request Processed - either an automated "EE" profile based
-     *  cert acceptance, or an automated "EE" profile based cert rejection)
+     * (Certificate Request Processed - either an automated "EE" profile based cert acceptance, or an automated "EE" profile based cert rejection)
      * <P>
      * 
      * <ul>
      * <li>http.param profileId ID of profile to use to process request
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
-     * certificate request has just been through the approval process
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      * @exception EBaseException an error has occurred
      */
@@ -233,8 +229,8 @@ profile, IRequest req) {
 
         Locale locale = getLocale(request);
         ArgSet args = new ArgSet();
-        String cert_request_type = 
-          mServletConfig.getInitParameter("cert_request_type");
+        String cert_request_type =
+                mServletConfig.getInitParameter("cert_request_type");
         String outputFormat = mServletConfig.getInitParameter("outputFormat");
 
         int reqlen = request.getContentLength();
@@ -272,25 +268,25 @@ profile, IRequest req) {
                 // __ (double underscores); however, in the event that
                 // a security parameter slips through, we perform multiple
                 // additional checks to insure that it is NOT displayed
-                if( paramName.startsWith("__")                         ||
-                    paramName.endsWith("password")                     ||
-                    paramName.endsWith("passwd")                       ||
-                    paramName.endsWith("pwd")                          ||
-                    paramName.equalsIgnoreCase("admin_password_again") ||
-                    paramName.equalsIgnoreCase("directoryManagerPwd")  ||
-                    paramName.equalsIgnoreCase("bindpassword")         ||
-                    paramName.equalsIgnoreCase("bindpwd")              ||
-                    paramName.equalsIgnoreCase("passwd")               ||
-                    paramName.equalsIgnoreCase("password")             ||
-                    paramName.equalsIgnoreCase("pin")                  ||
-                    paramName.equalsIgnoreCase("pwd")                  ||
-                    paramName.equalsIgnoreCase("pwdagain")             ||
-                    paramName.equalsIgnoreCase("uPasswd") ) {
+                if (paramName.startsWith("__") ||
+                        paramName.endsWith("password") ||
+                        paramName.endsWith("passwd") ||
+                        paramName.endsWith("pwd") ||
+                        paramName.equalsIgnoreCase("admin_password_again") ||
+                        paramName.equalsIgnoreCase("directoryManagerPwd") ||
+                        paramName.equalsIgnoreCase("bindpassword") ||
+                        paramName.equalsIgnoreCase("bindpwd") ||
+                        paramName.equalsIgnoreCase("passwd") ||
+                        paramName.equalsIgnoreCase("password") ||
+                        paramName.equalsIgnoreCase("pin") ||
+                        paramName.equalsIgnoreCase("pwd") ||
+                        paramName.equalsIgnoreCase("pwdagain") ||
+                        paramName.equalsIgnoreCase("uPasswd")) {
                     CMS.debug("ProfileSubmitCMCServlet Input Parameter " +
                               paramName + "='(sensitive)'");
                 } else {
                     CMS.debug("ProfileSubmitCMCServlet Input Parameter " +
-                              paramName + "='" + 
+                              paramName + "='" +
                               request.getParameter(paramName) + "'");
                 }
             }
@@ -303,8 +299,8 @@ profile, IRequest req) {
             mProfileSubId = IProfileSubsystem.ID;
         }
         CMS.debug("ProfileSubmitCMCServlet: SubId=" + mProfileSubId);
-        IProfileSubsystem ps = (IProfileSubsystem) 
-            CMS.getSubsystem(mProfileSubId); 
+        IProfileSubsystem ps = (IProfileSubsystem)
+                CMS.getSubsystem(mProfileSubId);
 
         if (ps == null) {
             CMS.debug("ProfileSubmitCMCServlet: ProfileSubsystem not found");
@@ -317,7 +313,7 @@ profile, IRequest req) {
             } catch (Exception ee) {
             }
             template.createFullResponseWithFailedStatus(response, seq,
-              OtherInfo.INTERNAL_CA_ERROR, s);
+                    OtherInfo.INTERNAL_CA_ERROR, s);
             return;
         }
 
@@ -331,14 +327,14 @@ profile, IRequest req) {
             profileId = mProfileId;
         }
 
-        IProfile profile = null; 
+        IProfile profile = null;
 
-        try { 
+        try {
             CMS.debug("ProfileSubmitCMCServlet: profileId " + profileId);
-            profile = ps.getProfile(profileId); 
-        } catch (EProfileException e) { 
-            CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " + 
-                profileId + " " + e.toString());
+            profile = ps.getProfile(profileId);
+        } catch (EProfileException e) {
+            CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " +
+                    profileId + " " + e.toString());
         }
         if (profile == null) {
             CMCOutputTemplate template = new CMCOutputTemplate();
@@ -350,13 +346,13 @@ profile, IRequest req) {
             } catch (Exception ee) {
             }
             template.createFullResponseWithFailedStatus(response, seq,
-              OtherInfo.INTERNAL_CA_ERROR, s);
+                    OtherInfo.INTERNAL_CA_ERROR, s);
             return;
         }
 
         if (!ps.isProfileEnable(profileId)) {
-            CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId + 
-                " not enabled");
+            CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId +
+                    " not enabled");
             CMCOutputTemplate template = new CMCOutputTemplate();
             SEQUENCE seq = new SEQUENCE();
             seq.addElement(new INTEGER(0));
@@ -366,7 +362,7 @@ profile, IRequest req) {
             } catch (Exception ee) {
             }
             template.createFullResponseWithFailedStatus(response, seq,
-              OtherInfo.INTERNAL_CA_ERROR, s);
+                    OtherInfo.INTERNAL_CA_ERROR, s);
             return;
         }
 
@@ -386,8 +382,8 @@ profile, IRequest req) {
         if (authenticator == null) {
             CMS.debug("ProfileSubmitCMCServlet: authenticator not found");
         } else {
-            CMS.debug("ProfileSubmitCMCServlet: authenticator " + 
-                authenticator.getName() + " found");
+            CMS.debug("ProfileSubmitCMCServlet: authenticator " +
+                    authenticator.getName() + " found");
             setCredentialsIntoContext(request, authenticator, ctx);
         }
 
@@ -403,27 +399,27 @@ profile, IRequest req) {
         SessionContext context = SessionContext.getContext();
 
         // insert profile context so that input parameter can be retrieved
-        context.put("profileContext", ctx); 
-        context.put("sslClientCertProvider", 
-            new SSLClientCertProvider(request));
+        context.put("profileContext", ctx);
+        context.put("sslClientCertProvider",
+                new SSLClientCertProvider(request));
         CMS.debug("ProfileSubmitCMCServlet: set sslClientCertProvider");
-        if (authenticator != null) { 
+        if (authenticator != null) {
             try {
                 authToken = authenticate(authenticator, request);
                 // authentication success
             } catch (EBaseException e) {
                 CMCOutputTemplate template = new CMCOutputTemplate();
                 SEQUENCE seq = new SEQUENCE();
-                seq.addElement(new INTEGER(0));  
+                seq.addElement(new INTEGER(0));
                 UTF8String s = null;
                 try {
-                    s = new UTF8String(e.toString()); 
+                    s = new UTF8String(e.toString());
                 } catch (Exception ee) {
                 }
-                template.createFullResponseWithFailedStatus(response, seq, 
-                  OtherInfo.BAD_REQUEST, s); 
-                CMS.debug("ProfileSubmitCMCServlet: authentication error " + 
-                    e.toString());
+                template.createFullResponseWithFailedStatus(response, seq,
+                        OtherInfo.BAD_REQUEST, s);
+                CMS.debug("ProfileSubmitCMCServlet: authentication error " +
+                        e.toString());
                 return;
             }
 
@@ -433,9 +429,9 @@ profile, IRequest req) {
                 CMS.debug("ProfileSubmitCMCServlet authToken not null");
                 try {
                     authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "submit");
+                            mAuthzResourceName, "submit");
                 } catch (Exception e) {
-                    CMS.debug("ProfileSubmitCMCServlet authorization failure: "+e.toString());
+                    CMS.debug("ProfileSubmitCMCServlet authorization failure: " + e.toString());
                 }
             }
 
@@ -450,7 +446,7 @@ profile, IRequest req) {
                 } catch (Exception ee) {
                 }
                 template.createFullResponseWithFailedStatus(response, seq,
-                    OtherInfo.BAD_REQUEST, s);
+                        OtherInfo.BAD_REQUEST, s);
                 return;
             }
         }
@@ -473,7 +469,7 @@ profile, IRequest req) {
             } catch (Exception ee) {
             }
             template.createFullResponseWithFailedStatus(response, seq,
-              OtherInfo.INTERNAL_CA_ERROR, s);
+                    OtherInfo.INTERNAL_CA_ERROR, s);
             return;
         } catch (Throwable e) {
             CMS.debug("ProfileSubmitCMCServlet: createRequests " + e.toString());
@@ -486,17 +482,17 @@ profile, IRequest req) {
             } catch (Exception ee) {
             }
             template.createFullResponseWithFailedStatus(response, seq,
-              OtherInfo.INTERNAL_CA_ERROR, s);
+                    OtherInfo.INTERNAL_CA_ERROR, s);
             return;
         }
 
         TaggedAttribute attr =
-          (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
+                (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
         if (attr != null) {
             boolean verifyAllow = true;
             try {
                 verifyAllow = CMS.getConfigStore().getBoolean(
-                  "cmc.lraPopWitness.verify.allow", true);
+                        "cmc.lraPopWitness.verify.allow", true);
             } catch (EBaseException ee) {
             }
 
@@ -505,18 +501,18 @@ profile, IRequest req) {
                 SET vals = attr.getValues();
                 if (vals.size() > 0) {
                     try {
-                        lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(),
-                          ASN1Util.encode(vals.elementAt(0))));
+                        lraPop = (LraPopWitness) (ASN1Util.decode(LraPopWitness.getTemplate(),
+                                ASN1Util.encode(vals.elementAt(0))));
                     } catch (InvalidBERException e) {
                         CMS.debug(
-                          CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR"));
+                                CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR"));
                     }
 
                     SEQUENCE bodyIds = lraPop.getBodyIds();
 
                     CMCOutputTemplate template = new CMCOutputTemplate();
                     template.createFullResponseWithFailedStatus(response, bodyIds,
-                      OtherInfo.POP_FAILED, null);
+                            OtherInfo.POP_FAILED, null);
                     return;
                 }
             }
@@ -524,25 +520,25 @@ profile, IRequest req) {
 
         // for CMC, requests may be zero. Then check if controls exist.
         if (reqs == null) {
-            Integer nums = (Integer)(context.get("numOfControls"));
+            Integer nums = (Integer) (context.get("numOfControls"));
             CMCOutputTemplate template = new CMCOutputTemplate();
             // if there is only one control GetCert, then simple response
             // must be returned. 
             if (nums != null && nums.intValue() == 1) {
-                TaggedAttribute attr1 = (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
+                TaggedAttribute attr1 = (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
                 if (attr1 != null) {
                     template.createSimpleResponse(response, reqs);
                 } else
-                    template.createFullResponse(response, reqs, 
-                      cert_request_type, null);
+                    template.createFullResponse(response, reqs,
+                            cert_request_type, null);
             } else
-                template.createFullResponse(response, reqs, 
-                  cert_request_type, null);
+                template.createFullResponse(response, reqs,
+                        cert_request_type, null);
             return;
         }
 
         String errorCode = null;
-        String errorReason = null; 
+        String errorReason = null;
 
         ///////////////////////////////////////////////
         // populate request
@@ -553,24 +549,24 @@ profile, IRequest req) {
 
             // serial auth token into request
             if (authToken != null) {
-               Enumeration tokenNames = authToken.getElements();
-               while (tokenNames.hasMoreElements()) {
-                   String tokenName = (String)tokenNames.nextElement();
-                   String[] vals = authToken.getInStringArray(tokenName);
-                   if (vals != null) {
-                       for (int i = 0; i < vals.length; i++) {
-                           reqs[k].setExtData(ARG_AUTH_TOKEN + "." +
-                                   tokenName + "[" + i + "]", vals[i]);
-                       }
-                   } else {
-                       String val = authToken.getInString(tokenName);
-                       if (val != null) {
-                           reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName,
-                                   val);
-                       }
-                   }
-               }
-            }            
+                Enumeration tokenNames = authToken.getElements();
+                while (tokenNames.hasMoreElements()) {
+                    String tokenName = (String) tokenNames.nextElement();
+                    String[] vals = authToken.getInStringArray(tokenName);
+                    if (vals != null) {
+                        for (int i = 0; i < vals.length; i++) {
+                            reqs[k].setExtData(ARG_AUTH_TOKEN + "." +
+                                    tokenName + "[" + i + "]", vals[i]);
+                        }
+                    } else {
+                        String val = authToken.getInString(tokenName);
+                        if (val != null) {
+                            reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName,
+                                    val);
+                        }
+                    }
+                }
+            }
 
             // put profile framework parameters into the request
             reqs[k].setExtData(ARG_PROFILE, "true");
@@ -589,7 +585,7 @@ profile, IRequest req) {
                 } catch (Exception ee) {
                 }
                 template.createFullResponseWithFailedStatus(response, seq,
-                  OtherInfo.INTERNAL_CA_ERROR, s);
+                        OtherInfo.INTERNAL_CA_ERROR, s);
                 return;
             }
 
@@ -598,13 +594,13 @@ profile, IRequest req) {
             reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost());
             reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr());
 
-            CMS.debug("ProfileSubmitCMCServlet: request " + 
-                reqs[k].getRequestId().toString());
+            CMS.debug("ProfileSubmitCMCServlet: request " +
+                    reqs[k].getRequestId().toString());
 
             try {
                 CMS.debug("ProfileSubmitCMCServlet: populating request inputs");
                 // give authenticator a chance to populate the request
-                if (authenticator != null) { 
+                if (authenticator != null) {
                     authenticator.populate(authToken, reqs[k]);
                 }
                 profile.populateInput(ctx, reqs[k]);
@@ -620,7 +616,7 @@ profile, IRequest req) {
                 } catch (Exception ee) {
                 }
                 template.createFullResponseWithFailedStatus(response, seq,
-                  OtherInfo.BAD_REQUEST, s);
+                        OtherInfo.BAD_REQUEST, s);
                 return;
             } catch (Throwable e) {
                 CMS.debug("ProfileSubmitCMCServlet: populate " + e.toString());
@@ -635,7 +631,7 @@ profile, IRequest req) {
                 } catch (Exception ee) {
                 }
                 template.createFullResponseWithFailedStatus(response, seq,
-                  OtherInfo.INTERNAL_CA_ERROR, s);
+                        OtherInfo.INTERNAL_CA_ERROR, s);
                 return;
             }
         }
@@ -652,23 +648,22 @@ profile, IRequest req) {
             ///////////////////////////////////////////////
             int error_codes[] = null;
             if (reqs != null && reqs.length > 0)
-                error_codes = new int[reqs.length]; 
+                error_codes = new int[reqs.length];
             for (int k = 0; k < reqs.length; k++) {
                 try {
                     // reset the "auditRequesterID"
                     auditRequesterID = auditRequesterID(reqs[k]);
 
-
                     // print request debug
                     if (reqs[k] != null) {
-                      Enumeration reqKeys = reqs[k].getExtDataKeys();
-                      while (reqKeys.hasMoreElements()) {
-                        String reqKey = (String)reqKeys.nextElement();
-                        String reqVal = reqs[k].getExtDataInString(reqKey);
-                        if (reqVal != null) {
-                           CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal);
+                        Enumeration reqKeys = reqs[k].getExtDataKeys();
+                        while (reqKeys.hasMoreElements()) {
+                            String reqKey = (String) reqKeys.nextElement();
+                            String reqVal = reqs[k].getExtDataInString(reqKey);
+                            if (reqVal != null) {
+                                CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal);
+                            }
                         }
-                      }
                     }
 
                     profile.submit(authToken, reqs[k]);
@@ -698,9 +693,9 @@ profile, IRequest req) {
                     // need to notify
                     INotify notify = profile.getRequestQueue().getPendingNotify();
                     if (notify != null) {
-                       notify.notify(reqs[k]);
+                        notify.notify(reqs[k]);
                     }
-                
+
                     CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString());
                     errorCode = "2";
                     errorReason = CMS.getUserMessage(locale,
@@ -722,7 +717,7 @@ profile, IRequest req) {
                                 "CMS_INTERNAL_ERROR");
                 }
 
-                try { 
+                try {
                     if (errorCode == null) {
                         profile.getRequestQueue().markAsServiced(reqs[k]);
                     } else {
@@ -730,7 +725,7 @@ profile, IRequest req) {
                     }
                 } catch (EBaseException e) {
                     CMS.debug("ProfileSubmitCMCServlet: updateRequest " +
-                        e.toString());
+                            e.toString());
                 }
 
                 if (errorCode != null) {
@@ -778,36 +773,36 @@ profile, IRequest req) {
             // output output list 
             ///////////////////////////////////////////////
 
-           CMS.debug("ProfileSubmitCMCServlet: done serving");
-           CMCOutputTemplate template = new CMCOutputTemplate();
-           if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) {
-
-               if (outputFormat != null &&outputFormat.equals("pkcs7")) {
-                   byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]); 
-                   response.setContentType("application/pkcs7-mime");
-                   response.setContentLength(pkcs7.length);
-                   try {
-                       OutputStream os = response.getOutputStream(); 
-                       os.write(pkcs7);
-                       os.flush();
-                   } catch (Exception ee) {
-                   }
-                   return; 
-               }
-               template.createSimpleResponse(response, reqs);
-           } else if (cert_request_type.equals("cmc")) {
-               Integer nums = (Integer)(context.get("numOfControls"));
-               if (nums != null && nums.intValue() == 1) {
-                   TaggedAttribute attr1 = 
-                     (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
-                   if (attr1 != null) {
-                       template.createSimpleResponse(response, reqs);
-                       return;
-                   }
-               } 
-               template.createFullResponse(response, reqs, cert_request_type, 
-                   error_codes);
-           }
+            CMS.debug("ProfileSubmitCMCServlet: done serving");
+            CMCOutputTemplate template = new CMCOutputTemplate();
+            if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) {
+
+                if (outputFormat != null && outputFormat.equals("pkcs7")) {
+                    byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]);
+                    response.setContentType("application/pkcs7-mime");
+                    response.setContentLength(pkcs7.length);
+                    try {
+                        OutputStream os = response.getOutputStream();
+                        os.write(pkcs7);
+                        os.flush();
+                    } catch (Exception ee) {
+                    }
+                    return;
+                }
+                template.createSimpleResponse(response, reqs);
+            } else if (cert_request_type.equals("cmc")) {
+                Integer nums = (Integer) (context.get("numOfControls"));
+                if (nums != null && nums.intValue() == 1) {
+                    TaggedAttribute attr1 =
+                            (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
+                    if (attr1 != null) {
+                        template.createSimpleResponse(response, reqs);
+                        return;
+                    }
+                }
+                template.createFullResponse(response, reqs, cert_request_type,
+                        error_codes);
+            }
         } finally {
             SessionContext.releaseContext();
         }
@@ -815,11 +810,11 @@ profile, IRequest req) {
 
     /**
      * Signed Audit Log Requester ID
-     *
+     * 
      * This method is called to obtain the "RequesterID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @param request the actual request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -845,11 +840,11 @@ profile, IRequest req) {
 
     /**
      * Signed Audit Log Info Certificate Value
-     *
+     * 
      * This method is called to obtain the certificate from the passed in
      * "X509CertImpl" for a signed audit log message.
      * <P>
-     *
+     * 
      * @param request request containing an X509CertImpl
      * @return cert string containing the certificate
      */
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
index 3f663619..613ff55e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.profile;
 
-
 import java.math.BigInteger;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
@@ -72,10 +71,9 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cmsutil.util.Cert;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 /**
  * This servlet submits end-user request into the profile framework.
- *
+ * 
  * @author Christina Fu (renewal support)
  * @version $Revision$, $Date$
  */
@@ -97,34 +95,31 @@ public class ProfileSubmitServlet extends ProfileServlet {
     private String mReqType = null;
     private String mAuthorityId = null;
 
-    private final static String[]
-        SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
-            
-            /* 0 */ "automated profile cert request rejection:  "
+    private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
+
+    /* 0 */"automated profile cert request rejection:  "
             + "indeterminate reason for inability to process "
             + "cert request due to an EBaseException"
         };
     private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
-
-
-     private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
-        "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
-     private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
+            "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
 
+    private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
+            "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
+    private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
+            "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
 
     public ProfileSubmitServlet() {
     }
 
     /**
-     * initialize the servlet. And instance of this servlet can 
+     * initialize the servlet. And instance of this servlet can
      * be set up to always issue certificates against a certain profile
      * by setting the 'profileId' configuration in the servletConfig
      * If not, the user must specify the profileID when submitting the request
      * 
      * "ImportCert.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -185,7 +180,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     }
 
                     if (inputValue != null) {
-                        CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:"+ inputValue);
+                        CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:" + inputValue);
                         ctx.set(inputName, inputValue);
                     } else {
                         CMS.debug("ProfileSubmitServlet: setInputsIntoContext() value null");
@@ -196,8 +191,6 @@ public class ProfileSubmitServlet extends ProfileServlet {
 
     }
 
-
-
     private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) {
         Enumeration<String> authIds = authenticator.getValueNames();
 
@@ -206,8 +199,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
             while (authIds.hasMoreElements()) {
                 String authName = (String) authIds.nextElement();
 
-                CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:"+
-                      authName);
+                CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:" +
+                        authName);
                 if (request.getParameter(authName) != null) {
                     CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName found in request");
                     ctx.set(authName, request.getParameter(authName));
@@ -232,7 +225,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
             String n = t.substring(0, i);
             if (n.equalsIgnoreCase("uid")) {
                 String v = t.substring(i + 1);
-                CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:"+v);
+                CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:" + v);
                 return v;
             } else {
                 continue;
@@ -246,66 +239,66 @@ public class ProfileSubmitServlet extends ProfileServlet {
      *   to the session context
      */
     public IAuthToken authenticate(IProfileAuthenticator authenticator,
-        HttpServletRequest request, IRequest origReq, SessionContext context)
-          throws EBaseException {
-                IAuthToken authToken = authenticate(authenticator, request);
-                // For renewal, fill in necessary params
-                if (authToken!= null) {
-                  String ouid = origReq.getExtDataInString("auth_token.uid");
-                  // if the orig cert was manually approved, then there was
-                  // no auth token uid.  Try to get the uid from the cert dn
-                  // itself, if possible
-                  if (ouid == null) {
-                      String sdn = (String) context.get("origSubjectDN");
-                      if (sdn != null) {
-                        ouid = getUidFromDN(sdn);
-                        if (ouid != null)
-                          CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found");
-                      }
-                  } else {
-                      CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token");
-                  }
-                  String auid = authToken.getInString("uid");
-                  if (auid != null) { // not through ssl client auth
-                    CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:"+auid);
-                    // authenticated with uid
-                    // put "orig_req.auth_token.uid" so that authz with
-                    // UserOrigReqAccessEvaluator will work
-                    if (ouid != null) {
-                      context.put("orig_req.auth_token.uid", ouid); 
-                      CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:"+ouid);
-                    } else {
-                      CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found");
-                    }
-                  } else { // through ssl client auth?
-                    CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:");
-                    // put in orig_req's uid
-                    if (ouid != null) {
-                      CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" +ouid+". Setting authtoken");
-                      authToken.set("uid", ouid);
-                      context.put(SessionContext.USER_ID, ouid); 
-                    } else {
-                      CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found");
-//                      throw new EBaseException("origReq uid not found");
-                    }
-                  }
-
-                  String userdn = origReq.getExtDataInString("auth_token.userdn");
-                  if (userdn != null) {
-                      CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:"+userdn+". Setting authtoken");
-                      authToken.set("userdn", userdn);
-                  } else {
-                      CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found");
-//                      throw new EBaseException("origReq userdn not found");
-                  }
+            HttpServletRequest request, IRequest origReq, SessionContext context)
+            throws EBaseException {
+        IAuthToken authToken = authenticate(authenticator, request);
+        // For renewal, fill in necessary params
+        if (authToken != null) {
+            String ouid = origReq.getExtDataInString("auth_token.uid");
+            // if the orig cert was manually approved, then there was
+            // no auth token uid.  Try to get the uid from the cert dn
+            // itself, if possible
+            if (ouid == null) {
+                String sdn = (String) context.get("origSubjectDN");
+                if (sdn != null) {
+                    ouid = getUidFromDN(sdn);
+                    if (ouid != null)
+                        CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found");
+                }
+            } else {
+                CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token");
+            }
+            String auid = authToken.getInString("uid");
+            if (auid != null) { // not through ssl client auth
+                CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:" + auid);
+                // authenticated with uid
+                // put "orig_req.auth_token.uid" so that authz with
+                // UserOrigReqAccessEvaluator will work
+                if (ouid != null) {
+                    context.put("orig_req.auth_token.uid", ouid);
+                    CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:" + ouid);
+                } else {
+                    CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found");
+                }
+            } else { // through ssl client auth?
+                CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:");
+                // put in orig_req's uid
+                if (ouid != null) {
+                    CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" + ouid + ". Setting authtoken");
+                    authToken.set("uid", ouid);
+                    context.put(SessionContext.USER_ID, ouid);
                 } else {
-                      CMS.debug("ProfileSubmitServlet: renewal: authToken null");
+                    CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found");
+                    //                      throw new EBaseException("origReq uid not found");
                 }
-            return authToken;
+            }
+
+            String userdn = origReq.getExtDataInString("auth_token.userdn");
+            if (userdn != null) {
+                CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:" + userdn + ". Setting authtoken");
+                authToken.set("userdn", userdn);
+            } else {
+                CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found");
+                //                      throw new EBaseException("origReq userdn not found");
+            }
+        } else {
+            CMS.debug("ProfileSubmitServlet: renewal: authToken null");
+        }
+        return authToken;
     }
 
     public IAuthToken authenticate(IProfileAuthenticator authenticator,
-        HttpServletRequest request)  throws EBaseException {
+            HttpServletRequest request) throws EBaseException {
         AuthCredentials credentials = new AuthCredentials();
 
         // build credential
@@ -323,12 +316,12 @@ public class ProfileSubmitServlet extends ProfileServlet {
         IAuthToken authToken = authenticator.authenticate(credentials);
 
         SessionContext sc = SessionContext.getContext();
-        if (sc != null) { 
-          sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); 
-          String userid = authToken.getInString(IAuthToken.USER_ID);
-          if (userid != null) { 
-            sc.put(SessionContext.USER_ID, userid); 
-          }
+        if (sc != null) {
+            sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
+            String userid = authToken.getInString(IAuthToken.USER_ID);
+            if (userid != null) {
+                sc.put(SessionContext.USER_ID, userid);
+            }
         }
 
         return authToken;
@@ -387,7 +380,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     }
 
                     if (inputValue != null) {
-                        CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:"+ inputValue);
+                        CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:" + inputValue);
                         req.setExtData(inputName, inputValue);
                     } else {
                         CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() value null");
@@ -412,8 +405,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     while (outputNames.hasMoreElements()) {
                         ArgSet outputset = new ArgSet();
                         String outputName = (String) outputNames.nextElement();
-                        IDescriptor outputDesc = 
-                            profileOutput.getValueDescriptor(locale, outputName);
+                        IDescriptor outputDesc =
+                                profileOutput.getValueDescriptor(locale, outputName);
 
                         if (outputDesc == null)
                             continue;
@@ -423,7 +416,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                         String outputValue = null;
 
                         try {
-                            outputValue = profileOutput.getValue(outputName, 
+                            outputValue = profileOutput.getValue(outputName,
                                         locale, req);
                         } catch (EProfileException e) {
                             CMS.debug("ProfileSubmitServlet: " + e.toString());
@@ -445,15 +438,14 @@ public class ProfileSubmitServlet extends ProfileServlet {
      * Process the HTTP request
      * <P>
      * 
-     * (Certificate Request Processed - either an automated "EE" profile based
-     *  cert acceptance, or an automated "EE" profile based cert rejection)
+     * (Certificate Request Processed - either an automated "EE" profile based cert acceptance, or an automated "EE" profile based cert rejection)
      * <P>
      * 
      * <ul>
      * <li>http.param profileId ID of profile to use to process request
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
-     * certificate request has just been through the approval process
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      * @exception EBaseException an error has occurred
      */
@@ -476,9 +468,9 @@ public class ProfileSubmitServlet extends ProfileServlet {
             CMS.debug("xmlOutput false");
         }
 
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
         if (statsSub != null) {
-          statsSub.startTiming("enrollment", true /* main action */);
+            statsSub.startTiming("enrollment", true /* main action */);
         }
 
         long startTime = CMS.getCurrentDate().getTime();
@@ -488,7 +480,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
         if (CMS.debugOn()) {
             CMS.debug("Start of ProfileSubmitServlet Input Parameters");
             @SuppressWarnings("unchecked")
-			Enumeration<String> paramNames = request.getParameterNames();
+            Enumeration<String> paramNames = request.getParameterNames();
 
             while (paramNames.hasMoreElements()) {
                 String paramName = paramNames.nextElement();
@@ -497,25 +489,25 @@ public class ProfileSubmitServlet extends ProfileServlet {
                 // __ (double underscores); however, in the event that
                 // a security parameter slips through, we perform multiple
                 // additional checks to insure that it is NOT displayed
-                if( paramName.startsWith("__")                         ||
-                    paramName.endsWith("password")                     ||
-                    paramName.endsWith("passwd")                       ||
-                    paramName.endsWith("pwd")                          ||
-                    paramName.equalsIgnoreCase("admin_password_again") ||
-                    paramName.equalsIgnoreCase("directoryManagerPwd")  ||
-                    paramName.equalsIgnoreCase("bindpassword")         ||
-                    paramName.equalsIgnoreCase("bindpwd")              ||
-                    paramName.equalsIgnoreCase("passwd")               ||
-                    paramName.equalsIgnoreCase("password")             ||
-                    paramName.equalsIgnoreCase("pin")                  ||
-                    paramName.equalsIgnoreCase("pwd")                  ||
-                    paramName.equalsIgnoreCase("pwdagain")             ||
-                    paramName.equalsIgnoreCase("uPasswd") ) {
+                if (paramName.startsWith("__") ||
+                        paramName.endsWith("password") ||
+                        paramName.endsWith("passwd") ||
+                        paramName.endsWith("pwd") ||
+                        paramName.equalsIgnoreCase("admin_password_again") ||
+                        paramName.equalsIgnoreCase("directoryManagerPwd") ||
+                        paramName.equalsIgnoreCase("bindpassword") ||
+                        paramName.equalsIgnoreCase("bindpwd") ||
+                        paramName.equalsIgnoreCase("passwd") ||
+                        paramName.equalsIgnoreCase("password") ||
+                        paramName.equalsIgnoreCase("pin") ||
+                        paramName.equalsIgnoreCase("pwd") ||
+                        paramName.equalsIgnoreCase("pwdagain") ||
+                        paramName.equalsIgnoreCase("uPasswd")) {
                     CMS.debug("ProfileSubmitServlet Input Parameter " +
                               paramName + "='(sensitive)'");
                 } else {
                     CMS.debug("ProfileSubmitServlet Input Parameter " +
-                              paramName + "='" + 
+                              paramName + "='" +
                               request.getParameter(paramName) + "'");
                 }
             }
@@ -528,22 +520,22 @@ public class ProfileSubmitServlet extends ProfileServlet {
             mProfileSubId = IProfileSubsystem.ID;
         }
         CMS.debug("ProfileSubmitServlet: SubId=" + mProfileSubId);
-        IProfileSubsystem ps = (IProfileSubsystem) 
-            CMS.getSubsystem(mProfileSubId); 
+        IProfileSubsystem ps = (IProfileSubsystem)
+                CMS.getSubsystem(mProfileSubId);
 
         if (ps == null) {
             CMS.debug("ProfileSubmitServlet: ProfileSubsystem not found");
             if (xmlOutput) {
                 outputError(response, CMS.getUserMessage(locale,
-                  "CMS_INTERNAL_ERROR"));
+                        "CMS_INTERNAL_ERROR"));
             } else {
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_INTERNAL_ERROR"));
+                        "CMS_INTERNAL_ERROR"));
                 outputTemplate(request, response, args);
             }
             if (statsSub != null) {
-              statsSub.endTiming("enrollment");
+                statsSub.endTiming("enrollment");
             }
             return;
         }
@@ -562,10 +554,10 @@ public class ProfileSubmitServlet extends ProfileServlet {
          */
         String renewal = request.getParameter("renewal");
         boolean isRenewal = false;
-        if ((renewal!= null) && (renewal.equalsIgnoreCase("true"))) {
+        if ((renewal != null) && (renewal.equalsIgnoreCase("true"))) {
             CMS.debug("ProfileSubmitServlet: isRenewal true");
             isRenewal = true;
-            request.setAttribute("reqType", (Object)"renewal");
+            request.setAttribute("reqType", (Object) "renewal");
         } else {
             CMS.debug("ProfileSubmitServlet: isRenewal false");
         }
@@ -593,11 +585,11 @@ public class ProfileSubmitServlet extends ProfileServlet {
         if (isRenewal) {
             // dig up the original request to "clone"
             renewProfileId = profileId;
-            CMS.debug("ProfileSubmitServlet: renewProfileId ="+renewProfileId);
+            CMS.debug("ProfileSubmitServlet: renewProfileId =" + renewProfileId);
             IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId);
             if (authority == null) {
                 CMS.debug("ProfileSubmitServlet: renewal: Authority " + mAuthorityId +
-                    " not found");
+                        " not found");
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_INTERNAL_ERROR"));
@@ -608,7 +600,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
 
             if (queue == null) {
                 CMS.debug("ProfileSubmitServlet: renewal: Request Queue of " +
-                    mAuthorityId + " not found");
+                        mAuthorityId + " not found");
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_INTERNAL_ERROR"));
@@ -638,7 +630,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     CMS.debug("ProfileSubmitServlet: renewal: no ssl client cert chain");
                     args.set(ARG_ERROR_CODE, "1");
                     args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_INTERNAL_ERROR"));
+                            "CMS_INTERNAL_ERROR"));
                     outputTemplate(request, response, args);
                     return;
                 } else { // has ssl client cert
@@ -646,45 +638,45 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     // shouldn't expect leaf cert to be always at the
                     // same location
                     X509Certificate clientCert = null;
-                    for (int i = 0; i< certs.length; i++) {
+                    for (int i = 0; i < certs.length; i++) {
                         clientCert = certs[i];
-                        byte [] extBytes = clientCert.getExtensionValue("2.5.29.19");
+                        byte[] extBytes = clientCert.getExtensionValue("2.5.29.19");
                         // try to see if this is a leaf cert
                         // look for BasicConstraint extension
                         if (extBytes == null) {
                             // found leaf cert
-                    CMS.debug("ProfileSubmitServlet: renewal: found leaf cert");
+                            CMS.debug("ProfileSubmitServlet: renewal: found leaf cert");
                             break;
                         } else {
-                          CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext");
-                          // it's got BasicConstraints extension
-                          // so it's not likely to be a leaf cert,
-                          // however, check the isCA field regardless
-                          try {
-                            BasicConstraintsExtension bce =
-                              new BasicConstraintsExtension(true, extBytes);
-                            if (bce != null) {
-                                if (!(Boolean)bce.get("is_ca")) {
-                    CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain");
-                                  break;
-                                } // else found a ca cert, continue
-                            }
-                          } catch (Exception e) {
-                    CMS.debug("ProfileSubmitServlet: renewal: exception:"+
+                            CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext");
+                            // it's got BasicConstraints extension
+                            // so it's not likely to be a leaf cert,
+                            // however, check the isCA field regardless
+                            try {
+                                BasicConstraintsExtension bce =
+                                        new BasicConstraintsExtension(true, extBytes);
+                                if (bce != null) {
+                                    if (!(Boolean) bce.get("is_ca")) {
+                                        CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain");
+                                        break;
+                                    } // else found a ca cert, continue
+                                }
+                            } catch (Exception e) {
+                                CMS.debug("ProfileSubmitServlet: renewal: exception:" +
                                         e.toString());
-                               args.set(ARG_ERROR_CODE, "1");
-                               args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                                   "CMS_INTERNAL_ERROR"));
-                               outputTemplate(request, response, args);
-                               return;
-                          }
+                                args.set(ARG_ERROR_CODE, "1");
+                                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+                                        "CMS_INTERNAL_ERROR"));
+                                outputTemplate(request, response, args);
+                                return;
+                            }
                         }
                     }
                     if (clientCert == null) {
                         CMS.debug("ProfileSubmitServlet: renewal: no client cert in chain");
                         args.set(ARG_ERROR_CODE, "1");
                         args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                            "CMS_INTERNAL_ERROR"));
+                                "CMS_INTERNAL_ERROR"));
                         outputTemplate(request, response, args);
                         return;
                     }
@@ -694,10 +686,10 @@ public class ProfileSubmitServlet extends ProfileServlet {
 
                         clientCert = new X509CertImpl(certEncoded);
                     } catch (Exception e) {
-                        CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString());
+                        CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString());
                         args.set(ARG_ERROR_CODE, "1");
                         args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                            "CMS_INTERNAL_ERROR"));
+                                "CMS_INTERNAL_ERROR"));
                         outputTemplate(request, response, args);
                         return;
                     }
@@ -706,7 +698,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                 }
             }
 
-            CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:"+ certSerial.toString());
+            CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:" + certSerial.toString());
 
             try {
                 ICertificateRepository certDB = null;
@@ -716,28 +708,28 @@ public class ProfileSubmitServlet extends ProfileServlet {
                 if (certDB == null) {
                     args.set(ARG_ERROR_CODE, "1");
                     args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_INTERNAL_ERROR"));
+                            "CMS_INTERNAL_ERROR"));
                     outputTemplate(request, response, args);
                     return;
                 }
                 ICertRecord rec = (ICertRecord) certDB.readCertificateRecord(certSerial);
-                if (rec == null)  {
-                    CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number "+ certSerial.toString());
+                if (rec == null) {
+                    CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number " + certSerial.toString());
                     args.set(ARG_ERROR_CODE, "1");
                     args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_INTERNAL_ERROR"));
+                            "CMS_INTERNAL_ERROR"));
                     outputTemplate(request, response, args);
                     return;
                 } else {
-                    CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:"+ certSerial.toString());
+                    CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:" + certSerial.toString());
                     // check to see if the cert is revoked or revoked_expired
                     if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) {
-                      CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = "+ certSerial.toString());
-                      args.set(ARG_ERROR_CODE, "1");
-                      args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                          "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString()));
-                      outputTemplate(request, response, args);
-                      return;
+                        CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = " + certSerial.toString());
+                        args.set(ARG_ERROR_CODE, "1");
+                        args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+                                "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString()));
+                        outputTemplate(request, response, args);
+                        return;
                     }
                     MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO);
                     // note: CA's internal certs don't have request ids
@@ -748,54 +740,54 @@ public class ProfileSubmitServlet extends ProfileServlet {
                         if (rid != null) {
                             origReq = queue.findRequest(new RequestId(rid));
                             if (origReq != null) {
-                                CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:"+ rid);
+                                CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:" + rid);
                                 // debug: print the extData keys
                                 Enumeration<String> en = origReq.getExtDataKeys();
-/*
-                                CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS");
-                                while (en.hasMoreElements()) {
-                                  String next = (String) en.nextElement();
-                                  CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key:"+ next);
-                                }
-                                CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print ENDS");
-*/
+                                /*
+                                                                CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS");
+                                                                while (en.hasMoreElements()) {
+                                                                  String next = (String) en.nextElement();
+                                                                  CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key:"+ next);
+                                                                }
+                                                                CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print ENDS");
+                                */
                                 String requestorE = origReq.getExtDataInString("requestor_email");
-                                CMS.debug("ProfileSubmitServlet: renewal original requestor email="+requestorE);
+                                CMS.debug("ProfileSubmitServlet: renewal original requestor email=" + requestorE);
                                 profileId = origReq.getExtDataInString("profileId");
                                 if (profileId != null)
-                                  CMS.debug("ProfileSubmitServlet: renewal original profileId="+profileId);
+                                    CMS.debug("ProfileSubmitServlet: renewal original profileId=" + profileId);
                                 else {
-                                  CMS.debug("ProfileSubmitServlet: renewal original profileId not found");
-                                  args.set(ARG_ERROR_CODE, "1");
-                                  args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                                    "CMS_INTERNAL_ERROR"));
-                                  outputTemplate(request, response, args);
-                                  return;
+                                    CMS.debug("ProfileSubmitServlet: renewal original profileId not found");
+                                    args.set(ARG_ERROR_CODE, "1");
+                                    args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+                                            "CMS_INTERNAL_ERROR"));
+                                    outputTemplate(request, response, args);
+                                    return;
                                 }
                                 origSeqNum = origReq.getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM);
-                                
+
                             } else { //if origReq
-                                CMS.debug("ProfileSubmitServlet: renewal original request not found for request id "+ rid);
+                                CMS.debug("ProfileSubmitServlet: renewal original request not found for request id " + rid);
                                 args.set(ARG_ERROR_CODE, "1");
                                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                                    "CMS_INTERNAL_ERROR"));
+                                        "CMS_INTERNAL_ERROR"));
                                 outputTemplate(request, response, args);
                                 return;
                             }
                         } else {
-                          CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number "+ certSerial.toString());
-                          CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists");
-                          args.set(ARG_ERROR_CODE, "1");
-                          args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                            "CMS_INTERNAL_ERROR"+": original request not found"));
-                          outputTemplate(request, response, args);
-                          return;
+                            CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number " + certSerial.toString());
+                            CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists");
+                            args.set(ARG_ERROR_CODE, "1");
+                            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+                                    "CMS_INTERNAL_ERROR" + ": original request not found"));
+                            outputTemplate(request, response, args);
+                            return;
                         }
                     } else {
-                        CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number "+ certSerial.toString());
+                        CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number " + certSerial.toString());
                         args.set(ARG_ERROR_CODE, "1");
                         args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                            "CMS_INTERNAL_ERROR"));
+                                "CMS_INTERNAL_ERROR"));
                         outputTemplate(request, response, args);
                         return;
                     }
@@ -803,96 +795,96 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     CMS.debug("ProfileSubmitServlet: renewal: before getting origNotAfter");
                     X509CertImpl origCert = rec.getCertificate();
                     origNotAfter = origCert.getNotAfter();
-                    CMS.debug("ProfileSubmitServlet: renewal: origNotAfter ="+
-                        origNotAfter.toString());
+                    CMS.debug("ProfileSubmitServlet: renewal: origNotAfter =" +
+                            origNotAfter.toString());
                     origSubjectDN = origCert.getSubjectDN().getName();
-                    CMS.debug("ProfileSubmitServlet: renewal: orig subj dn ="+
-                        origSubjectDN);
+                    CMS.debug("ProfileSubmitServlet: renewal: orig subj dn =" +
+                            origSubjectDN);
                 }
             } catch (Exception e) {
-                CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString());
+                CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString());
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_INTERNAL_ERROR"));
+                        "CMS_INTERNAL_ERROR"));
                 outputTemplate(request, response, args);
                 return;
             }
         } // end isRenewal
 
-        IProfile profile = null; 
+        IProfile profile = null;
         IProfile renewProfile = null;
 
-        try { 
-            profile = ps.getProfile(profileId); 
+        try {
+            profile = ps.getProfile(profileId);
             if (isRenewal) {
                 // in case of renew, "profile" is the orig profile
                 // while "renewProfile" is the current profile used for renewal
-                renewProfile = ps.getProfile(renewProfileId); 
+                renewProfile = ps.getProfile(renewProfileId);
             }
-        } catch (EProfileException e) { 
-            if(profile == null) {
-                CMS.debug("ProfileSubmitServlet: profile not found profileId " + 
-                    profileId + " " + e.toString());
+        } catch (EProfileException e) {
+            if (profile == null) {
+                CMS.debug("ProfileSubmitServlet: profile not found profileId " +
+                        profileId + " " + e.toString());
             }
             if (renewProfile == null) {
                 CMS.debug("ProfileSubmitServlet: profile not found renewProfileId " +
-                    renewProfileId + " " + e.toString());
+                        renewProfileId + " " + e.toString());
             }
         }
         if (profile == null) {
             if (xmlOutput) {
-                outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", profileId));
+                outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
             } else {
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_PROFILE_NOT_FOUND", profileId));
+                        "CMS_PROFILE_NOT_FOUND", profileId));
                 outputTemplate(request, response, args);
             }
             return;
         }
         if (isRenewal && (renewProfile == null)) {
             if (xmlOutput) {
-                outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", renewProfileId));
+                outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId));
             } else {
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_PROFILE_NOT_FOUND", renewProfileId));
+                        "CMS_PROFILE_NOT_FOUND", renewProfileId));
                 outputTemplate(request, response, args);
             }
             return;
         }
 
         if (!ps.isProfileEnable(profileId)) {
-            CMS.debug("ProfileSubmitServlet: Profile " + profileId + 
-                " not enabled");
+            CMS.debug("ProfileSubmitServlet: Profile " + profileId +
+                    " not enabled");
             if (xmlOutput) {
                 outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
             } else {
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_PROFILE_NOT_FOUND", profileId));
+                        "CMS_PROFILE_NOT_FOUND", profileId));
                 outputTemplate(request, response, args);
             }
             if (statsSub != null) {
-              statsSub.endTiming("enrollment");
+                statsSub.endTiming("enrollment");
             }
             return;
         }
 
         if (isRenewal) {
-          if (!ps.isProfileEnable(renewProfileId)) {
-            CMS.debug("ProfileSubmitServlet: renewal Profile " + renewProfileId + 
-                " not enabled");
-            if (xmlOutput) {
-                outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId));
-            } else {
-                args.set(ARG_ERROR_CODE, "1");
-                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_PROFILE_NOT_FOUND", renewProfileId));
-                outputTemplate(request, response, args);
+            if (!ps.isProfileEnable(renewProfileId)) {
+                CMS.debug("ProfileSubmitServlet: renewal Profile " + renewProfileId +
+                        " not enabled");
+                if (xmlOutput) {
+                    outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId));
+                } else {
+                    args.set(ARG_ERROR_CODE, "1");
+                    args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+                            "CMS_PROFILE_NOT_FOUND", renewProfileId));
+                    outputTemplate(request, response, args);
+                }
+                return;
             }
-            return;
-          }
         }
 
         IProfileContext ctx = profile.createContext();
@@ -909,40 +901,40 @@ public class ProfileSubmitServlet extends ProfileServlet {
             }
         } catch (EProfileException e) {
             // authenticator not installed correctly
-            CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString());
+            CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString());
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                "CMS_INTERNAL_ERROR"));
+                    "CMS_INTERNAL_ERROR"));
             outputTemplate(request, response, args);
             return;
         }
         if (authenticator == null) {
             CMS.debug("ProfileSubmitServlet: authenticator not found");
         } else {
-            CMS.debug("ProfileSubmitServlet: authenticator " + 
-                authenticator.getName() + " found");
+            CMS.debug("ProfileSubmitServlet: authenticator " +
+                    authenticator.getName() + " found");
             setCredentialsIntoContext(request, authenticator, ctx);
         }
 
         // for renewal, this will override or add auth info to the profile context
         if (isRenewal) {
-           if (origAuthenticator!= null) {
-               CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " + 
-                 origAuthenticator.getName() + " found");
-               setCredentialsIntoContext(request, origAuthenticator, ctx);
-           } else {
-               CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found");
-           }
+            if (origAuthenticator != null) {
+                CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " +
+                        origAuthenticator.getName() + " found");
+                setCredentialsIntoContext(request, origAuthenticator, ctx);
+            } else {
+                CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found");
+            }
         }
 
         CMS.debug("ProfileSubmistServlet: set Inputs into profile Context");
         if (isRenewal) {
-        // for renewal, input needs to be retrieved from the orig req record
+            // for renewal, input needs to be retrieved from the orig req record
             CMS.debug("ProfileSubmitServlet: set original Inputs into profile Context");
             setInputsIntoContext(origReq, profile, ctx, locale);
             ctx.set(IEnrollProfile.CTX_RENEWAL, "true");
             ctx.set("renewProfileId", renewProfileId);
-            ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString()); 
+            ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString());
         } else {
             setInputsIntoContext(request, profile, ctx);
         }
@@ -956,14 +948,14 @@ public class ProfileSubmitServlet extends ProfileServlet {
         SessionContext context = SessionContext.getContext();
 
         // insert profile context so that input parameter can be retrieved
-        context.put("profileContext", ctx); 
-        context.put("sslClientCertProvider", 
-            new SSLClientCertProvider(request));
+        context.put("profileContext", ctx);
+        context.put("sslClientCertProvider",
+                new SSLClientCertProvider(request));
         CMS.debug("ProfileSubmitServlet: set sslClientCertProvider");
         if ((isRenewal == true) && (origSubjectDN != null))
-          context.put("origSubjectDN", origSubjectDN); 
+            context.put("origSubjectDN", origSubjectDN);
         if (statsSub != null) {
-          statsSub.startTiming("profile_authentication");
+            statsSub.startTiming("profile_authentication");
         }
 
         if (authenticator != null) {
@@ -975,20 +967,20 @@ public class ProfileSubmitServlet extends ProfileServlet {
             //Attempt to possibly fetch attemped uid, may not always be available.
             if (authIds != null) {
                 while (authIds.hasMoreElements()) {
-                    String authName =  authIds.nextElement();
-                    String value = request.getParameter(authName); 
+                    String authName = authIds.nextElement();
+                    String value = request.getParameter(authName);
                     if (value != null) {
-                          if (authName.equals("uid")) {
-                              uid_attempted_cred = value;
-                          }
+                        if (authName.equals("uid")) {
+                            uid_attempted_cred = value;
+                        }
                     }
                 }
             }
 
-            String authSubjectID =  auditSubjectID();
+            String authSubjectID = auditSubjectID();
 
-            String authMgrID = authenticator.getName(); 
-            String auditMessage = null; 
+            String authMgrID = authenticator.getName();
+            String auditMessage = null;
             try {
                 if (isRenewal) {
                     CMS.debug("ProfileSubmitServlet: renewal authenticate begins");
@@ -998,22 +990,22 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     authToken = authenticate(authenticator, request);
                 }
             } catch (EBaseException e) {
-                CMS.debug("ProfileSubmitServlet: authentication error " + 
-                    e.toString());
+                CMS.debug("ProfileSubmitServlet: authentication error " +
+                        e.toString());
                 // authentication error
                 if (xmlOutput) {
                     outputError(response, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR"));
                 } else {
                     args.set(ARG_ERROR_CODE, "1");
                     args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_AUTHENTICATION_ERROR"));
+                            "CMS_AUTHENTICATION_ERROR"));
                     outputTemplate(request, response, args);
                 }
                 if (statsSub != null) {
-                  statsSub.endTiming("authentication");
+                    statsSub.endTiming("authentication");
                 }
                 if (statsSub != null) {
-                  statsSub.endTiming("enrollment");
+                    statsSub.endTiming("enrollment");
                 }
 
                 //audit log our authentication failure
@@ -1040,7 +1032,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
             }
 
             authSubjectID = authSubjectID + " : " + uid_cred;
-             
+
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
                         LOGGING_SIGNED_AUDIT_AUTH_SUCCESS,
@@ -1052,7 +1044,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
 
         }
         if (statsSub != null) {
-          statsSub.endTiming("profile_authentication");
+            statsSub.endTiming("profile_authentication");
         }
 
         // authentication success
@@ -1061,23 +1053,23 @@ public class ProfileSubmitServlet extends ProfileServlet {
             // do profile authorization
             String acl = null;
             if (isRenewal)
-              acl = renewProfile.getAuthzAcl();
+                acl = renewProfile.getAuthzAcl();
             else
-              acl = profile.getAuthzAcl();
-            CMS.debug("ProfileSubmitServlet: authz using acl: "+acl);
+                acl = profile.getAuthzAcl();
+            CMS.debug("ProfileSubmitServlet: authz using acl: " + acl);
             if (acl != null && acl.length() > 0) {
                 try {
                     String resource = profileId + ".authz.acl";
                     AuthzToken authzToken = authorize(mAclMethod, resource, authToken, acl);
                 } catch (Exception e) {
-                    CMS.debug("ProfileSubmitServlet authorize: "+e.toString());
+                    CMS.debug("ProfileSubmitServlet authorize: " + e.toString());
                     if (xmlOutput) {
-                        outputError(response, CMS.getUserMessage(locale, 
-                          "CMS_AUTHORIZATION_ERROR"));
+                        outputError(response, CMS.getUserMessage(locale,
+                                "CMS_AUTHORIZATION_ERROR"));
                     } else {
                         args.set(ARG_ERROR_CODE, "1");
                         args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                            "CMS_AUTHORIZATION_ERROR"));
+                                "CMS_AUTHORIZATION_ERROR"));
                         outputTemplate(request, response, args);
                     }
 
@@ -1089,7 +1081,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
         IRequest reqs[] = null;
 
         if (statsSub != null) {
-          statsSub.startTiming("request_population");
+            statsSub.startTiming("request_population");
         }
         ///////////////////////////////////////////////
         // create request
@@ -1107,8 +1099,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
                 outputTemplate(request, response, args);
             }
             if (statsSub != null) {
-              statsSub.endTiming("request_population");
-              statsSub.endTiming("enrollment");
+                statsSub.endTiming("request_population");
+                statsSub.endTiming("enrollment");
             }
             return;
         } catch (Throwable e) {
@@ -1119,18 +1111,18 @@ public class ProfileSubmitServlet extends ProfileServlet {
             } else {
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_INTERNAL_ERROR"));
+                        "CMS_INTERNAL_ERROR"));
                 outputTemplate(request, response, args);
             }
             if (statsSub != null) {
-              statsSub.endTiming("request_population");
-              statsSub.endTiming("enrollment");
+                statsSub.endTiming("request_population");
+                statsSub.endTiming("enrollment");
             }
             return;
         }
 
         String errorCode = null;
-        String errorReason = null; 
+        String errorReason = null;
 
         ///////////////////////////////////////////////
         // populate request
@@ -1141,22 +1133,22 @@ public class ProfileSubmitServlet extends ProfileServlet {
 
             // adding parameters to request
             if (isRenewal) {
-              setInputsIntoRequest(origReq, profile, reqs[k], locale);
-              // set orig expiration date to be used in Validity constraint
-              reqs[k].setExtData("origNotAfter",
-                  BigInteger.valueOf(origNotAfter.getTime()));
-              // set subjectDN to be used in subject name default
-              reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN);
-              // set request type
-              reqs[k].setRequestType("renewal");
+                setInputsIntoRequest(origReq, profile, reqs[k], locale);
+                // set orig expiration date to be used in Validity constraint
+                reqs[k].setExtData("origNotAfter",
+                        BigInteger.valueOf(origNotAfter.getTime()));
+                // set subjectDN to be used in subject name default
+                reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN);
+                // set request type
+                reqs[k].setRequestType("renewal");
             } else
-              setInputsIntoRequest(request, profile, reqs[k]);
+                setInputsIntoRequest(request, profile, reqs[k]);
 
             // serial auth token into request
             if (authToken != null) {
                 Enumeration<String> tokenNames = authToken.getElements();
                 while (tokenNames.hasMoreElements()) {
-                    String tokenName =  tokenNames.nextElement();
+                    String tokenName = tokenNames.nextElement();
                     String[] tokenVals = authToken.getInStringArray(tokenName);
                     if (tokenVals != null) {
                         for (int i = 0; i < tokenVals.length; i++) {
@@ -1181,7 +1173,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
             }
 
             if (fromRA) {
-                CMS.debug("ProfileSubmitServlet: request from RA: "+ uid);
+                CMS.debug("ProfileSubmitServlet: request from RA: " + uid);
                 reqs[k].setExtData(ARG_REQUEST_OWNER, uid);
             }
 
@@ -1200,13 +1192,13 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     outputError(response, FAILED, CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"), reqs[k].getRequestId().toString());
                 } else {
                     args.set(ARG_ERROR_CODE, "1");
-                    args.set(ARG_ERROR_REASON, 
-                      CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"));
+                    args.set(ARG_ERROR_REASON,
+                            CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"));
                     outputTemplate(request, response, args);
                 }
                 if (statsSub != null) {
-                  statsSub.endTiming("request_population");
-                  statsSub.endTiming("enrollment");
+                    statsSub.endTiming("request_population");
+                    statsSub.endTiming("enrollment");
                 }
                 return;
             }
@@ -1216,13 +1208,13 @@ public class ProfileSubmitServlet extends ProfileServlet {
             reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost());
             reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr());
 
-            CMS.debug("ProfileSubmitServlet: request " + 
-                reqs[k].getRequestId().toString());
+            CMS.debug("ProfileSubmitServlet: request " +
+                    reqs[k].getRequestId().toString());
 
             try {
                 CMS.debug("ProfileSubmitServlet: populating request inputs");
                 // give authenticator a chance to populate the request
-                if (authenticator != null) { 
+                if (authenticator != null) {
                     authenticator.populate(authToken, reqs[k]);
                 }
                 profile.populateInput(ctx, reqs[k]);
@@ -1237,8 +1229,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     outputTemplate(request, response, args);
                 }
                 if (statsSub != null) {
-                  statsSub.endTiming("request_population");
-                  statsSub.endTiming("enrollment");
+                    statsSub.endTiming("request_population");
+                    statsSub.endTiming("enrollment");
                 }
                 return;
             } catch (Throwable e) {
@@ -1250,18 +1242,18 @@ public class ProfileSubmitServlet extends ProfileServlet {
                 } else {
                     args.set(ARG_ERROR_CODE, "1");
                     args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_INTERNAL_ERROR"));
+                            "CMS_INTERNAL_ERROR"));
                     outputTemplate(request, response, args);
                 }
                 if (statsSub != null) {
-                  statsSub.endTiming("request_population");
-                  statsSub.endTiming("enrollment");
+                    statsSub.endTiming("request_population");
+                    statsSub.endTiming("enrollment");
                 }
                 return;
             }
         }
         if (statsSub != null) {
-          statsSub.endTiming("request_population");
+            statsSub.endTiming("request_population");
         }
 
         String auditMessage = null;
@@ -1281,15 +1273,15 @@ public class ProfileSubmitServlet extends ProfileServlet {
 
                     // print request debug
                     if (reqs[k] != null) {
-                      requestIds += "  "+reqs[k].getRequestId().toString();
-                      Enumeration<String> reqKeys = reqs[k].getExtDataKeys();
-                      while (reqKeys.hasMoreElements()) {
-                        String reqKey = reqKeys.nextElement();
-                        String reqVal = reqs[k].getExtDataInString(reqKey);
-                        if (reqVal != null) {
-                           CMS.debug("ProfileSubmitServlet: key=$request." + reqKey + "$ value=" + reqVal);
+                        requestIds += "  " + reqs[k].getRequestId().toString();
+                        Enumeration<String> reqKeys = reqs[k].getExtDataKeys();
+                        while (reqKeys.hasMoreElements()) {
+                            String reqKey = reqKeys.nextElement();
+                            String reqVal = reqs[k].getExtDataInString(reqKey);
+                            if (reqVal != null) {
+                                CMS.debug("ProfileSubmitServlet: key=$request." + reqKey + "$ value=" + reqVal);
+                            }
                         }
-                      }
                     }
 
                     profile.submit(authToken, reqs[k]);
@@ -1319,9 +1311,9 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     // need to notify
                     INotify notify = profile.getRequestQueue().getPendingNotify();
                     if (notify != null) {
-                       notify.notify(reqs[k]);
+                        notify.notify(reqs[k]);
                     }
-                
+
                     CMS.debug("ProfileSubmitServlet: submit " + e.toString());
                     errorCode = "2";
                     errorReason = CMS.getUserMessage(locale,
@@ -1343,7 +1335,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                                 "CMS_INTERNAL_ERROR");
                 }
 
-                try { 
+                try {
                     if (errorCode == null) {
                         profile.getRequestQueue().markAsServiced(reqs[k]);
                     } else {
@@ -1351,7 +1343,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     }
                 } catch (EBaseException e) {
                     CMS.debug("ProfileSubmitServlet: updateRequest " +
-                        e.toString());
+                            e.toString());
                 }
 
                 if (errorCode != null) {
@@ -1396,7 +1388,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                         ArgSet requestset = new ArgSet();
 
                         requestset.set(ARG_REQUEST_ID,
-                            reqs[k].getRequestId().toString());
+                                reqs[k].getRequestId().toString());
                         requestlist.add(requestset);
                     }
                     args.set(ARG_REQUEST_LIST, requestlist);
@@ -1405,7 +1397,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     outputTemplate(request, response, args);
                 }
                 if (statsSub != null) {
-                  statsSub.endTiming("enrollment");
+                    statsSub.endTiming("enrollment");
                 }
                 return;
             }
@@ -1431,7 +1423,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     ArgSet requestset = new ArgSet();
 
                     requestset.set(ARG_REQUEST_ID,
-                        reqs[k].getRequestId().toString());
+                            reqs[k].getRequestId().toString());
                     requestlist.add(requestset);
                 }
                 args.set(ARG_REQUEST_LIST, requestlist);
@@ -1454,14 +1446,14 @@ public class ProfileSubmitServlet extends ProfileServlet {
             audit(auditMessage);
 
             if (statsSub != null) {
-              statsSub.endTiming("enrollment");
+                statsSub.endTiming("enrollment");
             }
             throw eAudit1;
         } finally {
             SessionContext.releaseContext();
         }
         if (statsSub != null) {
-          statsSub.endTiming("enrollment");
+            statsSub.endTiming("enrollment");
         }
     }
 
@@ -1473,19 +1465,19 @@ public class ProfileSubmitServlet extends ProfileServlet {
             Node root = xmlObj.createRoot("XMLResponse");
             xmlObj.addItemToContainer(root, "Status", SUCCESS);
             Node n = xmlObj.createContainer(root, "Requests");
-            CMS.debug("ProfileSubmitServlet xmlOutput: req len = " +reqs.length);
+            CMS.debug("ProfileSubmitServlet xmlOutput: req len = " + reqs.length);
 
-            for (int i=0; i<reqs.length; i++) {
+            for (int i = 0; i < reqs.length; i++) {
                 Node subnode = xmlObj.createContainer(n, "Request");
                 xmlObj.addItemToContainer(subnode, "Id", reqs[i].getRequestId().toString());
                 X509CertInfo certInfo =
-                    reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+                        reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
                 if (certInfo != null) {
-                  String subject = "";
-                  subject = (String) certInfo.get(X509CertInfo.SUBJECT).toString();
-                  xmlObj.addItemToContainer(subnode, "SubjectDN", subject);
+                    String subject = "";
+                    subject = (String) certInfo.get(X509CertInfo.SUBJECT).toString();
+                    xmlObj.addItemToContainer(subnode, "SubjectDN", subject);
                 } else {
-                  CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request");
+                    CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request");
                 }
                 Enumeration<String> outputIds = profile.getProfileOutputIds();
                 if (outputIds != null) {
@@ -1501,23 +1493,23 @@ public class ProfileSubmitServlet extends ProfileServlet {
                                 try {
                                     String outputValue = profileOutput.getValue(outputName, locale, reqs[i]);
                                     if (outputName.equals("b64_cert")) {
-                                      String ss = Cert.normalizeCertStrAndReq(outputValue);
-                                      outputValue = Cert.stripBrackets(ss);
-                                      byte[] bcode = CMS.AtoB(outputValue);
-                                      X509CertImpl impl = new X509CertImpl(bcode);
-                                      xmlObj.addItemToContainer(subnode,
-                                        "serialno", impl.getSerialNumber().toString(16));
-                                      xmlObj.addItemToContainer(subnode, "b64", outputValue);
+                                        String ss = Cert.normalizeCertStrAndReq(outputValue);
+                                        outputValue = Cert.stripBrackets(ss);
+                                        byte[] bcode = CMS.AtoB(outputValue);
+                                        X509CertImpl impl = new X509CertImpl(bcode);
+                                        xmlObj.addItemToContainer(subnode,
+                                                "serialno", impl.getSerialNumber().toString(16));
+                                        xmlObj.addItemToContainer(subnode, "b64", outputValue);
                                     }// if b64_cert
                                     else if (outputName.equals("pkcs7")) {
-                                      String ss = Cert.normalizeCertStrAndReq(outputValue);
-                                      xmlObj.addItemToContainer(subnode, "pkcs7", ss);
+                                        String ss = Cert.normalizeCertStrAndReq(outputValue);
+                                        xmlObj.addItemToContainer(subnode, "pkcs7", ss);
                                     }
- 
+
                                 } catch (EProfileException e) {
-                                    CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString());
+                                    CMS.debug("ProfileSubmitServlet xmlOutput: " + e.toString());
                                 } catch (Exception e) {
-                                    CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString());
+                                    CMS.debug("ProfileSubmitServlet xmlOutput: " + e.toString());
                                 }
                             }
                         }
@@ -1534,11 +1526,11 @@ public class ProfileSubmitServlet extends ProfileServlet {
 
     /**
      * Signed Audit Log Requester ID
-     *
+     * 
      * This method is called to obtain the "RequesterID" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @param request the actual request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -1564,11 +1556,11 @@ public class ProfileSubmitServlet extends ProfileServlet {
 
     /**
      * Signed Audit Log Info Certificate Value
-     *
+     * 
      * This method is called to obtain the certificate from the passed in
      * "X509CertImpl" for a signed audit log message.
      * <P>
-     *
+     * 
      * @param request request containing an X509CertImpl
      * @return cert string containing the certificate
      */
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java
index 989710e3..0114f632 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java
@@ -32,9 +32,8 @@ public class SSLClientCertProvider implements ISSLClientCertProvider {
 
     public X509Certificate[] getClientCertificateChain() {
         X509Certificate[] allCerts = (X509Certificate[])
-            mRequest.getAttribute("javax.servlet.request.X509Certificate");
+                mRequest.getAttribute("javax.servlet.request.X509Certificate");
 
         return allCerts;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java
index 6a9ccac5..32ebd602 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.lang.reflect.Array;
@@ -61,18 +60,15 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.RawJS;
 
-
 /**
  * Output a 'pretty print' of a certificate request
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CertReqParser extends ReqParser {
-	
-    public static final CertReqParser 
-        DETAIL_PARSER = new CertReqParser(true);
-    public static final CertReqParser 
-        NODETAIL_PARSER = new CertReqParser(false);
+
+    public static final CertReqParser DETAIL_PARSER = new CertReqParser(true);
+    public static final CertReqParser NODETAIL_PARSER = new CertReqParser(false);
 
     private boolean mDetails = true;
     private IPrettyPrintFormat pp = null;
@@ -86,7 +82,7 @@ public class CertReqParser extends ReqParser {
 
     /**
      * Constructs a certificate request parser.
-     *
+     * 
      * @param details return detailed information (this can be time consuming)
      */
     public CertReqParser(boolean details) {
@@ -101,34 +97,30 @@ public class CertReqParser extends ReqParser {
     private static final String RB = "]";
     private static final String EQ = " = ";
 
-    private static final String 
-        HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + "httpParamsCount++" + RB;
-    private static final String 
-        HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + LB + "httpHeadersCount++" + RB;
-    private static final String 
-        AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + "authTokenCount++" + RB;
-    private static final String 
-        SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + LB + "serverAttrsCount++" + RB;
+    private static final String HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + "httpParamsCount++" + RB;
+    private static final String HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + LB + "httpHeadersCount++" + RB;
+    private static final String AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + "authTokenCount++" + RB;
+    private static final String SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + LB + "serverAttrsCount++" + RB;
 
     /**
      * Fills in certificate specific request attributes.
      */
     public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-        throws EBaseException {
+            throws EBaseException {
         if (req.getExtDataInCertInfoArray(IRequest.CERT_INFO) != null) {
-            fillX509RequestIntoArg(l, req, argSet, arg);	
+            fillX509RequestIntoArg(l, req, argSet, arg);
         } else if (req.getExtDataInRevokedCertArray(IRequest.CERT_INFO) != null) {
-            fillRevokeRequestIntoArg(l, req, argSet, arg);	
+            fillRevokeRequestIntoArg(l, req, argSet, arg);
         } else {
             //o = req.get(IRequest.OLD_CERTS);
             //if (o != null)
-            fillRevokeRequestIntoArg(l, req, argSet, arg);	
+            fillRevokeRequestIntoArg(l, req, argSet, arg);
         }
     }
-	
+
     private void fillX509RequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-        throws EBaseException {
-	
+            throws EBaseException {
+
         // fill in the standard attributes
         super.fillRequestIntoArg(l, req, argSet, arg);
 
@@ -138,13 +130,13 @@ public class CertReqParser extends ReqParser {
         Enumeration<String> enum1 = req.getExtDataKeys();
 
         // gross hack
-        String prefix = "record."; 
+        String prefix = "record.";
 
         if (argSet.getHeader() == arg)
             prefix = "header.";
 
         while (enum1.hasMoreElements()) {
-            String name =  enum1.nextElement();
+            String name = enum1.nextElement();
 
             if (mDetails) {
                 // show all http parameters stored in request.
@@ -166,16 +158,16 @@ public class CertReqParser extends ReqParser {
                     Enumeration<String> elms = http_params.keys();
 
                     while (elms.hasMoreElements()) {
-                        String parami = 
-                            IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB;
+                        String parami =
+                                IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB;
                         // hack
-                        String n =  elms.nextElement();
+                        String n = elms.nextElement();
                         String rawJS = "new Object;\n\r" +
-                            prefix + parami + ".name=\"" +
-                            CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
-                            prefix + parami + ".value=\"" +
-                            CMSTemplate.escapeJavaScriptStringHTML(
-                                http_params.get(n).toString()) + "\"";
+                                prefix + parami + ".name=\"" +
+                                CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
+                                prefix + parami + ".value=\"" +
+                                CMSTemplate.escapeJavaScriptStringHTML(
+                                        http_params.get(n).toString()) + "\"";
 
                         arg.set(parami, new RawJS(rawJS));
                     }
@@ -186,16 +178,16 @@ public class CertReqParser extends ReqParser {
                     int counter = 0;
 
                     while (elms.hasMoreElements()) {
-                        String parami = 
-                            IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB;
+                        String parami =
+                                IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB;
                         // hack
-                        String n =  elms.nextElement();
+                        String n = elms.nextElement();
                         String rawJS = "new Object;\n\r" +
-                            prefix + parami + ".name=\"" +
-                            CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
-                            prefix + parami + ".value=\"" +
-                            CMSTemplate.escapeJavaScriptStringHTML(
-                                http_hdrs.get(n).toString()) + "\"";
+                                prefix + parami + ".name=\"" +
+                                CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
+                                prefix + parami + ".value=\"" +
+                                CMSTemplate.escapeJavaScriptStringHTML(
+                                        http_hdrs.get(n).toString()) + "\"";
 
                         arg.set(parami, new RawJS(rawJS));
                     }
@@ -206,19 +198,19 @@ public class CertReqParser extends ReqParser {
                     int counter = 0;
 
                     while (elms.hasMoreElements()) {
-                        String parami = 
-                            IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB;
+                        String parami =
+                                IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB;
                         // hack
-                        String n =  elms.nextElement();
+                        String n = elms.nextElement();
                         Object authTokenValue = auth_token.getInStringArray(n);
                         if (authTokenValue == null) {
                             authTokenValue = auth_token.getInString(n);
                         }
                         String v = expandValue(prefix + parami + ".value",
-                            authTokenValue);
+                                authTokenValue);
                         String rawJS = "new Object;\n\r" +
-                            prefix + parami + ".name=\"" +
-                            CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v;
+                                prefix + parami + ".name=\"" +
+                                CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v;
 
                         arg.set(parami, new RawJS(rawJS));
                     }
@@ -235,41 +227,40 @@ public class CertReqParser extends ReqParser {
                     }
                     String valstr = "";
                     // hack
-                    String parami = 
-                        IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB;
+                    String parami =
+                            IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB;
 
                     if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails &&
-                        (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) ||
+                            (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) ||
                             req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) {
                         X509CertImpl issuedCert[] =
-                            req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+                                req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
                         if (issuedCert != null && issuedCert[0] != null) {
-                            val = "<pre>"+CMS.getCertPrettyPrint(issuedCert[0]).toString(l)+"</pre>";
+                            val = "<pre>" + CMS.getCertPrettyPrint(issuedCert[0]).toString(l) + "</pre>";
                         }
                     } else if (name.equalsIgnoreCase(IRequest.CERT_INFO) && mDetails) {
                         X509CertInfo[] certInfo =
-                            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
                         if (certInfo != null && certInfo[0] != null) {
-                            val = "<pre>"+certInfo[0].toString()+"</pre>";
+                            val = "<pre>" + certInfo[0].toString() + "</pre>";
                         }
                     }
 
                     valstr = expandValue(prefix + parami + ".value", val);
                     String rawJS = "new Object;\n\r" +
-                        prefix + parami + ".name=\"" +
-                        CMSTemplate.escapeJavaScriptString(name) + "\";\n" +
-                        valstr;  // java string already escaped in expandValue.
+                            prefix + parami + ".name=\"" +
+                            CMSTemplate.escapeJavaScriptString(name) + "\";\n" +
+                            valstr; // java string already escaped in expandValue.
 
                     arg.set(parami, new RawJS(rawJS));
                 }
             }
 
             if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE)
-                || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
-                || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
-                || name.equalsIgnoreCase(IRequest.RESULT)
-                || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)
-            ) {
+                    || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
+                    || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
+                    || name.equalsIgnoreCase(IRequest.RESULT)
+                    || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) {
                 arg.addStringValue(name, req.getExtDataInString(name));
             }
 
@@ -301,7 +292,7 @@ public class CertReqParser extends ReqParser {
             if (name.equalsIgnoreCase(IRequest.CERT_INFO)) {
                 // Get the certificate info from the request 
                 X509CertInfo[] certInfo =
-                    req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                        req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
                 if (certInfo != null && certInfo[0] != null) {
                     // Get the subject name if any set. 
@@ -332,9 +323,9 @@ public class CertReqParser extends ReqParser {
                     if (mDetails) {
                         try {
                             CertificateAlgorithmId certAlgId = (CertificateAlgorithmId)
-                                certInfo[0].get(X509CertInfo.ALGORITHM_ID);
+                                    certInfo[0].get(X509CertInfo.ALGORITHM_ID);
                             AlgorithmId algId = (AlgorithmId)
-                                certAlgId.get(CertificateAlgorithmId.ALGORITHM);
+                                    certAlgId.get(CertificateAlgorithmId.ALGORITHM);
 
                             signatureAlgorithm = (algId.getOID()).toString();
                             signatureAlgorithmName = algId.getName();
@@ -362,36 +353,36 @@ public class CertReqParser extends ReqParser {
 
                                 // only know about ns cert type
                                 if (ext instanceof NSCertTypeExtension) {
-                                    NSCertTypeExtension nsExtensions = 
-                                        (NSCertTypeExtension) ext;
+                                    NSCertTypeExtension nsExtensions =
+                                            (NSCertTypeExtension) ext;
 
                                     try {
                                         arg.addStringValue("ext_" + NSCertTypeExtension.SSL_SERVER,
-                                            nsExtensions.get(NSCertTypeExtension.SSL_SERVER).toString());
+                                                nsExtensions.get(NSCertTypeExtension.SSL_SERVER).toString());
 
                                         arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CLIENT,
-                                            nsExtensions.get(NSCertTypeExtension.SSL_CLIENT).toString());
+                                                nsExtensions.get(NSCertTypeExtension.SSL_CLIENT).toString());
 
                                         arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL,
-                                            nsExtensions.get(NSCertTypeExtension.EMAIL).toString());
+                                                nsExtensions.get(NSCertTypeExtension.EMAIL).toString());
 
                                         arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING,
-                                            nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING).toString());
+                                                nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING).toString());
 
                                         arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CA,
-                                            nsExtensions.get(NSCertTypeExtension.SSL_CA).toString());
+                                                nsExtensions.get(NSCertTypeExtension.SSL_CA).toString());
 
                                         arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL_CA,
-                                            nsExtensions.get(NSCertTypeExtension.EMAIL_CA).toString());
+                                                nsExtensions.get(NSCertTypeExtension.EMAIL_CA).toString());
 
                                         arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING_CA,
-                                            nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING_CA).toString());
+                                                nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING_CA).toString());
 
                                     } catch (Exception e) {
                                     }
                                 } else if (ext instanceof BasicConstraintsExtension) {
-                                    BasicConstraintsExtension bcExt = 
-                                        (BasicConstraintsExtension) ext;
+                                    BasicConstraintsExtension bcExt =
+                                            (BasicConstraintsExtension) ext;
                                     Integer pathLength = null;
                                     Boolean isCA = null;
 
@@ -410,8 +401,8 @@ public class CertReqParser extends ReqParser {
                                         IArgBlock rr = CMS.createArgBlock();
 
                                         rr.addStringValue(
-                                            EXT_PRETTYPRINT,
-                                            CMS.getExtPrettyPrint(ext, 0).toString());
+                                                EXT_PRETTYPRINT,
+                                                CMS.getExtPrettyPrint(ext, 0).toString());
                                         argSet.addRepeatRecord(rr);
                                     }
                                 }
@@ -440,9 +431,9 @@ public class CertReqParser extends ReqParser {
 
                         if (key != null) {
                             arg.addStringValue("subjectPublicKeyInfo",
-                                key.getAlgorithm() + " - " + key.getAlgorithmId().getOID().toString());
+                                    key.getAlgorithm() + " - " + key.getAlgorithmId().getOID().toString());
                             arg.addStringValue("subjectPublicKey",
-                                pp.toHexString(key.getKey(), 0, 16));
+                                    pp.toHexString(key.getKey(), 0, 16));
                         }
 
                         // Get the validity period 
@@ -450,7 +441,7 @@ public class CertReqParser extends ReqParser {
 
                         try {
                             validity =
-                                    (CertificateValidity) 
+                                    (CertificateValidity)
                                     certInfo[0].get(X509CertInfo.VALIDITY);
                             if (validity != null) {
                                 long validityLength = (((Date) validity.get(CertificateValidity.NOT_AFTER)).getTime() - ((Date) validity.get(CertificateValidity.NOT_BEFORE)).getTime()) / 1000;
@@ -475,7 +466,7 @@ public class CertReqParser extends ReqParser {
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addBigIntegerValue("serialNumber",
-                                oldSerialNo[i], 16);
+                                    oldSerialNo[i], 16);
                             argSet.addRepeatRecord(rarg);
                         }
                     }
@@ -483,10 +474,10 @@ public class CertReqParser extends ReqParser {
             }
 
             if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails &&
-                (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) ||
+                    (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) ||
                     req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) {
                 X509CertImpl issuedCert[] =
-                    req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+                        req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
                 arg.addBigIntegerValue("serialNumber", issuedCert[0].getSerialNumber(), 16);
                 // Set Serial No for 2nd certificate
@@ -495,7 +486,7 @@ public class CertReqParser extends ReqParser {
             }
             if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) {
                 X509CertImpl oldCert[] =
-                    req.getExtDataInCertArray(IRequest.OLD_CERTS);
+                        req.getExtDataInCertArray(IRequest.OLD_CERTS);
 
                 if (oldCert != null && oldCert.length > 0) {
                     arg.addBigIntegerValue("serialNumber", oldCert[0].getSerialNumber(), 16);
@@ -505,7 +496,7 @@ public class CertReqParser extends ReqParser {
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addBigIntegerValue("serialNumber",
-                                oldCert[i].getSerialNumber(), 16);
+                                    oldCert[i].getSerialNumber(), 16);
                             argSet.addRepeatRecord(rarg);
                         }
                     }
@@ -526,7 +517,7 @@ public class CertReqParser extends ReqParser {
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addBigIntegerValue("serialNumber",
-                                cert[i].getSerialNumber(), 16);
+                                    cert[i].getSerialNumber(), 16);
                             argSet.addRepeatRecord(rarg);
                         }
                     } catch (IOException e) {
@@ -535,16 +526,16 @@ public class CertReqParser extends ReqParser {
                 }
             }
             if (name.equalsIgnoreCase(IRequest.FINGERPRINTS) && mDetails) {
-                Hashtable<String, Object> fingerprints =  
-                    req.getExtDataInHashtable(IRequest.FINGERPRINTS);
+                Hashtable<String, Object> fingerprints =
+                        req.getExtDataInHashtable(IRequest.FINGERPRINTS);
 
                 if (fingerprints != null) {
                     String namesAndHashes = null;
                     Enumeration<String> enumFingerprints = fingerprints.keys();
 
-                    while (enumFingerprints.hasMoreElements()) { 
+                    while (enumFingerprints.hasMoreElements()) {
                         String hashname = enumFingerprints.nextElement();
-                        String hashvalue =  (String) fingerprints.get(hashname);
+                        String hashvalue = (String) fingerprints.get(hashname);
                         byte[] fingerprint = CMS.AtoB(hashvalue);
                         String ppFingerprint = pp.toHexString(fingerprint, 0);
 
@@ -578,7 +569,7 @@ public class CertReqParser extends ReqParser {
 
                 StringBuffer sb = new StringBuffer();
                 for (@SuppressWarnings("unchecked")
-				Enumeration<String> n = ((Vector<String>)v).elements(); n.hasMoreElements(); j++) {
+                Enumeration<String> n = ((Vector<String>) v).elements(); n.hasMoreElements(); j++) {
                     sb.append(";\n");
                     sb.append(valuename);
                     sb.append(LB);
@@ -588,8 +579,8 @@ public class CertReqParser extends ReqParser {
                     sb.append("\"");
                     sb.append(
                             CMSTemplate.escapeJavaScriptStringHTML(
-                                n.nextElement().toString())); 
-                    sb.append( "\";\n");
+                                    n.nextElement().toString()));
+                    sb.append("\";\n");
                 }
                 sb.append("\n");
                 valstr = sb.toString();
@@ -599,7 +590,7 @@ public class CertReqParser extends ReqParser {
             // if an array.
             int len = -1;
 
-            try { 
+            try {
                 len = Array.getLength(v);
             } catch (IllegalArgumentException e) {
             }
@@ -611,7 +602,7 @@ public class CertReqParser extends ReqParser {
                     if (Array.get(v, i) != null)
                         valstr += ";\n" + valuename + LB + i + RB + EQ + "\"" +
                                 CMSTemplate.escapeJavaScriptStringHTML(
-                                    Array.get(v, i).toString()) + "\";\n";
+                                        Array.get(v, i).toString()) + "\";\n";
                 }
                 return valstr;
             }
@@ -620,16 +611,16 @@ public class CertReqParser extends ReqParser {
 
         // if string or unrecognized type, just call its toString method.
         return valuename + "=\"" +
-            CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\"";
+                CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\"";
     }
 
     public String getRequestorDN(IRequest request) {
         try {
             X509CertInfo info = (X509CertInfo)
-                request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+                    request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
             // retrieve the subject name
             CertificateSubjectName sn = (CertificateSubjectName)
-                info.get(X509CertInfo.SUBJECT);
+                    info.get(X509CertInfo.SUBJECT);
 
             return sn.toString();
         } catch (Exception e) {
@@ -644,15 +635,15 @@ public class CertReqParser extends ReqParser {
 
             String cid = request.getExtDataInString(IRequest.NETKEY_ATTR_CUID);
             if (cid == null) {
-                 cid = "";
+                cid = "";
             }
             String uid = request.getExtDataInString(IRequest.NETKEY_ATTR_USERID);
             if (uid == null) {
-                 uid = "";
+                uid = "";
             }
-            kid = cid+":"+uid;
+            kid = cid + ":" + uid;
             if (kid.equals(":")) {
-              kid = "";
+                kid = "";
             }
 
             return kid;
@@ -663,7 +654,7 @@ public class CertReqParser extends ReqParser {
     }
 
     private void fillRevokeRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-        throws EBaseException {
+            throws EBaseException {
         // fill in the standard attributes
         super.fillRequestIntoArg(l, req, argSet, arg);
 
@@ -691,7 +682,7 @@ public class CertReqParser extends ReqParser {
         Enumeration<String> enum1 = req.getExtDataKeys();
 
         // gross hack
-        String prefix = "record."; 
+        String prefix = "record.";
 
         if (argSet.getHeader() == arg)
             prefix = "header.";
@@ -714,16 +705,16 @@ public class CertReqParser extends ReqParser {
                     Enumeration<String> elms = http_params.keys();
 
                     while (elms.hasMoreElements()) {
-                        String parami = 
-                            IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB;
+                        String parami =
+                                IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB;
                         // hack
                         String n = (String) elms.nextElement();
                         String rawJS = "new Object;\n\r" +
-                            prefix + parami + ".name=\"" +
-                            CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
-                            prefix + parami + ".value=\"" +
-                            CMSTemplate.escapeJavaScriptStringHTML(
-                                http_params.get(n).toString()) + "\"";
+                                prefix + parami + ".name=\"" +
+                                CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
+                                prefix + parami + ".value=\"" +
+                                CMSTemplate.escapeJavaScriptStringHTML(
+                                        http_params.get(n).toString()) + "\"";
 
                         arg.set(parami, new RawJS(rawJS));
                     }
@@ -734,16 +725,16 @@ public class CertReqParser extends ReqParser {
                     int counter = 0;
 
                     while (elms.hasMoreElements()) {
-                        String parami = 
-                            IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB;
+                        String parami =
+                                IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB;
                         // hack
                         String n = (String) elms.nextElement();
                         String rawJS = "new Object;\n\r" +
-                            prefix + parami + ".name=\"" +
-                            CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
-                            prefix + parami + ".value=\"" +
-                            CMSTemplate.escapeJavaScriptStringHTML(
-                                http_hdrs.get(n).toString()) + "\"";
+                                prefix + parami + ".name=\"" +
+                                CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
+                                prefix + parami + ".value=\"" +
+                                CMSTemplate.escapeJavaScriptStringHTML(
+                                        http_hdrs.get(n).toString()) + "\"";
 
                         arg.set(parami, new RawJS(rawJS));
                     }
@@ -754,16 +745,16 @@ public class CertReqParser extends ReqParser {
                     int counter = 0;
 
                     while (elms.hasMoreElements()) {
-                        String parami = 
-                            IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB;
+                        String parami =
+                                IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB;
                         // hack
                         String n = (String) elms.nextElement();
-                        String v = 
-                            expandValue(prefix + parami + ".value", 
-                                auth_token.getInString(n));
+                        String v =
+                                expandValue(prefix + parami + ".value",
+                                        auth_token.getInString(n));
                         String rawJS = "new Object;\n\r" +
-                            prefix + parami + ".name=\"" +
-                            CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v;
+                                prefix + parami + ".name=\"" +
+                                CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v;
 
                         arg.set(parami, new RawJS(rawJS));
                     }
@@ -780,25 +771,24 @@ public class CertReqParser extends ReqParser {
                     }
                     String valstr = "";
                     // hack
-                    String parami = 
-                        IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB;
+                    String parami =
+                            IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB;
 
                     valstr = expandValue(prefix + parami + ".value", val);
                     String rawJS = "new Object;\n\r" +
-                        prefix + parami + ".name=\"" +
-                        CMSTemplate.escapeJavaScriptString(name) + "\";\n" +
-                        valstr;  // java string already escaped in expandValue.
+                            prefix + parami + ".name=\"" +
+                            CMSTemplate.escapeJavaScriptString(name) + "\";\n" +
+                            valstr; // java string already escaped in expandValue.
 
                     arg.set(parami, new RawJS(rawJS));
                 }
             }
 
             if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE)
-                || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
-                || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
-                || name.equalsIgnoreCase(IRequest.RESULT)
-                || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)
-            ) {
+                    || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
+                    || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
+                    || name.equalsIgnoreCase(IRequest.RESULT)
+                    || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) {
                 arg.addStringValue(name, req.getExtDataInString(name));
             }
 
@@ -837,7 +827,7 @@ public class CertReqParser extends ReqParser {
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addBigIntegerValue("serialNumber",
-                                revokedCert[i].getSerialNumber(), 16);
+                                    revokedCert[i].getSerialNumber(), 16);
 
                             CRLExtensions crlExtensions = revokedCert[i].getExtensions();
 
@@ -847,19 +837,19 @@ public class CertReqParser extends ReqParser {
 
                                     if (ext instanceof CRLReasonExtension) {
                                         rarg.addStringValue("reason",
-                                            ((CRLReasonExtension) ext).getReason().toString());
+                                                ((CRLReasonExtension) ext).getReason().toString());
                                     }
                                 }
                             } else {
                                 rarg.addStringValue("reason",
-                                    RevocationReason.UNSPECIFIED.toString());
+                                        RevocationReason.UNSPECIFIED.toString());
                             }
 
                             argSet.addRepeatRecord(rarg);
                         }
                     } else {
                         arg.addBigIntegerValue("serialNumber",
-                            revokedCert[0].getSerialNumber(), 16);
+                                revokedCert[0].getSerialNumber(), 16);
                     }
                 }
             }
@@ -873,7 +863,7 @@ public class CertReqParser extends ReqParser {
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addBigIntegerValue("serialNumber",
-                                oldSerialNo[i], 16);
+                                    oldSerialNo[i], 16);
                             argSet.addRepeatRecord(rarg);
                         }
                     }
@@ -884,8 +874,8 @@ public class CertReqParser extends ReqParser {
                 //X509CertImpl oldCert[] =
                 //	(X509CertImpl[])req.get(IRequest.OLD_CERTS);
                 Certificate oldCert[] =
-                    (Certificate[]) req.getExtDataInCertArray(IRequest.OLD_CERTS);
-				
+                        (Certificate[]) req.getExtDataInCertArray(IRequest.OLD_CERTS);
+
                 if (oldCert != null && oldCert.length > 0) {
                     if (oldCert[0] instanceof X509CertImpl) {
                         X509CertImpl xcert = (X509CertImpl) oldCert[0];
@@ -898,7 +888,7 @@ public class CertReqParser extends ReqParser {
 
                                 xcert = (X509CertImpl) oldCert[i];
                                 rarg.addBigIntegerValue("serialNumber",
-                                    xcert.getSerialNumber(), 16);
+                                        xcert.getSerialNumber(), 16);
                                 argSet.addRepeatRecord(rarg);
                             }
                         }
@@ -907,9 +897,9 @@ public class CertReqParser extends ReqParser {
             }
 
             if (name.equalsIgnoreCase(IRequest.REVOKED_CERTS) && mDetails &&
-                req.getRequestType().equals("getRevocationInfo")) {
-                RevokedCertImpl revokedCert[] = 
-                    req.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
+                    req.getRequestType().equals("getRevocationInfo")) {
+                RevokedCertImpl revokedCert[] =
+                        req.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
 
                 if (revokedCert != null && revokedCert[0] != null) {
                     boolean reasonFound = false;
@@ -920,7 +910,7 @@ public class CertReqParser extends ReqParser {
 
                         if (ext instanceof CRLReasonExtension) {
                             arg.addStringValue("reason",
-                                ((CRLReasonExtension) ext).getReason().toString());
+                                    ((CRLReasonExtension) ext).getReason().toString());
                             reasonFound = true;
                         }
                     }
@@ -931,5 +921,5 @@ public class CertReqParser extends ReqParser {
             }
         }
     }
-		
+
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
index 127f2ce8..001fab7f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
@@ -81,10 +80,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Check the status of a certificate request
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CheckRequest extends CMSServlet {
@@ -116,15 +114,15 @@ public class CheckRequest extends CMSServlet {
     /**
      * Constructs request query servlet.
      */
-    public CheckRequest() 
-        throws EBaseException {
+    public CheckRequest()
+            throws EBaseException {
         super();
     }
 
     /**
      * initialize the servlet. This servlet uses the template file
      * "requestStatus.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -140,12 +138,10 @@ public class CheckRequest extends CMSServlet {
      * Process the HTTP request.
      * <ul>
      * <li>http.param requestId ID of the request to check
-     * <li>http.param format if 'id', then check the request based on
-     *      the request ID parameter. If set to CMC, then use the
-     *      'queryPending' parameter.
+     * <li>http.param format if 'id', then check the request based on the request ID parameter. If set to CMC, then use the 'queryPending' parameter.
      * <li>http.param queryPending query formatted as a CMC request
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -166,10 +162,10 @@ public class CheckRequest extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -187,9 +183,9 @@ public class CheckRequest extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -212,13 +208,13 @@ public class CheckRequest extends CMSServlet {
                 isCMCReq = true;
                 byte[] cmcBlob = CMS.AtoB(queryPending);
                 ByteArrayInputStream cmcBlobIn =
-                    new ByteArrayInputStream(cmcBlob);
+                        new ByteArrayInputStream(cmcBlob);
 
                 org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo)
-                    org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
+                        org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
                 SignedData cmcFullReq = (SignedData)
-                    cii.getInterpretedContent();
-			
+                        cii.getInterpretedContent();
+
                 EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
 
                 OBJECT_IDENTIFIER id = ci.getContentType();
@@ -235,7 +231,7 @@ public class CheckRequest extends CMSServlet {
 
                 for (int i = 0; i < numControls; i++) {
                     // decode message.
-                    TaggedAttribute  taggedAttr = (TaggedAttribute) controlSequence.elementAt(i);
+                    TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence.elementAt(i);
                     OBJECT_IDENTIFIER type = taggedAttr.getType();
 
                     if (type.equals(OBJECT_IDENTIFIER.id_cmc_QueryPending)) {
@@ -246,18 +242,16 @@ public class CheckRequest extends CMSServlet {
                         // We only process one for now.
                         if (numReq > 0) {
                             OCTET_STRING reqId = (OCTET_STRING)
-                                ASN1Util.decode(OCTET_STRING.getTemplate(),
-                                    ASN1Util.encode(requestIds.elementAt(0)));
+                                    ASN1Util.decode(OCTET_STRING.getTemplate(),
+                                            ASN1Util.encode(requestIds.elementAt(0)));
 
                             requestId = new String(reqId.toByteArray());
                         }
                     } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) {
                         transIds = taggedAttr.getValues();
-                    }else if
-                    (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) {
+                    } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) {
                         rNonces = taggedAttr.getValues();
-                    } else if
-                    (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
+                    } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
                         sNonces = taggedAttr.getValues();
                     }
                 }
@@ -276,7 +270,7 @@ public class CheckRequest extends CMSServlet {
             mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain();
         } catch (Exception e) {
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
+                    CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
         }
 
         if (requestId == null || requestId.trim().equals("")) {
@@ -289,34 +283,34 @@ public class CheckRequest extends CMSServlet {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId));
             throw new EBaseException(
                     CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
-        } 
+        }
 
         IRequest r = mQueue.findRequest(new RequestId(requestId));
 
         if (r == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND_1", requestId));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+                    CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
         }
 
         if (authToken != null) {
-          // if RA, requestOwner must match the group
-          String group = authToken.getInString("group");
-          if ((group != null) && (group != "")) {
-            if (group.equals("Registration Manager Agents")) {
-              boolean groupMatched = false;
-              String requestOwner = r.getExtDataInString("requestOwner");
-              if (requestOwner != null) {
-                  if (requestOwner.equals(group))
-                    groupMatched = true;
-              }
-              if (groupMatched == false) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString()));
-                throw new EBaseException(
-                    CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
-              }
+            // if RA, requestOwner must match the group
+            String group = authToken.getInString("group");
+            if ((group != null) && (group != "")) {
+                if (group.equals("Registration Manager Agents")) {
+                    boolean groupMatched = false;
+                    String requestOwner = r.getExtDataInString("requestOwner");
+                    if (requestOwner != null) {
+                        if (requestOwner.equals(group))
+                            groupMatched = true;
+                    }
+                    if (groupMatched == false) {
+                        log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString()));
+                        throw new EBaseException(
+                                CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
+                    }
+                }
             }
-          }
         }
 
         RequestStatus status = r.getRequestStatus();
@@ -327,35 +321,35 @@ public class CheckRequest extends CMSServlet {
         header.addStringValue(STATUS, status.toString());
         header.addLongValue(CREATE_ON, r.getCreationTime().getTime() / 1000);
         header.addLongValue(UPDATE_ON, r.getModificationTime().getTime() / 1000);
-        if (note != null && note.length() > 0) 
+        if (note != null && note.length() > 0)
             header.addStringValue("requestNotes", note);
 
         String type = r.getRequestType();
         Integer result = r.getExtDataInInteger(IRequest.RESULT);
 
-/*        if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != null) && status.equals(RequestStatus.COMPLETE)) { 
-            X509CertImpl cert = (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT);
-            IArgBlock rarg = CMS.createArgBlock();
+        /*        if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != null) && status.equals(RequestStatus.COMPLETE)) { 
+                    X509CertImpl cert = (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT);
+                    IArgBlock rarg = CMS.createArgBlock();
 
-            rarg.addBigIntegerValue("serialNumber",
-                cert.getSerialNumber(), 16);
-            argSet.addRepeatRecord(rarg);
-        }
-*/
+                    rarg.addBigIntegerValue("serialNumber",
+                        cert.getSerialNumber(), 16);
+                    argSet.addRepeatRecord(rarg);
+                }
+        */
         String profileId = r.getExtDataInString("profileId");
         if (profileId != null) {
-           result = IRequest.RES_SUCCESS;
+            result = IRequest.RES_SUCCESS;
         }
         if ((type != null) && (type.equals(IRequest.ENROLLMENT_REQUEST) ||
-                type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) && 
-            status.equals(RequestStatus.COMPLETE) && (result != null) && 
-            result.equals(IRequest.RES_SUCCESS)) {
+                type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) &&
+                status.equals(RequestStatus.COMPLETE) && (result != null) &&
+                result.equals(IRequest.RES_SUCCESS)) {
             Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
             if (profileId != null) {
-               X509CertImpl impl[] = new X509CertImpl[1];
-               impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
-               o = impl;
+                X509CertImpl impl[] = new X509CertImpl[1];
+                impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
+                o = impl;
             }
             if (o != null && (o instanceof X509CertImpl[])) {
                 X509CertImpl[] certs = (X509CertImpl[]) o;
@@ -366,11 +360,12 @@ public class CheckRequest extends CMSServlet {
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addBigIntegerValue("serialNumber",
-                                certs[i].getSerialNumber(), 16);
+                                    certs[i].getSerialNumber(), 16);
                             // add pkcs7 cert for importing
                             if (importCert || isCMCReq) {
                                 //byte[] ba = certs[i].getEncoded();
-                                X509CertImpl[] certsInChain = new X509CertImpl[1];; 
+                                X509CertImpl[] certsInChain = new X509CertImpl[1];
+                                ;
                                 if (mCACerts != null) {
                                     for (int ii = 0; ii < mCACerts.length; ii++) {
                                         if (certs[i].equals(mCACerts[ii])) {
@@ -381,10 +376,10 @@ public class CheckRequest extends CMSServlet {
                                         certsInChain = new X509CertImpl[mCACerts.length + 1];
                                     }
                                 }
-			
+
                                 // Set the EE cert
                                 certsInChain[0] = certs[i];
-			
+
                                 // Set the Ca certificate chain
                                 if (mCACerts != null) {
                                     for (int ii = 0; ii < mCACerts.length; ii++) {
@@ -396,7 +391,7 @@ public class CheckRequest extends CMSServlet {
                                 String p7Str;
 
                                 try {
-                                    PKCS7 p7 = new PKCS7(new AlgorithmId[0], 
+                                    PKCS7 p7 = new PKCS7(new AlgorithmId[0],
                                             new netscape.security.pkcs.ContentInfo(new byte[0]),
                                             certsInChain,
                                             new netscape.security.pkcs.SignerInfo[0]);
@@ -407,7 +402,7 @@ public class CheckRequest extends CMSServlet {
 
                                     p7Str = CMS.BtoA(p7Bytes);
 
-                                    StringTokenizer tokenizer = null;  
+                                    StringTokenizer tokenizer = null;
 
                                     if (File.separator.equals("\\")) {
                                         char[] nl = new char[2];
@@ -438,14 +433,14 @@ public class CheckRequest extends CMSServlet {
                                         if (bodyPartId != null)
                                             bpids.addElement(bodyPartId);
                                         CMCStatusInfo cmcStatusInfo = new
-                                            CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids);
+                                                CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids);
                                         TaggedAttribute ta = new TaggedAttribute(new
                                                 INTEGER(bpid++),
                                                 OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
                                                 cmcStatusInfo);
 
                                         controlSeq.addElement(ta);
-                
+
                                         // copy transactionID, senderNonce,
                                         // create recipientNonce
                                         if (transIds != null) {
@@ -455,7 +450,7 @@ public class CheckRequest extends CMSServlet {
                                                         transIds);
                                             controlSeq.addElement(ta);
                                         }
-                					
+
                                         if (sNonces != null) {
                                             ta = new TaggedAttribute(new
                                                         INTEGER(bpid++),
@@ -463,7 +458,7 @@ public class CheckRequest extends CMSServlet {
                                                         sNonces);
                                             controlSeq.addElement(ta);
                                         }
-                
+
                                         String salt = CMSServlet.generateSalt();
                                         byte[] dig;
 
@@ -475,41 +470,40 @@ public class CheckRequest extends CMSServlet {
                                             dig = salt.getBytes();
                                         }
                                         String b64E = CMS.BtoA(dig);
-                                        String[] newNonce = {b64E};
+                                        String[] newNonce = { b64E };
 
                                         ta = new TaggedAttribute(new
                                                     INTEGER(bpid++),
                                                     OBJECT_IDENTIFIER.id_cmc_senderNonce,
                                                     new OCTET_STRING(newNonce[0].getBytes()));
                                         controlSeq.addElement(ta);
-                
+
                                         ResponseBody rb = new ResponseBody(controlSeq, new
                                                 SEQUENCE(), new
                                                 SEQUENCE());
                                         EncapsulatedContentInfo ci = new
-                                            EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse,
-                                                rb);
-                
+                                                EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse,
+                                                        rb);
+
                                         org.mozilla.jss.crypto.X509Certificate x509cert = null;
 
                                         if (mAuthority instanceof ICertificateAuthority) {
                                             x509cert = ((ICertificateAuthority) mAuthority).getCaX509Cert();
-                                        }else if (mAuthority instanceof IRegistrationAuthority) {
+                                        } else if (mAuthority instanceof IRegistrationAuthority) {
                                             x509cert = ((IRegistrationAuthority) mAuthority).getRACert();
                                         }
                                         if (x509cert == null)
-                                            throw new
-                                                ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found.")); 
+                                            throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found."));
 
                                         X509CertImpl cert = new X509CertImpl(x509cert.getEncoded());
                                         ByteArrayInputStream issuer1 = new
-                                            ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded());
+                                                ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded());
                                         Name issuer = (Name) Name.getTemplate().decode(issuer1);
                                         IssuerAndSerialNumber ias = new
-                                            IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString()));
+                                                IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString()));
                                         SignerIdentifier si = new
-                                            SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
-            
+                                                SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
+
                                         // SHA1 is the default digest Alg for now.
                                         DigestAlgorithm digestAlg = null;
                                         SignatureAlgorithm signAlg = null;
@@ -518,7 +512,7 @@ public class CheckRequest extends CMSServlet {
 
                                         if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA))
                                             signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
-                                        else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) 
+                                        else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA))
                                             signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
                                         MessageDigest SHADigest = null;
                                         byte[] digest = null;
@@ -533,44 +527,44 @@ public class CheckRequest extends CMSServlet {
                                         } catch (NoSuchAlgorithmException ex) {
                                             //log("digest fail");
                                         }
-            
+
                                         org.mozilla.jss.pkix.cms.SignerInfo signInfo = new
-                                            org.mozilla.jss.pkix.cms.SignerInfo(si, null, null,
-                                                OBJECT_IDENTIFIER.id_cct_PKIResponse,
-                                                digest, signAlg,
-                                                privKey);
+                                                org.mozilla.jss.pkix.cms.SignerInfo(si, null, null,
+                                                        OBJECT_IDENTIFIER.id_cct_PKIResponse,
+                                                        digest, signAlg,
+                                                        privKey);
                                         SET signInfos = new SET();
 
                                         signInfos.addElement(signInfo);
-            					
+
                                         SET digestAlgs = new SET();
 
                                         if (digestAlg != null) {
                                             AlgorithmIdentifier ai = new
-                                                AlgorithmIdentifier(digestAlg.toOID(),
-                                                    null);
+                                                    AlgorithmIdentifier(digestAlg.toOID(),
+                                                            null);
 
                                             digestAlgs.addElement(ai);
                                         }
-            					
+
                                         SET jsscerts = new SET();
 
                                         for (int j = 0; j < certsInChain.length; j++) {
                                             ByteArrayInputStream is = new
-                                                ByteArrayInputStream(certsInChain[j].getEncoded());
+                                                    ByteArrayInputStream(certsInChain[j].getEncoded());
                                             org.mozilla.jss.pkix.cert.Certificate certJss = (org.mozilla.jss.pkix.cert.Certificate)
-                                                org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is);
+                                                    org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is);
 
                                             jsscerts.addElement(certJss);
                                         }
-            						
+
                                         SignedData fResponse = new
-                                            SignedData(digestAlgs, ci,
-                                                jsscerts, null, signInfos);
+                                                SignedData(digestAlgs, ci,
+                                                        jsscerts, null, signInfos);
                                         org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new
-                                            org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse);
+                                                org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse);
                                         ByteArrayOutputStream ostream = new
-                                            ByteArrayOutputStream();
+                                                ByteArrayOutputStream();
 
                                         fullResponse.encode((OutputStream) ostream);
                                         byte[] fr = ostream.toByteArray();
@@ -579,10 +573,10 @@ public class CheckRequest extends CMSServlet {
                                     }
                                 } catch (Exception e) {
                                     e.printStackTrace();
-                                    log(ILogger.LL_FAILURE, 
-                                        CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); 
+                                    log(ILogger.LL_FAILURE,
+                                            CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString()));
                                     throw new ECMSGWException(
-                                      CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
+                                            CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
                                 }
                             }
                             argSet.addRepeatRecord(rarg);
@@ -598,11 +592,11 @@ public class CheckRequest extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
@@ -610,10 +604,9 @@ public class CheckRequest extends CMSServlet {
             }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java
index 0e3974a1..f90e97b7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.base.EBaseException;
@@ -25,13 +24,12 @@ import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 
-
 /**
  * An interface representing a request parser which
  * converts Java request object into name value
  * pairs and vice versa.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IReqParser {
@@ -40,5 +38,5 @@ public interface IReqParser {
      * Maps request object into argument block.
      */
     public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-        throws EBaseException;
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java
index 459aca63..b7ddc16d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.math.BigInteger;
 import java.util.Locale;
 
@@ -29,10 +28,9 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.key.KeyRecordParser;
 
-
 /**
  * Output a 'pretty print' of a Key Archival request
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class KeyReqParser extends ReqParser {
@@ -50,7 +48,7 @@ public class KeyReqParser extends ReqParser {
      * Fills in certificate specific request attributes.
      */
     public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-        throws EBaseException {
+            throws EBaseException {
         // fill in the standard attributes
         super.fillRequestIntoArg(l, req, argSet, arg);
 
@@ -58,7 +56,7 @@ public class KeyReqParser extends ReqParser {
 
         if (type.equals(IRequest.ENROLLMENT_REQUEST)) {
             BigInteger recSerialNo = req.getExtDataInBigInteger("keyRecord");
-            IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)CMS.getSubsystem("kra");
+            IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra");
             if (kra != null) {
                 KeyRecordParser.fillRecordIntoArg(
                         kra.getKeyRepository().readKeyRecord(recSerialNo),
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java
index d19c7714..8f229a6f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.io.IOException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.Certificate;
@@ -79,12 +78,11 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 
-
 /**
  * Agent operations on Certificate requests. This servlet is used
  * by an Agent to approve, reject, reassign, or change a certificate
  * request.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProcessCertReq extends CMSServlet {
@@ -105,101 +103,92 @@ public class ProcessCertReq extends CMSServlet {
     private boolean mExtraAgentParams = false;
 
     // for RA only since it does not have a database.
-    private final static String 
-        REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template";
-    private final static String 
-        PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate";
-    private final static String 
-        PROP_EXTRA_AGENT_PARAMS = "extraAgentParams";
-    private static ICMSTemplateFiller 
-        REQ_COMPLETED_FILLER = new RAReqCompletedFiller();
+    private final static String REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template";
+    private final static String PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate";
+    private final static String PROP_EXTRA_AGENT_PARAMS = "extraAgentParams";
+    private static ICMSTemplateFiller REQ_COMPLETED_FILLER = new RAReqCompletedFiller();
     private String mReqCompletedTemplate = null;
-    private final static String 
-        CERT_TYPE = "certType";
+    private final static String CERT_TYPE = "certType";
 
     private String auditServiceID = ILogger.UNIDENTIFIED;
     private final static String AGENT_CA_CLONE_ENROLLMENT_SERVLET =
-        "caProcessCertReq";
+            "caProcessCertReq";
     private final static String AGENT_RA_CLONE_ENROLLMENT_SERVLET =
-        "raProcessCertReq";
+            "raProcessCertReq";
     private final static String SIGNED_AUDIT_ACCEPTANCE = "accept";
     private final static String SIGNED_AUDIT_CANCELLATION = "cancel";
     private final static String SIGNED_AUDIT_CLONING = "clone";
     private final static String SIGNED_AUDIT_REJECTION = "reject";
     private final static byte EOL[] = { Character.LINE_SEPARATOR };
-    private final static String[]
-        SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] {
-            
-            /* 0 */ "manual non-profile cert request cancellation:  "
+    private final static String[] SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] {
+
+    /* 0 */"manual non-profile cert request cancellation:  "
             + "request cannot be processed due to an "
             + "authorization failure",
-            
-            /* 1 */ "manual non-profile cert request cancellation:  "
+
+    /* 1 */"manual non-profile cert request cancellation:  "
             + "no reason has been given for cancelling this "
             + "cert request",
-            
-            /* 2 */ "manual non-profile cert request cancellation:  "
+
+    /* 2 */"manual non-profile cert request cancellation:  "
             + "indeterminate reason for inability to process "
             + "cert request due to an EBaseException",
-            
-            /* 3 */ "manual non-profile cert request cancellation:  "
+
+    /* 3 */"manual non-profile cert request cancellation:  "
             + "indeterminate reason for inability to process "
             + "cert request due to an IOException",
-            
-            /* 4 */ "manual non-profile cert request cancellation:  "
+
+    /* 4 */"manual non-profile cert request cancellation:  "
             + "indeterminate reason for inability to process "
             + "cert request due to a CertificateException",
-            
-            /* 5 */ "manual non-profile cert request cancellation:  "
+
+    /* 5 */"manual non-profile cert request cancellation:  "
             + "indeterminate reason for inability to process "
             + "cert request due to a NoSuchAlgorithmException"
         };
-    private final static String[]
-        SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] {
-            
-            /* 0 */ "manual non-profile cert request rejection:  "
+    private final static String[] SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] {
+
+    /* 0 */"manual non-profile cert request rejection:  "
             + "request cannot be processed due to an "
             + "authorization failure",
-            
-            /* 1 */ "manual non-profile cert request rejection:  "
+
+    /* 1 */"manual non-profile cert request rejection:  "
             + "no reason has been given for rejecting this "
             + "cert request",
-            
-            /* 2 */ "manual non-profile cert request rejection:  "
+
+    /* 2 */"manual non-profile cert request rejection:  "
             + "indeterminate reason for inability to process "
             + "cert request due to an EBaseException",
-            
-            /* 3 */ "manual non-profile cert request rejection:  "
+
+    /* 3 */"manual non-profile cert request rejection:  "
             + "indeterminate reason for inability to process "
             + "cert request due to an IOException",
-            
-            /* 4 */ "manual non-profile cert request rejection:  "
+
+    /* 4 */"manual non-profile cert request rejection:  "
             + "indeterminate reason for inability to process "
             + "cert request due to a CertificateException",
-            
-            /* 5 */ "manual non-profile cert request rejection:  "
+
+    /* 5 */"manual non-profile cert request rejection:  "
             + "indeterminate reason for inability to process "
             + "cert request due to a NoSuchAlgorithmException"
         };
-    private final static String
-        LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST =
-        "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+    private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST =
+            "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
+            "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
 
     /**
      * Process request.
      */
     public ProcessCertReq()
-        throws EBaseException {
+            throws EBaseException {
         super();
     }
 
     /**
      * initialize the servlet. This servlet uses the template file
      * "processCertReq.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -212,8 +201,8 @@ public class ProcessCertReq extends CMSServlet {
             if (id != null) {
                 if (!(auditServiceID.equals(
                             AGENT_CA_CLONE_ENROLLMENT_SERVLET))
-                    && !(auditServiceID.equals(
-                            AGENT_RA_CLONE_ENROLLMENT_SERVLET))) {
+                        && !(auditServiceID.equals(
+                                AGENT_RA_CLONE_ENROLLMENT_SERVLET))) {
                     auditServiceID = ILogger.UNIDENTIFIED;
                 } else {
                     auditServiceID = id.trim();
@@ -252,25 +241,19 @@ public class ProcessCertReq extends CMSServlet {
         }
     }
 
-
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param seqNum           request id
-     * <li>http.param notValidBefore   certificate validity
-	 *    - notBefore - in seconds since jan 1, 1970
-     * <li>http.param notValidAfter    certificate validity
-     *    - notAfter - in seconds since jan 1, 1970
-     * <li>http.param subject          certificate subject name
-     * <li>http.param toDo             requested action
-     *    (can be one of: clone, reject, accept, cancel)
+     * <li>http.param seqNum request id
+     * <li>http.param notValidBefore certificate validity - notBefore - in seconds since jan 1, 1970
+     * <li>http.param notValidAfter certificate validity - notAfter - in seconds since jan 1, 1970
+     * <li>http.param subject certificate subject name
+     * <li>http.param toDo requested action (can be one of: clone, reject, accept, cancel)
      * <li>http.param signatureAlgorithm certificate signing algorithm
-     * <li>http.param addExts          base-64, DER encoded Extension or
-     *    SEQUENCE OF Extensions to add to certificate
-     * <li>http.param pathLenConstraint integer path length constraint to
-     *    use in BasicConstraint extension if applicable
+     * <li>http.param addExts base-64, DER encoded Extension or SEQUENCE OF Extensions to add to certificate
+     * <li>http.param pathLenConstraint integer path length constraint to use in BasicConstraint extension if applicable
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -297,15 +280,15 @@ public class ProcessCertReq extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         try {
             if (req.getParameter(SEQNUM) != null) {
                 CMS.debug(
-                    "ProcessCertReq: parameter seqNum " + req.getParameter(SEQNUM));
+                        "ProcessCertReq: parameter seqNum " + req.getParameter(SEQNUM));
                 seqNum = Integer.parseInt(req.getParameter(SEQNUM));
             }
             String notValidBeforeStr = req.getParameter("notValidBefore");
@@ -326,7 +309,6 @@ public class ProcessCertReq extends CMSServlet {
             subject = req.getParameter("subject");
             signatureAlgorithm = req.getParameter("signatureAlgorithm");
 
-
             IRequest r = null;
 
             if (seqNum > -1) {
@@ -334,23 +316,22 @@ public class ProcessCertReq extends CMSServlet {
                             Integer.toString(seqNum)));
             }
 
-            if(seqNum > -1 && r != null)
-            {
+            if (seqNum > -1 && r != null) {
                 processX509(cmsReq, argSet, header, seqNum, req, resp,
-                    toDo, signatureAlgorithm, subject,
-                    notValidBefore, notValidAfter, locale[0], startTime);
+                        toDo, signatureAlgorithm, subject,
+                        notValidBefore, notValidAfter, locale[0], startTime);
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_REQUEST_ID_1", String.valueOf(seqNum)));
                 error = new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", 
-                            String.valueOf(seqNum)));
+                        CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
+                                String.valueOf(seqNum)));
             }
         } catch (EBaseException e) {
             error = e;
         } catch (NumberFormatException e) {
             log(ILogger.LL_FAILURE, "Error " + e);
-            error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
-        } 
+            error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
+        }
 
         try {
             ServletOutputStream out = resp.getOutputStream();
@@ -358,46 +339,43 @@ public class ProcessCertReq extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  String output = form.getOutput(argSet);
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    String output = form.getOutput(argSet);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
-				
+
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         return;
     }
 
     /**
      * Process X509 certificate enrollment request and send request information
-     * to the caller. 
+     * to the caller.
      * <P>
-     *
+     * 
      * (Certificate Request - an "agent" cert request for "cloning")
      * <P>
-     *
-     * (Certificate Request Processed -  either a manual "agent" non-profile
-     *  based cert acceptance, a manual "agent" non-profile based cert
-     *  cancellation, or a manual "agent" non-profile based cert rejection)
+     * 
+     * (Certificate Request Processed - either a manual "agent" non-profile based cert acceptance, a manual "agent" non-profile based cert cancellation, or a manual "agent" non-profile based cert rejection)
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a
-     * non-profile cert request is made (before approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
-     * certificate request has just been through the approval process
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a non-profile cert request is made (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a certificate request has just been through the approval process
      * </ul>
+     * 
      * @param cmsReq a certificate enrollment request
      * @param argSet CMS template parameters
      * @param header argument block
@@ -405,26 +383,26 @@ public class ProcessCertReq extends CMSServlet {
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param toDo string representing the requested action (can be one of:
-     * clone, reject, accept, cancel)
+     *            clone, reject, accept, cancel)
      * @param signatureAlgorithm string containing the signature algorithm
      * @param subject string containing the subject name of the certificate
      * @param notValidBefore certificate validity - notBefore - in seconds
-     * since Jan 1, 1970
+     *            since Jan 1, 1970
      * @param notValidAfter certificate validity - notAfter - in seconds since
-     * Jan 1, 1970
+     *            Jan 1, 1970
      * @param locale the system locale
      * @param startTime the current date
      * @exception EBaseException an error has occurred
      */
     private void processX509(CMSRequest cmsReq,
-        CMSTemplateParams argSet, IArgBlock header,
-        int seqNum, HttpServletRequest req,
-        HttpServletResponse resp,
-        String toDo, String signatureAlgorithm,
-        String subject,
-        long notValidBefore, long notValidAfter,
-        Locale locale, long startTime)
-        throws EBaseException {
+            CMSTemplateParams argSet, IArgBlock header,
+            int seqNum, HttpServletRequest req,
+            HttpServletResponse resp,
+            String toDo, String signatureAlgorithm,
+            String subject,
+            long notValidBefore, long notValidAfter,
+            Locale locale, long startTime)
+            throws EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditRequesterID = ILogger.UNIDENTIFIED;
@@ -453,7 +431,7 @@ public class ProcessCertReq extends CMSServlet {
                 }
             }
 
-            if (mAuthority != null) 
+            if (mAuthority != null)
                 header.addStringValue("authorityid", mAuthority.getId());
 
             if (toDo != null) {
@@ -466,12 +444,12 @@ public class ProcessCertReq extends CMSServlet {
                                 mAuthzResourceName, "execute");
                 } catch (EAuthzAccessDenied e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", 
-                            e.toString()));
+                            CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+                                    e.toString()));
                 } catch (Exception e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", 
-                            e.toString()));
+                            CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+                                    e.toString()));
                 }
 
                 if (authzToken == null) {
@@ -546,37 +524,37 @@ public class ProcessCertReq extends CMSServlet {
                         int alterationCounter = 0;
 
                         for (int i = 0; i < certInfo.length; i++) {
-                            CertificateAlgorithmId certAlgId = 
-                                (CertificateAlgorithmId)
-                                certInfo[i].get(X509CertInfo.ALGORITHM_ID);
+                            CertificateAlgorithmId certAlgId =
+                                    (CertificateAlgorithmId)
+                                    certInfo[i].get(X509CertInfo.ALGORITHM_ID);
 
                             AlgorithmId algId = (AlgorithmId)
-                                certAlgId.get(CertificateAlgorithmId.ALGORITHM);
+                                    certAlgId.get(CertificateAlgorithmId.ALGORITHM);
 
                             if (!(algId.getName().equals(signatureAlgorithm))) {
                                 alterationCounter++;
                                 AlgorithmId newAlgId = AlgorithmId.getAlgorithmId(signatureAlgorithm);
 
                                 certInfo[i].set(X509CertInfo.ALGORITHM_ID,
-                                    new CertificateAlgorithmId(newAlgId));
+                                        new CertificateAlgorithmId(newAlgId));
                             }
 
-                            CertificateSubjectName certSubject = 
-                                (CertificateSubjectName)
-                                certInfo[i].get(X509CertInfo.SUBJECT);
+                            CertificateSubjectName certSubject =
+                                    (CertificateSubjectName)
+                                    certInfo[i].get(X509CertInfo.SUBJECT);
 
-                            if (subject != null && 
-                                !(certSubject.toString().equals(subject))) {
+                            if (subject != null &&
+                                    !(certSubject.toString().equals(subject))) {
 
                                 alterationCounter++;
                                 certInfo[i].set(X509CertInfo.SUBJECT,
-                                    new CertificateSubjectName(
-                                        (new X500Name(subject))));
+                                        new CertificateSubjectName(
+                                                (new X500Name(subject))));
                             }
 
-                            CertificateValidity certValidity = 
-                                (CertificateValidity)
-                                certInfo[i].get(X509CertInfo.VALIDITY);
+                            CertificateValidity certValidity =
+                                    (CertificateValidity)
+                                    certInfo[i].get(X509CertInfo.VALIDITY);
                             Date currentTime = CMS.getCurrentDate();
                             boolean validityChanged = false;
 
@@ -586,26 +564,26 @@ public class ProcessCertReq extends CMSServlet {
                                         CertificateValidity.NOT_BEFORE);
 
                                 if (notBefore.getTime() == 0 ||
-                                    notBefore.getTime() != notValidBefore) {
+                                        notBefore.getTime() != notValidBefore) {
                                     Date validFrom = new Date(notValidBefore);
 
                                     notBefore = (notValidBefore == 0) ? currentTime : validFrom;
                                     certValidity.set(CertificateValidity.NOT_BEFORE,
-                                        notBefore);
+                                            notBefore);
                                     validityChanged = true;
                                 }
                             }
                             if (notValidAfter > 0) {
                                 Date validTo = new Date(notValidAfter);
                                 Date notAfter = (Date)
-                                    certValidity.get(CertificateValidity.NOT_AFTER);
+                                        certValidity.get(CertificateValidity.NOT_AFTER);
 
                                 if (notAfter.getTime() == 0 ||
-                                    notAfter.getTime() != notValidAfter) {
+                                        notAfter.getTime() != notValidAfter) {
                                     notAfter = currentTime;
                                     notAfter = (notValidAfter == 0) ? currentTime : validTo;
                                     certValidity.set(CertificateValidity.NOT_AFTER,
-                                        notAfter);
+                                            notAfter);
                                     validityChanged = true;
                                 }
                             }
@@ -618,8 +596,8 @@ public class ProcessCertReq extends CMSServlet {
 
                             if (certInfo[i].get(X509CertInfo.VERSION) == null) {
                                 certInfo[i].set(X509CertInfo.VERSION,
-                                    new CertificateVersion(
-                                        CertificateVersion.V3));
+                                        new CertificateVersion(
+                                                CertificateVersion.V3));
                             }
 
                             CertificateExtensions extensions = null;
@@ -669,14 +647,14 @@ public class ProcessCertReq extends CMSServlet {
 
                             if (extensions != null) {
                                 try {
-                                    NSCertTypeExtension nsExtensions = 
-                                        (NSCertTypeExtension)
-                                        extensions.get(
-                                            NSCertTypeExtension.class.getSimpleName());
+                                    NSCertTypeExtension nsExtensions =
+                                            (NSCertTypeExtension)
+                                            extensions.get(
+                                                    NSCertTypeExtension.class.getSimpleName());
 
                                     if (nsExtensions != null) {
                                         updateNSExtension(req, nsExtensions);
-                                    } 
+                                    }
                                 } catch (IOException e) {
                                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", e.toString()));
                                 }
@@ -686,20 +664,20 @@ public class ProcessCertReq extends CMSServlet {
                                 if (pathLength != null) {
                                     try {
                                         int pathLen = Integer.parseInt(pathLength);
-                                        BasicConstraintsExtension bcExt = 
-                                            (BasicConstraintsExtension)
-                                            extensions.get(
-                                                BasicConstraintsExtension.class.getSimpleName());
+                                        BasicConstraintsExtension bcExt =
+                                                (BasicConstraintsExtension)
+                                                extensions.get(
+                                                        BasicConstraintsExtension.class.getSimpleName());
 
                                         if (bcExt != null) {
                                             Integer bcPathLen = (Integer) bcExt.get(BasicConstraintsExtension.PATH_LEN);
                                             Boolean isCA = (Boolean) bcExt.get(BasicConstraintsExtension.IS_CA);
 
                                             if (bcPathLen != null &&
-                                                bcPathLen.intValue() != pathLen &&
-                                                isCA != null) {
+                                                    bcPathLen.intValue() != pathLen &&
+                                                    isCA != null) {
                                                 BasicConstraintsExtension bcExt0 =
-                                                    new BasicConstraintsExtension(isCA.booleanValue(), pathLen);
+                                                        new BasicConstraintsExtension(isCA.booleanValue(), pathLen);
 
                                                 extensions.delete(BasicConstraintsExtension.class.getSimpleName());
                                                 extensions.set(BasicConstraintsExtension.class.getSimpleName(), (Extension) bcExt0);
@@ -775,7 +753,7 @@ public class ProcessCertReq extends CMSServlet {
 
                                 if (mExtraAgentParams) {
                                     @SuppressWarnings("unchecked")
-									Enumeration<String> extraparams = req.getParameterNames();
+                                    Enumeration<String> extraparams = req.getParameterNames();
                                     int l = IRequest.AGENT_PARAMS.length() + 1;
                                     int ap_counter = 0;
                                     Hashtable<String, String> agentparamsargblock = new Hashtable<String, String>();
@@ -819,100 +797,100 @@ public class ProcessCertReq extends CMSServlet {
                     if (r.getRequestStatus().equals(RequestStatus.PENDING)) {
                         cmsReq.setResult(r);
                         cmsReq.setStatus(CMSRequest.PENDING);
-                        if (certInfo != null) {            
+                        if (certInfo != null) {
                             for (int i = 0; i < certInfo.length; i++) {
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(), 
-                                        initiative,
-                                        authMgr,
-                                        "pending",
-                                        certInfo[i].get(X509CertInfo.SUBJECT),
-                                        ""} 
-                                );
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.FORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                "pending",
+                                                certInfo[i].get(X509CertInfo.SUBJECT),
+                                                "" }
+                                        );
                             }
                         } else {
                             if (subject != null) {
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        "pending",
-                                        subject,
-                                        ""}
-                                );
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.FORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                "pending",
+                                                subject,
+                                                "" }
+                                        );
                             } else {
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.NODNFORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        "pending"}
-                                );
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.NODNFORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                "pending" }
+                                        );
                             }
                         }
                     } else if (r.getRequestStatus().equals(
                             RequestStatus.APPROVED) ||
-                        r.getRequestStatus().equals(
-                            RequestStatus.SVC_PENDING)) {
+                            r.getRequestStatus().equals(
+                                    RequestStatus.SVC_PENDING)) {
                         cmsReq.setResult(r);
                         cmsReq.setStatus(CMSRequest.SVC_PENDING);
                         if (certInfo != null) {
                             for (int i = 0; i < certInfo.length; i++) {
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        r.getRequestStatus(),
-                                        certInfo[i].get(X509CertInfo.SUBJECT),
-                                        ""}
-                                );
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.FORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                r.getRequestStatus(),
+                                                certInfo[i].get(X509CertInfo.SUBJECT),
+                                                "" }
+                                        );
                             }
                         } else {
                             if (subject != null) {
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        r.getRequestStatus(),
-                                        subject,
-                                        ""}
-                                );
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.FORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                r.getRequestStatus(),
+                                                subject,
+                                                "" }
+                                        );
                             } else {
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.NODNFORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        r.getRequestStatus()}
-                                );
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.NODNFORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                r.getRequestStatus() }
+                                        );
                             }
                         }
                     } else if (r.getRequestStatus().equals(
@@ -922,7 +900,7 @@ public class ProcessCertReq extends CMSServlet {
                         // XXX make the repeat record.
                         // Get the certificate(s) from the request
                         X509CertImpl issuedCerts[] =
-                            r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+                                r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
                         // return potentially more than one certificates. 
                         if (issuedCerts != null) {
@@ -932,24 +910,24 @@ public class ProcessCertReq extends CMSServlet {
                             //header.addBigIntegerValue("serialNumber", 
                             //issuedCerts[0].getSerialNumber(),16);
                             for (int i = 0; i < issuedCerts.length; i++) {
-                                if (i != 0) 
+                                if (i != 0)
                                     sbuf.append(", ");
                                 sbuf.append("0x" +
-                                    issuedCerts[i].getSerialNumber().toString(16));
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        "completed",
-                                        issuedCerts[i].getSubjectDN(),
-                                        "cert issued serial number: 0x" +
-                                        issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime)}
-                                );
+                                        issuedCerts[i].getSerialNumber().toString(16));
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.FORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                "completed",
+                                                issuedCerts[i].getSubjectDN(),
+                                                "cert issued serial number: 0x" +
+                                                        issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime) }
+                                        );
 
                                 // store a message in the signed audit log file
                                 // (one for each manual "agent"
@@ -965,34 +943,34 @@ public class ProcessCertReq extends CMSServlet {
                                 audit(auditMessage);
                             }
                             header.addStringValue(
-                                "serialNumber", sbuf.toString());
+                                    "serialNumber", sbuf.toString());
                         } else {
                             if (subject != null) {
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        "completed",
-                                        subject,
-                                        ""}
-                                );
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.FORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                "completed",
+                                                subject,
+                                                "" }
+                                        );
                             } else {
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.NODNFORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        "completed"}
-                                );
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.NODNFORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                "completed" }
+                                        );
                             }
 
                             // store a message in the signed audit log file
@@ -1012,7 +990,7 @@ public class ProcessCertReq extends CMSServlet {
                         // grant trusted manager or agent privileges  
                         Object grantError = null;
 
-                        try { 
+                        try {
                             int res = grant_privileges(
                                     cmsReq, r, issuedCerts, header);
 
@@ -1043,30 +1021,29 @@ public class ProcessCertReq extends CMSServlet {
 
                         String scheme = req.getScheme();
 
-                        if (scheme.equals("http") && 
-                            connectionIsSSL(req)) scheme = "https";
+                        if (scheme.equals("http") &&
+                                connectionIsSSL(req))
+                            scheme = "https";
 
-                            /*
-                             header.addStringValue(
-                             "authorityid", mAuthority.getId());
-                             header.addStringValue("serviceURL", scheme +"://"+
-                             req.getServerName() + ":"+
-                             req.getServerPort() + 
-                             req.getRequestURI());
-                             */
+                        /*
+                         header.addStringValue(
+                         "authorityid", mAuthority.getId());
+                         header.addStringValue("serviceURL", scheme +"://"+
+                         req.getServerName() + ":"+
+                         req.getServerPort() + 
+                         req.getRequestURI());
+                         */
 
                         if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
                             header.addStringValue("dirEnabled", "yes");
 
-                            Integer[] ldapPublishStatus = 
-                                r.getExtDataInIntegerArray("ldapPublishStatus");
+                            Integer[] ldapPublishStatus =
+                                    r.getExtDataInIntegerArray("ldapPublishStatus");
                             int certsUpdated = 0;
 
                             if (ldapPublishStatus != null) {
-                                for (int i = 0; 
-                                    i < ldapPublishStatus.length; i++) {
-                                    if (ldapPublishStatus[i] == 
-                                        IRequest.RES_SUCCESS) {
+                                for (int i = 0; i < ldapPublishStatus.length; i++) {
+                                    if (ldapPublishStatus[i] == IRequest.RES_SUCCESS) {
                                         certsUpdated++;
                                     }
                                 }
@@ -1082,47 +1059,47 @@ public class ProcessCertReq extends CMSServlet {
                     mQueue.rejectRequest(r);
                     if (certInfo != null) {
                         for (int i = 0; i < certInfo.length; i++) {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.FORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "rejected",
-                                    certInfo[i].get(X509CertInfo.SUBJECT),
-                                    ""}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.FORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "rejected",
+                                            certInfo[i].get(X509CertInfo.SUBJECT),
+                                            "" }
+                                    );
                         }
                     } else {
                         if (subject != null) {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.FORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "rejected",
-                                    subject,
-                                    ""}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.FORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "rejected",
+                                            subject,
+                                            "" }
+                                    );
                         } else {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.NODNFORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "rejected"}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.NODNFORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "rejected" }
+                                    );
                         }
                     }
 
@@ -1143,47 +1120,47 @@ public class ProcessCertReq extends CMSServlet {
 
                     if (certInfo != null) {
                         for (int i = 0; i < certInfo.length; i++) {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.FORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "canceled",
-                                    certInfo[i].get(X509CertInfo.SUBJECT),
-                                    ""}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.FORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "canceled",
+                                            certInfo[i].get(X509CertInfo.SUBJECT),
+                                            "" }
+                                    );
                         }
                     } else {
                         if (subject != null) {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.FORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "canceled",
-                                    subject,
-                                    ""}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.FORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "canceled",
+                                            subject,
+                                            "" }
+                                    );
                         } else {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.NODNFORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "canceled"}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.NODNFORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "canceled" }
+                                    );
                         }
 
                     }
@@ -1204,54 +1181,54 @@ public class ProcessCertReq extends CMSServlet {
                     IRequest clonedRequest = mQueue.cloneAndMarkPending(r);
 
                     header.addStringValue("clonedRequestId",
-                        clonedRequest.getRequestId().toString());
+                            clonedRequest.getRequestId().toString());
 
                     if (certInfo != null) {
                         for (int i = 0; i < certInfo.length; i++) {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.FORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "cloned to reqID: " +
-                                    clonedRequest.getRequestId().toString(),
-                                    certInfo[i].get(X509CertInfo.SUBJECT),
-                                    ""}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.FORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "cloned to reqID: " +
+                                                    clonedRequest.getRequestId().toString(),
+                                            certInfo[i].get(X509CertInfo.SUBJECT),
+                                            "" }
+                                    );
                         }
                     } else {
                         if (subject != null) {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.FORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "cloned to reqID: " +
-                                    clonedRequest.getRequestId().toString(),
-                                    subject,
-                                    ""}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.FORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "cloned to reqID: " +
+                                                    clonedRequest.getRequestId().toString(),
+                                            subject,
+                                            "" }
+                                    );
                         } else {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.NODNFORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "cloned to reqID: " +
-                                    clonedRequest.getRequestId().toString()}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.NODNFORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "cloned to reqID: " +
+                                                    clonedRequest.getRequestId().toString() }
+                                    );
                         }
                     }
 
@@ -1270,11 +1247,11 @@ public class ProcessCertReq extends CMSServlet {
             }
 
             // add authority names to know what privileges can be requested.	
-            if (CMS.getSubsystem("kra") != null) 
+            if (CMS.getSubsystem("kra") != null)
                 header.addStringValue("localkra", "yes");
-            if (CMS.getSubsystem("ca") != null) 
+            if (CMS.getSubsystem("ca") != null)
                 header.addStringValue("localca", "yes");
-            if (CMS.getSubsystem("ra") != null) 
+            if (CMS.getSubsystem("ra") != null)
                 header.addStringValue("localra", "yes");
 
             header.addIntegerValue("seqNum", seqNum);
@@ -1389,7 +1366,7 @@ public class ProcessCertReq extends CMSServlet {
             }
 
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
+                    CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
 
@@ -1443,7 +1420,7 @@ public class ProcessCertReq extends CMSServlet {
             }
 
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
+                    CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
         } catch (NoSuchAlgorithmException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
 
@@ -1500,9 +1477,9 @@ public class ProcessCertReq extends CMSServlet {
         }
         return;
     }
-	
-    private void updateNSExtension(HttpServletRequest req, 
-        NSCertTypeExtension ext) throws IOException {
+
+    private void updateNSExtension(HttpServletRequest req,
+            NSCertTypeExtension ext) throws IOException {
         try {
 
             if (req.getParameter("certTypeSSLServer") == null) {
@@ -1562,95 +1539,91 @@ public class ProcessCertReq extends CMSServlet {
     private int updateExtensionsInRequest(HttpServletRequest req, IRequest r) {
         int nChanges = 0;
 
-            if (req.getParameter("certTypeSSLServer") != null) {
-                r.setExtData(NSCertTypeExtension.SSL_SERVER, "true");
-                nChanges++;
-            } else {
-                r.deleteExtData(NSCertTypeExtension.SSL_SERVER);
-                nChanges++;
-            }
+        if (req.getParameter("certTypeSSLServer") != null) {
+            r.setExtData(NSCertTypeExtension.SSL_SERVER, "true");
+            nChanges++;
+        } else {
+            r.deleteExtData(NSCertTypeExtension.SSL_SERVER);
+            nChanges++;
+        }
 
-            if (req.getParameter("certTypeSSLClient") != null) {
-                r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true");
-                nChanges++;
-            } else {
-                r.deleteExtData(NSCertTypeExtension.SSL_CLIENT);
-                nChanges++;
-            }
+        if (req.getParameter("certTypeSSLClient") != null) {
+            r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true");
+            nChanges++;
+        } else {
+            r.deleteExtData(NSCertTypeExtension.SSL_CLIENT);
+            nChanges++;
+        }
 
-            if (req.getParameter("certTypeEmail") != null) {
-                r.setExtData(NSCertTypeExtension.EMAIL, "true");
-                nChanges++;
-            } else {
-                r.deleteExtData(NSCertTypeExtension.EMAIL);
-                nChanges++;
-            }
+        if (req.getParameter("certTypeEmail") != null) {
+            r.setExtData(NSCertTypeExtension.EMAIL, "true");
+            nChanges++;
+        } else {
+            r.deleteExtData(NSCertTypeExtension.EMAIL);
+            nChanges++;
+        }
 
-            if (req.getParameter("certTypeObjSigning") != null) {
-                r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true");
-                nChanges++;
-            } else {
-                r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING);
-                nChanges++;
-            }
+        if (req.getParameter("certTypeObjSigning") != null) {
+            r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true");
+            nChanges++;
+        } else {
+            r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING);
+            nChanges++;
+        }
 
-            if (req.getParameter("certTypeEmailCA") != null) {
-                r.setExtData(NSCertTypeExtension.EMAIL_CA, "true");
-                nChanges++;
-            } else {
-                r.deleteExtData(NSCertTypeExtension.EMAIL_CA);
-                nChanges++;
-            }
+        if (req.getParameter("certTypeEmailCA") != null) {
+            r.setExtData(NSCertTypeExtension.EMAIL_CA, "true");
+            nChanges++;
+        } else {
+            r.deleteExtData(NSCertTypeExtension.EMAIL_CA);
+            nChanges++;
+        }
 
-            if (req.getParameter("certTypeSSLCA") != null) {
-                r.setExtData(NSCertTypeExtension.SSL_CA, "true");
-                nChanges++;
-            } else {
-                r.deleteExtData(NSCertTypeExtension.SSL_CA);
-                nChanges++;
-            }
+        if (req.getParameter("certTypeSSLCA") != null) {
+            r.setExtData(NSCertTypeExtension.SSL_CA, "true");
+            nChanges++;
+        } else {
+            r.deleteExtData(NSCertTypeExtension.SSL_CA);
+            nChanges++;
+        }
 
-            if (req.getParameter("certTypeObjSigningCA") != null) {
-                r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true");
-                nChanges++;
-            } else {
-                r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA);
-                nChanges++;
-            }
+        if (req.getParameter("certTypeObjSigningCA") != null) {
+            r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true");
+            nChanges++;
+        } else {
+            r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA);
+            nChanges++;
+        }
 
         return nChanges;
     }
-	
+
     protected static final String GRANT_ERROR = "grantError";
 
-    public static final String 
-        GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege";
-    public static final String 
-        GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege";
-    public static final String 
-        GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege";
-    public static final String 
-        GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege";
+    public static final String GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege";
+    public static final String GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege";
+    public static final String GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege";
+    public static final String GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege";
     public static final String GRANT_UID = "grantUID";
     public static final String GRANT_PRIVILEGE = "grantPrivilege";
 
     protected int grant_privileges(
-        CMSRequest cmsReq, IRequest req, Certificate[] certs, IArgBlock header)
-        throws EBaseException {
+            CMSRequest cmsReq, IRequest req, Certificate[] certs, IArgBlock header)
+            throws EBaseException {
         // get privileges to grant
         IArgBlock httpParams = cmsReq.getHttpParams();
 
-        boolean grantTrustedMgr = 
-            httpParams.getValueAsBoolean(GRANT_TRUSTEDMGR_PRIVILEGE, false);
-        boolean grantRMAgent = 
-            httpParams.getValueAsBoolean(GRANT_RMAGENT_PRIVILEGE, false);
-        boolean grantCMAgent = 
-            httpParams.getValueAsBoolean(GRANT_CMAGENT_PRIVILEGE, false);
-        boolean grantDRMAgent = 
-            httpParams.getValueAsBoolean(GRANT_DRMAGENT_PRIVILEGE, false);
-
-        if (!grantTrustedMgr && 
-            !grantCMAgent && !grantRMAgent && !grantDRMAgent) {
+        boolean grantTrustedMgr =
+                httpParams.getValueAsBoolean(GRANT_TRUSTEDMGR_PRIVILEGE, false);
+        boolean grantRMAgent =
+                httpParams.getValueAsBoolean(GRANT_RMAGENT_PRIVILEGE, false);
+        boolean grantCMAgent =
+                httpParams.getValueAsBoolean(GRANT_CMAGENT_PRIVILEGE, false);
+        boolean grantDRMAgent =
+                httpParams.getValueAsBoolean(GRANT_DRMAGENT_PRIVILEGE, false);
+
+        if (!grantTrustedMgr &&
+                !grantCMAgent && !grantRMAgent && !grantDRMAgent) {
             return 0;
         } else {
             IAuthToken authToken = getAuthToken(req);
@@ -1669,7 +1642,7 @@ public class ProcessCertReq extends CMSServlet {
 
                 if (grantTrustedMgr)
                     obj[0] = TRUSTED_RA_GROUP;
-                else if (grantRMAgent) 
+                else if (grantRMAgent)
                     obj[0] = RA_AGENT_GROUP;
                 else if (grantCMAgent)
                     obj[0] = CA_AGENT_GROUP;
@@ -1696,22 +1669,22 @@ public class ProcessCertReq extends CMSServlet {
             groupname = TRUSTED_RA_GROUP;
             userType = Constants.PR_SUBSYSTEM_TYPE;
         } else {
-            if (grantCMAgent) 
+            if (grantCMAgent)
                 groupname = CA_AGENT_GROUP;
-            else if (grantRMAgent) 
+            else if (grantRMAgent)
                 groupname = RA_AGENT_GROUP;
 
             if (grantDRMAgent) {
-                if (groupname != null) 
+                if (groupname != null)
                     groupname1 = KRA_AGENT_GROUP;
-                else 	
+                else
                     groupname = KRA_AGENT_GROUP;
             }
             userType = Constants.PR_AGENT_TYPE;
         }
 
-        String privilege = 
-            (groupname1 == null) ? groupname : groupname + " and " + groupname1;
+        String privilege =
+                (groupname1 == null) ? groupname : groupname + " and " + groupname1;
 
         header.addStringValue(GRANT_PRIVILEGE, privilege);
 
@@ -1727,23 +1700,23 @@ public class ProcessCertReq extends CMSServlet {
         IGroup group = ug.findGroup(groupname), group1 = null;
 
         if (group == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname));
             throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname));
         }
         if (groupname1 != null) {
             group1 = ug.findGroup(groupname1);
             if (group1 == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname));
                 throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname1));
             }
         }
         try {
             ug.addUser(user);
         } catch (Exception e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid));
             throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_USER_ERROR", uid));
         }
         try {
@@ -1752,11 +1725,11 @@ public class ProcessCertReq extends CMSServlet {
 
                 user.setX509Certificates(tmp);
             }
-			
+
             ug.addUserCert(user);
         } catch (Exception e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid));
             throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_CERT_ERROR", uid));
         }
         try {
@@ -1765,44 +1738,44 @@ public class ProcessCertReq extends CMSServlet {
             // for audit log
             SessionContext sContext = SessionContext.getContext();
             String adminId = (String) sContext.get(SessionContext.USER_ID);
-                
+
             mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
-                new Object[] {adminId, uid, groupname}
-            );
+                    AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
+                    new Object[] { adminId, uid, groupname }
+                    );
 
             if (group1 != null) {
                 group1.addMemberName(uid);
                 ug.modifyGroup(group1);
-				
+
                 mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                    AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
-                    new Object[] {adminId, uid, groupname1}
-                );
+                        AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
+                        new Object[] { adminId, uid, groupname1 }
+                        );
 
             }
         } catch (Exception e) {
-            String msg = 
-                "Could not add user " + uid + " to group " + groupname;
+            String msg =
+                    "Could not add user " + uid + " to group " + groupname;
 
             if (group1 != null)
                 msg += " or group " + groupname1;
             log(ILogger.LL_FAILURE, msg);
-            if (group1 == null) 
-                throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER", uid, groupname)); 
-            else 
-                throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1)); 
+            if (group1 == null)
+                throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER", uid, groupname));
+            else
+                throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1));
         }
         return 1;
     }
 
     /**
      * Signed Audit Log Info Name
-     *
+     * 
      * This method is called to obtain the "InfoName" for
      * a signed audit log message.
      * <P>
-     *
+     * 
      * @param type signed audit log request processing type
      * @return id string containing the signed audit log message InfoName
      */
@@ -1833,11 +1806,11 @@ public class ProcessCertReq extends CMSServlet {
 
     /**
      * Signed Audit Log Info Certificate Value
-     *
+     * 
      * This method is called to obtain the certificate from the passed in
      * "X509CertImpl" for a signed audit log message.
      * <P>
-     *
+     * 
      * @param x509cert an X509CertImpl
      * @return cert string containing the certificate
      */
@@ -1891,38 +1864,38 @@ public class ProcessCertReq extends CMSServlet {
     }
 }
 
-
 class RAReqCompletedFiller extends ImportCertsTemplateFiller {
     private static final String RA_AGENT_GROUP = "Registration Manager Agents";
     private static final String KRA_AGENT_GROUP = "Data Recovery Manager Agents";
+
     public RAReqCompletedFiller() {
         super();
     }
 
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) 
-        throws Exception {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
+            throws Exception {
 
         Object[] results = (Object[]) cmsReq.getResult();
         Object grantError = results[1];
         //X509CertImpl[] issuedCerts = (X509CertImpl[])results[0];
         Certificate[] issuedCerts = (Certificate[]) results[0];
-			
+
         cmsReq.setResult(issuedCerts);
-        CMSTemplateParams params = 
-            super.getTemplateParams(cmsReq, authority, locale, e);
+        CMSTemplateParams params =
+                super.getTemplateParams(cmsReq, authority, locale, e);
 
         if (grantError != null) {
             IArgBlock header = params.getHeader();
 
             if (grantError instanceof String) {
                 header.addStringValue(
-                    ProcessCertReq.GRANT_ERROR, (String) grantError);
+                        ProcessCertReq.GRANT_ERROR, (String) grantError);
             } else {
                 EBaseException ex = (EBaseException) grantError;
 
                 header.addStringValue(
-                    ProcessCertReq.GRANT_ERROR, ex.toString(locale));
+                        ProcessCertReq.GRANT_ERROR, ex.toString(locale));
             }
             IArgBlock httpParams = cmsReq.getHttpParams();
             String uid = httpParams.getValueAsString(
@@ -1941,7 +1914,7 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller {
             if (grantDRMAgent) {
                 if (privilege != null)
                     privilege += " and " + KRA_AGENT_GROUP;
-                else 
+                else
                     privilege = KRA_AGENT_GROUP;
             }
             header.addStringValue(ProcessCertReq.GRANT_PRIVILEGE, privilege);
@@ -1949,4 +1922,3 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller {
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java
index 0ac27197..78f047d2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -50,10 +49,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Display Generic Request detail to the user.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProcessReq extends CMSServlet {
@@ -74,8 +72,8 @@ public class ProcessReq extends CMSServlet {
     private IReqParser mParser = null;
     private String[] mSigningAlgorithms = null;
 
-    private static String[] DEF_SIGNING_ALGORITHMS = new String[] 
-        {"SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", "MD5withRSA", "MD2withRSA"};
+    private static String[] DEF_SIGNING_ALGORITHMS = new String[]
+        { "SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", "MD5withRSA", "MD2withRSA" };
 
     /**
      * Process request.
@@ -90,11 +88,12 @@ public class ProcessReq extends CMSServlet {
      * The initialization parameter 'parser' is read from the
      * servlet configration, and is used to set the type of request.
      * The value of this parameter can be:
-     * <UL><LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary
-     *  <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail
-     *  <LI><B>KeyReqParser.PARSER</B> - Show key archival detail
-	 * </UL>
-     *
+     * <UL>
+     * <LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary
+     * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail
+     * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail
+     * </UL>
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -111,13 +110,13 @@ public class ProcessReq extends CMSServlet {
                 mParser = CertReqParser.DETAIL_PARSER;
             else if (tmp.trim().equals("KeyReqParser.PARSER"))
                 mParser = KeyReqParser.PARSER;
-        }			
+        }
 
         // override success and error templates to null - 
         // handle templates locally.
         mTemplates.remove(CMSRequest.SUCCESS);
         mTemplates.remove(CMSRequest.ERROR);
-        if (mOutputTemplatePath != null) 
+        if (mOutputTemplatePath != null)
             mFormPath = mOutputTemplatePath;
     }
 
@@ -125,10 +124,9 @@ public class ProcessReq extends CMSServlet {
      * Process the HTTP request.
      * <ul>
      * <li>http.param seqNum
-     * <li>http.param doAssign reassign request. Value can be reassignToMe
-     *       reassignToNobody
+     * <li>http.param doAssign reassign request. Value can be reassignToMe reassignToNobody
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -152,10 +150,10 @@ public class ProcessReq extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                "Error getting template " + mFormPath + " Error " + e);
+            log(ILogger.LL_FAILURE,
+                    "Error getting template " + mFormPath + " Error " + e);
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         try {
@@ -172,8 +170,8 @@ public class ProcessReq extends CMSServlet {
                     if (doAssign == null) {
                         authzToken = authorize(mAclMethod, authToken,
                                     mAuthzResourceName, "read");
-                    } else if (doAssign.equals("toMe") || 
-                        doAssign.equals("reassignToMe")) {
+                    } else if (doAssign.equals("toMe") ||
+                            doAssign.equals("reassignToMe")) {
                         authzToken = authorize(mAclMethod, authToken,
                                     mAuthzResourceName, "assign");
                     } else if (doAssign.equals("reassignToNobody")) {
@@ -182,10 +180,10 @@ public class ProcessReq extends CMSServlet {
                     }
                 } catch (EAuthzAccessDenied e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                            CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
                 } catch (Exception e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                            CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
                 }
 
                 if (authzToken == null) {
@@ -193,19 +191,19 @@ public class ProcessReq extends CMSServlet {
                     return;
                 }
 
-                process(argSet, header, seqNum, req, resp, 
-                    doAssign, locale[0]);
+                process(argSet, header, seqNum, req, resp,
+                        doAssign, locale[0]);
             } else {
                 log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum);
                 error = new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
-                            String.valueOf(seqNum)));
+                        CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
+                                String.valueOf(seqNum)));
             }
         } catch (EBaseException e) {
             error = e;
         } catch (NumberFormatException e) {
             error = new EBaseException(CMS.getUserMessage(locale[0], "CMS_BASE_INVALID_NUMBER_FORMAT"));
-        } 
+        }
 
         try {
             ServletOutputStream out = resp.getOutputStream();
@@ -213,46 +211,46 @@ public class ProcessReq extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  String output = form.getOutput(argSet);
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    String output = form.getOutput(argSet);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setError(error);
                 cmsReq.setStatus(CMSRequest.ERROR);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                "Error getting servlet output stream for rendering template. " +
-                "Error " + e);
+            log(ILogger.LL_FAILURE,
+                    "Error getting servlet output stream for rendering template. " +
+                            "Error " + e);
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         return;
     }
 
     /**
-     * Sends request information to the calller. 
+     * Sends request information to the calller.
      * returns whether there was an error or not.
      */
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        int seqNum, HttpServletRequest req,
-        HttpServletResponse resp, 
-        String doAssign, Locale locale)
-        throws EBaseException {
+            int seqNum, HttpServletRequest req,
+            HttpServletResponse resp,
+            String doAssign, Locale locale)
+            throws EBaseException {
 
         header.addIntegerValue("seqNum", seqNum);
 
-        IRequest r = 
-            mQueue.findRequest(new RequestId(Integer.toString(seqNum)));
+        IRequest r =
+                mQueue.findRequest(new RequestId(Integer.toString(seqNum)));
 
         if (r != null) {
             if (doAssign != null) {
                 if ((doAssign.equals("toMe"))
-                    || (doAssign.equals("reassignToMe"))) {
+                        || (doAssign.equals("reassignToMe"))) {
                     SessionContext ctx = SessionContext.getContext();
                     String id = (String) ctx.get(SessionContext.USER_ID);
 
@@ -265,14 +263,14 @@ public class ProcessReq extends CMSServlet {
             }
 
             // add authority names to know what privileges can be requested.	
-            if (CMS.getSubsystem("kra") != null) 
+            if (CMS.getSubsystem("kra") != null)
                 header.addStringValue("localkra", "yes");
-            if (CMS.getSubsystem("ca") != null) 
+            if (CMS.getSubsystem("ca") != null)
                 header.addStringValue("localca", "yes");
-            if (CMS.getSubsystem("ra") != null) 
+            if (CMS.getSubsystem("ra") != null)
                 header.addStringValue("localra", "yes");
 
-                // DONT NEED TO DO THIS FOR DRM
+            // DONT NEED TO DO THIS FOR DRM
             if (mAuthority instanceof ICertAuthority) {
                 // Check/set signing algorithms dynamically.
                 // In RA mSigningAlgorithms could be null at startup if CA is not 
@@ -281,15 +279,15 @@ public class ProcessReq extends CMSServlet {
                 String[] allAlgorithms = mSigningAlgorithms;
 
                 if (allAlgorithms == null) {
-                    allAlgorithms = mSigningAlgorithms = 
+                    allAlgorithms = mSigningAlgorithms =
                                     ((ICertAuthority) mAuthority).getCASigningAlgorithms();
                     if (allAlgorithms == null) {
                         CMS.debug(
-                            "ProcessReq: signing algorithms set to All algorithms");
+                                "ProcessReq: signing algorithms set to All algorithms");
                         allAlgorithms = AlgorithmId.ALL_SIGNING_ALGORITHMS;
-                    } else 
+                    } else
                         CMS.debug(
-                            "ProcessReq: First signing algorithms is " + allAlgorithms[0]);
+                                "ProcessReq: First signing algorithms is " + allAlgorithms[0]);
                 }
                 String validAlgorithms = null;
                 StringBuffer sb = new StringBuffer();
@@ -310,10 +308,10 @@ public class ProcessReq extends CMSServlet {
                     if (signingAlgorithm != null)
                         header.addStringValue("caSigningAlgorithm", signingAlgorithm);
                     header.addLongValue("defaultValidityLength",
-                        ((ICertificateAuthority) mAuthority).getDefaultValidity() / 1000);
+                            ((ICertificateAuthority) mAuthority).getDefaultValidity() / 1000);
                 } else if (mAuthority instanceof IRegistrationAuthority) {
                     header.addLongValue("defaultValidityLength",
-                        ((IRegistrationAuthority) mAuthority).getDefaultValidity() / 1000);
+                            ((IRegistrationAuthority) mAuthority).getDefaultValidity() / 1000);
                 }
                 X509CertImpl caCert = ((ICertAuthority) mAuthority).getCACert();
 
@@ -328,8 +326,8 @@ public class ProcessReq extends CMSServlet {
         } else {
             log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum);
             throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
-                    String.valueOf(seqNum)));
+                    CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
+                            String.valueOf(seqNum)));
         }
 
         return;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java
index 036bd5d0..3a12819f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Show paged list of requests matching search criteria
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class QueryReq extends CMSServlet {
@@ -61,7 +59,7 @@ public class QueryReq extends CMSServlet {
     private final static String IN_SHOW_ALL = "showAll";
     private final static String IN_SHOW_WAITING = "showWaiting";
     private final static String IN_SHOW_IN_SERVICE = "showInService";
-    private final static String IN_SHOW_PENDING= "showPending";
+    private final static String IN_SHOW_PENDING = "showPending";
     private final static String IN_SHOW_CANCELLED = "showCancelled";
     private final static String IN_SHOW_REJECTED = "showRejected";
     private final static String IN_SHOW_COMPLETED = "showCompleted";
@@ -94,8 +92,8 @@ public class QueryReq extends CMSServlet {
     private final static String OUT_COMMENTS = "requestorComments";
     private final static String OUT_SERIALNO = "serialNumber";
     private final static String OUT_OWNER_NAME = "ownerName";
-    private final static String OUT_PUBLIC_KEY_INFO = 
-        "subjectPublicKeyInfo";
+    private final static String OUT_PUBLIC_KEY_INFO =
+            "subjectPublicKeyInfo";
     private final static String OUT_ERROR = "error";
     private final static String OUT_AUTHORITY_ID = "authorityid";
 
@@ -119,7 +117,7 @@ public class QueryReq extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "queryReq.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -142,7 +140,7 @@ public class QueryReq extends CMSServlet {
                 mParser = CertReqParser.DETAIL_PARSER;
             else if (tmp.trim().equals("KeyReqParser.PARSER"))
                 mParser = KeyReqParser.PARSER;
-        }			
+        }
 
         // override success and error templates to null - 
         // handle templates locally.
@@ -152,7 +150,7 @@ public class QueryReq extends CMSServlet {
         if (mOutputTemplatePath != null)
             mFormPath = mOutputTemplatePath;
     }
-	
+
     private String getRequestType(String p) {
         String filter = "(requestType=*)";
 
@@ -212,348 +210,338 @@ public class QueryReq extends CMSServlet {
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param reqState request state
-	 *            (one of showAll, showWaiting, showInService, 
-	 *            showCancelled, showRejected, showCompleted)
+     * <li>http.param reqState request state (one of showAll, showWaiting, showInService, showCancelled, showRejected, showCompleted)
      * <li>http.param reqType
-     * <li>http.param seqNumFromDown request ID to start at (decimal, or hex if
-     *           when paging down
-     *           seqNumFromDown starts with 0x)
-     * <li>http.param seqNumFromUp request ID to start at (decimal, or hex if
-     *           when paging up
-     *           seqNumFromUp starts with 0x)
+     * <li>http.param seqNumFromDown request ID to start at (decimal, or hex if when paging down seqNumFromDown starts with 0x)
+     * <li>http.param seqNumFromUp request ID to start at (decimal, or hex if when paging up seqNumFromUp starts with 0x)
      * <li>http.param maxCount maximum number of records to show
      * <li>http.param totalCount total number of records in set of pages
      * <li>http.param direction "up", "down", "begin", or "end"
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
 
     public void process(CMSRequest cmsReq) throws EBaseException {
-    	CMS.debug("in QueryReq servlet");
-    	
-    	// Authentication / Authorization
-
-    	HttpServletRequest req = cmsReq.getHttpReq();
-    	IAuthToken authToken = authenticate(cmsReq);
-    	AuthzToken authzToken = null;
-    	
-    	try {
-    		authzToken = authorize(mAclMethod, authToken,
-    				mAuthzResourceName, "list");
-    	} catch (EAuthzAccessDenied e) {
-    		log(ILogger.LL_FAILURE,
-    				CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-    	} catch (Exception e) {
-    		log(ILogger.LL_FAILURE,
-    				CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-    	}
-    	if (authzToken == null) {
-    		cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
-    		return;
-    	}
-    	
-
-
-    	  	
-    	CMSTemplate form = null;
-    	Locale[] locale = new Locale[1];
-    	
-    	try {
-    		// if get a EBaseException we just throw it. 
-    		form = getTemplate(mFormPath, req, locale);
-    	} catch (IOException e) {
-    		log(ILogger.LL_FAILURE,
-    				CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-    		throw new ECMSGWException(
-    				CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-    	}
-    	
-    	/** 
-    	 * WARNING:
-    	 * 
-    	 * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED.
-    	 *
-    	 **/
-    	String filter = null;
-    	String reqState = req.getParameter("reqState");
-    	String reqType = req.getParameter("reqType");
-    	
-    	if (reqState == null || reqType == null) {
-    		filter = "(requeststate=*)";
-    	} else if (reqState.equals(IN_SHOW_ALL) && 
-    			reqType.equals(IN_SHOW_ALL)) {
-    		filter = "(requeststate=*)";
-    	} else if (reqState.equals(IN_SHOW_ALL)) {
-    		filter = getRequestType(reqType);
-    	} else if (reqType.equals(IN_SHOW_ALL)) {
-    		filter = getRequestState(reqState);
-    	} else {
-    		filter = "(&" + getRequestState(reqState) + 
-    		getRequestType(reqType) + ")";
-    	}
-    	
-    	String direction = "begin";
-    	if (req.getParameter("direction") != null) {
-    		direction = req.getParameter("direction").trim();
-    	}
-    	
-    	
-    	int top=0, bottom=0;
-    	
-    	try {
-    		String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE);
-    		if (top_s == null) top_s = "0";
-    		
-    		String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE);
-    		if (bottom_s == null) bottom_s = "0";
-    		
-    		if (top_s.trim().startsWith("0x")) {
-    			top = Integer.parseInt(top_s.trim().substring(2), 16);
-    		} else {
-    			top = Integer.parseInt(top_s.trim());
-    		}
-    		if (bottom_s.trim().startsWith("0x")) {
-    			bottom = Integer.parseInt(bottom_s.trim().substring(2), 16);
-    		} else {
-    			bottom = Integer.parseInt(bottom_s.trim());
-    		}
-    		
-    	} catch (NumberFormatException e) {
-
-    	}
-    	
-    	// avoid NumberFormatException to the user interface
-    	int maxCount = 10;
-    	try {
-    		maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT));
-    	} catch (Exception e) {
-    	}
+        CMS.debug("in QueryReq servlet");
+
+        // Authentication / Authorization
+
+        HttpServletRequest req = cmsReq.getHttpReq();
+        IAuthToken authToken = authenticate(cmsReq);
+        AuthzToken authzToken = null;
+
+        try {
+            authzToken = authorize(mAclMethod, authToken,
+                    mAuthzResourceName, "list");
+        } catch (EAuthzAccessDenied e) {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+        } catch (Exception e) {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+        }
+        if (authzToken == null) {
+            cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
+            return;
+        }
+
+        CMSTemplate form = null;
+        Locale[] locale = new Locale[1];
+
+        try {
+            // if get a EBaseException we just throw it. 
+            form = getTemplate(mFormPath, req, locale);
+        } catch (IOException e) {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            throw new ECMSGWException(
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+        }
+
+        /**
+         * WARNING:
+         * 
+         * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED.
+         * 
+         **/
+        String filter = null;
+        String reqState = req.getParameter("reqState");
+        String reqType = req.getParameter("reqType");
+
+        if (reqState == null || reqType == null) {
+            filter = "(requeststate=*)";
+        } else if (reqState.equals(IN_SHOW_ALL) &&
+                reqType.equals(IN_SHOW_ALL)) {
+            filter = "(requeststate=*)";
+        } else if (reqState.equals(IN_SHOW_ALL)) {
+            filter = getRequestType(reqType);
+        } else if (reqType.equals(IN_SHOW_ALL)) {
+            filter = getRequestState(reqState);
+        } else {
+            filter = "(&" + getRequestState(reqState) +
+                    getRequestType(reqType) + ")";
+        }
+
+        String direction = "begin";
+        if (req.getParameter("direction") != null) {
+            direction = req.getParameter("direction").trim();
+        }
+
+        int top = 0, bottom = 0;
+
+        try {
+            String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE);
+            if (top_s == null)
+                top_s = "0";
+
+            String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE);
+            if (bottom_s == null)
+                bottom_s = "0";
+
+            if (top_s.trim().startsWith("0x")) {
+                top = Integer.parseInt(top_s.trim().substring(2), 16);
+            } else {
+                top = Integer.parseInt(top_s.trim());
+            }
+            if (bottom_s.trim().startsWith("0x")) {
+                bottom = Integer.parseInt(bottom_s.trim().substring(2), 16);
+            } else {
+                bottom = Integer.parseInt(bottom_s.trim());
+            }
+
+        } catch (NumberFormatException e) {
+
+        }
+
+        // avoid NumberFormatException to the user interface
+        int maxCount = 10;
+        try {
+            maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT));
+        } catch (Exception e) {
+        }
         if (maxCount > mMaxReturns) {
             CMS.debug("Resetting page size from " + maxCount + " to " + mMaxReturns);
             maxCount = mMaxReturns;
         }
 
-    	HttpServletResponse resp = cmsReq.getHttpResp(); 
-    	CMSTemplateParams argset = doSearch(locale[0],filter, maxCount, direction, top, bottom );
-	
-  
-        argset.getFixed().addStringValue("reqType",reqType);
+        HttpServletResponse resp = cmsReq.getHttpResp();
+        CMSTemplateParams argset = doSearch(locale[0], filter, maxCount, direction, top, bottom);
+
+        argset.getFixed().addStringValue("reqType", reqType);
         argset.getFixed().addStringValue("reqState", reqState);
-        argset.getFixed().addIntegerValue("maxCount",maxCount);
-    	
-    	
-    	try {
-    		form.getOutput(argset);    		
-    		resp.setContentType("text/html");
-    		form.renderOutput(resp.getOutputStream(), argset);
-    	} catch (IOException e) {
-    		log(ILogger.LL_FAILURE,
-    				CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-    		throw new ECMSGWException(
-    				CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-    	}
-    	cmsReq.setStatus(CMSRequest.SUCCESS);
-    	return;
+        argset.getFixed().addIntegerValue("maxCount", maxCount);
+
+        try {
+            form.getOutput(argset);
+            resp.setContentType("text/html");
+            form.renderOutput(resp.getOutputStream(), argset);
+        } catch (IOException e) {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+            throw new ECMSGWException(
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+        }
+        cmsReq.setStatus(CMSRequest.SUCCESS);
+        return;
     }
 
     /**
      * Perform search based on direction button pressed
+     * 
      * @param filter ldap filter indicating which VLV to search through. This can be
-     * 'all requests', 'pending', etc
+     *            'all requests', 'pending', etc
      * @param count the number of requests to show per page
      * @param direction either 'begin', 'end', 'previous' or 'next' (defaults to end)
-     * @param top  the number of the request shown on at the top of the current page
+     * @param top the number of the request shown on at the top of the current page
      * @param bottom the number of the request shown on at the bottom of the current page
-     * @return 
+     * @return
      */
-    
+
     private CMSTemplateParams doSearch(Locale l, String filter,
-    		int count, String direction, int top, int bottom)
-    {
-    	CMSTemplateParams ctp = null;
-    	if (direction.equals("previous")) {
-    		ctp = doSearch(l, filter, -count, top-1);
-    	} else if (direction.equals("next")) {
-    		ctp = doSearch(l,filter, count, bottom+1);
-    	} else if (direction.equals("begin")) {
-    		ctp = doSearch(l,filter, count, 0);
-    	} else if (direction.equals("first")) {
-    		ctp = doSearch(l,filter, count, bottom);
-    	} else {  // if 'direction is 'end', default here
-    		ctp = doSearch(l,filter, -count, -1);
-    	}
-    	return ctp;
+            int count, String direction, int top, int bottom) {
+        CMSTemplateParams ctp = null;
+        if (direction.equals("previous")) {
+            ctp = doSearch(l, filter, -count, top - 1);
+        } else if (direction.equals("next")) {
+            ctp = doSearch(l, filter, count, bottom + 1);
+        } else if (direction.equals("begin")) {
+            ctp = doSearch(l, filter, count, 0);
+        } else if (direction.equals("first")) {
+            ctp = doSearch(l, filter, count, bottom);
+        } else { // if 'direction is 'end', default here
+            ctp = doSearch(l, filter, -count, -1);
+        }
+        return ctp;
     }
-    
-    
-
-	/**
-	 * 
-	 * @param locale
-	 * @param filter the types of requests to return - this must match the VLV index
-	 * @param count maximum number of records to return
-	 * @param marker indication of the request ID where the page is anchored
-	 * @return
-	 */
+
+    /**
+     * 
+     * @param locale
+     * @param filter the types of requests to return - this must match the VLV index
+     * @param count maximum number of records to return
+     * @param marker indication of the request ID where the page is anchored
+     * @return
+     */
 
     private CMSTemplateParams doSearch(
-    		Locale locale,
-    		String filter,
-    		int count, 
-    		int marker) {
-    	
-    	IArgBlock header = CMS.createArgBlock();
-    	IArgBlock context = CMS.createArgBlock();
-    	CMSTemplateParams argset = new CMSTemplateParams(header, context);
-    	
-    	try {
-    		long startTime = CMS.getCurrentDate().getTime();
-    		// preserve the type of request that we are
-    		// requesting.
-    		
-    		header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId());
-    		header.addStringValue(OUT_REQUESTING_USER, "admin");
-    		
-    		
-    		boolean jumptoend = false;
-    		if (marker == -1) {
-    			marker = 0;       // I think this is inconsequential
-    			jumptoend = true; // override  to '99' during search 
-    		}
-    		
-    		RequestId id = new RequestId(Integer.toString(marker));
-    		IRequestVirtualList list =   mQueue.getPagedRequestsByFilter(
-    				id,
-    				jumptoend,
-    				filter, 
-    				count+1,
-    		"requestId");
-    		
-    		int totalCount = list.getSize() - list.getCurrentIndex();
-    		header.addIntegerValue(OUT_TOTALCOUNT, totalCount);
-    		header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize());
-    		
-    		int numEntries = list.getSize() - list.getCurrentIndex();
-    		
-    		Vector v = fetchRecords(list,Math.abs(count));
-    		v = normalizeOrder(v);
-    		trim(v,id);
-    		
-    		
-    		int currentCount = 0;
-    		int curNum = 0;
-    		int firstNum = -1;
-    		Enumeration requests = v.elements();
-    		
-    		while (requests.hasMoreElements()) {
-    			IRequest request = null;
-    			try {
-    				request = (IRequest) requests.nextElement();
-    			} catch (Exception e) {
-    				CMS.debug("Error displaying request:"+e.getMessage());
-    				// handled below
-    			}
-    			if (request == null) {
-    				log(ILogger.LL_WARN, "Error display request on page");
-    				continue;
-    			}
-    			
-    			curNum = Integer.parseInt(
-    					request.getRequestId().toString());
-    			
-    			if (firstNum == -1) {
-    				firstNum = curNum; 
-    			}
-    			
-    			IArgBlock rec = CMS.createArgBlock();
-    			mParser.fillRequestIntoArg(locale, request, argset, rec);
-    			mQueue.releaseRequest(request);
-    			argset.addRepeatRecord(rec);
-    			
-    			currentCount++;
-    			
-    		}// while
-    		long endTime = CMS.getCurrentDate().getTime();
-    		
-    		header.addIntegerValue(OUT_CURRENTCOUNT, currentCount);
-    		header.addStringValue("time", Long.toString(endTime - startTime));
-    		header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum);
-    		header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum);
-    		
-    	} catch (EBaseException e) {
-    		header.addStringValue(OUT_ERROR, e.toString(locale));
-    	} catch (Exception e) {
-    	}
-    	return argset;
-    	
+            Locale locale,
+            String filter,
+            int count,
+            int marker) {
+
+        IArgBlock header = CMS.createArgBlock();
+        IArgBlock context = CMS.createArgBlock();
+        CMSTemplateParams argset = new CMSTemplateParams(header, context);
+
+        try {
+            long startTime = CMS.getCurrentDate().getTime();
+            // preserve the type of request that we are
+            // requesting.
+
+            header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId());
+            header.addStringValue(OUT_REQUESTING_USER, "admin");
+
+            boolean jumptoend = false;
+            if (marker == -1) {
+                marker = 0; // I think this is inconsequential
+                jumptoend = true; // override  to '99' during search 
+            }
+
+            RequestId id = new RequestId(Integer.toString(marker));
+            IRequestVirtualList list = mQueue.getPagedRequestsByFilter(
+                    id,
+                    jumptoend,
+                    filter,
+                    count + 1,
+                    "requestId");
+
+            int totalCount = list.getSize() - list.getCurrentIndex();
+            header.addIntegerValue(OUT_TOTALCOUNT, totalCount);
+            header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize());
+
+            int numEntries = list.getSize() - list.getCurrentIndex();
+
+            Vector v = fetchRecords(list, Math.abs(count));
+            v = normalizeOrder(v);
+            trim(v, id);
+
+            int currentCount = 0;
+            int curNum = 0;
+            int firstNum = -1;
+            Enumeration requests = v.elements();
+
+            while (requests.hasMoreElements()) {
+                IRequest request = null;
+                try {
+                    request = (IRequest) requests.nextElement();
+                } catch (Exception e) {
+                    CMS.debug("Error displaying request:" + e.getMessage());
+                    // handled below
+                }
+                if (request == null) {
+                    log(ILogger.LL_WARN, "Error display request on page");
+                    continue;
+                }
+
+                curNum = Integer.parseInt(
+                        request.getRequestId().toString());
+
+                if (firstNum == -1) {
+                    firstNum = curNum;
+                }
+
+                IArgBlock rec = CMS.createArgBlock();
+                mParser.fillRequestIntoArg(locale, request, argset, rec);
+                mQueue.releaseRequest(request);
+                argset.addRepeatRecord(rec);
+
+                currentCount++;
+
+            }// while
+            long endTime = CMS.getCurrentDate().getTime();
+
+            header.addIntegerValue(OUT_CURRENTCOUNT, currentCount);
+            header.addStringValue("time", Long.toString(endTime - startTime));
+            header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum);
+            header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum);
+
+        } catch (EBaseException e) {
+            header.addStringValue(OUT_ERROR, e.toString(locale));
+        } catch (Exception e) {
+        }
+        return argset;
+
     }
 
     /**
      * If the vector contains the marker element at the end, remove it.
-     * @param v  The vector to trim
-     * @param marker  the marker to look for.
+     * 
+     * @param v The vector to trim
+     * @param marker the marker to look for.
+     */
+    private void trim(Vector v, RequestId marker) {
+        int i = v.size() - 1;
+        if (((IRequest) v.elementAt(i)).getRequestId().equals(marker)) {
+            v.remove(i);
+        }
+
+    }
+
+    /**
+     * Sometimes the list comes back from LDAP in reverse order. This function makes
+     * sure the results are in 'forward' order.
+     * 
+     * @param list
+     * @return
      */
-	private void trim(Vector v, RequestId marker) {
-		int i = v.size()-1;
-		if (((IRequest)v.elementAt(i)).getRequestId().equals(marker)) {
-			v.remove(i);
-		}
-		
-	}
-
-	/**
-	 * Sometimes the list comes back from LDAP in reverse order. This function makes
-	 * sure the results are in 'forward' order.
-	 * @param list
-	 * @return
-	 */
     private Vector fetchRecords(IRequestVirtualList list, int maxCount) {
-    	
-    	Vector v = new Vector();
-    	int count = list.getSize();
-    	int c=0;
-    	for (int i=0; i<count; i++) {
-    		IRequest request = list.getElementAt(i);
-    		if (request != null) {
-    		   v.add(request);
-    		   c++;
-    		}
-    		if (c >= maxCount) break;
-    	}
-    	
-    	return v;
+
+        Vector v = new Vector();
+        int count = list.getSize();
+        int c = 0;
+        for (int i = 0; i < count; i++) {
+            IRequest request = list.getElementAt(i);
+            if (request != null) {
+                v.add(request);
+                c++;
+            }
+            if (c >= maxCount)
+                break;
+        }
+
+        return v;
 
     }
 
     /**
      * If the requests are in backwards order, reverse the list
+     * 
      * @param list
      * @return
      */
     private Vector normalizeOrder(Vector list) {
-    	
-    	int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0))
-    			.getRequestId().toString());
-    	int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list
-    			.size() - 1)).getRequestId().toString());
-    	boolean reverse = false;
-    	if (firstrequestnum > lastrequestnum) {
-    		reverse = true; // if the order is backwards, place items at the beginning
-    	}
-    	Vector v = new Vector();
-    	int count = list.size();
-    	for (int i = 0; i < count; i++) {
-    		Object request = list.elementAt(i);
-    		if (request != null) {
-    			if (reverse)
-    				v.add(0, request);
-    			else
-    				v.add(request);
-    		}
-    	}
-    	
-    	return v;
+
+        int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0))
+                .getRequestId().toString());
+        int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list
+                .size() - 1)).getRequestId().toString());
+        boolean reverse = false;
+        if (firstrequestnum > lastrequestnum) {
+            reverse = true; // if the order is backwards, place items at the beginning
+        }
+        Vector v = new Vector();
+        int count = list.size();
+        for (int i = 0; i < count; i++) {
+            Object request = list.elementAt(i);
+            if (request != null) {
+                if (reverse)
+                    v.add(0, request);
+                else
+                    v.add(request);
+            }
+        }
+
+        return v;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java
index 29414ca5..00f95ec2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.base.EBaseException;
@@ -26,11 +25,10 @@ import com.netscape.certsrv.base.SessionContext;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 
-
 /**
  * A class representing a request parser.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ReqParser implements IReqParser {
@@ -51,29 +49,30 @@ public class ReqParser implements IReqParser {
      * Maps request object into argument block.
      */
     public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-        throws EBaseException {
+            throws EBaseException {
         arg.addStringValue(TYPE, req.getRequestType());
-        arg.addLongValue("seqNum", 
-            Long.parseLong(req.getRequestId().toString()));
-        arg.addStringValue(STATUS, 
-            req.getRequestStatus().toString());
-        arg.addLongValue(CREATE_ON, 
-            req.getCreationTime().getTime() / 1000);
-        arg.addLongValue(UPDATE_ON, 
-            req.getModificationTime().getTime() / 1000);
+        arg.addLongValue("seqNum",
+                Long.parseLong(req.getRequestId().toString()));
+        arg.addStringValue(STATUS,
+                req.getRequestStatus().toString());
+        arg.addLongValue(CREATE_ON,
+                req.getCreationTime().getTime() / 1000);
+        arg.addLongValue(UPDATE_ON,
+                req.getModificationTime().getTime() / 1000);
         String updatedBy = req.getExtDataInString(IRequest.UPDATED_BY);
 
-        if (updatedBy == null) updatedBy = "";
+        if (updatedBy == null)
+            updatedBy = "";
         arg.addStringValue(UPDATE_BY, updatedBy);
 
         SessionContext ctx = SessionContext.getContext();
-        String id = (String) ctx.get(SessionContext.USER_ID); 
+        String id = (String) ctx.get(SessionContext.USER_ID);
 
         arg.addStringValue("callerName", id);
-		
+
         String owner = req.getRequestOwner();
 
-        if (owner != null) 
+        if (owner != null)
             arg.addStringValue("assignedTo", owner);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java
index 04b21440..5fc05bb2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Date;
@@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Search for certificates matching complex query filter
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class SearchReqs extends CMSServlet {
@@ -90,8 +88,9 @@ public class SearchReqs extends CMSServlet {
     }
 
     /**
-	 * initialize the servlet. This servlet uses queryReq.template
-	 * to render the response
+     * initialize the servlet. This servlet uses queryReq.template
+     * to render the response
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -154,10 +153,10 @@ public class SearchReqs extends CMSServlet {
 
     /**
      * Serves HTTP request. This format of this request is as follows:
-     *   queryCert?
-     *     [maxCount=<number>]
-     *     [queryFilter=<filter>]
-     *     [revokeAll=<filter>]
+     * queryCert?
+     * [maxCount=<number>]
+     * [queryFilter=<filter>]
+     * [revokeAll=<filter>]
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
@@ -172,10 +171,10 @@ public class SearchReqs extends CMSServlet {
                         mAuthzResourceName, "list");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -198,10 +197,10 @@ public class SearchReqs extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         try {
@@ -215,10 +214,10 @@ public class SearchReqs extends CMSServlet {
                 timeLimit = Integer.parseInt(timeLimitStr);
 
             process(argSet, header, req.getParameter("queryRequestFilter"), authToken,
-                maxResults, timeLimit, req, resp, locale[0]);
+                    maxResults, timeLimit, req, resp, locale[0]);
         } catch (NumberFormatException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
-            error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+            error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
         } catch (EBaseException e) {
             error = e;
         }
@@ -229,33 +228,33 @@ public class SearchReqs extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
     /**
      * Process the key search.
      */
-    private void process(CMSTemplateParams argSet, IArgBlock header, 
-        String filter, IAuthToken token,
-        int maxResults, int timeLimit,
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale)
-        throws EBaseException {
+    private void process(CMSTemplateParams argSet, IArgBlock header,
+            String filter, IAuthToken token,
+            int maxResults, int timeLimit,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale)
+            throws EBaseException {
 
         try {
             long startTime = CMS.getCurrentDate().getTime();
@@ -272,12 +271,12 @@ public class SearchReqs extends CMSServlet {
             } else {
                 if (owner.equals("self")) {
                     String self_uid = token.getInString(IAuthToken.USER_ID);
-                    requestowner_filter = "(requestowner="+self_uid+")";
+                    requestowner_filter = "(requestowner=" + self_uid + ")";
                 } else {
                     String uid = req.getParameter("uid");
-                    requestowner_filter = "(requestowner="+uid+")";
+                    requestowner_filter = "(requestowner=" + uid + ")";
                 }
-                newfilter = "(&"+requestowner_filter+filter.substring(2);
+                newfilter = "(&" + requestowner_filter + filter.substring(2);
             }
             // xxx the filter includes serial number range???
             if (maxResults == -1 || maxResults > mMaxReturns) {
@@ -289,8 +288,8 @@ public class SearchReqs extends CMSServlet {
                 timeLimit = mTimeLimits;
             }
             IRequestList list = (timeLimit > 0) ?
-                mQueue.listRequestsByFilter(newfilter, maxResults, timeLimit) :
-                mQueue.listRequestsByFilter(newfilter, maxResults);
+                    mQueue.listRequestsByFilter(newfilter, maxResults, timeLimit) :
+                    mQueue.listRequestsByFilter(newfilter, maxResults);
 
             int count = 0;
 
@@ -323,7 +322,8 @@ public class SearchReqs extends CMSServlet {
         int i = filter.indexOf(CURRENT_TIME, k);
 
         while (i > -1) {
-            if (now == null) now = new Date();
+            if (now == null)
+                now = new Date();
             newFilter.append(filter.substring(k, i));
             newFilter.append(now.getTime());
             k = i + CURRENT_TIME.length();
diff --git a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
index ca785565..3a6dda64 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
@@ -50,14 +50,12 @@ import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.symkey.SessionKey;
 
-
-
 /**
  * A class representings an administration servlet for Token Key
- * Service Authority. This servlet is responsible to serve 
- * tks administrative operation such as configuration 
+ * Service Authority. This servlet is responsible to serve
+ * tks administrative operation such as configuration
  * parameter updates.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class TokenServlet extends CMSServlet {
@@ -66,66 +64,53 @@ public class TokenServlet extends CMSServlet {
      */
     private static final long serialVersionUID = 8687436109695172791L;
     protected static final String PROP_ENABLED = "enabled";
-    protected static final String TRANSPORT_KEY_NAME ="sharedSecret";
+    protected static final String TRANSPORT_KEY_NAME = "sharedSecret";
     private final static String INFO = "TokenServlet";
     public static int ERROR = 1;
     private ITKSAuthority mTKS = null;
     private String mSelectedToken = null;
     private String mNewSelectedToken = null;
     String mKeyNickName = null;
-    String mNewKeyNickName = null; 
+    String mNewKeyNickName = null;
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM =
-        "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
     IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":");
 
-    private final static String
-        LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST =
-        "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3";
-
-   private final static String
-        LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8";
+    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST =
+            "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE =
-        "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9";
+    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS =
+            "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST =
-        "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5";
+    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE =
+            "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6";
+    private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST =
+            "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE =
-        "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7";
+    private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS =
+            "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6";
 
+    private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE =
+            "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST =
-        "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4";
+    private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST =
+            "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7";
+    private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS =
+            "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE =
-        "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8";
+    private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE =
+            "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST = 
-         "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2";
+    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST =
+            "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS = 
-         "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3";
+    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS =
+            "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE =
-         "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4";
+    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE =
+            "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4";
 
     /**
      * Constructs tks servlet.
@@ -135,14 +120,13 @@ public class TokenServlet extends CMSServlet {
 
     }
 
-    public static String trim(String a) 
-    {
-    StringBuffer newa = new StringBuffer();
+    public static String trim(String a) {
+        StringBuffer newa = new StringBuffer();
         StringTokenizer tokens = new StringTokenizer(a, "\n");
-    while (tokens.hasMoreTokens()) {
-        newa.append(tokens.nextToken());
-    }
-    return newa.toString();
+        while (tokens.hasMoreTokens()) {
+            newa.append(tokens.nextToken());
+        }
+        return newa.toString();
     }
 
     public void init(ServletConfig config) throws ServletException {
@@ -151,18 +135,19 @@ public class TokenServlet extends CMSServlet {
 
     /**
      * Returns serlvet information.
-     *
+     * 
      * @return name of this servlet
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
-   /**
-     * Process the HTTP request. 
-     *
+
+    /**
+     * Process the HTTP request.
+     * 
      * @param s The URL to decode.
      */
-     protected String URLdecode(String s) {
+    protected String URLdecode(String s) {
         if (s == null)
             return null;
         ByteArrayOutputStream out = new ByteArrayOutputStream(s.length());
@@ -182,62 +167,59 @@ public class TokenServlet extends CMSServlet {
             }
         } // end for
         return out.toString();
-     }
+    }
+
+    private void setDefaultSlotAndKeyName(HttpServletRequest req) {
+        try {
 
-    private void setDefaultSlotAndKeyName(HttpServletRequest req)
-    {
-         try {
+            String keySet = req.getParameter("keySet");
+            if (keySet == null || keySet.equals("")) {
+                keySet = "defKeySet";
+            }
+            CMS.debug("keySet selected: " + keySet);
 
-        String keySet = req.getParameter("keySet");
-        if (keySet == null || keySet.equals("")) {
-          keySet = "defKeySet";
-        }
-        CMS.debug("keySet selected: " + keySet);
+            mNewSelectedToken = null;
 
-        mNewSelectedToken = null;
-        
-        mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot");
-        String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
-        String temp = req.getParameter("KeyInfo"); //#xx#xx
-        String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
-        String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
-        if(mappingValue!=null)
-            {        
-            StringTokenizer st = new StringTokenizer(mappingValue, ":");
-            int tokenNumber=0;
-            while (st.hasMoreTokens()) {
-
-                        String currentToken= st.nextToken();
-                        if(tokenNumber==0)
-                            mSelectedToken = currentToken;
-                            else if(tokenNumber==1)
-                                mKeyNickName = currentToken;
-                        tokenNumber++;
-                    
-                    }
+            mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot");
+            String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
+            String temp = req.getParameter("KeyInfo"); //#xx#xx
+            String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
+            String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
+            if (mappingValue != null) {
+                StringTokenizer st = new StringTokenizer(mappingValue, ":");
+                int tokenNumber = 0;
+                while (st.hasMoreTokens()) {
+
+                    String currentToken = st.nextToken();
+                    if (tokenNumber == 0)
+                        mSelectedToken = currentToken;
+                    else if (tokenNumber == 1)
+                        mKeyNickName = currentToken;
+                    tokenNumber++;
+
+                }
             }
-        if(req.getParameter("newKeyInfo")!=null) // for diversification
+            if (req.getParameter("newKeyInfo") != null) // for diversification
             {
-            temp = req.getParameter("newKeyInfo"); //#xx#xx
-            String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
-            String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
-            if(newMappingValue!=null)
-                {
-                StringTokenizer st = new StringTokenizer(newMappingValue, ":");
-                int tokenNumber=0;
-                while (st.hasMoreTokens()) {
-                            String currentToken= st.nextToken();
-                            if(tokenNumber==0)
-                                mNewSelectedToken = currentToken;
-                                else if(tokenNumber==1)
-                                    mNewKeyNickName = currentToken;
-                            tokenNumber++;
-                    
-                        }
+                temp = req.getParameter("newKeyInfo"); //#xx#xx
+                String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
+                String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
+                if (newMappingValue != null) {
+                    StringTokenizer st = new StringTokenizer(newMappingValue, ":");
+                    int tokenNumber = 0;
+                    while (st.hasMoreTokens()) {
+                        String currentToken = st.nextToken();
+                        if (tokenNumber == 0)
+                            mNewSelectedToken = currentToken;
+                        else if (tokenNumber == 1)
+                            mNewKeyNickName = currentToken;
+                        tokenNumber++;
+
+                    }
                 }
-        }
+            }
 
-        SessionKey.SetDefaultPrefix(masterKeyPrefix);
+            SessionKey.SetDefaultPrefix(masterKeyPrefix);
 
         } catch (Exception e) {
             e.printStackTrace();
@@ -247,9 +229,8 @@ public class TokenServlet extends CMSServlet {
     }
 
     private void processComputeSessionKey(HttpServletRequest req,
-      HttpServletResponse resp) throws EBaseException
-    {
-        byte[] card_challenge ,host_challenge,keyInfo, xCUID, CUID, session_key;
+            HttpServletResponse resp) throws EBaseException {
+        byte[] card_challenge, host_challenge, keyInfo, xCUID, CUID, session_key;
         byte[] card_crypto, host_cryptogram, input_card_crypto;
         byte[] xcard_challenge, xhost_challenge;
         byte[] enc_session_key, xkeyInfo;
@@ -257,18 +238,18 @@ public class TokenServlet extends CMSServlet {
         String errorMsg = "";
         String badParams = "";
         String transportKeyName = "";
-   
-        String rCUID = req.getParameter("CUID"); 
+
+        String rCUID = req.getParameter("CUID");
         String keySet = req.getParameter("keySet");
         if (keySet == null || keySet.equals("")) {
-          keySet = "defKeySet";
+            keySet = "defKeySet";
         }
         CMS.debug("keySet selected: " + keySet);
 
         boolean serversideKeygen = false;
         byte[] drm_trans_wrapped_desKey = null;
-	PK11SymKey desKey = null;
-	//        PK11SymKey kek_session_key;
+        PK11SymKey desKey = null;
+        //        PK11SymKey kek_session_key;
         PK11SymKey kek_key;
 
         IConfigStore sconfig = CMS.getConfigStore();
@@ -278,14 +259,14 @@ public class TokenServlet extends CMSServlet {
         card_crypto = null;
         host_cryptogram = null;
         enc_session_key = null;
-	//        kek_session_key = null;
+        //        kek_session_key = null;
 
         SessionContext sContext = SessionContext.getContext();
 
-        String agentId="";
+        String agentId = "";
         if (sContext != null) {
             agentId =
-                (String) sContext.get(SessionContext.USER_ID);
+                    (String) sContext.get(SessionContext.USER_ID);
         }
 
         auditMessage = CMS.getLogMessage(
@@ -297,19 +278,19 @@ public class TokenServlet extends CMSServlet {
         audit(auditMessage);
 
         String kek_wrapped_desKeyString = null;
-	String keycheck_s = null;
+        String keycheck_s = null;
 
         CMS.debug("processComputeSessionKey:");
         String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true");
-	if (!useSoftToken_s.equalsIgnoreCase("true"))
-	    useSoftToken_s = "false";
+        if (!useSoftToken_s.equalsIgnoreCase("true"))
+            useSoftToken_s = "false";
 
-	String rServersideKeygen = (String) req.getParameter("serversideKeygen");
+        String rServersideKeygen = (String) req.getParameter("serversideKeygen");
         if (rServersideKeygen.equals("true")) {
-              CMS.debug("TokenServlet: serversideKeygen requested");
-              serversideKeygen = true;
+            CMS.debug("TokenServlet: serversideKeygen requested");
+            serversideKeygen = true;
         } else {
-              CMS.debug("TokenServlet: serversideKeygen not requested");
+            CMS.debug("TokenServlet: serversideKeygen not requested");
         }
 
         try {
@@ -318,13 +299,12 @@ public class TokenServlet extends CMSServlet {
         }
 
         try {
-            transportKeyName = sconfig.getString("tks.tksSharedSymKeyName",TRANSPORT_KEY_NAME);
+            transportKeyName = sconfig.getString("tks.tksSharedSymKeyName", TRANSPORT_KEY_NAME);
         } catch (EBaseException e) {
         }
 
         CMS.debug("TokenServlet: ComputeSessionKey(): tksSharedSymKeyName: " + transportKeyName);
 
-
         String rcard_challenge = req.getParameter("card_challenge");
         String rhost_challenge = req.getParameter("host_challenge");
         String rKeyInfo = req.getParameter("KeyInfo");
@@ -353,7 +333,6 @@ public class TokenServlet extends CMSServlet {
             missingParam = true;
         }
 
-        
         String selectedToken = null;
         String keyNickName = null;
         boolean sameCardCrypto = true;
@@ -362,48 +341,48 @@ public class TokenServlet extends CMSServlet {
 
             xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
             if (xCUID == null || xCUID.length != 10) {
-                        badParams += " CUID length,";
-                        CMS.debug("TokenServlet: Invalid CUID length");
-                        missingParam = true;
+                badParams += " CUID length,";
+                CMS.debug("TokenServlet: Invalid CUID length");
+                missingParam = true;
             }
             xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
             if (xkeyInfo == null || xkeyInfo.length != 2) {
-                        badParams += " KeyInfo length,";
-                        CMS.debug("TokenServlet: Invalid key info length.");
-                        missingParam = true;
+                badParams += " KeyInfo length,";
+                CMS.debug("TokenServlet: Invalid key info length.");
+                missingParam = true;
             }
-            xcard_challenge = 
-                com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
+            xcard_challenge =
+                    com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
             if (xcard_challenge == null || xcard_challenge.length != 8) {
-                        badParams += " card_challenge length,";
-                        CMS.debug("TokenServlet: Invalid card challenge length.");
-                        missingParam = true;
+                badParams += " card_challenge length,";
+                CMS.debug("TokenServlet: Invalid card challenge length.");
+                missingParam = true;
             }
-        
+
             xhost_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge);
             if (xhost_challenge == null || xhost_challenge.length != 8) {
-                        badParams += " host_challenge length,";
-                        CMS.debug("TokenServlet: Invalid host challenge length");
-                        missingParam = true;
+                badParams += " host_challenge length,";
+                CMS.debug("TokenServlet: Invalid host challenge length");
+                missingParam = true;
             }
- 
+
         }
 
         CUID = null;
         if (!missingParam) {
-            card_challenge = 
-                com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
-        
+            card_challenge =
+                    com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
+
             host_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge);
             keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
 
-            CUID =com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+            CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
 
             String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; //#xx#xx
             String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
             if (mappingValue == null) {
-                selectedToken = 
-                  CMS.getConfigStore().getString("tks.defaultSlot", "internal");
+                selectedToken =
+                        CMS.getConfigStore().getString("tks.defaultSlot", "internal");
                 keyNickName = rKeyInfo;
             } else {
                 StringTokenizer st = new StringTokenizer(mappingValue, ":");
@@ -419,133 +398,128 @@ public class TokenServlet extends CMSServlet {
 
                     byte macKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".mac_key"));
                     CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken=" + selectedToken + " keyNickName=" + keyNickName);
-                        session_key = SessionKey.ComputeSessionKey(
-			     selectedToken,keyNickName,card_challenge,
-			     host_challenge,keyInfo,CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName );
+                    session_key = SessionKey.ComputeSessionKey(
+                            selectedToken, keyNickName, card_challenge,
+                            host_challenge, keyInfo, CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName);
 
-                    if(session_key == null)
-                    {
+                    if (session_key == null) {
                         CMS.debug("TokenServlet:Tried ComputeSessionKey, got NULL ");
-                        throw  new Exception("Can't compute session key!");
+                        throw new Exception("Can't compute session key!");
 
-                    }     
+                    }
 
                     byte encKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key"));
                     enc_session_key = SessionKey.ComputeEncSessionKey(
-                      selectedToken,keyNickName,card_challenge,
-		      host_challenge,keyInfo,CUID, encKeyArray, useSoftToken_s, keySet);
+                            selectedToken, keyNickName, card_challenge,
+                            host_challenge, keyInfo, CUID, encKeyArray, useSoftToken_s, keySet);
 
-                    if(enc_session_key == null)
-                    {
+                    if (enc_session_key == null) {
                         CMS.debug("TokenServlet:Tried ComputeEncSessionKey, got NULL ");
-                        throw  new Exception("Can't compute enc session key!");
-    
+                        throw new Exception("Can't compute enc session key!");
+
                     }
 
                     if (serversideKeygen == true) {
 
                         /**
-			 * 0. generate des key
+                         * 0. generate des key
                          * 1. encrypt des key with kek key
                          * 2. encrypt des key with DRM transport key
                          * These two wrapped items are to be sent back to
-                         * TPS.  2nd item is to DRM
+                         * TPS. 2nd item is to DRM
                          **/
                         CMS.debug("TokenServlet: calling ComputeKekKey");
 
-                    byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
-
+                        byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
 
                         kek_key = SessionKey.ComputeKekKey(
-			     selectedToken,keyNickName,card_challenge,
-			     host_challenge,keyInfo,CUID, kekKeyArray, useSoftToken_s,keySet);
-
+                                selectedToken, keyNickName, card_challenge,
+                                host_challenge, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet);
 
                         CMS.debug("TokenServlet: called ComputeKekKey");
 
-                        if(kek_key == null)
-                        {
+                        if (kek_key == null) {
                             CMS.debug("TokenServlet:Tried ComputeKekKey, got NULL ");
-                            throw  new Exception("Can't compute kek key!");
-    
+                            throw new Exception("Can't compute kek key!");
+
                         }
                         // now use kek key to wrap kek session key..
-			CMS.debug("computeSessionKey:kek key len ="+
-				  kek_key.getLength());
-
-			// (1) generate DES key
-			/* applet does not support DES3
-			org.mozilla.jss.crypto.KeyGenerator kg = 
-			    internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
-			    desKey = kg.generate();*/
-
-			/*
-			 * XXX GenerateSymkey firt generates a 16 byte DES2 key.
-			 * It then pads it into a 24 byte key with last
-			 * 8 bytes copied from the 1st 8 bytes.  Effectively
-			 * making it a 24 byte DES2 key.  We need this for
-			 * wrapping private keys on DRM.
-			 */
-			/*generate it on whichever token the master key is at*/
-			if (useSoftToken_s.equals("true")) {
-			    CMS.debug("TokenServlet: key encryption key generated on internal");
-//cfu audit here? sym key gen
-			    desKey = SessionKey.GenerateSymkey("internal");
-//cfu audit here? sym key gen done
+                        CMS.debug("computeSessionKey:kek key len =" +
+                                kek_key.getLength());
+
+                        // (1) generate DES key
+                        /* applet does not support DES3
+                        org.mozilla.jss.crypto.KeyGenerator kg = 
+                            internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
+                            desKey = kg.generate();*/
+
+                        /*
+                         * XXX GenerateSymkey firt generates a 16 byte DES2 key.
+                         * It then pads it into a 24 byte key with last
+                         * 8 bytes copied from the 1st 8 bytes.  Effectively
+                         * making it a 24 byte DES2 key.  We need this for
+                         * wrapping private keys on DRM.
+                         */
+                        /*generate it on whichever token the master key is at*/
+                        if (useSoftToken_s.equals("true")) {
+                            CMS.debug("TokenServlet: key encryption key generated on internal");
+                            //cfu audit here? sym key gen
+                            desKey = SessionKey.GenerateSymkey("internal");
+                            //cfu audit here? sym key gen done
                         } else {
-			    CMS.debug("TokenServlet: key encryption key generated on " + selectedToken);
-			    desKey = SessionKey.GenerateSymkey(selectedToken);
+                            CMS.debug("TokenServlet: key encryption key generated on " + selectedToken);
+                            desKey = SessionKey.GenerateSymkey(selectedToken);
+                        }
+                        if (desKey != null)
+                            CMS.debug("TokenServlet: key encryption key generated for " + rCUID);
+                        else {
+                            CMS.debug("TokenServlet: key encryption key generation failed for " + rCUID);
+                            throw new Exception("can't generate key encryption key");
                         }
-			if (desKey != null)
-			    CMS.debug("TokenServlet: key encryption key generated for "+rCUID);
-			else {
-			    CMS.debug("TokenServlet: key encryption key generation failed for "+rCUID);
-			    throw new Exception ("can't generate key encryption key");
-			}
-
-			/*
-			 * XXX ECBencrypt actually takes the 24 byte DES2 key
-			 * and discard the last 8 bytes before it encrypts.
-			 * This is done so that the applet can digest it
-			 */
-			byte[] encDesKey =
-			    SessionKey.ECBencrypt( kek_key,
-						    desKey);
-			/*
-			CMS.debug("computeSessionKey:encrypted desKey size = "+encDesKey.length);
-			CMS.debug(encDesKey);
-			*/
+
+                        /*
+                         * XXX ECBencrypt actually takes the 24 byte DES2 key
+                         * and discard the last 8 bytes before it encrypts.
+                         * This is done so that the applet can digest it
+                         */
+                        byte[] encDesKey =
+                                SessionKey.ECBencrypt(kek_key,
+                                        desKey);
+                        /*
+                        CMS.debug("computeSessionKey:encrypted desKey size = "+encDesKey.length);
+                        CMS.debug(encDesKey);
+                        */
 
                         kek_wrapped_desKeyString =
-                            com.netscape.cmsutil.util.Utils.SpecialEncode(encDesKey);
-
-			// get keycheck
-			byte[] keycheck = 
-			    SessionKey.ComputeKeyCheck(desKey);
-			/*
-			CMS.debug("computeSessionKey:keycheck size = "+keycheck.length);
-			CMS.debug(keycheck);
-			*/
-			keycheck_s =
-			    com.netscape.cmsutil.util.Utils.SpecialEncode(keycheck);
+                                com.netscape.cmsutil.util.Utils.SpecialEncode(encDesKey);
+
+                        // get keycheck
+                        byte[] keycheck =
+                                SessionKey.ComputeKeyCheck(desKey);
+                        /*
+                        CMS.debug("computeSessionKey:keycheck size = "+keycheck.length);
+                        CMS.debug(keycheck);
+                        */
+                        keycheck_s =
+                                com.netscape.cmsutil.util.Utils.SpecialEncode(keycheck);
 
                         //XXX use DRM transport cert to wrap desKey
-                        String drmTransNickname =  CMS.getConfigStore().getString("tks.drm_transport_cert_nickname", "");
+                        String drmTransNickname = CMS.getConfigStore().getString("tks.drm_transport_cert_nickname", "");
 
-			if ((drmTransNickname == null) || (drmTransNickname == "")) {
-			    CMS.debug("TokenServlet:did not find DRM transport certificate nickname");
-			    throw new Exception("can't find DRM transport certificate nickname");
-			} else {
-			    CMS.debug("TokenServlet:drmtransport_cert_nickname="+drmTransNickname);
-			}
+                        if ((drmTransNickname == null) || (drmTransNickname == "")) {
+                            CMS.debug("TokenServlet:did not find DRM transport certificate nickname");
+                            throw new Exception("can't find DRM transport certificate nickname");
+                        } else {
+                            CMS.debug("TokenServlet:drmtransport_cert_nickname=" + drmTransNickname);
+                        }
 
                         X509Certificate drmTransCert = null;
                         drmTransCert = CryptoManager.getInstance().findCertByNickname(drmTransNickname);
                         // wrap kek session key with DRM transport public key
-			CryptoToken token = null;
-			if (useSoftToken_s.equals("true")) {
-                           //token = CryptoManager.getInstance().getTokenByName(selectedToken);
-                           token = CryptoManager.getInstance().getInternalCryptoToken();
+                        CryptoToken token = null;
+                        if (useSoftToken_s.equals("true")) {
+                            //token = CryptoManager.getInstance().getTokenByName(selectedToken);
+                            token = CryptoManager.getInstance().getInternalCryptoToken();
                         } else {
                             token = CryptoManager.getInstance().getTokenByName(selectedToken);
                         }
@@ -561,31 +535,29 @@ public class TokenServlet extends CMSServlet {
                             keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.RSA);
                             keyWrapper.initWrap(pubKey, null);
                         }
-                        CMS.debug("desKey token " + desKey.getOwningToken().getName() + " token: " + token.getName() );
+                        CMS.debug("desKey token " + desKey.getOwningToken().getName() + " token: " + token.getName());
                         drm_trans_wrapped_desKey = keyWrapper.wrap(desKey);
-			CMS.debug("computeSessionKey:desKey wrapped with drm transportation key.");
+                        CMS.debug("computeSessionKey:desKey wrapped with drm transportation key.");
 
                     } // if (serversideKeygen == true)
 
                     byte authKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key"));
                     host_cryptogram = SessionKey.ComputeCryptogram(
-                      selectedToken,keyNickName,card_challenge,
-		      host_challenge,keyInfo,CUID,0, authKeyArray, useSoftToken_s, keySet);
+                            selectedToken, keyNickName, card_challenge,
+                            host_challenge, keyInfo, CUID, 0, authKeyArray, useSoftToken_s, keySet);
 
-                    if(host_cryptogram == null)
-                    {
+                    if (host_cryptogram == null) {
                         CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL ");
-                        throw  new Exception("Can't compute host cryptogram!");
+                        throw new Exception("Can't compute host cryptogram!");
 
                     }
                     card_crypto = SessionKey.ComputeCryptogram(
-                      selectedToken,keyNickName,card_challenge,
-		      host_challenge,keyInfo,CUID,1, authKeyArray, useSoftToken_s, keySet);
+                            selectedToken, keyNickName, card_challenge,
+                            host_challenge, keyInfo, CUID, 1, authKeyArray, useSoftToken_s, keySet);
 
-                    if(card_crypto == null)
-                    {
+                    if (card_crypto == null) {
                         CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL ");
-                        throw  new Exception("Can't compute card cryptogram!");
+                        throw new Exception("Can't compute card cryptogram!");
 
                     }
 
@@ -595,9 +567,9 @@ public class TokenServlet extends CMSServlet {
                             throw new Exception("Missing card cryptogram");
                         }
                         input_card_crypto =
-                               com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram);
+                                com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram);
                         if (card_crypto.length == input_card_crypto.length) {
-                            for (int i=0; i<card_crypto.length; i++) {
+                            for (int i = 0; i < card_crypto.length; i++) {
                                 if (card_crypto[i] != input_card_crypto[i]) {
                                     sameCardCrypto = false;
                                     break;
@@ -611,15 +583,15 @@ public class TokenServlet extends CMSServlet {
 
                     CMS.getLogger().log(ILogger.EV_AUDIT,
                             ILogger.S_TKS,
-                            ILogger.LL_INFO,"processComputeSessionKey for CUID=" + 
-                            trim(pp.toHexString(CUID)));
-                }    catch (Exception e) {
+                            ILogger.LL_INFO, "processComputeSessionKey for CUID=" +
+                                    trim(pp.toHexString(CUID)));
+                } catch (Exception e) {
                     CMS.debug(e);
                     CMS.debug("TokenServlet Computing Session Key: " + e.toString());
                     if (isCryptoValidate)
                         sameCardCrypto = false;
                 }
-            } 
+            }
         } // ! missingParam
 
         String value = "";
@@ -632,34 +604,32 @@ public class TokenServlet extends CMSServlet {
         String cryptogram = "";
         String status = "0";
         if (session_key != null && session_key.length > 0) {
-            outputString = 
-                com.netscape.cmsutil.util.Utils.SpecialEncode(session_key);
-        } else   {
-            
+            outputString =
+                    com.netscape.cmsutil.util.Utils.SpecialEncode(session_key);
+        } else {
+
             status = "1";
         }
 
         if (enc_session_key != null && enc_session_key.length > 0) {
-            encSessionKeyString = 
-                com.netscape.cmsutil.util.Utils.SpecialEncode(enc_session_key);
-        } else  {
+            encSessionKeyString =
+                    com.netscape.cmsutil.util.Utils.SpecialEncode(enc_session_key);
+        } else {
             status = "1";
         }
 
-
         if (serversideKeygen == true) {
-	    if ( drm_trans_wrapped_desKey != null && drm_trans_wrapped_desKey.length > 0)
-		drm_trans_wrapped_desKeyString  = 
-		    com.netscape.cmsutil.util.Utils.SpecialEncode(drm_trans_wrapped_desKey);
-	    else  {
-		status = "1";
+            if (drm_trans_wrapped_desKey != null && drm_trans_wrapped_desKey.length > 0)
+                drm_trans_wrapped_desKeyString =
+                        com.netscape.cmsutil.util.Utils.SpecialEncode(drm_trans_wrapped_desKey);
+            else {
+                status = "1";
             }
-	}
+        }
 
-        
         if (host_cryptogram != null && host_cryptogram.length > 0) {
-            cryptogram = 
-                com.netscape.cmsutil.util.Utils.SpecialEncode(host_cryptogram);
+            cryptogram =
+                    com.netscape.cmsutil.util.Utils.SpecialEncode(host_cryptogram);
         } else {
             status = "2";
         }
@@ -675,32 +645,30 @@ public class TokenServlet extends CMSServlet {
         if (missingParam) {
             status = "3";
         }
- 
-        if (!status.equals("0"))  {
-
-
-           if(status.equals("1")) {
-               errorMsg = "Problem generating session key info.";
-           }
- 
-           if(status.equals("2")) {
-               errorMsg = "Problem creating host_cryptogram.";
-           }
- 
-           if(status.equals("4")) {
-               errorMsg = "Problem obtaining token information.";
-           }
-
-           if(status.equals("3")) {
-               if(badParams.endsWith(","))  {
-                  badParams = badParams.substring(0,badParams.length() -1);         
-               }
-               errorMsg = "Missing input parameters :" + badParams;
-           }
-
-            value = "status="+status;
-        }
-        else {
+
+        if (!status.equals("0")) {
+
+            if (status.equals("1")) {
+                errorMsg = "Problem generating session key info.";
+            }
+
+            if (status.equals("2")) {
+                errorMsg = "Problem creating host_cryptogram.";
+            }
+
+            if (status.equals("4")) {
+                errorMsg = "Problem obtaining token information.";
+            }
+
+            if (status.equals("3")) {
+                if (badParams.endsWith(",")) {
+                    badParams = badParams.substring(0, badParams.length() - 1);
+                }
+                errorMsg = "Missing input parameters :" + badParams;
+            }
+
+            value = "status=" + status;
+        } else {
             if (serversideKeygen == true) {
                 StringBuffer sb = new StringBuffer();
                 sb.append("status=0&");
@@ -709,10 +677,10 @@ public class TokenServlet extends CMSServlet {
                 sb.append("&hostCryptogram=");
                 sb.append(cryptogram);
                 sb.append("&encSessionKey=");
-                sb.append(encSessionKeyString); 
+                sb.append(encSessionKeyString);
                 sb.append("&kek_wrapped_desKey=");
                 sb.append(kek_wrapped_desKeyString);
-		        sb.append("&keycheck=");
+                sb.append("&keycheck=");
                 sb.append(keycheck_s);
                 sb.append("&drm_trans_wrapped_desKey=");
                 sb.append(drm_trans_wrapped_desKeyString);
@@ -722,19 +690,19 @@ public class TokenServlet extends CMSServlet {
                 sb.append("status=0&");
                 sb.append("sessionKey=");
                 sb.append(outputString);
-				sb.append("&hostCryptogram=");
-				sb.append(cryptogram);
+                sb.append("&hostCryptogram=");
+                sb.append(cryptogram);
                 sb.append("&encSessionKey=");
                 sb.append(encSessionKeyString);
                 value = sb.toString();
             }
 
         }
-        CMS.debug("TokenServlet:outputString.encode " +value);
+        CMS.debug("TokenServlet:outputString.encode " + value);
 
-        try{
+        try {
             resp.setContentLength(value.length());
-            CMS.debug("TokenServlet:outputString.length " +value.length());
+            CMS.debug("TokenServlet:outputString.length " + value.length());
             OutputStream ooss = resp.getOutputStream();
             ooss.write(value.getBytes());
             ooss.flush();
@@ -742,65 +710,65 @@ public class TokenServlet extends CMSServlet {
         } catch (IOException e) {
             CMS.debug("TokenServlet: " + e.toString());
         }
-       
-        if(status.equals("0")) {
 
-           auditMessage = CMS.getLogMessage(
+        if (status.equals("0")) {
+
+            auditMessage = CMS.getLogMessage(
                          LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS,
                         rCUID,
                         ILogger.SUCCESS,
                         status,
                         agentId,
-                        isCryptoValidate? "true":"false",
-                        serversideKeygen? "true":"false",
+                        isCryptoValidate ? "true" : "false",
+                        serversideKeygen ? "true" : "false",
                         selectedToken,
                         keyNickName);
 
         } else {
 
-           auditMessage = CMS.getLogMessage(
+            auditMessage = CMS.getLogMessage(
                          LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,
                         rCUID,
                         ILogger.FAILURE,
                         status,
                         agentId,
-                        isCryptoValidate? "true":"false",
-                        serversideKeygen? "true":"false",
+                        isCryptoValidate ? "true" : "false",
+                        serversideKeygen ? "true" : "false",
                         selectedToken,
                         keyNickName,
                         errorMsg);
-       }
- 
+        }
+
         audit(auditMessage);
     }
 
     private void processDiversifyKey(HttpServletRequest req,
-      HttpServletResponse resp) throws EBaseException {
-        byte[] KeySetData,KeysValues,CUID,xCUID;
-        byte[] xkeyInfo,xnewkeyInfo;
+            HttpServletResponse resp) throws EBaseException {
+        byte[] KeySetData, KeysValues, CUID, xCUID;
+        byte[] xkeyInfo, xnewkeyInfo;
         boolean missingParam = false;
         String errorMsg = "";
         String badParams = "";
 
         IConfigStore sconfig = CMS.getConfigStore();
-         String rnewKeyInfo        = req.getParameter("newKeyInfo");
+        String rnewKeyInfo = req.getParameter("newKeyInfo");
         String newMasterKeyName = req.getParameter("newKeyInfo");
         String oldMasterKeyName = req.getParameter("KeyInfo");
-        String rCUID =req.getParameter("CUID");
-        String auditMessage="";
+        String rCUID = req.getParameter("CUID");
+        String auditMessage = "";
 
         String keySet = req.getParameter("keySet");
         if (keySet == null || keySet.equals("")) {
-          keySet = "defKeySet";
+            keySet = "defKeySet";
         }
         CMS.debug("keySet selected: " + keySet);
 
         SessionContext sContext = SessionContext.getContext();
 
-        String agentId="";
+        String agentId = "";
         if (sContext != null) {
             agentId =
-                (String) sContext.get(SessionContext.USER_ID);
+                    (String) sContext.get(SessionContext.USER_ID);
         }
 
         auditMessage = CMS.getLogMessage(
@@ -813,7 +781,6 @@ public class TokenServlet extends CMSServlet {
 
         audit(auditMessage);
 
-
         if ((rCUID == null) || (rCUID.equals(""))) {
             badParams += " CUID,";
             CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: CUID");
@@ -824,101 +791,101 @@ public class TokenServlet extends CMSServlet {
             CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: newKeyInfo");
             missingParam = true;
         }
-        if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))){
+        if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))) {
             badParams += " KeyInfo,";
             CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: KeyInfo");
             missingParam = true;
         }
 
         if (!missingParam) {
-                xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(oldMasterKeyName);
-                    if (xkeyInfo == null || xkeyInfo.length != 2) {
-                        badParams += " KeyInfo length,";
-                        CMS.debug("TokenServlet: Invalid key info length");
-                        missingParam = true;
-                     }
-                xnewkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(newMasterKeyName);
-                    if (xnewkeyInfo == null || xnewkeyInfo.length != 2) {
-                        badParams += " NewKeyInfo length,";
-                        CMS.debug("TokenServlet: Invalid new key info length");
-                        missingParam = true;
-                     }
-                }
+            xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(oldMasterKeyName);
+            if (xkeyInfo == null || xkeyInfo.length != 2) {
+                badParams += " KeyInfo length,";
+                CMS.debug("TokenServlet: Invalid key info length");
+                missingParam = true;
+            }
+            xnewkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(newMasterKeyName);
+            if (xnewkeyInfo == null || xnewkeyInfo.length != 2) {
+                badParams += " NewKeyInfo length,";
+                CMS.debug("TokenServlet: Invalid new key info length");
+                missingParam = true;
+            }
+        }
         String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true");
-	if (!useSoftToken_s.equalsIgnoreCase("true"))
-	    useSoftToken_s = "false";
+        if (!useSoftToken_s.equalsIgnoreCase("true"))
+            useSoftToken_s = "false";
 
         KeySetData = null;
         String outputString = null;
         if (!missingParam) {
-                   xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-                   if (xCUID == null || xCUID.length != 10) {
-                        badParams += " CUID length,";
-                        CMS.debug("TokenServlet: Invalid CUID length");
-            missingParam = true;
-                   }
-                }
+            xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+            if (xCUID == null || xCUID.length != 10) {
+                badParams += " CUID length,";
+                CMS.debug("TokenServlet: Invalid CUID length");
+                missingParam = true;
+            }
+        }
         if (!missingParam) {
-          CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-
-          if (mKeyNickName!=null)
-              oldMasterKeyName =   mKeyNickName;
-          if (mNewKeyNickName!=null)
-              newMasterKeyName = mNewKeyNickName;  
-
-          String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + req.getParameter("KeyInfo"); //#xx#xx
-          String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null);
-          String oldSelectedToken = null;
-          String oldKeyNickName = null;
-          if (oldMappingValue == null) {
-              oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
-              oldKeyNickName = req.getParameter("KeyInfo");
-          } else {
-              StringTokenizer st = new StringTokenizer(oldMappingValue, ":");
-              oldSelectedToken = st.nextToken();
-              oldKeyNickName = st.nextToken();
-          }
-
-          String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; //#xx#xx
-          String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
-          String newSelectedToken = null;
-          String newKeyNickName = null;
-          if (newMappingValue == null) {
-              newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
-              newKeyNickName = rnewKeyInfo;
-          } else {
-              StringTokenizer st = new StringTokenizer(newMappingValue, ":");
-              newSelectedToken = st.nextToken();
-              newKeyNickName = st.nextToken();
-          }
-
-          CMS.debug("process DiversifyKey for oldSelectedToke="+ 
-                oldSelectedToken + " newSelectedToken=" + newSelectedToken + 
-                " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" + 
-                newKeyNickName);
-
-          byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
-          KeySetData = SessionKey.DiversifyKey(oldSelectedToken, 
+            CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+
+            if (mKeyNickName != null)
+                oldMasterKeyName = mKeyNickName;
+            if (mNewKeyNickName != null)
+                newMasterKeyName = mNewKeyNickName;
+
+            String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + req.getParameter("KeyInfo"); //#xx#xx
+            String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null);
+            String oldSelectedToken = null;
+            String oldKeyNickName = null;
+            if (oldMappingValue == null) {
+                oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
+                oldKeyNickName = req.getParameter("KeyInfo");
+            } else {
+                StringTokenizer st = new StringTokenizer(oldMappingValue, ":");
+                oldSelectedToken = st.nextToken();
+                oldKeyNickName = st.nextToken();
+            }
+
+            String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; //#xx#xx
+            String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
+            String newSelectedToken = null;
+            String newKeyNickName = null;
+            if (newMappingValue == null) {
+                newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
+                newKeyNickName = rnewKeyInfo;
+            } else {
+                StringTokenizer st = new StringTokenizer(newMappingValue, ":");
+                newSelectedToken = st.nextToken();
+                newKeyNickName = st.nextToken();
+            }
+
+            CMS.debug("process DiversifyKey for oldSelectedToke=" +
+                    oldSelectedToken + " newSelectedToken=" + newSelectedToken +
+                    " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" +
+                    newKeyNickName);
+
+            byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
+            KeySetData = SessionKey.DiversifyKey(oldSelectedToken,
                      newSelectedToken, oldKeyNickName,
-		 newKeyNickName,rnewKeyInfo,CUID, kekKeyArray, useSoftToken_s, keySet);
-
-          if (KeySetData == null || KeySetData.length<=1) {
-                  CMS.getLogger().log(ILogger.EV_AUDIT,
-                  ILogger.S_TKS,
-                  ILogger.LL_INFO,"process DiversifyKey: Missing MasterKey in Slot");
-          }
-
-          CMS.getLogger().log(ILogger.EV_AUDIT,
-                  ILogger.S_TKS,
-                  ILogger.LL_INFO,"process DiversifyKey for CUID ="+ trim(pp.toHexString(CUID))
-                  + ";from oldMasterKeyName="+oldSelectedToken + ":" + oldKeyNickName
-                  +";to newMasterKeyName="+newSelectedToken + ":" + newKeyNickName);
-
-          resp.setContentType("text/html");
-            
-          if (KeySetData != null) {
-              outputString  = new String(KeySetData);
-          }
+                    newKeyNickName, rnewKeyInfo, CUID, kekKeyArray, useSoftToken_s, keySet);
+
+            if (KeySetData == null || KeySetData.length <= 1) {
+                CMS.getLogger().log(ILogger.EV_AUDIT,
+                        ILogger.S_TKS,
+                        ILogger.LL_INFO, "process DiversifyKey: Missing MasterKey in Slot");
+            }
+
+            CMS.getLogger().log(ILogger.EV_AUDIT,
+                    ILogger.S_TKS,
+                    ILogger.LL_INFO, "process DiversifyKey for CUID =" + trim(pp.toHexString(CUID))
+                            + ";from oldMasterKeyName=" + oldSelectedToken + ":" + oldKeyNickName
+                            + ";to newMasterKeyName=" + newSelectedToken + ":" + newKeyNickName);
+
+            resp.setContentType("text/html");
+
+            if (KeySetData != null) {
+                outputString = new String(KeySetData);
+            }
         } // ! missingParam
 
         //CMS.debug("TokenServlet:processDiversifyKey " +outputString);
@@ -928,26 +895,26 @@ public class TokenServlet extends CMSServlet {
         String status = "0";
 
         if (KeySetData != null && KeySetData.length > 1) {
-            value = "status=0&"+"keySetData=" + 
+            value = "status=0&" + "keySetData=" +
                      com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData);
-            CMS.debug("TokenServlet:process DiversifyKey.encode " +value);
+            CMS.debug("TokenServlet:process DiversifyKey.encode " + value);
         } else if (missingParam) {
             status = "3";
-            if(badParams.endsWith(","))  {
-                badParams = badParams.substring(0,badParams.length() -1);
+            if (badParams.endsWith(",")) {
+                badParams = badParams.substring(0, badParams.length() - 1);
             }
             errorMsg = "Missing input parameters: " + badParams;
             value = "status=" + status;
-        } else  {
+        } else {
             errorMsg = "Problem diversifying key data.";
             status = "1";
             value = "status=" + status;
         }
 
         resp.setContentLength(value.length());
-        CMS.debug("TokenServlet:outputString.length " +value.length());
+        CMS.debug("TokenServlet:outputString.length " + value.length());
 
-        try{
+        try {
             OutputStream ooss = resp.getOutputStream();
             ooss.write(value.getBytes());
             ooss.flush();
@@ -956,9 +923,9 @@ public class TokenServlet extends CMSServlet {
             CMS.debug("TokenServlet:process DiversifyKey: " + e.toString());
         }
 
-         if(status.equals("0")) {
+        if (status.equals("0")) {
 
-           auditMessage = CMS.getLogMessage(
+            auditMessage = CMS.getLogMessage(
                          LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS,
                         rCUID,
                         ILogger.SUCCESS,
@@ -969,7 +936,7 @@ public class TokenServlet extends CMSServlet {
 
         } else {
 
-           auditMessage = CMS.getLogMessage(
+            auditMessage = CMS.getLogMessage(
                          LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,
                         rCUID,
                         ILogger.FAILURE,
@@ -978,13 +945,13 @@ public class TokenServlet extends CMSServlet {
                         oldMasterKeyName,
                         newMasterKeyName,
                         errorMsg);
-       }
+        }
 
-       audit(auditMessage);
+        audit(auditMessage);
     }
 
     private void processEncryptData(HttpServletRequest req,
-      HttpServletResponse resp) throws EBaseException {
+            HttpServletResponse resp) throws EBaseException {
         byte[] keyInfo, CUID, xCUID, encryptedData, xkeyInfo;
         boolean missingParam = false;
         byte[] data = null;
@@ -1004,10 +971,10 @@ public class TokenServlet extends CMSServlet {
 
         SessionContext sContext = SessionContext.getContext();
 
-        String agentId="";
+        String agentId = "";
         if (sContext != null) {
             agentId =
-                (String) sContext.get(SessionContext.USER_ID);
+                    (String) sContext.get(SessionContext.USER_ID);
         }
 
         CMS.debug("keySet selected: " + keySet);
@@ -1032,20 +999,20 @@ public class TokenServlet extends CMSServlet {
 
         if (isRandom) {
             if ((rdata == null) || (rdata.equals(""))) {
-              CMS.debug("TokenServlet: processEncryptData(): no data in request.  Generating random number as data");
+                CMS.debug("TokenServlet: processEncryptData(): no data in request.  Generating random number as data");
             } else {
-              CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating...");
+                CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating...");
             }
             try {
-              SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
-              data = new byte[16];
-              random.nextBytes(data);
+                SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+                data = new byte[16];
+                random.nextBytes(data);
             } catch (Exception e) {
-              CMS.debug("TokenServlet: processEncryptData():"+ e.toString());
-              badParams += " Random Number,";
-              missingParam = true;
+                CMS.debug("TokenServlet: processEncryptData():" + e.toString());
+                badParams += " Random Number,";
+                missingParam = true;
             }
-        } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))){
+        } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))) {
             CMS.debug("TokenServlet: processEncryptData(): missing request parameter: data.");
             badParams += " data,";
             missingParam = true;
@@ -1056,75 +1023,74 @@ public class TokenServlet extends CMSServlet {
             CMS.debug("TokenServlet: processEncryptData(): missing request parameter: CUID");
             missingParam = true;
         }
- 
+
         if ((rKeyInfo == null) || (rKeyInfo.equals(""))) {
             badParams += " KeyInfo,";
             CMS.debug("TokenServlet: processEncryptData(): missing request parameter: key info");
             missingParam = true;
         }
 
-
         if (!missingParam) {
-             xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-                     if (xCUID == null || xCUID.length != 10) {
-                        badParams += " CUID length,";
-                        CMS.debug("TokenServlet: Invalid CUID length");
-                        missingParam = true;
-                      }
-             xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
-                     if (xkeyInfo == null || xkeyInfo.length != 2) {
-                        badParams += " KeyInfo length,";
-                        CMS.debug("TokenServlet: Invalid key info length");
-                         missingParam = true;
-                      }
+            xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+            if (xCUID == null || xCUID.length != 10) {
+                badParams += " CUID length,";
+                CMS.debug("TokenServlet: Invalid CUID length");
+                missingParam = true;
+            }
+            xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
+            if (xkeyInfo == null || xkeyInfo.length != 2) {
+                badParams += " KeyInfo length,";
+                CMS.debug("TokenServlet: Invalid key info length");
+                missingParam = true;
+            }
         }
 
-        String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken","true");
-	if (!useSoftToken_s.equalsIgnoreCase("true"))
-	    useSoftToken_s = "false";
+        String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true");
+        if (!useSoftToken_s.equalsIgnoreCase("true"))
+            useSoftToken_s = "false";
 
         String selectedToken = null;
         String keyNickName = null;
         if (!missingParam) {
-          if (!isRandom)
-            data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata);
-          keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
-          CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-
-          String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo;
-          String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
-          if (mappingValue == null) {
-              selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
-              keyNickName = rKeyInfo;
-          } else {
-              StringTokenizer st = new StringTokenizer(mappingValue, ":");
-              selectedToken = st.nextToken();
-              keyNickName = st.nextToken();
-          }
-          
-          byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
-          encryptedData = SessionKey.EncryptData(
-                       selectedToken,keyNickName,data,keyInfo,CUID, kekKeyArray, useSoftToken_s, keySet);
-        
-          CMS.getLogger().log(ILogger.EV_AUDIT,
+            if (!isRandom)
+                data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata);
+            keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
+            CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+
+            String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo;
+            String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
+            if (mappingValue == null) {
+                selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
+                keyNickName = rKeyInfo;
+            } else {
+                StringTokenizer st = new StringTokenizer(mappingValue, ":");
+                selectedToken = st.nextToken();
+                keyNickName = st.nextToken();
+            }
+
+            byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
+            encryptedData = SessionKey.EncryptData(
+                       selectedToken, keyNickName, data, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet);
+
+            CMS.getLogger().log(ILogger.EV_AUDIT,
                      ILogger.S_TKS,
-                     ILogger.LL_INFO,"process EncryptData for CUID ="+ trim(pp.toHexString(CUID)));
+                     ILogger.LL_INFO, "process EncryptData for CUID =" + trim(pp.toHexString(CUID)));
         } // !missingParam
 
         resp.setContentType("text/html");
-            
+
         String value = "";
-        String status = "0"; 
-        if (encryptedData != null && encryptedData.length > 0) { 
-            String outputString  = new String(encryptedData);
+        String status = "0";
+        if (encryptedData != null && encryptedData.length > 0) {
+            String outputString = new String(encryptedData);
             // sending both the pre-encrypted and encrypted data back
-            value = "status=0&"+"data="+
-                         com.netscape.cmsutil.util.Utils.SpecialEncode(data)+
-                         "&encryptedData=" + 
+            value = "status=0&" + "data=" +
+                         com.netscape.cmsutil.util.Utils.SpecialEncode(data) +
+                         "&encryptedData=" +
                          com.netscape.cmsutil.util.Utils.SpecialEncode(encryptedData);
         } else if (missingParam) {
-            if(badParams.endsWith(","))  {
-                badParams = badParams.substring(0,badParams.length() -1);
+            if (badParams.endsWith(",")) {
+                badParams = badParams.substring(0, badParams.length() - 1);
             }
             errorMsg = "Missing input parameters: " + badParams;
             status = "3";
@@ -1135,12 +1101,12 @@ public class TokenServlet extends CMSServlet {
             value = "status=" + status;
         }
 
-        CMS.debug("TokenServlet:process EncryptData.encode " +value);
+        CMS.debug("TokenServlet:process EncryptData.encode " + value);
 
         try {
             resp.setContentLength(value.length());
-            CMS.debug("TokenServlet:outputString.lenght " +value.length());
-            
+            CMS.debug("TokenServlet:outputString.lenght " + value.length());
+
             OutputStream ooss = resp.getOutputStream();
             ooss.write(value.getBytes());
             ooss.flush();
@@ -1149,9 +1115,9 @@ public class TokenServlet extends CMSServlet {
             CMS.debug("TokenServlet: " + e.toString());
         }
 
-         if(status.equals("0")) {
+        if (status.equals("0")) {
 
-           auditMessage = CMS.getLogMessage(
+            auditMessage = CMS.getLogMessage(
                          LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,
                         rCUID,
                         ILogger.SUCCESS,
@@ -1163,7 +1129,7 @@ public class TokenServlet extends CMSServlet {
 
         } else {
 
-           auditMessage = CMS.getLogMessage(
+            auditMessage = CMS.getLogMessage(
                          LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,
                         rCUID,
                         ILogger.FAILURE,
@@ -1173,9 +1139,9 @@ public class TokenServlet extends CMSServlet {
                         selectedToken,
                         keyNickName,
                         errorMsg);
-       }
+        }
 
-       audit(auditMessage);
+        audit(auditMessage);
     }
 
     /* 
@@ -1194,9 +1160,9 @@ public class TokenServlet extends CMSServlet {
      */
 
     private void processComputeRandomData(HttpServletRequest req,
-      HttpServletResponse resp) throws EBaseException {
-       
-        byte[] randomData = null; 
+            HttpServletResponse resp) throws EBaseException {
+
+        byte[] randomData = null;
         String status = "0";
         String errorMsg = "";
         String badParams = "";
@@ -1207,26 +1173,23 @@ public class TokenServlet extends CMSServlet {
 
         SessionContext sContext = SessionContext.getContext();
 
-        String agentId="";
+        String agentId = "";
         if (sContext != null) {
             agentId =
-                (String) sContext.get(SessionContext.USER_ID);
+                    (String) sContext.get(SessionContext.USER_ID);
         }
 
         String sDataSize = req.getParameter("dataNumBytes");
 
-        if(sDataSize == null || sDataSize.equals(""))  {
+        if (sDataSize == null || sDataSize.equals("")) {
             CMS.debug("TokenServlet::processComputeRandomData missing param dataNumBytes");
             badParams += " Random Data size, ";
             missingParam = true;
             status = "1";
         } else {
-            try
-            {
-               dataSize = Integer.parseInt(sDataSize.trim());
-            }
-            catch (NumberFormatException nfe)
-            {
+            try {
+                dataSize = Integer.parseInt(sDataSize.trim());
+            } catch (NumberFormatException nfe) {
                 CMS.debug("TokenServlet::processComputeRandomData invalid data size input!");
                 badParams += " Random Data size, ";
                 missingParam = true;
@@ -1244,33 +1207,33 @@ public class TokenServlet extends CMSServlet {
 
         audit(auditMessage);
 
-        if(!missingParam) {         
+        if (!missingParam) {
             try {
-                  SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
-                  randomData = new byte[dataSize];
-                  random.nextBytes(randomData);
-                } catch (Exception e) {
-                   CMS.debug("TokenServlet::processComputeRandomData:"+ e.toString());
-                   errorMsg = "Can't generate random data!";
-                   status = "2";
+                SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+                randomData = new byte[dataSize];
+                random.nextBytes(randomData);
+            } catch (Exception e) {
+                CMS.debug("TokenServlet::processComputeRandomData:" + e.toString());
+                errorMsg = "Can't generate random data!";
+                status = "2";
             }
         }
 
         String randomDataOut = "";
-        if(status.equals("0")) {
+        if (status.equals("0")) {
             if (randomData != null && randomData.length == dataSize) {
                 randomDataOut =
-                    com.netscape.cmsutil.util.Utils.SpecialEncode(randomData);
+                        com.netscape.cmsutil.util.Utils.SpecialEncode(randomData);
             } else {
                 status = "2";
                 errorMsg = "Can't convert random data!";
             }
         }
 
-        if(status.equals("1") && missingParam) {
+        if (status.equals("1") && missingParam) {
 
-            if(badParams.endsWith(","))  {
-                  badParams = badParams.substring(0,badParams.length() -1);
+            if (badParams.endsWith(",")) {
+                badParams = badParams.substring(0, badParams.length() - 1);
             }
             errorMsg = "Missing input parameters :" + badParams;
         }
@@ -1278,15 +1241,15 @@ public class TokenServlet extends CMSServlet {
         resp.setContentType("text/html");
         String value = "";
 
-        value = "status="+status;
-        if(status.equals("0")) {
-            value = value + "&DATA="+randomDataOut;
+        value = "status=" + status;
+        if (status.equals("0")) {
+            value = value + "&DATA=" + randomDataOut;
         }
-        
+
         try {
             resp.setContentLength(value.length());
-            CMS.debug("TokenServler::processComputeRandomData :outputString.length " +value.length());
-            
+            CMS.debug("TokenServler::processComputeRandomData :outputString.length " + value.length());
+
             OutputStream ooss = resp.getOutputStream();
             ooss.write(value.getBytes());
             ooss.flush();
@@ -1295,22 +1258,22 @@ public class TokenServlet extends CMSServlet {
             CMS.debug("TokenServlet::processComputeRandomData " + e.toString());
         }
 
-        if(status.equals("0")) {
+        if (status.equals("0")) {
             auditMessage = CMS.getLogMessage(
                         LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,
                         ILogger.SUCCESS,
                         status,
                         agentId);
-           } else {
-               auditMessage = CMS.getLogMessage(
+        } else {
+            auditMessage = CMS.getLogMessage(
                         LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,
                         ILogger.FAILURE,
                         status,
                         agentId,
                         errorMsg);
-          }
+        }
 
-          audit(auditMessage);
+        audit(auditMessage);
     }
 
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -1328,7 +1291,7 @@ public class TokenServlet extends CMSServlet {
 
         if (authzToken == null) {
 
-            try{
+            try {
                 resp.setContentType("text/html");
                 String value = "unauthorized=";
                 CMS.debug("TokenServlet: Unauthorized");
@@ -1338,7 +1301,7 @@ public class TokenServlet extends CMSServlet {
                 ooss.write(value.getBytes());
                 ooss.flush();
                 mRenderResult = false;
-            }catch (Exception e) {
+            } catch (Exception e) {
                 CMS.debug("TokenServlet: " + e.toString());
             }
 
@@ -1349,26 +1312,25 @@ public class TokenServlet extends CMSServlet {
         String temp = req.getParameter("card_challenge");
         mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot");
         setDefaultSlotAndKeyName(req);
-        if(temp!=null)
-        {
-            processComputeSessionKey(req,resp);
-        }else if(req.getParameter("data")!=null){
-            processEncryptData(req,resp);
-        }else if(req.getParameter("newKeyInfo")!=null){
-            processDiversifyKey(req,resp);
-        }else if(req.getParameter("dataNumBytes") !=null){
-            processComputeRandomData(req,resp);
+        if (temp != null) {
+            processComputeSessionKey(req, resp);
+        } else if (req.getParameter("data") != null) {
+            processEncryptData(req, resp);
+        } else if (req.getParameter("newKeyInfo") != null) {
+            processDiversifyKey(req, resp);
+        } else if (req.getParameter("dataNumBytes") != null) {
+            processComputeRandomData(req, resp);
         }
     }
 
     /**
      * Serves HTTP admin request.
-     *
+     * 
      * @param req HTTP request
      * @param resp HTTP response
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         String scope = req.getParameter(Constants.OP_SCOPE);
         String op = req.getParameter(Constants.OP_TYPE);
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java
index 9d67065d..d9d3ddec 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java
@@ -33,10 +33,10 @@ public interface IWizardPanel {
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
+    public void init(ServletConfig config, int panelno)
                  throws ServletException;
 
-    public void init(WizardServlet servlet, ServletConfig config, 
+    public void init(WizardServlet servlet, ServletConfig config,
                      int panelno, String id) throws ServletException;
 
     public String getName();
@@ -44,7 +44,9 @@ public interface IWizardPanel {
     public int getPanelNo();
 
     public void setId(String id);
+
     public String getId();
+
     public PropertySet getUsage();
 
     /**
@@ -84,20 +86,22 @@ public interface IWizardPanel {
      */
     public void display(HttpServletRequest request,
                             HttpServletResponse response,
-                            Context context );
+                            Context context);
+
     /**
      * Checks if the given parameters are valid.
      */
     public void validate(HttpServletRequest request,
                             HttpServletResponse response,
-                            Context context ) throws IOException;
+                            Context context) throws IOException;
 
     /**
      * Commit parameter changes
      */
     public void update(HttpServletRequest request,
                           HttpServletResponse response,
-                          Context context ) throws IOException;
+                          Context context) throws IOException;
+
     /**
      * If validiate() returns false, this method will be called.
      */
diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java
index 691d3e98..bc4ab990 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java
@@ -37,13 +37,13 @@ import com.netscape.cms.servlet.csadmin.Cert;
 import com.netscape.cmsutil.crypto.Module;
 
 /**
- * wizard?p=[panel number]&op=usage    <= usage in xml
+ * wizard?p=[panel number]&op=usage <= usage in xml
  * wizard?p=[panel number]&op=display
  * wizard?p=[panel number]&op=next&...[additional parameters]...
  * wizard?p=[panel number]&op=apply
  * wizard?p=[panel number]&op=back
  * wizard?op=menu
- *   return menu options
+ * return menu options
  */
 public class WizardServlet extends VelocityServlet {
 
@@ -54,8 +54,7 @@ public class WizardServlet extends VelocityServlet {
     private String name = null;
     private Vector mPanels = new Vector();
 
-    public void init(ServletConfig config) throws ServletException 
-    {
+    public void init(ServletConfig config) throws ServletException {
         super.init(config);
 
         /* load sequence map */
@@ -64,33 +63,32 @@ public class WizardServlet extends VelocityServlet {
         StringTokenizer st = new StringTokenizer(panels, ",");
         int pno = 0;
         while (st.hasMoreTokens()) {
-          String p = st.nextToken();
-          StringTokenizer st1 = new StringTokenizer(p, "=");
-          String id = st1.nextToken();
-          String pvalue = st1.nextToken();
-          try {
-            IWizardPanel panel = (IWizardPanel)Class.forName(pvalue).newInstance();
-            panel.init(this, config, pno, id);
-            CMS.debug("WizardServlet: panel name=" + panel.getName());
-            mPanels.addElement(panel);
-          } catch (Exception e) {
-            CMS.debug("WizardServlet: " + e.toString());
-          }
-          pno++;
+            String p = st.nextToken();
+            StringTokenizer st1 = new StringTokenizer(p, "=");
+            String id = st1.nextToken();
+            String pvalue = st1.nextToken();
+            try {
+                IWizardPanel panel = (IWizardPanel) Class.forName(pvalue).newInstance();
+                panel.init(this, config, pno, id);
+                CMS.debug("WizardServlet: panel name=" + panel.getName());
+                mPanels.addElement(panel);
+            } catch (Exception e) {
+                CMS.debug("WizardServlet: " + e.toString());
+            }
+            pno++;
         }
         CMS.debug("WizardServlet: done");
-     
+
     }
 
     public void exposePanels(HttpServletRequest request,
                             HttpServletResponse response,
-                            Context context ) 
-    {
+                            Context context) {
         Enumeration e = mPanels.elements();
         Vector panels = new Vector();
         while (e.hasMoreElements()) {
-          IWizardPanel p = (IWizardPanel)e.nextElement();
-          panels.addElement(p);
+            IWizardPanel p = (IWizardPanel) e.nextElement();
+            panels.addElement(p);
         }
         context.put("panels", panels);
     }
@@ -98,84 +96,80 @@ public class WizardServlet extends VelocityServlet {
     /**
      * Cleans up panels from a particular panel.
      */
-    public void cleanUpFromPanel(int pno) throws IOException 
-    {
-      /* panel number starts from zero */
-      int s = mPanels.size();
-      for (int i = pno; i < s; i++) {
-        IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i);
-        panel.cleanUp();
-      }
+    public void cleanUpFromPanel(int pno) throws IOException {
+        /* panel number starts from zero */
+        int s = mPanels.size();
+        for (int i = pno; i < s; i++) {
+            IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i);
+            panel.cleanUp();
+        }
     }
 
-    public IWizardPanel getPanelByNo(int p)
-    {
-        IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p);
+    public IWizardPanel getPanelByNo(int p) {
+        IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p);
         if (panel.shouldSkip()) {
-          panel = getPanelByNo(p+1);
+            panel = getPanelByNo(p + 1);
         }
         return panel;
     }
 
     public Template displayPanel(HttpServletRequest request,
                             HttpServletResponse response,
-                            Context context ) 
-    {
+                            Context context) {
         CMS.debug("WizardServlet: in display");
         int p = getPanelNo(request);
 
         if (p == 0) {
-          CMS.debug("WizardServlet: firstpanel");
-          context.put("firstpanel", Boolean.TRUE);
+            CMS.debug("WizardServlet: firstpanel");
+            context.put("firstpanel", Boolean.TRUE);
         }
         if (p == (mPanels.size() - 1)) {
-          CMS.debug("WizardServlet: lastpanel");
-          context.put("lastpanel", Boolean.TRUE);
+            CMS.debug("WizardServlet: lastpanel");
+            context.put("lastpanel", Boolean.TRUE);
         }
         IWizardPanel panel = getPanelByNo(p);
         CMS.debug("WizardServlet: panel=" + panel);
 
         if (panel.showApplyButton() == true)
-          context.put("showApplyButton", Boolean.TRUE);
+            context.put("showApplyButton", Boolean.TRUE);
         else
-          context.put("showApplyButton", Boolean.FALSE);
+            context.put("showApplyButton", Boolean.FALSE);
 
         panel.display(request, response, context);
         context.put("p", Integer.toString(panel.getPanelNo()));
 
         try {
             return Velocity.getTemplate("admin/console/config/wizard.vm");
-        } catch (Exception e) { 
+        } catch (Exception e) {
         }
         return null;
     }
 
-    public String xml_value_flatten(Object v) 
-    {
+    public String xml_value_flatten(Object v) {
         String ret = "";
         if (v instanceof String) {
             ret += v;
         } else if (v instanceof Integer) {
-            ret += ((Integer)v).toString();
+            ret += ((Integer) v).toString();
         } else if (v instanceof Vector) {
             ret += "<Vector>";
-            Vector v1 = (Vector)v;
+            Vector v1 = (Vector) v;
             Enumeration e = v1.elements();
             StringBuffer sb = new StringBuffer();
             while (e.hasMoreElements()) {
-              sb.append(xml_value_flatten(e.nextElement()));
+                sb.append(xml_value_flatten(e.nextElement()));
             }
             ret += sb.toString();
             ret += "</Vector>";
         } else if (v instanceof Module) { // for hardware token
-            Module m = (Module)v;
+            Module m = (Module) v;
             ret += "<Module>";
             ret += "<CommonName>" + m.getCommonName() + "</CommonName>";
             ret += "<UserFriendlyName>" + m.getUserFriendlyName() + "</UserFriendlyName>";
             ret += "<ImagePath>" + m.getImagePath() + "</ImagePath>";
             ret += "</Module>";
         } else if (v instanceof Cert) {
-            Cert m = (Cert)v;
+            Cert m = (Cert) v;
             ret += "<CertReqPair>";
             ret += "<Nickname>" + m.getNickname() + "</Nickname>";
             ret += "<Tokenname>" + m.getTokenname() + "</Tokenname>";
@@ -187,7 +181,7 @@ public class WizardServlet extends VelocityServlet {
             ret += "<KeyOption>" + m.getKeyOption() + "</KeyOption>";
             ret += "</CertReqPair>";
         } else if (v instanceof IWizardPanel) {
-            IWizardPanel m = (IWizardPanel)v;
+            IWizardPanel m = (IWizardPanel) v;
             ret += "<Panel>";
             ret += "<Id>" + m.getId() + "</Id>";
             ret += "<Name>" + m.getName() + "</Name>";
@@ -198,89 +192,84 @@ public class WizardServlet extends VelocityServlet {
         return ret;
     }
 
-    public String xml_flatten(Context context)
-    {
+    public String xml_flatten(Context context) {
         StringBuffer ret = new StringBuffer();
-        Object o[] = context.getKeys(); 
-        for (int i = 0; i < o.length; i ++) {
-          if (o[i] instanceof String) {
-            String key = (String)o[i];
-            if (key.startsWith("__")) {
-                continue;
-            }
-            ret.append("<");
-            ret.append(key);
-            ret.append(">");
-            if (key.equals("bindpwd")) {
-              ret.append("(sensitive)");
-            } else {
-              Object v = context.get(key);
-              ret.append(xml_value_flatten(v));
+        Object o[] = context.getKeys();
+        for (int i = 0; i < o.length; i++) {
+            if (o[i] instanceof String) {
+                String key = (String) o[i];
+                if (key.startsWith("__")) {
+                    continue;
+                }
+                ret.append("<");
+                ret.append(key);
+                ret.append(">");
+                if (key.equals("bindpwd")) {
+                    ret.append("(sensitive)");
+                } else {
+                    Object v = context.get(key);
+                    ret.append(xml_value_flatten(v));
+                }
+                ret.append("</");
+                ret.append(key);
+                ret.append(">");
             }
-            ret.append("</");
-            ret.append(key);
-            ret.append(">");
-          }
         }
         return ret.toString();
     }
 
-    public int getPanelNo(HttpServletRequest request)
-    {
+    public int getPanelNo(HttpServletRequest request) {
         int p = 0;
-  
+
         // panel number can be identified by either 
         //   panel no (p parameter) directly, or
         //   panel name (panelname parameter).
         if (request.getParameter("panelname") != null) {
-          String name = request.getParameter("panelname");
-          for (int i = 0; i < mPanels.size(); i++) {
-            IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i);
-            if (panel.getId().equals(name)) {
-              return i;
+            String name = request.getParameter("panelname");
+            for (int i = 0; i < mPanels.size(); i++) {
+                IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i);
+                if (panel.getId().equals(name)) {
+                    return i;
+                }
             }
-          }
         } else if (request.getParameter("p") != null) {
-          p = Integer.parseInt(request.getParameter("p"));
+            p = Integer.parseInt(request.getParameter("p"));
         }
         return p;
     }
 
-    public String getNameFromPanelNo(int p)
-    {
-      IWizardPanel wp = (IWizardPanel)mPanels.elementAt(p);
-      return wp.getId();
+    public String getNameFromPanelNo(int p) {
+        IWizardPanel wp = (IWizardPanel) mPanels.elementAt(p);
+        return wp.getId();
     }
 
-    public IWizardPanel getPreviousPanel(int p) 
-    {
+    public IWizardPanel getPreviousPanel(int p) {
         CMS.debug("getPreviousPanel input p=" + p);
-        IWizardPanel backpanel = (IWizardPanel)mPanels.elementAt(p-1);
+        IWizardPanel backpanel = (IWizardPanel) mPanels.elementAt(p - 1);
         if (backpanel.isSubPanel()) {
-          backpanel = (IWizardPanel)mPanels.elementAt(p-1-1);
+            backpanel = (IWizardPanel) mPanels.elementAt(p - 1 - 1);
         }
         while (backpanel.shouldSkip()) {
-          backpanel = (IWizardPanel)
+            backpanel = (IWizardPanel)
                          mPanels.elementAt(backpanel.getPanelNo() - 1);
         }
         CMS.debug("getPreviousPanel output p=" + backpanel.getPanelNo());
         return backpanel;
     }
 
-    public IWizardPanel getNextPanel(int p) 
-    {
+    public IWizardPanel getNextPanel(int p) {
         CMS.debug("getNextPanel input p=" + p);
-        IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p);
+        IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p);
         if (p == (mPanels.size() - 1)) {
             p = p;
-	    } else if(panel.isSubPanel()) {
-           if (panel.isLoopbackPanel()) {
-	           p = p-1;   // Login Panel is a loop back panel
-           } else {
-	           p = p+1;
-           }
-	    } else if (panel.hasSubPanel()) {
-		    p = p + 2;
+        } else if (panel.isSubPanel()) {
+            if (panel.isLoopbackPanel()) {
+                p = p - 1; // Login Panel is a loop back panel
+            } else {
+                p = p + 1;
+            }
+        } else if (panel.hasSubPanel()) {
+            p = p + 2;
         } else {
             p = p + 1;
         }
@@ -291,15 +280,13 @@ public class WizardServlet extends VelocityServlet {
 
     public Template goApply(HttpServletRequest request,
                             HttpServletResponse response,
-                            Context context)
-    {
+                            Context context) {
         return goNextApply(request, response, context, true);
     }
 
     public Template goNext(HttpServletRequest request,
                             HttpServletResponse response,
-                            Context context ) 
-    {
+                            Context context) {
         return goNextApply(request, response, context, false);
     }
 
@@ -309,172 +296,167 @@ public class WizardServlet extends VelocityServlet {
      */
     public Template goNextApply(HttpServletRequest request,
                             HttpServletResponse response,
-				Context context, boolean stay )
-    {
+                Context context, boolean stay) {
         int p = getPanelNo(request);
         if (stay == true)
             CMS.debug("WizardServlet: in reply " + p);
         else
             CMS.debug("WizardServlet: in next " + p);
 
-        IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p);
+        IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p);
         try {
-          panel.validate(request, response, context);
-          try {
-            panel.update(request, response, context);
-            if (stay == true) { // "apply"
-
-              if (panel.showApplyButton() == true)
-                context.put("showApplyButton", Boolean.TRUE);
-              else
-                context.put("showApplyButton", Boolean.FALSE);
-		      panel.display(request, response, context);
-            } else { // "next"
-                IWizardPanel nextpanel = getNextPanel(p);
-
-                if (nextpanel.showApplyButton() == true)
-                  context.put("showApplyButton", Boolean.TRUE);
-                else
-                  context.put("showApplyButton", Boolean.FALSE);
-                nextpanel.display(request, response, context);
-                panel = nextpanel;
+            panel.validate(request, response, context);
+            try {
+                panel.update(request, response, context);
+                if (stay == true) { // "apply"
+
+                    if (panel.showApplyButton() == true)
+                        context.put("showApplyButton", Boolean.TRUE);
+                    else
+                        context.put("showApplyButton", Boolean.FALSE);
+                    panel.display(request, response, context);
+                } else { // "next"
+                    IWizardPanel nextpanel = getNextPanel(p);
+
+                    if (nextpanel.showApplyButton() == true)
+                        context.put("showApplyButton", Boolean.TRUE);
+                    else
+                        context.put("showApplyButton", Boolean.FALSE);
+                    nextpanel.display(request, response, context);
+                    panel = nextpanel;
+                }
+                context.put("errorString", "");
+            } catch (Exception e) {
+                context.put("errorString", e.getMessage());
+                panel.displayError(request, response, context);
             }
-            context.put("errorString", "");
-          } catch (Exception e) {
-            context.put("errorString", e.getMessage());
-            panel.displayError(request, response, context);
-          }
         } catch (IOException eee) {
-          context.put("errorString", eee.getMessage());
-          panel.displayError(request, response, context);
+            context.put("errorString", eee.getMessage());
+            panel.displayError(request, response, context);
         }
         p = panel.getPanelNo();
         CMS.debug("panel no=" + p);
         CMS.debug("panel name=" + getNameFromPanelNo(p));
-        CMS.debug("total number of panels="+mPanels.size());
+        CMS.debug("total number of panels=" + mPanels.size());
         context.put("p", Integer.toString(p));
         context.put("panelname", getNameFromPanelNo(p));
         if (p == 0) {
-          CMS.debug("WizardServlet: firstpanel");
-          context.put("firstpanel", Boolean.TRUE);
+            CMS.debug("WizardServlet: firstpanel");
+            context.put("firstpanel", Boolean.TRUE);
         }
         if (p == (mPanels.size() - 1)) {
-          CMS.debug("WizardServlet: lastpanel");
-          context.put("lastpanel", Boolean.TRUE);
+            CMS.debug("WizardServlet: lastpanel");
+            context.put("lastpanel", Boolean.TRUE);
         }
         // this is where we handle the xml request
         String xml = request.getParameter("xml");
         if (xml != null && xml.equals("true")) {
-          CMS.debug("WizardServlet: found xml");
-          
-          response.setContentType("application/xml");
-          String xmlstr = xml_flatten(context);
-          context.put("xml", xmlstr);
-          try {
-            return Velocity.getTemplate("admin/console/config/xml.vm");
-          } catch (Exception e) { 
-            CMS.debug("Failing to get template" + e );
-          }
+            CMS.debug("WizardServlet: found xml");
+
+            response.setContentType("application/xml");
+            String xmlstr = xml_flatten(context);
+            context.put("xml", xmlstr);
+            try {
+                return Velocity.getTemplate("admin/console/config/xml.vm");
+            } catch (Exception e) {
+                CMS.debug("Failing to get template" + e);
+            }
         } else {
-          try {
-            return Velocity.getTemplate("admin/console/config/wizard.vm");
-          } catch (Exception e) { 
-            CMS.debug("Failing to get template" + e );
-          }
+            try {
+                return Velocity.getTemplate("admin/console/config/wizard.vm");
+            } catch (Exception e) {
+                CMS.debug("Failing to get template" + e);
+            }
         }
         return null;
     }
 
     public Template goBack(HttpServletRequest request,
                             HttpServletResponse response,
-                            Context context ) 
-    {
+                            Context context) {
         int p = getPanelNo(request);
         CMS.debug("WizardServlet: in back " + p);
         IWizardPanel backpanel = getPreviousPanel(p);
 
         if (backpanel.showApplyButton() == true)
-          context.put("showApplyButton", Boolean.TRUE);
+            context.put("showApplyButton", Boolean.TRUE);
         else
-          context.put("showApplyButton", Boolean.FALSE);
+            context.put("showApplyButton", Boolean.FALSE);
         backpanel.display(request, response, context);
-	    context.put("p", Integer.toString(backpanel.getPanelNo()));
+        context.put("p", Integer.toString(backpanel.getPanelNo()));
         context.put("panelname", getNameFromPanelNo(backpanel.getPanelNo()));
 
         p = backpanel.getPanelNo();
 
         if (p == 0) {
-          CMS.debug("WizardServlet: firstpanel");
-          context.put("firstpanel", Boolean.TRUE);
+            CMS.debug("WizardServlet: firstpanel");
+            context.put("firstpanel", Boolean.TRUE);
         }
         if (p == (mPanels.size() - 1)) {
-          CMS.debug("WizardServlet: lastpanel");
-          context.put("lastpanel", Boolean.TRUE);
+            CMS.debug("WizardServlet: lastpanel");
+            context.put("lastpanel", Boolean.TRUE);
         }
         try {
             return Velocity.getTemplate("admin/console/config/wizard.vm");
-        } catch (Exception e) { 
+        } catch (Exception e) {
         }
         return null;
     }
 
     public boolean authenticate(HttpServletRequest request,
                                    HttpServletResponse response,
-                                   Context context ) {
-      String pin = (String)request.getSession().getAttribute("pin");
-      if (pin == null) {
-        try {
-          response.sendRedirect("login");
-        } catch (IOException e) {
+                                   Context context) {
+        String pin = (String) request.getSession().getAttribute("pin");
+        if (pin == null) {
+            try {
+                response.sendRedirect("login");
+            } catch (IOException e) {
+            }
+            return false;
         }
-        return false;
-      }
-      return true;
+        return true;
     }
 
-    public void outputHttpParameters(HttpServletRequest httpReq)
-    {
+    public void outputHttpParameters(HttpServletRequest httpReq) {
         CMS.debug("WizardServlet:service() uri = " + httpReq.getRequestURI());
         Enumeration paramNames = httpReq.getParameterNames();
         while (paramNames.hasMoreElements()) {
-            String pn = (String)paramNames.nextElement();
+            String pn = (String) paramNames.nextElement();
             // added this facility so that password can be hidden,
             // all sensitive parameters should be prefixed with 
             // __ (double underscores); however, in the event that
             // a security parameter slips through, we perform multiple
             // additional checks to insure that it is NOT displayed
-            if( pn.startsWith("__")                         ||
-                pn.endsWith("password")                     ||
-                pn.endsWith("passwd")                       ||
-                pn.endsWith("pwd")                          ||
-                pn.equalsIgnoreCase("admin_password_again") ||
-                pn.equalsIgnoreCase("directoryManagerPwd")  ||
-                pn.equalsIgnoreCase("bindpassword")         ||
-                pn.equalsIgnoreCase("bindpwd")              ||
-                pn.equalsIgnoreCase("passwd")               ||
-                pn.equalsIgnoreCase("password")             ||
-                pn.equalsIgnoreCase("pin")                  ||
-                pn.equalsIgnoreCase("pwd")                  ||
-                pn.equalsIgnoreCase("pwdagain")             ||
-                pn.equalsIgnoreCase("uPasswd") ) {
-               CMS.debug("WizardServlet::service() param name='" + pn +
-                         "' value='(sensitive)'" );
+            if (pn.startsWith("__") ||
+                    pn.endsWith("password") ||
+                    pn.endsWith("passwd") ||
+                    pn.endsWith("pwd") ||
+                    pn.equalsIgnoreCase("admin_password_again") ||
+                    pn.equalsIgnoreCase("directoryManagerPwd") ||
+                    pn.equalsIgnoreCase("bindpassword") ||
+                    pn.equalsIgnoreCase("bindpwd") ||
+                    pn.equalsIgnoreCase("passwd") ||
+                    pn.equalsIgnoreCase("password") ||
+                    pn.equalsIgnoreCase("pin") ||
+                    pn.equalsIgnoreCase("pwd") ||
+                    pn.equalsIgnoreCase("pwdagain") ||
+                    pn.equalsIgnoreCase("uPasswd")) {
+                CMS.debug("WizardServlet::service() param name='" + pn +
+                         "' value='(sensitive)'");
             } else {
-               CMS.debug("WizardServlet::service() param name='" + pn +
-                         "' value='" + httpReq.getParameter(pn) + "'" );
+                CMS.debug("WizardServlet::service() param name='" + pn +
+                         "' value='" + httpReq.getParameter(pn) + "'");
             }
         }
     }
-                                                                                
 
     public Template handleRequest(HttpServletRequest request,
                             HttpServletResponse response,
-                            Context context ) 
-    {
+                            Context context) {
         CMS.debug("WizardServlet: process");
 
-        if (CMS.debugOn())  {
-              outputHttpParameters(request);
+        if (CMS.debugOn()) {
+            outputHttpParameters(request);
         }
 
         if (!authenticate(request, response, context)) {
@@ -484,7 +466,7 @@ public class WizardServlet extends VelocityServlet {
 
         String op = request.getParameter("op"); /* operation */
         if (op == null) {
-          op = "display";
+            op = "display";
         }
         CMS.debug("WizardServlet: op=" + op);
         CMS.debug("WizardServlet: size=" + mPanels.size());
diff --git a/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java b/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java
index 0c4dade8..3fdcb024 100644
--- a/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java
+++ b/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java
@@ -25,7 +25,7 @@ import com.netscape.certsrv.kra.IJoinShares;
 /**
  * Use Java's reflection API to leverage CMS's
  * old Share and JoinShares implementations.
- *
+ * 
  * @deprecated
  * @version $Revision$ $Date$
  */
@@ -33,59 +33,54 @@ public class OldJoinShares implements IJoinShares {
 
     public Object mOldImpl = null;
 
-    public OldJoinShares()
-    {
+    public OldJoinShares() {
     }
 
-    public void initialize(int threshold) throws Exception
-    {
-      Class c = Class.forName("com.netscape.cmscore.shares.JoinShares");
-      Class types[] = { int.class };
-      Constructor con = c.getConstructor(types);
-      Object params[] = {Integer.valueOf(threshold)};
-      mOldImpl = con.newInstance(params);
+    public void initialize(int threshold) throws Exception {
+        Class c = Class.forName("com.netscape.cmscore.shares.JoinShares");
+        Class types[] = { int.class };
+        Constructor con = c.getConstructor(types);
+        Object params[] = { Integer.valueOf(threshold) };
+        mOldImpl = con.newInstance(params);
     }
 
-    public void addShare(int shareNum, byte[] share)
-    {
-      try {
-        Class types[] = { int.class, share.getClass() };
-        Class c = mOldImpl.getClass();
-        Method method = c.getMethod("addShare", types);
-        Object params[] = {Integer.valueOf(shareNum), share};
-        method.invoke(mOldImpl, params);
-      } catch (Exception e) {
-      }
+    public void addShare(int shareNum, byte[] share) {
+        try {
+            Class types[] = { int.class, share.getClass() };
+            Class c = mOldImpl.getClass();
+            Method method = c.getMethod("addShare", types);
+            Object params[] = { Integer.valueOf(shareNum), share };
+            method.invoke(mOldImpl, params);
+        } catch (Exception e) {
+        }
     }
 
-    public int getShareCount()
-    {
-      if (mOldImpl == null)
-        return -1;
-      try {
-        Class types[] = null;
-        Class c = mOldImpl.getClass();
-        Method method = c.getMethod("getShareCount", types);
-        Object params[] = null;
-        Integer result = (Integer)method.invoke(mOldImpl, params);
-        return result.intValue();
-      } catch (Exception e) {
-        return -1;
-      }
+    public int getShareCount() {
+        if (mOldImpl == null)
+            return -1;
+        try {
+            Class types[] = null;
+            Class c = mOldImpl.getClass();
+            Method method = c.getMethod("getShareCount", types);
+            Object params[] = null;
+            Integer result = (Integer) method.invoke(mOldImpl, params);
+            return result.intValue();
+        } catch (Exception e) {
+            return -1;
+        }
     }
 
-    public byte[] recoverSecret()
-    {
-      if (mOldImpl == null)
-        return null;
-      try {
-        Class types[] = null;
-        Class c = mOldImpl.getClass();
-        Method method = c.getMethod("recoverSecret", types);
-        Object params[] = null;
-        return (byte[])method.invoke(mOldImpl, params);
-      } catch (Exception e) {
-        return null;
-      }
+    public byte[] recoverSecret() {
+        if (mOldImpl == null)
+            return null;
+        try {
+            Class types[] = null;
+            Class c = mOldImpl.getClass();
+            Method method = c.getMethod("recoverSecret", types);
+            Object params[] = null;
+            return (byte[]) method.invoke(mOldImpl, params);
+        } catch (Exception e) {
+            return null;
+        }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/shares/OldShare.java b/pki/base/common/src/com/netscape/cms/shares/OldShare.java
index 4e92f76a..a867fcbf 100644
--- a/pki/base/common/src/com/netscape/cms/shares/OldShare.java
+++ b/pki/base/common/src/com/netscape/cms/shares/OldShare.java
@@ -25,43 +25,39 @@ import com.netscape.certsrv.kra.IShare;
 /**
  * Use Java's reflection API to leverage CMS's
  * old Share and JoinShares implementations.
- *
+ * 
  * @deprecated
  * @version $Revision$ $Date$
  */
-public class OldShare implements IShare 
-{
+public class OldShare implements IShare {
     public Object mOldImpl = null;
 
-    public OldShare()
-    {
+    public OldShare() {
     }
 
-    public void initialize(byte[] secret, int threshold) throws Exception
-    {
-      try {
-        Class c = Class.forName("com.netscape.cmscore.shares.Share");
-        Class types[] = { secret.getClass(), int.class };
-        Constructor cs[] = c.getConstructors();
-        Constructor con = c.getConstructor(types);
-        Object params[] = {secret, Integer.valueOf(threshold)};
-        mOldImpl = con.newInstance(params);
-      } catch (Exception e) {
-      }
+    public void initialize(byte[] secret, int threshold) throws Exception {
+        try {
+            Class c = Class.forName("com.netscape.cmscore.shares.Share");
+            Class types[] = { secret.getClass(), int.class };
+            Constructor cs[] = c.getConstructors();
+            Constructor con = c.getConstructor(types);
+            Object params[] = { secret, Integer.valueOf(threshold) };
+            mOldImpl = con.newInstance(params);
+        } catch (Exception e) {
+        }
     }
 
-    public byte[] createShare(int sharenumber)
-    {
-      if (mOldImpl == null)
-        return null;
-      try {
-        Class types[] = { int.class };
-        Class c = mOldImpl.getClass();
-        Method method = c.getMethod("createShare", types);
-        Object params[] = {Integer.valueOf(sharenumber)};
-        return (byte[])method.invoke(mOldImpl, params);
-      } catch (Exception e) {
-        return null;
-      }
+    public byte[] createShare(int sharenumber) {
+        if (mOldImpl == null)
+            return null;
+        try {
+            Class types[] = { int.class };
+            Class c = mOldImpl.getClass();
+            Method method = c.getMethod("createShare", types);
+            Object params[] = { Integer.valueOf(sharenumber) };
+            return (byte[]) method.invoke(mOldImpl, params);
+        } catch (Exception e) {
+            return null;
+        }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java
index db648125..ec938372 100644
--- a/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java
+++ b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.apps;
 
-
 import java.io.BufferedReader;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
@@ -184,10 +183,10 @@ public class CMSEngine implements ICMSEngine {
 
     public static final SubsystemRegistry mSSReg = SubsystemRegistry.getInstance();
 
-    public static String instanceDir;    /* path to instance <server-root>/cert-<instance-name> */
-  
-    private IConfigStore mConfig = null; 
-    private ISubsystem mOwner = null; 
+    public static String instanceDir; /* path to instance <server-root>/cert-<instance-name> */
+
+    private IConfigStore mConfig = null;
+    private ISubsystem mOwner = null;
     private long mStartupTime = 0;
     private boolean isStarted = false;
     private StringBuffer mWarning = new StringBuffer();
@@ -202,27 +201,27 @@ public class CMSEngine implements ICMSEngine {
     // static subsystems - must be singletons 
     private static SubsystemInfo[] mStaticSubsystems = {
             new SubsystemInfo(
-                Debug.ID, Debug.getInstance()),
-            new SubsystemInfo(LogSubsystem.ID, 
-                LogSubsystem.getInstance()),
-            new SubsystemInfo( 
-                OsSubsystem.ID, OsSubsystem.getInstance()),
-            new SubsystemInfo( 
-                JssSubsystem.ID, JssSubsystem.getInstance()),
-            new SubsystemInfo( 
-                DBSubsystem.ID, DBSubsystem.getInstance()),
-            new SubsystemInfo( 
-                UGSubsystem.ID, UGSubsystem.getInstance()),
+                    Debug.ID, Debug.getInstance()),
+            new SubsystemInfo(LogSubsystem.ID,
+                    LogSubsystem.getInstance()),
+            new SubsystemInfo(
+                    OsSubsystem.ID, OsSubsystem.getInstance()),
+            new SubsystemInfo(
+                    JssSubsystem.ID, JssSubsystem.getInstance()),
+            new SubsystemInfo(
+                    DBSubsystem.ID, DBSubsystem.getInstance()),
+            new SubsystemInfo(
+                    UGSubsystem.ID, UGSubsystem.getInstance()),
             new SubsystemInfo(
-                PluginRegistry.ID, new PluginRegistry()),
+                    PluginRegistry.ID, new PluginRegistry()),
             new SubsystemInfo(
-                OidLoaderSubsystem.ID, OidLoaderSubsystem.getInstance()),
+                    OidLoaderSubsystem.ID, OidLoaderSubsystem.getInstance()),
             new SubsystemInfo(
-                X500NameSubsystem.ID, X500NameSubsystem.getInstance()),
+                    X500NameSubsystem.ID, X500NameSubsystem.getInstance()),
             // skip TP subsystem; 
             // problem in needing dbsubsystem in constructor. and it's not used.
             new SubsystemInfo(
-                RequestSubsystem.ID, RequestSubsystem.getInstance()),
+                    RequestSubsystem.ID, RequestSubsystem.getInstance()),
         };
 
     // dynamic subsystems are loaded at init time, not neccessarily singletons. 
@@ -230,12 +229,12 @@ public class CMSEngine implements ICMSEngine {
 
     // final static subsystems - must be singletons. 
     private static SubsystemInfo[] mFinalSubsystems = {
-            new SubsystemInfo( 
-                AuthSubsystem.ID, AuthSubsystem.getInstance()),
-            new SubsystemInfo( 
-                AuthzSubsystem.ID, AuthzSubsystem.getInstance()),
             new SubsystemInfo(
-                JobsScheduler.ID, JobsScheduler.getInstance()),
+                    AuthSubsystem.ID, AuthSubsystem.getInstance()),
+            new SubsystemInfo(
+                    AuthzSubsystem.ID, AuthzSubsystem.getInstance()),
+            new SubsystemInfo(
+                    JobsScheduler.ID, JobsScheduler.getInstance()),
         };
 
     private static final int IP = 0;
@@ -247,12 +246,12 @@ public class CMSEngine implements ICMSEngine {
     private static final int EE_NON_SSL = 3;
     private static final int EE_CLIENT_AUTH_SSL = 4;
     private static String mServerCertNickname = null;
-    private static String info[][] = { {null, null, null},//agent
-            {null, null, null},//admin
-            {null, null, null},//sslEE
-            {null, null, null},//non_sslEE
-            {null, null, null} //ssl_clientauth_EE
-        };
+    private static String info[][] = { { null, null, null },//agent
+            { null, null, null },//admin
+            { null, null, null },//sslEE
+            { null, null, null },//non_sslEE
+            { null, null, null } //ssl_clientauth_EE
+            };
 
     /**
      * private constructor.
@@ -261,14 +260,14 @@ public class CMSEngine implements ICMSEngine {
     }
 
     /**
-     * gets this ID 
+     * gets this ID
      */
     public String getId() {
         return ID;
     }
 
     /**
-     * should never be called. returns error. 
+     * should never be called. returns error.
      */
     public void setId(String id) throws EBaseException {
         throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION"));
@@ -283,42 +282,43 @@ public class CMSEngine implements ICMSEngine {
 
     public synchronized IPasswordStore getPasswordStore() {
         // initialize the PasswordReader and PasswordWriter
-      try {
-        String pwdPath = mConfig.getString("passwordFile");
-        if (mPasswordStore == null) {
-          CMS.debug("CMSEngine: getPasswordStore(): password store not initialized before.");
-          String pwdClass = mConfig.getString("passwordClass");
+        try {
+            String pwdPath = mConfig.getString("passwordFile");
+            if (mPasswordStore == null) {
+                CMS.debug("CMSEngine: getPasswordStore(): password store not initialized before.");
+                String pwdClass = mConfig.getString("passwordClass");
 
-          if (pwdClass != null) {
-            try {
-                mPasswordStore = (IPasswordStore)Class.forName(pwdClass).newInstance();
-            } catch (Exception e) {
-                CMS.debug("CMSEngine: getPasswordStore(): password store initialization failure:" + e.toString());
+                if (pwdClass != null) {
+                    try {
+                        mPasswordStore = (IPasswordStore) Class.forName(pwdClass).newInstance();
+                    } catch (Exception e) {
+                        CMS.debug("CMSEngine: getPasswordStore(): password store initialization failure:" + e.toString());
+                    }
+                }
+            } else {
+                CMS.debug("CMSEngine: getPasswordStore(): password store initialized before.");
             }
-          }
-        } else {
-          CMS.debug("CMSEngine: getPasswordStore(): password store initialized before.");
-        }
 
-        // have to initialize it because other places don't always
-        mPasswordStore.init(pwdPath); 
-        CMS.debug("CMSEngine: getPasswordStore(): password store initialized.");
-      } catch (Exception e) {
-        CMS.debug("CMSEngine: getPasswordStore(): failure:" + e.toString());
-      }
+            // have to initialize it because other places don't always
+            mPasswordStore.init(pwdPath);
+            CMS.debug("CMSEngine: getPasswordStore(): password store initialized.");
+        } catch (Exception e) {
+            CMS.debug("CMSEngine: getPasswordStore(): failure:" + e.toString());
+        }
 
-      return mPasswordStore;
+        return mPasswordStore;
     }
 
     /**
      * initialize all static, dynamic and final static subsystems.
+     * 
      * @param owner null
      * @param config main config store.
-     * @exception EBaseException if any error occur in subsystems during 
-     * initialization.
+     * @exception EBaseException if any error occur in subsystems during
+     *                initialization.
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         mOwner = owner;
         mConfig = config;
         int state = mConfig.getInteger("cs.state");
@@ -363,10 +363,10 @@ public class CMSEngine implements ICMSEngine {
         loadDynSubsystems();
 
         java.security.Security.addProvider(
-            new netscape.security.provider.CMS());
+                new netscape.security.provider.CMS());
 
         mSSReg.put(ID, this);
-        initSubsystems(mStaticSubsystems, false); 
+        initSubsystems(mStaticSubsystems, false);
 
         // Once the log subsystem is initialized, we
         // want to register a listener to catch
@@ -379,7 +379,7 @@ public class CMSEngine implements ICMSEngine {
         initSubsystems(mDynSubsystems, true);
         initSubsystems(mFinalSubsystems, false);
 
-        CMS.debug("Java version=" + (String)System.getProperty("java.version"));
+        CMS.debug("Java version=" + (String) System.getProperty("java.version"));
         java.security.Provider ps[] = java.security.Security.getProviders();
 
         if (ps == null || ps.length <= 0) {
@@ -395,8 +395,10 @@ public class CMSEngine implements ICMSEngine {
 
     /**
      * Parse ACL resource attributes
+     * 
      * @param resACLs same format as the resourceACLs attribute:
-     * <PRE>
+     * 
+     *            <PRE>
      *     <resource name>:<permission1,permission2,...permissionn>:
      *     <allow|deny> (<subset of the permission set>) <evaluator expression>
      * </PRE>
@@ -420,7 +422,7 @@ public class CMSEngine implements ICMSEngine {
 
             if (resource == null) {
                 String infoMsg = "resource not specified in resourceACLS attribute:" +
-                    resACLs;
+                        resACLs;
 
                 String[] params = new String[2];
 
@@ -438,7 +440,7 @@ public class CMSEngine implements ICMSEngine {
                 rightsString = st.substring(0, idx2);
             else {
                 String infoMsg =
-                    "rights not specified in resourceACLS attribute:" + resACLs;
+                        "rights not specified in resourceACLS attribute:" + resACLs;
                 String[] params = new String[2];
 
                 params[0] = resACLs;
@@ -487,7 +489,7 @@ public class CMSEngine implements ICMSEngine {
                 // fine
                 String infoMsg = "acls not specified in resourceACLS attribute:" +
 
-                    resACLs;
+                resACLs;
 
                 String[] params = new String[2];
 
@@ -511,24 +513,24 @@ public class CMSEngine implements ICMSEngine {
     private void parseServerXML() {
         try {
             String instanceRoot = mConfig.getString("instanceRoot");
-            String path = instanceRoot+File.separator+"conf"+File.separator+SERVER_XML;
+            String path = instanceRoot + File.separator + "conf" + File.separator + SERVER_XML;
             DOMParser parser = new DOMParser();
             parser.parse(path);
             NodeList nodes = parser.getDocument().getElementsByTagName("Connector");
-            String parentName="";
-            String name="";
-            String port="";
-            for (int i=0; i<nodes.getLength(); i++) {
-                Element n = (Element)nodes.item(i);
+            String parentName = "";
+            String name = "";
+            String port = "";
+            for (int i = 0; i < nodes.getLength(); i++) {
+                Element n = (Element) nodes.item(i);
 
                 parentName = "";
                 Element p = (Element) n.getParentNode();
-                if(p != null)  {
-                    parentName = p.getAttribute("name");   
+                if (p != null) {
+                    parentName = p.getAttribute("name");
                 }
                 name = n.getAttribute("name");
                 port = n.getAttribute("port");
-             
+
                 // The "server.xml" file is parsed from top-to-bottom, and
                 // supports BOTH "Port Separation" (the new default method)
                 // as well as "Shared Ports" (the old legacy method).  Since
@@ -574,37 +576,37 @@ public class CMSEngine implements ICMSEngine {
                 //     ...
                 //  </Catalina>
                 //
-                if ( parentName.equals("Catalina"))  {
-                    if( name.equals( "Unsecure" ) ) {
+                if (parentName.equals("Catalina")) {
+                    if (name.equals("Unsecure")) {
                         // Port Separation:  Unsecure Port
                         //                   OR
                         // Shared Ports:     Unsecure Port
                         info[EE_NON_SSL][PORT] = port;
-                    } else if( name.equals( "Agent" ) ) {
+                    } else if (name.equals("Agent")) {
                         // Port Separation:  Agent Secure Port
                         info[AGENT][PORT] = port;
-                    } else if( name.equals( "Admin" ) ) {
+                    } else if (name.equals("Admin")) {
                         // Port Separation:  Admin Secure Port
                         info[ADMIN][PORT] = port;
-                    } else if( name.equals( "EE" ) ) {
+                    } else if (name.equals("EE")) {
                         // Port Separation:  EE Secure Port
                         info[EE_SSL][PORT] = port;
-                    } else if( name.equals( "EEClientAuth" ) ) {
+                    } else if (name.equals("EEClientAuth")) {
                         // Port Separation: EE Client Auth Secure Port
-                        info[EE_CLIENT_AUTH_SSL][PORT] = port; 
-                    } else if( name.equals( "Secure" ) ) {
+                        info[EE_CLIENT_AUTH_SSL][PORT] = port;
+                    } else if (name.equals("Secure")) {
                         // Shared Ports:  Agent, EE, and Admin Secure Port
                         info[AGENT][PORT] = port;
                         info[ADMIN][PORT] = port;
                         info[EE_SSL][PORT] = port;
                         info[EE_CLIENT_AUTH_SSL][PORT] = port;
                     }
-                }   
-           }
- 
-           } catch (Exception e) {
-               CMS.debug("CMSEngine: parseServerXML exception: " + e.toString());
-           }
+                }
+            }
+
+        } catch (Exception e) {
+            CMS.debug("CMSEngine: parseServerXML exception: " + e.toString());
+        }
     }
 
     private void fixProxyPorts() throws EBaseException {
@@ -624,24 +626,22 @@ public class CMSEngine implements ICMSEngine {
         } catch (EBaseException e) {
             CMS.debug("CMSEngine: fixProxyPorts exception: " + e.toString());
             throw e;
-        }   
+        }
     }
 
-
     public IConfigStore createFileConfigStore(String path) throws EBaseException {
         try {
-          /* if the file is not there, create one */
-          File f = new File(path);
-          if (!f.exists()) {
-            f.createNewFile();
-          }
+            /* if the file is not there, create one */
+            File f = new File(path);
+            if (!f.exists()) {
+                f.createNewFile();
+            }
         } catch (Exception e) {
         }
 
-        
         return new FileConfigStore(path);
     }
-    
+
     public IArgBlock createArgBlock() {
         return new ArgBlock();
     }
@@ -684,7 +684,7 @@ public class CMSEngine implements ICMSEngine {
     }
 
     public ICRLIssuingPointRecord createCRLIssuingPointRecord(String
-        id, BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate) {
+            id, BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate) {
         return new CRLIssuingPointRecord(id, crlNumber, crlSize, thisUpdate, nextUpdate);
     }
 
@@ -778,17 +778,17 @@ public class CMSEngine implements ICMSEngine {
     }
 
     public IHttpConnection getHttpConnection(IRemoteAuthority authority,
-        ISocketFactory factory) {
+            ISocketFactory factory) {
         return new HttpConnection(authority, factory);
     }
 
     public IHttpConnection getHttpConnection(IRemoteAuthority authority,
-        ISocketFactory factory, int timeout) {
+            ISocketFactory factory, int timeout) {
         return new HttpConnection(authority, factory, timeout);
     }
 
     public IResender getResender(IAuthority authority, String nickname,
-        IRemoteAuthority remote, int interval) {
+            IRemoteAuthority remote, int interval) {
         return new Resender(authority, nickname, remote, interval);
     }
 
@@ -796,31 +796,31 @@ public class CMSEngine implements ICMSEngine {
         return new HttpPKIMessage();
     }
 
-    public  ILdapConnInfo getLdapConnInfo(IConfigStore config)
-        throws EBaseException, ELdapException {
+    public ILdapConnInfo getLdapConnInfo(IConfigStore config)
+            throws EBaseException, ELdapException {
         return new LdapConnInfo(config);
     }
 
-    public   LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory(
-        String certNickname) {
+    public LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory(
+            String certNickname) {
         return new LdapJssSSLSocketFactory(certNickname);
     }
 
-    public   LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory() {
+    public LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory() {
         return new LdapJssSSLSocketFactory();
     }
 
-    public  ILdapAuthInfo getLdapAuthInfo() {
+    public ILdapAuthInfo getLdapAuthInfo() {
         return new LdapAuthInfo();
     }
 
-    public  ILdapConnFactory getLdapBoundConnFactory()
-        throws ELdapException {
+    public ILdapConnFactory getLdapBoundConnFactory()
+            throws ELdapException {
         return new LdapBoundConnFactory();
     }
 
-    public  ILdapConnFactory getLdapAnonConnFactory()
-        throws ELdapException {
+    public ILdapConnFactory getLdapAnonConnFactory()
+            throws ELdapException {
         return new LdapAnonConnFactory();
     }
 
@@ -844,8 +844,8 @@ public class CMSEngine implements ICMSEngine {
      * initialize an array of subsystem info.
      */
     private void initSubsystems(SubsystemInfo[] sslist, boolean doSetId)
-        throws EBaseException {
-        if (sslist == null) 
+            throws EBaseException {
+        if (sslist == null)
             return;
         for (int i = 0; i < sslist.length; i++) {
             initSubsystem(sslist[i], doSetId);
@@ -856,7 +856,7 @@ public class CMSEngine implements ICMSEngine {
      * load dynamic subsystems
      */
     private void loadDynSubsystems()
-        throws EBaseException {
+            throws EBaseException {
         IConfigStore ssconfig = mConfig.getSubStore(PROP_SUBSYSTEM);
 
         // count number of dyn loaded subsystems. 
@@ -864,26 +864,26 @@ public class CMSEngine implements ICMSEngine {
         int nsubsystems = 0;
 
         for (nsubsystems = 0; ssnames.hasMoreElements(); nsubsystems++)
-            ssnames.nextElement(); 
+            ssnames.nextElement();
         if (Debug.ON) {
             Debug.trace(nsubsystems + " dyn subsystems loading..");
         }
-        if (nsubsystems == 0) 
+        if (nsubsystems == 0)
             return;
 
-            // load dyn subsystems.
+        // load dyn subsystems.
         mDynSubsystems = new SubsystemInfo[nsubsystems];
         ssnames = ssconfig.getSubStoreNames();
         for (int i = 0; i < mDynSubsystems.length; i++) {
-            IConfigStore config = 
-                ssconfig.getSubStore(String.valueOf(i));
+            IConfigStore config =
+                    ssconfig.getSubStore(String.valueOf(i));
             String id = config.getString(PROP_ID);
             String classname = config.getString(PROP_CLASS);
             ISubsystem ss = null;
 
             try {
                 ss = (ISubsystem) Class.forName(classname).newInstance();
-            } catch (InstantiationException e) { 
+            } catch (InstantiationException e) {
                 throw new EBaseException(
                         CMS.getUserMessage("CMS_BASE_LOAD_FAILED_1", id, e.toString()));
             } catch (IllegalAccessException e) {
@@ -900,23 +900,22 @@ public class CMSEngine implements ICMSEngine {
 
     public LDAPConnection getBoundConnection(String host, int port,
                int version, LDAPSSLSocketFactoryExt fac, String bindDN,
-               String bindPW) throws LDAPException
-    {
-          return new LdapBoundConnection(host, port, version, fac,
-             bindDN, bindPW);
+               String bindPW) throws LDAPException {
+        return new LdapBoundConnection(host, port, version, fac,
+                bindDN, bindPW);
     }
 
     /**
-     * initialize a subsystem 
+     * initialize a subsystem
      */
-    private void initSubsystem(SubsystemInfo ssinfo, boolean doSetId) 
-        throws EBaseException {
+    private void initSubsystem(SubsystemInfo ssinfo, boolean doSetId)
+            throws EBaseException {
         String id = ssinfo.mId;
         ISubsystem ss = ssinfo.mInstance;
         IConfigStore ssConfig = mConfig.getSubStore(id);
 
         CMS.debug("CMSEngine: initSubsystem id=" + id);
-        if (doSetId) 
+        if (doSetId)
             ss.setId(id);
         CMS.debug("CMSEngine: ready to init id=" + id);
         ss.init(this, ssConfig);
@@ -925,8 +924,8 @@ public class CMSEngine implements ICMSEngine {
         mSSReg.put(id, ss);
         CMS.debug("CMSEngine: initialized " + id);
 
-        if(id.equals("ca") || id.equals("ocsp") ||
-            id.equals("kra") || id.equals("tks")) {
+        if (id.equals("ca") || id.equals("ocsp") ||
+                id.equals("kra") || id.equals("tks")) {
             CMS.debug("CMSEngine::initSubsystem " + id + " Java subsytem about to calculate serverCertNickname. ");
             // get SSL server nickname
             IConfigStore serverCertStore = mConfig.getSubStore(id + "." + "sslserver");
@@ -934,12 +933,12 @@ public class CMSEngine implements ICMSEngine {
                 String nickName = serverCertStore.getString("nickname");
                 String tokenName = serverCertStore.getString("tokenname");
                 if (tokenName != null && tokenName.length() > 0 &&
-                    nickName != null && nickName.length() > 0) {
+                        nickName != null && nickName.length() > 0) {
                     CMS.setServerCertNickname(tokenName, nickName);
-                    CMS.debug("Subsystem " + id + " init sslserver:  tokenName:"+tokenName+"  nickName:"+nickName);
+                    CMS.debug("Subsystem " + id + " init sslserver:  tokenName:" + tokenName + "  nickName:" + nickName);
                 } else if (nickName != null && nickName.length() > 0) {
                     CMS.setServerCertNickname(nickName);
-                    CMS.debug("Subsystem " + id + " init sslserver:  nickName:"+nickName);
+                    CMS.debug("Subsystem " + id + " init sslserver:  nickName:" + nickName);
                 } else {
                     CMS.debug("Subsystem " + id + " init error: SSL server certificate nickname is not available.");
                 }
@@ -955,6 +954,7 @@ public class CMSEngine implements ICMSEngine {
 
     /**
      * Starts up all subsystems. subsystems must be initialized.
+     * 
      * @exception EBaseException if any subsystem fails to startup.
      */
     public void startup() throws EBaseException {
@@ -981,7 +981,7 @@ public class CMSEngine implements ICMSEngine {
 
             CMS.debug("CMSEngine: checking certificate serial number ranges");
             ca.getCertificateRepository().checkRanges();
-        } 
+        }
 
         IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) getSubsystem("kra");
         if ((kra != null) && !isPreOpMode()) {
@@ -998,10 +998,10 @@ public class CMSEngine implements ICMSEngine {
          * @reason all subsystems are initialized and started.
          */
         Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN,
-            ILogger.LL_INFO, CMS.getLogMessage("SERVER_STARTUP"));
+                ILogger.LL_INFO, CMS.getLogMessage("SERVER_STARTUP"));
         System.out.println(Constants.SERVER_STARTUP_MESSAGE);
         isStarted = true;
-       
+
     }
 
     public boolean isInRunningState() {
@@ -1011,31 +1011,31 @@ public class CMSEngine implements ICMSEngine {
     public byte[] getPKCS7(Locale locale, IRequest req) {
         try {
             X509CertImpl cert = req.getExtDataInCert(
-              IEnrollProfile.REQUEST_ISSUED_CERT);
+                    IEnrollProfile.REQUEST_ISSUED_CERT);
             if (cert == null)
                 return null;
-            
+
             ICertificateAuthority ca = (ICertificateAuthority)
-              CMS.getSubsystem("ca");
+                    CMS.getSubsystem("ca");
             CertificateChain cachain = ca.getCACertChain();
             X509Certificate[] cacerts = cachain.getChain();
 
             X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
             int m = 1, n = 0;
-    
+
             for (; n < cacerts.length; m++, n++) {
                 userChain[m] = (X509CertImpl) cacerts[n];
             }
 
             userChain[0] = cert;
             PKCS7 p7 = new PKCS7(new AlgorithmId[0],
-              new ContentInfo(new byte[0]),
-              userChain,
-              new SignerInfo[0]);
+                    new ContentInfo(new byte[0]),
+                    userChain,
+                    new SignerInfo[0]);
             ByteArrayOutputStream bos = new ByteArrayOutputStream();
 
             p7.encodeSignedData(bos);
-            return bos.toByteArray(); 
+            return bos.toByteArray();
         } catch (Exception e) {
             return null;
         }
@@ -1046,11 +1046,11 @@ public class CMSEngine implements ICMSEngine {
     }
 
     public void setServerCertNickname(String tokenName, String
-        nickName) {
+            nickName) {
         String newName = null;
 
         if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME) ||
-            tokenName.equalsIgnoreCase("Internal Key Storage Token"))
+                tokenName.equalsIgnoreCase("Internal Key Storage Token"))
             newName = nickName;
         else {
             if (tokenName.equals("") && nickName.equals(""))
@@ -1063,83 +1063,83 @@ public class CMSEngine implements ICMSEngine {
 
     public void setServerCertNickname(String newName) {
         // modify server.xml
-/*
-        String filePrefix = instanceDir + File.separator +
-            "config" + File.separator;
-        String orig = filePrefix + "server.xml";
-        String dest = filePrefix + "server.xml.bak";
-        String newF = filePrefix + "server.xml.new";
-
-        // save the old copy
-        Utils.copy(orig, dest);
-
-        BufferedReader in1 = null;
-        PrintWriter out1 = null;
+        /*
+                String filePrefix = instanceDir + File.separator +
+                    "config" + File.separator;
+                String orig = filePrefix + "server.xml";
+                String dest = filePrefix + "server.xml.bak";
+                String newF = filePrefix + "server.xml.new";
+
+                // save the old copy
+                Utils.copy(orig, dest);
+
+                BufferedReader in1 = null;
+                PrintWriter out1 = null;
+
+                try {
+                    in1 = new BufferedReader(new FileReader(dest));
+                    out1 = new PrintWriter(
+                                new BufferedWriter(new FileWriter(newF)));
+                    String line = "";
+
+                    while (in1.ready()) {
+                        line = in1.readLine();
+                        if (line != null)
+                            out1.println(lineParsing(line, newName)); 
+                    }
 
-        try {
-            in1 = new BufferedReader(new FileReader(dest));
-            out1 = new PrintWriter(
-                        new BufferedWriter(new FileWriter(newF)));
-            String line = "";
-
-            while (in1.ready()) {
-                line = in1.readLine();
-                if (line != null)
-                    out1.println(lineParsing(line, newName)); 
-            }
+                    out1.close();
+                    in1.close();
+                } catch (Exception eee) {
+                    Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN,
+                        ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", eee.toString()));
+                }
 
-            out1.close();
-            in1.close();
-        } catch (Exception eee) {
-            Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN,
-                ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", eee.toString()));
-        }
+                File file = new File(newF);
+                File nfile = new File(orig);
 
-        File file = new File(newF);
-        File nfile = new File(orig);
+                try {
+                    boolean success = file.renameTo(nfile);
 
-        try {
-            boolean success = file.renameTo(nfile);
-
-            if (!success) {
-                if (Utils.isNT()) {
-                    // NT is very picky on the path
-                    Utils.exec("copy " +
-                        file.getAbsolutePath().replace('/', '\\') + " " +
-                        nfile.getAbsolutePath().replace('/', '\\'));
-                } else {
-                    Utils.exec("cp " + file.getAbsolutePath() + " " +
-                        nfile.getAbsolutePath());
+                    if (!success) {
+                        if (Utils.isNT()) {
+                            // NT is very picky on the path
+                            Utils.exec("copy " +
+                                file.getAbsolutePath().replace('/', '\\') + " " +
+                                nfile.getAbsolutePath().replace('/', '\\'));
+                        } else {
+                            Utils.exec("cp " + file.getAbsolutePath() + " " +
+                                nfile.getAbsolutePath());
+                        }
+                    }
+                } catch (Exception exx) {
+                    Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN,
+                        ILogger.LL_FAILURE, "CMSEngine: Error " + exx.toString());
                 }
-            }
-        } catch (Exception exx) {
-            Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN,
-                ILogger.LL_FAILURE, "CMSEngine: Error " + exx.toString());
-        }
-        // update "cache" for CMS.getServerCertNickname()
-*/
+                // update "cache" for CMS.getServerCertNickname()
+        */
         mServerCertNickname = newName;
     }
 
     public String getFingerPrint(Certificate cert)
-        throws CertificateEncodingException, NoSuchAlgorithmException {
+            throws CertificateEncodingException, NoSuchAlgorithmException {
         return CertUtils.getFingerPrint(cert);
     }
 
     public String getFingerPrints(Certificate cert)
-        throws NoSuchAlgorithmException, CertificateEncodingException {
+            throws NoSuchAlgorithmException, CertificateEncodingException {
         return CertUtils.getFingerPrints(cert);
     }
 
     public String getFingerPrints(byte[] certDer)
-        throws NoSuchAlgorithmException {
+            throws NoSuchAlgorithmException {
         return CertUtils.getFingerPrints(certDer);
     }
 
     public String getUserMessage(Locale locale, String msgID, String params[]) {
         // if locale is null, try to get it out from session context
         if (locale == null) {
-            SessionContext sc = SessionContext.getExistingContext(); 
+            SessionContext sc = SessionContext.getExistingContext();
 
             if (sc != null)
                 locale = (Locale) sc.get(SessionContext.LOCALE);
@@ -1178,8 +1178,8 @@ public class CMSEngine implements ICMSEngine {
         return getUserMessage(locale, msgID, params);
     }
 
-    public String getUserMessage(Locale locale, String msgID, 
-        String p1, String p2, String p3) {
+    public String getUserMessage(Locale locale, String msgID,
+            String p1, String p2, String p3) {
         String params[] = { p1, p2, p3 };
 
         return getUserMessage(locale, msgID, params);
@@ -1198,7 +1198,7 @@ public class CMSEngine implements ICMSEngine {
     }
 
     public void debug(byte data[]) {
-        if (!debugOn()) { 
+        if (!debugOn()) {
             // this helps to not saving stuff to file when debug
             // is disable
             return;
@@ -1207,7 +1207,7 @@ public class CMSEngine implements ICMSEngine {
     }
 
     public void debug(int level, String msg) {
-        if (!debugOn()) { 
+        if (!debugOn()) {
             // this helps to not saving stuff to file when debug
             // is disable
             return;
@@ -1216,7 +1216,7 @@ public class CMSEngine implements ICMSEngine {
     }
 
     public void debug(String msg) {
-        if (!debugOn()) { 
+        if (!debugOn()) {
             // this helps to not saving stuff to file when debug
             // is disable
             return;
@@ -1225,7 +1225,7 @@ public class CMSEngine implements ICMSEngine {
     }
 
     public void debug(Throwable e) {
-        if (!debugOn()) { 
+        if (!debugOn()) {
             // this helps to not saving stuff to file when debug
             // is disable
             return;
@@ -1244,14 +1244,15 @@ public class CMSEngine implements ICMSEngine {
     public void traceHashKey(String type, String key) {
         Debug.traceHashKey(type, key);
     }
+
     public void traceHashKey(String type, String key, String val) {
         Debug.traceHashKey(type, key, val);
     }
+
     public void traceHashKey(String type, String key, String val, String def) {
         Debug.traceHashKey(type, key, val, def);
     }
 
-
     public String getLogMessage(String msgID) {
         return getLogMessage(msgID, (String[]) null);
     }
@@ -1310,67 +1311,67 @@ public class CMSEngine implements ICMSEngine {
         return getLogMessage(msgID, params);
     }
 
-    public  void getSubjAltNameConfigDefaultParams(String name,
-        Vector<String> params) {
+    public void getSubjAltNameConfigDefaultParams(String name,
+            Vector<String> params) {
         GeneralNameUtil.SubjAltNameGN.getDefaultParams(name, params);
     }
 
-    public  void getSubjAltNameConfigExtendedPluginInfo(String name,
-        Vector<String> params) {
+    public void getSubjAltNameConfigExtendedPluginInfo(String name,
+            Vector<String> params) {
         GeneralNameUtil.SubjAltNameGN.getExtendedPluginInfo(name, params);
     }
 
-    public  ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) throws EBaseException {
+    public ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) throws EBaseException {
         return new GeneralNameUtil.SubjAltNameGN(name, config, isValueConfigured);
     }
 
-    public  GeneralName form_GeneralNameAsConstraints(String generalNameChoice, String value) throws EBaseException {
+    public GeneralName form_GeneralNameAsConstraints(String generalNameChoice, String value) throws EBaseException {
         return GeneralNameUtil.form_GeneralNameAsConstraints(generalNameChoice, value);
     }
 
-    public  GeneralName form_GeneralName(String generalNameChoice,
-        String value) throws EBaseException {
+    public GeneralName form_GeneralName(String generalNameChoice,
+            String value) throws EBaseException {
         return GeneralNameUtil.form_GeneralName(generalNameChoice, value);
     }
 
-    public  void getGeneralNameConfigDefaultParams(String name,
-        boolean isValueConfigured, Vector<String> params) {
+    public void getGeneralNameConfigDefaultParams(String name,
+            boolean isValueConfigured, Vector<String> params) {
         GeneralNameUtil.GeneralNameConfig.getDefaultParams(name, isValueConfigured, params);
     }
 
-    public  void getGeneralNamesConfigDefaultParams(String name,
-        boolean isValueConfigured, Vector<String> params) {
+    public void getGeneralNamesConfigDefaultParams(String name,
+            boolean isValueConfigured, Vector<String> params) {
         GeneralNameUtil.GeneralNamesConfig.getDefaultParams(name, isValueConfigured, params);
     }
 
-    public  void getGeneralNameConfigExtendedPluginInfo(String name,
-        boolean isValueConfigured, Vector<String> info) {
+    public void getGeneralNameConfigExtendedPluginInfo(String name,
+            boolean isValueConfigured, Vector<String> info) {
         GeneralNameUtil.GeneralNameConfig.getExtendedPluginInfo(name, isValueConfigured, info);
     }
 
-    public  void getGeneralNamesConfigExtendedPluginInfo(String name,
-        boolean isValueConfigured, Vector<String> info) {
+    public void getGeneralNamesConfigExtendedPluginInfo(String name,
+            boolean isValueConfigured, Vector<String> info) {
         GeneralNameUtil.GeneralNamesConfig.getExtendedPluginInfo(name, isValueConfigured, info);
     }
 
-    public  IGeneralNamesConfig createGeneralNamesConfig(String name,
-        IConfigStore config, boolean isValueConfigured,
-        boolean isPolicyEnabled) throws EBaseException {
+    public IGeneralNamesConfig createGeneralNamesConfig(String name,
+            IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException {
         return new GeneralNameUtil.GeneralNamesConfig(name, config, isValueConfigured, isPolicyEnabled);
     }
 
-    public  IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
-        boolean isPolicyEnabled) throws EBaseException {
+    public IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException {
         return new GeneralNameUtil.GeneralNameAsConstraintsConfig(name, config, isValueConfigured, isPolicyEnabled);
     }
 
-    public  IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
-        boolean isPolicyEnabled) throws EBaseException {
+    public IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException {
         return new GeneralNameUtil.GeneralNamesAsConstraintsConfig(name, config, isValueConfigured, isPolicyEnabled);
     }
 
     public ObjectIdentifier checkOID(String attrName, String value)
-        throws EBaseException {
+            throws EBaseException {
         return CertUtils.checkOID(attrName, value);
     }
 
@@ -1384,10 +1385,9 @@ public class CMSEngine implements ICMSEngine {
 
     public String getEncodedCert(X509Certificate cert) {
         try {
-            return
-                "-----BEGIN CERTIFICATE-----\n" +
-                CMS.BtoA(cert.getEncoded()) +
-                "\n-----END CERTIFICATE-----\n";
+            return "-----BEGIN CERTIFICATE-----\n" +
+                    CMS.BtoA(cert.getEncoded()) +
+                    "\n-----END CERTIFICATE-----\n";
         } catch (Exception e) {
             return null;
         }
@@ -1439,10 +1439,10 @@ public class CMSEngine implements ICMSEngine {
 
     public IMailNotification getMailNotification() {
         try {
-            String className = mConfig.getString("notificationClassName", 
+            String className = mConfig.getString("notificationClassName",
                     "com.netscape.cms.notification.MailNotification");
             IMailNotification notification = (IMailNotification)
-                Class.forName(className).newInstance();
+                    Class.forName(className).newInstance();
 
             return notification;
         } catch (Exception e) {
@@ -1475,7 +1475,7 @@ public class CMSEngine implements ICMSEngine {
             String className = mConfig.getString("passwordCheckerClass",
                     "com.netscape.cms.password.PasswordChecker");
             IPasswordCheck check = (IPasswordCheck)
-                Class.forName(className).newInstance();
+                    Class.forName(className).newInstance();
 
             return check;
         } catch (Exception e) {
@@ -1494,8 +1494,8 @@ public class CMSEngine implements ICMSEngine {
     /**
      * starts up subsystems in a subsystem list..
      */
-    private void startupSubsystems(SubsystemInfo[] sslist) 
-        throws EBaseException {
+    private void startupSubsystems(SubsystemInfo[] sslist)
+            throws EBaseException {
         ISubsystem ss = null;
 
         for (int i = 0; i < sslist.length; i++) {
@@ -1519,7 +1519,7 @@ public class CMSEngine implements ICMSEngine {
 
         while (e.hasMoreElements()) {
             Object thisRequest = e.nextElement();
-                   
+
             HttpServlet thisServlet = (HttpServlet) CommandQueue.mCommandQueue.get(thisRequest);
 
             if (thisServlet != null) {
@@ -1528,6 +1528,7 @@ public class CMSEngine implements ICMSEngine {
             }
         }
     }
+
     public static boolean isNT() {
         return (File.separator.equals("\\"));
     }
@@ -1542,17 +1543,16 @@ public class CMSEngine implements ICMSEngine {
                 cmds = new String[3];
                 cmds[0] = "cmd";
                 cmds[1] = "/c";
-                cmds[2] = instanceDir +"\\" + cmd;
+                cmds[2] = instanceDir + "\\" + cmd;
             } else {
                 // UNIX
                 cmds = new String[3];
                 cmds[0] = "/bin/sh";
                 cmds[1] = "-c";
-                cmds[2] = instanceDir +"/" +cmd;
+                cmds[2] = instanceDir + "/" + cmd;
             }
 
-            Process process = Runtime.getRuntime().exec(cmds); 
-
+            Process process = Runtime.getRuntime().exec(cmds);
 
             process.waitFor();
 
@@ -1562,38 +1562,39 @@ public class CMSEngine implements ICMSEngine {
 
         }
     } // end shutdownHttpServer
+
     /**
-     * Shuts down subsystems in backwards order 
+     * Shuts down subsystems in backwards order
      * exceptions are ignored. process exists at end to force exit.
      */
     public void shutdown() {
         Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN,
-            ILogger.LL_INFO, Constants.SERVER_SHUTDOWN_MESSAGE);
+                ILogger.LL_INFO, Constants.SERVER_SHUTDOWN_MESSAGE);
 
         CMS.debug("CMSEngine.shutdown()");
-       
-/*
-        CommandQueue commandQueue = new CommandQueue();
-        Thread t1 = new Thread(commandQueue);
 
-        t1.setDaemon(true);
-        t1.start();
-        
-        // wait for command queue to emptied before proceeding to shutting down subsystems
-        Date time = new Date();
-        long startTime = time.getTime();
-        long timeOut = time.getTime();
+        /*
+                CommandQueue commandQueue = new CommandQueue();
+                Thread t1 = new Thread(commandQueue);
 
-        while (t1.isAlive() && ((timeOut - startTime) < (60 * 1000))) //wait for 1 minute
-        {
-            try {
-                Thread.currentThread().sleep(5000); // sleep for 5 sec
-            }catch (java.lang.InterruptedException e) {
-            }
-            timeOut = time.getTime();
-        }
-        terminateRequests();
-*/
+                t1.setDaemon(true);
+                t1.start();
+                
+                // wait for command queue to emptied before proceeding to shutting down subsystems
+                Date time = new Date();
+                long startTime = time.getTime();
+                long timeOut = time.getTime();
+
+                while (t1.isAlive() && ((timeOut - startTime) < (60 * 1000))) //wait for 1 minute
+                {
+                    try {
+                        Thread.currentThread().sleep(5000); // sleep for 5 sec
+                    }catch (java.lang.InterruptedException e) {
+                    }
+                    timeOut = time.getTime();
+                }
+                terminateRequests();
+        */
 
         shutdownSubsystems(mFinalSubsystems);
         shutdownSubsystems(mDynSubsystems);
@@ -1611,7 +1612,7 @@ public class CMSEngine implements ICMSEngine {
     public void forceShutdown() {
 
         Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN,
-            ILogger.LL_INFO, Constants.SERVER_SHUTDOWN_MESSAGE);
+                ILogger.LL_INFO, Constants.SERVER_SHUTDOWN_MESSAGE);
 
         CMS.debug("CMSEngine.forceShutdown()");
 
@@ -1629,8 +1630,8 @@ public class CMSEngine implements ICMSEngine {
         while (t1.isAlive() && ((timeOut - startTime) < (60 * 1000))) //wait for 1 minute
         {
             try {
-				Thread.sleep(5000); // sleep for 5 sec
-            }catch (java.lang.InterruptedException e) {
+                Thread.sleep(5000); // sleep for 5 sec
+            } catch (java.lang.InterruptedException e) {
             }
             timeOut = time.getTime();
         }
@@ -1647,12 +1648,11 @@ public class CMSEngine implements ICMSEngine {
      * shuts down a subsystem list in reverse order.
      */
     private void shutdownSubsystems(SubsystemInfo[] sslist) {
-        if (sslist == null) 
+        if (sslist == null)
             return;
 
         for (int i = sslist.length - 1; i >= 0; i--) {
-            if (sslist[i] != null && sslist[i].mInstance != null) 
-            {
+            if (sslist[i] != null && sslist[i].mInstance != null) {
                 sslist[i].mInstance.shutdown();
             }
         }
@@ -1679,7 +1679,7 @@ public class CMSEngine implements ICMSEngine {
         } catch (EBaseException e) {
             // intercept this for now -- don't want to change the callers
             Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SDR_ADD_ERROR", e.toString()));
+                    ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SDR_ADD_ERROR", e.toString()));
         }
     }
 
@@ -1707,22 +1707,22 @@ public class CMSEngine implements ICMSEngine {
     }
 
     public static void upgradeConfig(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         String version = c.getString("cms.version", "pre4.2");
 
         if (version.equals("4.22")) {
             Upgrade.perform422to45(c);
-        }else if (version.equals("4.2")) {
+        } else if (version.equals("4.2")) {
             // SUPPORT UPGRADE FROM 4.2 to 4.2 (SP2)
             Upgrade.perform42to422(c);
             Upgrade.perform422to45(c);
         } else {
             // ONLY SUPPORT UPGRADE FROM 4.2 to 4.2 (SP2)
             /**
-             if (!version.equals("pre4.2"))
-             return;
-
-             Upgrade.perform(c);
+             * if (!version.equals("pre4.2"))
+             * return;
+             * 
+             * Upgrade.perform(c);
              **/
         }
     }
@@ -1753,10 +1753,10 @@ public class CMSEngine implements ICMSEngine {
 
         try {
             IRegistrationAuthority ra = (IRegistrationAuthority)
-                SubsystemRegistry.getInstance().get("ra");
+                    SubsystemRegistry.getInstance().get("ra");
 
             if (ra != null) {
-                  queue = ra.getRequestQueue();
+                queue = ra.getRequestQueue();
             }
 
         } catch (Exception e) {
@@ -1788,8 +1788,8 @@ public class CMSEngine implements ICMSEngine {
                 result = mVCList.check(cert);
             }
             if (result != VerifiedCert.REVOKED &&
-                result != VerifiedCert.NOT_REVOKED &&
-                result != VerifiedCert.CHECKED) {
+                    result != VerifiedCert.NOT_REVOKED &&
+                    result != VerifiedCert.CHECKED) {
 
                 CertificateRepository certDB = (CertificateRepository) getCertDB();
 
@@ -1815,9 +1815,9 @@ public class CMSEngine implements ICMSEngine {
                         try {
                             checkRevReq = queue.newRequest(CertRequestConstants.GETREVOCATIONINFO_REQUEST);
                             checkRevReq.setExtData(IRequest.REQ_TYPE,
-                                CertRequestConstants.GETREVOCATIONINFO_REQUEST);
+                                    CertRequestConstants.GETREVOCATIONINFO_REQUEST);
                             checkRevReq.setExtData(IRequest.REQUESTOR_TYPE,
-                                IRequest.REQUESTOR_RA);
+                                    IRequest.REQUESTOR_RA);
 
                             X509CertImpl agentCerts[] = new X509CertImpl[certificates.length];
 
@@ -1865,12 +1865,11 @@ public class CMSEngine implements ICMSEngine {
     }
 
     private void log(int level, String msg) {
-        Logger.getLogger().log(ILogger.EV_SYSTEM, null, 
-            ILogger.S_AUTHENTICATION, level, msg);
+        Logger.getLogger().log(ILogger.EV_SYSTEM, null,
+                ILogger.S_AUTHENTICATION, level, msg);
     }
 }
 
-
 class WarningListener implements ILogEventListener {
     private StringBuffer mSB = null;
 
@@ -1903,8 +1902,8 @@ class WarningListener implements ILogEventListener {
         return null;
     }
 
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
     }
 
     public void startup() {
@@ -1912,10 +1911,10 @@ class WarningListener implements ILogEventListener {
 
     /**
      * Retrieve last "maxLine" number of system log with log lever >"level"
-     * and from  source "source". If the parameter is omitted. All entries
+     * and from source "source". If the parameter is omitted. All entries
      * are sent back.
      */
-    public synchronized NameValuePairs retrieveLogContent(Hashtable<String, String>  req) throws ServletException,
+    public synchronized NameValuePairs retrieveLogContent(Hashtable<String, String> req) throws ServletException,
             IOException, EBaseException {
         return null;
     }
@@ -1923,7 +1922,7 @@ class WarningListener implements ILogEventListener {
     /**
      * Retrieve log file list.
      */
-    public synchronized NameValuePairs retrieveLogList(Hashtable<String, String>  req) throws ServletException,
+    public synchronized NameValuePairs retrieveLogList(Hashtable<String, String> req) throws ServletException,
             IOException, EBaseException {
         return null;
     }
@@ -1949,14 +1948,13 @@ class WarningListener implements ILogEventListener {
     }
 }
 
-
 class SubsystemInfo {
     public final String mId;
     public final ISubsystem mInstance;
+
     public SubsystemInfo(String id, ISubsystem ssInstance) {
         mId = id;
         mInstance = ssInstance;
     }
-    
-}
 
+}
diff --git a/pki/base/common/src/com/netscape/cmscore/apps/CommandQueue.java b/pki/base/common/src/com/netscape/cmscore/apps/CommandQueue.java
index 41b31049..c4b14dc1 100644
--- a/pki/base/common/src/com/netscape/cmscore/apps/CommandQueue.java
+++ b/pki/base/common/src/com/netscape/cmscore/apps/CommandQueue.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.apps;
 
-
 import java.util.Hashtable;
 
 import javax.servlet.Servlet;
@@ -25,23 +24,22 @@ import javax.servlet.Servlet;
 import com.netscape.certsrv.apps.ICommandQueue;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /*---------------------------------------------------------------
  ** CommandQueue - Class
  */
 
 /**
- *  register and unregister proccess for clean shutdown
+ * register and unregister proccess for clean shutdown
  */
 public class CommandQueue implements Runnable, ICommandQueue {
 
-    public static Hashtable<CMSRequest, Servlet> mCommandQueue = new Hashtable<CMSRequest, Servlet>(); 
+    public static Hashtable<CMSRequest, Servlet> mCommandQueue = new Hashtable<CMSRequest, Servlet>();
     public static boolean mShuttingDown = false;
 
     /*-----------------------------------------------------------
      ** CommandQueue - Constructor
      */
-    
+
     /**
      * Main constructor.
      */
@@ -52,7 +50,7 @@ public class CommandQueue implements Runnable, ICommandQueue {
     /*-----------------------------------------------------------
      ** run
      */
-    
+
     /**
      * Overrides Thread.run(), calls batchPublish().
      */
@@ -65,7 +63,7 @@ public class CommandQueue implements Runnable, ICommandQueue {
         mShuttingDown = true;
         while (mCommandQueue.isEmpty() == false) {
             try {
-				Thread.sleep(5 * 1000);
+                Thread.sleep(5 * 1000);
                 //gcProcess();
             } catch (Exception e) {
 
@@ -78,9 +76,9 @@ public class CommandQueue implements Runnable, ICommandQueue {
             if ((currentServlet instanceof com.netscape.cms.servlet.base.CMSStartServlet) == false)
                 mCommandQueue.put(currentRequest, currentServlet);
             return true;
-        }else
+        } else
             return false;
-        
+
     }
 
     public void unRegisterProccess(Object currentRequest, Object currentServlet) {
@@ -88,13 +86,13 @@ public class CommandQueue implements Runnable, ICommandQueue {
 
         while (e.hasMoreElements()) {
             Object thisRequest = e.nextElement();
-      
+
             if (thisRequest.equals(currentRequest)) {
                 if (mCommandQueue.get(currentRequest).equals(currentServlet))
                     mCommandQueue.remove(currentRequest);
             }
         }
-            
+
     }
 } // CommandQueue
 
diff --git a/pki/base/common/src/com/netscape/cmscore/apps/PKIServerEvent.java b/pki/base/common/src/com/netscape/cmscore/apps/PKIServerEvent.java
index 27d2e3f7..e815a994 100644
--- a/pki/base/common/src/com/netscape/cmscore/apps/PKIServerEvent.java
+++ b/pki/base/common/src/com/netscape/cmscore/apps/PKIServerEvent.java
@@ -17,11 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.apps;
 
-
 /**
  * A class represents a PKIServer event.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/apps/PKIServerListener.java b/pki/base/common/src/com/netscape/cmscore/apps/PKIServerListener.java
index 78fe9069..bef70ce8 100644
--- a/pki/base/common/src/com/netscape/cmscore/apps/PKIServerListener.java
+++ b/pki/base/common/src/com/netscape/cmscore/apps/PKIServerListener.java
@@ -17,12 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.apps;
 
-
 /**
  * A class represents a listener that listens to
  * PKIServer event.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/apps/Setup.java b/pki/base/common/src/com/netscape/cmscore/apps/Setup.java
index 3eb897cc..5ce0c6d2 100644
--- a/pki/base/common/src/com/netscape/cmscore/apps/Setup.java
+++ b/pki/base/common/src/com/netscape/cmscore/apps/Setup.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.apps;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
-
 /**
  * Select certificate server serices.
- *
+ * 
  * @author thomask
  * @author nicolson
  * @version $Revision$, $Date$
@@ -34,52 +32,53 @@ public class Setup {
     // These are a bunch of fixed values that just need to be stored to the
     // config file before the server is started.
     public static final String[][] authEntries = new String[][] {
-            {"auths._000", "##"},
-            {"auths._001", "## new authentication"},
-            {"auths._002", "##"},
-            {"auths.impl._000", "##"},
-            {"auths.impl._001", "## authentication manager implementations"},
-            {"auths.impl._002", "##"},
-            {"auths.impl.UidPwdDirAuth.class", "com.netscape.cms.authentication.UidPwdDirAuthentication"},
-            {"auths.impl.UidPwdPinDirAuth.class", "com.netscape.cms.authentication.UidPwdPinDirAuthentication"},
-            {"auths.impl.UdnPwdDirAuth.class", "com.netscape.cms.authentication.UdnPwdDirAuthentication"},
-            {"auths.impl.NISAuth.class", "com.netscape.cms.authentication.NISAuth"},
-            {"auths.impl.CMCAuth.class", "com.netscape.cms.authentication.CMCAuth"},
-            {"auths.impl.AgentCertAuth.class", "com.netscape.cms.authentication.AgentCertAuthentication"},
-            {"auths.impl.PortalEnroll.class", "com.netscape.cms.authentication.PortalEnroll"
+            { "auths._000", "##" },
+            { "auths._001", "## new authentication" },
+            { "auths._002", "##" },
+            { "auths.impl._000", "##" },
+            { "auths.impl._001", "## authentication manager implementations" },
+            { "auths.impl._002", "##" },
+            { "auths.impl.UidPwdDirAuth.class", "com.netscape.cms.authentication.UidPwdDirAuthentication" },
+            { "auths.impl.UidPwdPinDirAuth.class", "com.netscape.cms.authentication.UidPwdPinDirAuthentication" },
+            { "auths.impl.UdnPwdDirAuth.class", "com.netscape.cms.authentication.UdnPwdDirAuthentication" },
+            { "auths.impl.NISAuth.class", "com.netscape.cms.authentication.NISAuth" },
+            { "auths.impl.CMCAuth.class", "com.netscape.cms.authentication.CMCAuth" },
+            { "auths.impl.AgentCertAuth.class", "com.netscape.cms.authentication.AgentCertAuthentication" },
+            { "auths.impl.PortalEnroll.class", "com.netscape.cms.authentication.PortalEnroll"
             },
-            {"auths.revocationChecking.bufferSize", "50"},
+            { "auths.revocationChecking.bufferSize", "50" },
         };
+
     public static void installAuthImpls(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         for (int i = 0; i < authEntries.length; i++) {
             c.putString(authEntries[i][0], authEntries[i][1]);
         }
     }
 
     public static final String[][] oidmapEntries = new String[][] {
-            {"oidmap.pse.class", "netscape.security.extensions.PresenceServerExtension"},
-            {"oidmap.pse.oid", "2.16.840.1.113730.1.18"},
-            {"oidmap.ocsp_no_check.class", "netscape.security.extensions.OCSPNoCheckExtension"},
-            {"oidmap.ocsp_no_check.oid", "1.3.6.1.5.5.7.48.1.5"},
-            {"oidmap.netscape_comment.class", "netscape.security.x509.NSCCommentExtension"},
-            {"oidmap.netscape_comment.oid", "2.16.840.1.113730.1.13"},
-            {"oidmap.extended_key_usage.class", "netscape.security.extensions.ExtendedKeyUsageExtension"},
-            {"oidmap.extended_key_usage.oid", "2.5.29.37"},
-            {"oidmap.subject_info_access.class", "netscape.security.extensions.SubjectInfoAccessExtension"},
-            {"oidmap.subject_info_access.oid", "1.3.6.1.5.5.7.1.11"},
-            {"oidmap.auth_info_access.class", "netscape.security.extensions.AuthInfoAccessExtension"},
-            {"oidmap.auth_info_access.oid", "1.3.6.1.5.5.7.1.1"},
-            {"oidmap.challenge_password.class", "com.netscape.cms.servlet.cert.scep.ChallengePassword"},
-            {"oidmap.challenge_password.oid", "1.2.840.113549.1.9.7"},
-            {"oidmap.extensions_requested_vsgn.class", "com.netscape.cms.servlet.cert.scep.ExtensionsRequested"},
-            {"oidmap.extensions_requested_vsgn.oid", "2.16.840.1.113733.1.9.8"},
-            {"oidmap.extensions_requested_pkcs9.class", "com.netscape.cms.servlet.cert.scep.ExtensionsRequested"},
-            {"oidmap.extensions_requested_pkcs9.oid", "1.2.840.113549.1.9.14"},
+            { "oidmap.pse.class", "netscape.security.extensions.PresenceServerExtension" },
+            { "oidmap.pse.oid", "2.16.840.1.113730.1.18" },
+            { "oidmap.ocsp_no_check.class", "netscape.security.extensions.OCSPNoCheckExtension" },
+            { "oidmap.ocsp_no_check.oid", "1.3.6.1.5.5.7.48.1.5" },
+            { "oidmap.netscape_comment.class", "netscape.security.x509.NSCCommentExtension" },
+            { "oidmap.netscape_comment.oid", "2.16.840.1.113730.1.13" },
+            { "oidmap.extended_key_usage.class", "netscape.security.extensions.ExtendedKeyUsageExtension" },
+            { "oidmap.extended_key_usage.oid", "2.5.29.37" },
+            { "oidmap.subject_info_access.class", "netscape.security.extensions.SubjectInfoAccessExtension" },
+            { "oidmap.subject_info_access.oid", "1.3.6.1.5.5.7.1.11" },
+            { "oidmap.auth_info_access.class", "netscape.security.extensions.AuthInfoAccessExtension" },
+            { "oidmap.auth_info_access.oid", "1.3.6.1.5.5.7.1.1" },
+            { "oidmap.challenge_password.class", "com.netscape.cms.servlet.cert.scep.ChallengePassword" },
+            { "oidmap.challenge_password.oid", "1.2.840.113549.1.9.7" },
+            { "oidmap.extensions_requested_vsgn.class", "com.netscape.cms.servlet.cert.scep.ExtensionsRequested" },
+            { "oidmap.extensions_requested_vsgn.oid", "2.16.840.1.113733.1.9.8" },
+            { "oidmap.extensions_requested_pkcs9.class", "com.netscape.cms.servlet.cert.scep.ExtensionsRequested" },
+            { "oidmap.extensions_requested_pkcs9.oid", "1.2.840.113549.1.9.14" },
         };
 
     public static void installOIDMap(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         for (int i = 0; i < oidmapEntries.length; i++) {
             c.putString(oidmapEntries[i][0], oidmapEntries[i][1]);
         }
@@ -89,150 +88,150 @@ public class Setup {
      * This function is used for installation and upgrade.
      */
     public static void installPolicyImpls(String prefix, IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         boolean isCA = false;
 
         if (prefix.equals("ca"))
             isCA = true;
 
-            //
-            // Policy implementations (class names)
-            //
+        //
+        // Policy implementations (class names)
+        //
         c.putString(prefix + ".Policy.impl._000", "##");
         c.putString(prefix + ".Policy.impl._001",
-            "## Policy Implementations");
+                "## Policy Implementations");
         c.putString(prefix + ".Policy.impl._002", "##");
         c.putString(
-            prefix + ".Policy.impl.KeyAlgorithmConstraints.class",
-            "com.netscape.cmscore.policy.KeyAlgorithmConstraints");
+                prefix + ".Policy.impl.KeyAlgorithmConstraints.class",
+                "com.netscape.cmscore.policy.KeyAlgorithmConstraints");
         c.putString(
-            prefix + ".Policy.impl.DSAKeyConstraints.class",
-            "com.netscape.cmscore.policy.DSAKeyConstraints");
+                prefix + ".Policy.impl.DSAKeyConstraints.class",
+                "com.netscape.cmscore.policy.DSAKeyConstraints");
         c.putString(
-            prefix + ".Policy.impl.RSAKeyConstraints.class",
-            "com.netscape.cmscore.policy.RSAKeyConstraints");
+                prefix + ".Policy.impl.RSAKeyConstraints.class",
+                "com.netscape.cmscore.policy.RSAKeyConstraints");
         c.putString(
-            prefix + ".Policy.impl.SigningAlgorithmConstraints.class",
-            "com.netscape.cmscore.policy.SigningAlgorithmConstraints");
+                prefix + ".Policy.impl.SigningAlgorithmConstraints.class",
+                "com.netscape.cmscore.policy.SigningAlgorithmConstraints");
         c.putString(
-            prefix + ".Policy.impl.ValidityConstraints.class",
-            "com.netscape.cmscore.policy.ValidityConstraints");
+                prefix + ".Policy.impl.ValidityConstraints.class",
+                "com.netscape.cmscore.policy.ValidityConstraints");
 
         /**
-         c.putString(
-         prefix + ".Policy.impl.NameConstraints.class",
-         "com.netscape.cmscore.policy.NameConstraints");
+         * c.putString(
+         * prefix + ".Policy.impl.NameConstraints.class",
+         * "com.netscape.cmscore.policy.NameConstraints");
          **/
         c.putString(
-            prefix + ".Policy.impl.RenewalConstraints.class",
-            "com.netscape.cmscore.policy.RenewalConstraints");
+                prefix + ".Policy.impl.RenewalConstraints.class",
+                "com.netscape.cmscore.policy.RenewalConstraints");
         c.putString(
-            prefix + ".Policy.impl.RenewalValidityConstraints.class",
-            "com.netscape.cmscore.policy.RenewalValidityConstraints");
+                prefix + ".Policy.impl.RenewalValidityConstraints.class",
+                "com.netscape.cmscore.policy.RenewalValidityConstraints");
         c.putString(
-            prefix + ".Policy.impl.RevocationConstraints.class",
-            "com.netscape.cmscore.policy.RevocationConstraints");
+                prefix + ".Policy.impl.RevocationConstraints.class",
+                "com.netscape.cmscore.policy.RevocationConstraints");
         //getTempCMSConfig().putString(
         //        prefix + ".Policy.impl.DefaultRevocation.class",
         //        "com.netscape.cmscore.policy.DefaultRevocation");
         c.putString(
-            prefix + ".Policy.impl.NSCertTypeExt.class",
-            "com.netscape.cmscore.policy.NSCertTypeExt");
+                prefix + ".Policy.impl.NSCertTypeExt.class",
+                "com.netscape.cmscore.policy.NSCertTypeExt");
         c.putString(
-            prefix + ".Policy.impl.KeyUsageExt.class",
-            "com.netscape.cmscore.policy.KeyUsageExt");
+                prefix + ".Policy.impl.KeyUsageExt.class",
+                "com.netscape.cmscore.policy.KeyUsageExt");
         c.putString(
-            prefix + ".Policy.impl.SubjectKeyIdentifierExt.class",
-            "com.netscape.cmscore.policy.SubjectKeyIdentifierExt");
+                prefix + ".Policy.impl.SubjectKeyIdentifierExt.class",
+                "com.netscape.cmscore.policy.SubjectKeyIdentifierExt");
         c.putString(
-            prefix + ".Policy.impl.CertificatePoliciesExt.class",
-            "com.netscape.cmscore.policy.CertificatePoliciesExt");
+                prefix + ".Policy.impl.CertificatePoliciesExt.class",
+                "com.netscape.cmscore.policy.CertificatePoliciesExt");
         c.putString(
-            prefix + ".Policy.impl.NSCCommentExt.class",
-            "com.netscape.cmscore.policy.NSCCommentExt");
+                prefix + ".Policy.impl.NSCCommentExt.class",
+                "com.netscape.cmscore.policy.NSCCommentExt");
         c.putString(
-            prefix + ".Policy.impl.IssuerAltNameExt.class",
-            "com.netscape.cmscore.policy.IssuerAltNameExt");
+                prefix + ".Policy.impl.IssuerAltNameExt.class",
+                "com.netscape.cmscore.policy.IssuerAltNameExt");
         c.putString(
-            prefix + ".Policy.impl.PrivateKeyUsagePeriodExt.class",
-            "com.netscape.cmscore.policy.PrivateKeyUsagePeriodExt");
+                prefix + ".Policy.impl.PrivateKeyUsagePeriodExt.class",
+                "com.netscape.cmscore.policy.PrivateKeyUsagePeriodExt");
         c.putString(
-            prefix + ".Policy.impl.AttributePresentConstraints.class",
-            "com.netscape.cmscore.policy.AttributePresentConstraints");
+                prefix + ".Policy.impl.AttributePresentConstraints.class",
+                "com.netscape.cmscore.policy.AttributePresentConstraints");
         c.putString(
-            prefix + ".Policy.impl.SubjectAltNameExt.class",
-            "com.netscape.cmscore.policy.SubjectAltNameExt");
+                prefix + ".Policy.impl.SubjectAltNameExt.class",
+                "com.netscape.cmscore.policy.SubjectAltNameExt");
         c.putString(
-            prefix + ".Policy.impl.SubjectDirectoryAttributesExt.class",
-            "com.netscape.cmscore.policy.SubjectDirectoryAttributesExt");
+                prefix + ".Policy.impl.SubjectDirectoryAttributesExt.class",
+                "com.netscape.cmscore.policy.SubjectDirectoryAttributesExt");
         c.putString(
-            prefix + ".Policy.impl.CertificateRenewalWindowExt.class",
-            "com.netscape.cmscore.policy.CertificateRenewalWindowExt");
+                prefix + ".Policy.impl.CertificateRenewalWindowExt.class",
+                "com.netscape.cmscore.policy.CertificateRenewalWindowExt");
         c.putString(
-            prefix + ".Policy.impl.CertificateScopeOfUseExt.class",
-            "com.netscape.cmscore.policy.CertificateScopeOfUseExt");
+                prefix + ".Policy.impl.CertificateScopeOfUseExt.class",
+                "com.netscape.cmscore.policy.CertificateScopeOfUseExt");
         if (isCA) {
             c.putString(
-                prefix + ".Policy.impl.AuthorityKeyIdentifierExt.class",
-                "com.netscape.cmscore.policy.AuthorityKeyIdentifierExt");
+                    prefix + ".Policy.impl.AuthorityKeyIdentifierExt.class",
+                    "com.netscape.cmscore.policy.AuthorityKeyIdentifierExt");
             c.putString(
-                prefix + ".Policy.impl.BasicConstraintsExt.class",
-                "com.netscape.cmscore.policy.BasicConstraintsExt");
+                    prefix + ".Policy.impl.BasicConstraintsExt.class",
+                    "com.netscape.cmscore.policy.BasicConstraintsExt");
             c.putString(
-                prefix + ".Policy.impl.SubCANameConstraints.class",
-                "com.netscape.cmscore.policy.SubCANameConstraints");
+                    prefix + ".Policy.impl.SubCANameConstraints.class",
+                    "com.netscape.cmscore.policy.SubCANameConstraints");
         }
         c.putString(
-            prefix + ".Policy.impl.CRLDistributionPointsExt.class",
-            "com.netscape.cmscore.policy.CRLDistributionPointsExt");
+                prefix + ".Policy.impl.CRLDistributionPointsExt.class",
+                "com.netscape.cmscore.policy.CRLDistributionPointsExt");
         c.putString(
-            prefix + ".Policy.impl.AuthInfoAccessExt.class",
-            "com.netscape.cmscore.policy.AuthInfoAccessExt");
+                prefix + ".Policy.impl.AuthInfoAccessExt.class",
+                "com.netscape.cmscore.policy.AuthInfoAccessExt");
         c.putString(
-            prefix + ".Policy.impl.OCSPNoCheckExt.class",
-            "com.netscape.cmscore.policy.OCSPNoCheckExt");
+                prefix + ".Policy.impl.OCSPNoCheckExt.class",
+                "com.netscape.cmscore.policy.OCSPNoCheckExt");
         c.putString(
-            prefix + ".Policy.impl.ExtendedKeyUsageExt.class",
-            "com.netscape.cmscore.policy.ExtendedKeyUsageExt");
+                prefix + ".Policy.impl.ExtendedKeyUsageExt.class",
+                "com.netscape.cmscore.policy.ExtendedKeyUsageExt");
         if (isCA) {
             c.putString(
-                prefix + ".Policy.impl.UniqueSubjectNameConstraints.class",
-                "com.netscape.cmscore.policy.UniqueSubjectNameConstraints");
+                    prefix + ".Policy.impl.UniqueSubjectNameConstraints.class",
+                    "com.netscape.cmscore.policy.UniqueSubjectNameConstraints");
         }
         c.putString(
-            prefix + ".Policy.impl.GenericASN1Ext.class",
-            "com.netscape.cmscore.policy.GenericASN1Ext");
+                prefix + ".Policy.impl.GenericASN1Ext.class",
+                "com.netscape.cmscore.policy.GenericASN1Ext");
         c.putString(
-            prefix + ".Policy.impl.RemoveBasicConstraintsExt.class",
-            "com.netscape.cmscore.policy.RemoveBasicConstraintsExt");
+                prefix + ".Policy.impl.RemoveBasicConstraintsExt.class",
+                "com.netscape.cmscore.policy.RemoveBasicConstraintsExt");
     }
 
     /**
      * This function is used for installation and upgrade.
      */
     public static void installCACRLExtensions(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         // ca crl extensions
 
         // AuthorityKeyIdentifier
         c.putString("ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.enable",
-            "false");
+                "false");
         c.putString("ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.critical",
-            "false");
+                "false");
         c.putString("ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.type",
-            "CRLExtension");
+                "CRLExtension");
         c.putString("ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.class",
-            "com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension");
+                "com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension");
 
         // IssuerAlternativeName
         c.putString("ca.crl.MasterCRL.extension.IssuerAlternativeName.enable",
-            "false");
+                "false");
         c.putString("ca.crl.MasterCRL.extension.IssuerAlternativeName.critical",
-            "false");
+                "false");
         c.putString("ca.crl.MasterCRL.extension.IssuerAlternativeName.type",
-            "CRLExtension");
+                "CRLExtension");
         c.putString("ca.crl.MasterCRL.extension.IssuerAlternativeName.class",
-            "com.netscape.cms.crl.CMSIssuerAlternativeNameExtension");
+                "com.netscape.cms.crl.CMSIssuerAlternativeNameExtension");
         c.putString("ca.crl.MasterCRL.extension.IssuerAlternativeName.numNames", "0");
         c.putString("ca.crl.MasterCRL.extension.IssuerAlternativeName.nameType0", "");
         c.putString("ca.crl.MasterCRL.extension.IssuerAlternativeName.name0", "");
@@ -242,48 +241,48 @@ public class Setup {
         c.putString("ca.crl.MasterCRL.extension.CRLNumber.critical", "false");
         c.putString("ca.crl.MasterCRL.extension.CRLNumber.type", "CRLExtension");
         c.putString("ca.crl.MasterCRL.extension.CRLNumber.class",
-            "com.netscape.cms.crl.CMSCRLNumberExtension");
+                "com.netscape.cms.crl.CMSCRLNumberExtension");
 
         // DeltaCRLIndicator
         c.putString("ca.crl.MasterCRL.extension.DeltaCRLIndicator.enable", "false");
         c.putString("ca.crl.MasterCRL.extension.DeltaCRLIndicator.critical", "true");
         c.putString("ca.crl.MasterCRL.extension.DeltaCRLIndicator.type", "CRLExtension");
         c.putString("ca.crl.MasterCRL.extension.DeltaCRLIndicator.class",
-            "com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension");
+                "com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension");
 
         // IssuingDistributionPoint
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.enable",
-            "false");
+                "false");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.critical",
-            "true");
+                "true");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.type",
-            "CRLExtension");
+                "CRLExtension");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.class",
-            "com.netscape.cms.crl.CMSIssuingDistributionPointExtension");
+                "com.netscape.cms.crl.CMSIssuingDistributionPointExtension");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointType", "");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointName", "");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlyContainsUserCerts",
-            "false");
+                "false");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlyContainsCACerts",
-            "false");
+                "false");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlySomeReasons", "");
         //"keyCompromise,cACompromise,affiliationChanged,superseded,cessationOfOperation,certificateHold");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.indirectCRL",
-            "false");
+                "false");
 
         // CRLReason
         c.putString("ca.crl.MasterCRL.extension.CRLReason.enable", "true");
         c.putString("ca.crl.MasterCRL.extension.CRLReason.critical", "false");
         c.putString("ca.crl.MasterCRL.extension.CRLReason.type", "CRLEntryExtension");
         c.putString("ca.crl.MasterCRL.extension.CRLReason.class",
-            "com.netscape.cms.crl.CMSCRLReasonExtension");
+                "com.netscape.cms.crl.CMSCRLReasonExtension");
 
         // HoldInstruction
         c.putString("ca.crl.MasterCRL.extension.HoldInstruction.enable", "false");
         c.putString("ca.crl.MasterCRL.extension.HoldInstruction.critical", "false");
         c.putString("ca.crl.MasterCRL.extension.HoldInstruction.type", "CRLEntryExtension");
         c.putString("ca.crl.MasterCRL.extension.HoldInstruction.class",
-            "com.netscape.cms.crl.CMSHoldInstructionExtension");
+                "com.netscape.cms.crl.CMSHoldInstructionExtension");
         c.putString("ca.crl.MasterCRL.extension.HoldInstruction.instruction", "none");
 
         // InvalidityDate
@@ -291,7 +290,7 @@ public class Setup {
         c.putString("ca.crl.MasterCRL.extension.InvalidityDate.critical", "false");
         c.putString("ca.crl.MasterCRL.extension.InvalidityDate.type", "CRLEntryExtension");
         c.putString("ca.crl.MasterCRL.extension.InvalidityDate.class",
-            "com.netscape.cms.crl.CMSInvalidityDateExtension");
+                "com.netscape.cms.crl.CMSInvalidityDateExtension");
 
         // CertificateIssuer
         /*
@@ -310,34 +309,34 @@ public class Setup {
         c.putString("ca.crl.MasterCRL.extension.FreshestCRL.critical", "false");
         c.putString("ca.crl.MasterCRL.extension.FreshestCRL.type", "CRLExtension");
         c.putString("ca.crl.MasterCRL.extension.FreshestCRL.class",
-            "com.netscape.cms.crl.CMSFreshestCRLExtension");
+                "com.netscape.cms.crl.CMSFreshestCRLExtension");
         c.putString("ca.crl.MasterCRL.extension.FreshestCRL.numPoints", "0");
         c.putString("ca.crl.MasterCRL.extension.FreshestCRL.pointType0", "");
         c.putString("ca.crl.MasterCRL.extension.FreshestCRL.pointName0", "");
     }
 
     public static void installCAPublishingImpls(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         for (int i = 0; i < caLdappublishImplsEntries.length; i++) {
             c.putString(
-                caLdappublishImplsEntries[i][0], caLdappublishImplsEntries[i][1]);
+                    caLdappublishImplsEntries[i][0], caLdappublishImplsEntries[i][1]);
         }
     }
 
     private static final String[][] caLdappublishImplsEntries = new String[][] {
-            {"ca.publish.mapper.impl.LdapCaSimpleMap.class", "com.netscape.cms.publish.LdapCaSimpleMap"},
-            {"ca.publish.mapper.impl.LdapSimpleMap.class", "com.netscape.cms.publish.LdapSimpleMap"},
-            {"ca.publish.mapper.impl.LdapEnhancedMap.class", "com.netscape.cms.publish.LdapEnhancedMap"},
-            {"ca.publish.mapper.impl.LdapDNCompsMap.class", "com.netscape.cms.publish.LdapCertCompsMap"},
-            {"ca.publish.mapper.impl.LdapSubjAttrMap.class", "com.netscape.cms.publish.LdapCertSubjMap"},
-            {"ca.publish.mapper.impl.LdapDNExactMap.class", "com.netscape.cms.publish.LdapCertExactMap"},
+            { "ca.publish.mapper.impl.LdapCaSimpleMap.class", "com.netscape.cms.publish.LdapCaSimpleMap" },
+            { "ca.publish.mapper.impl.LdapSimpleMap.class", "com.netscape.cms.publish.LdapSimpleMap" },
+            { "ca.publish.mapper.impl.LdapEnhancedMap.class", "com.netscape.cms.publish.LdapEnhancedMap" },
+            { "ca.publish.mapper.impl.LdapDNCompsMap.class", "com.netscape.cms.publish.LdapCertCompsMap" },
+            { "ca.publish.mapper.impl.LdapSubjAttrMap.class", "com.netscape.cms.publish.LdapCertSubjMap" },
+            { "ca.publish.mapper.impl.LdapDNExactMap.class", "com.netscape.cms.publish.LdapCertExactMap" },
             //{"ca.publish.mapper.impl.LdapCrlIssuerCompsMap.class","com.netscape.cms.publish.LdapCrlIssuerCompsMap"},
-            {"ca.publish.publisher.impl.LdapUserCertPublisher.class", "com.netscape.cms.publish.LdapUserCertPublisher"},
-            {"ca.publish.publisher.impl.LdapCaCertPublisher.class", "com.netscape.cms.publish.LdapCaCertPublisher"},
-            {"ca.publish.publisher.impl.LdapCrlPublisher.class", "com.netscape.cms.publish.LdapCrlPublisher"},
-            {"ca.publish.publisher.impl.FileBasedPublisher.class", "com.netscape.cms.publish.FileBasedPublisher"},
-            {"ca.publish.publisher.impl.OCSPPublisher.class", "com.netscape.cms.publish.OCSPPublisher"},
-            {"ca.publish.rule.impl.Rule.class", "com.netscape.cmscore.ldap.LdapRule"},
+            { "ca.publish.publisher.impl.LdapUserCertPublisher.class", "com.netscape.cms.publish.LdapUserCertPublisher" },
+            { "ca.publish.publisher.impl.LdapCaCertPublisher.class", "com.netscape.cms.publish.LdapCaCertPublisher" },
+            { "ca.publish.publisher.impl.LdapCrlPublisher.class", "com.netscape.cms.publish.LdapCrlPublisher" },
+            { "ca.publish.publisher.impl.FileBasedPublisher.class", "com.netscape.cms.publish.FileBasedPublisher" },
+            { "ca.publish.publisher.impl.OCSPPublisher.class", "com.netscape.cms.publish.OCSPPublisher" },
+            { "ca.publish.rule.impl.Rule.class", "com.netscape.cmscore.ldap.LdapRule" },
         };
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/apps/Upgrade.java b/pki/base/common/src/com/netscape/cmscore/apps/Upgrade.java
index b77c8a7d..3ab522b7 100644
--- a/pki/base/common/src/com/netscape/cmscore/apps/Upgrade.java
+++ b/pki/base/common/src/com/netscape/cmscore/apps/Upgrade.java
@@ -17,150 +17,148 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.apps;
 
-
 import java.io.File;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.cmscore.util.OsSubsystem;
 
-
 public final class Upgrade {
     public static void perform422to45(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         jss3(c);
-        c.putInteger("agentGateway.https.timeout", 120); 
+        c.putInteger("agentGateway.https.timeout", 120);
         IConfigStore cs = c.getSubStore("ca");
 
         if (cs != null && cs.size() > 0) {
             c.putString("ca.publish.mapper.impl.LdapEnhancedMap.class",
-                "com.netscape.certsrv.ldap.LdapEnhancedMap");
+                    "com.netscape.certsrv.ldap.LdapEnhancedMap");
         }
         c.putString("cms.version", "4.5");
         c.commit(false);
     }
 
     public static void perform42to422(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         // upgrade CMS's configuration parameters
-        c.putString("eeGateway.dynamicVariables", 
-            "serverdate=serverdate(),subsystemname=subsystemname(),http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl()");
+        c.putString("eeGateway.dynamicVariables",
+                "serverdate=serverdate(),subsystemname=subsystemname(),http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl()");
 
         // new OCSP Publisher implemention
         c.putString("ra.publish.publisher.impl.OCSPPublisher.class",
-            "com.netscape.certsrv.ldap.OCSPPublisher");
+                "com.netscape.certsrv.ldap.OCSPPublisher");
         c.putString("ca.publish.publisher.impl.OCSPPublisher.class",
-            "com.netscape.certsrv.ldap.OCSPPublisher");
+                "com.netscape.certsrv.ldap.OCSPPublisher");
 
         // new logging framework
         c.putString("log.impl.file.class",
-            "com.netscape.certsrv.logging.RollingLogFile");
+                "com.netscape.certsrv.logging.RollingLogFile");
 
-        c.putString("log.instance.Audit.bufferSize", 
-            c.getString("logAudit.bufferSize"));
-        c.putString("log.instance.Audit.enable", 
-            c.getString("logAudit.on"));
+        c.putString("log.instance.Audit.bufferSize",
+                c.getString("logAudit.bufferSize"));
+        c.putString("log.instance.Audit.enable",
+                c.getString("logAudit.on"));
         // This feature doesnot work in the previous release
         // But it works now. I don't want people to have their
         // logs auto deleted without notice.It's dangerous.
-        c.putString("log.instance.Audit.expirationTime", 
-            "0"); //Specifically turn it off.
+        c.putString("log.instance.Audit.expirationTime",
+                "0"); //Specifically turn it off.
         //			c.getString("logAudit.expirationTime"));
-        c.putString("log.instance.Audit.fileName", 
-            c.getString("logAudit.fileName"));
-        c.putString("log.instance.Audit.flushInterval", 
-            c.getString("logAudit.flushInterval"));
-        c.putString("log.instance.Audit.level", 
-            c.getString("logAudit.level"));
-        c.putString("log.instance.Audit.maxFileSize", 
-            c.getString("logAudit.maxFileSize"));
-        c.putString("log.instance.Audit.pluginName", 
-            "file");
-        c.putString("log.instance.Audit.rolloverInterval", 
-            c.getString("logAudit.rolloverInterval"));
-        c.putString("log.instance.Audit.type", 
-            "audit");
-
-        c.putString("log.instance.Error.bufferSize", 
-            c.getString("logError.bufferSize"));
-        c.putString("log.instance.Error.enable", 
-            c.getString("logError.on"));
-        c.putString("log.instance.Error.expirationTime", 
-            "0"); //Specifically turn it off.
+        c.putString("log.instance.Audit.fileName",
+                c.getString("logAudit.fileName"));
+        c.putString("log.instance.Audit.flushInterval",
+                c.getString("logAudit.flushInterval"));
+        c.putString("log.instance.Audit.level",
+                c.getString("logAudit.level"));
+        c.putString("log.instance.Audit.maxFileSize",
+                c.getString("logAudit.maxFileSize"));
+        c.putString("log.instance.Audit.pluginName",
+                "file");
+        c.putString("log.instance.Audit.rolloverInterval",
+                c.getString("logAudit.rolloverInterval"));
+        c.putString("log.instance.Audit.type",
+                "audit");
+
+        c.putString("log.instance.Error.bufferSize",
+                c.getString("logError.bufferSize"));
+        c.putString("log.instance.Error.enable",
+                c.getString("logError.on"));
+        c.putString("log.instance.Error.expirationTime",
+                "0"); //Specifically turn it off.
         //			c.getString("logError.expirationTime"));
-        c.putString("log.instance.Error.fileName", 
-            c.getString("logError.fileName"));
-        c.putString("log.instance.Error.flushInterval", 
-            c.getString("logError.flushInterval"));
-        c.putString("log.instance.Error.level", 
-            c.getString("logError.level"));
-        c.putString("log.instance.Error.maxFileSize", 
-            c.getString("logError.maxFileSize"));
-        c.putString("log.instance.Error.pluginName", 
-            "file");
-        c.putString("log.instance.Error.rolloverInterval", 
-            c.getString("logError.rolloverInterval"));
-        c.putString("log.instance.Error.type", 
-            "system");
-
-        c.putString("log.instance.System.bufferSize", 
-            c.getString("logSystem.bufferSize"));
-        c.putString("log.instance.System.enable", 
-            c.getString("logSystem.on"));
-        c.putString("log.instance.System.expirationTime", 
-            "0"); //Specifically turn it off.
+        c.putString("log.instance.Error.fileName",
+                c.getString("logError.fileName"));
+        c.putString("log.instance.Error.flushInterval",
+                c.getString("logError.flushInterval"));
+        c.putString("log.instance.Error.level",
+                c.getString("logError.level"));
+        c.putString("log.instance.Error.maxFileSize",
+                c.getString("logError.maxFileSize"));
+        c.putString("log.instance.Error.pluginName",
+                "file");
+        c.putString("log.instance.Error.rolloverInterval",
+                c.getString("logError.rolloverInterval"));
+        c.putString("log.instance.Error.type",
+                "system");
+
+        c.putString("log.instance.System.bufferSize",
+                c.getString("logSystem.bufferSize"));
+        c.putString("log.instance.System.enable",
+                c.getString("logSystem.on"));
+        c.putString("log.instance.System.expirationTime",
+                "0"); //Specifically turn it off.
         //			c.getString("logSystem.expirationTime"));
-        c.putString("log.instance.System.fileName", 
-            c.getString("logSystem.fileName"));
-        c.putString("log.instance.System.flushInterval", 
-            c.getString("logSystem.flushInterval"));
-        c.putString("log.instance.System.level", 
-            c.getString("logSystem.level"));
-        c.putString("log.instance.System.maxFileSize", 
-            c.getString("logSystem.maxFileSize"));
-        c.putString("log.instance.System.pluginName", 
-            "file");
-        c.putString("log.instance.System.rolloverInterval", 
-            c.getString("logSystem.rolloverInterval"));
-        c.putString("log.instance.System.type", 
-            "system");
+        c.putString("log.instance.System.fileName",
+                c.getString("logSystem.fileName"));
+        c.putString("log.instance.System.flushInterval",
+                c.getString("logSystem.flushInterval"));
+        c.putString("log.instance.System.level",
+                c.getString("logSystem.level"));
+        c.putString("log.instance.System.maxFileSize",
+                c.getString("logSystem.maxFileSize"));
+        c.putString("log.instance.System.pluginName",
+                "file");
+        c.putString("log.instance.System.rolloverInterval",
+                c.getString("logSystem.rolloverInterval"));
+        c.putString("log.instance.System.type",
+                "system");
 
         if (!OsSubsystem.isUnix()) {
             c.putString("log.impl.NTEventLog.class",
-                "com.netscape.certsrv.logging.NTEventLog");
-
-            c.putString("log.instance.NTAudit.NTEventSourceName", 
-                c.getString("logNTAudit.NTEventSourceName"));
-            c.putString("log.instance.NTAudit.enable", 
-                c.getString("logNTAudit.on"));
-            c.putString("log.instance.NTAudit.level", 
-                c.getString("logNTAudit.level"));
-            c.putString("log.instance.NTAudit.pluginName", 
-                "NTEventLog");
-            c.putString("log.instance.NTAudit.type", 
-                "system");
-
-            c.putString("log.instance.NTSystem.NTEventSourceName", 
-                c.getString("logNTSystem.NTEventSourceName"));
-            c.putString("log.instance.NTSystem.enable", 
-                c.getString("logNTSystem.on"));
-            c.putString("log.instance.NTSystem.level", 
-                c.getString("logNTSystem.level"));
-            c.putString("log.instance.NTSystem.pluginName", 
-                "NTEventLog");
-            c.putString("log.instance.NTSystem.type", 
-                "system");
+                    "com.netscape.certsrv.logging.NTEventLog");
+
+            c.putString("log.instance.NTAudit.NTEventSourceName",
+                    c.getString("logNTAudit.NTEventSourceName"));
+            c.putString("log.instance.NTAudit.enable",
+                    c.getString("logNTAudit.on"));
+            c.putString("log.instance.NTAudit.level",
+                    c.getString("logNTAudit.level"));
+            c.putString("log.instance.NTAudit.pluginName",
+                    "NTEventLog");
+            c.putString("log.instance.NTAudit.type",
+                    "system");
+
+            c.putString("log.instance.NTSystem.NTEventSourceName",
+                    c.getString("logNTSystem.NTEventSourceName"));
+            c.putString("log.instance.NTSystem.enable",
+                    c.getString("logNTSystem.on"));
+            c.putString("log.instance.NTSystem.level",
+                    c.getString("logNTSystem.level"));
+            c.putString("log.instance.NTSystem.pluginName",
+                    "NTEventLog");
+            c.putString("log.instance.NTSystem.type",
+                    "system");
         }
         c.putString("cms.version", "4.22");
         c.commit(false);
     }
 
     /**
-     * This method handles pre4.2 -> 4.2 configuration 
+     * This method handles pre4.2 -> 4.2 configuration
      * upgrade.
      */
     public static void perform(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         boolean isCA = false;
         boolean isRA = false;
         boolean isKRA = false;
@@ -195,8 +193,8 @@ public final class Upgrade {
             Setup.installPolicyImpls("ra", c);
         }
 
-        c.putString("eeGateway.dynamicVariables", 
-            "serverdate=serverdate(),subsystemname=subsystemname(),http=http(),authmgrs=authmgrs()");
+        c.putString("eeGateway.dynamicVariables",
+                "serverdate=serverdate(),subsystemname=subsystemname(),http=http(),authmgrs=authmgrs()");
 
         c.putString("cms.version", "4.2");
         // Assumed user backups (including CMS.cfg) the system before
@@ -205,56 +203,56 @@ public final class Upgrade {
     }
 
     /**
-     * Upgrade publishing. This function upgrades both enabled 
+     * Upgrade publishing. This function upgrades both enabled
      * or disabled publishing configuration.
      */
     public static void caPublishing(IConfigStore c)
-        throws EBaseException {
-        c.putString("ca.publish.enable", 
-            c.getString("ca.enableLdapPublish", "false"));
-        c.putString("ca.publish.ldappublish.enable", 
-            c.getString("ca.enableLdapPublish", "false"));
-        c.putString("ca.publish.ldappublish.ldap.ldapauth.authtype", 
-            c.getString("ca.ldappublish.ldap.ldapauth.authtype", "BasicAuth"));
-        c.putString("ca.publish.ldappublish.ldap.ldapauth.bindDN", 
-            c.getString("ca.ldappublish.ldap.ldapauth.bindDN", ""));
-        c.putString("ca.publish.ldappublish.ldap.ldapauth.bindPWPrompt", 
-            c.getString("ca.ldappublish.ldap.ldapauth.bindPWPrompt", "LDAP Publishing"));
-        c.putString("ca.publish.ldappublish.ldap.ldapconn.host", 
-            c.getString("ca.ldappublish.ldap.ldapconn.host", ""));
-        c.putString("ca.publish.ldappublish.ldap.ldapconn.port", 
-            c.getString("ca.ldappublish.ldap.ldapconn.port", ""));
-        c.putString("ca.publish.ldappublish.ldap.ldapconn.secureConn", 
-            c.getString("ca.ldappublish.ldap.ldapconn.secureConn", "false"));
-        c.putString("ca.publish.ldappublish.ldap.ldapconn.version", 
-            c.getString("ca.ldappublish.ldap.ldapconn.version", "2"));
+            throws EBaseException {
+        c.putString("ca.publish.enable",
+                c.getString("ca.enableLdapPublish", "false"));
+        c.putString("ca.publish.ldappublish.enable",
+                c.getString("ca.enableLdapPublish", "false"));
+        c.putString("ca.publish.ldappublish.ldap.ldapauth.authtype",
+                c.getString("ca.ldappublish.ldap.ldapauth.authtype", "BasicAuth"));
+        c.putString("ca.publish.ldappublish.ldap.ldapauth.bindDN",
+                c.getString("ca.ldappublish.ldap.ldapauth.bindDN", ""));
+        c.putString("ca.publish.ldappublish.ldap.ldapauth.bindPWPrompt",
+                c.getString("ca.ldappublish.ldap.ldapauth.bindPWPrompt", "LDAP Publishing"));
+        c.putString("ca.publish.ldappublish.ldap.ldapconn.host",
+                c.getString("ca.ldappublish.ldap.ldapconn.host", ""));
+        c.putString("ca.publish.ldappublish.ldap.ldapconn.port",
+                c.getString("ca.ldappublish.ldap.ldapconn.port", ""));
+        c.putString("ca.publish.ldappublish.ldap.ldapconn.secureConn",
+                c.getString("ca.ldappublish.ldap.ldapconn.secureConn", "false"));
+        c.putString("ca.publish.ldappublish.ldap.ldapconn.version",
+                c.getString("ca.ldappublish.ldap.ldapconn.version", "2"));
 
         // mappers
-        c.putString("ca.publish.mapper.instance.LdapCaCertMap.pluginName", 
-            "LdapDNCompsMap");
-        c.putString("ca.publish.mapper.instance.LdapCaCertMap.dnComps", 
-            c.getString("ca.ldappublish.type.ca.mapper.dnComps"));
-        c.putString("ca.publish.mapper.instance.LdapCaCertMap.filterComps", 
-            c.getString("ca.ldappublish.type.ca.mapper.filterComps"));
-        c.putString("ca.publish.mapper.instance.LdapCaCertMap.baseDN", 
-            c.getString("ca.ldappublish.type.ca.mapper.baseDN"));
-
-        c.putString("ca.publish.mapper.instance.LdapCrlMap.pluginName", 
-            "LdapDNCompsMap");
-        c.putString("ca.publish.mapper.instance.LdapCrlMap.dnComps", 
-            c.getString("ca.ldappublish.type.crl.mapper.dnComps"));
-        c.putString("ca.publish.mapper.instance.LdapCrlMap.filterComps", 
-            c.getString("ca.ldappublish.type.crl.mapper.filterComps"));
-        c.putString("ca.publish.mapper.instance.LdapCrlMap.baseDN", 
-            c.getString("ca.ldappublish.type.crl.mapper.baseDN"));
-        c.putString("ca.publish.mapper.instance.LdapUserCertMap.pluginName", 
-            "LdapDNCompsMap"); 
+        c.putString("ca.publish.mapper.instance.LdapCaCertMap.pluginName",
+                "LdapDNCompsMap");
+        c.putString("ca.publish.mapper.instance.LdapCaCertMap.dnComps",
+                c.getString("ca.ldappublish.type.ca.mapper.dnComps"));
+        c.putString("ca.publish.mapper.instance.LdapCaCertMap.filterComps",
+                c.getString("ca.ldappublish.type.ca.mapper.filterComps"));
+        c.putString("ca.publish.mapper.instance.LdapCaCertMap.baseDN",
+                c.getString("ca.ldappublish.type.ca.mapper.baseDN"));
+
+        c.putString("ca.publish.mapper.instance.LdapCrlMap.pluginName",
+                "LdapDNCompsMap");
+        c.putString("ca.publish.mapper.instance.LdapCrlMap.dnComps",
+                c.getString("ca.ldappublish.type.crl.mapper.dnComps"));
+        c.putString("ca.publish.mapper.instance.LdapCrlMap.filterComps",
+                c.getString("ca.ldappublish.type.crl.mapper.filterComps"));
+        c.putString("ca.publish.mapper.instance.LdapCrlMap.baseDN",
+                c.getString("ca.ldappublish.type.crl.mapper.baseDN"));
+        c.putString("ca.publish.mapper.instance.LdapUserCertMap.pluginName",
+                "LdapDNCompsMap");
         c.putString("ca.publish.mapper.instance.LdapUserCertMap.dnComps",
-            c.getString("ca.ldappublish.type.client.mapper.dnComps"));
+                c.getString("ca.ldappublish.type.client.mapper.dnComps"));
         c.putString("ca.publish.mapper.instance.LdapUserCertMap.filterComps",
-            c.getString("ca.ldappublish.type.client.mapper.filterComps"));
+                c.getString("ca.ldappublish.type.client.mapper.filterComps"));
         c.putString("ca.publish.mapper.instance.LdapUserCertMap.baseDN",
-            c.getString("ca.ldappublish.type.client.mapper.baseDN"));
+                c.getString("ca.ldappublish.type.client.mapper.baseDN"));
 
         // publishers
         c.putString("ca.publish.publisher.instance.LdapCaCertPublisher.caCertAttr", "caCertificate;binary");
@@ -266,51 +264,52 @@ public final class Upgrade {
         c.putString("ca.publish.publisher.instance.LdapUserCertPublisher.pluginName", "LdapUserCertPublisher");
 
         // rules
-        c.putString("ca.publish.rule.instance.LdapCaCertRule.pluginName ", 
-            "Rule");
-        c.putString("ca.publish.rule.instance.LdapCaCertRule.predicate", 
-            "");
-        c.putString("ca.publish.rule.instance.LdapCaCertRule.publisher", 
-            "LdapCaCertPublisher");
-        c.putString("ca.publish.rule.instance.LdapCaCertRule.type", 
-            "cacert");
-        c.putString("ca.publish.rule.instance.LdapCaCertRule.enable", 
-            "true");
-        c.putString("ca.publish.rule.instance.LdapCaCertRule.mapper", 
-            "LdapCaCertMap");
-
-        c.putString("ca.publish.rule.instance.LdapCrlRule.pluginName", 
-            "Rule");
+        c.putString("ca.publish.rule.instance.LdapCaCertRule.pluginName ",
+                "Rule");
+        c.putString("ca.publish.rule.instance.LdapCaCertRule.predicate",
+                "");
+        c.putString("ca.publish.rule.instance.LdapCaCertRule.publisher",
+                "LdapCaCertPublisher");
+        c.putString("ca.publish.rule.instance.LdapCaCertRule.type",
+                "cacert");
+        c.putString("ca.publish.rule.instance.LdapCaCertRule.enable",
+                "true");
+        c.putString("ca.publish.rule.instance.LdapCaCertRule.mapper",
+                "LdapCaCertMap");
+
+        c.putString("ca.publish.rule.instance.LdapCrlRule.pluginName",
+                "Rule");
         c.putString("ca.publish.rule.instance.LdapCrlRule.predicate", "");
-        c.putString("ca.publish.rule.instance.LdapCrlRule.publisher", 
-            "LdapCrlPublisher");
+        c.putString("ca.publish.rule.instance.LdapCrlRule.publisher",
+                "LdapCrlPublisher");
         c.putString("ca.publish.rule.instance.LdapCrlRule.type", "crl");
         c.putString("ca.publish.rule.instance.LdapCrlRule.enable", "true");
-        c.putString("ca.publish.rule.instance.LdapCrlRule.mapper", 
-            "LdapCrlMap");
+        c.putString("ca.publish.rule.instance.LdapCrlRule.mapper",
+                "LdapCrlMap");
 
-        c.putString("ca.publish.rule.instance.LdapUserCertRule.pluginName", 
-            "Rule");
+        c.putString("ca.publish.rule.instance.LdapUserCertRule.pluginName",
+                "Rule");
         c.putString("ca.publish.rule.instance.LdapUserCertRule.predicate", "");
-        c.putString("ca.publish.rule.instance.LdapUserCertRule.publisher", 
-            "LdapUserCertPublisher");
+        c.putString("ca.publish.rule.instance.LdapUserCertRule.publisher",
+                "LdapUserCertPublisher");
         c.putString("ca.publish.rule.instance.LdapUserCertRule.type", "certs");
         c.putString("ca.publish.rule.instance.LdapUserCertRule.enable", "true");
-        c.putString("ca.publish.rule.instance.LdapUserCertRule.mapper", 
-            "LdapUserCertMap");
+        c.putString("ca.publish.rule.instance.LdapUserCertRule.mapper",
+                "LdapUserCertMap");
 
         c.removeSubStore("ca.ldappublish");
     }
 
     /**
-     * Upgrade publishing. This function upgrades both enabled 
+     * Upgrade publishing. This function upgrades both enabled
      * or disabled publishing configuration.
      */
     public static void jss3(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         String moddb = c.getString("jss.moddb");
 
-        if (moddb == null) return;
+        if (moddb == null)
+            return;
 
         int i = moddb.lastIndexOf("/");
         String dir = moddb.substring(0, i);
@@ -322,7 +321,7 @@ public final class Upgrade {
         i = certdb.lastIndexOf("/");
         String instID = certdb.substring(i + 1);
         String certPrefix = ".." + File.separator + ".." + File.separator + instID +
-            File.separator + "config" + File.separator;
+                File.separator + "config" + File.separator;
         String keyPrefix = certPrefix;
 
         c.putString("jss.certPrefix", certPrefix.replace('\\', '/'));
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java b/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java
index 252d69d6..e015c5e6 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authentication;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -40,11 +39,10 @@ import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * Default authentication subsystem
  * <P>
- *
+ * 
  * @author cfu
  * @author lhsiao
  * @version $Revision$, $Date$
@@ -75,27 +73,28 @@ public class AuthSubsystem implements IAuthSubsystem {
     /**
      * Initializes the authentication subsystem from the config store.
      * Load Authentication manager plugins, create and initialize
-     * initialize authentication manager instances. 
+     * initialize authentication manager instances.
+     * 
      * @param owner The owner of this module.
      * @param config The configuration store.
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         try {
             mLogger = CMS.getLogger();
             mConfig = config;
-    
+
             // hardcode admin and agent plugins required for the server to be 
             // functional.
 
             AuthMgrPlugin newPlugin = null;
 
-            newPlugin = new AuthMgrPlugin(PASSWDUSERDB_PLUGIN_ID, 
+            newPlugin = new AuthMgrPlugin(PASSWDUSERDB_PLUGIN_ID,
                     PasswdUserDBAuthentication.class.getName());
             newPlugin.setVisible(false);
             mAuthMgrPlugins.put(PASSWDUSERDB_PLUGIN_ID, newPlugin);
 
-            newPlugin = new AuthMgrPlugin(CERTUSERDB_PLUGIN_ID, 
+            newPlugin = new AuthMgrPlugin(CERTUSERDB_PLUGIN_ID,
                     CertUserDBAuthentication.class.getName());
             newPlugin.setVisible(false);
             mAuthMgrPlugins.put(CERTUSERDB_PLUGIN_ID, newPlugin);
@@ -128,7 +127,7 @@ public class AuthSubsystem implements IAuthSubsystem {
             while (mImpls.hasMoreElements()) {
                 String id = (String) mImpls.nextElement();
                 String pluginPath = c.getString(id + "." + PROP_CLASS);
-			
+
                 AuthMgrPlugin plugin = new AuthMgrPlugin(id, pluginPath);
 
                 mAuthMgrPlugins.put(id, plugin);
@@ -143,8 +142,8 @@ public class AuthSubsystem implements IAuthSubsystem {
             IAuthManager passwdUserDBAuth = new PasswdUserDBAuthentication();
 
             passwdUserDBAuth.init(PASSWDUSERDB_AUTHMGR_ID, PASSWDUSERDB_PLUGIN_ID, null);
-            mAuthMgrInsts.put(PASSWDUSERDB_AUTHMGR_ID, new 
-                AuthManagerProxy(true, passwdUserDBAuth));
+            mAuthMgrInsts.put(PASSWDUSERDB_AUTHMGR_ID, new
+                    AuthManagerProxy(true, passwdUserDBAuth));
             if (Debug.ON) {
                 Debug.trace("loaded password based auth manager");
             }
@@ -164,7 +163,7 @@ public class AuthSubsystem implements IAuthSubsystem {
             if (Debug.ON) {
                 Debug.trace("loaded challenge phrase auth manager");
             }
-        
+
             IAuthManager cmcAuth = new com.netscape.cms.authentication.CMCAuth();
 
             cmcAuth.init(CMCAUTH_AUTHMGR_ID, CMCAUTH_PLUGIN_ID, config);
@@ -172,7 +171,7 @@ public class AuthSubsystem implements IAuthSubsystem {
             if (Debug.ON) {
                 Debug.trace("loaded cmc auth manager");
             }
-        
+
             // #56659
             // IAuthManager nullAuth = new NullAuthentication();
 
@@ -197,8 +196,8 @@ public class AuthSubsystem implements IAuthSubsystem {
             while (instances.hasMoreElements()) {
                 String insName = (String) instances.nextElement();
                 String implName = c.getString(insName + "." + PROP_PLUGIN);
-                AuthMgrPlugin plugin = 
-                    (AuthMgrPlugin) mAuthMgrPlugins.get(implName);
+                AuthMgrPlugin plugin =
+                        (AuthMgrPlugin) mAuthMgrPlugins.get(implName);
 
                 if (plugin == null) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_CANT_FIND_PLUGIN", implName));
@@ -211,8 +210,8 @@ public class AuthSubsystem implements IAuthSubsystem {
                 IAuthManager authMgrInst = null;
 
                 try {
-                    authMgrInst = (IAuthManager) 
-                        Class.forName(className).newInstance();
+                    authMgrInst = (IAuthManager)
+                            Class.forName(className).newInstance();
                     IConfigStore authMgrConfig = c.getSubStore(insName);
 
                     authMgrInst.init(insName, implName, authMgrConfig);
@@ -221,16 +220,13 @@ public class AuthSubsystem implements IAuthSubsystem {
                     log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_AUTH_ADD_AUTH_INSTANCE", insName));
                 } catch (ClassNotFoundException e) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString()));
-                    throw new
-                        EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
+                    throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
                 } catch (IllegalAccessException e) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString()));
-                    throw new
-                        EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
+                    throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
                 } catch (InstantiationException e) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString()));
-                    throw new
-                        EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
+                    throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
                 } catch (EBaseException e) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTH_INIT_ERROR", insName, e.toString()));
                     // Skip the authenticaiton instance if
@@ -245,8 +241,8 @@ public class AuthSubsystem implements IAuthSubsystem {
                     // fix the problem via console
                 }
                 // add manager instance to list.
-                mAuthMgrInsts.put(insName, new 
-                    AuthManagerProxy(isEnable, authMgrInst));
+                mAuthMgrInsts.put(insName, new
+                        AuthManagerProxy(isEnable, authMgrInst));
                 if (Debug.ON) {
                     Debug.trace("loaded auth instance " + insName + " impl " + implName);
                 }
@@ -262,23 +258,24 @@ public class AuthSubsystem implements IAuthSubsystem {
     /**
      * Authenticate to the named authentication manager instance
      * <p>
+     * 
      * @param authCred authentication credentials subject to the
-     *  requirements of each authentication manager
+     *            requirements of each authentication manager
      * @param authMgrName name of the authentication manager instance
-     * @return authentication token with individualized authenticated 
-     * information.
+     * @return authentication token with individualized authenticated
+     *         information.
      * @exception EMissingCredential If a required credential for the
-     * authentication manager is missing.
+     *                authentication manager is missing.
      * @exception EInvalidCredentials If the credentials cannot be authenticated
      * @exception EAuthMgrNotFound The auth manager is not found.
      * @exception EBaseException If an internal error occurred.
      */
     public IAuthToken authenticate(
-        IAuthCredentials authCred, String authMgrInstName)
-        throws EMissingCredential, EInvalidCredentials, 
+            IAuthCredentials authCred, String authMgrInstName)
+            throws EMissingCredential, EInvalidCredentials,
             EAuthMgrNotFound, EBaseException {
         AuthManagerProxy proxy = (AuthManagerProxy)
-            mAuthMgrInsts.get(authMgrInstName);
+                mAuthMgrInsts.get(authMgrInstName);
 
         if (proxy == null) {
             throw new EAuthMgrNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName));
@@ -296,10 +293,10 @@ public class AuthSubsystem implements IAuthSubsystem {
 
     /**
      * Gets a list of required authentication credential names
-     * of the specified authentication manager.  
+     * of the specified authentication manager.
      */
     public String[] getRequiredCreds(String authMgrInstName)
-        throws EAuthMgrNotFound {
+            throws EAuthMgrNotFound {
         IAuthManager authMgrInst = get(authMgrInstName);
 
         if (authMgrInst == null) {
@@ -309,13 +306,14 @@ public class AuthSubsystem implements IAuthSubsystem {
     }
 
     /**
-     * Gets configuration parameters for the given 
+     * Gets configuration parameters for the given
      * authentication manager plugin.
+     * 
      * @param implName Name of the authentication plugin.
      * @return Hashtable of required parameters.
      */
     public String[] getConfigParams(String implName)
-        throws EAuthMgrPluginNotFound, EBaseException {
+            throws EAuthMgrPluginNotFound, EBaseException {
         // is this a registered implname?
         AuthMgrPlugin plugin = (AuthMgrPlugin) mAuthMgrPlugins.get(implName);
 
@@ -334,21 +332,19 @@ public class AuthSubsystem implements IAuthSubsystem {
             return (authMgrInst.getConfigParams());
         } catch (InstantiationException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString()));
-            throw new
-                EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
+            throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
         } catch (ClassNotFoundException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString()));
-            throw new 
-                EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
+            throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
         } catch (IllegalAccessException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString()));
-            throw new 
-                EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
+            throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
         }
     }
 
     /**
      * Add an authentication manager instance.
+     * 
      * @param name name of the authentication manager instance
      * @param authMgr the authentication manager instance to be added
      */
@@ -366,6 +362,7 @@ public class AuthSubsystem implements IAuthSubsystem {
 
     /**
      * Gets the authentication manager instance of the specified name.
+     * 
      * @param name name of the authentication manager instance
      * @return the named authentication manager instance
      */
@@ -385,7 +382,7 @@ public class AuthSubsystem implements IAuthSubsystem {
         Enumeration<String> e = mAuthMgrInsts.keys();
 
         while (e.hasMoreElements()) {
-            IAuthManager p = get( e.nextElement());
+            IAuthManager p = get(e.nextElement());
 
             if (p != null) {
                 inst.addElement(p);
@@ -409,9 +406,9 @@ public class AuthSubsystem implements IAuthSubsystem {
     }
 
     /**
-     * Retrieve a single auth manager instance 
+     * Retrieve a single auth manager instance
      */
-    
+
     /* getconfigparams above should be recoded to use this func */
     public IAuthManager getAuthManagerPlugin(String name) {
         AuthMgrPlugin plugin = (AuthMgrPlugin) mAuthMgrPlugins.get(name);
@@ -429,16 +426,18 @@ public class AuthSubsystem implements IAuthSubsystem {
 
     /**
      * Retrieves id (name) of this subsystem.
+     * 
      * @return name of the authentication subsystem
      */
     public String getId() {
         return (mId);
     }
-  
+
     /**
      * Sets id string to this subsystem.
      * <p>
-     * Use with caution.  Should not do it when sharing with others
+     * Use with caution. Should not do it when sharing with others
+     * 
      * @param id name to be applied to an authentication sybsystem
      */
     public void setId(String id) throws EBaseException {
@@ -455,12 +454,11 @@ public class AuthSubsystem implements IAuthSubsystem {
     }
 
     /**
-     * shuts down authentication managers one by one. 
+     * shuts down authentication managers one by one.
      * <P>
      */
     public void shutdown() {
-        for (Enumeration<String> e = mAuthMgrInsts.keys();
-            e.hasMoreElements();) {
+        for (Enumeration<String> e = mAuthMgrInsts.keys(); e.hasMoreElements();) {
 
             IAuthManager mgr = (IAuthManager) get((String) e.nextElement());
 
@@ -486,7 +484,7 @@ public class AuthSubsystem implements IAuthSubsystem {
     /**
      * Returns the root configuration storage of this system.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -495,6 +493,7 @@ public class AuthSubsystem implements IAuthSubsystem {
 
     /**
      * gets the named authentication manager
+     * 
      * @param name of the authentication manager
      * @return the named authentication manager
      */
@@ -509,7 +508,7 @@ public class AuthSubsystem implements IAuthSubsystem {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java
index c8214294..b2fc49b5 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authentication;
 
-
 import java.security.cert.X509Certificate;
 
 import netscape.security.x509.X509CertImpl;
@@ -38,13 +37,12 @@ import com.netscape.certsrv.usrgrp.ICertUserLocator;
 import com.netscape.cmscore.usrgrp.ExactMatchCertUserLocator;
 import com.netscape.cmscore.usrgrp.User;
 
-
 /**
- * Certificate server agent authentication.  
- * Maps a SSL client authenticate certificate to a user (agent) entry in the 
- * internal database. 
+ * Certificate server agent authentication.
+ * Maps a SSL client authenticate certificate to a user (agent) entry in the
+ * internal database.
  * <P>
- *
+ * 
  * @author lhsiao
  * @author cfu
  * @version $Revision$, $Date$
@@ -81,15 +79,15 @@ public class CertUserDBAuthentication implements IAuthManager {
     /**
      * initializes the CertUserDBAuthentication auth manager
      * <p>
-     * called by AuthSubsystem init() method, when initializing
-     * all available authentication managers.
+     * called by AuthSubsystem init() method, when initializing all available authentication managers.
+     * 
      * @param owner - The authentication subsystem that hosts this
-     *   auth manager
+     *            auth manager
      * @param config - The configuration store used by the
-     *	 authentication subsystem
+     *            authentication subsystem
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -112,7 +110,7 @@ public class CertUserDBAuthentication implements IAuthManager {
         mCULocator = new ExactMatchCertUserLocator();
         log(ILogger.LL_INFO, CMS.getLogMessage("INIT_DONE", name));
     }
- 
+
     /**
      * Gets the name of this authentication manager.
      */
@@ -126,28 +124,28 @@ public class CertUserDBAuthentication implements IAuthManager {
     public String getImplName() {
         return mImplName;
     }
- 
+
     /**
      * authenticates user(agent) by certificate
      * <p>
-     * called by other subsystems or their servlets to authenticate
-     *	 users (agents)
+     * called by other subsystems or their servlets to authenticate users (agents)
+     * 
      * @param authCred - authentication credential that contains
-     *	 an usrgrp.Certificates of the user (agent)
+     *            an usrgrp.Certificates of the user (agent)
      * @return the authentication token that contains the following
-     *
+     * 
      * @exception com.netscape.certsrv.base.EAuthsException any
-     *	 authentication failure or insufficient credentials
+     *                authentication failure or insufficient credentials
      * @see com.netscape.certsrv.authentication.AuthToken
      * @see com.netscape.certsrv.usrgrp.Certificates
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
         CMS.debug("CertUserDBAuth: started");
         AuthToken authToken = new AuthToken(this);
         CMS.debug("CertUserDBAuth: Retrieving client certificate");
-        X509Certificate[] x509Certs = 
-            (X509Certificate[]) authCred.get(CRED_CERT);
+        X509Certificate[] x509Certs =
+                (X509Certificate[]) authCred.get(CRED_CERT);
 
         if (x509Certs == null) {
             CMS.debug("CertUserDBAuth: no client certificate found");
@@ -198,7 +196,7 @@ public class CertUserDBAuthentication implements IAuthManager {
         authToken.set(TOKEN_USER_DN, user.getUserDN());
         authToken.set(TOKEN_USERID, user.getUserID());
         authToken.set(TOKEN_UID, user.getUserID());
-        authToken.set(CRED_CERT, certs);  
+        authToken.set(CRED_CERT, certs);
 
         log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", user.getUserID()));
         CMS.debug("authenticated " + user.getUserDN());
@@ -208,10 +206,11 @@ public class CertUserDBAuthentication implements IAuthManager {
 
     /**
      * get the list of authentication credential attribute names
-     *	 required by this authentication manager. Generally used by
-     *	 the servlets that handle agent operations to authenticate its
-     *	 users.  It calls this method to know which are the
-     *	 required credentials from the user (e.g. Javascript form data)
+     * required by this authentication manager. Generally used by
+     * the servlets that handle agent operations to authenticate its
+     * users. It calls this method to know which are the
+     * required credentials from the user (e.g. Javascript form data)
+     * 
      * @return attribute names in Vector
      */
     public String[] getRequiredCreds() {
@@ -220,14 +219,15 @@ public class CertUserDBAuthentication implements IAuthManager {
 
     /**
      * get the list of configuration parameter names
-     *	 required by this authentication manager.  Generally used by
-     *	 the Certificate Server Console to display the table for
-     *	 configuration purposes.  CertUserDBAuthentication is currently not
-     *	 exposed in this case, so this method is not to be used.
+     * required by this authentication manager. Generally used by
+     * the Certificate Server Console to display the table for
+     * configuration purposes. CertUserDBAuthentication is currently not
+     * exposed in this case, so this method is not to be used.
+     * 
      * @return configuration parameter names in Hashtable of Vectors
-     *	 where each hashtable entry's key is the substore name, value is a
-     * Vector of parameter names.  If no substore, the parameter name
-     *	 is the Hashtable key itself, with value same as key.
+     *         where each hashtable entry's key is the substore name, value is a
+     *         Vector of parameter names. If no substore, the parameter name
+     *         is the Hashtable key itself, with value same as key.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
@@ -241,7 +241,8 @@ public class CertUserDBAuthentication implements IAuthManager {
 
     /**
      * gets the configuretion substore used by this authentication
-     *  manager
+     * manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -252,7 +253,7 @@ public class CertUserDBAuthentication implements IAuthManager {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java
index 38901f3b..f2eb5afe 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authentication;
 
-
 import java.math.BigInteger;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -50,14 +49,13 @@ import com.netscape.cmscore.dbs.CertRecord;
 import com.netscape.cmscore.dbs.CertificateRepository;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * Challenge phrase based authentication.
  * Maps a certificate to the request in the
  * internal database and further compares the challenge phrase with
  * that from the EE input.
  * <P>
- *
+ * 
  * @author cfu chrisho
  * @version $Revision$, $Date$
  */
@@ -69,7 +67,7 @@ public class ChallengePhraseAuthentication implements IAuthManager {
     /* required credentials */
     public static final String CRED_CERT_SERIAL = IAuthManager.CRED_CERT_SERIAL_TO_REVOKE;
     public static final String CRED_CHALLENGE = "challengePhrase";
-    protected String[] mRequiredCreds = { CRED_CERT_SERIAL, CRED_CHALLENGE};
+    protected String[] mRequiredCreds = { CRED_CERT_SERIAL, CRED_CHALLENGE };
 
     /* config parameters to pass to console (none) */
     protected static String[] mConfigParams = null;
@@ -98,14 +96,14 @@ public class ChallengePhraseAuthentication implements IAuthManager {
     /**
      * initializes the ChallengePhraseAuthentication auth manager
      * <p>
-     * called by AuthSubsystem init() method, when initializing
-     * all available authentication managers.
+     * called by AuthSubsystem init() method, when initializing all available authentication managers.
+     * 
      * @param name The name of this authentication manager instance.
      * @param implName The name of the authentication manager plugin.
      * @param config The configuration store for this authentication manager.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -118,7 +116,7 @@ public class ChallengePhraseAuthentication implements IAuthManager {
 
         log(ILogger.LL_INFO, CMS.getLogMessage("INIT_DONE", name));
     }
- 
+
     /**
      * Gets the name of this authentication manager.
      */
@@ -132,24 +130,24 @@ public class ChallengePhraseAuthentication implements IAuthManager {
     public String getImplName() {
         return mImplName;
     }
- 
+
     /**
      * authenticates revocation of a certification by a challenge phrase
      * <p>
-     * called by other subsystems or their servlets to authenticate
-     *	 a revocation request
+     * called by other subsystems or their servlets to authenticate a revocation request
+     * 
      * @param authCred - authentication credential that contains
-     *	 a Certificate to revoke
+     *            a Certificate to revoke
      * @return the authentication token that contains the request id
-     *
+     * 
      * @exception EMissingCredential If a required credential for this
-     * authentication manager is missing.
+     *                authentication manager is missing.
      * @exception EInvalidCredentials If credentials cannot be authenticated.
      * @exception EBaseException If an internal error occurred.
      * @see com.netscape.certsrv.authentication.AuthToken
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
         mCA = (ICertificateAuthority)
                 SubsystemRegistry.getInstance().get("ca");
 
@@ -186,7 +184,7 @@ public class ChallengePhraseAuthentication implements IAuthManager {
                     serialNum = new
                             BigInteger(serialNumString);
                 }
-						
+
             } catch (NumberFormatException e) {
                 throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid serial number."));
             }
@@ -240,7 +238,7 @@ public class ChallengePhraseAuthentication implements IAuthManager {
                     if (samepwd) {
                         bigIntArray = new BigInteger[1];
                         bigIntArray[0] = record.getSerialNumber();
-                    } else 
+                    } else
                         throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid password."));
 
                 } else {
@@ -283,7 +281,7 @@ public class ChallengePhraseAuthentication implements IAuthManager {
         if (bigIntArray != null && bigIntArray.length > 0) {
             if (Debug.ON) {
                 Debug.trace("challenge authentication serialno array not null");
-                for (int i = 0; i < bigIntArray.length; i++) 
+                for (int i = 0; i < bigIntArray.length; i++)
                     Debug.trace("challenge auth serialno " + bigIntArray[i]);
             }
         }
@@ -295,8 +293,8 @@ public class ChallengePhraseAuthentication implements IAuthManager {
         return authToken;
     }
 
-    private boolean compareChallengePassword(CertRecord record, String pwd) 
-        throws EBaseException {
+    private boolean compareChallengePassword(CertRecord record, String pwd)
+            throws EBaseException {
         MetaInfo metaInfo = (MetaInfo) record.get(CertRecord.ATTR_META_INFO);
 
         if (metaInfo == null) {
@@ -312,8 +310,8 @@ public class ChallengePhraseAuthentication implements IAuthManager {
         String hashpwd = hashPassword(pwd);
 
         // got metaInfo
-        String challengeString = 
-            (String) metaInfo.get(CertRecord.META_CHALLENGE_PHRASE);
+        String challengeString =
+                (String) metaInfo.get(CertRecord.META_CHALLENGE_PHRASE);
 
         if (challengeString == null) {
             if (Debug.ON) {
@@ -330,16 +328,17 @@ public class ChallengePhraseAuthentication implements IAuthManager {
              "Incorrect challenge phrase password used for revocation");
              throw new EInvalidCredentials();
              */
-        } else 
+        } else
             return true;
     }
 
     /**
      * get the list of authentication credential attribute names
-     *	 required by this authentication manager. Generally used by
-     *	 the servlets that handle agent operations to authenticate its
-     *	 users.  It calls this method to know which are the
-     *	 required credentials from the user (e.g. Javascript form data)
+     * required by this authentication manager. Generally used by
+     * the servlets that handle agent operations to authenticate its
+     * users. It calls this method to know which are the
+     * required credentials from the user (e.g. Javascript form data)
+     * 
      * @return attribute names in Vector
      */
     public String[] getRequiredCreds() {
@@ -348,14 +347,15 @@ public class ChallengePhraseAuthentication implements IAuthManager {
 
     /**
      * get the list of configuration parameter names
-     *	 required by this authentication manager.  Generally used by
-     *	 the Certificate Server Console to display the table for
-     *	 configuration purposes.  ChallengePhraseAuthentication is currently not
-     *	 exposed in this case, so this method is not to be used.
+     * required by this authentication manager. Generally used by
+     * the Certificate Server Console to display the table for
+     * configuration purposes. ChallengePhraseAuthentication is currently not
+     * exposed in this case, so this method is not to be used.
+     * 
      * @return configuration parameter names in Hashtable of Vectors
-     *	 where each hashtable entry's key is the substore name, value is a
-     * Vector of parameter names.  If no substore, the parameter name
-     *	 is the Hashtable key itself, with value same as key.
+     *         where each hashtable entry's key is the substore name, value is a
+     *         Vector of parameter names. If no substore, the parameter name
+     *         is the Hashtable key itself, with value same as key.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
@@ -369,7 +369,8 @@ public class ChallengePhraseAuthentication implements IAuthManager {
 
     /**
      * gets the configuretion substore used by this authentication
-     *  manager
+     * manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -380,7 +381,7 @@ public class ChallengePhraseAuthentication implements IAuthManager {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
 
     private IRequestQueue getReqQueue() {
@@ -388,15 +389,15 @@ public class ChallengePhraseAuthentication implements IAuthManager {
 
         try {
             IRegistrationAuthority ra = (IRegistrationAuthority)
-                SubsystemRegistry.getInstance().get("ra");
+                    SubsystemRegistry.getInstance().get("ra");
 
             if (ra != null) {
                 queue = ra.getRequestQueue();
                 mRequestor = IRequest.REQUESTOR_RA;
             }
         } catch (Exception e) {
-            log(ILogger.LL_FAILURE, 
-                " cannot get access to the request queue.");
+            log(ILogger.LL_FAILURE,
+                    " cannot get access to the request queue.");
         }
 
         return queue;
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/NullAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/NullAuthentication.java
index e9bcbcb6..e124f140 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/NullAuthentication.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/NullAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authentication;
 
-
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.AuthToken;
 import com.netscape.certsrv.authentication.EInvalidCredentials;
@@ -29,10 +28,10 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This authentication does nothing but just returns an empty authToken.
  * <P>
+ * 
  * @author chrisho
  * @version $Revision$, $Date$
  */
@@ -53,15 +52,15 @@ public class NullAuthentication implements IAuthManager {
     /**
      * initializes the NullAuthentication auth manager
      * <p>
-     * called by AuthSubsystem init() method, when initializing
-     * all available authentication managers.
+     * called by AuthSubsystem init() method, when initializing all available authentication managers.
+     * 
      * @param name - Name assigned to this authentication manager instance.
      * @param implName - Name of the authentication plugin.
      * @param config - The configuration store used by the
-     *	 authentication subsystem.
+     *            authentication subsystem.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -73,20 +72,21 @@ public class NullAuthentication implements IAuthManager {
      * authenticates nothing
      * <p>
      * called by other subsystems or their servlets to authenticate administrators
-     * @param authCred Authentication credentials. 
-     *          "uid" and "pwd" are required.
+     * 
+     * @param authCred Authentication credentials.
+     *            "uid" and "pwd" are required.
      * @return the authentication token (authToken) that contains the following
-     *        userdn = [userdn, in case of success]<br>
-     *        authMgrName = [authMgrName]<br>
-     * @exception com.netscape.certsrv.base.MissingCredential If either 
-     *          "uid" or "pwd" is missing from the given credentials.
-     * @exception com.netscape.certsrv.base.InvalidCredentials If the 
-     *          the credentials failed to authenticate.
-     * @exception com.netscape.certsrv.base.EBaseException If an internal 
-     *          error occurred.
+     *         userdn = [userdn, in case of success]<br>
+     *         authMgrName = [authMgrName]<br>
+     * @exception com.netscape.certsrv.base.MissingCredential If either
+     *                "uid" or "pwd" is missing from the given credentials.
+     * @exception com.netscape.certsrv.base.InvalidCredentials If the
+     *                the credentials failed to authenticate.
+     * @exception com.netscape.certsrv.base.EBaseException If an internal
+     *                error occurred.
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
         AuthToken authToken = new AuthToken(this);
 
         authToken.set("authType", "NOAUTH");
@@ -110,9 +110,10 @@ public class NullAuthentication implements IAuthManager {
 
     /**
      * get the list of authentication credential attribute names
-     *	 required by this authentication manager.  Generally used by
-     *	 servlets that use this authentication manager, to retrieve
-     *	 required credentials from the user (e.g. Javascript form data)
+     * required by this authentication manager. Generally used by
+     * servlets that use this authentication manager, to retrieve
+     * required credentials from the user (e.g. Javascript form data)
+     * 
      * @return attribute names in Vector
      */
     public String[] getRequiredCreds() {
@@ -121,8 +122,9 @@ public class NullAuthentication implements IAuthManager {
 
     /**
      * Get the list of configuration parameter names
-     * required by this authentication manager.  In this case, an empty list.
-     * @return String array of configuration parameters. 
+     * required by this authentication manager. In this case, an empty list.
+     * 
+     * @return String array of configuration parameters.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
@@ -136,7 +138,8 @@ public class NullAuthentication implements IAuthManager {
 
     /**
      * gets the configuration substore used by this authentication
-     *  manager
+     * manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -145,6 +148,7 @@ public class NullAuthentication implements IAuthManager {
 
     /**
      * Log a message.
+     * 
      * @param level The logging level.
      * @param msg The message to log.
      */
@@ -152,6 +156,6 @@ public class NullAuthentication implements IAuthManager {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java
index 88dc7296..f20bd5f0 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authentication;
 
-
 import netscape.ldap.LDAPConnection;
 import netscape.ldap.LDAPEntry;
 import netscape.ldap.LDAPException;
@@ -43,13 +42,13 @@ import com.netscape.cmscore.ldapconn.LdapConnInfo;
 import com.netscape.cmscore.usrgrp.UGSubsystem;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * Certificate Server admin authentication. 
+ * Certificate Server admin authentication.
  * Used to authenticate administrators in the Certificate Server Console.
- * Authentications by checking the uid and password against the 
+ * Authentications by checking the uid and password against the
  * database.
  * <P>
+ * 
  * @author lhsiao, cfu
  * @version $Revision$, $Date$
  */
@@ -81,15 +80,15 @@ public class PasswdUserDBAuthentication implements IAuthManager {
     /**
      * initializes the PasswdUserDBAuthentication auth manager
      * <p>
-     * called by AuthSubsystem init() method, when initializing
-     * all available authentication managers.
+     * called by AuthSubsystem init() method, when initializing all available authentication managers.
+     * 
      * @param name - Name assigned to this authentication manager instance.
      * @param implName - Name of the authentication plugin.
      * @param config - The configuration store used by the
-     *	 authentication subsystem.
+     *            authentication subsystem.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -111,20 +110,21 @@ public class PasswdUserDBAuthentication implements IAuthManager {
      * authenticates administratrators by LDAP uid/pwd
      * <p>
      * called by other subsystems or their servlets to authenticate administrators
-     * @param authCred Authentication credentials. 
-     *          "uid" and "pwd" are required.
+     * 
+     * @param authCred Authentication credentials.
+     *            "uid" and "pwd" are required.
      * @return the authentication token (authToken) that contains the following
-     *        userdn = [userdn, in case of success]<br>
-     *        authMgrName = [authMgrName]<br>
-     * @exception com.netscape.certsrv.base.MissingCredential If either 
-     *          "uid" or "pwd" is missing from the given credentials.
-     * @exception com.netscape.certsrv.base.InvalidCredentials If the 
-     *          the credentials failed to authenticate.
-     * @exception com.netscape.certsrv.base.EBaseException If an internal 
-     *          error occurred.
+     *         userdn = [userdn, in case of success]<br>
+     *         authMgrName = [authMgrName]<br>
+     * @exception com.netscape.certsrv.base.MissingCredential If either
+     *                "uid" or "pwd" is missing from the given credentials.
+     * @exception com.netscape.certsrv.base.InvalidCredentials If the
+     *                the credentials failed to authenticate.
+     * @exception com.netscape.certsrv.base.EBaseException If an internal
+     *                error occurred.
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
         AuthToken authToken = new AuthToken(this);
 
         // make sure the required credentials are provided 
@@ -171,32 +171,32 @@ public class PasswdUserDBAuthentication implements IAuthManager {
             log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_AUTH_FAILED", uid, e.toString()));
             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
         } finally {
-            if (conn != null) 
+            if (conn != null)
                 mConnFactory.returnConn(conn);
-            if (anonConn != null) 
+            if (anonConn != null)
                 mAnonConnFactory.returnConn(anonConn);
         }
 
         UGSubsystem ug = UGSubsystem.getInstance();
 
         authToken.set(TOKEN_USERDN, userdn);
-        authToken.set(CRED_UID, uid);  // return original uid for info
+        authToken.set(CRED_UID, uid); // return original uid for info
 
         IUser user = null;
 
         try {
             user = ug.getUser(uid);
         } catch (EBaseException e) {
-            if (Debug.ON) 
+            if (Debug.ON)
                 e.printStackTrace();
-                // not a user in our user/group database.
+            // not a user in our user/group database.
             log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_UID_NOT_FOUND", uid, e.toString()));
             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
         }
         authToken.set(TOKEN_USERDN, user.getUserDN());
         authToken.set(TOKEN_USERID, user.getUserID());
         log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", uid));
-		
+
         return authToken;
     }
 
@@ -216,9 +216,10 @@ public class PasswdUserDBAuthentication implements IAuthManager {
 
     /**
      * get the list of authentication credential attribute names
-     *	 required by this authentication manager.  Generally used by
-     *	 servlets that use this authentication manager, to retrieve
-     *	 required credentials from the user (e.g. Javascript form data)
+     * required by this authentication manager. Generally used by
+     * servlets that use this authentication manager, to retrieve
+     * required credentials from the user (e.g. Javascript form data)
+     * 
      * @return attribute names in Vector
      */
     public String[] getRequiredCreds() {
@@ -227,8 +228,9 @@ public class PasswdUserDBAuthentication implements IAuthManager {
 
     /**
      * Get the list of configuration parameter names
-     * required by this authentication manager.  In this case, an empty list.
-     * @return String array of configuration parameters. 
+     * required by this authentication manager. In this case, an empty list.
+     * 
+     * @return String array of configuration parameters.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
@@ -249,7 +251,8 @@ public class PasswdUserDBAuthentication implements IAuthManager {
 
     /**
      * gets the configuretion substore used by this authentication
-     *  manager
+     * manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -258,6 +261,7 @@ public class PasswdUserDBAuthentication implements IAuthManager {
 
     /**
      * Log a message.
+     * 
      * @param level The logging level.
      * @param msg The message to log.
      */
@@ -265,6 +269,6 @@ public class PasswdUserDBAuthentication implements IAuthManager {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java
index 56927537..13533200 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authentication;
 
-
 // ldap java sdk
 
 // cert server imports.
@@ -47,10 +46,10 @@ import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * SSL client based authentication.
  * <P>
+ * 
  * @author chrisho
  * @version $Revision$, $Date$
  */
@@ -75,8 +74,8 @@ public class SSLClientCertAuthentication implements IAuthManager {
      * for instances of this implementation can be configured through the
      * console.
      */
-    protected static String[] mConfigParams = 
-        new String[] {};
+    protected static String[] mConfigParams =
+            new String[] {};
 
     /**
      * Default constructor, initialization must follow.
@@ -86,7 +85,7 @@ public class SSLClientCertAuthentication implements IAuthManager {
     }
 
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -95,18 +94,18 @@ public class SSLClientCertAuthentication implements IAuthManager {
     }
 
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
 
         AuthToken authToken = new AuthToken(this);
 
         CMS.debug("SSLCertAuth: Retrieving client certificates");
         X509Certificate[] x509Certs =
-            (X509Certificate[]) authCred.get(CRED_CERT);
+                (X509Certificate[]) authCred.get(CRED_CERT);
 
         if (x509Certs == null) {
             CMS.debug("SSLCertAuth: No client certificate found");
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_AUTH_MISSING_CERT"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_AUTH_MISSING_CERT"));
             throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT));
         }
         CMS.debug("SSLCertAuth: Got client certificate");
@@ -118,7 +117,7 @@ public class SSLClientCertAuthentication implements IAuthManager {
         }
 
         X509CertImpl clientCert = (X509CertImpl) x509Certs[0];
- 
+
         BigInteger serialNum = null;
 
         try {
@@ -128,7 +127,7 @@ public class SSLClientCertAuthentication implements IAuthManager {
             throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid serial number."));
         }
 
-        String clientCertIssuerDN = clientCert.getIssuerDN().toString(); 
+        String clientCertIssuerDN = clientCert.getIssuerDN().toString();
         BigInteger[] bigIntArray = null;
 
         if (mCertDB != null) { /* is CA */
@@ -145,13 +144,13 @@ public class SSLClientCertAuthentication implements IAuthManager {
                 String status = record.getStatus();
 
                 if (status.equals("VALID")) {
- 
+
                     X509CertImpl cacert = mCA.getCACert();
                     Principal p = cacert.getSubjectDN();
 
                     if (!p.toString().equals(clientCertIssuerDN)) {
-                        throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME")); 
-                    } 
+                        throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME"));
+                    }
                 } else {
                     throw new EBaseException(
                             CMS.getUserMessage("CMS_BASE_INVALID_CERT_STATUS", status));
@@ -182,30 +181,30 @@ public class SSLClientCertAuthentication implements IAuthManager {
                 RequestStatus status = getCertStatusReq.getRequestStatus();
 
                 if (status == RequestStatus.COMPLETE) {
-                    String certStatus = 
-                        getCertStatusReq.getExtDataInString(IRequest.CERT_STATUS);
+                    String certStatus =
+                            getCertStatusReq.getExtDataInString(IRequest.CERT_STATUS);
 
-                    if (certStatus == null) { 
-                        String[] params = {"null status"};
+                    if (certStatus == null) {
+                        String[] params = { "null status" };
 
                         throw new EBaseException(
                                 CMS.getUserMessage("CMS_BASE_INVALID_CERT_STATUS", params));
                     } else if (certStatus.equals("INVALIDCERTROOT")) {
-                        throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME")); 
+                        throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME"));
                     } else if (!certStatus.equals("VALID")) {
-                        String[] params = {status.toString()};
+                        String[] params = { status.toString() };
 
                         throw new EBaseException(
                                 CMS.getUserMessage("CMS_BASE_INVALID_CERT_STATUS", params));
                     }
                 } else {
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSCORE_AUTH_INCOMPLETE_REQUEST"));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSCORE_AUTH_INCOMPLETE_REQUEST"));
                     throw new EBaseException(CMS.getUserMessage("CMS_BASE_REQUEST_IN_BAD_STATE"));
                 }
             } else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_AUTH_FAILED_GET_QUEUE"));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_AUTH_FAILED_GET_QUEUE"));
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_GET_QUEUE_FAILED"));
             }
         } // else, ra
@@ -222,10 +221,10 @@ public class SSLClientCertAuthentication implements IAuthManager {
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
+     * Returns a list of configuration parameter names.
+     * The list is passed to the configuration console so instances of
      * this implementation can be configured through the console.
-     *
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
@@ -234,6 +233,7 @@ public class SSLClientCertAuthentication implements IAuthManager {
 
     /**
      * Returns array of required credentials for this authentication manager.
+     * 
      * @return Array of required credentials.
      */
     public String[] getRequiredCreds() {
@@ -244,15 +244,15 @@ public class SSLClientCertAuthentication implements IAuthManager {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
 
     private IRequestQueue getReqQueue() {
         IRequestQueue queue = null;
 
         try {
-            IRegistrationAuthority ra = 
-                (IRegistrationAuthority) CMS.getSubsystem("ra");
+            IRegistrationAuthority ra =
+                    (IRegistrationAuthority) CMS.getSubsystem("ra");
 
             if (ra != null) {
                 queue = ra.getRequestQueue();
@@ -260,7 +260,7 @@ public class SSLClientCertAuthentication implements IAuthManager {
             }
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                " cannot get access to the request queue.");
+                    " cannot get access to the request queue.");
         }
 
         return queue;
@@ -268,6 +268,7 @@ public class SSLClientCertAuthentication implements IAuthManager {
 
     /**
      * Gets the configuration substore used by this authentication manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -288,4 +289,3 @@ public class SSLClientCertAuthentication implements IAuthManager {
         return mImplName;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCert.java b/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCert.java
index 69192f3f..173d69f8 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCert.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authentication;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 
 import com.netscape.certsrv.apps.CMS;
 
-
-/** 
+/**
  * class storing verified certificate.
- *
+ * 
  * @version $Revision$, $Date$
  */
 
@@ -45,9 +43,9 @@ public class VerifiedCert {
     /**
      * Constructs verified certiificate record
      */
- 
+
     public VerifiedCert(BigInteger serialNumber, byte[] certEncoded,
-        int status) {
+            int status) {
         mStatus = status;
         mSerialNumber = serialNumber;
         mCertEncoded = certEncoded;
@@ -55,13 +53,13 @@ public class VerifiedCert {
     }
 
     public int check(BigInteger serialNumber, byte[] certEncoded,
-        long interval, long unknownStateInterval) {
+            long interval, long unknownStateInterval) {
         int status = UNKNOWN;
- 
+
         if (mSerialNumber.equals(serialNumber)) {
             if (mCertEncoded != null) {
                 if (certEncoded != null &&
-                    mCertEncoded.length == certEncoded.length) {
+                        mCertEncoded.length == certEncoded.length) {
                     int i;
 
                     for (i = 0; i < mCertEncoded.length; i++) {
@@ -90,4 +88,3 @@ public class VerifiedCert {
         return status;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java b/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java
index ca0f63e5..52ce91fd 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authentication;
 
-
 import java.math.BigInteger;
 
 import netscape.security.x509.X509CertImpl;
 
-
-/** 
+/**
  * class storing verified certificates.
- *
+ * 
  * @version $Revision$, $Date$
  */
 
@@ -38,11 +36,11 @@ public class VerifiedCerts {
     private VerifiedCert[] mVCerts = null;
     private long mInterval = 0;
     private long mUnknownStateInterval = 0;
- 
+
     /**
      * Constructs verified certiificates list
      */
- 
+
     public VerifiedCerts(int size, long interval) {
         mVCerts = new VerifiedCert[size];
         mInterval = interval;
@@ -64,8 +62,8 @@ public class VerifiedCerts {
             } catch (Exception e) {
             }
             if ((certEncoded != null ||
-                    (status == VerifiedCert.CHECKED && mUnknownStateInterval > 0)) 
-                && mInterval > 0) {
+                    (status == VerifiedCert.CHECKED && mUnknownStateInterval > 0))
+                    && mInterval > 0) {
                 update(cert.getSerialNumber(), certEncoded, status);
             }
         }
@@ -75,7 +73,7 @@ public class VerifiedCerts {
         if ((status == VerifiedCert.NOT_REVOKED ||
                 status == VerifiedCert.REVOKED ||
                 (status == VerifiedCert.CHECKED && mUnknownStateInterval > 0))
-            && mInterval > 0) {
+                && mInterval > 0) {
             if (mLast == mNext && mFirst == mNext) { // empty
                 mVCerts[mNext] = new VerifiedCert(serialNumber, certEncoded, status);
                 mNext = next(mNext);
@@ -94,8 +92,8 @@ public class VerifiedCerts {
 
     public int check(X509CertImpl cert) {
         int status = VerifiedCert.UNKNOWN;
-        
-        if (mLast != mNext && mInterval > 0) {  // if not empty and
+
+        if (mLast != mNext && mInterval > 0) { // if not empty and
             if (cert != null) {
                 byte[] certEncoded = null;
 
@@ -116,10 +114,10 @@ public class VerifiedCerts {
         int status = VerifiedCert.UNKNOWN;
         int i = mLast;
 
-        if (mVCerts != null && mLast != mNext && mInterval > 0) {  // if not empty and
-            while (status == VerifiedCert.UNKNOWN) { 
-                if (mVCerts[i] == null) 
-                   return status;
+        if (mVCerts != null && mLast != mNext && mInterval > 0) { // if not empty and
+            while (status == VerifiedCert.UNKNOWN) {
+                if (mVCerts[i] == null)
+                    return status;
                 status = mVCerts[i].check(serialNumber, certEncoded,
                             mInterval, mUnknownStateInterval);
                 if (status == VerifiedCert.EXPIRED) {
@@ -158,4 +156,3 @@ public class VerifiedCerts {
         return i;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/authorization/AuthzSubsystem.java b/pki/base/common/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
index 62351f1a..aa7e496a 100644
--- a/pki/base/common/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authorization;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -38,11 +37,10 @@ import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * Default authorization subsystem
  * <P>
- *
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -72,12 +70,13 @@ public class AuthzSubsystem implements IAuthzSubsystem {
     /**
      * Initializes the authorization subsystem from the config store.
      * Load Authorization manager plugins, create and initialize
-     * initialize authorization manager instances. 
+     * initialize authorization manager instances.
+     * 
      * @param owner The owner of this module.
      * @param config The configuration store.
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         try {
             mLogger = CMS.getLogger();
             mConfig = config;
@@ -90,7 +89,7 @@ public class AuthzSubsystem implements IAuthzSubsystem {
             while (mImpls.hasMoreElements()) {
                 String id = (String) mImpls.nextElement();
                 String pluginPath = c.getString(id + "." + PROP_CLASS);
-			
+
                 AuthzMgrPlugin plugin = new AuthzMgrPlugin(id, pluginPath);
 
                 mAuthzMgrPlugins.put(id, plugin);
@@ -107,16 +106,16 @@ public class AuthzSubsystem implements IAuthzSubsystem {
             while (instances.hasMoreElements()) {
                 String insName = (String) instances.nextElement();
                 String implName = c.getString(insName + "." + PROP_PLUGIN);
-                AuthzMgrPlugin plugin = 
-                    (AuthzMgrPlugin) mAuthzMgrPlugins.get(implName);
+                AuthzMgrPlugin plugin =
+                        (AuthzMgrPlugin) mAuthzMgrPlugins.get(implName);
 
                 if (plugin == null) {
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_NOT_FOUND", implName));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_NOT_FOUND", implName));
                     throw new EAuthzMgrPluginNotFound(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZMGR_PLUGIN_NOT_FOUND", implName));
                 } else {
                     CMS.debug(
-                        CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_FOUND", implName));
+                            CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_FOUND", implName));
                 }
 
                 String className = plugin.getClassPath();
@@ -126,33 +125,30 @@ public class AuthzSubsystem implements IAuthzSubsystem {
                 IAuthzManager authzMgrInst = null;
 
                 try {
-                    authzMgrInst = (IAuthzManager) 
-                        Class.forName(className).newInstance();
+                    authzMgrInst = (IAuthzManager)
+                            Class.forName(className).newInstance();
                     IConfigStore authzMgrConfig = c.getSubStore(insName);
 
                     authzMgrInst.init(insName, implName, authzMgrConfig);
                     isEnable = true;
 
-                    log(ILogger.LL_INFO, 
-                        CMS.getLogMessage("CMSCORE_AUTHZ_INSTANCE_ADDED", insName));
+                    log(ILogger.LL_INFO,
+                            CMS.getLogMessage("CMSCORE_AUTHZ_INSTANCE_ADDED", insName));
                 } catch (ClassNotFoundException e) {
                     String errMsg = "AuthzSubsystem:: init()-" + e.toString();
 
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", errMsg));
-                    throw new
-                        EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
+                    throw new EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
                 } catch (IllegalAccessException e) {
                     String errMsg = "AuthzSubsystem:: init()-" + e.toString();
 
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", errMsg));
-                    throw new
-                        EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
+                    throw new EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
                 } catch (InstantiationException e) {
                     String errMsg = "AuthzSubsystem: init()-" + e.toString();
 
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", errMsg));
-                    throw new
-                        EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
+                    throw new EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
                 } catch (EBaseException e) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_INIT_FAILED", insName, e.toString()));
                     // it is mis-configurated. This give
@@ -166,8 +162,8 @@ public class AuthzSubsystem implements IAuthzSubsystem {
                     // fix the problem via console
                 }
                 // add manager instance to list.
-                mAuthzMgrInsts.put(insName, new 
-                    AuthzManagerProxy(isEnable, authzMgrInst));
+                mAuthzMgrInsts.put(insName, new
+                        AuthzManagerProxy(isEnable, authzMgrInst));
                 if (Debug.ON) {
                     Debug.trace("loaded authz instance " + insName + " impl " + implName);
                 }
@@ -183,15 +179,16 @@ public class AuthzSubsystem implements IAuthzSubsystem {
 
     /**
      * authMgrzAccessInit is for servlets who want to initialize their
-     * own authorization information before full operation.  It is supposed
+     * own authorization information before full operation. It is supposed
      * to be called during the init() method of a servlet.
+     * 
      * @param authzMgrName The authorization manager name
-     * @param accessInfo the access information to be initialized.  currently it's acl string in the format specified in the authorization manager
+     * @param accessInfo the access information to be initialized. currently it's acl string in the format specified in the authorization manager
      */
     public void authzMgrAccessInit(String authzMgrInstName, String accessInfo)
-        throws EAuthzMgrNotFound, EBaseException {
+            throws EAuthzMgrNotFound, EBaseException {
         AuthzManagerProxy proxy = (AuthzManagerProxy)
-            mAuthzMgrInsts.get(authzMgrInstName);
+                mAuthzMgrInsts.get(authzMgrInstName);
 
         if (proxy == null) {
             throw new EAuthzMgrNotFound(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZMGR_NOT_FOUND", authzMgrInstName));
@@ -210,21 +207,22 @@ public class AuthzSubsystem implements IAuthzSubsystem {
 
     /**
      * Authorization to the named authorization manager instance
+     * 
      * @param authzMgrName The authorization manager name
      * @param authToken the authenticaton token associated with a user
      * @param resource the resource protected by the authorization system
      * @param operation the operation for resource protected by the authoriz
-     n system
+     *            n system
      * @exception EBaseException If an error occurs during authorization.
      * @return a authorization token.
      */
     public AuthzToken authorize(
-        String authzMgrInstName, IAuthToken authToken,
-        String resource, String operation)
-        throws EAuthzMgrNotFound, EBaseException {
+            String authzMgrInstName, IAuthToken authToken,
+            String resource, String operation)
+            throws EAuthzMgrNotFound, EBaseException {
 
         AuthzManagerProxy proxy = (AuthzManagerProxy)
-            mAuthzMgrInsts.get(authzMgrInstName);
+                mAuthzMgrInsts.get(authzMgrInstName);
 
         if (proxy == null) {
             throw new EAuthzMgrNotFound(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZMGR_NOT_FOUND", authzMgrInstName));
@@ -241,15 +239,15 @@ public class AuthzSubsystem implements IAuthzSubsystem {
     }
 
     public AuthzToken authorize(
-        String authzMgrInstName, IAuthToken authToken, String exp) 
-        throws EAuthzMgrNotFound, EBaseException {
+            String authzMgrInstName, IAuthToken authToken, String exp)
+            throws EAuthzMgrNotFound, EBaseException {
 
         AuthzManagerProxy proxy = (AuthzManagerProxy)
-            mAuthzMgrInsts.get(authzMgrInstName);
+                mAuthzMgrInsts.get(authzMgrInstName);
 
         if (proxy == null) {
             throw new EAuthzMgrNotFound(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZMGR_NOT_FOUND", authzMgrInstName));
-        } 
+        }
         if (!proxy.isEnable()) {
             throw new EAuthzMgrNotFound(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZMGR_NOT_FOUND", authzMgrInstName));
         }
@@ -262,13 +260,14 @@ public class AuthzSubsystem implements IAuthzSubsystem {
     }
 
     /**
-     * Gets configuration parameters for the given 
+     * Gets configuration parameters for the given
      * authorization manager plugin.
+     * 
      * @param implName Name of the authorization plugin.
      * @return Hashtable of required parameters.
      */
     public String[] getConfigParams(String implName)
-        throws EAuthzMgrPluginNotFound, EBaseException {
+            throws EAuthzMgrPluginNotFound, EBaseException {
         // is this a registered implname?
         AuthzMgrPlugin plugin = (AuthzMgrPlugin) mAuthzMgrPlugins.get(implName);
 
@@ -287,21 +286,19 @@ public class AuthzSubsystem implements IAuthzSubsystem {
             return (authzMgrInst.getConfigParams());
         } catch (InstantiationException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_NOT_CREATED", e.toString()));
-            throw new 
-                EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
+            throw new EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
         } catch (ClassNotFoundException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_NOT_CREATED", e.toString()));
-            throw new 
-                EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
+            throw new EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
         } catch (IllegalAccessException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_NOT_CREATED", e.toString()));
-            throw new 
-                EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
+            throw new EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
         }
     }
 
     /**
      * Add an authorization manager instance.
+     * 
      * @param name name of the authorization manager instance
      * @param authzMgr the authorization manager instance to be added
      */
@@ -319,6 +316,7 @@ public class AuthzSubsystem implements IAuthzSubsystem {
 
     /**
      * Gets the authorization manager instance of the specified name.
+     * 
      * @param name name of the authorization manager instance
      * @return the named authorization manager instance
      */
@@ -362,9 +360,9 @@ public class AuthzSubsystem implements IAuthzSubsystem {
     }
 
     /**
-     * Retrieve a single authz manager instance 
+     * Retrieve a single authz manager instance
      */
-    
+
     /* getconfigparams above should be recoded to use this func */
     public IAuthzManager getAuthzManagerPlugin(String name) {
         AuthzMgrPlugin plugin = (AuthzMgrPlugin) mAuthzMgrPlugins.get(name);
@@ -382,16 +380,18 @@ public class AuthzSubsystem implements IAuthzSubsystem {
 
     /**
      * Retrieves id (name) of this subsystem.
+     * 
      * @return name of the authorization subsystem
      */
     public String getId() {
         return (mId);
     }
-  
+
     /**
      * Sets id string to this subsystem.
      * <p>
-     * Use with caution.  Should not do it when sharing with others
+     * Use with caution. Should not do it when sharing with others
+     * 
      * @param id name to be applied to an authorization sybsystem
      */
     public void setId(String id) throws EBaseException {
@@ -408,17 +408,16 @@ public class AuthzSubsystem implements IAuthzSubsystem {
     }
 
     /**
-     * shuts down authorization managers one by one. 
+     * shuts down authorization managers one by one.
      * <P>
      */
     public void shutdown() {
-        for (Enumeration<String> e = mAuthzMgrInsts.keys();
-            e.hasMoreElements();) {
+        for (Enumeration<String> e = mAuthzMgrInsts.keys(); e.hasMoreElements();) {
 
             IAuthzManager mgr = (IAuthzManager) get((String) e.nextElement());
 
-            String infoMsg = 
-                "Shutting down authz manager instance " + mgr.getName();
+            String infoMsg =
+                    "Shutting down authz manager instance " + mgr.getName();
 
             //log(ILogger.LL_INFO, infoMsg);
 
@@ -441,7 +440,7 @@ public class AuthzSubsystem implements IAuthzSubsystem {
     /**
      * Returns the root configuration storage of this system.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -450,6 +449,7 @@ public class AuthzSubsystem implements IAuthzSubsystem {
 
     /**
      * gets the named authorization manager
+     * 
      * @param name of the authorization manager
      * @return the named authorization manager
      */
@@ -464,7 +464,7 @@ public class AuthzSubsystem implements IAuthzSubsystem {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION,
-            level, msg);
+                level, msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/base/ArgBlock.java b/pki/base/common/src/com/netscape/cmscore/base/ArgBlock.java
index 8f29fc1b..905f7c8d 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/ArgBlock.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/ArgBlock.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.base;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.NoSuchAlgorithmException;
@@ -34,12 +33,11 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.base.KeyGenInfo;
 
-
 /**
- * This class represents a set of indexed arguments. 
- * Each argument is indexed by a key, which can be 
+ * This class represents a set of indexed arguments.
+ * Each argument is indexed by a key, which can be
  * used during the argument retrieval.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ArgBlock implements IArgBlock {
@@ -51,45 +49,40 @@ public class ArgBlock implements IArgBlock {
     /*==========================================================
      * variables
      *==========================================================*/
-    public static final String 
-        CERT_NEW_REQUEST_HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----";
-    public static final String 
-        CERT_NEW_REQUEST_TRAILER = "-----END NEW CERTIFICATE REQUEST-----";
-    public static final String 
-        CERT_REQUEST_HEADER = "-----BEGIN CERTIFICATE REQUEST-----";
-    public static final String 
-        CERT_REQUEST_TRAILER = "-----END CERTIFICATE REQUEST-----";
-    public static final String 
-        CERT_RENEWAL_HEADER = "-----BEGIN RENEWAL CERTIFICATE REQUEST-----";
-    public static final String 
-        CERT_RENEWAL_TRAILER = "-----END RENEWAL CERTIFICATE REQUEST-----";
+    public static final String CERT_NEW_REQUEST_HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----";
+    public static final String CERT_NEW_REQUEST_TRAILER = "-----END NEW CERTIFICATE REQUEST-----";
+    public static final String CERT_REQUEST_HEADER = "-----BEGIN CERTIFICATE REQUEST-----";
+    public static final String CERT_REQUEST_TRAILER = "-----END CERTIFICATE REQUEST-----";
+    public static final String CERT_RENEWAL_HEADER = "-----BEGIN RENEWAL CERTIFICATE REQUEST-----";
+    public static final String CERT_RENEWAL_TRAILER = "-----END RENEWAL CERTIFICATE REQUEST-----";
 
     private Hashtable<String, Object> mArgs = new Hashtable<String, Object>();
 
-	private String mType = "unspecified-argblock";
+    private String mType = "unspecified-argblock";
 
     /*==========================================================
      * constructors
      *==========================================================*/
     /**
      * Constructs an argument block with the given hashtable values.
+     * 
      * @param realm the type of argblock - used for debugging the values
      */
     public ArgBlock(String realm, Hashtable<String, String> httpReq) {
-		mType = realm;
-		populate(httpReq);
-	}
-    
+        mType = realm;
+        populate(httpReq);
+    }
+
     /**
      * Constructs an argument block with the given hashtable values.
-     *
+     * 
      * @param httpReq hashtable keys and values
      */
     public ArgBlock(Hashtable<String, String> httpReq) {
-		populate(httpReq);
-	}
+        populate(httpReq);
+    }
 
-	private void populate(Hashtable<String, String> httpReq) {
+    private void populate(Hashtable<String, String> httpReq) {
         // Add all parameters from the request
         Enumeration<String> e = httpReq.keys();
 
@@ -115,12 +108,12 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Checks if this argument block contains the given key.
-     *
+     * 
      * @param n key
      * @return true if key is present
      */
     public boolean isValuePresent(String n) {
-		CMS.traceHashKey(mType, n);
+        CMS.traceHashKey(mType, n);
         if (mArgs.get(n) != null) {
             return true;
         } else {
@@ -130,7 +123,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Adds string-based value into this argument block.
-     *
+     * 
      * @param n key
      * @param v value
      * @return value
@@ -145,14 +138,14 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves argument value as string.
-     *
+     * 
      * @param n key
      * @return argument value as string
      * @exception EBaseException failed to retrieve value
      */
     public String getValueAsString(String n) throws EBaseException {
-		String t= (String)mArgs.get(n);
-		CMS.traceHashKey(mType, n, t);
+        String t = (String) mArgs.get(n);
+        CMS.traceHashKey(mType, n, t);
 
         if (t != null) {
             return t;
@@ -163,14 +156,14 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves argument value as string.
-     *
+     * 
      * @param n key
      * @param def default value to be returned if key is not present
      * @return argument value as string
      */
     public String getValueAsString(String n, String def) {
         String val = (String) mArgs.get(n);
-		CMS.traceHashKey(mType, n, val, def);
+        CMS.traceHashKey(mType, n, val, def);
 
         if (val != null) {
             return val;
@@ -181,14 +174,14 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves argument value as integer.
-     *
+     * 
      * @param n key
      * @return argument value as int
      * @exception EBaseException failed to retrieve value
      */
     public int getValueAsInt(String n) throws EBaseException {
         if (mArgs.get(n) != null) {
-			CMS.traceHashKey(mType, n, (String)mArgs.get(n));
+            CMS.traceHashKey(mType, n, (String) mArgs.get(n));
             try {
                 return new Integer((String) mArgs.get(n)).intValue();
             } catch (NumberFormatException e) {
@@ -196,20 +189,20 @@ public class ArgBlock implements IArgBlock {
                         CMS.getUserMessage("CMS_BASE_INVALID_ATTR_TYPE", n, e.toString()));
             }
         } else {
-			CMS.traceHashKey(mType, n, "<notpresent>");
+            CMS.traceHashKey(mType, n, "<notpresent>");
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND", n));
         }
     }
 
     /**
      * Retrieves argument value as integer.
-     *
+     * 
      * @param n key
      * @param def default value to be returned if key is not present
      * @return argument value as int
      */
     public int getValueAsInt(String n, int def) {
-		CMS.traceHashKey(mType, n, (String)mArgs.get(n), ""+def);
+        CMS.traceHashKey(mType, n, (String) mArgs.get(n), "" + def);
         if (mArgs.get(n) != null) {
             try {
                 return new Integer((String) mArgs.get(n)).intValue();
@@ -223,13 +216,13 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves argument value as big integer.
-     *
+     * 
      * @param n key
      * @return argument value as big integer
      * @exception EBaseException failed to retrieve value
      */
     public BigInteger getValueAsBigInteger(String n)
-        throws EBaseException {
+            throws EBaseException {
         String v = (String) mArgs.get(n);
 
         if (v != null) {
@@ -250,7 +243,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves argument value as big integer.
-     *
+     * 
      * @param n key
      * @param def default value to be returned if key is not present
      * @return argument value as big integer
@@ -265,7 +258,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves argument value as object
-     *
+     * 
      * @param n key
      * @return argument value as object
      * @exception EBaseException failed to retrieve value
@@ -280,7 +273,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves argument value as object
-     *
+     * 
      * @param n key
      * @param def default value to be returned if key is not present
      * @return argument value as object
@@ -295,18 +288,18 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Gets boolean value. They should be "true" or "false".
-     *
+     * 
      * @param name name of the input type
      * @return boolean type: <code>true</code> or <code>false</code>
      * @exception EBaseException failed to retrieve value
      */
-    public boolean getValueAsBoolean(String name)  throws EBaseException {
+    public boolean getValueAsBoolean(String name) throws EBaseException {
         String val = (String) mArgs.get(name);
-		CMS.traceHashKey(mType, name, val);
+        CMS.traceHashKey(mType, name, val);
 
         if (val != null) {
-            if (val.equalsIgnoreCase("true") || 
-                val.equalsIgnoreCase("on")) 
+            if (val.equalsIgnoreCase("true") ||
+                    val.equalsIgnoreCase("on"))
                 return true;
             else
                 return false;
@@ -317,34 +310,34 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Gets boolean value. They should be "true" or "false".
-     *
+     * 
      * @param name name of the input type
      * @return boolean type: <code>true</code> or <code>false</code>
      */
     public boolean getValueAsBoolean(String name, boolean def) {
         boolean val;
 
-        try { 
-            val = getValueAsBoolean(name); 
+        try {
+            val = getValueAsBoolean(name);
             return val;
-        } catch (EBaseException e) { 
-            return def; 
+        } catch (EBaseException e) {
+            return def;
         }
     }
 
     /**
      * Gets KeyGenInfo
-     *
+     * 
      * @param name name of the input type
      * @param verify true if signature validation is required
      * @exception EBaseException
      * @return KeyGenInfo object
      */
     public KeyGenInfo getValueAsKeyGenInfo(String name, KeyGenInfo def)
-        throws EBaseException {
+            throws EBaseException {
         KeyGenInfo keyGenInfo;
 
-		CMS.traceHashKey(mType, name);
+        CMS.traceHashKey(mType, name);
         if (mArgs.get(name) != null) {
             try {
                 keyGenInfo = new KeyGenInfo((String) mArgs.get(name));
@@ -359,9 +352,9 @@ public class ArgBlock implements IArgBlock {
     }
 
     /**
-     * Gets PKCS10 request. This pkcs10 attribute does not 
+     * Gets PKCS10 request. This pkcs10 attribute does not
      * contain header information.
-     *
+     * 
      * @param name name of the input type
      * @return pkcs10 request
      * @exception EBaseException failed to retrieve value
@@ -370,22 +363,22 @@ public class ArgBlock implements IArgBlock {
         PKCS10 request;
 
         if (mArgs.get(name) != null) {
-			CMS.traceHashKey(mType, name, (String)mArgs.get(name));
+            CMS.traceHashKey(mType, name, (String) mArgs.get(name));
 
             String tempStr = unwrap((String) mArgs.get(name), false);
 
             if (tempStr == null) {
                 throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", name, "Empty Content")); 
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", name, "Empty Content"));
             }
             try {
                 request = decodePKCS10(tempStr);
             } catch (Exception e) {
                 throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", name, e.toString())); 
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", name, e.toString()));
             }
         } else {
-			CMS.traceHashKey(mType, name, "<notpresent>");
+            CMS.traceHashKey(mType, name, "<notpresent>");
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND", name));
         }
 
@@ -393,19 +386,19 @@ public class ArgBlock implements IArgBlock {
     }
 
     /**
-     * Gets PKCS10 request. This pkcs10 attribute does not 
+     * Gets PKCS10 request. This pkcs10 attribute does not
      * contain header information.
-     *
+     * 
      * @param name name of the input type
      * @param def default PKCS10
      * @return pkcs10 request
      * @exception EBaseException failed to retrieve value
      */
     public PKCS10 getValueAsRawPKCS10(String name, PKCS10 def)
-        throws EBaseException {
+            throws EBaseException {
         PKCS10 request;
 
-		CMS.traceHashKey(mType, name);
+        CMS.traceHashKey(mType, name);
         if (mArgs.get(name) != null) {
 
             String tempStr = unwrap((String) mArgs.get(name), false);
@@ -426,30 +419,30 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves PKCS10
-     *
-     * @param name name of the  input type
+     * 
+     * @param name name of the input type
      * @param checkheader true if header must be present
      * @return PKCS10 object
      * @exception EBaseException failed to retrieve value
      */
-    public PKCS10 getValueAsPKCS10(String name, boolean checkheader) 
-        throws EBaseException {
+    public PKCS10 getValueAsPKCS10(String name, boolean checkheader)
+            throws EBaseException {
         PKCS10 request;
 
-		CMS.traceHashKey(mType, name);
+        CMS.traceHashKey(mType, name);
         if (mArgs.get(name) != null) {
 
             String tempStr = unwrap((String) mArgs.get(name), checkheader);
 
             if (tempStr == null) {
                 throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", name, "Empty Content")); 
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", name, "Empty Content"));
             }
             try {
                 request = decodePKCS10(tempStr);
             } catch (Exception e) {
                 throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", name, e.toString())); 
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", name, e.toString()));
             }
         } else {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND", name));
@@ -460,19 +453,19 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves PKCS10
-     *
-     * @param name name of the  input type
+     * 
+     * @param name name of the input type
      * @param checkheader true if header must be present
      * @param def default PKCS10
-     * @return PKCS10 object 
+     * @return PKCS10 object
      * @exception EBaseException
      */
     public PKCS10 getValueAsPKCS10(
-        String name, boolean checkheader, PKCS10 def) 
-        throws EBaseException {
+            String name, boolean checkheader, PKCS10 def)
+            throws EBaseException {
         PKCS10 request;
 
-		CMS.traceHashKey(mType, name);
+        CMS.traceHashKey(mType, name);
 
         if (mArgs.get(name) != null) {
 
@@ -495,17 +488,17 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves PKCS10
-     *
-     * @param name name of the  input type
+     * 
+     * @param name name of the input type
      * @param def default PKCS10
-     * @return PKCS10 object 
+     * @return PKCS10 object
      * @exception EBaseException
      */
-    public PKCS10 getValuePKCS10(String name, PKCS10 def) 
-        throws EBaseException {
+    public PKCS10 getValuePKCS10(String name, PKCS10 def)
+            throws EBaseException {
         PKCS10 request;
         String p10b64 = (String) mArgs.get(name);
-		CMS.traceHashKey(mType, name);
+        CMS.traceHashKey(mType, name);
 
         if (p10b64 != null) {
 
@@ -522,7 +515,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Sets argument into this block.
-     *
+     * 
      * @param name key
      * @param ob value
      */
@@ -532,18 +525,18 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves argument.
-     *
+     * 
      * @param name key
      * @return object value
      */
     public Object get(String name) {
-		CMS.traceHashKey(mType, name);
+        CMS.traceHashKey(mType, name);
         return mArgs.get(name);
     }
 
     /**
      * Deletes argument by the given key.
-     *
+     * 
      * @param name key
      */
     public void delete(String name) {
@@ -552,7 +545,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves a list of argument keys.
-     *
+     * 
      * @return a list of string-based keys
      */
     public Enumeration<String> getElements() {
@@ -561,7 +554,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves a list of argument keys.
-     *
+     * 
      * @return a list of string-based keys
      */
     public Enumeration<String> elements() {
@@ -570,7 +563,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Adds long-type arguments to this block.
-     *
+     * 
      * @param n key
      * @param v value
      * @return value
@@ -581,7 +574,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Adds integer-type arguments to this block.
-     *
+     * 
      * @param n key
      * @param v value
      * @return value
@@ -592,7 +585,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Adds boolean-type arguments to this block.
-     *
+     * 
      * @param n key
      * @param v value
      * @return value
@@ -607,7 +600,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Adds integer-type arguments to this block.
-     *
+     * 
      * @param n key
      * @param v value
      * @param radix radix
@@ -621,16 +614,15 @@ public class ArgBlock implements IArgBlock {
      * private methods
      *==========================================================*/
 
-
     /**
      * Unwrap PKCS10 Package
-     *
+     * 
      * @param request string formated PKCS10 request
      * @exception EBaseException
      * @return Base64Encoded PKCS10 request
      */
     private String unwrap(String request, boolean checkHeader)
-        throws EBaseException {
+            throws EBaseException {
         String unwrapped;
         String header = null;
         int head = -1;
@@ -655,7 +647,7 @@ public class ArgBlock implements IArgBlock {
             // header.
             if (!(head == -1 && trail == -1)) {
                 header = CERT_REQUEST_HEADER;
-		
+
             }
         }
 
@@ -695,22 +687,22 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Decode Der encoded PKCS10 certifictae Request
-     *
+     * 
      * @param base64Request Base64 Encoded Certificate Request
      * @exception Exception
      * @return PKCS10
      */
     private PKCS10 decodePKCS10(String base64Request)
-        throws EBaseException {
+            throws EBaseException {
         PKCS10 pkcs10 = null;
 
         try {
             byte[] decodedBytes = com.netscape.osutil.OSUtil.AtoB(base64Request);
 
             pkcs10 = new PKCS10(decodedBytes);
-        } catch (NoSuchProviderException e) { 
+        } catch (NoSuchProviderException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
-        } catch (IOException e) { 
+        } catch (IOException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
         } catch (SignatureException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
diff --git a/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java b/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java
index a4b37114..1278ed4f 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.base;
 
-
 import java.io.BufferedInputStream;
 import java.io.File;
 import java.io.FileInputStream;
@@ -33,21 +32,19 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
  * FileConfigStore:
- * Extends HashConfigStore with methods to load/save from/to file for 
+ * Extends HashConfigStore with methods to load/save from/to file for
  * persistent storage. This is a configuration store agent who
  * reads data from a file.
  * <P>
- * Note that a LdapConfigStore can be implemented so that it reads 
- * the configuration stores from the Ldap directory.
+ * Note that a LdapConfigStore can be implemented so that it reads the configuration stores from the Ldap directory.
  * <P>
  * 
  * @version $Revision$, $Date$
  * @see PropConfigStore
  */
-public class FileConfigStore extends PropConfigStore implements 
+public class FileConfigStore extends PropConfigStore implements
         IConfigStore {
 
     /**
@@ -59,7 +56,7 @@ public class FileConfigStore extends PropConfigStore implements
     /**
      * Constructs a file configuration store.
      * <P>
-     *
+     * 
      * @param fileName file name
      * @exception EBaseException failed to create file configuration
      */
@@ -67,7 +64,7 @@ public class FileConfigStore extends PropConfigStore implements
         super(null); // top-level store without a name
         mFile = new File(fileName);
         if (!mFile.exists()) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_CONFIG_FILE", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_CONFIG_FILE",
                         mFile.getPath()));
         }
         load(fileName);
@@ -76,7 +73,7 @@ public class FileConfigStore extends PropConfigStore implements
     /**
      * Loads property file into memory.
      * <P>
-     *
+     * 
      * @param fileName file name
      * @exception EBaseException failed to load configuration
      */
@@ -96,8 +93,8 @@ public class FileConfigStore extends PropConfigStore implements
      * <filename>.<current_time_in_milliseconds>.
      * Commits the current properties to the configuration file.
      * <P>
-     *
-     * @param backup 
+     * 
+     * @param backup
      */
     public void commit(boolean createBackup) throws EBaseException {
         if (createBackup) {
@@ -105,57 +102,55 @@ public class FileConfigStore extends PropConfigStore implements
                     Long.toString(System.currentTimeMillis()));
 
             try {
-                if( Utils.isNT() ) {
+                if (Utils.isNT()) {
                     // NT is very picky on the path
-                    Utils.exec( "copy " +
-                                mFile.getAbsolutePath().replace( '/', '\\' ) +
+                    Utils.exec("copy " +
+                                mFile.getAbsolutePath().replace('/', '\\') +
                                 " " +
-                                newName.getAbsolutePath().replace( '/',
-                                                                   '\\' ) );
+                                newName.getAbsolutePath().replace('/',
+                                                                   '\\'));
                 } else {
                     // Create a copy of the original file which
                     // preserves the original file permissions.
-                    Utils.exec( "cp -p " + mFile.getAbsolutePath() + " " +
-                                newName.getAbsolutePath() );
+                    Utils.exec("cp -p " + mFile.getAbsolutePath() + " " +
+                                newName.getAbsolutePath());
                 }
 
                 // Proceed only if the backup copy was successful.
-                if( !newName.exists() ) {
-                    throw new EBaseException( "backup copy failed" );
+                if (!newName.exists()) {
+                    throw new EBaseException("backup copy failed");
                 } else {
                     // Make certain that the backup file has
                     // the correct permissions.
-                    if( !Utils.isNT() ) {
-                        Utils.exec( "chmod 00660 " + newName.getAbsolutePath() );
+                    if (!Utils.isNT()) {
+                        Utils.exec("chmod 00660 " + newName.getAbsolutePath());
                     }
                 }
-            } catch( EBaseException e ) {
-                    throw new EBaseException( "backup copy failed" );
+            } catch (EBaseException e) {
+                throw new EBaseException("backup copy failed");
             }
         }
 
         // Overwrite the contents of the original file
         // to preserve the original file permissions.
-        save( mFile.getPath() );
+        save(mFile.getPath());
 
         try {
             // Make certain that the original file retains
             // the correct permissions.
-            if( !Utils.isNT() ) {
-                Utils.exec( "chmod 00660 " + mFile.getCanonicalPath() );
+            if (!Utils.isNT()) {
+                Utils.exec("chmod 00660 " + mFile.getCanonicalPath());
             }
-        } catch( Exception e ) {
+        } catch (Exception e) {
         }
     }
 
     /**
      * Saves in-memory properties to a specified file.
      * <P>
-     * Note that the superclass's save is synchronized. It
-     * means no properties can be altered (inserted) at
-     * the saving time.
+     * Note that the superclass's save is synchronized. It means no properties can be altered (inserted) at the saving time.
      * <P>
-     *
+     * 
      * @param fileName filename
      * @exception EBaseException failed to save configuration
      */
@@ -173,7 +168,7 @@ public class FileConfigStore extends PropConfigStore implements
     }
 
     private void printSubStore(PrintWriter writer, IConfigStore store,
-        String name) throws EBaseException,
+            String name) throws EBaseException,
             IOException {
         // print keys
         Enumeration e0 = store.getPropertyNames();
@@ -220,7 +215,7 @@ public class FileConfigStore extends PropConfigStore implements
             }
             v.removeElementAt(j);
             printSubStore(writer, store.getSubStore(pname), name +
-                pname + ".");
+                    pname + ".");
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/base/JDialogPasswordCallback.java b/pki/base/common/src/com/netscape/cmscore/base/JDialogPasswordCallback.java
index cd695967..7a770946 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/JDialogPasswordCallback.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/JDialogPasswordCallback.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.base;
 
-
 import java.awt.Color;
 import java.awt.Dimension;
 import java.awt.Font;
@@ -44,19 +43,18 @@ import org.mozilla.jss.util.Password;
 import org.mozilla.jss.util.PasswordCallback;
 import org.mozilla.jss.util.PasswordCallbackInfo;
 
-
 /**
  * A class to retrieve passwords through a modal Java dialog box
  */
 public class JDialogPasswordCallback implements PasswordCallback {
 
     public Password getPasswordFirstAttempt(PasswordCallbackInfo info)
-        throws PasswordCallback.GiveUpException {
+            throws PasswordCallback.GiveUpException {
         return getPW(info, false);
     }
 
     public Password getPasswordAgain(PasswordCallbackInfo info)
-        throws PasswordCallback.GiveUpException {
+            throws PasswordCallback.GiveUpException {
         return getPW(info, true);
     }
 
@@ -92,7 +90,7 @@ public class JDialogPasswordCallback implements PasswordCallback {
      * extracting the information, and returning it.
      */
     private Password getPW(PasswordCallbackInfo info, boolean retry)
-        throws PasswordCallback.GiveUpException {
+            throws PasswordCallback.GiveUpException {
         // These need to final so they can be accessed from action listeners
         final PWHolder pwHolder = new PWHolder();
         final JFrame f = new JFrame("Password Dialog");
@@ -122,7 +120,7 @@ public class JDialogPasswordCallback implements PasswordCallback {
             //warning.setHighlighter(null);
             contentPane.add(warning, c);
         }
-            
+
         String prompt = getPrompt(info);
         JLabel label = new JLabel(prompt);
 
@@ -141,24 +139,24 @@ public class JDialogPasswordCallback implements PasswordCallback {
 
         // Listener for the text field
         ActionListener getPasswordListener = new ActionListener() {
-                public void actionPerformed(ActionEvent e) {
-                    //input = (JPasswordField)e.getSource();
+            public void actionPerformed(ActionEvent e) {
+                //input = (JPasswordField)e.getSource();
 
-                    // XXX!!! Change to char[] in JDK 1.2
-                    String pwString = pwField.getText();
+                // XXX!!! Change to char[] in JDK 1.2
+                String pwString = pwField.getText();
 
-                    pwHolder.password = new Password(pwString.toCharArray());
-                    pwHolder.cancelled = false;
-                    f.dispose();
-                }
-            };
+                pwHolder.password = new Password(pwString.toCharArray());
+                pwHolder.cancelled = false;
+                f.dispose();
+            }
+        };
 
         // There is a bug in JPasswordField. The cursor is advanced by the
         // width of the character you type, but a '*' is echoed, so the
         // cursor does not stay lined up with the end of the text.
         // We use a monospaced font to workaround this.
 
-        pwField.setFont(new Font("Monospaced", Font.PLAIN, 
+        pwField.setFont(new Font("Monospaced", Font.PLAIN,
                 pwField.getFont().getSize()));
         pwField.setEchoChar('*');
         pwField.addActionListener(getPasswordListener);
@@ -188,11 +186,11 @@ public class JDialogPasswordCallback implements PasswordCallback {
 
         JButton cancel = new JButton("Cancel");
         ActionListener buttonListener = new ActionListener() {
-                public void actionPerformed(ActionEvent e) {
-                    pwHolder.cancelled = true;
-                    f.dispose();
-                }
-            };
+            public void actionPerformed(ActionEvent e) {
+                pwHolder.cancelled = true;
+                f.dispose();
+            }
+        };
 
         cancel.addActionListener(buttonListener);
         resetGBC(c);
@@ -217,10 +215,10 @@ public class JDialogPasswordCallback implements PasswordCallback {
         JDialog d = new JDialog(f, "Fedora Certificate System", true);
 
         WindowListener windowListener = new WindowAdapter() {
-                public void windowOpened(WindowEvent e) {
-                    pwField.requestFocus();
-                }
-            };
+            public void windowOpened(WindowEvent e) {
+                pwField.requestFocus();
+            }
+        };
 
         d.addWindowListener(windowListener);
 
@@ -230,7 +228,7 @@ public class JDialogPasswordCallback implements PasswordCallback {
         Dimension paneSize = d.getSize();
 
         d.setLocation((screenSize.width - paneSize.width) / 2,
-            (screenSize.height - paneSize.height) / 2);
+                (screenSize.height - paneSize.height) / 2);
         d.getRootPane().setDefaultButton(ok);
 
         // toFront seems to cause the dialog to go blank on unix!
@@ -254,7 +252,7 @@ public class JDialogPasswordCallback implements PasswordCallback {
             CryptoManager manager;
 
             CryptoManager.InitializationValues iv = new
-                CryptoManager.InitializationValues(args[0]);
+                    CryptoManager.InitializationValues(args[0]);
 
             CryptoManager.initialize(iv);
             manager = CryptoManager.getInstance();
diff --git a/pki/base/common/src/com/netscape/cmscore/base/PropConfigStore.java b/pki/base/common/src/com/netscape/cmscore/base/PropConfigStore.java
index be8e7007..ad56c2cd 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/PropConfigStore.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/PropConfigStore.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.base;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.FilterOutputStream;
 import java.io.IOException;
@@ -38,23 +37,24 @@ import com.netscape.certsrv.base.EPropertyNotFound;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISourceConfigStore;
 
-
 /**
  * A class represents a in-memory configuration store.
  * Note this class takes advantage of the recursive nature of
- * property names.  The current property prefix is kept in
+ * property names. The current property prefix is kept in
  * mStoreName and the mSource usually points back to another
  * occurance of the same PropConfigStore, with longer mStoreName. IE
+ * 
  * <PRE>
- *		cms.ca0.http.service0 -> mSource=PropConfigStore ->
- *			cms.ca0.http -> mSource=PropConfigStore ->
- *				cms.ca0 -> mSource=PropConfigStore ->
+ * 	cms.ca0.http.service0 -> mSource=PropConfigStore ->
+ * 		cms.ca0.http -> mSource=PropConfigStore ->
+ * 			cms.ca0 -> mSource=PropConfigStore ->
  * 					cms -> mSource=SourceConfigStore -> Properties
  * </PRE>
+ * 
  * The chain ends when the store name is reduced down to it's original
  * value.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PropConfigStore implements IConfigStore, Cloneable {
@@ -76,14 +76,14 @@ public class PropConfigStore implements IConfigStore, Cloneable {
      */
     protected ISourceConfigStore mSource = null;
 
-	private static String mDebugType="CS.cfg";
+    private static String mDebugType = "CS.cfg";
 
     /**
      * Constructs a property configuration store. This must
      * be a brand new store without properties. The subclass
      * must be a ISourceConfigStore.
      * <P>
-     *
+     * 
      * @param storeName property store name
      * @exception EBaseException failed to create configuration
      */
@@ -98,7 +98,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
      * that stores all the parameters. Each substore only
      * store a substore name, and a reference to the source.
      * <P>
-     *
+     * 
      * @param storeName store name
      * @param prop list of properties
      * @exception EBaseException failed to create configuration
@@ -111,7 +111,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     /**
      * Returns the name of this store.
      * <P>
-     *
+     * 
      * @return store name
      */
     public String getName() {
@@ -121,7 +121,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     /**
      * Retrieves a property from the configuration file.
      * <P>
-     *
+     * 
      * @param name property name
      * @return property value
      */
@@ -130,10 +130,10 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     }
 
     /**
-     * Retrieves a property from the configuration file.  Does not prepend
+     * Retrieves a property from the configuration file. Does not prepend
      * the config store name to the property.
      * <P>
-     *
+     * 
      * @param name property name
      * @return property value
      */
@@ -146,7 +146,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
      * values wont be updated to the file until save
      * method is invoked.
      * <P>
-     *
+     * 
      * @param name property name
      * @param value property value
      */
@@ -156,16 +156,17 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Removes a property from the configuration file.
-     *
+     * 
      * @param name property name
      */
     public void remove(String name) {
         ((SourceConfigStore) mSource).remove(getFullName(name));
-    }	
+    }
 
     /**
      * Returns an enumeration of the config store's keys, hidding the store
      * name.
+     * 
      * @see java.util.Hashtable#elements
      * @see java.util.Enumeration
      */
@@ -178,7 +179,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Retrieves the hashtable where all the properties are kept.
-     *
+     * 
      * @return hashtable
      */
     public Hashtable hashtable() {
@@ -202,7 +203,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
      * Fills the given hash table with all key/value pairs in the current
      * config store, removing the config store name prefix
      * <P>
-     *
+     * 
      * @param h the hashtable
      */
     private synchronized void enumerate(Hashtable h) {
@@ -224,7 +225,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Reads a config store from an input stream.
-     *
+     * 
      * @param in input stream where properties are located
      * @exception IOException failed to load
      */
@@ -234,7 +235,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Stores this config store to the specified output stream.
-     *
+     * 
      * @param out outputstream where the properties are saved
      * @param header optional header information to be saved
      */
@@ -244,7 +245,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Retrieves a property value.
-     *
+     * 
      * @param name property key
      * @return property value
      * @exception EBaseException failed to retrieve value
@@ -253,7 +254,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
         String str = (String) get(name);
 
         if (str == null) {
-			CMS.traceHashKey(mDebugType,getFullName(name),"<notpresent>");
+            CMS.traceHashKey(mDebugType, getFullName(name), "<notpresent>");
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", getName() + "." + name));
         }
         // should we check for empty string ? 
@@ -267,14 +268,14 @@ public class PropConfigStore implements IConfigStore, Cloneable {
         } catch (java.io.UnsupportedEncodingException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_UTF8_NOT_SUPPORTED"));
         }
-		CMS.traceHashKey(mDebugType,getFullName(name),ret);
+        CMS.traceHashKey(mDebugType, getFullName(name), ret);
         return ret;
     }
 
     /**
      * Retrieves a String from the configuration file.
      * <P>
-     *
+     * 
      * @param name property name
      * @param defval the default object to return if name does not exist
      * @return property value
@@ -287,13 +288,13 @@ public class PropConfigStore implements IConfigStore, Cloneable {
         } catch (EPropertyNotFound e) {
             val = defval;
         }
-		CMS.traceHashKey(mDebugType,getFullName(name),val,defval);
+        CMS.traceHashKey(mDebugType, getFullName(name), val, defval);
         return val;
     }
 
     /**
      * Puts property value into this configuration store.
-     *
+     * 
      * @param name property key
      * @param value property value
      */
@@ -304,17 +305,17 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     /**
      * Retrieves a byte array from the configuration file.
      * <P>
-     *
+     * 
      * @param name property name
      * @exception IllegalArgumentException if name is not set or is null.
-     *
+     * 
      * @return property value
      */
     public byte[] getByteArray(String name) throws EBaseException {
         byte[] arr = getByteArray(name, new byte[0]);
 
         if (arr.length == 0) {
-			CMS.traceHashKey(mDebugType,getFullName(name),"<notpresent>");
+            CMS.traceHashKey(mDebugType, getFullName(name), "<notpresent>");
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", getName() + "." + name));
         }
         return arr;
@@ -323,34 +324,33 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     /**
      * Retrieves a byte array from the configuration file.
      * <P>
-     *
+     * 
      * @param name property name
      * @param defval the default byte array to return if name does
-     * not exist
-     *
+     *            not exist
+     * 
      * @return property value
      */
-    public byte[] getByteArray(String name, byte defval[]) 
-        throws EBaseException {
+    public byte[] getByteArray(String name, byte defval[])
+            throws EBaseException {
         String str = (String) get(name);
 
-            byte returnval;
+        byte returnval;
 
-            if (str == null || str.length() == 0) {
-				CMS.traceHashKey(mDebugType,getFullName(name),
-					"<notpresent>","<bytearray>");
-                return defval;
-			}
-            else {
-				CMS.traceHashKey(mDebugType,getFullName(name),
-					"<bytearray>","<bytearray>");
-                return com.netscape.osutil.OSUtil.AtoB(str);
-			}
+        if (str == null || str.length() == 0) {
+            CMS.traceHashKey(mDebugType, getFullName(name),
+                    "<notpresent>", "<bytearray>");
+            return defval;
+        } else {
+            CMS.traceHashKey(mDebugType, getFullName(name),
+                    "<bytearray>", "<bytearray>");
+            return com.netscape.osutil.OSUtil.AtoB(str);
+        }
     }
 
     /**
      * Puts byte array into this configuration store.
-     *
+     * 
      * @param name property key
      * @param value byte array
      */
@@ -368,13 +368,13 @@ public class PropConfigStore implements IConfigStore, Cloneable {
             put(name, output.toString("8859_1"));
         } catch (IOException e) {
             System.out.println("Warning: base-64 encoding of configuration " +
-                "information failed");
+                    "information failed");
         }
     }
 
     /**
      * Retrieves boolean-based property value.
-     *
+     * 
      * @param name property key
      * @return boolean value
      * @exception EBaseException failed to retrieve
@@ -383,7 +383,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
         String value = (String) get(name);
 
         if (value == null) {
-			CMS.traceHashKey(mDebugType,getFullName(name),"<notpresent>");
+            CMS.traceHashKey(mDebugType, getFullName(name), "<notpresent>");
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", getName() + "." + name));
         }
         if (value.length() == 0) {
@@ -401,14 +401,14 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Retrieves boolean-based property value.
-     *
+     * 
      * @param name property key
      * @param defval default value
      * @return boolean value
      * @exception EBaseException failed to retrieve
      */
-    public boolean getBoolean(String name, boolean defval) 
-        throws EBaseException {
+    public boolean getBoolean(String name, boolean defval)
+            throws EBaseException {
         boolean val;
 
         try {
@@ -418,14 +418,14 @@ public class PropConfigStore implements IConfigStore, Cloneable {
         } catch (EPropertyNotDefined e) {
             val = defval;
         }
-		CMS.traceHashKey(mDebugType,getFullName(name),
-			val?"true":"false", defval?"true":"false");
+        CMS.traceHashKey(mDebugType, getFullName(name),
+                val ? "true" : "false", defval ? "true" : "false");
         return val;
     }
 
     /**
      * Puts boolean value into the configuration store.
-     *
+     * 
      * @param name property key
      * @param value property value
      */
@@ -439,7 +439,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Retrieves integer value.
-     *
+     * 
      * @param name property key
      * @return property value
      * @exception EBaseException failed to retrieve value
@@ -448,14 +448,14 @@ public class PropConfigStore implements IConfigStore, Cloneable {
         String value = (String) get(name);
 
         if (value == null) {
-			CMS.traceHashKey(mDebugType,getFullName(name),"<notpresent>");
+            CMS.traceHashKey(mDebugType, getFullName(name), "<notpresent>");
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", getName() + "." + name));
         }
         if (value.length() == 0) {
             throw new EPropertyNotDefined(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_NOVALUE", getName() + "." + name));
         }
         try {
-			CMS.traceHashKey(mDebugType,getFullName(name), value);
+            CMS.traceHashKey(mDebugType, getFullName(name), value);
             return Integer.parseInt(value);
         } catch (NumberFormatException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY_1", getName() + "." + name, "int", "number"));
@@ -464,7 +464,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Retrieves integer value.
-     *
+     * 
      * @param name property key
      * @param defval default value
      * @return property value
@@ -480,14 +480,14 @@ public class PropConfigStore implements IConfigStore, Cloneable {
         } catch (EPropertyNotDefined e) {
             val = defval;
         }
-		CMS.traceHashKey(mDebugType,getFullName(name),
-			""+val,""+defval);
+        CMS.traceHashKey(mDebugType, getFullName(name),
+                "" + val, "" + defval);
         return val;
     }
 
     /**
      * Puts an integer value.
-     *
+     * 
      * @param name property key
      * @param val property value
      * @exception EBaseException failed to retrieve value
@@ -498,7 +498,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Retrieves big integer value.
-     *
+     * 
      * @param name property key
      * @return property value
      * @exception EBaseException failed to retrieve value
@@ -507,7 +507,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
         String value = (String) get(name);
 
         if (value == null) {
-			CMS.traceHashKey(mDebugType,getFullName(name),"<notpresent>");
+            CMS.traceHashKey(mDebugType, getFullName(name), "<notpresent>");
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", getName() + "." + name));
         }
         if (value.length() == 0) {
@@ -527,14 +527,14 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Retrieves integer value.
-     *
+     * 
      * @param name property key
      * @param defval default value
      * @return property value
      * @exception EBaseException failed to retrieve value
      */
-    public BigInteger getBigInteger(String name, BigInteger defval) 
-        throws EBaseException {
+    public BigInteger getBigInteger(String name, BigInteger defval)
+            throws EBaseException {
         BigInteger val;
 
         try {
@@ -549,7 +549,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Puts a big integer value.
-     *
+     * 
      * @param name property key
      * @param val default value
      */
@@ -560,7 +560,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     /**
      * Creates a new sub store.
      * <P>
-     *
+     * 
      * @param name substore name
      * @return substore
      */
@@ -581,13 +581,14 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     }
 
     /**
-     * Removes a sub store.<p>
-     *
+     * Removes a sub store.
+     * <p>
+     * 
      * @param name substore name
      */
     public void removeSubStore(String name) {
         // this operation is expensive!!!
-		
+
         Enumeration e = mSource.keys();
         // We only want the keys which match the current substore name
         // without the current substore prefix.  This code works even
@@ -607,18 +608,21 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     /**
      * Retrieves a sub store. A substore contains a list
      * of properties and substores. For example,
+     * 
      * <PRE>
      *    cms.ldap.host=ds.netscape.com
      *    cms.ldap.port=389
      * </PRE>
+     * 
      * "ldap" is a substore in above example. If the
      * substore property itself is set, this method
      * will treat the value as a reference. For example,
+     * 
      * <PRE>
-     *    cms.ldap=kms.ldap
+     * cms.ldap = kms.ldap
      * </PRE>
      * <P>
-     *
+     * 
      * @param name substore name
      * @return substore
      */
@@ -639,7 +643,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Retrieves a list of property names.
-     *
+     * 
      * @return a list of string-based property names
      */
     public Enumeration getPropertyNames() {
@@ -668,7 +672,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     /**
      * Returns a list of sub store names.
      * <P>
-     *
+     * 
      * @return list of substore names
      */
     public Enumeration getSubStoreNames() {
@@ -698,7 +702,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
      * Retrieves the source configuration store where
      * the properties are stored.
      * <P>
-     *
+     * 
      * @return source configuration store
      */
     public ISourceConfigStore getSourceConfigStore() {
@@ -726,7 +730,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Converts the substore parameters.
-     *
+     * 
      * @param name property name
      * @return fill property name
      */
@@ -739,7 +743,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Cloning of property configuration store.
-     *
+     * 
      * @return a new configuration store
      */
     public Object clone() {
@@ -752,7 +756,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
             while (subs.hasMoreElements()) {
                 IConfigStore sub = (IConfigStore)
-                    subs.nextElement();
+                        subs.nextElement();
                 IConfigStore newSub = that.makeSubStore(
                         sub.getName());
                 Enumeration props = sub.getPropertyNames();
@@ -761,8 +765,8 @@ public class PropConfigStore implements IConfigStore, Cloneable {
                     String n = (String) props.nextElement();
 
                     try {
-                        newSub.putString(n, 
-                            sub.getString(n));
+                        newSub.putString(n,
+                                sub.getString(n));
                     } catch (EBaseException ex) {
                     }
                 }
diff --git a/pki/base/common/src/com/netscape/cmscore/base/SimpleProperties.java b/pki/base/common/src/com/netscape/cmscore/base/SimpleProperties.java
index 4eb1c839..9bc2a0f0 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/SimpleProperties.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/SimpleProperties.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.base;
 
-
 import java.io.BufferedReader;
 import java.io.BufferedWriter;
 import java.io.IOException;
@@ -31,28 +30,19 @@ import java.util.Date;
 import java.util.Enumeration;
 import java.util.Hashtable;
 
-
 /**
  * The <code>Properties</code> class represents a persistent set of
  * properties. The <code>Properties</code> can be saved to a stream
  * or loaded from a stream. Each key and its corresponding value in
  * the property list is a string.
  * <p>
- * A property list can contain another property list as its
- * "defaults"; this second property list is searched if
- * the property key is not found in the original property list.
- *
- * Because <code>Properties</code> inherits from <code>Hashtable</code>, the
- * <code>put</code> and <code>putAll</code> methods can be applied to a
- * <code>Properties</code> object.  Their use is strongly discouraged as they
- * allow the caller to insert entries whose keys or values are not
- * <code>Strings</code>.  The <code>setProperty</code> method should be used
- * instead.  If the <code>store</code> or <code>save</code> method is called
- * on a "compromised" <code>Properties</code> object that contains a
- * non-<code>String</code> key or value, the call will fail.
- *
+ * A property list can contain another property list as its "defaults"; this second property list is searched if the property key is not found in the original property list.
+ * 
+ * Because <code>Properties</code> inherits from <code>Hashtable</code>, the <code>put</code> and <code>putAll</code> methods can be applied to a <code>Properties</code> object. Their use is strongly discouraged as they allow the caller to insert entries whose keys or values are not <code>Strings</code>. The <code>setProperty</code> method should be used instead. If the <code>store</code> or <code>save</code> method is called on a "compromised" <code>Properties</code> object that contains a non-
+ * <code>String</code> key or value, the call will fail.
+ * 
  */
-public class SimpleProperties extends Hashtable<String,String> {
+public class SimpleProperties extends Hashtable<String, String> {
 
     /**
      *
@@ -62,7 +52,7 @@ public class SimpleProperties extends Hashtable<String,String> {
     /**
      * A property list that contains default values for any keys not
      * found in this property list.
-     *
+     * 
      * @serial
      */
     protected SimpleProperties defaults;
@@ -76,8 +66,8 @@ public class SimpleProperties extends Hashtable<String,String> {
 
     /**
      * Creates an empty property list with the specified defaults.
-     *
-     * @param   defaults   the defaults.
+     * 
+     * @param defaults the defaults.
      */
     public SimpleProperties(SimpleProperties defaults) {
         this.defaults = defaults;
@@ -87,7 +77,8 @@ public class SimpleProperties extends Hashtable<String,String> {
      * Calls the hashtable method <code>put</code>. Provided for
      * parallelism with the getProperties method. Enforces use of
      * strings for property keys and values.
-     * @since    JDK1.2
+     * 
+     * @since JDK1.2
      */
     public synchronized Object setProperty(String key, String value) {
         return put(key, value);
@@ -104,75 +95,54 @@ public class SimpleProperties extends Hashtable<String,String> {
     /**
      * Reads a property list (key and element pairs) from the input stream.
      * <p>
-     * Every property occupies one line of the input stream. Each line
-     * is terminated by a line terminator (<code>\n</code> or <code>\r</code>
-     * or <code>\r\n</code>). Lines from the input stream are processed until
-     * end of file is reached on the input stream.
+     * Every property occupies one line of the input stream. Each line is terminated by a line terminator (<code>\n</code> or <code>\r</code> or <code>\r\n</code>). Lines from the input stream are processed until end of file is reached on the input stream.
      * <p>
-     * A line that contains only whitespace or whose first non-whitespace
-     * character is an ASCII <code>#</code> or <code>!</code> is ignored
-     * (thus, <code>#</code> or <code>!</code> indicate comment lines).
+     * A line that contains only whitespace or whose first non-whitespace character is an ASCII <code>#</code> or <code>!</code> is ignored (thus, <code>#</code> or <code>!</code> indicate comment lines).
      * <p>
-     * Every line other than a blank line or a comment line describes one
-     * property to be added to the table (except that if a line ends with \,
-     * then the following line, if it exists, is treated as a continuation
-     * line, as described
-     * below). The key consists of all the characters in the line starting
-     * with the first non-whitespace character and up to, but not including,
-     * the first ASCII <code>=</code>, <code>:</code>, or whitespace
-     * character. All of the key termination characters may be included in
-     * the key by preceding them with a \.
-     * Any whitespace after the key is skipped; if the first non-whitespace
-     * character after the key is <code>=</code> or <code>:</code>, then it
-     * is ignored and any whitespace characters after it are also skipped.
-     * All remaining characters on the line become part of the associated
-     * element string. Within the element string, the ASCII
-     * escape sequences <code>\t</code>, <code>\n</code>,
-     * <code>\r</code>, <code>\\</code>, <code>\"</code>, <code>\'</code>,
-     * <code>\ &#32;</code> &#32;(a backslash and a space), and
-     * <code>\\u</code><i>xxxx</i> are recognized and converted to single
-     * characters. Moreover, if the last character on the line is
-     * <code>\</code>, then the next line is treated as a continuation of the
-     * current line; the <code>\</code> and line terminator are simply
-     * discarded, and any leading whitespace characters on the continuation
-     * line are also discarded and are not part of the element string.
+     * Every line other than a blank line or a comment line describes one property to be added to the table (except that if a line ends with \, then the following line, if it exists, is treated as a continuation line, as described below). The key consists of all the characters in the line starting with the first non-whitespace character and up to, but not including, the first ASCII <code>=</code>, <code>:</code>, or whitespace character. All of the key termination characters may be included in
+     * the key by preceding them with a \. Any whitespace after the key is skipped; if the first non-whitespace character after the key is <code>=</code> or <code>:</code>, then it is ignored and any whitespace characters after it are also skipped. All remaining characters on the line become part of the associated element string. Within the element string, the ASCII escape sequences <code>\t</code>, <code>\n</code>, <code>\r</code>, <code>\\</code>, <code>\"</code>, <code>\'</code>,
+     * <code>\ &#32;</code> &#32;(a backslash and a space), and <code>\\u</code><i>xxxx</i> are recognized and converted to single characters. Moreover, if the last character on the line is <code>\</code>, then the next line is treated as a continuation of the current line; the <code>\</code> and line terminator are simply discarded, and any leading whitespace characters on the continuation line are also discarded and are not part of the element string.
      * <p>
-     * As an example, each of the following four lines specifies the key
-     * <code>"Truth"</code> and the associated element value
-     * <code>"Beauty"</code>:
+     * As an example, each of the following four lines specifies the key <code>"Truth"</code> and the associated element value <code>"Beauty"</code>:
      * <p>
+     * 
      * <pre>
      * Truth = Beauty
-     *	Truth:Beauty
+     * Truth:Beauty
      * Truth			:Beauty
      * </pre>
-     * As another example, the following three lines specify a single
-     * property:
+     * 
+     * As another example, the following three lines specify a single property:
      * <p>
+     * 
      * <pre>
      * fruits				apple, banana, pear, \
      *                                  cantaloupe, watermelon, \
      *                                  kiwi, mango
      * </pre>
+     * 
      * The key is <code>"fruits"</code> and the associated element is:
      * <p>
-     * <pre>"apple, banana, pear, cantaloupe, watermelon,kiwi, mango"</pre>
-     * Note that a space appears before each <code>\</code> so that a space
-     * will appear after each comma in the final result; the <code>\</code>,
-     * line terminator, and leading whitespace on the continuation line are
-     * merely discarded and are <i>not</i> replaced by one or more other
-     * characters.
+     * 
+     * <pre>
+     * &quot;apple, banana, pear, cantaloupe, watermelon,kiwi, mango&quot;
+     * </pre>
+     * 
+     * Note that a space appears before each <code>\</code> so that a space will appear after each comma in the final result; the <code>\</code>, line terminator, and leading whitespace on the continuation line are merely discarded and are <i>not</i> replaced by one or more other characters.
      * <p>
      * As a third example, the line:
      * <p>
-     * <pre>cheeses
+     * 
+     * <pre>
+     * cheeses
      * </pre>
-     * specifies that the key is <code>"cheeses"</code> and the associated
-     * element is the empty string.<p>
-     *
-     * @param      in   the input stream.
-     * @exception  IOException  if an error occurred when reading from the
-     *               input stream.
+     * 
+     * specifies that the key is <code>"cheeses"</code> and the associated element is the empty string.
+     * <p>
+     * 
+     * @param in the input stream.
+     * @exception IOException if an error occurred when reading from the
+     *                input stream.
      */
     public synchronized void load(InputStream inStream) throws IOException {
 
@@ -232,12 +202,12 @@ public class SimpleProperties extends Hashtable<String,String> {
                         if (whiteSpaceChars.indexOf(line.charAt(valueIndex)) == -1)
                             break;
 
-                        // Skip over one non whitespace key value separators if any
+                    // Skip over one non whitespace key value separators if any
                     if (valueIndex < len)
                         if (strictKeyValueSeparators.indexOf(line.charAt(valueIndex)) != -1)
                             valueIndex++;
 
-                        // Skip over white space after other separators if any
+                    // Skip over white space after other separators if any
                     while (valueIndex < len) {
                         if (whiteSpaceChars.indexOf(line.charAt(valueIndex)) == -1)
                             break;
@@ -272,16 +242,16 @@ public class SimpleProperties extends Hashtable<String,String> {
     /**
      * Calls the <code>store(OutputStream out, String header)</code> method
      * and suppresses IOExceptions that were thrown.
-     *
+     * 
      * @deprecated This method does not throw an IOException if an I/O error
-     * occurs while saving the property list.  As of JDK 1.2, the preferred
-     * way to save a properties list is via the <code>store(OutputStream out,
+     *             occurs while saving the property list. As of JDK 1.2, the preferred
+     *             way to save a properties list is via the <code>store(OutputStream out,
      * String header)</code> method.
-     *
-     * @param   out      an output stream.
-     * @param   header   a description of the property list.
-     * @exception  ClassCastException  if this <code>Properties</code> object
-     *             contains any keys or values that are not <code>Strings</code>.
+     * 
+     * @param out an output stream.
+     * @param header a description of the property list.
+     * @exception ClassCastException if this <code>Properties</code> object
+     *                contains any keys or values that are not <code>Strings</code>.
      */
     public synchronized void save(OutputStream out, String header) {
         try {
@@ -291,49 +261,27 @@ public class SimpleProperties extends Hashtable<String,String> {
     }
 
     /**
-     * Writes this property list (key and element pairs) in this
-     * <code>Properties</code> table to the output stream in a format suitable
-     * for loading into a <code>Properties</code> table using the
-     * <code>load</code> method.
+     * Writes this property list (key and element pairs) in this <code>Properties</code> table to the output stream in a format suitable
+     * for loading into a <code>Properties</code> table using the <code>load</code> method.
      * <p>
-     * Properties from the defaults table of this <code>Properties</code>
-     * table (if any) are <i>not</i> written out by this method.
+     * Properties from the defaults table of this <code>Properties</code> table (if any) are <i>not</i> written out by this method.
      * <p>
-     * If the header argument is not null, then an ASCII <code>#</code>
-     * character, the header string, and a line separator are first written
-     * to the output stream. Thus, the <code>header</code> can serve as an
-     * identifying comment.
+     * If the header argument is not null, then an ASCII <code>#</code> character, the header string, and a line separator are first written to the output stream. Thus, the <code>header</code> can serve as an identifying comment.
      * <p>
-     * Next, a comment line is always written, consisting of an ASCII
-     * <code>#</code> character, the current date and time (as if produced
-     * by the <code>toString</code> method of <code>Date</code> for the
-     * current time), and a line separator as generated by the Writer.
+     * Next, a comment line is always written, consisting of an ASCII <code>#</code> character, the current date and time (as if produced by the <code>toString</code> method of <code>Date</code> for the current time), and a line separator as generated by the Writer.
      * <p>
-     * Then every entry in this <code>Properties</code> table is written out,
-     * one per line. For each entry the key string is written, then an ASCII
-     * <code>=</code>, then the associated element string. Each character of
-     * the element string is examined to see whether it should be rendered as
-     * an escape sequence. The ASCII characters <code>\</code>, tab, newline,
-     * and carriage return are written as <code>\\</code>, <code>\t</code>,
-     * <code>\n</code>, and <code>\r</code>, respectively. Characters less
-     * than <code>\u0020</code> and characters greater than
-     * <code>\u007E</code> are written as <code>\\u</code><i>xxxx</i> for
-     * the appropriate hexadecimal value <i>xxxx</i>. Space characters, but
-     * not embedded or trailing space characters, are written with a preceding
-     * <code>\</code>. The key and value characters <code>#</code>,
-     * <code>!</code>, <code>=</code>, and <code>:</code> are written with a
-     * preceding slash to ensure that they are properly loaded.
+     * Then every entry in this <code>Properties</code> table is written out, one per line. For each entry the key string is written, then an ASCII <code>=</code>, then the associated element string. Each character of the element string is examined to see whether it should be rendered as an escape sequence. The ASCII characters <code>\</code>, tab, newline, and carriage return are written as <code>\\</code>, <code>\t</code>, <code>\n</code>, and <code>\r</code>, respectively. Characters less
+     * than <code>\u0020</code> and characters greater than <code>\u007E</code> are written as <code>\\u</code><i>xxxx</i> for the appropriate hexadecimal value <i>xxxx</i>. Space characters, but not embedded or trailing space characters, are written with a preceding <code>\</code>. The key and value characters <code>#</code>, <code>!</code>, <code>=</code>, and <code>:</code> are written with a preceding slash to ensure that they are properly loaded.
      * <p>
-     * After the entries have been written, the output stream is flushed.  The
-     * output stream remains open after this method returns.
-     *
-     * @param   out      an output stream.
-     * @param   header   a description of the property list.
-     * @exception  ClassCastException  if this <code>Properties</code> object
-     *             contains any keys or values that are not <code>Strings</code>.
+     * After the entries have been written, the output stream is flushed. The output stream remains open after this method returns.
+     * 
+     * @param out an output stream.
+     * @param header a description of the property list.
+     * @exception ClassCastException if this <code>Properties</code> object
+     *                contains any keys or values that are not <code>Strings</code>.
      */
     public synchronized void store(OutputStream out, String header)
-        throws IOException {
+            throws IOException {
         BufferedWriter awriter;
 
         awriter = new BufferedWriter(new OutputStreamWriter(out, "8859_1"));
@@ -341,8 +289,8 @@ public class SimpleProperties extends Hashtable<String,String> {
             writeln(awriter, "#" + header);
         writeln(awriter, "#" + new Date().toString());
         for (Enumeration<String> e = keys(); e.hasMoreElements();) {
-            String key =  e.nextElement();
-            String val =  get(key);
+            String key = e.nextElement();
+            String val = get(key);
 
             //           key = saveConvert(key);
             //           val = saveConvert(val);
@@ -359,16 +307,15 @@ public class SimpleProperties extends Hashtable<String,String> {
     /**
      * Searches for the property with the specified key in this property list.
      * If the key is not found in this property list, the default property list,
-     * and its defaults, recursively, are then checked. The method returns
-     * <code>null</code> if the property is not found.
-     *
-     * @param   key   the property key.
-     * @return  the value in this property list with the specified key value.
-     * @see     java.util.Properties#defaults
+     * and its defaults, recursively, are then checked. The method returns <code>null</code> if the property is not found.
+     * 
+     * @param key the property key.
+     * @return the value in this property list with the specified key value.
+     * @see java.util.Properties#defaults
      */
     public String getProperty(String key) {
         String oval = super.get(key);
-        String sval = (oval instanceof String) ?  oval : null;
+        String sval = (oval instanceof String) ? oval : null;
 
         return ((sval == null) && (defaults != null)) ? defaults.getProperty(key) : sval;
     }
@@ -378,12 +325,12 @@ public class SimpleProperties extends Hashtable<String,String> {
      * If the key is not found in this property list, the default property list,
      * and its defaults, recursively, are then checked. The method returns the
      * default value argument if the property is not found.
-     *
-     * @param   key            the hashtable key.
-     * @param   defaultValue   a default value.
-     *
-     * @return  the value in this property list with the specified key value.
-     * @see     java.util.Properties#defaults
+     * 
+     * @param key the hashtable key.
+     * @param defaultValue a default value.
+     * 
+     * @return the value in this property list with the specified key value.
+     * @see java.util.Properties#defaults
      */
     public String getProperty(String key, String defaultValue) {
         String val = getProperty(key);
@@ -394,11 +341,11 @@ public class SimpleProperties extends Hashtable<String,String> {
     /**
      * Returns an enumeration of all the keys in this property list, including
      * the keys in the default property list.
-     *
-     * @return  an enumeration of all the keys in this property list, including
-     *          the keys in the default property list.
-     * @see     java.util.Enumeration
-     * @see     java.util.Properties#defaults
+     * 
+     * @return an enumeration of all the keys in this property list, including
+     *         the keys in the default property list.
+     * @see java.util.Enumeration
+     * @see java.util.Properties#defaults
      */
     public Enumeration<String> propertyNames() {
         Hashtable<String, String> h = new Hashtable<String, String>();
@@ -410,8 +357,8 @@ public class SimpleProperties extends Hashtable<String,String> {
     /**
      * Prints this property list out to the specified output stream.
      * This method is useful for debugging.
-     *
-     * @param   out   an output stream.
+     * 
+     * @param out an output stream.
      */
     public void list(PrintStream out) {
         out.println("-- listing properties --");
@@ -432,11 +379,11 @@ public class SimpleProperties extends Hashtable<String,String> {
     /**
      * Prints this property list out to the specified output stream.
      * This method is useful for debugging.
-     *
-     * @param   out   an output stream.
-     * @since   JDK1.1
+     * 
+     * @param out an output stream.
+     * @since JDK1.1
      */
-    
+
     /*
      * Rather than use an anonymous inner class to share common code, this
      * method is duplicated in order to ensure that a non-1.1 compiler can
@@ -448,7 +395,7 @@ public class SimpleProperties extends Hashtable<String,String> {
 
         enumerate(h);
         for (Enumeration<String> e = h.keys(); e.hasMoreElements();) {
-            String key =  e.nextElement();
+            String key = e.nextElement();
             String val = h.get(key);
 
             if (val.length() > 40) {
@@ -460,6 +407,7 @@ public class SimpleProperties extends Hashtable<String,String> {
 
     /**
      * Enumerates all key/value pairs in the specified hastable.
+     * 
      * @param h the hashtable
      */
     private synchronized void enumerate(Hashtable<String, String> h) {
@@ -467,7 +415,7 @@ public class SimpleProperties extends Hashtable<String,String> {
             defaults.enumerate(h);
         }
         for (Enumeration<String> e = keys(); e.hasMoreElements();) {
-            String key =  e.nextElement();
+            String key = e.nextElement();
 
             h.put(key, get(key));
         }
diff --git a/pki/base/common/src/com/netscape/cmscore/base/SourceConfigStore.java b/pki/base/common/src/com/netscape/cmscore/base/SourceConfigStore.java
index 70af37ce..3c4ec699 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/SourceConfigStore.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/SourceConfigStore.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.base;
 
-
 import com.netscape.certsrv.base.ISourceConfigStore;
 
-
 /**
  * This class is is a wrapper to hide the Properties methods from
- * the PropConfigStore.  Lucky for us, Properties already implements
+ * the PropConfigStore. Lucky for us, Properties already implements
  * almost every thing ISourceConfigStore requires.
  * 
  * @version $Revision$, $Date$
@@ -39,7 +37,7 @@ public class SourceConfigStore extends SimpleProperties implements ISourceConfig
     /**
      * Retrieves a property from the config store
      * <P>
-     *
+     * 
      * @param name property name
      * @return property value
      */
@@ -50,10 +48,10 @@ public class SourceConfigStore extends SimpleProperties implements ISourceConfig
     /**
      * Puts a property into the config store.
      * <P>
-     *
+     * 
      * @param name property name
      * @param value property value
-     * @return 
+     * @return
      */
     public String put(String name, String value) {
         return super.put(name, value); // from Properties->Hashtable
diff --git a/pki/base/common/src/com/netscape/cmscore/base/SubsystemLoader.java b/pki/base/common/src/com/netscape/cmscore/base/SubsystemLoader.java
index 83c74ebc..0dbeb4b5 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/SubsystemLoader.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/SubsystemLoader.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.base;
 
-
 import java.util.Vector;
 
 import com.netscape.certsrv.apps.CMS;
@@ -25,7 +24,6 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
  * A class represents a subsystem loader.
  * <P>
@@ -34,7 +32,7 @@ import com.netscape.certsrv.base.ISubsystem;
  * @version $Revision$, $Date$
  */
 public class SubsystemLoader {
-	
+
     private static final String PROP_SUBSYSTEM = "subsystem";
     private static final String PROP_CLASSNAME = "class";
     private static final String PROP_ID = "id";
diff --git a/pki/base/common/src/com/netscape/cmscore/base/SubsystemRegistry.java b/pki/base/common/src/com/netscape/cmscore/base/SubsystemRegistry.java
index 72b4105a..adae6049 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/SubsystemRegistry.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/SubsystemRegistry.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.base;
 
-
 import java.util.Hashtable;
 
 import com.netscape.certsrv.base.ISubsystem;
@@ -38,7 +37,7 @@ public class SubsystemRegistry extends Hashtable<String, ISubsystem> {
     }
 
     public ISubsystem get(String key) {
-        return  super.get(key);
+        return super.get(key);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java b/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java
index ed20d76f..d8b29812 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.util.Comparator;
 import java.util.Date;
 
 import netscape.security.x509.X509CertImpl;
 
-
 /**
  * Compares validity dates for use in sorting.
- *
+ * 
  * @author kanda
  * @version $Revision$, $Date$
  */
@@ -44,11 +42,11 @@ public class CertDateCompare implements Comparator {
         } catch (Exception e) {
             e.printStackTrace();
         }
-        if (d1 == d2) return 0;
+        if (d1 == d2)
+            return 0;
         if (d1.after(d2))
             return 1;
         else
             return -1;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java
index 3168b92f..726fa5e1 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.security.cert.Certificate;
 
 import com.netscape.certsrv.base.ICertPrettyPrint;
 
-
 /**
  * This class will display the certificate content in predefined
  * format.
- *
+ * 
  * @author Jack Pan-Chen
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java b/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java
index 97db7921..72325db0 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
@@ -64,10 +63,10 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.osutil.OSUtil;
 
 /**
- * Utility class with assorted methods to check for 
+ * Utility class with assorted methods to check for
  * smime pairs, determining the type of cert - signature
  * or encryption ..etc.
- *
+ * 
  * @author kanda
  * @version $Revision$, $Date$
  */
@@ -79,9 +78,9 @@ public class CertUtils {
     public static final String CERT_RENEWAL_HEADER = "-----BEGIN RENEWAL CERTIFICATE REQUEST-----";
     public static final String CERT_RENEWAL_TRAILER = "-----END RENEWAL CERTIFICATE REQUEST-----";
     public static final String BEGIN_CRL_HEADER =
-        "-----BEGIN CERTIFICATE REVOCATION LIST-----";
+            "-----BEGIN CERTIFICATE REVOCATION LIST-----";
     public static final String END_CRL_HEADER =
-        "-----END CERTIFICATE REVOCATION LIST-----";
+            "-----END CERTIFICATE REVOCATION LIST-----";
 
     protected static ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
     private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION =
@@ -91,7 +90,7 @@ public class CertUtils {
      * Remove the header and footer in the PKCS10 request.
      */
     public static String unwrapPKCS10(String request, boolean checkHeader)
-        throws EBaseException {
+            throws EBaseException {
         String unwrapped;
         String header = null;
         int head = -1;
@@ -167,8 +166,8 @@ public class CertUtils {
         return pkcs10;
     }
 
-    public static void setRSAKeyToCertInfo(X509CertInfo info, 
-        byte encoded[]) throws EBaseException {
+    public static void setRSAKeyToCertInfo(X509CertInfo info,
+            byte encoded[]) throws EBaseException {
         try {
             if (info == null) {
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION"));
@@ -183,20 +182,20 @@ public class CertUtils {
     }
 
     public static X509CertInfo createCertInfo(int ver,
-        BigInteger serialno, String alg, String issuerName,
-        Date notBefore, Date notAfter) throws EBaseException {
+            BigInteger serialno, String alg, String issuerName,
+            Date notBefore, Date notAfter) throws EBaseException {
         try {
             X509CertInfo info = new X509CertInfo();
 
             info.set(X509CertInfo.VERSION, new CertificateVersion(ver));
-            info.set(X509CertInfo.SERIAL_NUMBER, new 
-                CertificateSerialNumber(serialno));
-            info.set(X509CertInfo.ALGORITHM_ID, new 
-                CertificateAlgorithmId(AlgorithmId.getAlgorithmId(alg)));
-            info.set(X509CertInfo.ISSUER, new 
-                CertificateIssuerName(new X500Name(issuerName)));
-            info.set(X509CertInfo.VALIDITY, new 
-                CertificateValidity(notBefore, notAfter));
+            info.set(X509CertInfo.SERIAL_NUMBER, new
+                    CertificateSerialNumber(serialno));
+            info.set(X509CertInfo.ALGORITHM_ID, new
+                    CertificateAlgorithmId(AlgorithmId.getAlgorithmId(alg)));
+            info.set(X509CertInfo.ISSUER, new
+                    CertificateIssuerName(new X500Name(issuerName)));
+            info.set(X509CertInfo.VALIDITY, new
+                    CertificateValidity(notBefore, notAfter));
             return info;
         } catch (Exception e) {
             System.out.println(e.toString());
@@ -233,11 +232,12 @@ public class CertUtils {
             return false;
         else if (keyUsage.length == 3)
             return keyUsage[2];
-        else return keyUsage[2] || keyUsage[3];
+        else
+            return keyUsage[2] || keyUsage[3];
     }
 
     public static boolean haveSameValidityPeriod(X509CertImpl cert1,
-        X509CertImpl cert2) {
+            X509CertImpl cert2) {
         long notBefDiff = 0;
         long notAfterDiff = 0;
 
@@ -264,7 +264,7 @@ public class CertUtils {
             if (!sameSubjectDN(dn1, dn2))
                 return false;
         }
-		
+
         // Check for the presence of signing and encryption certs.
         boolean hasSigningCert = isSigningCert(cert1) || isSigningCert(cert2);
 
@@ -276,15 +276,15 @@ public class CertUtils {
         if (!hasEncryptionCert)
             return false;
 
-            // If both certs have signing & encryption usage set, they are
-            // not really pairs.
+        // If both certs have signing & encryption usage set, they are
+        // not really pairs.
         if ((isSigningCert(cert1) && isEncryptionCert(cert1)) ||
-            (isSigningCert(cert2) && isEncryptionCert(cert2)))
+                (isSigningCert(cert2) && isEncryptionCert(cert2)))
             return false;
 
-            // See if the certs have the same validity.
-        boolean haveSameValidity = 
-            haveSameValidityPeriod(cert1, cert2);
+        // See if the certs have the same validity.
+        boolean haveSameValidity =
+                haveSameValidityPeriod(cert1, cert2);
 
         return haveSameValidity;
     }
@@ -358,7 +358,7 @@ public class CertUtils {
     }
 
     public static String getRenewedCertsDisplayInfo(String cn,
-        X509CertImpl[] validCerts, X509CertImpl[] renewedCerts) {
+            X509CertImpl[] validCerts, X509CertImpl[] renewedCerts) {
         StringBuffer sb = new StringBuffer(1024);
 
         if (validCerts != null) {
@@ -397,11 +397,11 @@ public class CertUtils {
 
     /**
      * Returns the index of the given cert in an array of certs.
-     *
-     * Assumptions: The certs are issued by the same CA 
-     *
-     * @param certArray	The array of certs.
-     * @param givenCert	The certificate we are lokking for in the array.
+     * 
+     * Assumptions: The certs are issued by the same CA
+     * 
+     * @param certArray The array of certs.
+     * @param givenCert The certificate we are lokking for in the array.
      * @return -1 if not found or the index of the given cert in the array.
      */
     public static int getCertIndex(X509CertImpl[] certArray, X509CertImpl givenCert) {
@@ -419,20 +419,20 @@ public class CertUtils {
 
     /**
      * Returns the most recently issued signing certificate from an
-     * an array of certs. 
-     *
-     * Assumptions: The certs are issued by the same CA 
-     *
-     * @param certArray	The array of certs.
-     * @param givenCert	The certificate we are lokking for in the array.
+     * an array of certs.
+     * 
+     * Assumptions: The certs are issued by the same CA
+     * 
+     * @param certArray The array of certs.
+     * @param givenCert The certificate we are lokking for in the array.
      * @return null if there is no recent cert or the most recent cert.
      */
     public static X509CertImpl getRecentSigningCert(X509CertImpl[] certArray,
-        X509CertImpl currentCert) {
+            X509CertImpl currentCert) {
         if (certArray == null || currentCert == null)
             return null;
 
-            // Sort the certificate array.
+        // Sort the certificate array.
         Arrays.sort(certArray, new CertDateCompare());
 
         // Get the index of the current cert in the array.
@@ -447,7 +447,7 @@ public class CertUtils {
             // Check if it is a signing cert and has its
             // NotAfter later than the current cert.
             if (isSigningCert(certArray[i]) &&
-                certArray[i].getNotAfter().after(recentCert.getNotAfter()))
+                    certArray[i].getNotAfter().after(recentCert.getNotAfter()))
                 recentCert = certArray[i];
         }
         return ((recentCert == currentCert) ? null : recentCert);
@@ -467,13 +467,13 @@ public class CertUtils {
         // Is is object signing cert?
         try {
             CertificateExtensions extns = (CertificateExtensions)
-                cert.get(X509CertImpl.NAME + "." + 
-                    X509CertImpl.INFO + "." + 
-                    X509CertInfo.EXTENSIONS);
+                    cert.get(X509CertImpl.NAME + "." +
+                            X509CertImpl.INFO + "." +
+                            X509CertInfo.EXTENSIONS);
 
             if (extns != null) {
                 NSCertTypeExtension nsExtn = (NSCertTypeExtension)
-                    extns.get(NSCertTypeExtension.class.getSimpleName());
+                        extns.get(NSCertTypeExtension.class.getSimpleName());
 
                 if (nsExtn != null) {
                     String nsType = getNSExtensionInfo(nsExtn);
@@ -485,7 +485,7 @@ public class CertUtils {
                     }
                 }
             }
-        }catch (Exception e) {
+        } catch (Exception e) {
         }
         return (sb.length() > 0) ? sb.toString() : null;
     }
@@ -517,14 +517,14 @@ public class CertUtils {
             res = (Boolean) nsExtn.get(NSCertTypeExtension.OBJECT_SIGNING_CA);
             if (res.equals(Boolean.TRUE))
                 sb.append("   object_signing_CA");
-        }catch (Exception e) {
+        } catch (Exception e) {
         }
 
         return (sb.length() > 0) ? sb.toString() : null;
     }
 
     public static byte[] readFromFile(String fileName)
-        throws IOException {
+            throws IOException {
         FileInputStream fin = new FileInputStream(fileName);
         int available = fin.available();
         byte[] ba = new byte[available];
@@ -537,7 +537,7 @@ public class CertUtils {
     }
 
     public static void storeInFile(String fileName, byte[] ba)
-        throws IOException {
+            throws IOException {
         FileOutputStream fout = new FileOutputStream(fileName);
 
         fout.write(ba);
@@ -546,17 +546,16 @@ public class CertUtils {
 
     public static String toMIME64(X509CertImpl cert) {
         try {
-            return 
-                "-----BEGIN CERTIFICATE-----\n" +
-                com.netscape.osutil.OSUtil.BtoA(cert.getEncoded()) +
-                "-----END CERTIFICATE-----\n";
+            return "-----BEGIN CERTIFICATE-----\n" +
+                    com.netscape.osutil.OSUtil.BtoA(cert.getEncoded()) +
+                    "-----END CERTIFICATE-----\n";
         } catch (CertificateException e) {
         }
         return null;
     }
 
-    public static X509Certificate mapCert(String mime64) 
-        throws IOException {
+    public static X509Certificate mapCert(String mime64)
+            throws IOException {
         mime64 = stripCertBrackets(mime64.trim());
         String newval = normalizeCertStr(mime64);
         byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval);
@@ -569,8 +568,8 @@ public class CertUtils {
         return cert;
     }
 
-    public static X509Certificate[] mapCertFromPKCS7(String mime64) 
-        throws IOException {
+    public static X509Certificate[] mapCertFromPKCS7(String mime64)
+            throws IOException {
         mime64 = stripCertBrackets(mime64.trim());
         String newval = normalizeCertStr(mime64);
         byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval);
@@ -584,8 +583,8 @@ public class CertUtils {
         }
     }
 
-    public static X509CRL mapCRL(String mime64) 
-        throws IOException {
+    public static X509CRL mapCRL(String mime64)
+            throws IOException {
         mime64 = stripCRLBrackets(mime64.trim());
         String newval = normalizeCertStr(mime64);
         byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval);
@@ -598,8 +597,8 @@ public class CertUtils {
         return crl;
     }
 
-    public static X509CRL mapCRL1(String mime64) 
-        throws IOException {
+    public static X509CRL mapCRL1(String mime64)
+            throws IOException {
         mime64 = stripCRLBrackets(mime64.trim());
         byte rawPub[] = OSUtil.AtoB(mime64);
         X509CRL crl = null;
@@ -635,7 +634,7 @@ public class CertUtils {
             return s;
         }
         if ((s.startsWith("-----BEGIN CERTIFICATE REVOCATION LIST-----")) &&
-            (s.endsWith("-----END CERTIFICATE REVOCATION LIST-----"))) {
+                (s.endsWith("-----END CERTIFICATE REVOCATION LIST-----"))) {
             return (s.substring(43, (s.length() - 41)));
         }
         return s;
@@ -643,8 +642,9 @@ public class CertUtils {
 
     /**
      * strips out the begin and end certificate brackets
+     * 
      * @param s the string potentially bracketed with
-     * "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
+     *            "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
      * @return string without the brackets
      */
     public static String stripCertBrackets(String s) {
@@ -653,13 +653,13 @@ public class CertUtils {
         }
 
         if ((s.startsWith("-----BEGIN CERTIFICATE-----")) &&
-            (s.endsWith("-----END CERTIFICATE-----"))) {
+                (s.endsWith("-----END CERTIFICATE-----"))) {
             return (s.substring(27, (s.length() - 25)));
         }
 
         // To support Thawte's header and footer
         if ((s.startsWith("-----BEGIN PKCS #7 SIGNED DATA-----")) &&
-            (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) {
+                (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) {
             return (s.substring(35, (s.length() - 33)));
         }
 
@@ -669,11 +669,12 @@ public class CertUtils {
     /**
      * Returns a string that represents a cert's fingerprint.
      * The fingerprint is a MD5 digest of the DER encoded certificate.
-     * @param  cert Certificate to get the fingerprint of.
+     * 
+     * @param cert Certificate to get the fingerprint of.
      * @return a String that represents the cert's fingerprint.
      */
-    public static String getFingerPrint(Certificate cert) 
-        throws CertificateEncodingException, NoSuchAlgorithmException {
+    public static String getFingerPrint(Certificate cert)
+            throws CertificateEncodingException, NoSuchAlgorithmException {
         byte certDer[] = cert.getEncoded();
         MessageDigest md = MessageDigest.getInstance("MD5");
 
@@ -685,16 +686,18 @@ public class CertUtils {
         sb.append(pp.toHexString(digestedCert, 4, 20));
         return sb.toString();
     }
-	
+
     /**
-     * Returns a string that has the certificate's fingerprint using 
+     * Returns a string that has the certificate's fingerprint using
      * MD5, MD2 and SHA1 hashes.
-     * A certificate's fingerprint is a hash digest of the DER encoded 
+     * A certificate's fingerprint is a hash digest of the DER encoded
      * certificate.
+     * 
      * @param cert Certificate to get the fingerprints of.
      * @return a String with fingerprints using the MD5, MD2 and SHA1 hashes.
-     * For example, 
-     * <pre>
+     *         For example,
+     * 
+     *         <pre>
      * MD2:   78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71
      * 
      * MD5:   0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75
@@ -703,9 +706,9 @@ public class CertUtils {
      * </pre>
      */
     public static String getFingerPrints(Certificate cert)
-        throws NoSuchAlgorithmException, CertificateEncodingException {
+            throws NoSuchAlgorithmException, CertificateEncodingException {
         byte certDer[] = cert.getEncoded();
-		/*
+        /*
         String[] hashes = new String[] {"MD2", "MD5", "SHA1"};
         String certFingerprints = "";
         PrettyPrintFormat pp = new PrettyPrintFormat(":");
@@ -718,19 +721,21 @@ public class CertUtils {
                     pp.toHexString(md.digest(), 6 - hashes[i].length());
         }
         return certFingerprints;
-		*/
-		return getFingerPrints(certDer);
+        */
+        return getFingerPrints(certDer);
     }
-	
+
     /**
-     * Returns a string that has the certificate's fingerprint using 
+     * Returns a string that has the certificate's fingerprint using
      * MD5, MD2 and SHA1 hashes.
-     * A certificate's fingerprint is a hash digest of the DER encoded 
+     * A certificate's fingerprint is a hash digest of the DER encoded
      * certificate.
+     * 
      * @param cert Certificate to get the fingerprints of.
      * @return a String with fingerprints using the MD5, MD2 and SHA1 hashes.
-     * For example, 
-     * <pre>
+     *         For example,
+     * 
+     *         <pre>
      * MD2:   78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71
      * 
      * MD5:   0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75
@@ -739,9 +744,9 @@ public class CertUtils {
      * </pre>
      */
     public static String getFingerPrints(byte[] certDer)
-        throws NoSuchAlgorithmException/*, CertificateEncodingException*/ {
-		//        byte certDer[] = cert.getEncoded();
-        String[] hashes = new String[] {"MD2", "MD5", "SHA1", "SHA256", "SHA512"};
+            throws NoSuchAlgorithmException/*, CertificateEncodingException*/{
+        //        byte certDer[] = cert.getEncoded();
+        String[] hashes = new String[] { "MD2", "MD5", "SHA1", "SHA256", "SHA512" };
         String certFingerprints = "";
         PrettyPrintFormat pp = new PrettyPrintFormat(":");
 
@@ -756,19 +761,20 @@ public class CertUtils {
     }
 
     /**
-     * Check if a object identifier in string form is valid, 
+     * Check if a object identifier in string form is valid,
      * that is a string in the form n.n.n.n and der encode and decode-able.
+     * 
      * @param attrName attribute name (from the configuration file)
      * @param value object identifier string.
-     */ 
+     */
     public static ObjectIdentifier checkOID(String attrName, String value)
-        throws EBaseException {
+            throws EBaseException {
         String msg = "value must be a object identifier in the form n.n.n.n";
         String msg1 = "not a valid object identifier.";
         ObjectIdentifier oid;
 
-        try { 
-            oid = ObjectIdentifier.getObjectIdentifier(value); 
+        try {
+            oid = ObjectIdentifier.getObjectIdentifier(value);
         } catch (Exception e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
                         attrName, msg));
@@ -776,7 +782,7 @@ public class CertUtils {
 
         // if the OID isn't valid (ex. n.n) the error isn't caught til
         // encoding time leaving a bad request in the request queue.
-        try { 
+        try {
             DerOutputStream derOut = new DerOutputStream();
 
             derOut.putOID(oid);
@@ -803,20 +809,20 @@ public class CertUtils {
 
         return tmp.toString();
     }
-	
+
     /*
      * verify a certificate by its nickname
      * returns true if it verifies; false if any not
      */
     public static boolean verifySystemCertByNickname(String nickname, String certusage) {
         boolean r = true;
-        CertificateUsage  cu = null;
+        CertificateUsage cu = null;
         cu = getCertificateUsage(certusage);
         int ccu = 0;
 
         if (cu == null) {
-            CMS.debug("CertUtils: verifySystemCertByNickname() failed: "+
-                nickname + " with unsupported certusage ="+ certusage);
+            CMS.debug("CertUtils: verifySystemCertByNickname() failed: " +
+                    nickname + " with unsupported certusage =" + certusage);
             return false;
         }
 
@@ -839,7 +845,7 @@ public class CertUtils {
                 if (ccu == CertificateUsage.basicCertificateUsages) {
                     /* cert is good for nothing */
                     r = false;
-                    CMS.debug("CertUtils: verifySystemCertByNickname() failed: cert is good for nothing:"+ nickname);
+                    CMS.debug("CertUtils: verifySystemCertByNickname() failed: cert is good for nothing:" + nickname);
                 } else {
                     r = true;
                     CMS.debug("CertUtils: verifySystemCertByNickname() passed:" + nickname);
@@ -871,8 +877,8 @@ public class CertUtils {
                 }
             }
         } catch (Exception e) {
-            CMS.debug("CertUtils: verifySystemCertByNickname() failed: "+
-                e.toString());
+            CMS.debug("CertUtils: verifySystemCertByNickname() failed: " +
+                    e.toString());
             r = false;
         }
         return r;
@@ -905,12 +911,12 @@ public class CertUtils {
                 r = false;
                 return r;
             }
-            String nickname = config.getString(subsysType+".cert."+tag+".nickname", "");
+            String nickname = config.getString(subsysType + ".cert." + tag + ".nickname", "");
             if (nickname.equals("")) {
                 CMS.debug("CertUtils: verifySystemCertByTag() nickname for cert tag " + tag + " undefined in CS.cfg");
                 r = false;
             }
-            String certusage = config.getString(subsysType+".cert."+tag+".certusage", "");
+            String certusage = config.getString(subsysType + ".cert." + tag + ".certusage", "");
             if (certusage.equals("")) {
                 CMS.debug("CertUtils: verifySystemCertByTag() certusage for cert tag " + tag + " undefined in CS.cfg, getting current certificate usage");
             }
@@ -918,9 +924,9 @@ public class CertUtils {
             if (r == true) {
                 // audit here
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
-                    ILogger.SYSTEM_UID,
-                    ILogger.SUCCESS,
+                        LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
+                        ILogger.SYSTEM_UID,
+                        ILogger.SUCCESS,
                             nickname);
 
                 audit(auditMessage);
@@ -935,8 +941,8 @@ public class CertUtils {
                 audit(auditMessage);
             }
         } catch (Exception e) {
-            CMS.debug("CertUtils: verifySystemCertsByTag() failed: "+
-                e.toString());
+            CMS.debug("CertUtils: verifySystemCertsByTag() failed: " +
+                    e.toString());
             auditMessage = CMS.getLogMessage(
                         LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
                         ILogger.SYSTEM_UID,
@@ -1022,9 +1028,9 @@ public class CertUtils {
                 r = false;
                 return r;
             }
-            String certlist = config.getString(subsysType+".cert.list", "");
+            String certlist = config.getString(subsysType + ".cert.list", "");
             if (certlist.equals("")) {
-                CMS.debug("CertUtils: verifySystemCerts() "+subsysType+ ".cert.list not defined in CS.cfg. System certificates verification not done");
+                CMS.debug("CertUtils: verifySystemCerts() " + subsysType + ".cert.list not defined in CS.cfg. System certificates verification not done");
                 auditMessage = CMS.getLogMessage(
                             LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
                             ILogger.SYSTEM_UID,
@@ -1050,7 +1056,7 @@ public class CertUtils {
                         ILogger.FAILURE,
                         "");
 
-                    audit(auditMessage);
+            audit(auditMessage);
             r = false;
             CMS.debug("CertUtils: verifySystemCerts():" + e.toString());
         }
@@ -1075,6 +1081,7 @@ public class CertUtils {
     /**
      * Signed Audit Log
      * This method is called to store messages to the signed audit log.
+     * 
      * @param msg signed audit log message
      */
     private static void audit(String msg) {
@@ -1085,11 +1092,10 @@ public class CertUtils {
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
-
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java
index effd86ed..51f0b079 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.io.IOException;
 import java.io.OutputStream;
 import java.security.cert.CertificateException;
@@ -34,10 +33,9 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.ca.ICertificateAuthority;
 import com.netscape.certsrv.cert.ICrossCertPairSubsystem;
 
-
 /**
  * This class implements CertificatePair used for Cross Certification
- *
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -47,14 +45,15 @@ public class CertificatePair implements ASN1Value {
     private static final Tag TAG = SEQUENCE.TAG;
 
     /**
-     * construct a CertificatePair.  It doesn't matter which is
-     * forward and which is reverse in the parameters.  It will figure 
+     * construct a CertificatePair. It doesn't matter which is
+     * forward and which is reverse in the parameters. It will figure
      * it out
+     * 
      * @param cert1 one X509Certificate
      * @param cert2 one X509Certificate
      */
-    public CertificatePair (X509Certificate cert1, X509Certificate cert2)
-        throws EBaseException {
+    public CertificatePair(X509Certificate cert1, X509Certificate cert2)
+            throws EBaseException {
         if ((cert1 == null) || (cert2 == null))
             throw new EBaseException("CertificatePair: both certs can not be null");
         debug("in CertificatePair()");
@@ -74,14 +73,15 @@ public class CertificatePair implements ASN1Value {
     }
 
     /**
-     * construct a CertificatePair.  It doesn't matter which is
-     * forward and which is reverse in the parameters.  It will figure 
+     * construct a CertificatePair. It doesn't matter which is
+     * forward and which is reverse in the parameters. It will figure
      * it out
+     * 
      * @param cert1 one certificate byte array
      * @param cert2 one certificate byte array
      */
-    public CertificatePair (byte[] cert1, byte[] cert2)
-        throws EBaseException {
+    public CertificatePair(byte[] cert1, byte[] cert2)
+            throws EBaseException {
         if ((cert1 == null) || (cert2 == null))
             throw new EBaseException("CertificatePair: both certs can not be null");
         boolean rightOrder = certOrders(cert1, cert2);
@@ -100,7 +100,7 @@ public class CertificatePair implements ASN1Value {
      * returns false if c2 is forward and cert1 is reverse
      */
     private boolean certOrders(X509Certificate c1, X509Certificate c2)
-        throws EBaseException {
+            throws EBaseException {
         debug("in certOrders() with X509Cert");
 
         ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
@@ -224,10 +224,10 @@ public class CertificatePair implements ASN1Value {
      * returns false if cert2 is forward and cert1 is reverse
      */
     private boolean certOrders(byte[] cert1, byte[] cert2)
-        throws EBaseException {
+            throws EBaseException {
         debug("in certOrders() with byte[]");
         ICrossCertPairSubsystem ccps =
-            (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair");
+                (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair");
         X509Certificate c1 = null;
         X509Certificate c2 = null;
 
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java
index 5c3c8001..a205e53a 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.text.DateFormat;
 import java.util.Iterator;
 import java.util.Locale;
@@ -37,12 +36,11 @@ import com.netscape.certsrv.ca.ICertificateAuthority;
 /**
  * This class will display the certificate content in predefined
  * format.
- *
+ * 
  * @author Andrew Wnuk
  * @version $Revision$, $Date$
  */
-public class CrlCachePrettyPrint implements ICRLPrettyPrint
-{
+public class CrlCachePrettyPrint implements ICRLPrettyPrint {
 
     /*==========================================================
      * constants
@@ -72,7 +70,7 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint
      * This method return string representation of the certificate
      * revocation list in predefined format using specified client
      * local. I18N Support.
-     *
+     * 
      * @param clientLocale Locale to be used for localization
      * @return string representation of the certificate
      */
@@ -107,8 +105,8 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint
             }
             sb.append(pp.indent(12) + resource.getString(
                       PrettyPrintResources.TOKEN_ISSUER) +
-                      ((ICertificateAuthority)(mIP.getCertificateAuthority()))
-                      .getCRLX500Name().toString() + "\n");
+                      ((ICertificateAuthority) (mIP.getCertificateAuthority()))
+                              .getCRLX500Name().toString() + "\n");
             // Format thisUpdate
             String thisUpdate = dateFormater.format(mIP.getLastUpdate());
 
@@ -124,17 +122,17 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint
             if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
                 // Do NOT append timezone ID
                 sb.append(pp.indent(12)
-                    + resource.getString(
-                        PrettyPrintResources.TOKEN_THIS_UPDATE)
-                    + thisUpdate
-                    + "\n");
+                        + resource.getString(
+                                PrettyPrintResources.TOKEN_THIS_UPDATE)
+                        + thisUpdate
+                        + "\n");
             } else {
                 // Append timezone ID
                 sb.append(pp.indent(12)
-                    + resource.getString(
-                        PrettyPrintResources.TOKEN_THIS_UPDATE)
-                    + thisUpdate
-                    + " " + tzid + "\n");
+                        + resource.getString(
+                                PrettyPrintResources.TOKEN_THIS_UPDATE)
+                        + thisUpdate
+                        + " " + tzid + "\n");
             }
             // Check for presence of NextUpdate
             if (mIP.getNextUpdate() != null) {
@@ -152,17 +150,17 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint
                 if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
                     // Do NOT append timezone ID
                     sb.append(pp.indent(12)
-                        + resource.getString(
-                            PrettyPrintResources.TOKEN_NEXT_UPDATE)
-                        + nextUpdate
-                        + "\n");
+                            + resource.getString(
+                                    PrettyPrintResources.TOKEN_NEXT_UPDATE)
+                            + nextUpdate
+                            + "\n");
                 } else {
                     // Append timezone ID
                     sb.append(pp.indent(12)
-                        + resource.getString(
-                            PrettyPrintResources.TOKEN_NEXT_UPDATE)
-                        + nextUpdate
-                        + " " + tzid + "\n");
+                            + resource.getString(
+                                    PrettyPrintResources.TOKEN_NEXT_UPDATE)
+                            + nextUpdate
+                            + " " + tzid + "\n");
                 }
             }
 
@@ -170,7 +168,7 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint
                 sb.append(pp.indent(12) + resource.getString(
                         PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES) + crlSize + "\n");
             } else if ((crlSize == 0 && pageStart == 0 && pageSize == 0) ||
-                (crlSize > 0 && pageStart > 0 && pageSize > 0)) {
+                    (crlSize > 0 && pageStart > 0 && pageSize > 0)) {
                 sb.append(pp.indent(12) + resource.getString(
                         PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES));
                 long upperLimit = crlSize;
@@ -183,7 +181,7 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint
                 }
                 sb.append("\n");
 
-                Set<RevokedCertificate> revokedCerts = mIP.getRevokedCertificates((int)(pageStart-1), (int)upperLimit);
+                Set<RevokedCertificate> revokedCerts = mIP.getRevokedCertificates((int) (pageStart - 1), (int) upperLimit);
 
                 if (revokedCerts != null) {
                     Iterator<RevokedCertificate> i = revokedCerts.iterator();
@@ -195,35 +193,35 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint
                         if ((crlSize == 0) || (upperLimit - pageStart + 1 >= l)) {
                             sb.append(pp.indent(16) + resource.getString(
                                     PrettyPrintResources.TOKEN_SERIAL) + "0x" +
-                                revokedCert.getSerialNumber().toString(16).toUpperCase() + "\n");
+                                    revokedCert.getSerialNumber().toString(16).toUpperCase() + "\n");
                             String revocationDate =
-                                dateFormater.format(revokedCert.getRevocationDate());
+                                    dateFormater.format(revokedCert.getRevocationDate());
 
                             // re-get timezone
                             // (just in case it is different . . .)
                             if (TimeZone.getDefault() != null) {
                                 tz = TimeZone.getDefault().getDisplayName(
                                             TimeZone.getDefault().inDaylightTime(
-                                                revokedCert.getRevocationDate()),
+                                                    revokedCert.getRevocationDate()),
                                             TimeZone.SHORT,
                                             clientLocale);
                             }
                             // Specify revocationDate
                             if (tz.equals(tzid) ||
-                                tzid.equals(CUSTOM_LOCALE)) {
+                                    tzid.equals(CUSTOM_LOCALE)) {
                                 // Do NOT append timezone ID
                                 sb.append(pp.indent(16)
-                                    + resource.getString(
-                                        PrettyPrintResources.TOKEN_REVOCATION_DATE)
-                                    + revocationDate
-                                    + "\n");
+                                        + resource.getString(
+                                                PrettyPrintResources.TOKEN_REVOCATION_DATE)
+                                        + revocationDate
+                                        + "\n");
                             } else {
                                 // Append timezone ID
                                 sb.append(pp.indent(16)
-                                    + resource.getString(
-                                        PrettyPrintResources.TOKEN_REVOCATION_DATE)
-                                    + revocationDate
-                                    + " " + tzid + "\n");
+                                        + resource.getString(
+                                                PrettyPrintResources.TOKEN_REVOCATION_DATE)
+                                        + revocationDate
+                                        + " " + tzid + "\n");
                             }
                             if (revokedCert.hasExtensions()) {
                                 sb.append(pp.indent(16) + resource.getString(
@@ -254,7 +252,7 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint
         } catch (Exception e) {
             sb.append("\n\n" + pp.indent(4) + resource.getString(
                     PrettyPrintResources.TOKEN_DECODING_ERROR) + "\n\n");
-            CMS.debug("Exception="+e.toString());
+            CMS.debug("Exception=" + e.toString());
             CMS.debugStackTrace();
         }
 
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java
index 1a3969b4..1d6048c8 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import netscape.security.x509.X509CRLImpl;
 
 import com.netscape.certsrv.base.ICRLPrettyPrint;
 
-
 /**
  * This class will display the certificate content in predefined
  * format.
- *
+ * 
  * @author Andrew Wnuk
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java
index 663585bf..25a3baef 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -47,23 +46,21 @@ import com.netscape.certsrv.publish.IPublisherProcessor;
 import com.netscape.certsrv.publish.IXcertPublisherProcessor;
 import com.netscape.cmscore.ldapconn.LdapBoundConnFactory;
 
-
 /**
  * Subsystem for handling cross certificate pairing and publishing
  * Intended use:
  * <ul>
- *   <li> when signing a subordinate CA cert which is intended to be
- * part of the crossCertificatePair
- *   <li> when this ca submits a request (with existing CA signing key 
- * material to another ca for cross-signing
- *</ul>
- *   In both cases, administrator needs to "import" the crossSigned
- * certificates via the admin console.  When importCert() is called,
+ * <li>when signing a subordinate CA cert which is intended to be part of the crossCertificatePair
+ * <li>when this ca submits a request (with existing CA signing key material to another ca for cross-signing
+ * </ul>
+ * In both cases, administrator needs to "import" the crossSigned
+ * certificates via the admin console. When importCert() is called,
  * the imported cert will be stored in the internal db
  * first until it's pairing cert shows up.
  * If it happens that the above two cases finds its pairing
  * cert already there, then a CertifiatePair is created and put
  * in the internal db "crosscertificatepair;binary" attribute
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -100,7 +97,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
     }
 
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         try {
             mConfig = config;
             mLogger = CMS.getLogger();
@@ -112,21 +109,21 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
 
             if (ldapConfig == null) {
                 log(ILogger.LL_MISCONF,
-                    CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR",
-                    PROP_LDAP));
+                        CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR",
+                                PROP_LDAP));
                 return;
             }
 
             mBaseDN = ldapConfig.getString(PROP_BASEDN, null);
-    
+
             mLdapConnFactory = new LdapBoundConnFactory();
 
             if (mLdapConnFactory != null)
                 mLdapConnFactory.init(ldapConfig);
             else {
                 log(ILogger.LL_MISCONF,
-                    CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR",
-                        PROP_LDAP));
+                        CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR",
+                                PROP_LDAP));
                 return;
             }
         } catch (EBaseException e) {
@@ -144,7 +141,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
      * If it happens that it finds its pairing
      * cert already there, then a CertifiatePair is created and put
      * in the internal db "crosscertificatepair;binary" attribute
-     *
+     * 
      * @param certBytes cert in byte array to be imported
      */
     public void importCert(byte[] certBytes) throws EBaseException {
@@ -169,7 +166,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
      * If it happens that it finds its pairing
      * cert already there, then a CertifiatePair is created and put
      * in the internal db "crosscertificatepair;binary" attribute
-     *
+     * 
      * @param certBytes cert in byte array to be imported
      */
     public synchronized void importCert(Object certObj) throws EBaseException {
@@ -208,7 +205,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
                 }
 
                 Enumeration en = caCerts.getByteValues();
-				
+
                 if ((en == null) || (en.hasMoreElements() == false)) {
                     debug("1st potential xcert");
                     addCAcert(conn, cert.getEncoded());
@@ -232,8 +229,8 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
                             // caCertificate attr, and publish if so configured
                             debug("found a pair!");
                             CertificatePair cp = new
-                                //								CertificatePair(inCert.getEncoded(), cert.getEncoded());
-                                CertificatePair(inCert, cert);
+                                    //								CertificatePair(inCert.getEncoded(), cert.getEncoded());
+                                    CertificatePair(inCert, cert);
 
                             addXCertPair(conn, certPairs, cp);
                             deleteCAcert(conn, inCert.getEncoded());
@@ -279,27 +276,28 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
 
     /**
      * are cert1 and cert2 cross-signed certs?
+     * 
      * @param cert1 the cert for comparison in our internal db
      * @param cert2 the cert that's being considered
      */
     protected boolean arePair(X509Certificate cert1, X509Certificate cert2) {
         // 1. does cert1's issuer match cert2's subject?
         // 2. does cert2's issuer match cert1's subject?
-        if ((cert1.getIssuerDN().equals((Object) cert2.getSubjectDN())) 
-            && (cert2.getIssuerDN().equals((Object) cert1.getSubjectDN())))
+        if ((cert1.getIssuerDN().equals((Object) cert2.getSubjectDN()))
+                && (cert2.getIssuerDN().equals((Object) cert1.getSubjectDN())))
             return true;
         else
             return false;
     }
 
-    public X509Certificate byteArray2X509Cert(byte[] certBytes) 
-        throws CertificateException {
+    public X509Certificate byteArray2X509Cert(byte[] certBytes)
+            throws CertificateException {
         debug("in bytearray2X509Cert()");
         ByteArrayInputStream inStream = new
-            ByteArrayInputStream(certBytes);
+                ByteArrayInputStream(certBytes);
 
         CertificateFactory cf =
-            CertificateFactory.getInstance("X.509");
+                CertificateFactory.getInstance("X.509");
 
         X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream);
 
@@ -308,12 +306,12 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
     }
 
     public synchronized void addXCertPair(LDAPConnection conn,
-        LDAPAttribute certPairs, CertificatePair pair)
-        throws LDAPException, IOException {
+            LDAPAttribute certPairs, CertificatePair pair)
+            throws LDAPException, IOException {
         ByteArrayOutputStream bos = new ByteArrayOutputStream();
 
         pair.encode(bos);
-		
+
         if (ByteValueExists(certPairs, bos.toByteArray()) == true) {
             debug("cross cert pair exists in internal db, don't add again");
             return;
@@ -322,9 +320,9 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
         // add certificatePair
         LDAPModificationSet modSet = new LDAPModificationSet();
 
-        modSet.add(LDAPModification.ADD, 
-            new LDAPAttribute(LDAP_ATTR_XCERT_PAIR, bos.toByteArray()));
-        conn.modify(DN_XCERTS + "," + mBaseDN, modSet); 
+        modSet.add(LDAPModification.ADD,
+                new LDAPAttribute(LDAP_ATTR_XCERT_PAIR, bos.toByteArray()));
+        conn.modify(DN_XCERTS + "," + mBaseDN, modSet);
     }
 
     /**
@@ -366,24 +364,24 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
         debug("exiting byteArraysAreEqual(): true");
         return true;
     }
-    
+
     public synchronized void addCAcert(LDAPConnection conn, byte[] certEnc)
-        throws LDAPException {
+            throws LDAPException {
         LDAPModificationSet modSet = new
-            LDAPModificationSet();
-						
+                LDAPModificationSet();
+
         modSet.add(LDAPModification.ADD,
-            new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc));
+                new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc));
         conn.modify(DN_XCERTS + "," + mBaseDN, modSet);
     }
 
     public synchronized void deleteCAcert(LDAPConnection conn, byte[] certEnc)
-        throws LDAPException {
+            throws LDAPException {
         LDAPModificationSet modSet = new
-            LDAPModificationSet();
+                LDAPModificationSet();
 
         modSet.add(LDAPModification.DELETE,
-            new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc));
+                new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc));
         conn.modify(DN_XCERTS + "," + mBaseDN, modSet);
     }
 
@@ -394,7 +392,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
         LDAPConnection conn = null;
 
         if ((mPublisherProcessor == null) ||
-            !mPublisherProcessor.enabled())
+                !mPublisherProcessor.enabled())
             return;
 
         try {
@@ -421,7 +419,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
                 }
 
                 Enumeration en = xcerts.getByteValues();
-				
+
                 if ((en == null) || (en.hasMoreElements() == false)) {
                     debug("publishCertPair found no pairs in internal db");
                     return;
@@ -476,7 +474,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
             try {
                 mLdapConnFactory.reset();
             } catch (ELdapException e) {
-                CMS.debug("CrossCertPairSubsystem shutdown exception: "+e.toString()); 
+                CMS.debug("CrossCertPairSubsystem shutdown exception: " + e.toString());
             }
         }
         mLdapConnFactory = null;
@@ -494,7 +492,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
 
     protected void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM,
-            ILogger.S_XCERT, level, msg);
+                ILogger.S_XCERT, level, msg);
     }
 
     private static void debug(String msg) {
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java
index ea9fabf2..5f5c66a4 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import netscape.security.x509.Extension;
 
 import com.netscape.certsrv.base.IExtPrettyPrint;
 
-
 /**
  * This class will display the certificate content in predefined
  * format.
- *
+ * 
  * @author Andrew Wnuk
  * @version $Revision$, $Date$
  */
@@ -36,4 +34,3 @@ public class ExtPrettyPrint extends netscape.security.util.ExtPrettyPrint implem
         super(ext, indentSize);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java
index 9353ae8f..b5e89d5d 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.security.cert.CertificateException;
 import java.util.Enumeration;
 
@@ -38,7 +37,6 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * 
  * @author stevep
@@ -47,7 +45,7 @@ import com.netscape.cmscore.util.Debug;
 public class OidLoaderSubsystem implements ISubsystem {
 
     private IConfigStore mConfig = null;
-    public  static final String ID = "oidmap";
+    public static final String ID = "oidmap";
     private String mId = ID;
 
     private static final String PROP_OID = "oid";
@@ -77,61 +75,58 @@ public class OidLoaderSubsystem implements ISubsystem {
     public static OidLoaderSubsystem getInstance() {
         return mInstance;
     }
-	
+
     private static final int CertType_data[] = { 2, 16, 840, 1, 113730, 1, 1 };
 
     /**
      * Identifies the particular public key used to sign the certificate.
      */
     public static final ObjectIdentifier CertType_Id = new
-        ObjectIdentifier(CertType_data);
+            ObjectIdentifier(CertType_data);
 
     private static final String[][] oidMapEntries = new String[][] {
-            {NSCertTypeExtension.class.getName(),
-                CertType_Id.toString(),
-                NSCertTypeExtension.class.getSimpleName()},
-            {CertificateRenewalWindowExtension.class.getName(),
-                CertificateRenewalWindowExtension.ID.toString(),
-                CertificateRenewalWindowExtension.class.getSimpleName()},
-            {CertificateScopeOfUseExtension.class.getName(),
-                CertificateScopeOfUseExtension.ID.toString(),
-                CertificateScopeOfUseExtension.NAME},
-            {DeltaCRLIndicatorExtension.class.getName(),
-                DeltaCRLIndicatorExtension.OID,
-                DeltaCRLIndicatorExtension.class.getSimpleName()},
-            {HoldInstructionExtension.class.getName(),
-                HoldInstructionExtension.OID,
-                HoldInstructionExtension.class.getSimpleName()},
-            {InvalidityDateExtension.class.getName(),
-                InvalidityDateExtension.OID,
-                InvalidityDateExtension.class.getSimpleName()},
-            {IssuingDistributionPointExtension.class.getName(),
-                IssuingDistributionPointExtension.OID,
-                IssuingDistributionPointExtension.class.getSimpleName()},
-            {FreshestCRLExtension.class.getName(),
-                FreshestCRLExtension.OID,
-                FreshestCRLExtension.class.getSimpleName()},
+            { NSCertTypeExtension.class.getName(),
+                    CertType_Id.toString(),
+                    NSCertTypeExtension.class.getSimpleName() },
+            { CertificateRenewalWindowExtension.class.getName(),
+                    CertificateRenewalWindowExtension.ID.toString(),
+                    CertificateRenewalWindowExtension.class.getSimpleName() },
+            { CertificateScopeOfUseExtension.class.getName(),
+                    CertificateScopeOfUseExtension.ID.toString(),
+                    CertificateScopeOfUseExtension.NAME },
+            { DeltaCRLIndicatorExtension.class.getName(),
+                    DeltaCRLIndicatorExtension.OID,
+                    DeltaCRLIndicatorExtension.class.getSimpleName() },
+            { HoldInstructionExtension.class.getName(),
+                    HoldInstructionExtension.OID,
+                    HoldInstructionExtension.class.getSimpleName() },
+            { InvalidityDateExtension.class.getName(),
+                    InvalidityDateExtension.OID,
+                    InvalidityDateExtension.class.getSimpleName() },
+            { IssuingDistributionPointExtension.class.getName(),
+                    IssuingDistributionPointExtension.OID,
+                    IssuingDistributionPointExtension.class.getSimpleName() },
+            { FreshestCRLExtension.class.getName(),
+                    FreshestCRLExtension.OID,
+                    FreshestCRLExtension.class.getSimpleName() },
         };
 
     /**
-     * Initializes this subsystem with the given 
+     * Initializes this subsystem with the given
      * configuration store.
      * It first initializes resident subsystems,
      * and it loads and initializes loadable
      * subsystem specified in the configuration
      * store.
      * <P>
-     * Note that individual subsystem should be
-     * initialized in a separated thread if
-     * it has dependency on the initialization
-     * of other subsystems.
+     * Note that individual subsystem should be initialized in a separated thread if it has dependency on the initialization of other subsystems.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      */
     public synchronized void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         if (Debug.ON) {
             Debug.trace("OIDLoaderSubsystem started");
         }
@@ -144,8 +139,8 @@ public class OidLoaderSubsystem implements ISubsystem {
         for (int i = 0; i < oidMapEntries.length; i++) {
             try {
                 OIDMap.addAttribute(oidMapEntries[i][0],
-                    oidMapEntries[i][1],
-                    oidMapEntries[i][2]);
+                        oidMapEntries[i][1],
+                        oidMapEntries[i][2]);
             } catch (Exception e) {
             }
         }
@@ -161,8 +156,8 @@ public class OidLoaderSubsystem implements ISubsystem {
                 String classname = substore.getString(PROP_CLASS);
 
                 OIDMap.addAttribute(classname,
-                    oidname,
-                    substorename);
+                        oidname,
+                        substorename);
             } catch (EPropertyNotFound e) {
                 // Log error
             } catch (CertificateException e) {
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java
index 3ace3c67..fb97a5cc 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import com.netscape.certsrv.base.IPrettyPrintFormat;
 
-
 /**
  * This class will display the certificate content in predefined
  * format.
- *
+ * 
  * @author Andrew Wnuk
  * @version $Revision$, $Date$
  */
@@ -42,11 +40,11 @@ public class PrettyPrintFormat implements IPrettyPrintFormat {
      *
      *==========================================================*/
     private final static String spaces =
-        "                                                 " +
-        "                                                 " +
-        "                                                 " +
-        "                                                 " +
-        "                                                 ";
+            "                                                 " +
+                    "                                                 " +
+                    "                                                 " +
+                    "                                                 " +
+                    "                                                 ";
 
     /*==========================================================
      * constructors
@@ -70,8 +68,7 @@ public class PrettyPrintFormat implements IPrettyPrintFormat {
     /*==========================================================
      * Private methods
      *==========================================================*/
-	 
-	 
+
     /*==========================================================
      * public methods
      *==========================================================*/
@@ -79,6 +76,7 @@ public class PrettyPrintFormat implements IPrettyPrintFormat {
     /**
      * Provide white space indention
      * stevep - speed improvements. Factor of 10 improvement
+     * 
      * @param numSpace number of white space to be returned
      * @return white spaces
      */
@@ -94,17 +92,18 @@ public class PrettyPrintFormat implements IPrettyPrintFormat {
     /**
      * Convert Byte Array to Hex String Format
      * stevep - speedup by factor of 8
+     * 
      * @param byte array of data to hexify
      * @param indentSize number of spaces to prepend before each line
      * @param lineLen number of bytes to output on each line (0
-     means: put everything on one line
+     *            means: put everything on one line
      * @param separator the first character of this string will be used as
-     the separator between bytes.
+     *            the separator between bytes.
      * @return string representation
      */
 
-    public String toHexString(byte[] in, int indentSize, 
-        int lineLen, String separator) {
+    public String toHexString(byte[] in, int indentSize,
+            int lineLen, String separator) {
         StringBuffer sb = new StringBuffer();
         int hexCount = 0;
         char c[];
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java
index 4bf1147a..361f50b4 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java
@@ -17,21 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.util.ListResourceBundle;
 
 import netscape.security.extensions.NSCertTypeExtension;
 import netscape.security.x509.KeyUsageExtension;
 
-
 /**
  * Resource Boundle for the Pretty Print
- *
+ * 
  * @author Jack Pan-Chen
  * @version $Revision$, $Date$
  */
 
-public class PrettyPrintResources extends  ListResourceBundle {
+public class PrettyPrintResources extends ListResourceBundle {
 
     /**
      * Returns content
@@ -176,120 +174,120 @@ public class PrettyPrintResources extends  ListResourceBundle {
 
     //Tokens should have blank_space as trailer
     static final Object[][] contents = {
-            {TOKEN_CERTIFICATE, "Certificate: "},
-            {TOKEN_DATA, "Data: "},
-            {TOKEN_VERSION, "Version: "},
-            {TOKEN_SERIAL, "Serial Number: "},
-            {TOKEN_SIGALG, "Signature Algorithm: "},
-            {TOKEN_ISSUER, "Issuer: "},
-            {TOKEN_VALIDITY, "Validity: "},
-            {TOKEN_NOT_BEFORE, "Not Before: "},
-            {TOKEN_NOT_AFTER, "Not  After: "},
-            {TOKEN_SUBJECT, "Subject: "},
-            {TOKEN_SPKI, "Subject Public Key Info: "},
-            {TOKEN_ALGORITHM, "Algorithm: "},
-            {TOKEN_PUBLIC_KEY, "Public Key: "},
-            {TOKEN_PUBLIC_KEY_MODULUS, "Public Key Modulus: "},
-            {TOKEN_PUBLIC_KEY_EXPONENT, "Exponent: "},
-            {TOKEN_EXTENSIONS, "Extensions: "},
-            {TOKEN_SIGNATURE, "Signature: "},
-            {TOKEN_YES, "yes "},
-            {TOKEN_NO, "no "},
-            {TOKEN_IDENTIFIER, "Identifier: "},
-            {TOKEN_CRITICAL, "Critical: "},
-            {TOKEN_VALUE, "Value: "},
-            {TOKEN_KEY_TYPE, "Key Type "},
-            {TOKEN_CERT_TYPE, "Netscape Certificate Type "},
-            {TOKEN_SKI, "Subject Key Identifier "},
-            {TOKEN_AKI, "Authority Key Identifier "},
-            {TOKEN_ACCESS_DESC, "Access Description: "},
-            {TOKEN_OCSP_NOCHECK, "OCSP NoCheck: "},
-            {TOKEN_EXTENDED_KEY_USAGE, "Extended Key Usage: "},
-            {TOKEN_PRIVATE_KEY_USAGE, "Private Key Usage: "},
-            {TOKEN_PRESENCE_SERVER, "Presence Server: "},
-            {TOKEN_AIA, "Authority Info Access: "},
-            {TOKEN_KEY_USAGE, "Key Usage: "},
-            {KeyUsageExtension.DIGITAL_SIGNATURE, "Digital Signature "},
-            {KeyUsageExtension.NON_REPUDIATION, "Non Repudiation "},
-            {KeyUsageExtension.KEY_ENCIPHERMENT, "Key Encipherment "},        
-            {KeyUsageExtension.DATA_ENCIPHERMENT, "Data Encipherment "},
-            {KeyUsageExtension.KEY_AGREEMENT, "Key Agreement "},
-            {KeyUsageExtension.KEY_CERTSIGN, "Key CertSign "},
-            {KeyUsageExtension.CRL_SIGN, "Crl Sign "},
-            {KeyUsageExtension.ENCIPHER_ONLY, "Encipher Only "},
-            {KeyUsageExtension.DECIPHER_ONLY, "Decipher Only "},
-            {TOKEN_CERT_USAGE, "Certificate Usage: "},
-            {NSCertTypeExtension.SSL_CLIENT, "SSL Client "},
-            {NSCertTypeExtension.SSL_SERVER, "SSL Server "},
-            {NSCertTypeExtension.EMAIL, "Secure Email "},
-            {NSCertTypeExtension.OBJECT_SIGNING, "Object Signing "},
-            {NSCertTypeExtension.SSL_CA, "SSL CA "},
-            {NSCertTypeExtension.EMAIL_CA, "Secure Email CA "},
-            {NSCertTypeExtension.OBJECT_SIGNING_CA, "ObjectSigning CA "},
-            {TOKEN_KEY_ID, "Key Identifier: "},
-            {TOKEN_AUTH_NAME, "Authority Name: "},
-            {TOKEN_CRL, "Certificate Revocation List: "},
-            {TOKEN_THIS_UPDATE, "This Update: "},
-            {TOKEN_NEXT_UPDATE, "Next Update: "},
-            {TOKEN_REVOKED_CERTIFICATES, "Revoked Certificates: "},
-            {TOKEN_REVOCATION_DATE, "Revocation Date: "},
-            {TOKEN_REVOCATION_REASON, "Revocation Reason "},
-            {TOKEN_REASON, "Reason: "},
-            {TOKEN_BASIC_CONSTRAINTS, "Basic Constraints "},
-            {TOKEN_NAME_CONSTRAINTS, "Name Constraints "},
-            {TOKEN_NSC_COMMENT, "Netscape Comment "},
-            {TOKEN_IS_CA, "Is CA: "},
-            {TOKEN_PATH_LEN, "Path Length Constraint: "},
-            {TOKEN_PATH_LEN_UNLIMITED, "UNLIMITED"},
-            {TOKEN_PATH_LEN_UNDEFINED, "UNDEFINED"},
-            {TOKEN_PATH_LEN_INVALID, "INVALID"},
-            {TOKEN_CRL_NUMBER, "CRL Number "},
-            {TOKEN_NUMBER, "Number: "},
-            {TOKEN_DELTA_CRL_INDICATOR, "Delta CRL Indicator "},
-            {TOKEN_BASE_CRL_NUMBER, "Base CRL Number: "},
-            {TOKEN_CERT_SCOPE_OF_USE, "Certificate Scope of Use "},
-            {TOKEN_SCOPE_OF_USE, "Scope of Use: "},
-            {TOKEN_PORT, "Port: "},
-            {TOKEN_ISSUER_ALT_NAME, "Issuer Alternative Name "},
-            {TOKEN_ISSUER_NAMES, "Issuer Names: "},
-            {TOKEN_SUBJECT_ALT_NAME, "Subject Alternative Name "},
-            {TOKEN_DECODING_ERROR, "Decoding Error"},
-            {TOKEN_FRESHEST_CRL_EXT, "Freshest CRL "},
-            {TOKEN_CRL_DP_EXT, "CRL Distribution Points "},
-            {TOKEN_CRLDP_NUMPOINTS, "Number of Points: "},
-            {TOKEN_CRLDP_POINTN, "Point "},
-            {TOKEN_CRLDP_DISTPOINT, "Distribution Point: "},
-            {TOKEN_CRLDP_REASONS, "Reason Flags: "},
-            {TOKEN_CRLDP_CRLISSUER, "CRL Issuer: "},
-            {TOKEN_ISSUING_DIST_POINT, "Issuing Distribution Point "},
-            {TOKEN_DIST_POINT_NAME, "Distribution Point: "},
-            {TOKEN_FULL_NAME, "Full Name: "},
-            {TOKEN_RELATIVE_NAME, "Name Relative To CRL Issuer: "},
-            {TOKEN_ONLY_USER_CERTS, "Only Contains User Certificates: "},
-            {TOKEN_ONLY_CA_CERTS, "Only Contains CA Certificates: "},
-            {TOKEN_ONLY_SOME_REASONS, "Only Some Reasons: "},
-            {TOKEN_INDIRECT_CRL, "Indirect CRL: "},
-            {TOKEN_INVALIDITY_DATE, "Invalidity Date "},
-            {TOKEN_DATE_OF_INVALIDITY, "Invalidity Date: "},
-            {TOKEN_CERTIFICATE_ISSUER, "Certificate Issuer "},
-            {TOKEN_HOLD_INSTRUCTION, "Hold Instruction Code "},
-            {TOKEN_HOLD_INSTRUCTION_CODE, "Hold Instruction Code: "},
-            {TOKEN_POLICY_CONSTRAINTS, "Policy Constraints "},
-            {TOKEN_INHIBIT_POLICY_MAPPING, "Inhibit Policy Mapping: "},
-            {TOKEN_REQUIRE_EXPLICIT_POLICY, "Require Explicit Policy: "},
-            {TOKEN_POLICY_MAPPINGS, "Policy Mappings "},
-            {TOKEN_MAPPINGS, "Mappings: "},
-            {TOKEN_MAP, "Map "},
-            {TOKEN_ISSUER_DOMAIN_POLICY, "Issuer Domain Policy: "},
-            {TOKEN_SUBJECT_DOMAIN_POLICY, "Subject Domain Policy: "},
-            {TOKEN_SUBJECT_DIR_ATTR, "Subject Directory Attributes "},
-            {TOKEN_ATTRIBUTES, "Attributes:" },
-            {TOKEN_ATTRIBUTE, "Attribute "},
-            {TOKEN_VALUES, "Values: "},
-            {TOKEN_NOT_SET, "not set"},
-            {TOKEN_NONE, "none"},
-            {TOKEN_CACHE_NOT_AVAILABLE, "CRL cache is not available. "},
-            {TOKEN_CACHE_IS_EMPTY, "CRL cache is empty. "},
+            { TOKEN_CERTIFICATE, "Certificate: " },
+            { TOKEN_DATA, "Data: " },
+            { TOKEN_VERSION, "Version: " },
+            { TOKEN_SERIAL, "Serial Number: " },
+            { TOKEN_SIGALG, "Signature Algorithm: " },
+            { TOKEN_ISSUER, "Issuer: " },
+            { TOKEN_VALIDITY, "Validity: " },
+            { TOKEN_NOT_BEFORE, "Not Before: " },
+            { TOKEN_NOT_AFTER, "Not  After: " },
+            { TOKEN_SUBJECT, "Subject: " },
+            { TOKEN_SPKI, "Subject Public Key Info: " },
+            { TOKEN_ALGORITHM, "Algorithm: " },
+            { TOKEN_PUBLIC_KEY, "Public Key: " },
+            { TOKEN_PUBLIC_KEY_MODULUS, "Public Key Modulus: " },
+            { TOKEN_PUBLIC_KEY_EXPONENT, "Exponent: " },
+            { TOKEN_EXTENSIONS, "Extensions: " },
+            { TOKEN_SIGNATURE, "Signature: " },
+            { TOKEN_YES, "yes " },
+            { TOKEN_NO, "no " },
+            { TOKEN_IDENTIFIER, "Identifier: " },
+            { TOKEN_CRITICAL, "Critical: " },
+            { TOKEN_VALUE, "Value: " },
+            { TOKEN_KEY_TYPE, "Key Type " },
+            { TOKEN_CERT_TYPE, "Netscape Certificate Type " },
+            { TOKEN_SKI, "Subject Key Identifier " },
+            { TOKEN_AKI, "Authority Key Identifier " },
+            { TOKEN_ACCESS_DESC, "Access Description: " },
+            { TOKEN_OCSP_NOCHECK, "OCSP NoCheck: " },
+            { TOKEN_EXTENDED_KEY_USAGE, "Extended Key Usage: " },
+            { TOKEN_PRIVATE_KEY_USAGE, "Private Key Usage: " },
+            { TOKEN_PRESENCE_SERVER, "Presence Server: " },
+            { TOKEN_AIA, "Authority Info Access: " },
+            { TOKEN_KEY_USAGE, "Key Usage: " },
+            { KeyUsageExtension.DIGITAL_SIGNATURE, "Digital Signature " },
+            { KeyUsageExtension.NON_REPUDIATION, "Non Repudiation " },
+            { KeyUsageExtension.KEY_ENCIPHERMENT, "Key Encipherment " },
+            { KeyUsageExtension.DATA_ENCIPHERMENT, "Data Encipherment " },
+            { KeyUsageExtension.KEY_AGREEMENT, "Key Agreement " },
+            { KeyUsageExtension.KEY_CERTSIGN, "Key CertSign " },
+            { KeyUsageExtension.CRL_SIGN, "Crl Sign " },
+            { KeyUsageExtension.ENCIPHER_ONLY, "Encipher Only " },
+            { KeyUsageExtension.DECIPHER_ONLY, "Decipher Only " },
+            { TOKEN_CERT_USAGE, "Certificate Usage: " },
+            { NSCertTypeExtension.SSL_CLIENT, "SSL Client " },
+            { NSCertTypeExtension.SSL_SERVER, "SSL Server " },
+            { NSCertTypeExtension.EMAIL, "Secure Email " },
+            { NSCertTypeExtension.OBJECT_SIGNING, "Object Signing " },
+            { NSCertTypeExtension.SSL_CA, "SSL CA " },
+            { NSCertTypeExtension.EMAIL_CA, "Secure Email CA " },
+            { NSCertTypeExtension.OBJECT_SIGNING_CA, "ObjectSigning CA " },
+            { TOKEN_KEY_ID, "Key Identifier: " },
+            { TOKEN_AUTH_NAME, "Authority Name: " },
+            { TOKEN_CRL, "Certificate Revocation List: " },
+            { TOKEN_THIS_UPDATE, "This Update: " },
+            { TOKEN_NEXT_UPDATE, "Next Update: " },
+            { TOKEN_REVOKED_CERTIFICATES, "Revoked Certificates: " },
+            { TOKEN_REVOCATION_DATE, "Revocation Date: " },
+            { TOKEN_REVOCATION_REASON, "Revocation Reason " },
+            { TOKEN_REASON, "Reason: " },
+            { TOKEN_BASIC_CONSTRAINTS, "Basic Constraints " },
+            { TOKEN_NAME_CONSTRAINTS, "Name Constraints " },
+            { TOKEN_NSC_COMMENT, "Netscape Comment " },
+            { TOKEN_IS_CA, "Is CA: " },
+            { TOKEN_PATH_LEN, "Path Length Constraint: " },
+            { TOKEN_PATH_LEN_UNLIMITED, "UNLIMITED" },
+            { TOKEN_PATH_LEN_UNDEFINED, "UNDEFINED" },
+            { TOKEN_PATH_LEN_INVALID, "INVALID" },
+            { TOKEN_CRL_NUMBER, "CRL Number " },
+            { TOKEN_NUMBER, "Number: " },
+            { TOKEN_DELTA_CRL_INDICATOR, "Delta CRL Indicator " },
+            { TOKEN_BASE_CRL_NUMBER, "Base CRL Number: " },
+            { TOKEN_CERT_SCOPE_OF_USE, "Certificate Scope of Use " },
+            { TOKEN_SCOPE_OF_USE, "Scope of Use: " },
+            { TOKEN_PORT, "Port: " },
+            { TOKEN_ISSUER_ALT_NAME, "Issuer Alternative Name " },
+            { TOKEN_ISSUER_NAMES, "Issuer Names: " },
+            { TOKEN_SUBJECT_ALT_NAME, "Subject Alternative Name " },
+            { TOKEN_DECODING_ERROR, "Decoding Error" },
+            { TOKEN_FRESHEST_CRL_EXT, "Freshest CRL " },
+            { TOKEN_CRL_DP_EXT, "CRL Distribution Points " },
+            { TOKEN_CRLDP_NUMPOINTS, "Number of Points: " },
+            { TOKEN_CRLDP_POINTN, "Point " },
+            { TOKEN_CRLDP_DISTPOINT, "Distribution Point: " },
+            { TOKEN_CRLDP_REASONS, "Reason Flags: " },
+            { TOKEN_CRLDP_CRLISSUER, "CRL Issuer: " },
+            { TOKEN_ISSUING_DIST_POINT, "Issuing Distribution Point " },
+            { TOKEN_DIST_POINT_NAME, "Distribution Point: " },
+            { TOKEN_FULL_NAME, "Full Name: " },
+            { TOKEN_RELATIVE_NAME, "Name Relative To CRL Issuer: " },
+            { TOKEN_ONLY_USER_CERTS, "Only Contains User Certificates: " },
+            { TOKEN_ONLY_CA_CERTS, "Only Contains CA Certificates: " },
+            { TOKEN_ONLY_SOME_REASONS, "Only Some Reasons: " },
+            { TOKEN_INDIRECT_CRL, "Indirect CRL: " },
+            { TOKEN_INVALIDITY_DATE, "Invalidity Date " },
+            { TOKEN_DATE_OF_INVALIDITY, "Invalidity Date: " },
+            { TOKEN_CERTIFICATE_ISSUER, "Certificate Issuer " },
+            { TOKEN_HOLD_INSTRUCTION, "Hold Instruction Code " },
+            { TOKEN_HOLD_INSTRUCTION_CODE, "Hold Instruction Code: " },
+            { TOKEN_POLICY_CONSTRAINTS, "Policy Constraints " },
+            { TOKEN_INHIBIT_POLICY_MAPPING, "Inhibit Policy Mapping: " },
+            { TOKEN_REQUIRE_EXPLICIT_POLICY, "Require Explicit Policy: " },
+            { TOKEN_POLICY_MAPPINGS, "Policy Mappings " },
+            { TOKEN_MAPPINGS, "Mappings: " },
+            { TOKEN_MAP, "Map " },
+            { TOKEN_ISSUER_DOMAIN_POLICY, "Issuer Domain Policy: " },
+            { TOKEN_SUBJECT_DOMAIN_POLICY, "Subject Domain Policy: " },
+            { TOKEN_SUBJECT_DIR_ATTR, "Subject Directory Attributes " },
+            { TOKEN_ATTRIBUTES, "Attributes:" },
+            { TOKEN_ATTRIBUTE, "Attribute " },
+            { TOKEN_VALUES, "Values: " },
+            { TOKEN_NOT_SET, "not set" },
+            { TOKEN_NONE, "none" },
+            { TOKEN_CACHE_NOT_AVAILABLE, "CRL cache is not available. " },
+            { TOKEN_CACHE_IS_EMPTY, "CRL cache is empty. " },
         };
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java
index 01e58fa1..9ea58181 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.security.PublicKey;
 
-
 /**
  * This class will display the certificate content in predefined
  * format.
- *
+ * 
  * @author Jack Pan-Chen
  * @author Andrew Wnuk
  * @version $Revision$, $Date$
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java
index 539ec82b..8f5964b7 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.StringTokenizer;
@@ -35,13 +34,11 @@ import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * Subsystem for configuring X500Name related things. 
- * It is used for the following. 
+ * Subsystem for configuring X500Name related things.
+ * It is used for the following.
  * <ul>
- * <li>Add X500Name (string to oid) maps for attributes that 
- *   are not supported by default.
+ * <li>Add X500Name (string to oid) maps for attributes that are not supported by default.
  * <li>Specify an order for encoding Directory Strings other than the default.
  * </ul>
  * 
@@ -51,11 +48,10 @@ import com.netscape.cmscore.util.Debug;
 public class X500NameSubsystem implements ISubsystem {
 
     private IConfigStore mConfig = null;
-    public  static final String ID = "X500Name";
+    public static final String ID = "X500Name";
     private String mId = ID;
 
-    private static final String 
-        PROP_DIR_STR_ENCODING_ORDER = "directoryStringEncodingOrder";
+    private static final String PROP_DIR_STR_ENCODING_ORDER = "directoryStringEncodingOrder";
 
     private static final String PROP_ATTR = "attr";
     private static final String PROP_OID = "oid";
@@ -82,57 +78,60 @@ public class X500NameSubsystem implements ISubsystem {
     public static X500NameSubsystem getInstance() {
         return mInstance;
     }
-	
+
     /**
      * Initializes this subsystem with the given configuration store.
-     * All paramters are optional.  
+     * All paramters are optional.
      * <ul>
-     * <li>Change encoding order of Directory Strings: 
+     * <li>Change encoding order of Directory Strings:
+     * 
      * <pre>
      * X500Name.directoryStringEncodingOrder=order seperated by commas
      * For example: Printable,BMPString,UniversalString.
      * </pre>
-     * Possible values are:  
+     * 
+     * Possible values are:
      * <ul>
      * <li>Printable
      * <li>IA5String
      * <li>UniversalString
      * <li>BMPString
-     * <li>UTF8String 
+     * <li>UTF8String
      * </ul>
      * <p>
-     * <li>Add X500Name attributes: 
+     * <li>Add X500Name attributes:
+     * 
      * <pre>
      * X500Name.attr.attribute-name.oid=n.n.n.n
-     * X500Name.attr.attribute-name.class=value converter class 
+     * X500Name.attr.attribute-name.class=value converter class
      * </pre>
      * 
-     * The value converter class converts a string to a ASN.1 value. 
-     * It must implement netscape.security.x509.AVAValueConverter interface. 
-     * Converter classes provided in CMS are: 
+     * The value converter class converts a string to a ASN.1 value. It must implement netscape.security.x509.AVAValueConverter interface. Converter classes provided in CMS are:
+     * 
      * <pre>
      *     netscape.security.x509.PrintableConverter - 
-     *			Converts to a Printable String value. String must have only 
-     *			printable characters. 
+     * 		Converts to a Printable String value. String must have only 
+     * 		printable characters. 
      *     netscape.security.x509.IA5StringConverter - 
-     *			Converts to a IA5String value. String must have only IA5String
-     *			characters. 
+     * 		Converts to a IA5String value. String must have only IA5String
+     * 		characters. 
      *     netscape.security.x509.DirStrConverter - 
-     *			Converts to a Directory (v3) String. String is expected to 
-     *			be in Directory String format according to rfc2253.
+     * 		Converts to a Directory (v3) String. String is expected to 
+     * 		be in Directory String format according to rfc2253.
      *     netscape.security.x509.GenericValueConverter - 
-     *			Converts string character by character in the following order
-     *			from smaller character sets to broadest character set.
-     *				Printable, IA5String, BMPString, Universal String.
+     * 		Converts string character by character in the following order
+     * 		from smaller character sets to broadest character set.
+     * 			Printable, IA5String, BMPString, Universal String.
      * </pre>
+     * 
      * </ul>
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      */
     public synchronized void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mLogger = CMS.getLogger();
         if (Debug.ON) {
             Debug.trace(ID + " started");
@@ -147,11 +146,11 @@ public class X500NameSubsystem implements ISubsystem {
     }
 
     /**
-     * Loads X500Name String to attribute maps. 
+     * Loads X500Name String to attribute maps.
      * Called from init.
      */
     private void loadX500NameAttrMaps()
-        throws EBaseException {
+            throws EBaseException {
         X500NameAttrMap globalMap = X500NameAttrMap.getDefault();
         IConfigStore attrSubStore = mConfig.getSubStore(PROP_ATTR);
         Enumeration attrNames = attrSubStore.getSubStoreNames();
@@ -180,14 +179,14 @@ public class X500NameSubsystem implements ISubsystem {
     }
 
     /**
-     * Set directory string encoding order. 
+     * Set directory string encoding order.
      * Called from init().
      */
-    private void setDirStrEncodingOrder() 
-        throws EBaseException {
+    private void setDirStrEncodingOrder()
+            throws EBaseException {
         String order = mConfig.getString(PROP_DIR_STR_ENCODING_ORDER, null);
 
-        if (order == null || order.length() == 0)  // nothing.
+        if (order == null || order.length() == 0) // nothing.
             return;
         StringTokenizer toker = new StringTokenizer(order, ", \t");
         int numTokens = toker.countTokens();
@@ -196,7 +195,7 @@ public class X500NameSubsystem implements ISubsystem {
             String msg = "must be a list of DER tag names seperated by commas.";
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CERT_DIR_STRING", PROP_DIR_STR_ENCODING_ORDER));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
                         PROP_DIR_STR_ENCODING_ORDER, msg));
         }
 
@@ -211,7 +210,7 @@ public class X500NameSubsystem implements ISubsystem {
                 String msg = "unknown DER tag '" + nextTag + "'.";
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CERT_UNKNOWN_TAG", PROP_DIR_STR_ENCODING_ORDER, nextTag));
-                throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", 
+                throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
                             PROP_DIR_STR_ENCODING_ORDER, msg));
             }
         }
@@ -230,27 +229,27 @@ public class X500NameSubsystem implements ISubsystem {
 
     static {
         mDerStr2TagHash.put(
-            PRINTABLESTRING, Byte.valueOf(DerValue.tag_PrintableString));
+                PRINTABLESTRING, Byte.valueOf(DerValue.tag_PrintableString));
         mDerStr2TagHash.put(
-            IA5STRING, Byte.valueOf(DerValue.tag_IA5String));
+                IA5STRING, Byte.valueOf(DerValue.tag_IA5String));
         mDerStr2TagHash.put(
-            VISIBLESTRING, Byte.valueOf(DerValue.tag_VisibleString));
+                VISIBLESTRING, Byte.valueOf(DerValue.tag_VisibleString));
         mDerStr2TagHash.put(
-            T61STRING, Byte.valueOf(DerValue.tag_T61String));
+                T61STRING, Byte.valueOf(DerValue.tag_T61String));
         mDerStr2TagHash.put(
-            BMPSTRING, Byte.valueOf(DerValue.tag_BMPString));
+                BMPSTRING, Byte.valueOf(DerValue.tag_BMPString));
         mDerStr2TagHash.put(
-            UNIVERSALSTRING, Byte.valueOf(DerValue.tag_UniversalString));
+                UNIVERSALSTRING, Byte.valueOf(DerValue.tag_UniversalString));
         mDerStr2TagHash.put(
-            UFT8STRING, Byte.valueOf(DerValue.tag_UTF8String));
+                UFT8STRING, Byte.valueOf(DerValue.tag_UTF8String));
     }
 
     private byte derStr2Tag(String s) {
-        if (s == null || s.length() == 0) 
+        if (s == null || s.length() == 0)
             throw new IllegalArgumentException();
         Byte tag = (Byte) mDerStr2TagHash.get(s);
 
-        if (tag == null) 
+        if (tag == null)
             throw new IllegalArgumentException();
         return tag.byteValue();
     }
@@ -278,7 +277,7 @@ public class X500NameSubsystem implements ISubsystem {
 
     protected void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM,
-            ILogger.S_ADMIN, level, msg);
+                ILogger.S_ADMIN, level, msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnFactory.java b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnFactory.java
index 5a607ee9..12f8fe73 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnFactory.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnFactory.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authority.IAuthority;
 import com.netscape.certsrv.base.EBaseException;
@@ -28,7 +27,6 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmsutil.http.JssSSLSocketFactory;
 import com.netscape.cmsutil.net.ISocketFactory;
 
-
 /**
  * Factory for getting HTTP Connections to a HTTPO server
  */
@@ -38,14 +36,14 @@ public class HttpConnFactory {
 
     private ILogger mLogger = CMS.getLogger();
 
-    private int mNumConns = 0;      // number of available conns in array
-    private int mTotal = 0;		// total num conns 
+    private int mNumConns = 0; // number of available conns in array
+    private int mTotal = 0; // total num conns 
     private IHttpConnection mMasterConn = null; // master connection object.
     private IHttpConnection mConns[];
     private IAuthority mSource = null;
     private IRemoteAuthority mDest = null;
     private String mNickname = "";
-    private int    mTimeout = 0;
+    private int mTimeout = 0;
 
     /**
      * default value for the above at init time.
@@ -61,12 +59,12 @@ public class HttpConnFactory {
 
     /**
      * Constructor for HttpConnFactory
+     * 
      * @param minConns minimum number of connections to have available
-     * @param maxConns max number of connections to have available. This is 
+     * @param maxConns max number of connections to have available. This is
      * @param serverInfo server connection info - host, port, etc.
      */
-    public HttpConnFactory(int minConns, int maxConns, IAuthority source, IRemoteAuthority dest, String nickname, int timeout
-    ) throws EBaseException {
+    public HttpConnFactory(int minConns, int maxConns, IAuthority source, IRemoteAuthority dest, String nickname, int timeout) throws EBaseException {
 
         CMS.debug("In HttpConnFactory constructor mTimeout " + timeout);
         mSource = source;
@@ -78,21 +76,22 @@ public class HttpConnFactory {
     }
 
     /**
-     * initialize parameters obtained from either constructor or 
+     * initialize parameters obtained from either constructor or
      * config store
+     * 
      * @param minConns minimum number of connection handls to have available.
      * @param maxConns maximum total number of connections to ever have.
      * @param connInfo ldap connection info.
      * @param authInfo ldap authentication info.
-     * @exception ELdapException if any error occurs. 
+     * @exception ELdapException if any error occurs.
      */
-    private void init(int minConns, int maxConns 
-    ) 
-        throws EBaseException {
+    private void init(int minConns, int maxConns
+            )
+                    throws EBaseException {
 
         CMS.debug("min conns " + minConns + " maxConns " + maxConns);
         if (minConns <= 0 || maxConns <= 0 || minConns > maxConns) {
-            CMS.debug("bad values from CMS.cfg");   
+            CMS.debug("bad values from CMS.cfg");
 
         } else {
 
@@ -109,8 +108,8 @@ public class HttpConnFactory {
         CMS.debug("before makeConnection");
 
         CMS.debug(
-            "initializing HttpConnFactory with mininum " + mMinConns + " and maximum " + mMaxConns +
-            " connections to ");
+                "initializing HttpConnFactory with mininum " + mMinConns + " and maximum " + mMaxConns +
+                        " connections to ");
 
         // initalize minimum number of connection handles available.
         //makeMinimum();
@@ -126,21 +125,21 @@ public class HttpConnFactory {
 
         try {
             ISocketFactory tFactory = new JssSSLSocketFactory(mNickname);
-        
+
             if (mTimeout == 0) {
                 retConn = CMS.getHttpConnection(mDest, tFactory);
             } else {
                 retConn = CMS.getHttpConnection(mDest, tFactory, mTimeout);
             }
 
-        }  catch (Exception e) {
+        } catch (Exception e) {
 
             CMS.debug("can't make new Htpp Connection");
 
             throw new EBaseException(
-                    "Can't create new Http Connection"); 
+                    "Can't create new Http Connection");
         }
-       
+
         return retConn;
     }
 
@@ -160,7 +159,7 @@ public class HttpConnFactory {
                 return;
 
             CMS.debug(
-                "increasing minimum connections by " + increment);
+                    "increasing minimum connections by " + increment);
             for (int i = increment - 1; i >= 0; i--) {
                 mConns[i] = (IHttpConnection) createConnection();
             }
@@ -172,27 +171,26 @@ public class HttpConnFactory {
     }
 
     /**
-     * gets a conenction from this factory. 
-     * All connections obtained from the factory must be returned by 
+     * gets a conenction from this factory.
+     * All connections obtained from the factory must be returned by
      * returnConn() method.
      * The best thing to do is to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * always gets called. For example,
+     * 
      * <pre>
-     *	  IHttpConnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (EBaseException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * IHttpConnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (EBaseException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
      */
-    public IHttpConnection getConn() 
-        throws EBaseException {
+    public IHttpConnection getConn()
+            throws EBaseException {
         return getConn(true);
     }
 
@@ -200,49 +198,47 @@ public class HttpConnFactory {
      * Returns a Http connection - a clone of the master connection.
      * All connections should be returned to the factory using returnConn()
      * to recycle connection objects.
-     * If not returned the limited max number is affected but if that 
+     * If not returned the limited max number is affected but if that
      * number is large not much harm is done.
      * Returns null if maximum number of connections reached.
      * The best thing to do is to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * always gets called. For example,
+     * 
      * <pre>
-     *	  IHttpConnnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (EBaseException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * IHttpConnnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (EBaseException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
-     */ 
-    public synchronized IHttpConnection getConn(boolean waitForConn) 
-        throws EBaseException {
+     */
+    public synchronized IHttpConnection getConn(boolean waitForConn)
+            throws EBaseException {
         boolean waited = false;
 
         CMS.debug("In HttpConnFactory.getConn");
-        if (mNumConns == 0) 
+        if (mNumConns == 0)
             makeMinimum();
         if (mNumConns == 0) {
             if (!waitForConn)
                 return null;
             try {
                 CMS.debug("getConn: out of http connections");
-                log(ILogger.LL_WARN, 
-                    "Ran out of http connections available " 
-                );
+                log(ILogger.LL_WARN,
+                        "Ran out of http connections available ");
                 waited = true;
                 CMS.debug("HttpConn:about to wait for a new http connection");
-                while (mNumConns == 0) 
+                while (mNumConns == 0)
                     wait();
 
                 CMS.debug("HttpConn:done waiting for new http connection");
             } catch (InterruptedException e) {
             }
-        } 
+        }
         mNumConns--;
         IHttpConnection conn = mConns[mNumConns];
 
@@ -250,9 +246,8 @@ public class HttpConnFactory {
 
         if (waited) {
             CMS.debug("HttpConn:had to wait for an available connection from pool");
-            log(ILogger.LL_WARN, 
-                "Http connections are available again in http connection pool " 
-            );
+            log(ILogger.LL_WARN,
+                    "Http connections are available again in http connection pool ");
         }
         CMS.debug("HttpgetConn: mNumConns now " + mNumConns);
 
@@ -260,22 +255,21 @@ public class HttpConnFactory {
     }
 
     /**
-     * Teturn connection to the factory. 
+     * Teturn connection to the factory.
      * This is mandatory after a getConn().
      * The best thing to do is to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * always gets called. For example,
+     * 
      * <pre>
-     *	  IHttpConnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (EBaseException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * IHttpConnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (EBaseException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
      */
     public synchronized void returnConn(IHttpConnection conn) {
@@ -289,7 +283,7 @@ public class HttpConnFactory {
         for (int i = 0; i < mNumConns; i++) {
             if (mConns[i] == conn) {
                 CMS.debug(
-                    "returnConn: previously returned connection. " + conn);
+                        "returnConn: previously returned connection. " + conn);
 
             }
         }
@@ -303,11 +297,11 @@ public class HttpConnFactory {
      */
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "In Http (bound) connection pool to" +
-            msg);
+                "In Http (bound) connection pool to" +
+                        msg);
     }
 
     protected void finalize()
-        throws Exception {
+            throws Exception {
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnection.java b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnection.java
index e8b03542..5b07f2c6 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnection.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnection.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import java.io.IOException;
 import java.util.StringTokenizer;
 
@@ -33,34 +32,32 @@ import com.netscape.cmsutil.http.HttpRequest;
 import com.netscape.cmsutil.http.HttpResponse;
 import com.netscape.cmsutil.net.ISocketFactory;
 
-
 public class HttpConnection implements IHttpConnection {
     protected IRemoteAuthority mDest = null;
     protected HttpRequest mHttpreq = new HttpRequest();
     protected IRequestEncoder mReqEncoder = null;
     protected HttpClient mHttpClient = null;
 
-    protected boolean Connect(String host, HttpClient client)
-    {
-               StringTokenizer st = new StringTokenizer(host, " ");
-               while (st.hasMoreTokens()) {
-                    String hp = st.nextToken(); // host:port
-                    StringTokenizer st1 = new StringTokenizer(hp, ":");
-                    try {
-                        String h = st1.nextToken();
-                        int p = Integer.parseInt(st1.nextToken());
-                        client.connect(h, p);
-                        return true;
-                    } catch (Exception e) {
-                        // may want to log the failure
-                    }
-                    try {
-                      Thread.sleep(5000); // 5 seconds
-                    } catch (Exception e) {
-                    }
-             
-               }
-               return false;
+    protected boolean Connect(String host, HttpClient client) {
+        StringTokenizer st = new StringTokenizer(host, " ");
+        while (st.hasMoreTokens()) {
+            String hp = st.nextToken(); // host:port
+            StringTokenizer st1 = new StringTokenizer(hp, ":");
+            try {
+                String h = st1.nextToken();
+                int p = Integer.parseInt(st1.nextToken());
+                client.connect(h, p);
+                return true;
+            } catch (Exception e) {
+                // may want to log the failure
+            }
+            try {
+                Thread.sleep(5000); // 5 seconds
+            } catch (Exception e) {
+            }
+
+        }
+        return false;
     }
 
     public HttpConnection(IRemoteAuthority dest, ISocketFactory factory) {
@@ -79,13 +76,13 @@ public class HttpConnection implements IHttpConnection {
             // the format is, for example, 
             // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2"
             if (host != null && host.indexOf(' ') != -1) {
-               // try to do client-side failover
-               boolean connected = false;
-               do {
-                   connected = Connect(host, mHttpClient);
-               } while (!connected);
+                // try to do client-side failover
+                boolean connected = false;
+                do {
+                    connected = Connect(host, mHttpClient);
+                } while (!connected);
             } else {
-               mHttpClient.connect(host, dest.getPort());
+                mHttpClient.connect(host, dest.getPort());
             }
             CMS.debug("HttpConnection: connected to " + dest.getHost() + ":" + dest.getPort());
         } catch (IOException e) {
@@ -117,12 +114,13 @@ public class HttpConnection implements IHttpConnection {
     }
 
     // Insert end
-    /** 
+    /**
      * sends a request to remote RA/CA, returning the result.
-     * @throws EBaseException if request could not be encoded 
+     * 
+     * @throws EBaseException if request could not be encoded
      */
-    public IPKIMessage send(IPKIMessage tomsg) 
-        throws EBaseException {
+    public IPKIMessage send(IPKIMessage tomsg)
+            throws EBaseException {
         IPKIMessage replymsg = null;
 
         CMS.debug("in HttpConnection.send " + this);
@@ -143,8 +141,8 @@ public class HttpConnection implements IHttpConnection {
         }
         boolean reconnect = false;
 
-        mHttpreq.setHeader("Content-Length", 
-            Integer.toString(content.length()));
+        mHttpreq.setHeader("Content-Length",
+                Integer.toString(content.length()));
         if (Debug.ON)
             Debug.trace("request encoded length " + content.length());
         mHttpreq.setContent(content);
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnector.java b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnector.java
index fefbe0f3..1781e8fd 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnector.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnector.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import java.util.Vector;
 
 import com.netscape.certsrv.apps.CMS;
@@ -36,7 +35,6 @@ import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cmsutil.http.JssSSLSocketFactory;
 import com.netscape.cmsutil.net.ISocketFactory;
 
-
 public class HttpConnector implements IConnector {
     protected IAuthority mSource = null;
     protected IRemoteAuthority mDest = null;
@@ -45,13 +43,14 @@ public class HttpConnector implements IConnector {
     // XXX todo make this a pool.
     // XXX use CMMF in the future.
     protected IHttpConnection mConn = null;
-    private Thread mResendThread = null; 
+    private Thread mResendThread = null;
     private IResender mResender = null;
     private int mTimeout;
 
     private HttpConnFactory mConnFactory = null;
+
     public HttpConnector(IAuthority source, String nickName,
-        IRemoteAuthority dest, int resendInterval, IConfigStore config) throws EBaseException {
+            IRemoteAuthority dest, int resendInterval, IConfigStore config) throws EBaseException {
 
         mTimeout = 0;
         mSource = source;
@@ -72,20 +71,20 @@ public class HttpConnector implements IConnector {
 
         //        mConn = CMS.getHttpConnection(dest, mFactory);
         // this will start resending past requests in parallel. 
-        mResender = CMS.getResender(mSource, nickName, dest, resendInterval); 
+        mResender = CMS.getResender(mSource, nickName, dest, resendInterval);
         mResendThread = new Thread(mResender, "HttpConnector");
     }
-	
+
     // Inserted by beomsuk
     public HttpConnector(IAuthority source, String nickName,
-        IRemoteAuthority dest, int resendInterval, IConfigStore config, int timeout) throws EBaseException {
+            IRemoteAuthority dest, int resendInterval, IConfigStore config, int timeout) throws EBaseException {
         mSource = source;
         mDest = dest;
         mTimeout = timeout;
         mFactory = new JssSSLSocketFactory(nickName);
 
         int minConns = config.getInteger("minHttpConns", 1);
-        int maxConns = config.getInteger("maxHttpConns", 15); 
+        int maxConns = config.getInteger("maxHttpConns", 15);
 
         CMS.debug("HttpConn: min " + minConns);
         CMS.debug("HttpConn: max " + maxConns);
@@ -97,14 +96,14 @@ public class HttpConnector implements IConnector {
         }
 
         // this will start resending past requests in parallel. 
-        mResender = CMS.getResender(mSource, nickName, dest, resendInterval); 
+        mResender = CMS.getResender(mSource, nickName, dest, resendInterval);
         mResendThread = new Thread(mResender, "HttpConnector");
     }
 
     // Insert end
-    
-    public  boolean  send(IRequest r)
-        throws EBaseException {
+
+    public boolean send(IRequest r)
+            throws EBaseException {
         IHttpConnection curConn = null;
 
         try {
@@ -144,31 +143,31 @@ public class HttpConnector implements IConnector {
             // XXX hack: don't resend get revocation info requests since 
             // resent results are ignored.
             if ((!r.getRequestType().equals(
-                        IRequest.GETREVOCATIONINFO_REQUEST)) && 
-                (replyStatus == RequestStatus.BEGIN || 
-                    replyStatus == RequestStatus.PENDING ||
-                    replyStatus == RequestStatus.SVC_PENDING ||
+                        IRequest.GETREVOCATIONINFO_REQUEST)) &&
+                    (replyStatus == RequestStatus.BEGIN ||
+                            replyStatus == RequestStatus.PENDING ||
+                            replyStatus == RequestStatus.SVC_PENDING ||
                     replyStatus == RequestStatus.APPROVED)) {
                 CMS.debug("HttpConn:  remote request id still pending " +
-                    r.getRequestId() + " state " + replyStatus);
+                        r.getRequestId() + " state " + replyStatus);
                 mSource.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CONNECTOR_REQUEST_NOT_COMPLETED", r.getRequestId().toString()));
                 mResender.addRequest(r);
                 return false;
             }
 
             // request was completed.
-            replymsg.toRequest(r);  // this only copies contents.
+            replymsg.toRequest(r); // this only copies contents.
 
             // terminal states other than completed
-            if (replyStatus == RequestStatus.REJECTED || 
-                replyStatus == RequestStatus.CANCELED) {
+            if (replyStatus == RequestStatus.REJECTED ||
+                    replyStatus == RequestStatus.CANCELED) {
                 CMS.debug(
-                    "remote request id " + r.getRequestId() +
-                    " was rejected or cancelled.");
+                        "remote request id " + r.getRequestId() +
+                                " was rejected or cancelled.");
                 r.setExtData(IRequest.REMOTE_STATUS, replyStatus.toString());
                 r.setExtData(IRequest.RESULT, IRequest.RES_ERROR);
                 r.setExtData(IRequest.ERROR,
-                    new EBaseException(CMS.getUserMessage("CMS_BASE_REMOTE_AUTHORITY_ERROR")));
+                        new EBaseException(CMS.getUserMessage("CMS_BASE_REMOTE_AUTHORITY_ERROR")));
                 // XXX overload svcerrors for now. 
                 Vector policyErrors = r.getExtDataInStringVector(IRequest.ERRORS);
 
@@ -178,11 +177,11 @@ public class HttpConnector implements IConnector {
             }
 
             CMS.debug(
-                "remote request id " + r.getRequestId() + " was completed");
+                    "remote request id " + r.getRequestId() + " was completed");
             return true;
         } catch (EBaseException e) {
             CMS.debug("HttpConn: inside EBaseException " + e.toString());
-           
+
             if (!r.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))
                 mResender.addRequest(r);
 
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/HttpPKIMessage.java b/pki/base/common/src/com/netscape/cmscore/connector/HttpPKIMessage.java
index e236655d..586f7f65 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/HttpPKIMessage.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/HttpPKIMessage.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.ObjectOutputStream;
@@ -32,9 +31,8 @@ import com.netscape.certsrv.connector.IHttpPKIMessage;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * simple name/value pair message. 
+ * simple name/value pair message.
  */
 public class HttpPKIMessage implements IHttpPKIMessage {
     /**
@@ -118,16 +116,16 @@ public class HttpPKIMessage implements IHttpPKIMessage {
                     r.setExtData(key, (Hashtable) value);
                 } else {
                     CMS.debug("HttpPKIMessage.toRequest(): key: " + key +
-                    " has unexpected type " + value.getClass().toString());
+                            " has unexpected type " + value.getClass().toString());
                 }
             } catch (NoSuchElementException e) {
-              CMS.debug("Incorrect pairing of name/value for " + key);
+                CMS.debug("Incorrect pairing of name/value for " + key);
             }
         }
     }
 
     private void writeObject(java.io.ObjectOutputStream out)
-        throws IOException {
+            throws IOException {
         CMS.debug("writeObject");
         out.writeObject(reqType);
         if (Debug.ON)
@@ -145,34 +143,34 @@ public class HttpPKIMessage implements IHttpPKIMessage {
             Object val = null;
             key = enum1.nextElement();
             try {
-              val = enum1.nextElement();
-              // test if key and value are serializable
-              ObjectOutputStream os = 
-                new ObjectOutputStream(new ByteArrayOutputStream());
-              os.writeObject(key);
-              os.writeObject(val);
-
-              // ok, if we dont have problem serializing the objects,
-              // then write the objects into the real object stream
-              out.writeObject(key);
-              out.writeObject(val);
+                val = enum1.nextElement();
+                // test if key and value are serializable
+                ObjectOutputStream os =
+                        new ObjectOutputStream(new ByteArrayOutputStream());
+                os.writeObject(key);
+                os.writeObject(val);
+
+                // ok, if we dont have problem serializing the objects,
+                // then write the objects into the real object stream
+                out.writeObject(key);
+                out.writeObject(val);
             } catch (Exception e) {
-              // skip not serialiable attribute in DRM
-              // DRM does not need to store the enrollment request anymore
-              CMS.debug("HttpPKIMessage:skipped key=" + 
-                key.getClass().getName());
-              if (val == null) {
-                CMS.debug("HttpPKIMessage:skipped val= null");
-              } else {
-                CMS.debug("HttpPKIMessage:skipped val=" + 
-                  val.getClass().getName());
-              } 
+                // skip not serialiable attribute in DRM
+                // DRM does not need to store the enrollment request anymore
+                CMS.debug("HttpPKIMessage:skipped key=" +
+                        key.getClass().getName());
+                if (val == null) {
+                    CMS.debug("HttpPKIMessage:skipped val= null");
+                } else {
+                    CMS.debug("HttpPKIMessage:skipped val=" +
+                            val.getClass().getName());
+                }
             }
         }
     }
 
     private void readObject(java.io.ObjectInputStream in)
-        throws IOException, ClassNotFoundException, OptionalDataException {
+            throws IOException, ClassNotFoundException, OptionalDataException {
         reqType = (String) in.readObject();
         reqId = (String) in.readObject();
         reqStatus = (String) in.readObject();
@@ -185,21 +183,21 @@ public class HttpPKIMessage implements IHttpPKIMessage {
             while (true) {
                 boolean skipped = false;
                 try {
-                   keyorval = in.readObject();
+                    keyorval = in.readObject();
                 } catch (OptionalDataException e) {
-                   throw e;
+                    throw e;
                 } catch (IOException e) {
-                   // just skipped parameter
-                  CMS.debug("skipped attribute in request e="+e);
-                  if (!iskey) {
-                     int s = mNameVals.size();
-                     if (s > 0) {
-                       // remove previous key if this is value
-                       mNameVals.removeElementAt(s - 1);
-                       skipped = true;
-                       keyorval = "";
-                     }
-                  }
+                    // just skipped parameter
+                    CMS.debug("skipped attribute in request e=" + e);
+                    if (!iskey) {
+                        int s = mNameVals.size();
+                        if (s > 0) {
+                            // remove previous key if this is value
+                            mNameVals.removeElementAt(s - 1);
+                            skipped = true;
+                            keyorval = "";
+                        }
+                    }
                 }
                 if (iskey) {
                     if (Debug.ON)
@@ -213,9 +211,9 @@ public class HttpPKIMessage implements IHttpPKIMessage {
                 if (Debug.ON)
                     Debug.trace("read " + keyorval);
                 if (!skipped) {
-                  if (keyorval == null) 
-                    break;
-                  mNameVals.addElement(keyorval);
+                    if (keyorval == null)
+                        break;
+                    mNameVals.addElement(keyorval);
                 }
             }
         } catch (OptionalDataException e) {
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/HttpRequestEncoder.java b/pki/base/common/src/com/netscape/cmscore/connector/HttpRequestEncoder.java
index 4a762dd8..b7667094 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/HttpRequestEncoder.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/HttpRequestEncoder.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -28,13 +27,12 @@ import java.io.OptionalDataException;
 import com.netscape.certsrv.connector.IRequestEncoder;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * encodes a request by serializing it. 
+ * encodes a request by serializing it.
  */
 public class HttpRequestEncoder implements IRequestEncoder {
     public String encode(Object r)
-        throws IOException {
+            throws IOException {
         String s = null;
         byte[] serial;
         ByteArrayOutputStream ba = new ByteArrayOutputStream();
@@ -47,7 +45,7 @@ public class HttpRequestEncoder implements IRequestEncoder {
     }
 
     public Object decode(String s)
-        throws IOException {
+            throws IOException {
         Object result = null;
         byte[] serial = null;
 
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/LocalConnector.java b/pki/base/common/src/com/netscape/cmscore/connector/LocalConnector.java
index 9272cc93..da639c0b 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/LocalConnector.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/LocalConnector.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import java.util.Hashtable;
 
 import com.netscape.certsrv.apps.CMS;
@@ -36,7 +35,6 @@ import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cmscore.util.Debug;
 
-
 public class LocalConnector implements IConnector {
     ILogger mLogger = CMS.getLogger();
     ICertAuthority mSource = null;
@@ -49,7 +47,7 @@ public class LocalConnector implements IConnector {
         //    mSource.getId());
         mDest = dest;
         CMS.debug("Local connector setup for dest " +
-            mDest.getId());
+                mDest.getId());
         // register for events.
         mDest.registerRequestListener(new LocalConnListener());
         CMS.debug("Connector inited");
@@ -64,27 +62,27 @@ public class LocalConnector implements IConnector {
             Debug.print("send request type " + r.getRequestType() + " status=" + r.getRequestStatus() + " to " + mDest.getId() + " id=" + r.getRequestId() + "\n");
         }
         CMS.debug("send request type " + r.getRequestType() +
-            " to " + mDest.getId());
+                " to " + mDest.getId());
 
         IRequestQueue destQ = mDest.getRequestQueue();
         IRequest destreq = destQ.newRequest(r.getRequestType());
 
         CMS.debug("local connector dest req " +
-            destreq.getRequestId() + " created for source rId " + r.getRequestId());
+                destreq.getRequestId() + " created for source rId " + r.getRequestId());
         //  mSource.log(ILogger.LL_DEBUG, 
         //     "setting connector dest " + mDest.getId() +
         //    " source id to " + r.getRequestId());
 
         // XXX set context to the real identity later. 
         destreq.setSourceId(
-            mSource.getX500Name().toString() + ":" + r.getRequestId().toString());
+                mSource.getX500Name().toString() + ":" + r.getRequestId().toString());
         //destreq.copyContents(r);  // copy meta attributes in request.
         transferRequest(r, destreq);
         // XXX requestor type is not transferred on return.
         destreq.setExtData(IRequest.REQUESTOR_TYPE,
-            IRequest.REQUESTOR_RA);
+                IRequest.REQUESTOR_RA);
         CMS.debug("connector dest " + mDest.getId() +
-            " processing " + destreq.getRequestId());
+                " processing " + destreq.getRequestId());
 
         // set context before calling process request so
         // that request subsystem can record the creator
@@ -111,8 +109,8 @@ public class LocalConnector implements IConnector {
         }
 
         CMS.debug("connector dest " + mDest.getId() +
-            " processed " + destreq.getRequestId() +
-            " status " + destreq.getRequestStatus());
+                " processed " + destreq.getRequestId() +
+                " status " + destreq.getRequestStatus());
 
         if (destreq.getRequestStatus() == RequestStatus.COMPLETE) {
             // no need to transfer contents if request wasn't complete.
@@ -126,7 +124,7 @@ public class LocalConnector implements IConnector {
     public class LocalConnListener implements IRequestListener {
 
         public void init(ISubsystem sys, IConfigStore config)
-            throws EBaseException {
+                throws EBaseException {
         }
 
         public void set(String name, String val) {
@@ -136,8 +134,8 @@ public class LocalConnector implements IConnector {
             if (Debug.ON) {
                 Debug.print("dest " + mDest.getId() + " done with " + destreq.getRequestId());
             }
-            CMS.debug( 
-                "dest " + mDest.getId() + " done with " + destreq.getRequestId());
+            CMS.debug(
+                    "dest " + mDest.getId() + " done with " + destreq.getRequestId());
 
             IRequestQueue sourceQ = mSource.getRequestQueue();
             // accept requests that only belong to us. 
@@ -146,19 +144,19 @@ public class LocalConnector implements IConnector {
             String sourceNameAndId = destreq.getSourceId();
             String sourceName = mSource.getX500Name().toString();
 
-            if (sourceNameAndId == null || 
-                !sourceNameAndId.toString().regionMatches(0, 
-                    sourceName, 0, sourceName.length())) {
+            if (sourceNameAndId == null ||
+                    !sourceNameAndId.toString().regionMatches(0,
+                            sourceName, 0, sourceName.length())) {
                 CMS.debug("request " + destreq.getRequestId() +
-                    " from " + sourceNameAndId + " not ours.");
+                        " from " + sourceNameAndId + " not ours.");
                 return;
             }
             int index = sourceNameAndId.lastIndexOf(':');
 
             if (index == -1) {
-                mSource.log(ILogger.LL_FAILURE, 
-                    "request " + destreq.getRequestId() +
-                    " for " + sourceNameAndId + " malformed.");
+                mSource.log(ILogger.LL_FAILURE,
+                        "request " + destreq.getRequestId() +
+                                " for " + sourceNameAndId + " malformed.");
                 return;
             }
             String sourceId = sourceNameAndId.substring(index + 1);
@@ -187,9 +185,9 @@ public class LocalConnector implements IConnector {
             r = (IRequest) mSourceReqs.get(rId);
             if (r != null) {
                 if (r.getRequestStatus() != RequestStatus.SVC_PENDING) {
-                    mSource.log(ILogger.LL_FAILURE, 
-                        "request state of " + rId + "not pending " +
-                        " from dest authority " + mDest.getId());
+                    mSource.log(ILogger.LL_FAILURE,
+                            "request state of " + rId + "not pending " +
+                                    " from dest authority " + mDest.getId());
                     sourceQ.releaseRequest(r);
                     return;
                 }
@@ -209,4 +207,3 @@ public class LocalConnector implements IConnector {
         RequestTransfer.transfer(src, dest);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/RemoteAuthority.java b/pki/base/common/src/com/netscape/cmscore/connector/RemoteAuthority.java
index ddd02f82..71d01579 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/RemoteAuthority.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/RemoteAuthority.java
@@ -17,23 +17,21 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.connector.IRemoteAuthority;
 
-
 public class RemoteAuthority implements IRemoteAuthority {
     String mHost = null;
     int mPort = -1;
     String mURI = null;
     int mTimeout = 0;
-    
+
     /**
      * host parameter can be:
-     *    "directory.knowledge.com"
-     *    "199.254.1.2"
-     *    "directory.knowledge.com:1050 people.catalog.com 199.254.1.2"
+     * "directory.knowledge.com"
+     * "199.254.1.2"
+     * "directory.knowledge.com:1050 people.catalog.com 199.254.1.2"
      */
     public RemoteAuthority(String host, int port, String uri, int timeout) {
         mHost = host;
@@ -46,7 +44,7 @@ public class RemoteAuthority implements IRemoteAuthority {
     }
 
     public void init(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         mHost = c.getString("host");
         mPort = c.getInteger("port");
         mURI = c.getString("uri");
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/RequestTransfer.java b/pki/base/common/src/com/netscape/cmscore/connector/RequestTransfer.java
index b0095020..c00d5c8b 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/RequestTransfer.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/RequestTransfer.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -25,27 +24,26 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cmscore.authentication.ChallengePhraseAuthentication;
 
-
 public class RequestTransfer {
 
     private static final String DOT = ".";
 
-    private static String[] transferAttributes = { 
+    private static String[] transferAttributes = {
             IRequest.HTTP_PARAMS,
-            IRequest.AGENT_PARAMS, 
-            IRequest.CERT_INFO, 
-            IRequest.ISSUED_CERTS, 
-            IRequest.OLD_CERTS, 
-            IRequest.OLD_SERIALS, 
-            IRequest.REVOKED_CERTS, 
-            IRequest.CACERTCHAIN, 
-            IRequest.CRL, 
-            IRequest.ERRORS, 
+            IRequest.AGENT_PARAMS,
+            IRequest.CERT_INFO,
+            IRequest.ISSUED_CERTS,
+            IRequest.OLD_CERTS,
+            IRequest.OLD_SERIALS,
+            IRequest.REVOKED_CERTS,
+            IRequest.CACERTCHAIN,
+            IRequest.CRL,
+            IRequest.ERRORS,
             IRequest.RESULT,
             IRequest.ERROR,
-            IRequest.SVCERRORS, 
-            IRequest.REMOTE_STATUS, 
-            IRequest.REMOTE_REQID, 
+            IRequest.SVCERRORS,
+            IRequest.REMOTE_STATUS,
+            IRequest.REMOTE_REQID,
             IRequest.REVOKED_CERT_RECORDS,
             IRequest.CERT_STATUS,
             ChallengePhraseAuthentication.CHALLENGE_PHRASE,
@@ -53,11 +51,11 @@ public class RequestTransfer {
             ChallengePhraseAuthentication.SERIALNUMBER,
             ChallengePhraseAuthentication.SERIALNOARRAY,
             IRequest.ISSUERDN,
-            IRequest.CERT_FILTER, 
+            IRequest.CERT_FILTER,
             "keyRecord",
             "uid", // UidPwdDirAuthentication.CRED_UID,
             "udn", // UdnPwdDirAuthentication.CRED_UDN,
-        }; 
+    };
 
     public static boolean isProfileRequest(IRequest request) {
         String profileId = request.getExtDataInString("profileId");
@@ -71,8 +69,8 @@ public class RequestTransfer {
     public static String[] getTransferAttributes(IRequest r) {
         if (isProfileRequest(r)) {
             // copy everything in the request
-            CMS.debug("RequestTransfer: profile request " + 
-                r.getRequestId().toString());
+            CMS.debug("RequestTransfer: profile request " +
+                    r.getRequestId().toString());
             Enumeration e = r.getExtDataKeys();
             Vector v = new Vector();
 
@@ -108,8 +106,8 @@ public class RequestTransfer {
 
     public static void transfer(IRequest src, IRequest dest) {
         CMS.debug("Transfer srcId=" +
-            src.getRequestId().toString() + 
-            " destId=" + dest.getRequestId().toString());
+                src.getRequestId().toString() +
+                " destId=" + dest.getRequestId().toString());
         String attrs[] = getTransferAttributes(src);
 
         for (int i = 0; i < attrs.length; i++) {
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/Resender.java b/pki/base/common/src/com/netscape/cmscore/connector/Resender.java
index ad89a34a..87764b7d 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/Resender.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/Resender.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -36,16 +35,15 @@ import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cmscore.util.Debug;
 import com.netscape.cmsutil.http.JssSSLSocketFactory;
 
-
 /**
- * Resend requests at intervals to the server to check if it's been completed. 
+ * Resend requests at intervals to the server to check if it's been completed.
  * Default interval is 5 minutes.
  */
 public class Resender implements IResender {
     public static final int SECOND = 1000; //milliseconds
-    public static final int MINUTE = 60 * SECOND;	
-    public static final int HOUR = 60 * MINUTE;	
-    public static final int DAY = 24 * HOUR;	
+    public static final int MINUTE = 60 * SECOND;
+    public static final int HOUR = 60 * MINUTE;
+    public static final int DAY = 24 * HOUR;
 
     protected IAuthority mAuthority = null;
     IRequestQueue mQueue = null;
@@ -61,21 +59,21 @@ public class Resender implements IResender {
     // default interval.
     // XXX todo add another interval for requests unsent because server
     // was down (versus being serviced in request queue)
-    protected int mInterval = 1 * MINUTE;	
+    protected int mInterval = 1 * MINUTE;
 
     public Resender(IAuthority authority, String nickName, IRemoteAuthority dest) {
         mAuthority = authority;
         mQueue = mAuthority.getRequestQueue();
         mDest = dest;
         mNickName = nickName;
-        
+
         //mConn = new HttpConnection(dest, 
-         //           new JssSSLSocketFactory(nickName));
+        //           new JssSSLSocketFactory(nickName));
     }
 
     public Resender(
-        IAuthority authority, String nickName, 
-        IRemoteAuthority dest, int interval) {
+            IAuthority authority, String nickName,
+            IRemoteAuthority dest, int interval) {
         mAuthority = authority;
         mQueue = mAuthority.getRequestQueue();
         mDest = dest;
@@ -83,21 +81,21 @@ public class Resender implements IResender {
             mInterval = interval * SECOND; // interval specified in seconds.
 
         //mConn = new HttpConnection(dest, 
-         //           new JssSSLSocketFactory(nickName));
+        //           new JssSSLSocketFactory(nickName));
     }
 
     // must be done after a subsystem 'start' so queue is initialized.
     private void initRequests() {
         mQueue = mAuthority.getRequestQueue();
         // get all requests in mAuthority that are still pending.
-        IRequestList list = 
-            mQueue.listRequestsByStatus(RequestStatus.SVC_PENDING);
+        IRequestList list =
+                mQueue.listRequestsByStatus(RequestStatus.SVC_PENDING);
 
         while (list != null && list.hasMoreElements()) {
             RequestId rid = list.nextRequestId();
 
             CMS.debug(
-                "added request Id " + rid + " in init to resend queue.");
+                    "added request Id " + rid + " in init to resend queue.");
             // note these are added as strings 
             mRequestIds.addElement(rid.toString());
         }
@@ -109,13 +107,13 @@ public class Resender implements IResender {
             mRequestIds.addElement(r.getRequestId().toString());
         }
         CMS.debug(
-            "added " + r.getRequestId() + " to resend queue");
+                "added " + r.getRequestId() + " to resend queue");
     }
 
     public void run() {
 
-         CMS.debug("Resender: In resender Thread run:");
-         mConn = new HttpConnection(mDest,
+        CMS.debug("Resender: In resender Thread run:");
+        mConn = new HttpConnection(mDest,
                     new JssSSLSocketFactory(mNickName));
         initRequests();
 
@@ -127,8 +125,7 @@ public class Resender implements IResender {
                 mAuthority.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CONNECTOR_RESENDER_INTERRUPTED"));
                 continue;
             }
-        }
-        while (true);
+        } while (true);
     }
 
     private void resend() {
@@ -141,12 +138,12 @@ public class Resender implements IResender {
 
         while (enum1.hasMoreElements()) {
             // request ids are added as strings.
-            String ridString = (String) enum1.nextElement(); 
+            String ridString = (String) enum1.nextElement();
             RequestId rid = new RequestId(ridString);
             IRequest r = null;
 
             CMS.debug(
-                "resend processing request id " + rid);
+                    "resend processing request id " + rid);
 
             try {
                 r = mQueue.findRequest(rid);
@@ -160,7 +157,7 @@ public class Resender implements IResender {
                     // request not pending anymore - aborted or cancelled.
                     completedRids.addElement(rid);
                     CMS.debug(
-                        "request id " + rid + " no longer service pending");
+                            "request id " + rid + " no longer service pending");
                 } else {
                     boolean completed = send(r);
 
@@ -175,8 +172,7 @@ public class Resender implements IResender {
                 // if connection is down, don't send the remaining request
                 // as it will sure fail.
                 mAuthority.log(ILogger.LL_WARN, CMS.getLogMessage("CMSCORE_CONNECTOR_DOWN"));
-                if (e.toString().indexOf("connection not available")
-                    >= 0)
+                if (e.toString().indexOf("connection not available") >= 0)
                     break;
             }
         }
@@ -189,44 +185,44 @@ public class Resender implements IResender {
                 RequestId id = (RequestId) en.nextElement();
 
                 CMS.debug(
-                    "Connector: Removed request " + id + " from re-send queue");
+                        "Connector: Removed request " + id + " from re-send queue");
                 mRequestIds.removeElement(id.toString());
                 CMS.debug(
-                    "Connector: mRequestIds now has " +
-                    mRequestIds.size() + " elements.");
+                        "Connector: mRequestIds now has " +
+                                mRequestIds.size() + " elements.");
             }
         }
     }
 
     // this is almost the same as connector's send.
     private boolean send(IRequest r)
-        throws IOException, EBaseException {
+            throws IOException, EBaseException {
         IRequest reply = null;
-		
+
         try {
             HttpPKIMessage tomsg = new HttpPKIMessage();
             HttpPKIMessage replymsg = null;
 
             tomsg.fromRequest(r);
             replymsg = (HttpPKIMessage) mConn.send(tomsg);
-            if(replymsg==null)
+            if (replymsg == null)
                 return false;
             CMS.debug(
-                r.getRequestId() + " resent to CA");
-			
-            RequestStatus replyStatus = 
-                RequestStatus.fromString(replymsg.reqStatus);
+                    r.getRequestId() + " resent to CA");
+
+            RequestStatus replyStatus =
+                    RequestStatus.fromString(replymsg.reqStatus);
             int index = replymsg.reqId.lastIndexOf(':');
-            RequestId replyRequestId = 
-                new RequestId(replymsg.reqId.substring(index + 1));
+            RequestId replyRequestId =
+                    new RequestId(replymsg.reqId.substring(index + 1));
 
             if (Debug.ON)
                 Debug.trace("reply request id " + replyRequestId +
-                    " for request " + r.getRequestId());
+                        " for request " + r.getRequestId());
 
             if (replyStatus != RequestStatus.COMPLETE) {
                 CMS.debug("resend " +
-                    r.getRequestId() + " still not completed.");
+                        r.getRequestId() + " still not completed.");
                 return false;
             }
 
@@ -237,7 +233,7 @@ public class Resender implements IResender {
             mQueue.markAsServiced(r);
             mQueue.releaseRequest(r);
             CMS.debug(
-                "resend released request " + r.getRequestId());
+                    "resend released request " + r.getRequestId());
             return true;
         } catch (EBaseException e) {
             // same as not having sent it, so still want to resend.
@@ -248,6 +244,5 @@ public class Resender implements IResender {
         return false;
 
     }
-	
-}
 
+}
diff --git a/pki/base/common/src/com/netscape/cmscore/crmf/CRMFParser.java b/pki/base/common/src/com/netscape/cmscore/crmf/CRMFParser.java
index e2bee6d1..962b02a9 100644
--- a/pki/base/common/src/com/netscape/cmscore/crmf/CRMFParser.java
+++ b/pki/base/common/src/com/netscape/cmscore/crmf/CRMFParser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.crmf;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.util.Vector;
@@ -34,39 +33,38 @@ import org.mozilla.jss.pkix.primitive.AVA;
 
 import com.netscape.certsrv.apps.CMS;
 
-
 public class CRMFParser {
 
     private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID =
-        new OBJECT_IDENTIFIER(new long[] {1, 3, 6, 1, 5, 5, 7, 5, 1, 4}
-        );
+            new OBJECT_IDENTIFIER(new long[] { 1, 3, 6, 1, 5, 5, 7, 5, 1, 4 }
+            );
 
     /**
      * Retrieves PKIArchiveOptions from CRMF request.
-     *
+     * 
      * @param request CRMF request
      * @return PKIArchiveOptions
      * @exception failed to extrace option
      */
-    public static PKIArchiveOptionsContainer[] 
-    getPKIArchiveOptions(String crmfBlob) throws IOException {
+    public static PKIArchiveOptionsContainer[]
+            getPKIArchiveOptions(String crmfBlob) throws IOException {
         Vector options = new Vector();
 
         byte[] crmfBerBlob = null;
 
-        crmfBerBlob = CMS.AtoB(crmfBlob); 
+        crmfBerBlob = CMS.AtoB(crmfBlob);
         if (crmfBerBlob == null)
             throw new IOException("no CRMF data found");
 
-        ByteArrayInputStream crmfBerBlobIn = new 	
-            ByteArrayInputStream(crmfBerBlob);
+        ByteArrayInputStream crmfBerBlobIn = new
+                ByteArrayInputStream(crmfBerBlob);
         SEQUENCE crmfmsgs = null;
 
         try {
-            crmfmsgs = (SEQUENCE) new 
-                    SEQUENCE.OF_Template(new 
-                        CertReqMsg.Template()).decode(
-                        crmfBerBlobIn);
+            crmfmsgs = (SEQUENCE) new
+                    SEQUENCE.OF_Template(new
+                            CertReqMsg.Template()).decode(
+                            crmfBerBlobIn);
         } catch (IOException e) {
             throw new IOException("[crmf msgs]" + e.toString());
         } catch (InvalidBERException e) {
@@ -75,9 +73,9 @@ public class CRMFParser {
 
         for (int z = 0; z < crmfmsgs.size(); z++) {
             CertReqMsg certReqMsg = (CertReqMsg)
-                crmfmsgs.elementAt(z);
-            CertRequest certReq = certReqMsg.getCertReq();	
-			
+                    crmfmsgs.elementAt(z);
+            CertRequest certReq = certReqMsg.getCertReq();
+
             // try to locate PKIArchiveOption control
             AVA archAva = null;
 
@@ -114,7 +112,7 @@ public class CRMFParser {
         if (options.size() == 0) {
             throw new IOException("no PKIArchiveOptions found");
         } else {
-            PKIArchiveOptionsContainer p[] = new PKIArchiveOptionsContainer[options.size()];	
+            PKIArchiveOptionsContainer p[] = new PKIArchiveOptionsContainer[options.size()];
 
             options.copyInto(p);
             //  options.clear();
diff --git a/pki/base/common/src/com/netscape/cmscore/crmf/PKIArchiveOptionsContainer.java b/pki/base/common/src/com/netscape/cmscore/crmf/PKIArchiveOptionsContainer.java
index d7899da3..4c5478da 100644
--- a/pki/base/common/src/com/netscape/cmscore/crmf/PKIArchiveOptionsContainer.java
+++ b/pki/base/common/src/com/netscape/cmscore/crmf/PKIArchiveOptionsContainer.java
@@ -17,10 +17,8 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.crmf;
 
-
 import org.mozilla.jss.pkix.crmf.PKIArchiveOptions;
 
-
 public class PKIArchiveOptionsContainer {
 
     public PKIArchiveOptions mAO = null;
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/BigIntegerMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/BigIntegerMapper.java
index 7cd563f9..3fa61319 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/BigIntegerMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/BigIntegerMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -29,14 +28,13 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
  * A class represents ann attribute mapper that maps
  * a Java BigInteger object into LDAP attribute,
  * and vice versa.
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class BigIntegerMapper implements IDBAttrMapper {
 
@@ -61,10 +59,10 @@ public class BigIntegerMapper implements IDBAttrMapper {
     /**
      * Maps object into ldap attribute set.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
-        attrs.add(new LDAPAttribute(mLdapName, 
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
+        attrs.add(new LDAPAttribute(mLdapName,
                 BigIntegerToDB((BigInteger) obj)));
     }
 
@@ -72,8 +70,8 @@ public class BigIntegerMapper implements IDBAttrMapper {
      * Maps LDAP attributes into object, and put the object
      * into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null)
@@ -85,8 +83,8 @@ public class BigIntegerMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         String v = null;
 
         try {
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/ByteArrayMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/ByteArrayMapper.java
index b8e5b73d..a51905c7 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/ByteArrayMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/ByteArrayMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -29,14 +28,13 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
  * A class represents ann attribute mapper that maps
  * a Java byte array object into LDAP attribute,
  * and vice versa.
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class ByteArrayMapper implements IDBAttrMapper {
 
@@ -61,16 +59,16 @@ public class ByteArrayMapper implements IDBAttrMapper {
     /**
      * Maps object to ldap attribute set.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         byte data[] = (byte[]) obj;
         if (data == null) {
             CMS.debug("ByteArrayMapper:mapObjectToLDAPAttributeSet " + name +
-		" size=0");
+                    " size=0");
         } else {
             CMS.debug("ByteArrayMapper:mapObjectToLDAPAttributeSet " + name +
-		" size=" + data.length);
+                    " size=" + data.length);
         }
         attrs.add(new LDAPAttribute(mLdapName, data));
     }
@@ -79,8 +77,8 @@ public class ByteArrayMapper implements IDBAttrMapper {
      * Maps LDAP attributes into object, and put the object
      * into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null)
@@ -91,8 +89,8 @@ public class ByteArrayMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CRLDBSchema.java b/pki/base/common/src/com/netscape/cmscore/dbs/CRLDBSchema.java
index 58342a55..253bd81e 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/CRLDBSchema.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/CRLDBSchema.java
@@ -17,14 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
-
-
 /**
  * A class represents a collection of schema information
  * for CRL.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CRLIssuingPointRecord.java b/pki/base/common/src/com/netscape/cmscore/dbs/CRLIssuingPointRecord.java
index ea110d1c..df44797f 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/CRLIssuingPointRecord.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/CRLIssuingPointRecord.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 import java.util.Enumeration;
@@ -29,11 +28,10 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
 
-
 /**
  * A class represents a CRL issuing point record.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
@@ -43,8 +41,8 @@ public class CRLIssuingPointRecord implements ICRLIssuingPointRecord, IDBObj {
      *
      */
     private static final long serialVersionUID = 400565044343905267L;
-    protected String mId = null;               // internal unique id
-    protected BigInteger mCRLNumber = null;      // CRL number
+    protected String mId = null; // internal unique id
+    protected BigInteger mCRLNumber = null; // CRL number
     protected Long mCRLSize = null;
     protected Date mThisUpdate = null;
     protected Date mNextUpdate = null;
@@ -87,8 +85,8 @@ public class CRLIssuingPointRecord implements ICRLIssuingPointRecord, IDBObj {
     /**
      * Constructs a CRLIssuingPointRecord
      */
-    public CRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize, 
-        Date thisUpdate, Date nextUpdate) {
+    public CRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize,
+            Date thisUpdate, Date nextUpdate) {
         mId = id;
         mCRLNumber = crlNumber;
         mCRLSize = crlSize;
@@ -106,9 +104,9 @@ public class CRLIssuingPointRecord implements ICRLIssuingPointRecord, IDBObj {
     /**
      * Constructs a CRLIssuingPointRecord
      */
-    public CRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize, 
-        Date thisUpdate, Date nextUpdate, BigInteger deltaCRLNumber, Long deltaCRLSize,
-        Hashtable revokedCerts, Hashtable unrevokedCerts, Hashtable expiredCerts) {
+    public CRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize,
+            Date thisUpdate, Date nextUpdate, BigInteger deltaCRLNumber, Long deltaCRLSize,
+            Hashtable revokedCerts, Hashtable unrevokedCerts, Hashtable expiredCerts) {
         mId = id;
         mCRLNumber = crlNumber;
         mCRLSize = crlSize;
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CRLRepository.java b/pki/base/common/src/com/netscape/cmscore/dbs/CRLRepository.java
index ba3ed5a7..5cf7ecbc 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/CRLRepository.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/CRLRepository.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 import java.util.Hashtable;
@@ -36,10 +35,10 @@ import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
 import com.netscape.certsrv.dbs.crldb.ICRLRepository;
 
 /**
- * A class represents a CRL repository. It stores all the 
+ * A class represents a CRL repository. It stores all the
  * CRL issuing points.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
@@ -52,8 +51,8 @@ public class CRLRepository extends Repository implements ICRLRepository {
     /**
      * Constructs a CRL repository.
      */
-    public CRLRepository(IDBSubsystem dbService, int increment, String baseDN) 
-        throws EDBException {
+    public CRLRepository(IDBSubsystem dbService, int increment, String baseDN)
+            throws EDBException {
         super(dbService, increment, baseDN);
         mBaseDN = baseDN;
         mDBService = dbService;
@@ -61,22 +60,22 @@ public class CRLRepository extends Repository implements ICRLRepository {
         IDBRegistry reg = dbService.getRegistry();
 
         /**
-         String crlRecordOC[] = new String[1];
-         crlRecordOC[0] = Schema.LDAP_OC_CRL_RECORD;
-         reg.registerObjectClass(CRLIssuingPointRecord.class.getName(),
-         crlRecordOC);
-         reg.registerAttribute(ICRLIssuingPointRecord.ATTR_ID, new
-         StringMapper(Schema.LDAP_ATTR_CRL_ID));
-         reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, new
-         BigIntegerMapper(Schema.LDAP_ATTR_CRL_NUMBER));
-         reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL_SIZE, new
-         LongMapper(Schema.LDAP_ATTR_CRL_SIZE));
-         reg.registerAttribute(ICRLIssuingPointRecord.ATTR_THIS_UPDATE, new
-         DateMapper(Schema.LDAP_ATTR_THIS_UPDATE));
-         reg.registerAttribute(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE, new
-         DateMapper(Schema.LDAP_ATTR_NEXT_UPDATE));
-         reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL, new
-         ByteArrayMapper(Schema.LDAP_ATTR_CRL));
+         * String crlRecordOC[] = new String[1];
+         * crlRecordOC[0] = Schema.LDAP_OC_CRL_RECORD;
+         * reg.registerObjectClass(CRLIssuingPointRecord.class.getName(),
+         * crlRecordOC);
+         * reg.registerAttribute(ICRLIssuingPointRecord.ATTR_ID, new
+         * StringMapper(Schema.LDAP_ATTR_CRL_ID));
+         * reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, new
+         * BigIntegerMapper(Schema.LDAP_ATTR_CRL_NUMBER));
+         * reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL_SIZE, new
+         * LongMapper(Schema.LDAP_ATTR_CRL_SIZE));
+         * reg.registerAttribute(ICRLIssuingPointRecord.ATTR_THIS_UPDATE, new
+         * DateMapper(Schema.LDAP_ATTR_THIS_UPDATE));
+         * reg.registerAttribute(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE, new
+         * DateMapper(Schema.LDAP_ATTR_NEXT_UPDATE));
+         * reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL, new
+         * ByteArrayMapper(Schema.LDAP_ATTR_CRL));
          **/
     }
 
@@ -97,24 +96,23 @@ public class CRLRepository extends Repository implements ICRLRepository {
     /**
      * Removes all objects with this repository.
      */
-    public void removeAllObjects() throws EBaseException
-    {
+    public void removeAllObjects() throws EBaseException {
     }
 
     /**
      * Adds CRL issuing points.
      */
     public void addCRLIssuingPointRecord(ICRLIssuingPointRecord rec)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = mLdapCRLIssuingPointName + "=" +
-                ((CRLIssuingPointRecord) rec).getId().toString() + "," + getDN();
+                    ((CRLIssuingPointRecord) rec).getId().toString() + "," + getDN();
 
             s.add(name, rec);
-        } finally { 
-            if (s != null) 
+        } finally {
+            if (s != null)
                 s.close();
         }
     }
@@ -125,21 +123,21 @@ public class CRLRepository extends Repository implements ICRLRepository {
     public Vector getIssuingPointsNames() throws EBaseException {
         IDBSSession s = mDBService.createSession();
         try {
-            String[] attrs = {ICRLIssuingPointRecord.ATTR_ID, "objectclass"};
+            String[] attrs = { ICRLIssuingPointRecord.ATTR_ID, "objectclass" };
             String filter = "objectclass=" + CMS.getCRLIssuingPointRecordName();
             IDBSearchResults res = s.search(getDN(), filter, attrs);
             Vector v = new Vector();
             while (res.hasMoreElements()) {
-                ICRLIssuingPointRecord nextelement = 
-                  (ICRLIssuingPointRecord)res.nextElement();
+                ICRLIssuingPointRecord nextelement =
+                        (ICRLIssuingPointRecord) res.nextElement();
                 CMS.debug("CRLRepository getIssuingPointsNames(): name = "
-                  +nextelement.getId());
+                        + nextelement.getId());
                 v.addElement(nextelement.getId());
             }
 
             return v;
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
     }
@@ -148,19 +146,20 @@ public class CRLRepository extends Repository implements ICRLRepository {
      * Reads issuing point record.
      */
     public ICRLIssuingPointRecord readCRLIssuingPointRecord(String id)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         CRLIssuingPointRecord rec = null;
 
         try {
             String name = mLdapCRLIssuingPointName + "=" + id +
-                "," + getDN();
+                    "," + getDN();
 
             if (s != null) {
                 rec = (CRLIssuingPointRecord) s.read(name);
             }
-        } finally { 
-            if (s != null) s.close();
+        } finally {
+            if (s != null)
+                s.close();
         }
         return rec;
     }
@@ -169,31 +168,35 @@ public class CRLRepository extends Repository implements ICRLRepository {
      * deletes issuing point record.
      */
     public void deleteCRLIssuingPointRecord(String id)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = null;
 
         try {
             s = mDBService.createSession();
             String name = mLdapCRLIssuingPointName + "=" + id +
-                "," + getDN();
+                    "," + getDN();
 
-            if (s != null) s.delete(name);
+            if (s != null)
+                s.delete(name);
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
     }
 
-    public void modifyCRLIssuingPointRecord(String id, 
-        ModificationSet mods) throws EBaseException {
+    public void modifyCRLIssuingPointRecord(String id,
+            ModificationSet mods) throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = mLdapCRLIssuingPointName + "=" + id +
-                "," + getDN();
+                    "," + getDN();
 
-            if (s != null) s.modify(name, mods);
-        } finally { 
-            if (s != null) s.close();
+            if (s != null)
+                s.modify(name, mods);
+        } finally {
+            if (s != null)
+                s.close();
         }
     }
 
@@ -201,24 +204,24 @@ public class CRLRepository extends Repository implements ICRLRepository {
      * Updates CRL issuing point record.
      */
     public void updateCRLIssuingPointRecord(String id, byte[] newCRL,
-        Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize)
-        throws EBaseException {
+            Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize)
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
         if (newCRL != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_CRL, 
-                Modification.MOD_REPLACE, newCRL);
+            mods.add(ICRLIssuingPointRecord.ATTR_CRL,
+                    Modification.MOD_REPLACE, newCRL);
         }
         if (nextUpdate != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE, 
-                Modification.MOD_REPLACE, nextUpdate);
+            mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE,
+                    Modification.MOD_REPLACE, nextUpdate);
         }
-        mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE, 
-            Modification.MOD_REPLACE, thisUpdate);
-        mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, 
-            Modification.MOD_REPLACE, crlNumber);
-        mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE, 
-            Modification.MOD_REPLACE, crlSize);
+        mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE,
+                Modification.MOD_REPLACE, thisUpdate);
+        mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER,
+                Modification.MOD_REPLACE, crlNumber);
+        mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
+                Modification.MOD_REPLACE, crlSize);
         modifyCRLIssuingPointRecord(id, mods);
     }
 
@@ -226,40 +229,40 @@ public class CRLRepository extends Repository implements ICRLRepository {
      * Updates CRL issuing point record.
      */
     public void updateCRLIssuingPointRecord(String id, byte[] newCRL,
-        Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize,
-        Hashtable revokedCerts, Hashtable unrevokedCerts, Hashtable expiredCerts)
-        throws EBaseException {
+            Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize,
+            Hashtable revokedCerts, Hashtable unrevokedCerts, Hashtable expiredCerts)
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
         if (newCRL != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_CRL, 
-                Modification.MOD_REPLACE, newCRL);
+            mods.add(ICRLIssuingPointRecord.ATTR_CRL,
+                    Modification.MOD_REPLACE, newCRL);
         }
         if (nextUpdate != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE, 
-                Modification.MOD_REPLACE, nextUpdate);
+            mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE,
+                    Modification.MOD_REPLACE, nextUpdate);
         }
-        mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE, 
-            Modification.MOD_REPLACE, thisUpdate);
-        mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, 
-            Modification.MOD_REPLACE, crlNumber);
-        mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE, 
-            Modification.MOD_REPLACE, crlSize);
+        mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE,
+                Modification.MOD_REPLACE, thisUpdate);
+        mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER,
+                Modification.MOD_REPLACE, crlNumber);
+        mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
+                Modification.MOD_REPLACE, crlSize);
         if (revokedCerts != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_REVOKED_CERTS, 
-                Modification.MOD_REPLACE, revokedCerts);
+            mods.add(ICRLIssuingPointRecord.ATTR_REVOKED_CERTS,
+                    Modification.MOD_REPLACE, revokedCerts);
         }
         if (unrevokedCerts != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_UNREVOKED_CERTS, 
-                Modification.MOD_REPLACE, unrevokedCerts);
+            mods.add(ICRLIssuingPointRecord.ATTR_UNREVOKED_CERTS,
+                    Modification.MOD_REPLACE, unrevokedCerts);
         }
         if (expiredCerts != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_EXPIRED_CERTS, 
-                Modification.MOD_REPLACE, expiredCerts);
+            mods.add(ICRLIssuingPointRecord.ATTR_EXPIRED_CERTS,
+                    Modification.MOD_REPLACE, expiredCerts);
         }
         if (revokedCerts != null || unrevokedCerts != null) {
             mods.add(ICRLIssuingPointRecord.ATTR_FIRST_UNSAVED,
-                Modification.MOD_REPLACE, ICRLIssuingPointRecord.CLEAN_CACHE);
+                    Modification.MOD_REPLACE, ICRLIssuingPointRecord.CLEAN_CACHE);
         }
         modifyCRLIssuingPointRecord(id, mods);
     }
@@ -268,16 +271,16 @@ public class CRLRepository extends Repository implements ICRLRepository {
      * Updates CRL issuing point record with recently revoked certificates info.
      */
     public void updateRevokedCerts(String id, Hashtable revokedCerts,
-        Hashtable unrevokedCerts)
-        throws EBaseException {
+            Hashtable unrevokedCerts)
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
-        mods.add(ICRLIssuingPointRecord.ATTR_REVOKED_CERTS, 
-            Modification.MOD_REPLACE, revokedCerts);
-        mods.add(ICRLIssuingPointRecord.ATTR_UNREVOKED_CERTS, 
-            Modification.MOD_REPLACE, unrevokedCerts);
+        mods.add(ICRLIssuingPointRecord.ATTR_REVOKED_CERTS,
+                Modification.MOD_REPLACE, revokedCerts);
+        mods.add(ICRLIssuingPointRecord.ATTR_UNREVOKED_CERTS,
+                Modification.MOD_REPLACE, unrevokedCerts);
         mods.add(ICRLIssuingPointRecord.ATTR_FIRST_UNSAVED,
-            Modification.MOD_REPLACE, ICRLIssuingPointRecord.CLEAN_CACHE);
+                Modification.MOD_REPLACE, ICRLIssuingPointRecord.CLEAN_CACHE);
         modifyCRLIssuingPointRecord(id, mods);
     }
 
@@ -285,11 +288,11 @@ public class CRLRepository extends Repository implements ICRLRepository {
      * Updates CRL issuing point record with recently expired certificates info.
      */
     public void updateExpiredCerts(String id, Hashtable expiredCerts)
-        throws EBaseException {
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
-        mods.add(ICRLIssuingPointRecord.ATTR_EXPIRED_CERTS, 
-            Modification.MOD_REPLACE, expiredCerts);
+        mods.add(ICRLIssuingPointRecord.ATTR_EXPIRED_CERTS,
+                Modification.MOD_REPLACE, expiredCerts);
         modifyCRLIssuingPointRecord(id, mods);
     }
 
@@ -297,24 +300,24 @@ public class CRLRepository extends Repository implements ICRLRepository {
      * Updates CRL issuing point record with CRL cache info.
      */
     public void updateCRLCache(String id, Long crlSize,
-        Hashtable revokedCerts,
-        Hashtable unrevokedCerts,
-        Hashtable expiredCerts)
-        throws EBaseException {
+            Hashtable revokedCerts,
+            Hashtable unrevokedCerts,
+            Hashtable expiredCerts)
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
         if (crlSize != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE, 
-                Modification.MOD_REPLACE, crlSize);
+            mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
+                    Modification.MOD_REPLACE, crlSize);
         }
         mods.add(ICRLIssuingPointRecord.ATTR_REVOKED_CERTS,
-            Modification.MOD_REPLACE, revokedCerts);
+                Modification.MOD_REPLACE, revokedCerts);
         mods.add(ICRLIssuingPointRecord.ATTR_UNREVOKED_CERTS,
-            Modification.MOD_REPLACE, unrevokedCerts);
+                Modification.MOD_REPLACE, unrevokedCerts);
         mods.add(ICRLIssuingPointRecord.ATTR_EXPIRED_CERTS,
-            Modification.MOD_REPLACE, expiredCerts);
+                Modification.MOD_REPLACE, expiredCerts);
         mods.add(ICRLIssuingPointRecord.ATTR_FIRST_UNSAVED,
-            Modification.MOD_REPLACE, ICRLIssuingPointRecord.CLEAN_CACHE);
+                Modification.MOD_REPLACE, ICRLIssuingPointRecord.CLEAN_CACHE);
         modifyCRLIssuingPointRecord(id, mods);
     }
 
@@ -324,41 +327,41 @@ public class CRLRepository extends Repository implements ICRLRepository {
     public void updateDeltaCRL(String id, BigInteger deltaCRLNumber,
                                Long deltaCRLSize, Date nextUpdate,
                                byte[] deltaCRL)
-        throws EBaseException {
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
         if (deltaCRLNumber != null) {
             mods.add(ICRLIssuingPointRecord.ATTR_DELTA_NUMBER,
-                Modification.MOD_REPLACE, deltaCRLNumber);
+                    Modification.MOD_REPLACE, deltaCRLNumber);
         }
         if (deltaCRLSize != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_DELTA_SIZE, 
-                Modification.MOD_REPLACE, deltaCRLSize);
+            mods.add(ICRLIssuingPointRecord.ATTR_DELTA_SIZE,
+                    Modification.MOD_REPLACE, deltaCRLSize);
         }
         if (nextUpdate != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE, 
-                Modification.MOD_REPLACE, nextUpdate);
+            mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE,
+                    Modification.MOD_REPLACE, nextUpdate);
         }
         if (deltaCRL != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_DELTA_CRL, 
-                Modification.MOD_REPLACE, deltaCRL);
+            mods.add(ICRLIssuingPointRecord.ATTR_DELTA_CRL,
+                    Modification.MOD_REPLACE, deltaCRL);
         }
         modifyCRLIssuingPointRecord(id, mods);
     }
 
     public void updateFirstUnsaved(String id, String firstUnsaved)
-        throws EBaseException {
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
         if (firstUnsaved != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_FIRST_UNSAVED, 
-                Modification.MOD_REPLACE, firstUnsaved);
+            mods.add(ICRLIssuingPointRecord.ATTR_FIRST_UNSAVED,
+                    Modification.MOD_REPLACE, firstUnsaved);
         }
         modifyCRLIssuingPointRecord(id, mods);
     }
 
-     public BigInteger getLastSerialNumberInRange(BigInteger  serial_low_bound, BigInteger serial_upper_bound)
-        throws EBaseException {
+    public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound)
+            throws EBaseException {
 
         return null;
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CertDBSchema.java b/pki/base/common/src/com/netscape/cmscore/dbs/CertDBSchema.java
index 83164aab..67b66271 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/CertDBSchema.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/CertDBSchema.java
@@ -17,14 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
-
-
 /**
  * A class represents a collection of certificate record
  * specific schema information.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CertRecord.java b/pki/base/common/src/com/netscape/cmscore/dbs/CertRecord.java
index 973ddc4f..1981757c 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/CertRecord.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/CertRecord.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.security.cert.Certificate;
 import java.util.Date;
@@ -34,12 +33,11 @@ import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.dbs.certdb.ICertRecord;
 import com.netscape.certsrv.dbs.certdb.IRevocationInfo;
 
-
 /**
  * A class represents a serializable certificate record.
  * <P>
- *
- * @author  thomask
+ * 
+ * @author thomask
  * @version $Revision$, $Date$
  */
 public class CertRecord implements IDBObj, ICertRecord {
@@ -83,7 +81,7 @@ public class CertRecord implements IDBObj, ICertRecord {
     }
 
     /**
-     * Constructs certiificate record with certificate 
+     * Constructs certiificate record with certificate
      * and meta info.
      */
     public CertRecord(BigInteger id, Certificate cert, MetaInfo meta) {
@@ -205,8 +203,8 @@ public class CertRecord implements IDBObj, ICertRecord {
     /**
      * Retrieves revocation information.
      */
-    public IRevocationInfo getRevocationInfo() { 
-        return mRevocationInfo; 
+    public IRevocationInfo getRevocationInfo() {
+        return mRevocationInfo;
     }
 
     /**
@@ -271,7 +269,7 @@ public class CertRecord implements IDBObj, ICertRecord {
     public Date getModifyTime() {
         return mModifyTime;
     }
-	
+
     /**
      * String representation
      */
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CertRecordList.java b/pki/base/common/src/com/netscape/cmscore/dbs/CertRecordList.java
index 3477360e..29792880 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/CertRecordList.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/CertRecordList.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -27,11 +26,10 @@ import com.netscape.certsrv.dbs.IElementProcessor;
 import com.netscape.certsrv.dbs.certdb.ICertRecord;
 import com.netscape.certsrv.dbs.certdb.ICertRecordList;
 
-
 /**
  * A class represents a list of certificate records.
  * <P>
- *
+ * 
  * @author thomask mzhao
  * @version $Revision$, $Date$
  */
@@ -71,17 +69,17 @@ public class CertRecordList implements ICertRecordList {
     /**
      * Process certificate record as soon as it is returned.
      * kmccarth: changed to ignore startidx and endidx because VLVs don't
-     *           provide a stable list.
+     * provide a stable list.
      */
     public void processCertRecords(int startidx, int endidx,
-        IElementProcessor ep) throws EBaseException {
+            IElementProcessor ep) throws EBaseException {
         int i = 0;
-        while ( i<mVlist.getSize() ) {
-           Object element = mVlist.getElementAt(i);
-           if (element != null && (! (element instanceof String)) ) {
-              ep.process(element);
-           }
-           i++;
+        while (i < mVlist.getSize()) {
+            Object element = mVlist.getElementAt(i);
+            if (element != null && (!(element instanceof String))) {
+                ep.process(element);
+            }
+            i++;
         }
     }
 
@@ -91,7 +89,7 @@ public class CertRecordList implements ICertRecordList {
      * if the startidx, endidx are valid.
      */
     public Enumeration<ICertRecord> getCertRecords(int startidx, int endidx)
-        throws EBaseException {
+            throws EBaseException {
         Vector<ICertRecord> entries = new Vector<ICertRecord>();
 
         for (int i = startidx; i <= endidx; i++) {
@@ -106,11 +104,10 @@ public class CertRecordList implements ICertRecordList {
     }
 
     public ICertRecord getCertRecord(int index)
-        throws EBaseException {
+            throws EBaseException {
 
         return mVlist.getElementAt(index);
 
-
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CertRecordMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/CertRecordMapper.java
index 510da3c5..3f5895ad 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/CertRecordMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/CertRecordMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -34,13 +33,12 @@ import com.netscape.certsrv.dbs.certdb.ICertRecord;
 import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * A class represents a mapper to serialize 
+ * A class represents a mapper to serialize
  * certificate record into database.
  * <P>
- *
- * @author  thomask
+ * 
+ * @author thomask
  * @version $Revision$, $Date$
  */
 public class CertRecordMapper implements IDBAttrMapper {
@@ -58,9 +56,9 @@ public class CertRecordMapper implements IDBAttrMapper {
         return v.elements();
     }
 
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name, 
-        Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name,
+            Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         try {
             CertRecord rec = (CertRecord) obj;
 
@@ -74,9 +72,9 @@ public class CertRecordMapper implements IDBAttrMapper {
         }
     }
 
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
-        try {	
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
+        try {
             LDAPAttribute attr = attrs.getAttribute(
                     CertDBSchema.LDAP_ATTR_CERT_RECORD_ID);
 
@@ -95,7 +93,7 @@ public class CertRecordMapper implements IDBAttrMapper {
     }
 
     public String mapSearchFilter(String name, String op, String value)
-        throws EBaseException {
+            throws EBaseException {
         return name + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java b/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java
index bc3d279f..e27b710d 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.io.Serializable;
 import java.math.BigInteger;
 import java.security.cert.Certificate;
@@ -57,18 +56,17 @@ import com.netscape.certsrv.dbs.certdb.IRevocationInfo;
 import com.netscape.certsrv.dbs.repository.IRepository;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * A class represents a certificate repository. It
  * stores all the issued certificate.
  * <P>
- *
+ * 
  * @author thomask
  * @author kanda
  * @version $Revision$, $Date$
  */
 public class CertificateRepository extends Repository
-    implements ICertificateRepository {
+        implements ICertificateRepository {
 
     public final String CERT_X509ATTRIBUTE = "x509signedcert";
 
@@ -88,10 +86,10 @@ public class CertificateRepository extends Repository
      * Constructs a certificate repository.
      */
     public CertificateRepository(IDBSubsystem dbService, String certRepoBaseDN, int increment, String baseDN)
-        throws EDBException {
+            throws EDBException {
         super(dbService, increment, baseDN);
         mBaseDN = certRepoBaseDN;
-      
+
         mDBService = dbService;
 
         // registers CMS database attributes
@@ -104,13 +102,12 @@ public class CertificateRepository extends Repository
         return new CertRecord(id, cert, meta);
     }
 
-    public BigInteger getLastSerialNumberInRange(BigInteger  serial_low_bound, BigInteger serial_upper_bound)
-    throws EBaseException {
+    public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound)
+            throws EBaseException {
 
         CMS.debug("CertificateRepository:  in getLastSerialNumberInRange: low " + serial_low_bound + " high " + serial_upper_bound);
 
-        if(serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0 )
-        { 
+        if (serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0) {
             return null;
 
         }
@@ -119,7 +116,7 @@ public class CertificateRepository extends Repository
 
         String[] attrs = null;
 
-        ICertRecordList recList = findCertRecordsInList(ldapfilter,attrs,serial_upper_bound.toString(10),"serialno", 5 * -1);
+        ICertRecordList recList = findCertRecordsInList(ldapfilter, attrs, serial_upper_bound.toString(10), "serialno", 5 * -1);
 
         int size = recList.getSize();
 
@@ -130,13 +127,12 @@ public class CertificateRepository extends Repository
 
             BigInteger ret = new BigInteger(serial_low_bound.toString(10));
 
-            ret = ret.add(new BigInteger("-1")); 
+            ret = ret.add(new BigInteger("-1"));
             CMS.debug("CertificateRepository:getLastCertRecordSerialNo: returning " + ret);
             return ret;
         }
         int ltSize = recList.getSizeBeforeJumpTo();
 
-
         CMS.debug("CertificateRepository:getLastSerialNumberInRange: ltSize " + ltSize);
 
         CertRecord curRec = null;
@@ -154,9 +150,8 @@ public class CertificateRepository extends Repository
 
                 CMS.debug("CertificateRepository:getLastCertRecordSerialNo:  serialno  " + serial);
 
-                if(  ((serial.compareTo(serial_low_bound) == 0) || (serial.compareTo(serial_low_bound) == 1) ) &&
-                     ((serial.compareTo(serial_upper_bound) == 0) || (serial.compareTo(serial_upper_bound) == -1) ))
-                {
+                if (((serial.compareTo(serial_low_bound) == 0) || (serial.compareTo(serial_low_bound) == 1)) &&
+                        ((serial.compareTo(serial_upper_bound) == 0) || (serial.compareTo(serial_upper_bound) == -1))) {
                     CMS.debug("getLastSerialNumberInRange returning: " + serial);
                     return serial;
                 }
@@ -164,24 +159,22 @@ public class CertificateRepository extends Repository
                 CMS.debug("getLastSerialNumberInRange:found null from getCertRecord");
             }
         }
-        
 
         BigInteger ret = new BigInteger(serial_low_bound.toString(10));
 
-        ret = ret.add(new BigInteger("-1")); 
+        ret = ret.add(new BigInteger("-1"));
 
         CMS.debug("CertificateRepository:getLastCertRecordSerialNo: returning " + ret);
-        return ret; 
+        return ret;
 
     }
 
     /**
      * Removes all objects with this repository.
      */
-    public void removeCertRecords(BigInteger beginS, BigInteger endS) throws EBaseException
-    {
+    public void removeCertRecords(BigInteger beginS, BigInteger endS) throws EBaseException {
         String filter = "(" + CertRecord.ATTR_CERT_STATUS + "=*" + ")";
-        ICertRecordList list =findCertRecordsInList(filter, 
+        ICertRecordList list = findCertRecordsInList(filter,
                     null, "serialno", 10);
         int size = list.getSize();
         Enumeration<ICertRecord> e = list.getCertRecords(0, size - 1);
@@ -192,8 +185,8 @@ public class CertificateRepository extends Repository
             BigInteger min = cur;
             if (endS != null)
                 min = cur.min(endS);
-            if (cur.equals(beginS) || cur.equals(endS) || 
-              (cur.equals(max) && cur.equals(min)))
+            if (cur.equals(beginS) || cur.equals(endS) ||
+                    (cur.equals(max) && cur.equals(min)))
                 deleteCertificateRecord(cur);
         }
     }
@@ -224,8 +217,8 @@ public class CertificateRepository extends Repository
 
     /**
      * interval value: (in seconds)
-     *   0 - disable
-     *   >0 - enable
+     * 0 - disable
+     * >0 - enable
      */
     public CertStatusUpdateThread mCertStatusUpdateThread = null;
     public RetrieveModificationsThread mRetrieveModificationsThread = null;
@@ -243,8 +236,8 @@ public class CertificateRepository extends Repository
             return;
         }
 
-        CMS.debug("In setCertStatusUpdateInterval  listenToCloneModifications="+listenToCloneModifications+
-                  "  mRetrieveModificationsThread="+mRetrieveModificationsThread);
+        CMS.debug("In setCertStatusUpdateInterval  listenToCloneModifications=" + listenToCloneModifications +
+                  "  mRetrieveModificationsThread=" + mRetrieveModificationsThread);
         if (listenToCloneModifications && mRetrieveModificationsThread == null) {
             CMS.debug("In setCertStatusUpdateInterval about to create RetrieveModificationsThread");
             mRetrieveModificationsThread = new RetrieveModificationsThread(this, "RetrieveModificationsThread");
@@ -273,7 +266,6 @@ public class CertificateRepository extends Repository
         }
     }
 
-
     /**
      * Blocking method.
      */
@@ -281,21 +273,21 @@ public class CertificateRepository extends Repository
 
         CMS.debug("In updateCertStatus()");
 
-        CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-            CMS.getLogMessage("CMSCORE_DBS_START_VALID_SEARCH"));
+        CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                CMS.getLogMessage("CMSCORE_DBS_START_VALID_SEARCH"));
         transitInvalidCertificates();
         CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-            CMS.getLogMessage("CMSCORE_DBS_FINISH_VALID_SEARCH"));
+                CMS.getLogMessage("CMSCORE_DBS_FINISH_VALID_SEARCH"));
         CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-            CMS.getLogMessage("CMSCORE_DBS_START_EXPIRED_SEARCH"));
+                CMS.getLogMessage("CMSCORE_DBS_START_EXPIRED_SEARCH"));
         transitValidCertificates();
         CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-            CMS.getLogMessage("CMSCORE_DBS_FINISH_EXPIRED_SEARCH"));
+                CMS.getLogMessage("CMSCORE_DBS_FINISH_EXPIRED_SEARCH"));
         CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-            CMS.getLogMessage("CMSCORE_DBS_START_REVOKED_EXPIRED_SEARCH"));
+                CMS.getLogMessage("CMSCORE_DBS_START_REVOKED_EXPIRED_SEARCH"));
         transitRevokedExpiredCertificates();
         CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-            CMS.getLogMessage("CMSCORE_DBS_FINISH_REVOKED_EXPIRED_SEARCH"));
+                CMS.getLogMessage("CMSCORE_DBS_FINISH_REVOKED_EXPIRED_SEARCH"));
     }
 
     /**
@@ -305,13 +297,14 @@ public class CertificateRepository extends Repository
         return mBaseDN;
     }
 
-    public void setRequestDN( String requestDN )  {
+    public void setRequestDN(String requestDN) {
         mRequestBaseDN = requestDN;
     }
 
-    public String getRequestDN()  {
+    public String getRequestDN() {
         return mRequestBaseDN;
     }
+
     /**
      * Retrieves backend database handle.
      */
@@ -324,18 +317,18 @@ public class CertificateRepository extends Repository
      * record contains four parts: certificate, meta-attributes,
      * issue information and reovcation information.
      * <P>
-     *
+     * 
      * @param cert X.509 certificate
      * @exception EBaseException failed to add new certificate to
-     * 		the repository
+     *                the repository
      */
     public void addCertificateRecord(ICertRecord record)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = "cn" + "=" +
-                ((CertRecord) record).getSerialNumber().toString() + "," + getDN();
+                    ((CertRecord) record).getSerialNumber().toString() + "," + getDN();
             SessionContext ctx = SessionContext.getContext();
             String uid = (String) ctx.get(SessionContext.USER_ID);
 
@@ -344,9 +337,9 @@ public class CertificateRepository extends Repository
                 record.set(CertRecord.ATTR_ISSUED_BY, "system");
 
                 /**
-                 System.out.println("XXX servlet should set USER_ID");
-                 throw new EBaseException(BaseResources.UNKNOWN_PRINCIPAL_1, 
-                 "null");
+                 * System.out.println("XXX servlet should set USER_ID");
+                 * throw new EBaseException(BaseResources.UNKNOWN_PRINCIPAL_1,
+                 * "null");
                  **/
             } else {
                 record.set(CertRecord.ATTR_ISSUED_BY, uid);
@@ -363,11 +356,11 @@ public class CertificateRepository extends Repository
 
                 if (x509cert.getNotBefore().after(now)) {
                     // not yet valid
-                    record.set(ICertRecord.ATTR_CERT_STATUS, 
-                        ICertRecord.STATUS_INVALID);
+                    record.set(ICertRecord.ATTR_CERT_STATUS,
+                            ICertRecord.STATUS_INVALID);
                 }
             }
-			
+
             s.add(name, record);
         } finally {
             if (s != null)
@@ -379,18 +372,18 @@ public class CertificateRepository extends Repository
      * Used by the Clone Master (CLA) to add a revoked certificate
      * record to the repository.
      * <p>
-     *
+     * 
      * @param record a CertRecord
      * @exception EBaseException failed to add new certificate to
-     * 		the repository
+     *                the repository
      */
     public void addRevokedCertRecord(CertRecord record)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = "cn" + "=" +
-                record.getSerialNumber().toString() + "," + getDN();
+                    record.getSerialNumber().toString() + "," + getDN();
 
             s.add(name, record);
         } finally {
@@ -431,7 +424,7 @@ public class CertificateRepository extends Repository
         for (i = 0; i < ltSize; i++) {
             obj = recList.getCertRecord(i);
 
-            if (obj != null) {     
+            if (obj != null) {
                 curRec = (CertRecord) obj;
 
                 Date notAfter = curRec.getNotAfter();
@@ -467,7 +460,7 @@ public class CertificateRepository extends Repository
     public void transitRevokedExpiredCertificates() throws EBaseException {
         Date now = CMS.getCurrentDate();
         ICertRecordList recList = getRevokedCertsByNotAfterDate(now, -1 * mTransitRecordPageSize);
-   
+
         int size = recList.getSize();
 
         if (size <= 0) {
@@ -506,7 +499,7 @@ public class CertificateRepository extends Repository
                 } else {
                     cList.add(curRec.getSerialNumber());
                 }
-            }  else {
+            } else {
                 CMS.debug("found null record in getCertRecord");
             }
         }
@@ -600,7 +593,7 @@ public class CertificateRepository extends Repository
             updateStatus(serial, newCertStatus);
 
             if (newCertStatus.equals(CertRecord.STATUS_REVOKED_EXPIRED)) {
-                
+
                 // inform all CRLIssuingPoints about revoked and expired certificate
 
                 Enumeration<ICRLIssuingPoint> eIPs = mCRLIssuingPoints.elements();
@@ -625,7 +618,7 @@ public class CertificateRepository extends Repository
      * Reads the certificate identified by the given serial no.
      */
     public X509CertImpl getX509Certificate(BigInteger serialNo)
-        throws EBaseException {
+            throws EBaseException {
         X509CertImpl cert = null;
         ICertRecord cr = readCertificateRecord(serialNo);
 
@@ -636,16 +629,16 @@ public class CertificateRepository extends Repository
      * Deletes certificate record.
      */
     public void deleteCertificateRecord(BigInteger serialNo)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = "cn" + "=" +
-                serialNo.toString() + "," + getDN();
+                    serialNo.toString() + "," + getDN();
 
             s.delete(name);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
     }
@@ -654,35 +647,35 @@ public class CertificateRepository extends Repository
      * Reads certificate from repository.
      */
     public ICertRecord readCertificateRecord(BigInteger serialNo)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         CertRecord rec = null;
 
         try {
             String name = "cn" + "=" +
-                serialNo.toString() + "," + getDN();
+                    serialNo.toString() + "," + getDN();
 
             rec = (CertRecord) s.read(name);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return rec;
     }
 
     public synchronized void modifyCertificateRecord(BigInteger serialNo,
-        ModificationSet mods) throws EBaseException {
+            ModificationSet mods) throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = "cn" + "=" +
-                serialNo.toString() + "," + getDN();
+                    serialNo.toString() + "," + getDN();
 
             mods.add(CertRecord.ATTR_MODIFY_TIME, Modification.MOD_REPLACE,
-                CMS.getCurrentDate());
+                    CMS.getCurrentDate());
             s.modify(name, mods);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
     }
@@ -691,7 +684,7 @@ public class CertificateRepository extends Repository
      * Checks if the specified certificate is in the repository.
      */
     public boolean containsCertificate(BigInteger serialNo)
-        throws EBaseException {
+            throws EBaseException {
         try {
             ICertRecord cr = readCertificateRecord(serialNo);
 
@@ -706,7 +699,7 @@ public class CertificateRepository extends Repository
      * Marks certificate as revoked.
      */
     public void markAsRevoked(BigInteger id, IRevocationInfo info)
-        throws EBaseException {
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
         mods.add(CertRecord.ATTR_REVO_INFO, Modification.MOD_ADD, info);
@@ -715,15 +708,15 @@ public class CertificateRepository extends Repository
 
         if (uid == null) {
             mods.add(CertRecord.ATTR_REVOKED_BY, Modification.MOD_ADD,
-                "system");
+                    "system");
         } else {
             mods.add(CertRecord.ATTR_REVOKED_BY, Modification.MOD_ADD,
-                uid);
+                    uid);
         }
         mods.add(CertRecord.ATTR_REVOKED_ON, Modification.MOD_ADD,
-            CMS.getCurrentDate());
+                CMS.getCurrentDate());
         mods.add(CertRecord.ATTR_CERT_STATUS, Modification.MOD_REPLACE,
-            CertRecord.STATUS_REVOKED);
+                CertRecord.STATUS_REVOKED);
         modifyCertificateRecord(id, mods);
     }
 
@@ -731,15 +724,15 @@ public class CertificateRepository extends Repository
      * Unmarks revoked certificate.
      */
     public void unmarkRevoked(BigInteger id, IRevocationInfo info,
-        Date revokedOn, String revokedBy)
-        throws EBaseException {
+            Date revokedOn, String revokedBy)
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
         mods.add(CertRecord.ATTR_REVO_INFO, Modification.MOD_DELETE, info);
         mods.add(CertRecord.ATTR_REVOKED_BY, Modification.MOD_DELETE, revokedBy);
         mods.add(CertRecord.ATTR_REVOKED_ON, Modification.MOD_DELETE, revokedOn);
         mods.add(CertRecord.ATTR_CERT_STATUS, Modification.MOD_REPLACE,
-            CertRecord.STATUS_VALID);
+                CertRecord.STATUS_VALID);
         modifyCertificateRecord(id, mods);
     }
 
@@ -747,17 +740,17 @@ public class CertificateRepository extends Repository
      * Updates the certificiate record status to the specified.
      */
     public void updateStatus(BigInteger id, String status)
-        throws EBaseException {
+            throws EBaseException {
         CMS.debug("updateStatus: " + id + " status " + status);
         ModificationSet mods = new ModificationSet();
 
         mods.add(CertRecord.ATTR_CERT_STATUS, Modification.MOD_REPLACE,
-            status);
+                status);
         modifyCertificateRecord(id, mods);
     }
 
     public Enumeration searchCertificates(String filter, int maxSize)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -765,14 +758,14 @@ public class CertificateRepository extends Repository
         try {
             e = s.search(getDN(), filter, maxSize);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     public Enumeration searchCertificates(String filter, int maxSize, int timeLimit)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -780,7 +773,7 @@ public class CertificateRepository extends Repository
         try {
             e = s.search(getDN(), filter, maxSize, timeLimit);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
@@ -788,39 +781,42 @@ public class CertificateRepository extends Repository
 
     /**
      * Returns a list of X509CertImp that satisfies the filter.
+     * 
      * @deprecated replaced by <code>findCertificatesInList</code>
      */
     public Enumeration findCertRecs(String filter)
-        throws EBaseException {
+            throws EBaseException {
         CMS.debug("findCertRecs " + filter);
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
         try {
             e = s.search(getDN(), filter);
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
         return e;
     }
 
     public Enumeration findCertRecs(String filter, String[] attrs)
-        throws EBaseException {
+            throws EBaseException {
 
-        CMS.debug( "findCertRecs " + filter
-                 + "attrs " + Arrays.toString( attrs ) );
+        CMS.debug("findCertRecs " + filter
+                 + "attrs " + Arrays.toString(attrs));
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
         try {
             e = s.search(getDN(), filter, attrs);
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
         return e;
 
     }
 
     public Enumeration<X509CertImpl> findCertificates(String filter)
-        throws EBaseException {
+            throws EBaseException {
         Enumeration e = findCertRecords(filter);
         Vector<X509CertImpl> v = new Vector<X509CertImpl>();
 
@@ -839,7 +835,7 @@ public class CertificateRepository extends Repository
      * use this.
      */
     public Enumeration findCertRecords(String filter)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -852,7 +848,7 @@ public class CertificateRepository extends Repository
 
             e = list.getCertRecords(0, size - 1);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
@@ -861,6 +857,7 @@ public class CertificateRepository extends Repository
     /**
      * Finds certificate records. Here is a list of filter
      * attribute can be used:
+     * 
      * <pre>
      *   certRecordId
      *   certMetaInfo
@@ -871,49 +868,51 @@ public class CertificateRepository extends Repository
      *   x509Cert.notAfter
      *   x509Cert.subject
      * </pre>
+     * 
      * The filter should follow RFC1558 LDAP filter syntax.
      * For example,
+     * 
      * <pre>
      *   (&(certRecordId=5)(x509Cert.notBefore=934398398))
      * </pre>
      */
-    public ICertRecordList findCertRecordsInList(String filter, 
-        String attrs[], int pageSize) throws EBaseException {
-        return findCertRecordsInList(filter, attrs, CertRecord.ATTR_ID, 
+    public ICertRecordList findCertRecordsInList(String filter,
+            String attrs[], int pageSize) throws EBaseException {
+        return findCertRecordsInList(filter, attrs, CertRecord.ATTR_ID,
                 pageSize);
     }
 
-    public ICertRecordList findCertRecordsInList(String filter, 
-        String attrs[], String sortKey, int pageSize) 
-        throws EBaseException {
+    public ICertRecordList findCertRecordsInList(String filter,
+            String attrs[], String sortKey, int pageSize)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         CMS.debug("In findCertRecordsInList");
         CertRecordList list = null;
 
         try {
-            IDBVirtualList<ICertRecord> vlist =  s.createVirtualList(getDN(), filter, attrs,
+            IDBVirtualList<ICertRecord> vlist = s.createVirtualList(getDN(), filter, attrs,
                     sortKey, pageSize);
 
             list = new CertRecordList(vlist);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return list;
     }
 
-    public ICertRecordList findCertRecordsInList(String filter, 
-		 String attrs[], String jumpTo, String sortKey, int pageSize)
-        throws EBaseException {
-	return findCertRecordsInList(filter, attrs, jumpTo, false, sortKey, pageSize);
+    public ICertRecordList findCertRecordsInList(String filter,
+            String attrs[], String jumpTo, String sortKey, int pageSize)
+            throws EBaseException {
+        return findCertRecordsInList(filter, attrs, jumpTo, false, sortKey, pageSize);
 
     }
 
-    public ICertRecordList findCertRecordsInList(String filter, 
-		 String attrs[], String jumpTo, boolean hardJumpTo,
-						 String sortKey, int pageSize)
-        throws EBaseException {
+    public ICertRecordList findCertRecordsInList(String filter,
+            String attrs[], String jumpTo, boolean hardJumpTo,
+                         String sortKey, int pageSize)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         CertRecordList list = null;
 
@@ -921,33 +920,33 @@ public class CertificateRepository extends Repository
         try {
             String jumpToVal = null;
 
-	    if (hardJumpTo) {
-        CMS.debug("In findCertRecordsInList with hardJumpto ");
-		jumpToVal = "99";
-	    } else {
-            int len = jumpTo.length();
-
-            if (len > 9) {
-                jumpToVal = Integer.toString(len) + jumpTo;
+            if (hardJumpTo) {
+                CMS.debug("In findCertRecordsInList with hardJumpto ");
+                jumpToVal = "99";
             } else {
-                jumpToVal = "0" + Integer.toString(len) + jumpTo;
+                int len = jumpTo.length();
+
+                if (len > 9) {
+                    jumpToVal = Integer.toString(len) + jumpTo;
+                } else {
+                    jumpToVal = "0" + Integer.toString(len) + jumpTo;
+                }
             }
-	    }
 
-            IDBVirtualList<ICertRecord> vlist =  s.createVirtualList(getDN(), filter,
+            IDBVirtualList<ICertRecord> vlist = s.createVirtualList(getDN(), filter,
                     attrs, jumpToVal, sortKey, pageSize);
 
             list = new CertRecordList(vlist);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return list;
     }
 
     public ICertRecordList findCertRecordsInListRawJumpto(String filter,
-        String attrs[], String jumpTo, String sortKey, int pageSize)
-        throws EBaseException {
+            String attrs[], String jumpTo, String sortKey, int pageSize)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         CertRecordList list = null;
 
@@ -955,7 +954,7 @@ public class CertificateRepository extends Repository
 
         try {
 
-            IDBVirtualList<ICertRecord> vlist =  s.createVirtualList(getDN(), filter,
+            IDBVirtualList<ICertRecord> vlist = s.createVirtualList(getDN(), filter,
                     attrs, jumpTo, sortKey, pageSize);
 
             list = new CertRecordList(vlist);
@@ -970,44 +969,44 @@ public class CertificateRepository extends Repository
      * Marks certificate as renewable.
      */
     public void markCertificateAsRenewable(ICertRecord record)
-        throws EBaseException {
+            throws EBaseException {
         changeRenewalAttribute(((CertRecord) record).getSerialNumber().toString(),
-            CertRecord.AUTO_RENEWAL_ENABLED);
+                CertRecord.AUTO_RENEWAL_ENABLED);
     }
 
     /**
      * Marks certificate as renewable.
      */
     public void markCertificateAsNotRenewable(ICertRecord record)
-        throws EBaseException {
+            throws EBaseException {
         changeRenewalAttribute(((CertRecord) record).getSerialNumber().toString(),
-            CertRecord.AUTO_RENEWAL_DISABLED);
+                CertRecord.AUTO_RENEWAL_DISABLED);
     }
 
     public void markCertificateAsRenewed(String serialNo)
-        throws EBaseException {
+            throws EBaseException {
         changeRenewalAttribute(serialNo, CertRecord.AUTO_RENEWAL_DONE);
     }
 
     public void markCertificateAsRenewalNotified(String serialNo)
-        throws EBaseException {
+            throws EBaseException {
         changeRenewalAttribute(serialNo, CertRecord.AUTO_RENEWAL_NOTIFIED);
     }
 
     private void changeRenewalAttribute(String serialno, String value)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = "cn" + "=" + serialno +
-                "," + getDN();
+                    "," + getDN();
             ModificationSet mods = new ModificationSet();
 
             mods.add(CertRecord.ATTR_AUTO_RENEW, Modification.MOD_REPLACE,
-                value);
+                    value);
             s.modify(name, mods);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
     }
@@ -1018,6 +1017,7 @@ public class CertificateRepository extends Repository
     public class RenewableCertificateCollection {
         Vector<Object> mToRenew = null;
         Vector<Object> mToNotify = null;
+
         public RenewableCertificateCollection() {
         }
 
@@ -1044,20 +1044,20 @@ public class CertificateRepository extends Repository
     }
 
     public Hashtable<String, RenewableCertificateCollection> getRenewableCertificates(String renewalTime)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         Hashtable<String, RenewableCertificateCollection> tab = null;
 
         try {
             String filter = "(&(" + CertRecord.ATTR_CERT_STATUS + "=" +
-                CertRecord.STATUS_VALID + ")("
-                + CertRecord.ATTR_X509CERT +
-                "." + CertificateValidity.NOT_AFTER + "<=" + renewalTime +
-                ")(!(" + CertRecord.ATTR_AUTO_RENEW + "=" +
-                CertRecord.AUTO_RENEWAL_DONE +
-                "))(!(" + CertRecord.ATTR_AUTO_RENEW + "=" +
-                CertRecord.AUTO_RENEWAL_NOTIFIED + ")))";
+                    CertRecord.STATUS_VALID + ")("
+                    + CertRecord.ATTR_X509CERT +
+                    "." + CertificateValidity.NOT_AFTER + "<=" + renewalTime +
+                    ")(!(" + CertRecord.ATTR_AUTO_RENEW + "=" +
+                    CertRecord.AUTO_RENEWAL_DONE +
+                    "))(!(" + CertRecord.ATTR_AUTO_RENEW + "=" +
+                    CertRecord.AUTO_RENEWAL_NOTIFIED + ")))";
             //Enumeration e = s.search(getDN(), filter);
             ICertRecordList list = null;
 
@@ -1077,7 +1077,7 @@ public class CertificateRepository extends Repository
 
                 if ((val = tab.get(subjectDN)) == null) {
                     RenewableCertificateCollection collection =
-                        new RenewableCertificateCollection();
+                            new RenewableCertificateCollection();
 
                     collection.addCertificate(renewalFlag, cert);
                     tab.put(subjectDN, collection);
@@ -1086,7 +1086,7 @@ public class CertificateRepository extends Repository
                 }
             }
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return tab;
@@ -1095,14 +1095,14 @@ public class CertificateRepository extends Repository
     /**
      * Gets all valid and unexpired certificates pertaining
      * to a subject DN.
-     *
-     * @param subjectDN	The distinguished name of the subject.
-     * @param validityType	The type of certificates to get.
+     * 
+     * @param subjectDN The distinguished name of the subject.
+     * @param validityType The type of certificates to get.
      * @return An array of certificates.
      */
 
     public X509CertImpl[] getX509Certificates(String subjectDN,
-        int validityType) throws EBaseException {
+            int validityType) throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         X509CertImpl certs[] = null;
@@ -1110,7 +1110,7 @@ public class CertificateRepository extends Repository
         try {
             // XXX - not checking validityType...
             String filter = "(&(" + CertRecord.ATTR_X509CERT +
-                "." + X509CertInfo.SUBJECT + "=" + subjectDN;
+                    "." + X509CertInfo.SUBJECT + "=" + subjectDN;
 
             if (validityType == ALL_VALID_CERTS) {
                 filter += ")(" +
@@ -1145,14 +1145,14 @@ public class CertificateRepository extends Repository
             certs = new X509CertImpl[v.size()];
             v.copyInto(certs);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return certs;
     }
 
     public X509CertImpl[] getX509Certificates(String filter)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         X509CertImpl certs[] = null;
@@ -1182,7 +1182,7 @@ public class CertificateRepository extends Repository
                 v.copyInto(certs);
             }
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return certs;
@@ -1190,82 +1190,83 @@ public class CertificateRepository extends Repository
 
     /**
      * Retrives all valid certificates excluding ones already revoked.
-     * @param from	The starting point of the serial number range.
-     * @param to	The ending point of the serial number range.
+     * 
+     * @param from The starting point of the serial number range.
+     * @param to The ending point of the serial number range.
      */
     public Enumeration<CertRecord> getValidCertificates(String from, String to)
-		throws EBaseException {
-			IDBSSession s = mDBService.createSession();
-			Vector<CertRecord> v = new Vector<CertRecord>();
+            throws EBaseException {
+        IDBSSession s = mDBService.createSession();
+        Vector<CertRecord> v = new Vector<CertRecord>();
 
-			try {
+        try {
 
-				// 'from' determines 'jumpto' value
-				// 'to' determines where to stop looking
+            // 'from' determines 'jumpto' value
+            // 'to' determines where to stop looking
 
-				String ldapfilter = "(certstatus=VALID)";
+            String ldapfilter = "(certstatus=VALID)";
 
-                String fromVal = "0";
-                try {
-                    if (from != null) {
-                      int fv = Integer.parseInt(from);
-                      fromVal = from;
-                    }
-                } catch (Exception e1) {
-                   // from is not integer
+            String fromVal = "0";
+            try {
+                if (from != null) {
+                    int fv = Integer.parseInt(from);
+                    fromVal = from;
                 }
+            } catch (Exception e1) {
+                // from is not integer
+            }
 
-				ICertRecordList list = 
-					findCertRecordsInList(ldapfilter, null, fromVal, "serialno", 40);
+            ICertRecordList list =
+                    findCertRecordsInList(ldapfilter, null, fromVal, "serialno", 40);
 
-				BigInteger toInt = null;
-                if (to != null && !to.trim().equals("")) {
-                  toInt = new BigInteger(to);
-                }
+            BigInteger toInt = null;
+            if (to != null && !to.trim().equals("")) {
+                toInt = new BigInteger(to);
+            }
 
-				for (int i=0;; i++) {
-					CertRecord rec = (CertRecord) list.getCertRecord(i);
-					CMS.debug("processing record: "+i);
-					if (rec == null) {
-                         break; // no element returned
-                    } else {
-
-					     CMS.debug("processing record: "+i+" "+rec.getSerialNumber());
-						// Check if we are past the 'to' marker
-                        if (toInt != null) {
-						  if (rec.getSerialNumber().compareTo(toInt) > 0) {
-							break;
-						  }
+            for (int i = 0;; i++) {
+                CertRecord rec = (CertRecord) list.getCertRecord(i);
+                CMS.debug("processing record: " + i);
+                if (rec == null) {
+                    break; // no element returned
+                } else {
+
+                    CMS.debug("processing record: " + i + " " + rec.getSerialNumber());
+                    // Check if we are past the 'to' marker
+                    if (toInt != null) {
+                        if (rec.getSerialNumber().compareTo(toInt) > 0) {
+                            break;
                         }
-						v.addElement(rec);
-					}
-				}
-
-			} finally {
-				if (s != null) 
-					s.close();
-			}
-			CMS.debug("returning "+v.size()+" elements");
-			return v.elements();
-		}
+                    }
+                    v.addElement(rec);
+                }
+            }
+
+        } finally {
+            if (s != null)
+                s.close();
+        }
+        CMS.debug("returning " + v.size() + " elements");
+        return v.elements();
+    }
 
     /**
      * Retrives all valid certificates excluding ones already revoked.
      */
     public Enumeration getAllValidCertificates()
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
         try {
             Date now = CMS.getCurrentDate();
             String ldapfilter = "(&(!(" + CertRecord.ATTR_REVO_INFO + "=*))(" +
-                CertRecord.ATTR_X509CERT + "." +
-                CertificateValidity.NOT_BEFORE + "<=" +
-                DateMapper.dateToDB(now) + ")(" +
-                CertRecord.ATTR_X509CERT + "." +
-                CertificateValidity.NOT_AFTER + ">=" +
-                DateMapper.dateToDB(now) + "))";
+                    CertRecord.ATTR_X509CERT + "." +
+                    CertificateValidity.NOT_BEFORE + "<=" +
+                    DateMapper.dateToDB(now) + ")(" +
+                    CertRecord.ATTR_X509CERT + "." +
+                    CertificateValidity.NOT_AFTER + ">=" +
+                    DateMapper.dateToDB(now) + "))";
             //e = s.search(getDN(), ldapfilter);
             ICertRecordList list = null;
 
@@ -1273,23 +1274,24 @@ public class CertificateRepository extends Repository
             int size = list.getSize();
 
             e = list.getCertRecords(0, size - 1);
-								 
+
         } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     /**
-     * Retrives all valid not published certificates 
+     * Retrives all valid not published certificates
      * excluding ones already revoked.
-     * @param from	The starting point of the serial number range.
-     * @param to	The ending point of the serial number range.
+     * 
+     * @param from The starting point of the serial number range.
+     * @param to The ending point of the serial number range.
      */
     public Enumeration getValidNotPublishedCertificates(String from, String to)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -1318,35 +1320,35 @@ public class CertificateRepository extends Repository
             int size = list.getSize();
 
             e = list.getCertRecords(0, size - 1);
-								 
+
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     /**
-     * Retrives all valid not published certificates 
+     * Retrives all valid not published certificates
      * excluding ones already revoked.
      */
     public Enumeration getAllValidNotPublishedCertificates()
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
         try {
             Date now = CMS.getCurrentDate();
             String ldapfilter = "(&(!(" + CertRecord.ATTR_REVO_INFO + "=*))(" +
-                CertRecord.ATTR_X509CERT + "." +
-                CertificateValidity.NOT_BEFORE + "<=" +
-                DateMapper.dateToDB(now) + ")(" +
-                CertRecord.ATTR_X509CERT + "." +
-                CertificateValidity.NOT_AFTER + ">=" +
-                DateMapper.dateToDB(now) + ")(!(" +
-                "certMetainfo=" +
-                CertRecord.META_LDAPPUBLISH +
-                ":true)))";
+                    CertRecord.ATTR_X509CERT + "." +
+                    CertificateValidity.NOT_BEFORE + "<=" +
+                    DateMapper.dateToDB(now) + ")(" +
+                    CertRecord.ATTR_X509CERT + "." +
+                    CertificateValidity.NOT_AFTER + ">=" +
+                    DateMapper.dateToDB(now) + ")(!(" +
+                    "certMetainfo=" +
+                    CertRecord.META_LDAPPUBLISH +
+                    ":true)))";
             //e = s.search(getDN(), ldapfilter);
             ICertRecordList list = null;
 
@@ -1354,10 +1356,10 @@ public class CertificateRepository extends Repository
             int size = list.getSize();
 
             e = list.getCertRecords(0, size - 1);
-								 
+
         } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
@@ -1365,11 +1367,12 @@ public class CertificateRepository extends Repository
 
     /**
      * Retrives all expired certificates.
-     * @param from	The starting point of the serial number range.
-     * @param to	The ending point of the serial number range.
+     * 
+     * @param from The starting point of the serial number range.
+     * @param to The ending point of the serial number range.
      */
     public Enumeration getExpiredCertificates(String from, String to)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -1385,16 +1388,16 @@ public class CertificateRepository extends Repository
                     CertificateValidity.NOT_AFTER + ">=" +
                     DateMapper.dateToDB(now) + ")))";
             //e = s.search(getDN(), ldapfilter);
-								 
+
             ICertRecordList list = null;
 
             list = findCertRecordsInList(ldapfilter, null, "serialno", 10);
             int size = list.getSize();
 
             e = list.getCertRecords(0, size - 1);
-        } finally { 
+        } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
@@ -1404,15 +1407,15 @@ public class CertificateRepository extends Repository
      * Retrives all expired certificates.
      */
     public Enumeration getAllExpiredCertificates()
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
         try {
             Date now = CMS.getCurrentDate();
             String ldapfilter = "(!(" + CertRecord.ATTR_X509CERT + "." +
-                CertificateValidity.NOT_AFTER + ">=" +
-                DateMapper.dateToDB(now) + "))";
+                    CertificateValidity.NOT_AFTER + ">=" +
+                    DateMapper.dateToDB(now) + "))";
             //e = s.search(getDN(), ldapfilter);
             ICertRecordList list = null;
 
@@ -1420,10 +1423,10 @@ public class CertificateRepository extends Repository
             int size = list.getSize();
 
             e = list.getCertRecords(0, size - 1);
-								 
-        } finally { 
+
+        } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
@@ -1431,11 +1434,12 @@ public class CertificateRepository extends Repository
 
     /**
      * Retrives all expired published certificates.
-     * @param from	The starting point of the serial number range.
-     * @param to	The ending point of the serial number range.
+     * 
+     * @param from The starting point of the serial number range.
+     * @param to The ending point of the serial number range.
      */
     public Enumeration getExpiredPublishedCertificates(String from, String to)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -1455,16 +1459,16 @@ public class CertificateRepository extends Repository
                     CertRecord.META_LDAPPUBLISH +
                     ":true))";
             //e = s.search(getDN(), ldapfilter);
-								 
+
             ICertRecordList list = null;
 
             list = findCertRecordsInList(ldapfilter, null, "serialno", 10);
             int size = list.getSize();
 
             e = list.getCertRecords(0, size - 1);
-        } finally { 
+        } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
@@ -1474,7 +1478,7 @@ public class CertificateRepository extends Repository
      * Retrives all expired publishedcertificates.
      */
     public Enumeration getAllExpiredPublishedCertificates()
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -1488,7 +1492,7 @@ public class CertificateRepository extends Repository
             ldapfilter += "(certMetainfo=" +
                     CertRecord.META_LDAPPUBLISH +
                     ":true))";
-		
+
             //e = s.search(getDN(), ldapfilter);
             ICertRecordList list = null;
 
@@ -1496,17 +1500,17 @@ public class CertificateRepository extends Repository
             int size = list.getSize();
 
             e = list.getCertRecords(0, size - 1);
-								 
-        } finally { 
+
+        } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     public ICertRecordList getInvalidCertsByNotBeforeDate(Date date, int pageSize)
-        throws EBaseException {
+            throws EBaseException {
 
         String now = null;
 
@@ -1521,7 +1525,7 @@ public class CertificateRepository extends Repository
             String[] attrs = null;
 
             if (mConsistencyCheck == false) {
-                attrs = new String[] { "objectclass", CertRecord.ATTR_ID, CertRecord.ATTR_X509CERT};
+                attrs = new String[] { "objectclass", CertRecord.ATTR_ID, CertRecord.ATTR_X509CERT };
             }
 
             CMS.debug("getInvalidCertificatesByNotBeforeDate filter " + ldapfilter);
@@ -1536,7 +1540,6 @@ public class CertificateRepository extends Repository
         } finally {
             // XXX - transaction is not done at this moment
 
-
             CMS.debug("In getInvalidCertsByNotBeforeDate finally.");
 
             if (s != null)
@@ -1547,7 +1550,7 @@ public class CertificateRepository extends Repository
     }
 
     public ICertRecordList getValidCertsByNotAfterDate(Date date, int pageSize)
-        throws EBaseException {
+            throws EBaseException {
 
         String now = null;
 
@@ -1560,7 +1563,7 @@ public class CertificateRepository extends Repository
             String[] attrs = null;
 
             if (mConsistencyCheck == false) {
-                attrs = new String[] { "objectclass", CertRecord.ATTR_ID, CertRecord.ATTR_X509CERT};
+                attrs = new String[] { "objectclass", CertRecord.ATTR_ID, CertRecord.ATTR_X509CERT };
             }
 
             CMS.debug("getValidCertsByNotAfterDate filter " + ldapfilter);
@@ -1577,7 +1580,7 @@ public class CertificateRepository extends Repository
     }
 
     public ICertRecordList getRevokedCertsByNotAfterDate(Date date, int pageSize)
-        throws EBaseException {
+            throws EBaseException {
 
         ICertRecordList list = null;
         IDBSSession s = mDBService.createSession();
@@ -1589,7 +1592,7 @@ public class CertificateRepository extends Repository
 
             if (mConsistencyCheck == false) {
                 attrs = new String[] { "objectclass", CertRecord.ATTR_REVOKED_ON, CertRecord.ATTR_ID,
-                            CertRecord.ATTR_REVO_INFO, CertificateValidity.NOT_AFTER, CertRecord.ATTR_X509CERT};
+                            CertRecord.ATTR_REVO_INFO, CertificateValidity.NOT_AFTER, CertRecord.ATTR_X509CERT };
             }
 
             CMS.debug("getRevokedCertificatesByNotAfterDate filter " + ldapfilter);
@@ -1602,21 +1605,21 @@ public class CertificateRepository extends Repository
         } finally {
             // XXX - transaction is not done at this moment
 
-
             if (s != null)
                 s.close();
         }
         return list;
 
     }
-    
+
     /**
-     * Retrieves all revoked certificates in the serial number range. 
-     * @param from	The starting point of the serial number range.
-     * @param to	The ending point of the serial number range.
+     * Retrieves all revoked certificates in the serial number range.
+     * 
+     * @param from The starting point of the serial number range.
+     * @param to The ending point of the serial number range.
      */
     public Enumeration getRevokedCertificates(String from, String to)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -1637,18 +1640,18 @@ public class CertificateRepository extends Repository
             e = list.getCertRecords(0, size - 1);
         } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     /**
-     * Retrives all revoked certificates including ones already expired or 
+     * Retrives all revoked certificates including ones already expired or
      * not yet valid.
      */
     public Enumeration getAllRevokedCertificates()
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
         String ldapfilter = "(|(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index is setup for this filter
@@ -1662,19 +1665,20 @@ public class CertificateRepository extends Repository
 
             e = list.getCertRecords(0, size - 1);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     /**
-     * Retrieves all revoked publishedcertificates in the serial number range. 
-     * @param from	The starting point of the serial number range.
-     * @param to	The ending point of the serial number range.
+     * Retrieves all revoked publishedcertificates in the serial number range.
+     * 
+     * @param from The starting point of the serial number range.
+     * @param to The ending point of the serial number range.
      */
     public Enumeration getRevokedPublishedCertificates(String from, String to)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -1685,7 +1689,7 @@ public class CertificateRepository extends Repository
                 ldapfilter += "(" + CertRecord.ATTR_ID + ">=" + from + ")";
             if (to != null && to.length() > 0)
                 ldapfilter += "(" + CertRecord.ATTR_ID + "<=" + to + ")";
-                //ldapfilter += ")";
+            //ldapfilter += ")";
             ldapfilter += "(certMetainfo=" +
                     CertRecord.META_LDAPPUBLISH +
                     ":true))";
@@ -1698,18 +1702,18 @@ public class CertificateRepository extends Repository
             e = list.getCertRecords(0, size - 1);
         } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     /**
-     * Retrives all revoked published certificates including ones 
+     * Retrives all revoked published certificates including ones
      * already expired or not yet valid.
      */
     public Enumeration getAllRevokedPublishedCertificates()
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
         String ldapfilter = "(&(|(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index is setup for this filter
@@ -1726,17 +1730,17 @@ public class CertificateRepository extends Repository
 
             e = list.getCertRecords(0, size - 1);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     /**
-     * Retrieves all revoked certificates that have not expired. 
+     * Retrieves all revoked certificates that have not expired.
      */
     public Enumeration getRevokedCertificates(Date asOfDate)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -1747,9 +1751,9 @@ public class CertificateRepository extends Repository
              "." +  CertificateValidity.NOT_AFTER + " >= " +
              DateMapper.dateToDB(asOfDate) + "))");*/
             String ldapfilter = "(&(" +
-                CertRecord.ATTR_REVO_INFO + "=*)(" + CertRecord.ATTR_X509CERT +
-                "." + CertificateValidity.NOT_AFTER + " >= " +
-                DateMapper.dateToDB(asOfDate) + "))";
+                    CertRecord.ATTR_REVO_INFO + "=*)(" + CertRecord.ATTR_X509CERT +
+                    "." + CertificateValidity.NOT_AFTER + " >= " +
+                    DateMapper.dateToDB(asOfDate) + "))";
             ICertRecordList list = null;
 
             list = findCertRecordsInList(ldapfilter, null, "serialno", 10);
@@ -1758,7 +1762,7 @@ public class CertificateRepository extends Repository
             e = list.getCertRecords(0, size - 1);
         } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
@@ -1768,7 +1772,7 @@ public class CertificateRepository extends Repository
      * Retrives all revoked certificates excluing ones already expired.
      */
     public Enumeration getAllRevokedNonExpiredCertificates()
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
         String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")"; // index is setup for this filter
@@ -1782,14 +1786,14 @@ public class CertificateRepository extends Repository
 
             e = list.getCertRecords(0, size - 1);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     private LDAPSearchResults startSearchForModifiedCertificateRecords()
-        throws EBaseException {
+            throws EBaseException {
         CMS.debug("startSearchForModifiedCertificateRecords");
         LDAPSearchResults r = null;
         IDBSSession s = mDBService.createSession();
@@ -1799,9 +1803,9 @@ public class CertificateRepository extends Repository
             r = s.persistentSearch(getDN(), filter, null);
             CMS.debug("startSearchForModifiedCertificateRecords  persistentSearch started");
         } catch (Exception e) {
-            CMS.debug("startSearchForModifiedCertificateRecords  persistentSearch Exception="+e);
+            CMS.debug("startSearchForModifiedCertificateRecords  persistentSearch Exception=" + e);
             r = null;
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return r;
@@ -1809,20 +1813,20 @@ public class CertificateRepository extends Repository
 
     public void getModifications(LDAPEntry entry) {
         if (entry != null) {
-            CMS.debug("getModifications  entry DN="+entry.getDN());
+            CMS.debug("getModifications  entry DN=" + entry.getDN());
 
             LDAPAttributeSet entryAttrs = entry.getAttributeSet();
             ICertRecord certRec = null;
             try {
-                certRec = (ICertRecord)mDBService.getRegistry().createObject(entryAttrs);
+                certRec = (ICertRecord) mDBService.getRegistry().createObject(entryAttrs);
             } catch (Exception e) {
             }
             if (certRec != null) {
                 String status = certRec.getStatus();
-                CMS.debug("getModifications  serialNumber="+certRec.getSerialNumber()+
-                          "  status="+status);
+                CMS.debug("getModifications  serialNumber=" + certRec.getSerialNumber() +
+                          "  status=" + status);
                 if (status != null && (status.equals(ICertRecord.STATUS_VALID) ||
-                    status.equals(ICertRecord.STATUS_REVOKED))) {
+                        status.equals(ICertRecord.STATUS_REVOKED))) {
 
                     Enumeration<ICRLIssuingPoint> eIPs = mCRLIssuingPoints.elements();
 
@@ -1834,7 +1838,7 @@ public class CertificateRepository extends Repository
                                 IRevocationInfo rInfo = certRec.getRevocationInfo();
                                 if (rInfo != null) {
                                     ip.addRevokedCert(certRec.getSerialNumber(),
-                                        new RevokedCertImpl(certRec.getSerialNumber(),
+                                            new RevokedCertImpl(certRec.getSerialNumber(),
                                                             rInfo.getRevocationDate(),
                                                             rInfo.getCRLEntryExtensions()));
                                 }
@@ -1851,16 +1855,15 @@ public class CertificateRepository extends Repository
         }
     }
 
-
     /**
      * Checks if the presented certificate belongs to the repository
      * and is revoked.
-     *
-     * @param cert	certificate to verify.
+     * 
+     * @param cert certificate to verify.
      * @return RevocationInfo if the presented certificate is revoked otherwise null.
      */
     public RevocationInfo isCertificateRevoked(X509CertImpl cert)
-        throws EBaseException {
+            throws EBaseException {
         RevocationInfo info = null;
 
         // 615932
@@ -1885,8 +1888,8 @@ public class CertificateRepository extends Repository
                     }
 
                     if (certEncoded != null &&
-                        repCertEncoded != null &&
-                        certEncoded.length == repCertEncoded.length) {
+                            repCertEncoded != null &&
+                            certEncoded.length == repCertEncoded.length) {
                         int i;
 
                         for (i = 0; i < certEncoded.length; i++) {
@@ -1913,7 +1916,6 @@ public class CertificateRepository extends Repository
     }
 }
 
-
 class CertStatusUpdateThread extends Thread {
     CertificateRepository _cr = null;
     IRepository _rr = null;
@@ -1965,7 +1967,6 @@ class CertStatusUpdateThread extends Thread {
     }
 }
 
-
 class RetrieveModificationsThread extends Thread {
     CertificateRepository _cr = null;
     LDAPSearchResults _results = null;
@@ -1992,7 +1993,7 @@ class RetrieveModificationsThread extends Thread {
                     _cr.getModifications(entry);
                 }
             } catch (LDAPException e) {
-                CMS.debug("LDAPException: "+e.toString());
+                CMS.debug("LDAPException: " + e.toString());
             }
         } else {
             CMS.debug("_results are null");
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/DBRegistry.java b/pki/base/common/src/com/netscape/cmscore/dbs/DBRegistry.java
index 65b1039d..20e40a8e 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/DBRegistry.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/DBRegistry.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Iterator;
@@ -37,22 +36,21 @@ import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.dbs.IDBRegistry;
 import com.netscape.certsrv.dbs.IFilterConverter;
 import com.netscape.certsrv.logging.ILogger;
- 
 
 /**
  * A class represents a registry where all the
- * schema (object classes and attribute) information 
+ * schema (object classes and attribute) information
  * is stored.
- *
+ * 
  * Attribute mappers can be registered with this
  * registry.
- *
+ * 
  * Given the schema information stored, this registry
  * has knowledge to convert a Java object into a
  * LDAPAttributeSet or vice versa.
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class DBRegistry implements IDBRegistry, ISubsystem {
 
@@ -87,17 +85,17 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
     }
 
     /**
-     * Initializes the internal registery. Connects to the 
-     * data source, and create a pool of connection of which 
+     * Initializes the internal registery. Connects to the
+     * data source, and create a pool of connection of which
      * applications can use. Optionally, check the integrity
      * of the database.
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         mConfig = config;
         mConverter = new LdapFilterConverter(mAttrufNames);
     }
-	
+
     /**
      * Retrieves configuration store.
      */
@@ -128,14 +126,14 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
      * Registers object class.
      */
     public void registerObjectClass(String className, String ldapNames[])
-        throws EDBException {
+            throws EDBException {
         try {
             Class<?> c = Class.forName(className);
 
             mOCclassNames.put(className, ldapNames);
             mOCldapNames.put(sortAndConcate(
-                    ldapNames).toLowerCase(), 
-                new NameAndObject(className, c));
+                    ldapNames).toLowerCase(),
+                    new NameAndObject(className, c));
         } catch (ClassNotFoundException e) {
 
             /*LogDoc
@@ -145,7 +143,7 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
              * @message DBRegistry: <exception thrown>
              */
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB,
-                ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+                    ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
             throw new EDBException(
                     CMS.getUserMessage("CMS_DBS_INVALID_CLASS_NAME", className));
         }
@@ -161,8 +159,8 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
     /**
      * Registers attribute mapper.
      */
-    public void registerAttribute(String ufName, IDBAttrMapper mapper) 
-        throws EDBException {
+    public void registerAttribute(String ufName, IDBAttrMapper mapper)
+            throws EDBException {
         // should not allows 'objectclass' as attribute; it has
         // special meaning
         mAttrufNames.put(ufName.toLowerCase(), mapper);
@@ -183,6 +181,7 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
      * Creates LDAP-based search filters with help of
      * registered mappers.
      * Parses filter from filter string specified in RFC1558.
+     * 
      * <pre>
      * <filter> ::= '(' <filtercomp> ')'
      * <filtercomp> ::= <and> | <or> | <not> | <item>
@@ -209,37 +208,37 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
         return getFilter(filter, mConverter);
     }
 
-    public String getFilter(String filter, IFilterConverter c) 
-        throws EBaseException {
+    public String getFilter(String filter, IFilterConverter c)
+            throws EBaseException {
         String f = filter;
 
         f = f.trim();
         if (f.startsWith("(") && f.endsWith(")")) {
-            return "(" + getFilterComp(f.substring(1, 
+            return "(" + getFilterComp(f.substring(1,
                         f.length() - 1), c) + ")";
         } else {
             return getFilterComp(filter, c);
         }
     }
 
-    private String getFilterComp(String f, IFilterConverter c) 
-        throws EBaseException {
+    private String getFilterComp(String f, IFilterConverter c)
+            throws EBaseException {
         f = f.trim();
-        if (f.startsWith("&")) {        // AND operation
-            return "&" + getFilterList(f.substring(1, 
+        if (f.startsWith("&")) { // AND operation
+            return "&" + getFilterList(f.substring(1,
                         f.length()), c);
         } else if (f.startsWith("|")) { // OR operation
-            return "|" + getFilterList(f.substring(1, 
+            return "|" + getFilterList(f.substring(1,
                         f.length()), c);
         } else if (f.startsWith("!")) { // NOT operation
             return "!" + getFilter(f.substring(1, f.length()), c);
-        } else {                        // item
+        } else { // item
             return getFilterItem(f, c);
         }
     }
-	
-    private String getFilterList(String f, IFilterConverter c) 
-        throws EBaseException {
+
+    private String getFilterList(String f, IFilterConverter c)
+            throws EBaseException {
         f = f.trim();
         int level = 0;
         int start = 0;
@@ -274,8 +273,8 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
     /**
      * So, here we need to separate item into name, op, value.
      */
-    private String getFilterItem(String f, IFilterConverter c) 
-        throws EBaseException {
+    private String getFilterItem(String f, IFilterConverter c)
+            throws EBaseException {
         f = f.trim();
         int idx = f.indexOf('=');
 
@@ -318,7 +317,7 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
         if (value.indexOf('*') == -1) {
             if (type.equals("objectclass")) {
                 String ldapNames[] = (String[])
-                    mOCclassNames.get(value);
+                        mOCclassNames.get(value);
 
                 if (ldapNames == null)
                     throw new EDBException(
@@ -326,8 +325,8 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
                 String filter = "";
 
                 for (int g = 0; g < ldapNames.length; g++) {
-                    filter += "(objectclass=" + 
-                            ldapNames[g] + ")";	
+                    filter += "(objectclass=" +
+                            ldapNames[g] + ")";
                 }
                 return "&" + filter;
             } else {
@@ -341,14 +340,14 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
     /**
      * Maps object into LDAP attribute set.
      */
-    public void mapObject(IDBObj parent, String name, Object obj, 
-        LDAPAttributeSet attrs) throws EBaseException {
+    public void mapObject(IDBObj parent, String name, Object obj,
+            LDAPAttributeSet attrs) throws EBaseException {
         IDBAttrMapper mapper = (IDBAttrMapper) mAttrufNames.get(
                 name.toLowerCase());
 
         if (mapper == null) {
             return; // no mapper found, just skip this attribute
-        }	
+        }
         mapper.mapObjectToLDAPAttributeSet(parent, name, obj, attrs);
     }
 
@@ -358,10 +357,10 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
      * This method is used for searches, to map the database attributes
      * to LDAP attributes.
      */
-    public String[] getLDAPAttributes(String attrs[]) 
-        throws EBaseException {
+    public String[] getLDAPAttributes(String attrs[])
+            throws EBaseException {
         IDBAttrMapper mapper;
-	    
+
         if (attrs == null)
             return null;
         Vector<String> v = new Vector<String>();
@@ -391,10 +390,9 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
             } else {
                 IDBDynAttrMapper matchingDynAttrMapper = null;
                 // check if a dynamic mapper can handle the attribute
-                for (Iterator<IDBDynAttrMapper> dynMapperIter = mDynAttrMappers.iterator();
-                     dynMapperIter.hasNext();) {
+                for (Iterator<IDBDynAttrMapper> dynMapperIter = mDynAttrMappers.iterator(); dynMapperIter.hasNext();) {
                     IDBDynAttrMapper dynAttrMapper =
-                            (IDBDynAttrMapper)dynMapperIter.next();
+                            (IDBDynAttrMapper) dynMapperIter.next();
                     if (dynAttrMapper.supportsLDAPAttributeName(attrs[i])) {
                         matchingDynAttrMapper = dynAttrMapper;
                         break;
@@ -410,7 +408,7 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
                      * @message DBRegistry: <attr> is not registered
                      */
                     mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB,
-                        ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_DBS_ATTR_NOT_REGISTER", attrs[i]));
+                            ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_DBS_ATTR_NOT_REGISTER", attrs[i]));
                     throw new EDBException(CMS.getLogMessage("CMSCORE_DBS_ATTR_NOT_REGISTER", attrs[i]));
                 }
             }
@@ -427,8 +425,8 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
     /**
      * Creates attribute set from object.
      */
-    public LDAPAttributeSet createLDAPAttributeSet(IDBObj obj) 
-        throws EBaseException {
+    public LDAPAttributeSet createLDAPAttributeSet(IDBObj obj)
+            throws EBaseException {
         Enumeration<String> e = obj.getSerializableAttrNames();
         LDAPAttributeSet attrs = new LDAPAttributeSet();
 
@@ -453,7 +451,7 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
      * Creates object from attribute set.
      */
     public IDBObj createObject(LDAPAttributeSet attrs)
-        throws EBaseException {
+            throws EBaseException {
         // map object class attribute to object
         LDAPAttribute attr = attrs.getAttribute("objectclass");
 
@@ -463,7 +461,7 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
 
         // sort the object class values
         @SuppressWarnings("unchecked")
-		Enumeration<String> vals = attr.getStringValues();
+        Enumeration<String> vals = attr.getStringValues();
         Vector<String> v = new Vector<String>();
 
         while (vals.hasMoreElements()) {
@@ -488,15 +486,15 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
             while (ee.hasMoreElements()) {
                 String oname = (String) ee.nextElement();
                 IDBAttrMapper mapper = (IDBAttrMapper)
-                    mAttrufNames.get(
-                        oname.toLowerCase());
+                        mAttrufNames.get(
+                                oname.toLowerCase());
 
                 if (mapper == null) {
                     throw new EDBException(
                             CMS.getUserMessage("CMS_DBS_NO_MAPPER_FOUND", oname));
                 }
-                mapper.mapLDAPAttributeSetToObject(attrs, 
-                    oname, obj);
+                mapper.mapLDAPAttributeSetToObject(attrs,
+                        oname, obj);
             }
             return obj;
         } catch (Exception e) {
@@ -508,7 +506,7 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
              * @message DBRegistry: <attr> is not registered
              */
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB,
-                ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+                    ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
             throw new EDBException(CMS.getUserMessage("CMS_DBS_INVALID_ATTRS"));
         }
     }
@@ -543,7 +541,6 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
     }
 }
 
-
 /**
  * Just a convenient container class.
  */
@@ -556,7 +553,7 @@ class NameAndObject {
         mN = name;
         mO = o;
     }
-	
+
     public String getName() {
         return mN;
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/DBSSession.java b/pki/base/common/src/com/netscape/cmscore/dbs/DBSSession.java
index 5b081d6c..db2f3c4e 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/DBSSession.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/DBSSession.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 
 import netscape.ldap.LDAPAttribute;
@@ -47,14 +46,13 @@ import com.netscape.certsrv.dbs.Modification;
 import com.netscape.certsrv.dbs.ModificationSet;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * A class represents the database session. Operations
  * can be performed with a session.
- *
+ * 
  * Transaction and Caching support can be integrated
  * into session.
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
@@ -66,7 +64,7 @@ public class DBSSession implements IDBSSession {
 
     /**
      * Constructs a database session.
-     *
+     * 
      * @param system the database subsytem
      * @param c the ldap connection
      */
@@ -75,7 +73,7 @@ public class DBSSession implements IDBSSession {
         mConn = c;
         try {
             // no limit
-            mConn.setOption(LDAPv2.SIZELIMIT, Integer.valueOf(0)); 
+            mConn.setOption(LDAPv2.SIZELIMIT, Integer.valueOf(0));
         } catch (LDAPException e) {
         }
     }
@@ -97,18 +95,19 @@ public class DBSSession implements IDBSSession {
 
     /**
      * Adds object to backend database. For example,
+     * 
      * <PRE>
-     *    session.add("cn=123459,o=certificate repository,o=airius.com",
-     * 			certRec);
+     * session.add(&quot;cn=123459,o=certificate repository,o=airius.com&quot;,
+     *             certRec);
      * </PRE>
-     *
+     * 
      * @param name the name of the ldap entry
      * @param obj the DBobj that can be mapped to ldap attrubute set
      */
     public void add(String name, IDBObj obj) throws EBaseException {
         try {
             LDAPAttributeSet attrs = mDBSystem.getRegistry(
-                ).createLDAPAttributeSet(obj);
+                    ).createLDAPAttributeSet(obj);
             LDAPEntry e = new LDAPEntry(name, attrs);
 
             /*LogDoc
@@ -118,7 +117,7 @@ public class DBSSession implements IDBSSession {
              */
             mConn.add(e);
         } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) 
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE)
                 throw new EDBNotAvailException(
                         CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
             throw new EDBException(CMS.getUserMessage("CMS_DBS_LDAP_OP_FAILURE",
@@ -129,7 +128,7 @@ public class DBSSession implements IDBSSession {
     /**
      * Reads an object from the database.
      * all attributes will be returned
-     *
+     * 
      * @param name the name of the ldap entry
      */
     public IDBObj read(String name) throws EBaseException {
@@ -139,12 +138,12 @@ public class DBSSession implements IDBSSession {
     /**
      * Reads an object from the database, and only populates
      * the selected attributes.
-     *
+     * 
      * @param name the name of the ldap entry
      * @param attrs the attributes to be selected
      */
     public IDBObj read(String name, String attrs[])
-        throws EBaseException {
+            throws EBaseException {
         try {
             String ldapattrs[] = null;
 
@@ -173,10 +172,10 @@ public class DBSSession implements IDBSSession {
              * @message DBSSession: <exception thrown>
              */
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_INFO, "DBSSession: " + e.toString());
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) 
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE)
                 throw new EDBNotAvailException(
                         CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
-            if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) 
+            if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)
                 throw new EDBRecordNotFoundException(
                         CMS.getUserMessage("CMS_DBS_RECORD_NOT_FOUND"));
             throw new EDBException(CMS.getUserMessage("CMS_DBS_LDAP_OP_FAILURE",
@@ -191,7 +190,7 @@ public class DBSSession implements IDBSSession {
         try {
             mConn.delete(name);
         } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) 
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE)
                 throw new EDBNotAvailException(
                         CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
             throw new EDBException(CMS.getUserMessage("CMS_DBS_LDAP_OP_FAILURE",
@@ -203,25 +202,25 @@ public class DBSSession implements IDBSSession {
      * Modify an object in the database.
      */
     public void modify(String name, ModificationSet mods)
-        throws EBaseException {
+            throws EBaseException {
         try {
             LDAPModificationSet ldapMods = new
-                LDAPModificationSet();
+                    LDAPModificationSet();
             Enumeration<?> e = mods.getModifications();
 
             while (e.hasMoreElements()) {
                 Modification mod = (Modification)
-                    e.nextElement();
+                        e.nextElement();
                 LDAPAttributeSet attrs = new LDAPAttributeSet();
 
                 mDBSystem.getRegistry().mapObject(null,
-                    mod.getName(), mod.getValue(), attrs);
+                        mod.getName(), mod.getValue(), attrs);
                 Enumeration<?> e0 = attrs.getAttributes();
 
                 while (e0.hasMoreElements()) {
                     ldapMods.add(toLdapModOp(mod.getOp()),
-                        (LDAPAttribute)
-                        e0.nextElement());
+                            (LDAPAttribute)
+                            e0.nextElement());
                 }
             }
 
@@ -232,7 +231,7 @@ public class DBSSession implements IDBSSession {
              */
             mConn.modify(name, ldapMods);
         } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) 
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE)
                 throw new EDBNotAvailException(
                         CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
             throw new EDBException(CMS.getUserMessage("CMS_DBS_LDAP_OP_FAILURE",
@@ -260,16 +259,16 @@ public class DBSSession implements IDBSSession {
      * filter.
      */
     public IDBSearchResults search(String base, String filter)
-        throws EBaseException {
+            throws EBaseException {
         return search(base, filter, null);
     }
 
     public IDBSearchResults search(String base, String filter, int maxSize)
-        throws EBaseException {
+            throws EBaseException {
         try {
             String ldapattrs[] = null;
             String ldapfilter =
-                mDBSystem.getRegistry().getFilter(filter);
+                    mDBSystem.getRegistry().getFilter(filter);
 
             LDAPSearchConstraints cons = new LDAPSearchConstraints();
 
@@ -281,22 +280,22 @@ public class DBSSession implements IDBSSession {
             return new DBSearchResults(mDBSystem.getRegistry(),
                     res);
         } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) 
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE)
                 throw new EDBNotAvailException(
                         CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
-                // XXX error handling, should not raise exception if
-                // entry not found
+            // XXX error handling, should not raise exception if
+            // entry not found
             throw new EDBException(CMS.getUserMessage("CMS_DBS_LDAP_OP_FAILURE",
                         e.toString()));
         }
     }
 
     public IDBSearchResults search(String base, String filter, int maxSize, int timeLimit)
-        throws EBaseException {
+            throws EBaseException {
         try {
             String ldapattrs[] = null;
             String ldapfilter =
-                mDBSystem.getRegistry().getFilter(filter);
+                    mDBSystem.getRegistry().getFilter(filter);
 
             LDAPSearchConstraints cons = new LDAPSearchConstraints();
 
@@ -309,11 +308,11 @@ public class DBSSession implements IDBSSession {
             return new DBSearchResults(mDBSystem.getRegistry(),
                     res);
         } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) 
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE)
                 throw new EDBNotAvailException(
                         CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
-                // XXX error handling, should not raise exception if
-                // entry not found
+            // XXX error handling, should not raise exception if
+            // entry not found
             throw new EDBException(CMS.getUserMessage("CMS_DBS_LDAP_OP_FAILURE",
                         e.toString()));
         }
@@ -324,7 +323,7 @@ public class DBSSession implements IDBSSession {
      * filter.
      */
     public IDBSearchResults search(String base, String filter,
-        String attrs[]) throws EBaseException {
+            String attrs[]) throws EBaseException {
         try {
             String ldapattrs[] = null;
 
@@ -333,7 +332,7 @@ public class DBSSession implements IDBSSession {
                         ).getLDAPAttributes(attrs);
             }
             String ldapfilter =
-                mDBSystem.getRegistry().getFilter(filter);
+                    mDBSystem.getRegistry().getFilter(filter);
 
             /*LogDoc
              *
@@ -342,26 +341,26 @@ public class DBSSession implements IDBSSession {
              */
             LDAPSearchConstraints cons = new LDAPSearchConstraints();
 
-            cons.setMaxResults(0);            
-			
+            cons.setMaxResults(0);
+
             LDAPSearchResults res = mConn.search(base,
                     LDAPv2.SCOPE_ONE, ldapfilter, ldapattrs, false, cons);
 
             return new DBSearchResults(mDBSystem.getRegistry(),
                     res);
         } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) 
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE)
                 throw new EDBNotAvailException(
                         CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
-                // XXX error handling, should not raise exception if
-                // entry not found
+            // XXX error handling, should not raise exception if
+            // entry not found
             throw new EDBException(CMS.getUserMessage("CMS_DBS_LDAP_OP_FAILURE",
                         e.toString()));
         }
     }
 
     public LDAPSearchResults persistentSearch(String base, String filter, String attrs[])
-        throws EBaseException {
+            throws EBaseException {
         try {
             String ldapattrs[] = null;
             if (attrs != null) {
@@ -369,9 +368,9 @@ public class DBSSession implements IDBSSession {
                         ).getLDAPAttributes(attrs);
             }
             String ldapfilter =
-                mDBSystem.getRegistry().getFilter(filter);
+                    mDBSystem.getRegistry().getFilter(filter);
 
-            Integer version = (Integer)(mConn.getOption(LDAPv2.PROTOCOL_VERSION));
+            Integer version = (Integer) (mConn.getOption(LDAPv2.PROTOCOL_VERSION));
 
             // Only version 3 protocol supports persistent search. 
             if (version.intValue() == 2) {
@@ -384,22 +383,22 @@ public class DBSSession implements IDBSSession {
             boolean returnControls = true;
             boolean isCritical = true;
             LDAPPersistSearchControl persistCtrl = new
-              LDAPPersistSearchControl( op, changesOnly,
-              returnControls, isCritical );
+                    LDAPPersistSearchControl(op, changesOnly,
+                            returnControls, isCritical);
 
             LDAPSearchConstraints cons = new LDAPSearchConstraints();
             cons.setBatchSize(0);
-            cons.setServerControls( persistCtrl );
+            cons.setServerControls(persistCtrl);
 
             LDAPSearchResults res = mConn.search(base,
                     LDAPv2.SCOPE_ONE, ldapfilter, ldapattrs, false, cons);
             return res;
         } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) 
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE)
                 throw new EDBNotAvailException(
                         CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
-                // XXX error handling, should not raise exception if
-                // entry not found
+            // XXX error handling, should not raise exception if
+            // entry not found
             throw new EDBException(CMS.getUserMessage("CMS_DBS_LDAP_OP_FAILURE",
                         e.toString()));
         }
@@ -409,7 +408,7 @@ public class DBSSession implements IDBSSession {
      * Retrieves a list of objects.
      */
     public <T> IDBVirtualList<T> createVirtualList(String base, String filter,
-        String attrs[]) throws EBaseException {
+            String attrs[]) throws EBaseException {
         return new DBVirtualList<T>(mDBSystem.getRegistry(), mConn, base,
                 filter, attrs);
     }
@@ -418,7 +417,7 @@ public class DBSSession implements IDBSSession {
      * Retrieves a list of objects.
      */
     public <T> IDBVirtualList<T> createVirtualList(String base, String filter,
-        String attrs[], String sortKey[]) throws EBaseException {
+            String attrs[], String sortKey[]) throws EBaseException {
         return new DBVirtualList<T>(mDBSystem.getRegistry(), mConn, base,
                 filter, attrs, sortKey);
     }
@@ -427,7 +426,7 @@ public class DBSSession implements IDBSSession {
      * Retrieves a list of objects.
      */
     public IDBVirtualList<?> createVirtualList(String base, String filter,
-        String attrs[], String sortKey) throws EBaseException {
+            String attrs[], String sortKey) throws EBaseException {
         return new DBVirtualList<Object>(mDBSystem.getRegistry(), mConn, base,
                 filter, attrs, sortKey);
     }
@@ -436,7 +435,7 @@ public class DBSSession implements IDBSSession {
      * Retrieves a list of objects.
      */
     public IDBVirtualList<?> createVirtualList(String base, String filter,
-        String attrs[], String sortKey[], int pageSize) throws EBaseException {
+            String attrs[], String sortKey[], int pageSize) throws EBaseException {
         return new DBVirtualList<Object>(mDBSystem.getRegistry(), mConn, base,
                 filter, attrs, sortKey, pageSize);
     }
@@ -445,13 +444,13 @@ public class DBSSession implements IDBSSession {
      * Retrieves a list of objects.
      */
     public IDBVirtualList<?> createVirtualList(String base, String filter,
-        String attrs[], String sortKey, int pageSize) throws EBaseException {
+            String attrs[], String sortKey, int pageSize) throws EBaseException {
         return new DBVirtualList<Object>(mDBSystem.getRegistry(), mConn, base,
                 filter, attrs, sortKey, pageSize);
     }
 
     public IDBVirtualList<?> createVirtualList(String base, String filter,
-        String attrs[], String startFrom, String sortKey, int pageSize) throws EBaseException {
+            String attrs[], String startFrom, String sortKey, int pageSize) throws EBaseException {
         return new DBVirtualList<Object>(mDBSystem.getRegistry(), mConn, base,
                 filter, attrs, startFrom, sortKey, pageSize);
 
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/DBSUtil.java b/pki/base/common/src/com/netscape/cmscore/dbs/DBSUtil.java
index 123fb847..7c551b14 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/DBSUtil.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/DBSUtil.java
@@ -17,16 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
-
-
 /**
  * A class represents ann attribute mapper that maps
  * a Java BigInteger object into LDAP attribute,
  * and vice versa.
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class DBSUtil {
 
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/DBSearchResults.java b/pki/base/common/src/com/netscape/cmscore/dbs/DBSearchResults.java
index 8b5098dc..0621701b 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/DBSearchResults.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/DBSearchResults.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 
 import netscape.ldap.LDAPEntry;
@@ -27,15 +26,14 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.dbs.IDBRegistry;
 import com.netscape.certsrv.dbs.IDBSearchResults;
 import com.netscape.certsrv.logging.ILogger;
- 
 
 /**
  * A class represents the search results. A search
  * results object contain a enumeration of
  * Java objects that are just read from the database.
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class DBSearchResults implements IDBSearchResults {
 
@@ -71,13 +69,13 @@ public class DBSearchResults implements IDBSearchResults {
                 entry = (LDAPEntry) o;
                 return mRegistry.createObject(entry.getAttributeSet());
             } else {
-                if (o instanceof LDAPException) 
+                if (o instanceof LDAPException)
                     ;
-                    // doing nothing because the last object in the search
-                    // results is always LDAPException
+                // doing nothing because the last object in the search
+                // results is always LDAPException
                 else
                     mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB,
-                      ILogger.LL_FAILURE, "DBSearchResults: result format error class=" + o.getClass().getName());
+                            ILogger.LL_FAILURE, "DBSearchResults: result format error class=" + o.getClass().getName());
             }
         } catch (Exception e) {
 
@@ -88,7 +86,7 @@ public class DBSearchResults implements IDBSearchResults {
              * @message DBSearchResults: <exception thrown>
              */
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB,
-                ILogger.LL_FAILURE, "DBSearchResults: " + e.toString());
+                    ILogger.LL_FAILURE, "DBSearchResults: " + e.toString());
         }
         return null;
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/DBSubsystem.java b/pki/base/common/src/com/netscape/cmscore/dbs/DBSubsystem.java
index 3208a23d..be26c036 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/DBSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/DBSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.util.Hashtable;
 
@@ -53,17 +52,16 @@ import com.netscape.cmscore.ldapconn.LdapAuthInfo;
 import com.netscape.cmscore.ldapconn.LdapBoundConnFactory;
 import com.netscape.cmscore.ldapconn.LdapConnInfo;
 
-
 /**
  * A class represents the database subsystem that manages
  * the backend data storage.
- *
+ * 
  * This subsystem maintains multiple sessions that allows
  * operations to be performed, and provide a registry
  * where all the schema information is stored.
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class DBSubsystem implements IDBSubsystem {
 
@@ -98,40 +96,40 @@ public class DBSubsystem implements IDBSubsystem {
     private static final String KR_DN = "ou=keyRepository, ou=kra";
     private static final String KRA_REQUESTS_DN = "ou=kra, ou=requests";
     private static final String REPLICA_DN = "ou=replica";
-    private static final String PROP_ENABLE_SERIAL_NUMBER_RECOVERY = 
-        "enableSerialNumberRecovery";
+    private static final String PROP_ENABLE_SERIAL_NUMBER_RECOVERY =
+            "enableSerialNumberRecovery";
     // This value is only equal to the next Serial number that the CA's
     // going to issue when cms just start up or it's just set from console.
     // It doesn't record the next serial number at other time when cms's
     // runing not to increase overhead when issuing certs.
-    private static final String PROP_NEXT_SERIAL_NUMBER = 
-        "nextSerialNumber";
-    private static final String PROP_MIN_SERIAL_NUMBER="beginSerialNumber";
+    private static final String PROP_NEXT_SERIAL_NUMBER =
+            "nextSerialNumber";
+    private static final String PROP_MIN_SERIAL_NUMBER = "beginSerialNumber";
     private static final String PROP_MAX_SERIAL_NUMBER = "endSerialNumber";
-    private static final String PROP_NEXT_MIN_SERIAL_NUMBER="nextBeginSerialNumber";
-    private static final String PROP_NEXT_MAX_SERIAL_NUMBER ="nextEndSerialNumber";
-    private static final String PROP_SERIAL_LOW_WATER_MARK="serialLowWaterMark";
-    private static final String PROP_SERIAL_INCREMENT="serialIncrement";
-    private static final String PROP_SERIAL_BASEDN="serialDN";
-    private static final String PROP_SERIAL_RANGE_DN="serialRangeDN";
-
-    private static final String PROP_MIN_REQUEST_NUMBER="beginRequestNumber";
-    private static final String PROP_MAX_REQUEST_NUMBER="endRequestNumber";
-    private static final String PROP_NEXT_MIN_REQUEST_NUMBER="nextBeginRequestNumber";
-    private static final String PROP_NEXT_MAX_REQUEST_NUMBER="nextEndRequestNumber";
-    private static final String PROP_REQUEST_LOW_WATER_MARK="requestLowWaterMark";
-    private static final String PROP_REQUEST_INCREMENT="requestIncrement";
-    private static final String PROP_REQUEST_BASEDN="requestDN";
-    private static final String PROP_REQUEST_RANGE_DN="requestRangeDN";
-
-    private static final String PROP_MIN_REPLICA_NUMBER="beginReplicaNumber";
+    private static final String PROP_NEXT_MIN_SERIAL_NUMBER = "nextBeginSerialNumber";
+    private static final String PROP_NEXT_MAX_SERIAL_NUMBER = "nextEndSerialNumber";
+    private static final String PROP_SERIAL_LOW_WATER_MARK = "serialLowWaterMark";
+    private static final String PROP_SERIAL_INCREMENT = "serialIncrement";
+    private static final String PROP_SERIAL_BASEDN = "serialDN";
+    private static final String PROP_SERIAL_RANGE_DN = "serialRangeDN";
+
+    private static final String PROP_MIN_REQUEST_NUMBER = "beginRequestNumber";
+    private static final String PROP_MAX_REQUEST_NUMBER = "endRequestNumber";
+    private static final String PROP_NEXT_MIN_REQUEST_NUMBER = "nextBeginRequestNumber";
+    private static final String PROP_NEXT_MAX_REQUEST_NUMBER = "nextEndRequestNumber";
+    private static final String PROP_REQUEST_LOW_WATER_MARK = "requestLowWaterMark";
+    private static final String PROP_REQUEST_INCREMENT = "requestIncrement";
+    private static final String PROP_REQUEST_BASEDN = "requestDN";
+    private static final String PROP_REQUEST_RANGE_DN = "requestRangeDN";
+
+    private static final String PROP_MIN_REPLICA_NUMBER = "beginReplicaNumber";
     private static final String PROP_MAX_REPLICA_NUMBER = "endReplicaNumber";
-    private static final String PROP_NEXT_MIN_REPLICA_NUMBER="nextBeginReplicaNumber";
-    private static final String PROP_NEXT_MAX_REPLICA_NUMBER ="nextEndReplicaNumber";
-    private static final String PROP_REPLICA_LOW_WATER_MARK="replicaLowWaterMark";
-    private static final String PROP_REPLICA_INCREMENT="replicaIncrement";
-    private static final String PROP_REPLICA_BASEDN="replicaDN";
-    private static final String PROP_REPLICA_RANGE_DN="replicaRangeDN";
+    private static final String PROP_NEXT_MIN_REPLICA_NUMBER = "nextBeginReplicaNumber";
+    private static final String PROP_NEXT_MAX_REPLICA_NUMBER = "nextEndReplicaNumber";
+    private static final String PROP_REPLICA_LOW_WATER_MARK = "replicaLowWaterMark";
+    private static final String PROP_REPLICA_INCREMENT = "replicaIncrement";
+    private static final String PROP_REPLICA_BASEDN = "replicaDN";
+    private static final String PROP_REPLICA_RANGE_DN = "replicaRangeDN";
 
     private static final String PROP_INFINITE_SERIAL_NUMBER = "1000000000";
     private static final String PROP_INFINITE_REQUEST_NUMBER = "1000000000";
@@ -140,27 +138,27 @@ public class DBSubsystem implements IDBSubsystem {
     private static final String PROP_LDAP = "ldap";
     private static final String PROP_NEXT_RANGE = "nextRange";
     private static final String PROP_ENABLE_SERIAL_MGMT = "enableSerialManagement";
-    
+
     // hash keys
-    private static final String NAME="name";
-    private static final String PROP_MIN="min";
-    private static final String PROP_MIN_NAME="min_name";
+    private static final String NAME = "name";
+    private static final String PROP_MIN = "min";
+    private static final String PROP_MIN_NAME = "min_name";
     private static final String PROP_MAX = "max";
     private static final String PROP_MAX_NAME = "max_name";
-    private static final String PROP_NEXT_MIN="next_min";
-    private static final String PROP_NEXT_MIN_NAME="next_min_name";
+    private static final String PROP_NEXT_MIN = "next_min";
+    private static final String PROP_NEXT_MIN_NAME = "next_min_name";
     private static final String PROP_NEXT_MAX = "next_max";
     private static final String PROP_NEXT_MAX_NAME = "next_max_name";
-    private static final String PROP_LOW_WATER_MARK="lowWaterMark";
-    private static final String PROP_LOW_WATER_MARK_NAME="lowWaterMark_name";
+    private static final String PROP_LOW_WATER_MARK = "lowWaterMark";
+    private static final String PROP_LOW_WATER_MARK_NAME = "lowWaterMark_name";
     private static final String PROP_INCREMENT = "increment";
     private static final String PROP_INCREMENT_NAME = "increment_name";
-    private static final String PROP_RANGE_DN="rangeDN";
+    private static final String PROP_RANGE_DN = "rangeDN";
 
     private static final BigInteger BI_ONE = new BigInteger("1");
 
     private ILogger mLogger = null;
- 
+
     // singleton enforcement
 
     private static IDBSubsystem mInstance = new DBSubsystem();
@@ -170,9 +168,10 @@ public class DBSubsystem implements IDBSubsystem {
     }
 
     /**
-     * This method is used for unit tests.  It allows the underlying instance
+     * This method is used for unit tests. It allows the underlying instance
      * to be stubbed out.
-     * @param dbSubsystem  The stubbed out subsystem to override with.
+     * 
+     * @param dbSubsystem The stubbed out subsystem to override with.
      */
     public static void setInstance(IDBSubsystem dbSubsystem) {
         mInstance = dbSubsystem;
@@ -191,7 +190,7 @@ public class DBSubsystem implements IDBSubsystem {
      */
     public String getId() {
         return IDBSubsystem.SUB_ID;
-    }	
+    }
 
     /**
      * Sets subsystem identifier.
@@ -214,14 +213,14 @@ public class DBSubsystem implements IDBSubsystem {
         return mEnableSerialMgmt;
     }
 
-    public void setEnableSerialMgmt(boolean v) 
-        throws EBaseException {
+    public void setEnableSerialMgmt(boolean v)
+            throws EBaseException {
         if (v) {
             CMS.debug("DBSubsystem: Enabling Serial Number Management");
         } else {
             CMS.debug("DBSubsystem: Disabling Serial Number Management");
         }
-       
+
         mDBConfig.putBoolean(PROP_ENABLE_SERIAL_MGMT, v);
         IConfigStore rootStore = getOwner().getConfigStore();
         rootStore.commit(false);
@@ -232,30 +231,29 @@ public class DBSubsystem implements IDBSubsystem {
         return mNextSerialConfig;
     }
 
-    public void setNextSerialConfig(BigInteger serial) 
-        throws EBaseException {
+    public void setNextSerialConfig(BigInteger serial)
+            throws EBaseException {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB,
-            ILogger.LL_INFO, "DBSubsystem: " +
-            "Setting next serial number: 0x" + serial.toString(16));
+                ILogger.LL_INFO, "DBSubsystem: " +
+                        "Setting next serial number: 0x" + serial.toString(16));
         mDBConfig.putString(PROP_NEXT_SERIAL_NUMBER,
-            serial.toString(16));
+                serial.toString(16));
     }
 
     /**
      * Gets minimum serial number limit in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return min serial number
      */
-    public String getMinSerialConfig(int repo)
-    {
+    public String getMinSerialConfig(int repo) {
         return (String) (mRepos[repo]).get(PROP_MIN);
     }
 
     /**
      * Gets maximum serial number limit in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return max serial number
      */
     public String getMaxSerialConfig(int repo) {
@@ -264,41 +262,38 @@ public class DBSubsystem implements IDBSubsystem {
 
     /**
      * Gets minimum serial number limit in next range in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return min serial number in next range
      */
-    public String getNextMinSerialConfig(int repo)
-    {
+    public String getNextMinSerialConfig(int repo) {
         String ret = (String) (mRepos[repo]).get(PROP_NEXT_MIN);
         if (ret.equals("-1")) {
             return null;
-        }
-        else {
+        } else {
             return ret;
         }
     }
 
     /**
      * Gets maximum serial number limit in next range in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return max serial number in next range
      */
     public String getNextMaxSerialConfig(int repo) {
         String ret = (String) (mRepos[repo]).get(PROP_NEXT_MAX);
         if (ret.equals("-1")) {
             return null;
-        }
-        else {
+        } else {
             return ret;
         }
     }
 
     /**
      * Gets low water mark limit in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return low water mark
      */
     public String getLowWaterMarkConfig(int repo) {
@@ -307,24 +302,23 @@ public class DBSubsystem implements IDBSubsystem {
 
     /**
      * Gets range increment for next range in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return range increment
      */
-    public String getIncrementConfig(int repo)
-    {
+    public String getIncrementConfig(int repo) {
         return (String) (mRepos[repo]).get(PROP_INCREMENT);
     }
 
     /**
      * Sets maximum serial number limit in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @param serial max serial number
-     * @exception  EBaseException failed to set
+     * @exception EBaseException failed to set
      */
-    public void setMaxSerialConfig(int repo, String serial) 
-        throws EBaseException {
+    public void setMaxSerialConfig(int repo, String serial)
+            throws EBaseException {
         Hashtable h = mRepos[repo];
         CMS.debug("DBSubsystem: Setting max serial number for " + h.get(NAME) + ": " + serial);
 
@@ -339,13 +333,13 @@ public class DBSubsystem implements IDBSubsystem {
 
     /**
      * Sets minimum serial number limit in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @param serial min serial number
-     * @exception  EBaseException failed to set
+     * @exception EBaseException failed to set
      */
-    public void setMinSerialConfig(int repo, String serial) 
-        throws EBaseException {
+    public void setMinSerialConfig(int repo, String serial)
+            throws EBaseException {
         Hashtable h = mRepos[repo];
         CMS.debug("DBSubsystem: Setting min serial number for " + h.get(NAME) + ": " + serial);
 
@@ -360,13 +354,13 @@ public class DBSubsystem implements IDBSubsystem {
 
     /**
      * Sets maximum serial number limit for next range in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @param serial max serial number for next range
-     * @exception  EBaseException failed to set
+     * @exception EBaseException failed to set
      */
-    public void setNextMaxSerialConfig(int repo, String serial) 
-        throws EBaseException {
+    public void setNextMaxSerialConfig(int repo, String serial)
+            throws EBaseException {
         Hashtable h = mRepos[repo];
         if (serial == null) {
             CMS.debug("DBSubsystem: Removing next max " + h.get(NAME) + " number");
@@ -387,13 +381,13 @@ public class DBSubsystem implements IDBSubsystem {
 
     /**
      * Sets minimum serial number limit for next range in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @param serial min serial number for next range
-     * @exception  EBaseException failed to set
+     * @exception EBaseException failed to set
      */
     public void setNextMinSerialConfig(int repo, String serial)
-        throws EBaseException {
+            throws EBaseException {
         Hashtable h = mRepos[repo];
         if (serial == null) {
             CMS.debug("DBSubsystem: Removing next min " + h.get(NAME) + " number");
@@ -405,9 +399,9 @@ public class DBSubsystem implements IDBSubsystem {
         IConfigStore rootStore = getOwner().getConfigStore();
         rootStore.commit(false);
         if (serial == null) {
-           Object o2 = h.remove(PROP_NEXT_MIN);
+            Object o2 = h.remove(PROP_NEXT_MIN);
         } else {
-           h.put(PROP_NEXT_MIN, serial);
+            h.put(PROP_NEXT_MIN, serial);
         }
         mRepos[repo] = h;
     }
@@ -416,8 +410,8 @@ public class DBSubsystem implements IDBSubsystem {
      * Gets start of next range from database.
      * Increments the nextRange attribute and allocates
      * this range to the current instance by creating a pkiRange object.
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return start of next range
      */
     public String getNextRange(int repo) {
@@ -430,28 +424,28 @@ public class DBSubsystem implements IDBSubsystem {
             String rangeDN = (String) h.get(PROP_RANGE_DN) + "," + mBaseDN;
 
             LDAPEntry entry = conn.read(dn);
-            LDAPAttribute attr =  entry.getAttribute(PROP_NEXT_RANGE);
+            LDAPAttribute attr = entry.getAttribute(PROP_NEXT_RANGE);
             nextRange = (String) attr.getStringValues().nextElement();
 
             BigInteger nextRangeNo = new BigInteger(nextRange);
             BigInteger incrementNo = new BigInteger((String) h.get(PROP_INCREMENT));
             // To make sure attrNextRange always increments, first delete the current value and then 
             // increment.  Two operations in the same transaction 
-            LDAPAttribute attrNextRange = new LDAPAttribute(PROP_NEXT_RANGE,  nextRangeNo.add(incrementNo).toString());
-            LDAPModification [] mods = {
-                new LDAPModification( LDAPModification.DELETE, attr), 
-                new LDAPModification( LDAPModification.ADD, attrNextRange ) };
-            conn.modify( dn, mods );
+            LDAPAttribute attrNextRange = new LDAPAttribute(PROP_NEXT_RANGE, nextRangeNo.add(incrementNo).toString());
+            LDAPModification[] mods = {
+                    new LDAPModification(LDAPModification.DELETE, attr),
+                    new LDAPModification(LDAPModification.ADD, attrNextRange) };
+            conn.modify(dn, mods);
 
             // Add new range object
             String endRange = nextRangeNo.add(incrementNo).subtract(BI_ONE).toString();
             LDAPAttributeSet attrs = new LDAPAttributeSet();
             attrs.add(new LDAPAttribute("objectClass", "top"));
             attrs.add(new LDAPAttribute("objectClass", "pkiRange"));
-            attrs.add(new LDAPAttribute("beginRange" , nextRange));
-            attrs.add(new LDAPAttribute("endRange" , endRange));
+            attrs.add(new LDAPAttribute("beginRange", nextRange));
+            attrs.add(new LDAPAttribute("endRange", endRange));
             attrs.add(new LDAPAttribute("cn", nextRange));
-            attrs.add(new LDAPAttribute("host",  CMS.getEESSLHost()));
+            attrs.add(new LDAPAttribute("host", CMS.getEESSLHost()));
             attrs.add(new LDAPAttribute("securePort", CMS.getEESSLPort()));
             String dn2 = "cn=" + nextRange + "," + rangeDN;
             LDAPEntry rangeEntry = new LDAPEntry(dn2, attrs);
@@ -462,12 +456,11 @@ public class DBSubsystem implements IDBSubsystem {
             nextRange = null;
         } finally {
             try {
-                if ((conn != null) && (mLdapConnFactory!= null)) {
+                if ((conn != null) && (mLdapConnFactory != null)) {
                     CMS.debug("Releasing ldap connection");
                     mLdapConnFactory.returnConn(conn);
                 }
-            }
-            catch (Exception e) {
+            } catch (Exception e) {
                 CMS.debug("Error releasing the ldap connection" + e.toString());
             }
         }
@@ -477,29 +470,28 @@ public class DBSubsystem implements IDBSubsystem {
     /**
      * Determines if a range conflict has been observed in database.
      * If so, delete the conflict entry and remove the next range.
-     * When the next number is requested, if the number of certs is still 
+     * When the next number is requested, if the number of certs is still
      * below the low water mark, then a new range will be requested.
      * 
-     * @param repo   repo identifier 
+     * @param repo repo identifier
      * @return true if range conflict, false otherwise
      */
-    public boolean hasRangeConflict(int repo) 
-    {
+    public boolean hasRangeConflict(int repo) {
         LDAPConnection conn = null;
         boolean conflict = false;
         try {
             String nextRangeStart = getNextMinSerialConfig(repo);
-            if (nextRangeStart == null) { 
+            if (nextRangeStart == null) {
                 return false;
             }
             Hashtable h = mRepos[repo];
             conn = mLdapConnFactory.getConn();
             String rangedn = (String) h.get(PROP_RANGE_DN) + "," + mBaseDN;
             String filter = "(&(nsds5ReplConflict=*)(objectClass=pkiRange)(host= " +
-                CMS.getEESSLHost() + ")(SecurePort=" + CMS.getEESSLPort() +
-                ")(beginRange=" + nextRangeStart + "))";
+                    CMS.getEESSLHost() + ")(SecurePort=" + CMS.getEESSLPort() +
+                    ")(beginRange=" + nextRangeStart + "))";
             LDAPSearchResults results = conn.search(rangedn, LDAPv3.SCOPE_SUB,
-                filter, null, false);
+                    filter, null, false);
 
             while (results.hasMoreElements()) {
                 conflict = true;
@@ -513,12 +505,11 @@ public class DBSubsystem implements IDBSubsystem {
             e.printStackTrace();
         } finally {
             try {
-                if ((conn != null) && (mLdapConnFactory!= null)) {
+                if ((conn != null) && (mLdapConnFactory != null)) {
                     CMS.debug("Releasing ldap connection");
                     mLdapConnFactory.returnConn(conn);
                 }
-            }
-            catch (Exception e) {
+            } catch (Exception e) {
                 CMS.debug("Error releasing the ldap connection" + e.toString());
             }
         }
@@ -530,14 +521,13 @@ public class DBSubsystem implements IDBSubsystem {
     }
 
     /**
-     * Initializes the internal registery. Connects to the 
-     * data source, and create a pool of connection of which 
+     * Initializes the internal registery. Connects to the
+     * data source, and create a pool of connection of which
      * applications can use. Optionally, check the integrity
      * of the database.
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
-
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
 
         mLogger = CMS.getLogger();
         mDBConfig = config;
@@ -548,110 +538,109 @@ public class DBSubsystem implements IDBSubsystem {
         try {
             mBaseDN = mConfig.getString(PROP_BASEDN, "o=NetscapeCertificateServer");
 
-            mOwner = owner; 
+            mOwner = owner;
 
             mNextSerialConfig = new BigInteger(mDBConfig.getString(
-                PROP_NEXT_SERIAL_NUMBER, "0"), 16);
+                    PROP_NEXT_SERIAL_NUMBER, "0"), 16);
 
             mEnableSerialMgmt = mDBConfig.getBoolean(PROP_ENABLE_SERIAL_MGMT, false);
 
             // populate the certs hash entry
             Hashtable certs = new Hashtable();
             certs.put(NAME, "certs");
-            certs.put(PROP_BASEDN, mDBConfig.getString(PROP_SERIAL_BASEDN,"")); 
+            certs.put(PROP_BASEDN, mDBConfig.getString(PROP_SERIAL_BASEDN, ""));
             certs.put(PROP_RANGE_DN, mDBConfig.getString(PROP_SERIAL_RANGE_DN, ""));
 
             certs.put(PROP_MIN_NAME, PROP_MIN_SERIAL_NUMBER);
             certs.put(PROP_MIN, mDBConfig.getString(
-                PROP_MIN_SERIAL_NUMBER, "0"));
+                    PROP_MIN_SERIAL_NUMBER, "0"));
 
             certs.put(PROP_MAX_NAME, PROP_MAX_SERIAL_NUMBER);
             certs.put(PROP_MAX, mDBConfig.getString(
-                PROP_MAX_SERIAL_NUMBER, PROP_INFINITE_SERIAL_NUMBER));
+                    PROP_MAX_SERIAL_NUMBER, PROP_INFINITE_SERIAL_NUMBER));
 
             certs.put(PROP_NEXT_MIN_NAME, PROP_NEXT_MIN_SERIAL_NUMBER);
             certs.put(PROP_NEXT_MIN, mDBConfig.getString(
-                PROP_NEXT_MIN_SERIAL_NUMBER, "-1"));
+                    PROP_NEXT_MIN_SERIAL_NUMBER, "-1"));
 
             certs.put(PROP_NEXT_MAX_NAME, PROP_NEXT_MAX_SERIAL_NUMBER);
             certs.put(PROP_NEXT_MAX, mDBConfig.getString(
-                PROP_NEXT_MAX_SERIAL_NUMBER, "-1"));
+                    PROP_NEXT_MAX_SERIAL_NUMBER, "-1"));
 
             certs.put(PROP_LOW_WATER_MARK_NAME, PROP_SERIAL_LOW_WATER_MARK);
             certs.put(PROP_LOW_WATER_MARK, mDBConfig.getString(
-                PROP_SERIAL_LOW_WATER_MARK, "5000"));
+                    PROP_SERIAL_LOW_WATER_MARK, "5000"));
 
             certs.put(PROP_INCREMENT_NAME, PROP_SERIAL_INCREMENT);
             certs.put(PROP_INCREMENT, mDBConfig.getString(
-                PROP_SERIAL_INCREMENT, PROP_INFINITE_SERIAL_NUMBER));
+                    PROP_SERIAL_INCREMENT, PROP_INFINITE_SERIAL_NUMBER));
 
-            mRepos[CERTS]=certs;
+            mRepos[CERTS] = certs;
 
             // populate the requests hash entry
             Hashtable requests = new Hashtable();
             requests.put(NAME, "requests");
-            requests.put(PROP_BASEDN, mDBConfig.getString(PROP_REQUEST_BASEDN,""));
+            requests.put(PROP_BASEDN, mDBConfig.getString(PROP_REQUEST_BASEDN, ""));
             requests.put(PROP_RANGE_DN, mDBConfig.getString(PROP_REQUEST_RANGE_DN, ""));
 
             requests.put(PROP_MIN_NAME, PROP_MIN_REQUEST_NUMBER);
             requests.put(PROP_MIN, mDBConfig.getString(
-                PROP_MIN_REQUEST_NUMBER, "0"));
+                    PROP_MIN_REQUEST_NUMBER, "0"));
 
             requests.put(PROP_MAX_NAME, PROP_MAX_REQUEST_NUMBER);
             requests.put(PROP_MAX, mDBConfig.getString(
-                PROP_MAX_REQUEST_NUMBER, PROP_INFINITE_REQUEST_NUMBER));
+                    PROP_MAX_REQUEST_NUMBER, PROP_INFINITE_REQUEST_NUMBER));
 
             requests.put(PROP_NEXT_MIN_NAME, PROP_NEXT_MIN_REQUEST_NUMBER);
             requests.put(PROP_NEXT_MIN, mDBConfig.getString(
-                PROP_NEXT_MIN_REQUEST_NUMBER, "-1"));
+                    PROP_NEXT_MIN_REQUEST_NUMBER, "-1"));
 
             requests.put(PROP_NEXT_MAX_NAME, PROP_NEXT_MAX_REQUEST_NUMBER);
             requests.put(PROP_NEXT_MAX, mDBConfig.getString(
-                PROP_NEXT_MAX_REQUEST_NUMBER, "-1"));
+                    PROP_NEXT_MAX_REQUEST_NUMBER, "-1"));
 
             requests.put(PROP_LOW_WATER_MARK_NAME, PROP_REQUEST_LOW_WATER_MARK);
             requests.put(PROP_LOW_WATER_MARK, mDBConfig.getString(
-                PROP_REQUEST_LOW_WATER_MARK, "5000"));
+                    PROP_REQUEST_LOW_WATER_MARK, "5000"));
 
             requests.put(PROP_INCREMENT_NAME, PROP_REQUEST_INCREMENT);
             requests.put(PROP_INCREMENT, mDBConfig.getString(
-                PROP_REQUEST_INCREMENT, PROP_INFINITE_REQUEST_NUMBER));
+                    PROP_REQUEST_INCREMENT, PROP_INFINITE_REQUEST_NUMBER));
 
             mRepos[REQUESTS] = requests;
 
             // populate replica ID hash entry
             Hashtable replicaID = new Hashtable();
             replicaID.put(NAME, "requests");
-            replicaID.put(PROP_BASEDN, mDBConfig.getString(PROP_REPLICA_BASEDN,""));
+            replicaID.put(PROP_BASEDN, mDBConfig.getString(PROP_REPLICA_BASEDN, ""));
             replicaID.put(PROP_RANGE_DN, mDBConfig.getString(PROP_REPLICA_RANGE_DN, ""));
 
             replicaID.put(PROP_MIN_NAME, PROP_MIN_REPLICA_NUMBER);
             replicaID.put(PROP_MIN, mDBConfig.getString(
-                PROP_MIN_REPLICA_NUMBER, "1"));
+                    PROP_MIN_REPLICA_NUMBER, "1"));
 
             replicaID.put(PROP_MAX_NAME, PROP_MAX_REPLICA_NUMBER);
             replicaID.put(PROP_MAX, mDBConfig.getString(
-                PROP_MAX_REPLICA_NUMBER, PROP_INFINITE_REPLICA_NUMBER));
+                    PROP_MAX_REPLICA_NUMBER, PROP_INFINITE_REPLICA_NUMBER));
 
             replicaID.put(PROP_NEXT_MIN_NAME, PROP_NEXT_MIN_REPLICA_NUMBER);
             replicaID.put(PROP_NEXT_MIN, mDBConfig.getString(
-                PROP_NEXT_MIN_REPLICA_NUMBER, "-1"));
+                    PROP_NEXT_MIN_REPLICA_NUMBER, "-1"));
 
             replicaID.put(PROP_NEXT_MAX_NAME, PROP_NEXT_MAX_REPLICA_NUMBER);
             replicaID.put(PROP_NEXT_MAX, mDBConfig.getString(
-                PROP_NEXT_MAX_REPLICA_NUMBER, "-1"));
+                    PROP_NEXT_MAX_REPLICA_NUMBER, "-1"));
 
             replicaID.put(PROP_LOW_WATER_MARK_NAME, PROP_REPLICA_LOW_WATER_MARK);
             replicaID.put(PROP_LOW_WATER_MARK, mDBConfig.getString(
-                PROP_REPLICA_LOW_WATER_MARK, "10"));
+                    PROP_REPLICA_LOW_WATER_MARK, "10"));
 
             replicaID.put(PROP_INCREMENT_NAME, PROP_REPLICA_INCREMENT);
             replicaID.put(PROP_INCREMENT, mDBConfig.getString(
-                PROP_REPLICA_INCREMENT, PROP_INFINITE_REPLICA_NUMBER));
+                    PROP_REPLICA_INCREMENT, PROP_INFINITE_REPLICA_NUMBER));
 
             mRepos[REPLICA_ID] = replicaID;
 
-
             // initialize registry
             mRegistry = new DBRegistry();
             mRegistry.init(this, null);
@@ -688,7 +677,7 @@ public class DBSubsystem implements IDBSubsystem {
         try {
             // registers CMS database attributes
             IDBRegistry reg = getRegistry();
-    
+
             String certRecordOC[] = new String[2];
 
             certRecordOC[0] = CertDBSchema.LDAP_OC_TOP;
@@ -696,61 +685,61 @@ public class DBSubsystem implements IDBSubsystem {
 
             if (!reg.isObjectClassRegistered(CertRecord.class.getName())) {
                 reg.registerObjectClass(CertRecord.class.getName(),
-                    certRecordOC);
+                        certRecordOC);
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_ID)) {
                 reg.registerAttribute(CertRecord.ATTR_ID, new
-                    BigIntegerMapper(CertDBSchema.LDAP_ATTR_SERIALNO));
+                        BigIntegerMapper(CertDBSchema.LDAP_ATTR_SERIALNO));
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_META_INFO)) {
                 reg.registerAttribute(CertRecord.ATTR_META_INFO, new
-                    MetaInfoMapper(CertDBSchema.LDAP_ATTR_META_INFO));
+                        MetaInfoMapper(CertDBSchema.LDAP_ATTR_META_INFO));
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_REVO_INFO)) {
                 reg.registerAttribute(CertRecord.ATTR_REVO_INFO, new
-                    RevocationInfoMapper());
+                        RevocationInfoMapper());
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_X509CERT)) {
                 reg.registerAttribute(CertRecord.ATTR_X509CERT, new
-                    X509CertImplMapper());
+                        X509CertImplMapper());
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_CERT_STATUS)) {
                 reg.registerAttribute(CertRecord.ATTR_CERT_STATUS, new
-                    StringMapper(CertDBSchema.LDAP_ATTR_CERT_STATUS));
+                        StringMapper(CertDBSchema.LDAP_ATTR_CERT_STATUS));
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_AUTO_RENEW)) {
                 reg.registerAttribute(CertRecord.ATTR_AUTO_RENEW, new
-                    StringMapper(CertDBSchema.LDAP_ATTR_AUTO_RENEW));
+                        StringMapper(CertDBSchema.LDAP_ATTR_AUTO_RENEW));
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_CREATE_TIME)) {
                 reg.registerAttribute(CertRecord.ATTR_CREATE_TIME, new
-                    DateMapper(CertDBSchema.LDAP_ATTR_CREATE_TIME));
+                        DateMapper(CertDBSchema.LDAP_ATTR_CREATE_TIME));
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_MODIFY_TIME)) {
                 reg.registerAttribute(CertRecord.ATTR_MODIFY_TIME, new
-                    DateMapper(CertDBSchema.LDAP_ATTR_MODIFY_TIME));
+                        DateMapper(CertDBSchema.LDAP_ATTR_MODIFY_TIME));
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_ISSUED_BY)) {
                 reg.registerAttribute(CertRecord.ATTR_ISSUED_BY, new
-                    StringMapper(CertDBSchema.LDAP_ATTR_ISSUED_BY));
+                        StringMapper(CertDBSchema.LDAP_ATTR_ISSUED_BY));
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_REVOKED_BY)) {
                 reg.registerAttribute(CertRecord.ATTR_REVOKED_BY, new
-                    StringMapper(CertDBSchema.LDAP_ATTR_REVOKED_BY));
+                        StringMapper(CertDBSchema.LDAP_ATTR_REVOKED_BY));
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_REVOKED_ON)) {
                 reg.registerAttribute(CertRecord.ATTR_REVOKED_ON, new
-                    DateMapper(CertDBSchema.LDAP_ATTR_REVOKED_ON));
+                        DateMapper(CertDBSchema.LDAP_ATTR_REVOKED_ON));
             }
 
             if (!reg.isAttributeRegistered(CertificateValidity.NOT_AFTER)) {
                 reg.registerAttribute(CertificateValidity.NOT_AFTER, new
-                    DateMapper(CertDBSchema.LDAP_ATTR_NOT_AFTER));
+                        DateMapper(CertDBSchema.LDAP_ATTR_NOT_AFTER));
             }
 
             if (!reg.isAttributeRegistered(CertificateValidity.NOT_BEFORE)) {
                 reg.registerAttribute(CertificateValidity.NOT_BEFORE, new
-                    DateMapper(CertDBSchema.LDAP_ATTR_NOT_BEFORE));
+                        DateMapper(CertDBSchema.LDAP_ATTR_NOT_BEFORE));
             }
 
             String crlRecordOC[] = new String[2];
@@ -758,54 +747,54 @@ public class DBSubsystem implements IDBSubsystem {
             crlRecordOC[0] = CRLDBSchema.LDAP_OC_TOP;
             crlRecordOC[1] = CRLDBSchema.LDAP_OC_CRL_RECORD;
             reg.registerObjectClass(CRLIssuingPointRecord.class.getName(),
-                crlRecordOC);
+                    crlRecordOC);
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_ID, new
-                StringMapper(CRLDBSchema.LDAP_ATTR_CRL_ID));
+                    StringMapper(CRLDBSchema.LDAP_ATTR_CRL_ID));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, new
-                BigIntegerMapper(CRLDBSchema.LDAP_ATTR_CRL_NUMBER));
+                    BigIntegerMapper(CRLDBSchema.LDAP_ATTR_CRL_NUMBER));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_DELTA_NUMBER, new
-                BigIntegerMapper(CRLDBSchema.LDAP_ATTR_DELTA_NUMBER));
+                    BigIntegerMapper(CRLDBSchema.LDAP_ATTR_DELTA_NUMBER));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL_SIZE, new
-                LongMapper(CRLDBSchema.LDAP_ATTR_CRL_SIZE));
+                    LongMapper(CRLDBSchema.LDAP_ATTR_CRL_SIZE));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_DELTA_SIZE, new
-                LongMapper(CRLDBSchema.LDAP_ATTR_DELTA_SIZE));
+                    LongMapper(CRLDBSchema.LDAP_ATTR_DELTA_SIZE));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_THIS_UPDATE, new
-                DateMapper(CRLDBSchema.LDAP_ATTR_THIS_UPDATE));
+                    DateMapper(CRLDBSchema.LDAP_ATTR_THIS_UPDATE));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE, new
-                DateMapper(CRLDBSchema.LDAP_ATTR_NEXT_UPDATE));
+                    DateMapper(CRLDBSchema.LDAP_ATTR_NEXT_UPDATE));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_FIRST_UNSAVED, new
-                StringMapper(CRLDBSchema.LDAP_ATTR_FIRST_UNSAVED));
+                    StringMapper(CRLDBSchema.LDAP_ATTR_FIRST_UNSAVED));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL, new
-                ByteArrayMapper(CRLDBSchema.LDAP_ATTR_CRL));
+                    ByteArrayMapper(CRLDBSchema.LDAP_ATTR_CRL));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_DELTA_CRL, new
-                ByteArrayMapper(CRLDBSchema.LDAP_ATTR_DELTA_CRL));
+                    ByteArrayMapper(CRLDBSchema.LDAP_ATTR_DELTA_CRL));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CA_CERT, new
-                ByteArrayMapper(CRLDBSchema.LDAP_ATTR_CA_CERT));
+                    ByteArrayMapper(CRLDBSchema.LDAP_ATTR_CA_CERT));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL_CACHE, new
-                ObjectStreamMapper(CRLDBSchema.LDAP_ATTR_CRL_CACHE));
+                    ObjectStreamMapper(CRLDBSchema.LDAP_ATTR_CRL_CACHE));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_REVOKED_CERTS, new
-                ObjectStreamMapper(CRLDBSchema.LDAP_ATTR_REVOKED_CERTS));
+                    ObjectStreamMapper(CRLDBSchema.LDAP_ATTR_REVOKED_CERTS));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_UNREVOKED_CERTS, new
-                ObjectStreamMapper(CRLDBSchema.LDAP_ATTR_UNREVOKED_CERTS));
+                    ObjectStreamMapper(CRLDBSchema.LDAP_ATTR_UNREVOKED_CERTS));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_EXPIRED_CERTS, new
-                ObjectStreamMapper(CRLDBSchema.LDAP_ATTR_EXPIRED_CERTS));
+                    ObjectStreamMapper(CRLDBSchema.LDAP_ATTR_EXPIRED_CERTS));
 
             if (!reg.isObjectClassRegistered(
-                RepositoryRecord.class.getName())) {
+                    RepositoryRecord.class.getName())) {
                 String repRecordOC[] = new String[2];
 
                 repRecordOC[0] = RepositorySchema.LDAP_OC_TOP;
                 repRecordOC[1] = RepositorySchema.LDAP_OC_REPOSITORY;
                 reg.registerObjectClass(
-                    RepositoryRecord.class.getName(), repRecordOC);
+                        RepositoryRecord.class.getName(), repRecordOC);
             }
             if (!reg.isAttributeRegistered(IRepositoryRecord.ATTR_SERIALNO)) {
                 reg.registerAttribute(IRepositoryRecord.ATTR_SERIALNO,
-                    new BigIntegerMapper(RepositorySchema.LDAP_ATTR_SERIALNO));
+                        new BigIntegerMapper(RepositorySchema.LDAP_ATTR_SERIALNO));
             }
             if (!reg.isAttributeRegistered(IRepositoryRecord.ATTR_PUB_STATUS)) {
                 reg.registerAttribute(IRepositoryRecord.ATTR_PUB_STATUS,
-                    new StringMapper(RepositorySchema.LDAP_ATTR_PUB_STATUS));
+                        new StringMapper(RepositorySchema.LDAP_ATTR_PUB_STATUS));
             }
 
         } catch (EBaseException e) {
@@ -820,7 +809,7 @@ public class DBSubsystem implements IDBSubsystem {
      */
     public void startup() throws EBaseException {
     }
-	
+
     /**
      * Retrieves configuration store.
      */
@@ -868,9 +857,9 @@ public class DBSubsystem implements IDBSubsystem {
              * @message DBSubsystem: <exception thrown>
              */
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB,
-                ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+                    ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
         }
-        if (mRegistry != null) 
+        if (mRegistry != null)
             mRegistry.shutdown();
     }
 
@@ -905,11 +894,11 @@ public class DBSubsystem implements IDBSubsystem {
                                 LDAPAttributeSchema.cis, false);
                     userType.add(conn);
                 }
- 
+
                 // create new objectclass: cmsuser
                 dirSchema.fetchSchema(conn);
                 LDAPObjectClassSchema newObjClass = dirSchema.getObjectClass("cmsuser");
-                String[] requiredAttrs = {"usertype"};
+                String[] requiredAttrs = { "usertype" };
                 String[] optionalAttrs = new String[0];
 
                 if (newObjClass == null) {
@@ -932,21 +921,21 @@ public class DBSubsystem implements IDBSubsystem {
              *
              * @phase create db session
              */
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_DBS_CONN_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_DBS_CONN_ERROR", e.toString()));
             throw new EDBException(
                     CMS.getUserMessage("CMS_DBS_CONNECT_LDAP_FAILED", e.toString()));
         } catch (LDAPException e) {
             if (e.getLDAPResultCode() != 20) {
                 mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSCORE_DBS_SCHEMA_ERROR", e.toString()));
+                        CMS.getLogMessage("CMSCORE_DBS_SCHEMA_ERROR", e.toString()));
                 throw new EDBException(
                         CMS.getUserMessage("CMS_DBS_ADD_ENTRY_FAILED", e.toString()));
             }
         } catch (EBaseException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR",
-                    e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR",
+                            e.toString()));
         }
         return new DBSSession(this, conn);
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/DBVirtualList.java b/pki/base/common/src/com/netscape/cmscore/dbs/DBVirtualList.java
index ddec63ce..b9f338c4 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/DBVirtualList.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/DBVirtualList.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Arrays;
 import java.util.Vector;
 
@@ -38,12 +37,11 @@ import com.netscape.certsrv.dbs.IDBVirtualList;
 import com.netscape.certsrv.dbs.IElementProcessor;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * A class represents a virtual list of search results.
  * Note that this class must be used with DS4.0.
- *
- * @author thomask 
+ * 
+ * @author thomask
  * @author mzhao
  * @version $Revision$, $Date$
  */
@@ -71,17 +69,17 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
     // the index of the first entry returned
     private int mSelectedIndex = 0;
     private int mJumpToIndex = 0;
-    private int mJumpToInitialIndex = 0;    // Initial index hit in jumpto operation
-    private int mJumpToDirection = 1;         // Do we proceed forward or backwards
-    private String mJumpTo = null;          // Determines if this is the jumpto case
+    private int mJumpToInitialIndex = 0; // Initial index hit in jumpto operation
+    private int mJumpToDirection = 1; // Do we proceed forward or backwards
+    private String mJumpTo = null; // Determines if this is the jumpto case
 
     private ILogger mLogger = CMS.getLogger();
 
     /**
-     * Constructs a virtual list. 
+     * Constructs a virtual list.
      * Be sure to setPageSize() later if your pageSize is not the default 10
      * Be sure to setSortKey() before fetchs
-     *
+     * 
      * param registry the registry of attribute mappers
      * param c the ldap connection. It has to be version 3 and upper
      * param base the base distinguished name to search from
@@ -89,18 +87,18 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
      * param attrs list of attributes that you want returned in the search results
      */
     public DBVirtualList(IDBRegistry registry, LDAPConnection c,
-        String base, String filter, String attrs[]) throws EBaseException {
+            String base, String filter, String attrs[]) throws EBaseException {
         mRegistry = registry;
         mFilter = filter;
         mBase = base;
         mAttrs = attrs;
-        CMS.debug( "In DBVirtualList filter attrs filter: " + filter
-                 + " attrs: " + Arrays.toString( attrs ) );
+        CMS.debug("In DBVirtualList filter attrs filter: " + filter
+                 + " attrs: " + Arrays.toString(attrs));
         mPageControls = new LDAPControl[2];
         try {
             mConn = (LDAPConnection) c.clone();
         } catch (Exception e) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED",
                         e.toString()));
         }
     }
@@ -108,7 +106,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
     /**
      * Constructs a virtual list.
      * Be sure to setPageSize() later if your pageSize is not the default 10
-     *
+     * 
      * param registry the registry of attribute mappers
      * param c the ldap connection. It has to be version 3 and upper
      * param base the base distinguished name to search from
@@ -117,17 +115,17 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
      * param sortKey the attributes to sort by
      */
     public DBVirtualList(IDBRegistry registry, LDAPConnection c,
-        String base, String filter, String attrs[], String sortKey[])
-        throws EBaseException {
+            String base, String filter, String attrs[], String sortKey[])
+            throws EBaseException {
 
-        CMS.debug( "In DBVirtualList filter attrs sotrKey[]  filter: " + filter
-                 + " attrs: " + Arrays.toString( attrs ) );
+        CMS.debug("In DBVirtualList filter attrs sotrKey[]  filter: " + filter
+                 + " attrs: " + Arrays.toString(attrs));
         mRegistry = registry;
         mFilter = filter;
         try {
             mConn = (LDAPConnection) c.clone();
         } catch (Exception e) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED",
                         e.toString()));
         }
         mBase = base;
@@ -139,7 +137,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
     /**
      * Constructs a virtual list.
      * Be sure to setPageSize() later if your pageSize is not the default 10
-     *
+     * 
      * param registry the registry of attribute mappers
      * param c the ldap connection. It has to be version 3 and upper
      * param base the base distinguished name to search from
@@ -148,16 +146,16 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
      * param sortKey the attribute to sort by
      */
     public DBVirtualList(IDBRegistry registry, LDAPConnection c,
-        String base, String filter, String attrs[], String sortKey)
-        throws EBaseException {
+            String base, String filter, String attrs[], String sortKey)
+            throws EBaseException {
 
-        CMS.debug( "In DBVirtualList filter attrs sortKey   filter: " + filter                   + " attrs: " + Arrays.toString( attrs ) );
+        CMS.debug("In DBVirtualList filter attrs sortKey   filter: " + filter + " attrs: " + Arrays.toString(attrs));
         mRegistry = registry;
         mFilter = filter;
         try {
             mConn = (LDAPConnection) c.clone();
         } catch (Exception e) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED",
                         e.toString()));
         }
         mBase = base;
@@ -168,7 +166,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
 
     /**
      * Constructs a virtual list.
-     *
+     * 
      * param registry the registry of attribute mappers
      * param c the ldap connection. It has to be version 3 and upper
      * param base the base distinguished name to search from
@@ -176,21 +174,21 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
      * param attrs list of attributes that you want returned in the search results
      * param sortKey the attributes to sort by
      * param pageSize the size of a page. There is a 3*pageSize buffer maintained so
-     *       pageUp and pageDown won't invoke fetch from ldap server
+     * pageUp and pageDown won't invoke fetch from ldap server
      */
     public DBVirtualList(IDBRegistry registry, LDAPConnection c,
-        String base, String filter, String attrs[], String sortKey[],
-        int pageSize) throws EBaseException {
+            String base, String filter, String attrs[], String sortKey[],
+            int pageSize) throws EBaseException {
 
-        CMS.debug( "In DBVirtualList filter attrs sortKey[] pageSize filter: "
-                 + filter + " attrs: " + Arrays.toString( attrs )
-                 + " pageSize " + pageSize );
+        CMS.debug("In DBVirtualList filter attrs sortKey[] pageSize filter: "
+                 + filter + " attrs: " + Arrays.toString(attrs)
+                 + " pageSize " + pageSize);
         mRegistry = registry;
         mFilter = filter;
         try {
             mConn = (LDAPConnection) c.clone();
         } catch (Exception e) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED",
                         e.toString()));
         }
         mBase = base;
@@ -202,7 +200,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
 
     /**
      * Constructs a virtual list.
-     *
+     * 
      * param registry the registry of attribute mappers
      * param c the ldap connection. It has to be version 3 and upper
      * param base the base distinguished name to search from
@@ -210,15 +208,15 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
      * param attrs list of attributes that you want returned in the search results
      * param sortKey the attribute to sort by
      * param pageSize the size of a page. There is a 3*pageSize buffer maintained so
-     *       pageUp and pageDown won't invoke fetch from ldap server
+     * pageUp and pageDown won't invoke fetch from ldap server
      */
     public DBVirtualList(IDBRegistry registry, LDAPConnection c,
-        String base, String filter, String attrs[], String sortKey,
-        int pageSize) throws EBaseException {
+            String base, String filter, String attrs[], String sortKey,
+            int pageSize) throws EBaseException {
 
-        CMS.debug( "In DBVirtualList filter attrs sortKey pageSize filter: "
-                 + filter + " attrs: " + Arrays.toString( attrs )
-                 + " pageSize " + pageSize );
+        CMS.debug("In DBVirtualList filter attrs sortKey pageSize filter: "
+                 + filter + " attrs: " + Arrays.toString(attrs)
+                 + " pageSize " + pageSize);
         mRegistry = registry;
         mFilter = filter;
         try {
@@ -235,20 +233,20 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
     }
 
     public DBVirtualList(IDBRegistry registry, LDAPConnection c,
-        String base, String filter, String attrs[], 
-        String startFrom, String sortKey,
-        int pageSize) throws EBaseException {
-
-        CMS.debug( "In DBVirtualList filter attrs startFrom sortKey pageSize "
-                 + "filter: " + filter 
-                 + " attrs: " + Arrays.toString( attrs )
-                 + " pageSize " + pageSize + " startFrom " + startFrom );
+            String base, String filter, String attrs[],
+            String startFrom, String sortKey,
+            int pageSize) throws EBaseException {
+
+        CMS.debug("In DBVirtualList filter attrs startFrom sortKey pageSize "
+                 + "filter: " + filter
+                 + " attrs: " + Arrays.toString(attrs)
+                 + " pageSize " + pageSize + " startFrom " + startFrom);
         mRegistry = registry;
         mFilter = filter;
         try {
             mConn = (LDAPConnection) c.clone();
         } catch (Exception e) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED",
                         e.toString()));
         }
         mBase = base;
@@ -260,7 +258,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
 
         if (pageSize < 0) {
             mJumpToDirection = -1;
-        } 
+        }
         mPageSize = pageSize;
 
         mBeforeCount = 0;
@@ -291,7 +289,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
 
     /**
      * set the sort key
-     *
+     * 
      * @param sortKey the attribute to sort by
      */
     public void setSortKey(String sortKey) throws EBaseException {
@@ -303,7 +301,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
 
     /**
      * set the sort key
-     *
+     * 
      * @param sortKey the attributes to sort by
      */
     public void setSortKey(String[] sortKeys) throws EBaseException {
@@ -326,20 +324,20 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
              * @message DBVirtualList: <exception thrown>
              */
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
-                CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+                    CMS.getLogMessage("OPERATION_ERROR", e.toString()));
         }
         // Paged results also require a sort control
         if (mKeys != null) {
             mPageControls[0] =
                     new LDAPSortControl(mKeys, true);
-        }else {
+        } else {
             throw new EBaseException("sort keys cannot be null");
         }
     }
 
     /**
      * Retrieves the size of this virtual list.
-     * Recommend to call getSize() before getElementAt() or getElements() 
+     * Recommend to call getSize() before getElementAt() or getElements()
      * since you'd better check if the index is out of bound first.
      */
     public int getSize() {
@@ -368,7 +366,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
 
                 if (mPageSize < 0) {
                     mBeforeCount = mPageSize * -1;
-                    mAfterCount = 0;  
+                    mAfterCount = 0;
                 }
                 cont = new LDAPVirtualListControl(mJumpTo,
                             mBeforeCount,
@@ -382,21 +380,21 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
         return mSize;
     }
 
-    public  int getSizeBeforeJumpTo() {
+    public int getSizeBeforeJumpTo() {
 
         if (!mInitialized || mJumpTo == null)
             return 0;
 
         int size = 0;
-     
-        if (mJumpToDirection < 0) { 
+
+        if (mJumpToDirection < 0) {
             size = mTop + mEntries.size();
         } else {
             size = mTop;
 
         }
 
-        return size; 
+        return size;
 
     }
 
@@ -410,7 +408,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
         return size;
 
     }
- 
+
     private synchronized boolean getEntries() {
         // Specify necessary controls for vlist
         // LDAPSearchConstraints cons = mConn.getSearchConstraints();
@@ -461,7 +459,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
                 try {
                     //maintain mEntries as vector of LDAPEntry
                     @SuppressWarnings("unchecked")
-					E o = (E)mRegistry.createObject(entry.getAttributeSet());
+                    E o = (E) mRegistry.createObject(entry.getAttributeSet());
 
                     mEntries.addElement(o);
                 } catch (Exception e) {
@@ -475,12 +473,12 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
                      * @message DBVirtualList: <exception thrown>
                      */
                     mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSCORE_DBS_VL_ADD", e.toString()));
+                            CMS.getLogMessage("CMSCORE_DBS_VL_ADD", e.toString()));
                     // #539044
                     damageCounter++;
                     if (damageCounter > 100) {
                         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSCORE_DBS_VL_CORRUPTED_ENTRIES", Integer.toString(damageCounter)));
+                                CMS.getLogMessage("CMSCORE_DBS_VL_CORRUPTED_ENTRIES", Integer.toString(damageCounter)));
                         return false;
                     }
                 }
@@ -496,7 +494,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
             CMS.debug("getEntries: exception " + e);
 
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
-                CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+                    CMS.getLogMessage("OPERATION_ERROR", e.toString()));
         }
         //System.out.println( "Returning " + mEntries.size() +
         //       " entries" );
@@ -515,10 +513,10 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
             if (!getEntries())
                 return false;
 
-                // Check if we have a control returned
+            // Check if we have a control returned
             LDAPControl[] c = mConn.getResponseControls();
             LDAPVirtualListResponse nextCont =
-                LDAPVirtualListResponse.parseResponse(c);
+                    LDAPVirtualListResponse.parseResponse(c);
 
             if (nextCont != null) {
                 mSelectedIndex = nextCont.getFirstPosition() - 1;
@@ -536,7 +534,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
                 //System.out.println( "Virtual window: " + mTop +
                 //       ".." + (mTop+mEntries.size()-1) +
                 //      " of " + mSize );
-            } else { 
+            } else {
                 mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_DBS_VL_NULL_RESPONSE"));
             }
             return true;
@@ -546,14 +544,15 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
         }
     }
 
-    /** Get a page starting at "first" (although we may also fetch
+    /**
+     * Get a page starting at "first" (although we may also fetch
      * some preceding entries)
-     * Recommend to call getSize() before getElementAt() or getElements() 
+     * Recommend to call getSize() before getElementAt() or getElements()
      * since you'd better check if the index is out of bound first.
-     *
+     * 
      * @param first the index of the first entry of the page you want to fetch
      */
-    public  boolean getPage(int first) {
+    public boolean getPage(int first) {
         CMS.debug("getPage " + first);
         if (!mInitialized) {
             LDAPVirtualListControl cont = new LDAPVirtualListControl(0,
@@ -568,17 +567,18 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
         return getPage();
     }
 
-    /** Fetch a buffer
+    /**
+     * Fetch a buffer
      */
-    private  boolean getPage() {
+    private boolean getPage() {
         // Get the actual entries
         if (!getEntries())
             return false;
 
-            // Check if we have a control returned
+        // Check if we have a control returned
         LDAPControl[] c = mConn.getResponseControls();
         LDAPVirtualListResponse nextCont =
-            LDAPVirtualListResponse.parseResponse(c);
+                LDAPVirtualListResponse.parseResponse(c);
 
         if (nextCont != null) {
             mSelectedIndex = nextCont.getFirstPosition() - 1;
@@ -598,38 +598,39 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
              * @phase local ldap search
              */
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSCORE_DBS_VL_NULL_RESPONSE"));
+                    CMS.getLogMessage("CMSCORE_DBS_VL_NULL_RESPONSE"));
         }
         return true;
     }
 
-    /** Called by application to scroll the list with initial letters.
+    /**
+     * Called by application to scroll the list with initial letters.
      * Consider text to be an initial substring of the attribute of the
      * primary sorting key(the first one specified in the sort key array)
      * of an entry.
      * If no entries match, the one just before(or after, if none before)
      * will be returned as mSelectedIndex
-     *
+     * 
      * @param text the prefix of the first entry of the page you want to fetch
      */
     public boolean getPage(String text) {
         mPageControls[1] =
                 new LDAPVirtualListControl(text,
-                    mBeforeCount,
-                    mAfterCount);
+                        mBeforeCount,
+                        mAfterCount);
         //System.out.println( "Setting requested start to " +
         //      text + ", -" + mBeforeCount + ", +" +
         //      mAfterCount );
         return getPage();
     }
 
-    /** 
+    /**
      * fetch data of a single list item
-     * Recommend to call getSize() before getElementAt() or getElements() 
+     * Recommend to call getSize() before getElementAt() or getElements()
      * since you'd better check if the index is out of bound first.
      * If the index is out of range of the virtual list, an exception will be thrown
      * and return null
-     *
+     * 
      * @param index the index of the element to fetch
      */
     public E getElementAt(int index) {
@@ -643,36 +644,36 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
         if (!mInitialized)
             mSize = getSize();
 
-        CMS.debug("getElementAt: " + index + " mTop " + mTop); 
-	    
+        CMS.debug("getElementAt: " + index + " mTop " + mTop);
+
         //System.out.println( "need entry " + index );
         if ((index < 0) || (index >= mSize)) {
             CMS.debug("returning null");
             return null;
         }
 
-        if (mJumpTo != null) {        //Handle the explicit jumpto case
+        if (mJumpTo != null) { //Handle the explicit jumpto case
 
             if (index == 0)
-                mJumpToIndex = 0;      // Keep a running jumpto index for this page of data
+                mJumpToIndex = 0; // Keep a running jumpto index for this page of data
             else
                 mJumpToIndex++;
-         
-                //CMS.debug("getElementAtJT: " + index  +  " mTop " + mTop + " mEntries.size() " + mEntries.size());
- 
-            if ((mJumpToDirection > 0) && (mJumpToInitialIndex + index >= mSize))  // out of data in forward paging jumpto case
+
+            //CMS.debug("getElementAtJT: " + index  +  " mTop " + mTop + " mEntries.size() " + mEntries.size());
+
+            if ((mJumpToDirection > 0) && (mJumpToInitialIndex + index >= mSize)) // out of data in forward paging jumpto case
             {
                 CMS.debug("mJumpTo virtual list exhausted   mTop " + mTop + " mSize " + mSize);
                 return null;
             }
-   
-            if (mJumpToIndex >= mEntries.size())   // In jumpto case, page of data has been exhausted
+
+            if (mJumpToIndex >= mEntries.size()) // In jumpto case, page of data has been exhausted
             {
-                mJumpToIndex = 0;                   // new page will be needed reset running count
+                mJumpToIndex = 0; // new page will be needed reset running count
 
-                if (mJumpToDirection > 0) {                  //proceed in positive direction past hit point
-                    getPage(index + mJumpToInitialIndex + 1); 
-                } else {                                              //proceed backwards from hit point
+                if (mJumpToDirection > 0) { //proceed in positive direction past hit point
+                    getPage(index + mJumpToInitialIndex + 1);
+                } else { //proceed backwards from hit point
                     if (mTop == 0) {
                         getPage(0);
                         CMS.debug("asking for a page less than zero in reverse case, return null");
@@ -681,15 +682,15 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
 
                     CMS.debug("getting page reverse mJumptoIndex  " + mJumpToIndex + " mTop " + mTop);
                     getPage(mTop);
- 
+
                 }
 
             }
 
-            if (mJumpToDirection > 0)     // handle getting entry in forward direction
+            if (mJumpToDirection > 0) // handle getting entry in forward direction
             {
                 return mEntries.elementAt(mJumpToIndex);
-            } else {                            // handle getting entry in reverse direction
+            } else { // handle getting entry in reverse direction
                 int reverse_index = mEntries.size() - mJumpToIndex - 1;
 
                 CMS.debug("reverse direction getting index " + reverse_index);
@@ -704,7 +705,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
 
         //CMS.debug("getElementAt noJumpto: " + index);
 
-        if ((index < mTop) || (index >= mTop + mEntries.size())) {    // handle the non jumpto case
+        if ((index < mTop) || (index >= mTop + mEntries.size())) { // handle the non jumpto case
             //fetch a new page
             //System.out.println( "fetching a page starting at " +
             //        index );
@@ -727,10 +728,10 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
 
     /**
      * This function processes elements as soon as it arrives. It is
-     * more memory-efficient. 
+     * more memory-efficient.
      */
     public void processElements(int startidx, int endidx, IElementProcessor ep)
-        throws EBaseException {
+            throws EBaseException {
 
         /* mSize may not be init at this time! Bad !
          * the caller should really check the index is within bound before this
@@ -739,7 +740,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
         if (!mInitialized)
             mSize = getSize();
 
-            // short-cut the existing code ... :(
+        // short-cut the existing code ... :(
         if (mJumpTo != null) {
             for (int i = startidx; i <= endidx; i++) {
                 Object element = getJumpToElementAt(i);
@@ -753,7 +754,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
         //guess this is what you really mean to try to improve performance
         if (startidx >= endidx) {
             throw new EBaseException("startidx must be less than endidx");
-        }else {
+        } else {
             setPageSize(endidx - startidx);
             getPage(startidx);
         }
@@ -766,14 +767,14 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
         }
     }
 
-    /** 
+    /**
      * get the virutal selected index
      */
     public int getSelectedIndex() {
         return mSelectedIndex;
     }
 
-    /** 
+    /**
      * get the top of the buffer
      */
     public int getFirstIndex() {
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/DateArrayMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/DateArrayMapper.java
index b8df1240..a2dfc9c0 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/DateArrayMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/DateArrayMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Date;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -29,14 +28,13 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
  * A class represents ann attribute mapper that maps
  * a Java Date array object into LDAP attribute,
  * and vice versa.
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class DateArrayMapper implements IDBAttrMapper {
 
@@ -61,9 +59,9 @@ public class DateArrayMapper implements IDBAttrMapper {
     /**
      * Maps object to a set of attributes.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         Date dates[] = (Date[]) obj;
 
         if (dates == null)
@@ -80,8 +78,8 @@ public class DateArrayMapper implements IDBAttrMapper {
      * Maps LDAP attributes into object, and put the object
      * into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null)
@@ -104,8 +102,8 @@ public class DateArrayMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/DateMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/DateMapper.java
index d547a445..58cd1bfe 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/DateMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/DateMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.Date;
@@ -31,12 +30,11 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
  * A class represents ann attribute mapper that maps
  * a Java Date object into LDAP attribute,
  * and vice versa.
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
@@ -45,7 +43,7 @@ public class DateMapper implements IDBAttrMapper {
     private String mLdapName = null;
     private Vector v = new Vector();
     private static SimpleDateFormat formatter = new
-        SimpleDateFormat("yyyyMMddHHmmss'Z'");
+            SimpleDateFormat("yyyyMMddHHmmss'Z'");
 
     /**
      * Constructs date mapper.
@@ -66,9 +64,9 @@ public class DateMapper implements IDBAttrMapper {
      * Maps object to ldap attribute set.
      */
     public void mapObjectToLDAPAttributeSet(IDBObj parent,
-        String name, Object obj, LDAPAttributeSet attrs)
-        throws EBaseException {
-        attrs.add(new LDAPAttribute(mLdapName, 
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
+        attrs.add(new LDAPAttribute(mLdapName,
                 dateToDB((Date) obj)));
     }
 
@@ -77,7 +75,7 @@ public class DateMapper implements IDBAttrMapper {
      * into 'parent'.
      */
     public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
-        String name, IDBObj parent) throws EBaseException {
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null)
@@ -90,7 +88,7 @@ public class DateMapper implements IDBAttrMapper {
      * Maps search filters into LDAP search filter.
      */
     public String mapSearchFilter(String name, String op,
-        String value) throws EBaseException {
+            String value) throws EBaseException {
         String val = null;
 
         try {
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/IntegerMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/IntegerMapper.java
index c5601a9b..8d938492 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/IntegerMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/IntegerMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -28,14 +27,13 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
  * A class represents ann attribute mapper that maps
  * a Java Integer object into LDAP attribute,
  * and vice versa.
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class IntegerMapper implements IDBAttrMapper {
 
@@ -60,10 +58,10 @@ public class IntegerMapper implements IDBAttrMapper {
     /**
      * Maps object to ldap attribute set.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
-        attrs.add(new LDAPAttribute(mLdapName, 
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
+        attrs.add(new LDAPAttribute(mLdapName,
                 ((Integer) obj).toString()));
     }
 
@@ -71,8 +69,8 @@ public class IntegerMapper implements IDBAttrMapper {
      * Maps LDAP attributes into object, and put the object
      * into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null)
@@ -84,8 +82,8 @@ public class IntegerMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/KeyDBSchema.java b/pki/base/common/src/com/netscape/cmscore/dbs/KeyDBSchema.java
index ff776424..ca9db779 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/KeyDBSchema.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/KeyDBSchema.java
@@ -17,14 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
-
-
 /**
- * A class represents a collection of key record 
+ * A class represents a collection of key record
  * specific schema information.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
@@ -43,9 +40,9 @@ public class KeyDBSchema {
     public static final String LDAP_ATTR_KEY_SIZE = "keySize";
     public static final String LDAP_ATTR_ALGORITHM = "algorithm";
     public static final String LDAP_ATTR_STATE = "keyState";
-    public static final String LDAP_ATTR_DATE_OF_RECOVERY = 
-        "dateOfRecovery";
-    public static final String LDAP_ATTR_PUBLIC_KEY_FORMAT = 
-        "publicKeyFormat";
+    public static final String LDAP_ATTR_DATE_OF_RECOVERY =
+            "dateOfRecovery";
+    public static final String LDAP_ATTR_PUBLIC_KEY_FORMAT =
+            "publicKeyFormat";
     public static final String LDAP_ATTR_ARCHIVED_BY = "archivedBy";
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecord.java b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecord.java
index 2c1265f7..f42377fe 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecord.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecord.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 import java.util.Enumeration;
@@ -29,14 +28,13 @@ import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.dbs.keydb.IKeyRecord;
 import com.netscape.certsrv.dbs.keydb.KeyState;
 
-
 /**
  * A class represents a Key record. It maintains the key
  * life cycle as well as other information about an
  * archived key. Namely, whether a key is inactive because
  * of compromise.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
@@ -86,10 +84,10 @@ public class KeyRecord implements IDBObj, IKeyRecord {
      * 
      * @param key key to be archived
      */
-    public KeyRecord(BigInteger serialNo, byte publicData[], 
-        byte privateData[], String owner,
-        String algorithm, String agentId) 
-        throws EBaseException {
+    public KeyRecord(BigInteger serialNo, byte publicData[],
+            byte privateData[], String owner,
+            String algorithm, String agentId)
+            throws EBaseException {
         mSerialNo = serialNo;
         mPublicKey = publicData;
         mPrivateKey = privateData;
@@ -196,7 +194,7 @@ public class KeyRecord implements IDBObj, IKeyRecord {
      * Retrieves serial number of the key record. Each key record
      * is uniquely identified by serial number.
      * <P>
-     *
+     * 
      * @return serial number of this key record
      */
     public BigInteger getSerialNumber() throws EBaseException {
@@ -211,10 +209,10 @@ public class KeyRecord implements IDBObj, IKeyRecord {
     }
 
     /**
-     * Retrieves the key state. This gives key life cycle 
+     * Retrieves the key state. This gives key life cycle
      * information.
      * <P>
-     *
+     * 
      * @return key state
      */
     public KeyState getState() throws EBaseException {
@@ -239,7 +237,7 @@ public class KeyRecord implements IDBObj, IKeyRecord {
     /**
      * Retrieves key.
      * <P>
-     * 	
+     * 
      * @return archived key
      */
     public byte[] getPrivateKeyData() throws EBaseException {
@@ -256,7 +254,7 @@ public class KeyRecord implements IDBObj, IKeyRecord {
     /**
      * Retrieves the key size.
      * <P>
-     *
+     * 
      * @return key size
      */
     public Integer getKeySize() throws EBaseException {
@@ -280,7 +278,7 @@ public class KeyRecord implements IDBObj, IKeyRecord {
     }
 
     /**
-     * Sets owner name.	
+     * Sets owner name.
      * <P>
      */
     public void setOwnerName(String name) throws EBaseException {
@@ -338,7 +336,7 @@ public class KeyRecord implements IDBObj, IKeyRecord {
     }
 
     /**
-     * Retrieves the last modification time of 
+     * Retrieves the last modification time of
      * this record.
      */
     public Date getModifyTime() {
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecordList.java b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecordList.java
index f4882ffc..dd0c88a9 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecordList.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecordList.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -26,11 +25,10 @@ import com.netscape.certsrv.dbs.IDBVirtualList;
 import com.netscape.certsrv.dbs.keydb.IKeyRecord;
 import com.netscape.certsrv.dbs.keydb.IKeyRecordList;
 
-
 /**
  * A class represents a list of key records.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
@@ -46,13 +44,13 @@ public class KeyRecordList implements IKeyRecordList {
     }
 
     /**
-     * Retrieves the size of key list. 
+     * Retrieves the size of key list.
      */
     public int getSize() {
         return mVlist.getSize();
     }
 
-    public  int getSizeBeforeJumpTo() {
+    public int getSizeBeforeJumpTo() {
 
         return mVlist.getSizeBeforeJumpTo();
 
@@ -66,15 +64,17 @@ public class KeyRecordList implements IKeyRecordList {
     public IKeyRecord getKeyRecord(int i) {
         KeyRecord record = (KeyRecord) mVlist.getElementAt(i);
 
-        if (record == null) return null;
+        if (record == null)
+            return null;
+
+        return record;
+    }
 
-        return record; 
-    } 
     /**
      * Retrieves requests.
      */
     public Enumeration getKeyRecords(int startidx, int endidx)
-        throws EBaseException {
+            throws EBaseException {
         Vector entries = new Vector();
 
         for (int i = startidx; i <= endidx; i++) {
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecordMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecordMapper.java
index 1cbd3229..550cd15e 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecordMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecordMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -33,14 +32,13 @@ import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.dbs.keydb.IKeyRecord;
 import com.netscape.certsrv.dbs.keydb.IKeyRepository;
 import com.netscape.certsrv.logging.ILogger;
- 
 
 /**
- * A class represents a mapper to serialize 
+ * A class represents a mapper to serialize
  * key record into database.
  * <P>
- *
- * @author  thomask
+ * 
+ * @author thomask
  * @version $Revision$, $Date$
  */
 public class KeyRecordMapper implements IDBAttrMapper {
@@ -59,8 +57,8 @@ public class KeyRecordMapper implements IDBAttrMapper {
         return v.elements();
     }
 
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name, 
-        Object obj, LDAPAttributeSet attrs) throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name,
+            Object obj, LDAPAttributeSet attrs) throws EBaseException {
         try {
             KeyRecord rec = (KeyRecord) obj;
 
@@ -73,23 +71,23 @@ public class KeyRecordMapper implements IDBAttrMapper {
              * @phase  Maps object to ldap attribute set
              * @message KeyRecordMapper: <exception thrown>
              */
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_DBS_KEYRECORD_MAPPER_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_DBS_KEYRECORD_MAPPER_ERROR", e.toString()));
             throw new EDBException(
                     CMS.getUserMessage("CMS_DBS_SERIALIZE_FAILED", name));
         }
     }
 
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
-        try {	
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
+        try {
             LDAPAttribute attr = attrs.getAttribute(
                     KeyDBSchema.LDAP_ATTR_KEY_RECORD_ID);
 
             if (attr == null)
                 return;
             String serialno = (String) attr.getStringValues().nextElement();
-            IKeyRecord rec = mDB.readKeyRecord(new 
+            IKeyRecord rec = mDB.readKeyRecord(new
                     BigInteger(serialno));
 
             parent.set(name, rec);
@@ -100,15 +98,15 @@ public class KeyRecordMapper implements IDBAttrMapper {
              * @phase  Maps ldap attribute set to object
              * @message KeyRecordMapper: <exception thrown>
              */
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_DBS_KEYRECORD_MAPPER_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_DBS_KEYRECORD_MAPPER_ERROR", e.toString()));
             throw new EDBException(
                     CMS.getUserMessage("CMS_DBS_DESERIALIZE_FAILED", name));
         }
     }
 
     public String mapSearchFilter(String name, String op, String value)
-        throws EBaseException {
+            throws EBaseException {
         return name + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java
index f684718c..fc2d2c10 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.security.PublicKey;
 import java.util.Date;
@@ -39,12 +38,11 @@ import com.netscape.certsrv.dbs.keydb.IKeyRecordList;
 import com.netscape.certsrv.dbs.keydb.IKeyRepository;
 import com.netscape.certsrv.dbs.repository.IRepository;
 
-
 /**
  * A class represents a Key repository. This is the container of
  * archived keys.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
@@ -62,12 +60,12 @@ public class KeyRepository extends Repository implements IKeyRepository {
      * Constructs a key repository. It checks if the key repository
      * does exist. If not, it creates the repository.
      * <P>
-     *
+     * 
      * @param service db service
      * @exception EBaseException failed to setup key repository
      */
     public KeyRepository(IDBSubsystem service, int increment, String baseDN)
-        throws EDBException {
+            throws EDBException {
         super(service, increment, baseDN);
         mBaseDN = baseDN;
         mDBService = service;
@@ -81,55 +79,55 @@ public class KeyRepository extends Repository implements IKeyRepository {
 
         if (!reg.isObjectClassRegistered(KeyRecord.class.getName())) {
             reg.registerObjectClass(KeyRecord.class.getName(),
-                keyRecordOC);
+                    keyRecordOC);
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_ID)) {
             reg.registerAttribute(KeyRecord.ATTR_ID, new
-                BigIntegerMapper(KeyDBSchema.LDAP_ATTR_SERIALNO));
+                    BigIntegerMapper(KeyDBSchema.LDAP_ATTR_SERIALNO));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_ALGORITHM)) {
             reg.registerAttribute(KeyRecord.ATTR_ALGORITHM, new
-                StringMapper(KeyDBSchema.LDAP_ATTR_ALGORITHM));
+                    StringMapper(KeyDBSchema.LDAP_ATTR_ALGORITHM));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_STATE)) {
             reg.registerAttribute(KeyRecord.ATTR_STATE, new
-                KeyStateMapper(KeyDBSchema.LDAP_ATTR_STATE));
+                    KeyStateMapper(KeyDBSchema.LDAP_ATTR_STATE));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_KEY_SIZE)) {
             reg.registerAttribute(KeyRecord.ATTR_KEY_SIZE, new
-                IntegerMapper(KeyDBSchema.LDAP_ATTR_KEY_SIZE));
+                    IntegerMapper(KeyDBSchema.LDAP_ATTR_KEY_SIZE));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_OWNER_NAME)) {
             reg.registerAttribute(KeyRecord.ATTR_OWNER_NAME, new
-                StringMapper(KeyDBSchema.LDAP_ATTR_OWNER_NAME));
+                    StringMapper(KeyDBSchema.LDAP_ATTR_OWNER_NAME));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_PRIVATE_KEY_DATA)) {
             reg.registerAttribute(KeyRecord.ATTR_PRIVATE_KEY_DATA, new
-                ByteArrayMapper(KeyDBSchema.LDAP_ATTR_PRIVATE_KEY_DATA));
+                    ByteArrayMapper(KeyDBSchema.LDAP_ATTR_PRIVATE_KEY_DATA));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_PUBLIC_KEY_DATA)) {
             reg.registerAttribute(KeyRecord.ATTR_PUBLIC_KEY_DATA, new
-                PublicKeyMapper(KeyDBSchema.LDAP_ATTR_PUBLIC_KEY_DATA));
+                    PublicKeyMapper(KeyDBSchema.LDAP_ATTR_PUBLIC_KEY_DATA));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_DATE_OF_RECOVERY)) {
             reg.registerAttribute(KeyRecord.ATTR_DATE_OF_RECOVERY, new
-                DateArrayMapper(KeyDBSchema.LDAP_ATTR_DATE_OF_RECOVERY));
+                    DateArrayMapper(KeyDBSchema.LDAP_ATTR_DATE_OF_RECOVERY));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_CREATE_TIME)) {
             reg.registerAttribute(KeyRecord.ATTR_CREATE_TIME, new
-                DateMapper(KeyDBSchema.LDAP_ATTR_CREATE_TIME));
+                    DateMapper(KeyDBSchema.LDAP_ATTR_CREATE_TIME));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_MODIFY_TIME)) {
             reg.registerAttribute(KeyRecord.ATTR_MODIFY_TIME, new
-                DateMapper(KeyDBSchema.LDAP_ATTR_MODIFY_TIME));
+                    DateMapper(KeyDBSchema.LDAP_ATTR_MODIFY_TIME));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_META_INFO)) {
             reg.registerAttribute(KeyRecord.ATTR_META_INFO, new
-                MetaInfoMapper(KeyDBSchema.LDAP_ATTR_META_INFO));
+                    MetaInfoMapper(KeyDBSchema.LDAP_ATTR_META_INFO));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_ARCHIVED_BY)) {
             reg.registerAttribute(KeyRecord.ATTR_ARCHIVED_BY, new
-                StringMapper(KeyDBSchema.LDAP_ATTR_ARCHIVED_BY));
+                    StringMapper(KeyDBSchema.LDAP_ATTR_ARCHIVED_BY));
         }
     }
 
@@ -147,7 +145,7 @@ public class KeyRepository extends Repository implements IKeyRepository {
         CMS.debug("In setKeyStatusUpdateInterval  mKeyStatusUpdateThread " + mKeyStatusUpdateThread);
         if (mKeyStatusUpdateThread == null) {
             CMS.debug("In setKeyStatusUpdateInterval about to create KeyStatusUpdateThread ");
-            mKeyStatusUpdateThread = new KeyStatusUpdateThread(this, requestRepo,  "KeyStatusUpdateThread");
+            mKeyStatusUpdateThread = new KeyStatusUpdateThread(this, requestRepo, "KeyStatusUpdateThread");
             mKeyStatusUpdateThread.setInterval(interval);
             mKeyStatusUpdateThread.start();
         } else {
@@ -171,15 +169,14 @@ public class KeyRepository extends Repository implements IKeyRepository {
     /**
      * Removes all objects with this repository.
      */
-    public void removeAllObjects() throws EBaseException
-    {
+    public void removeAllObjects() throws EBaseException {
         String filter = "(" + KeyRecord.ATTR_OWNER_NAME + "=*" + ")";
         IKeyRecordList list = findKeyRecordsInList(filter,
                     null, "serialno", 10);
         int size = list.getSize();
         Enumeration<IKeyRecord> e = list.getKeyRecords(0, size - 1);
         while (e.hasMoreElements()) {
-            IKeyRecord rec =  e.nextElement();
+            IKeyRecord rec = e.nextElement();
             deleteKeyRecord(rec.getSerialNumber());
         }
     }
@@ -187,7 +184,7 @@ public class KeyRepository extends Repository implements IKeyRepository {
     /**
      * Archives a key to the repository.
      * <P>
-     *
+     * 
      * @param record key record
      * @exception EBaseException failed to archive key
      */
@@ -196,34 +193,38 @@ public class KeyRepository extends Repository implements IKeyRepository {
 
         try {
             String name = "cn" + "=" +
-                ((KeyRecord) record).getSerialNumber().toString() + "," + getDN();
+                    ((KeyRecord) record).getSerialNumber().toString() + "," + getDN();
 
-            if (s != null) s.add(name, (KeyRecord) record);
-        } finally { 
-            if (s != null) s.close();
+            if (s != null)
+                s.add(name, (KeyRecord) record);
+        } finally {
+            if (s != null)
+                s.close();
         }
     }
 
     /**
      * Recovers an archived key by serial number.
      * <P>
-     *
+     * 
      * @param serialNo serial number
      * @return key record
      * @exception EBaseException failed to recover key
      */
     public IKeyRecord readKeyRecord(BigInteger serialNo)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         KeyRecord rec = null;
 
         try {
             String name = "cn" + "=" +
-                serialNo.toString() + "," + getDN();
+                    serialNo.toString() + "," + getDN();
 
-            if (s != null) rec = (KeyRecord) s.read(name);
-        } finally { 
-            if (s != null) s.close();
+            if (s != null)
+                rec = (KeyRecord) s.read(name);
+        } finally {
+            if (s != null)
+                s.close();
         }
         return rec;
     }
@@ -231,26 +232,27 @@ public class KeyRepository extends Repository implements IKeyRepository {
     /**
      * Recovers an archived key by owner name.
      * <P>
-     *
+     * 
      * @param ownerName owner name
      * @return key record
      * @exception EBaseException failed to recover key
      */
     public IKeyRecord readKeyRecord(X500Name ownerName)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         KeyRecord keyRec = null;
 
         try {
             if (ownerName != null) {
                 String filter = "(" + KeyRecord.ATTR_OWNER_NAME + "=" +
-                    ownerName.toString() + ")";
+                        ownerName.toString() + ")";
                 IDBSearchResults res = s.search(getDN(), filter);
 
                 keyRec = (KeyRecord) res.nextElement();
-            } 
-        } finally { 
-            if (s != null) s.close();
+            }
+        } finally {
+            if (s != null)
+                s.close();
         }
         return keyRec;
     }
@@ -259,7 +261,7 @@ public class KeyRepository extends Repository implements IKeyRepository {
      * Recovers archived key using public key.
      */
     public IKeyRecord readKeyRecord(PublicKey publicKey)
-        throws EBaseException {
+            throws EBaseException {
         // XXX - setup binary search attributes
         byte data[] = publicKey.getEncoded();
 
@@ -270,39 +272,40 @@ public class KeyRepository extends Repository implements IKeyRepository {
 
         try {
             String filter = "(" + KeyRecord.ATTR_PUBLIC_KEY_DATA + "=" +
-                escapeBinaryData(data) + ")";
-            if( s != null ) {
+                    escapeBinaryData(data) + ")";
+            if (s != null) {
                 IDBSearchResults res = s.search(getDN(), filter);
 
                 rec = (KeyRecord) res.nextElement();
             }
-        } finally { 
-            if (s != null) s.close();
+        } finally {
+            if (s != null)
+                s.close();
         }
         return rec;
     }
 
-
     /**
      * Recovers archived key using b64 encoded cert
      */
     public IKeyRecord readKeyRecord(String cert)
-        throws EBaseException {
+            throws EBaseException {
 
         IDBSSession s = mDBService.createSession();
         KeyRecord rec = null;
 
         try {
-            String filter = "(publicKey=x509cert#\"" +cert+"\")";
-CMS.debug("filter= " + filter);
+            String filter = "(publicKey=x509cert#\"" + cert + "\")";
+            CMS.debug("filter= " + filter);
 
-            if( s != null ) {
+            if (s != null) {
                 IDBSearchResults res = s.search(getDN(), filter);
 
                 rec = (KeyRecord) res.nextElement();
             }
-        } finally { 
-            if (s != null) s.close();
+        } finally {
+            if (s != null)
+                s.close();
         }
         return rec;
     }
@@ -311,32 +314,36 @@ CMS.debug("filter= " + filter);
      * Modifies key record.
      */
     public void modifyKeyRecord(BigInteger serialNo, ModificationSet mods)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = "cn" + "=" +
-                serialNo.toString() + "," + getDN();
+                    serialNo.toString() + "," + getDN();
 
             mods.add(KeyRecord.ATTR_MODIFY_TIME, Modification.MOD_REPLACE,
-                new Date());
-            if (s != null) s.modify(name, mods);
-        } finally { 
-            if (s != null) s.close();
+                    new Date());
+            if (s != null)
+                s.modify(name, mods);
+        } finally {
+            if (s != null)
+                s.close();
         }
     }
 
     public void deleteKeyRecord(BigInteger serialNo)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = "cn" + "=" +
-                serialNo.toString() + "," + getDN();
+                    serialNo.toString() + "," + getDN();
 
-            if (s != null) s.delete(name);
-        } finally { 
-            if (s != null) s.close();
+            if (s != null)
+                s.delete(name);
+        } finally {
+            if (s != null)
+                s.close();
         }
     }
 
@@ -353,7 +360,7 @@ CMS.debug("filter= " + filter);
     }
 
     public Enumeration<Object> searchKeys(String filter, int maxSize)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration<Object> e = null;
 
@@ -367,7 +374,7 @@ CMS.debug("filter= " + filter);
     }
 
     public Enumeration<Object> searchKeys(String filter, int maxSize, int timeLimit)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration<Object> e = null;
 
@@ -384,14 +391,14 @@ CMS.debug("filter= " + filter);
      * Retrieves key record list.
      */
     public IKeyRecordList findKeyRecordsInList(String filter,
-        String attrs[], int pageSize) throws EBaseException {
+            String attrs[], int pageSize) throws EBaseException {
         return findKeyRecordsInList(filter, attrs, IKeyRecord.ATTR_ID,
-                pageSize); 
+                pageSize);
     }
 
     public IKeyRecordList findKeyRecordsInList(String filter,
-        String attrs[], String sortKey, int pageSize) 
-        throws EBaseException {
+            String attrs[], String sortKey, int pageSize)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         IKeyRecordList list = null;
 
@@ -399,18 +406,19 @@ CMS.debug("filter= " + filter);
             if (s != null) {
                 list = new KeyRecordList(
                         s.createVirtualList(getDN(), "(&(objectclass=" +
-                            KeyRecord.class.getName() + ")" + filter + ")",
-                            attrs, sortKey, pageSize));
+                                KeyRecord.class.getName() + ")" + filter + ")",
+                                attrs, sortKey, pageSize));
             }
-        } finally { 
-            if (s != null) s.close();
+        } finally {
+            if (s != null)
+                s.close();
         }
         return list;
     }
 
     public IKeyRecordList findKeyRecordsInList(String filter,
-        String attrs[],String jumpTo, String sortKey, int pageSize)
-        throws EBaseException {
+            String attrs[], String jumpTo, String sortKey, int pageSize)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         IKeyRecordList list = null;
 
@@ -419,86 +427,85 @@ CMS.debug("filter= " + filter);
         String jumpToVal = null;
 
         if (len > 9) {
-                jumpToVal = Integer.toString(len) + jumpTo;
-            } else {
-                jumpToVal = "0" + Integer.toString(len) + jumpTo;
+            jumpToVal = Integer.toString(len) + jumpTo;
+        } else {
+            jumpToVal = "0" + Integer.toString(len) + jumpTo;
         }
 
         try {
             if (s != null) {
                 list = new KeyRecordList(
                         s.createVirtualList(getDN(), "(&(objectclass=" +
-                            KeyRecord.class.getName() + ")" + filter + ")",
-                            attrs,jumpToVal, sortKey, pageSize));
+                                KeyRecord.class.getName() + ")" + filter + ")",
+                                attrs, jumpToVal, sortKey, pageSize));
             }
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
         return list;
     }
 
-    public BigInteger getLastSerialNumberInRange(BigInteger  serial_low_bound, BigInteger serial_upper_bound) throws
-       EBaseException {
+    public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound) throws
+            EBaseException {
 
-          CMS.debug("KeyRepository:  in getLastSerialNumberInRange: low " + serial_low_bound + " high " + serial_upper_bound);
+        CMS.debug("KeyRepository:  in getLastSerialNumberInRange: low " + serial_low_bound + " high " + serial_upper_bound);
 
-          if(serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0)
-          {
-              return null;
-          }
+        if (serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0) {
+            return null;
+        }
 
-          String ldapfilter = "(" + "serialno" + "=*" + ")";
-          String[] attrs = null;
+        String ldapfilter = "(" + "serialno" + "=*" + ")";
+        String[] attrs = null;
 
-          KeyRecordList recList = (KeyRecordList) findKeyRecordsInList(ldapfilter,attrs,serial_upper_bound.toString(10),"serialno", 5 * -1);
+        KeyRecordList recList = (KeyRecordList) findKeyRecordsInList(ldapfilter, attrs, serial_upper_bound.toString(10), "serialno", 5 * -1);
 
-          int size = recList.getSize();
+        int size = recList.getSize();
 
-          CMS.debug("KeyRepository: getLastSerialNumberInRange: recList size " + size);
+        CMS.debug("KeyRepository: getLastSerialNumberInRange: recList size " + size);
 
-          if (size <= 0) {
-              CMS.debug("KeyRepository: getLastSerialNumberInRange: index may be empty");
+        if (size <= 0) {
+            CMS.debug("KeyRepository: getLastSerialNumberInRange: index may be empty");
 
-              BigInteger ret = new BigInteger(serial_low_bound.toString(10));
+            BigInteger ret = new BigInteger(serial_low_bound.toString(10));
 
-              ret = ret.add(new BigInteger("-1"));
+            ret = ret.add(new BigInteger("-1"));
 
-              CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " +  ret );
-              return ret;
-          }
-          int ltSize = recList.getSizeBeforeJumpTo();
+            CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + ret);
+            return ret;
+        }
+        int ltSize = recList.getSizeBeforeJumpTo();
 
-          CMS.debug("KeyRepository:getLastSerialNumberInRange: ltSize " + ltSize);
+        CMS.debug("KeyRepository:getLastSerialNumberInRange: ltSize " + ltSize);
 
-          int i;
-          KeyRecord curRec = null;
+        int i;
+        KeyRecord curRec = null;
 
-          for (i = 0; i < 5; i++) {
-              curRec = (KeyRecord) recList.getKeyRecord(i);
+        for (i = 0; i < 5; i++) {
+            curRec = (KeyRecord) recList.getKeyRecord(i);
 
-              if (curRec != null) {
+            if (curRec != null) {
 
-                  BigInteger serial = curRec.getSerialNumber();
+                BigInteger serial = curRec.getSerialNumber();
 
-                  CMS.debug("KeyRepository:  getLastCertRecordSerialNo:  serialno  " + serial);
+                CMS.debug("KeyRepository:  getLastCertRecordSerialNo:  serialno  " + serial);
 
-                  if(  ((serial.compareTo(serial_low_bound) == 0) || (serial.compareTo(serial_low_bound) == 1) ) &&
-                       ((serial.compareTo(serial_upper_bound) == 0) || (serial.compareTo(serial_upper_bound) == -1) ))
-                  {
-                      CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + serial);
-                      return serial;
-                  }
-              } else {
-                  CMS.debug("KeyRepository:  getLastSerialNumberInRange:found null from getCertRecord");
-              }
-          }
+                if (((serial.compareTo(serial_low_bound) == 0) || (serial.compareTo(serial_low_bound) == 1)) &&
+                        ((serial.compareTo(serial_upper_bound) == 0) || (serial.compareTo(serial_upper_bound) == -1))) {
+                    CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + serial);
+                    return serial;
+                }
+            } else {
+                CMS.debug("KeyRepository:  getLastSerialNumberInRange:found null from getCertRecord");
+            }
+        }
 
-          BigInteger ret = new BigInteger(serial_low_bound.toString(10));
+        BigInteger ret = new BigInteger(serial_low_bound.toString(10));
 
-          ret = ret.add(new BigInteger("-1"));
+        ret = ret.add(new BigInteger("-1"));
 
-          CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " +  ret );
-          return ret ;
+        CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + ret);
+        return ret;
 
     }
 
@@ -538,7 +545,7 @@ class KeyStatusUpdateThread extends Thread {
                     CMS.debug("Starting key checkRanges");
                     _kr.checkRanges();
                     CMS.debug("key checkRanges done");
- 
+
                     CMS.debug("Starting request checkRanges");
                     _rr.checkRanges();
                     CMS.debug("request checkRanges done");
@@ -553,5 +560,3 @@ class KeyStatusUpdateThread extends Thread {
         }
     }
 }
-
-
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/KeyStateMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/KeyStateMapper.java
index 7f13c8ed..dc6aadff 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/KeyStateMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/KeyStateMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -29,13 +28,12 @@ import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.dbs.keydb.KeyState;
 
-
 /**
  * A class represents a key state mapper.
  * <P>
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class KeyStateMapper implements IDBAttrMapper {
 
@@ -52,10 +50,10 @@ public class KeyStateMapper implements IDBAttrMapper {
         return v.elements();
     }
 
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
-        attrs.add(new LDAPAttribute(mLdapName, 
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
+        attrs.add(new LDAPAttribute(mLdapName,
                 ((KeyState) obj).toString()));
     }
 
@@ -63,8 +61,8 @@ public class KeyStateMapper implements IDBAttrMapper {
      * Maps LDAP attributes into object, and put the object
      * into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null) {
@@ -77,8 +75,8 @@ public class KeyStateMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/LdapFilterConverter.java b/pki/base/common/src/com/netscape/cmscore/dbs/LdapFilterConverter.java
index 909bf47e..74ac7ca9 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/LdapFilterConverter.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/LdapFilterConverter.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Hashtable;
 
 import com.netscape.certsrv.base.AttributeNameHelper;
@@ -25,14 +24,13 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IFilterConverter;
 
-
 /**
  * A class represents a filter converter
  * that understands how to convert a attribute
  * type from one defintion to another.
  * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class LdapFilterConverter implements IFilterConverter {
 
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/LongMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/LongMapper.java
index cdd9aeb7..2d2d539e 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/LongMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/LongMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -28,14 +27,13 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
  * A class represents ann attribute mapper that maps
  * a Java Long object into LDAP attribute,
  * and vice versa.
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class LongMapper implements IDBAttrMapper {
 
@@ -60,10 +58,10 @@ public class LongMapper implements IDBAttrMapper {
     /**
      * Maps object into ldap attribute set.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
-        attrs.add(new LDAPAttribute(mLdapName, 
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
+        attrs.add(new LDAPAttribute(mLdapName,
                 LongToDB((Long) obj)));
     }
 
@@ -71,8 +69,8 @@ public class LongMapper implements IDBAttrMapper {
      * Maps LDAP attributes into object, and put the object
      * into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null)
@@ -84,8 +82,8 @@ public class LongMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         String v = null;
 
         try {
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/MetaInfoMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/MetaInfoMapper.java
index 605e2fad..f175c811 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/MetaInfoMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/MetaInfoMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.StringTokenizer;
 import java.util.Vector;
@@ -30,20 +29,19 @@ import com.netscape.certsrv.base.MetaInfo;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
  * A class represent mapper for metainfo attribute. Metainfo
  * is in format of the following:
- *
+ * 
  * <PRE>
  * metaInfoType:metaInfoValue
  * metaInfoType:metaInfoValue
  * metaInfoType:metaInfoValue
  * metaInfoType:metaInfoValue
  * </PRE>
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class MetaInfoMapper implements IDBAttrMapper {
 
@@ -71,8 +69,8 @@ public class MetaInfoMapper implements IDBAttrMapper {
      * Maps object into ldap attribute set.
      */
     public void mapObjectToLDAPAttributeSet(IDBObj parent,
-        String name, Object obj, LDAPAttributeSet attrs)
-        throws EBaseException {
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         MetaInfo info = (MetaInfo) obj;
         Enumeration e = info.getElements();
 
@@ -96,7 +94,7 @@ public class MetaInfoMapper implements IDBAttrMapper {
      * 'parent'.
      */
     public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
-        String name, IDBObj parent) throws EBaseException {
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null)
@@ -119,7 +117,7 @@ public class MetaInfoMapper implements IDBAttrMapper {
      * (&(metaInfo=reserver0:value0)(metaInfo=reserved1:value1))
      */
     public String mapSearchFilter(String name, String op,
-        String value) throws EBaseException {
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/ObjectStreamMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/ObjectStreamMapper.java
index 46979715..f77a36ed 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/ObjectStreamMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/ObjectStreamMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -35,15 +34,14 @@ import com.netscape.certsrv.dbs.EDBException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.logging.ILogger;
- 
 
 /**
  * A class represents ann attribute mapper that maps
  * a Java object into LDAP attribute,
  * and vice versa.
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class ObjectStreamMapper implements IDBAttrMapper {
 
@@ -69,9 +67,9 @@ public class ObjectStreamMapper implements IDBAttrMapper {
     /**
      * Maps object to ldap attribute set.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name, 
-        Object obj, LDAPAttributeSet attrs) 	
-        throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name,
+            Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         try {
             ByteArrayOutputStream bos = new ByteArrayOutputStream();
             ObjectOutputStream os = new ObjectOutputStream(bos);
@@ -79,13 +77,13 @@ public class ObjectStreamMapper implements IDBAttrMapper {
             os.writeObject(obj);
             byte data[] = bos.toByteArray();
             if (data == null) {
-               CMS.debug("ObjectStreamMapper:mapObjectToLDAPAttributeSet " +
+                CMS.debug("ObjectStreamMapper:mapObjectToLDAPAttributeSet " +
                            name + " size=0");
             } else {
-               CMS.debug("ObjectStreamMapper:mapObjectToLDAPAttributeSet " +
+                CMS.debug("ObjectStreamMapper:mapObjectToLDAPAttributeSet " +
                            name + " size=" + data.length);
             }
-            attrs.add(new LDAPAttribute(mLdapName, 
+            attrs.add(new LDAPAttribute(mLdapName,
                     data));
         } catch (IOException e) {
 
@@ -94,9 +92,9 @@ public class ObjectStreamMapper implements IDBAttrMapper {
              * @phase Maps object to ldap attribute set
              * @message ObjectStreamMapper: <exception thrown>
              */
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_DBS_OBJECTSTREAM_MAPPER_ERROR",
-                    e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_DBS_OBJECTSTREAM_MAPPER_ERROR",
+                            e.toString()));
             throw new EDBException(
                     CMS.getUserMessage("CMS_DBS_SERIALIZE_FAILED", name));
         }
@@ -106,8 +104,8 @@ public class ObjectStreamMapper implements IDBAttrMapper {
      * Maps LDAP attributes into object, and put the object
      * into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         try {
             LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
@@ -131,8 +129,8 @@ public class ObjectStreamMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/PublicKeyMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/PublicKeyMapper.java
index 8a2d1f2d..f4d8cabe 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/PublicKeyMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/PublicKeyMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
@@ -32,16 +31,15 @@ import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmscore.cert.CertUtils;
- 
 
 /**
  * A class represents an attribute mapper that maps
  * a public key data into LDAP attribute and
  * vice versa.
  * <P>
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class PublicKeyMapper implements IDBAttrMapper {
 
@@ -68,9 +66,9 @@ public class PublicKeyMapper implements IDBAttrMapper {
     /**
      * Maps object to ldap attribute set.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         attrs.add(new LDAPAttribute(mLdapName, (byte[]) obj));
     }
 
@@ -78,8 +76,8 @@ public class PublicKeyMapper implements IDBAttrMapper {
      * Maps LDAP attributes into object, and put the object
      * into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null) {
@@ -92,8 +90,8 @@ public class PublicKeyMapper implements IDBAttrMapper {
      * Maps search filters into LDAP search filter. It knows
      * how to extract public key from the certificate.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         int i = value.indexOf("#");
 
         if (i != -1) {
@@ -116,9 +114,9 @@ public class PublicKeyMapper implements IDBAttrMapper {
                  * @phase Maps search filters into LDAP search filter
                  * @message PublicKeyMapper: <exception thrown>
                  */
-                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_DBS_PUBLICKEY_MAPPER_ERROR",
-                        e.toString()));
+                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_DBS_PUBLICKEY_MAPPER_ERROR",
+                                e.toString()));
             }
         }
         return mLdapName + op + value;
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/ReplicaIDRepository.java b/pki/base/common/src/com/netscape/cmscore/dbs/ReplicaIDRepository.java
index 61beb423..c016e5ac 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/ReplicaIDRepository.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/ReplicaIDRepository.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 
 import com.netscape.certsrv.apps.CMS;
@@ -30,12 +29,12 @@ import com.netscape.certsrv.dbs.replicadb.IReplicaIDRepository;
  * A class represents a replica repository. It
  * creates unique managed replica IDs.
  * <P>
- *
+ * 
  * @author alee
  * @version $Revision$, $Date$
  */
 public class ReplicaIDRepository extends Repository
-    implements IReplicaIDRepository {
+        implements IReplicaIDRepository {
 
     private IDBSubsystem mDBService;
     private String mBaseDN;
@@ -44,24 +43,23 @@ public class ReplicaIDRepository extends Repository
      * Constructs a certificate repository.
      */
     public ReplicaIDRepository(IDBSubsystem dbService, int increment, String baseDN)
-        throws EDBException {
+            throws EDBException {
         super(dbService, increment, baseDN);
         mBaseDN = baseDN;
         mDBService = dbService;
     }
-   
- 
+
     /**
      * Returns last serial number in given range
      */
     public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound)
-    throws EBaseException {
-        CMS.debug("ReplicaIDReposoitory: in getLastSerialNumberInRange: low "  + serial_low_bound + " high " + serial_upper_bound);
-        if(serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0 ) {
+            throws EBaseException {
+        CMS.debug("ReplicaIDReposoitory: in getLastSerialNumberInRange: low " + serial_low_bound + " high " + serial_upper_bound);
+        if (serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0) {
             return null;
         }
         BigInteger ret = new BigInteger(getMinSerial());
-        if ((ret==null) || (ret.compareTo(serial_upper_bound) >0) || (ret.compareTo(serial_low_bound) <0)) {
+        if ((ret == null) || (ret.compareTo(serial_upper_bound) > 0) || (ret.compareTo(serial_low_bound) < 0)) {
             return null;
         }
         return ret;
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/Repository.java b/pki/base/common/src/com/netscape/cmscore/dbs/Repository.java
index 858e7a63..106a1c21 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/Repository.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/Repository.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 
 import com.netscape.certsrv.apps.CMS;
@@ -36,18 +35,17 @@ import com.netscape.certsrv.dbs.repository.IRepository;
 import com.netscape.certsrv.dbs.repository.IRepositoryRecord;
 
 /**
- * A class represents a generic repository. It maintains unique 
+ * A class represents a generic repository. It maintains unique
  * serial number within repository.
  * <P>
- * To build domain specific repository, subclass should be
- * created.
+ * To build domain specific repository, subclass should be created.
  * <P>
- *
+ * 
  * @author galperin
  * @author thomask
  * @version $Revision: 1.4
- *       
- $, $Date$
+ * 
+ *          $, $Date$
  */
 
 public abstract class Repository implements IRepository {
@@ -56,7 +54,7 @@ public abstract class Repository implements IRepository {
     private BigInteger BI_INCREMENT = null;
     private static final BigInteger BI_ZERO = new BigInteger("0");
     // (the next serialNo to be issued) - 1
-    private BigInteger mSerialNo = null; 
+    private BigInteger mSerialNo = null;
     // the serialNo attribute stored in db
     private BigInteger mNext = null;
 
@@ -79,51 +77,49 @@ public abstract class Repository implements IRepository {
     private int mRadix = 10;
     private int mRepo = -1;
 
-
     private BigInteger mLastSerialNo = null;
+
     /**
      * Constructs a repository.
      * <P>
      */
-    public Repository(IDBSubsystem db, int increment, String baseDN) 
-        throws EDBException {
+    public Repository(IDBSubsystem db, int increment, String baseDN)
+            throws EDBException {
         mDB = db;
         mBaseDN = baseDN;
 
-
         BI_INCREMENT = new BigInteger(Integer.toString(increment));
 
         // register schema
         IDBRegistry reg = db.getRegistry();
 
         /**
-         if (!reg.isObjectClassRegistered(
-         RepositoryRecord.class.getName())) {
-         String repRecordOC[] = new String[2];
-         repRecordOC[0] = RepositorySchema.LDAP_OC_TOP;
-         repRecordOC[1] = RepositorySchema.LDAP_OC_REPOSITORY;
-         reg.registerObjectClass(
-         RepositoryRecord.class.getName(), repRecordOC);
-         }
-         if (!reg.isAttributeRegistered(RepositoryRecord.ATTR_SERIALNO)) {
-         reg.registerAttribute(RepositoryRecord.ATTR_SERIALNO,
-         new BigIntegerMapper(RepositorySchema.LDAP_ATTR_SERIALNO));
-         }
+         * if (!reg.isObjectClassRegistered(
+         * RepositoryRecord.class.getName())) {
+         * String repRecordOC[] = new String[2];
+         * repRecordOC[0] = RepositorySchema.LDAP_OC_TOP;
+         * repRecordOC[1] = RepositorySchema.LDAP_OC_REPOSITORY;
+         * reg.registerObjectClass(
+         * RepositoryRecord.class.getName(), repRecordOC);
+         * }
+         * if (!reg.isAttributeRegistered(RepositoryRecord.ATTR_SERIALNO)) {
+         * reg.registerAttribute(RepositoryRecord.ATTR_SERIALNO,
+         * new BigIntegerMapper(RepositorySchema.LDAP_ATTR_SERIALNO));
+         * }
          **/
     }
 
     /**
      * Resets serial number.
      */
-    public void resetSerialNumber(BigInteger serial) throws EBaseException
-    {
+    public void resetSerialNumber(BigInteger serial) throws EBaseException {
         IDBSSession s = mDB.createSession();
-                                                                                
+
         try {
             String name = mBaseDN;
             ModificationSet mods = new ModificationSet();
             mods.add(IRepositoryRecord.ATTR_SERIALNO,
-                Modification.MOD_REPLACE, serial);
+                    Modification.MOD_REPLACE, serial);
             s.modify(name, mods);
         } finally {
             if (s != null)
@@ -134,7 +130,7 @@ public abstract class Repository implements IRepository {
     /**
      * Retrieves the next serial number attr in db.
      * <P>
-     *
+     * 
      * @return next serial number
      */
     protected BigInteger getSerialNumber() throws EBaseException {
@@ -144,15 +140,17 @@ public abstract class Repository implements IRepository {
         RepositoryRecord rec = null;
 
         try {
-            if (s != null) rec = (RepositoryRecord) s.read(mBaseDN);
-        } finally { 
-            if (s != null) s.close();
+            if (s != null)
+                rec = (RepositoryRecord) s.read(mBaseDN);
+        } finally {
+            if (s != null)
+                s.close();
         }
 
-        if( rec == null ) {
-            CMS.debug( "Repository::getSerialNumber() - "
-                     + "- rec is null!" );
-            throw new EBaseException( "rec is null" );
+        if (rec == null) {
+            CMS.debug("Repository::getSerialNumber() - "
+                     + "- rec is null!");
+            throw new EBaseException("rec is null");
         }
 
         BigInteger serial = rec.getSerialNumber();
@@ -168,7 +166,7 @@ public abstract class Repository implements IRepository {
                     serial = serial.add(BI_ONE);
                     setSerialNumber(serial);
                 }
-            }catch (EBaseException e) {
+            } catch (EBaseException e) {
                 // do nothing
             }
             mInit = true;
@@ -179,12 +177,12 @@ public abstract class Repository implements IRepository {
     /**
      * Updates the serial number to the specified in db.
      * <P>
-     *
+     * 
      * @param num serial number
      */
     protected void setSerialNumber(BigInteger num) throws EBaseException {
 
-        CMS.debug("Repository:setSerialNumber " +  num.toString());
+        CMS.debug("Repository:setSerialNumber " + num.toString());
 
         return;
 
@@ -211,8 +209,8 @@ public abstract class Repository implements IRepository {
 
         maxSerial = new BigInteger(serial, mRadix);
         if (maxSerial != null) {
-           mMaxSerial = serial;
-           mMaxSerialNo = maxSerial;
+            mMaxSerial = serial;
+            mMaxSerialNo = maxSerial;
         }
     }
 
@@ -237,23 +235,22 @@ public abstract class Repository implements IRepository {
 
         maxSerial = new BigInteger(serial, mRadix);
         if (maxSerial != null) {
-           mNextMaxSerial = serial;
-           mNextMaxSerialNo = maxSerial;
+            mNextMaxSerial = serial;
+            mNextMaxSerialNo = maxSerial;
         }
 
         return;
     }
-  
+
     /**
      * Get the minimum serial number.
      * 
      * @return minimum serial number
      */
     public String getMinSerial() {
-       return mMinSerial;
+        return mMinSerial;
     }
 
-
     /**
      * init serial number cache
      */
@@ -261,14 +258,14 @@ public abstract class Repository implements IRepository {
         mNext = getSerialNumber();
         BigInteger serialConfig = new BigInteger("0");
         mRadix = 10;
-   
+
         CMS.debug("Repository: in InitCache");
 
         if (this instanceof ICertificateRepository) {
             CMS.debug("Repository: Instance of Certificate Repository.");
             mRadix = 16;
             mRepo = IDBSubsystem.CERTS;
-        } else if (this instanceof IKeyRepository)  {
+        } else if (this instanceof IKeyRepository) {
             // Key Repository uses the same configuration parameters as Certificate
             // Repository.  This is ok because they are on separate subsystems.
             CMS.debug("Repository: Instance of Key Repository");
@@ -292,48 +289,47 @@ public abstract class Repository implements IRepository {
 
         CMS.debug("Repository: minSerial " + mMinSerial + " maxSerial: " + mMaxSerial);
 
-        if(mMinSerial != null) 
-            mMinSerialNo = new BigInteger(mMinSerial,mRadix);
+        if (mMinSerial != null)
+            mMinSerialNo = new BigInteger(mMinSerial, mRadix);
 
-        if(mMaxSerial != null)
-            mMaxSerialNo = new BigInteger(mMaxSerial,mRadix); 
+        if (mMaxSerial != null)
+            mMaxSerialNo = new BigInteger(mMaxSerial, mRadix);
 
-        if(mNextMinSerial != null) 
-            mNextMinSerialNo = new BigInteger(mNextMinSerial,mRadix);
+        if (mNextMinSerial != null)
+            mNextMinSerialNo = new BigInteger(mNextMinSerial, mRadix);
 
-        if(mNextMaxSerial != null)
-            mNextMaxSerialNo = new BigInteger(mNextMaxSerial,mRadix); 
+        if (mNextMaxSerial != null)
+            mNextMaxSerialNo = new BigInteger(mNextMaxSerial, mRadix);
 
-        if(lowWaterMark  != null) 
-            mLowWaterMarkNo = new BigInteger(lowWaterMark,mRadix);
+        if (lowWaterMark != null)
+            mLowWaterMarkNo = new BigInteger(lowWaterMark, mRadix);
 
-        if(increment != null) 
-            mIncrementNo = new BigInteger(increment,mRadix);
+        if (increment != null)
+            mIncrementNo = new BigInteger(increment, mRadix);
 
         BigInteger theSerialNo = null;
-        theSerialNo = getLastSerialNumberInRange(mMinSerialNo,mMaxSerialNo);
+        theSerialNo = getLastSerialNumberInRange(mMinSerialNo, mMaxSerialNo);
 
-        if(theSerialNo != null)  {
+        if (theSerialNo != null) {
 
             mLastSerialNo = new BigInteger(theSerialNo.toString());
             CMS.debug("Repository:  mLastSerialNo: " + mLastSerialNo.toString());
 
-        }
-        else  {
+        } else {
 
             throw new EBaseException("Error in obtaining the last serial number in the repository!");
 
         }
 
     }
-   
+
     /**
      * get the next serial number in cache
      */
     public BigInteger getTheSerialNumber() throws EBaseException {
-        
-        CMS.debug("Repository:In getTheSerialNumber " );
-        if (mLastSerialNo == null) 
+
+        CMS.debug("Repository:In getTheSerialNumber ");
+        if (mLastSerialNo == null)
             initCache();
         BigInteger serial = new BigInteger((mLastSerialNo.add(BI_ONE)).toString());
 
@@ -346,7 +342,7 @@ public abstract class Repository implements IRepository {
     /**
      * Updates the serial number to the specified in db and cache.
      * <P>
-     *
+     * 
      * @param num serial number
      */
     public void setTheSerialNumber(BigInteger num) throws EBaseException {
@@ -373,43 +369,42 @@ public abstract class Repository implements IRepository {
      * Retrieves the next serial number, and also increase the
      * serial number by one.
      * <P>
-     *
+     * 
      * @return serial number
      */
     public synchronized BigInteger getNextSerialNumber() throws
             EBaseException {
 
         CMS.debug("Repository: in getNextSerialNumber. ");
- 
+
         if (mLastSerialNo == null) {
             initCache();
 
             mLastSerialNo = mLastSerialNo.add(BI_ONE);
-            
-          
+
         } else {
             mLastSerialNo = mLastSerialNo.add(BI_ONE);
         }
 
-        if( mLastSerialNo == null ) {
-            CMS.debug( "Repository::getNextSerialNumber() " +
-                       "- mLastSerialNo is null!" );
-            throw new EBaseException( "mLastSerialNo is null" );
+        if (mLastSerialNo == null) {
+            CMS.debug("Repository::getNextSerialNumber() " +
+                       "- mLastSerialNo is null!");
+            throw new EBaseException("mLastSerialNo is null");
         }
 
         // check if we have reached the end of the range
         // if so, move to next range
-        if (mLastSerialNo.compareTo( mMaxSerialNo ) > 0 ) {
+        if (mLastSerialNo.compareTo(mMaxSerialNo) > 0) {
             if (mDB.getEnableSerialMgmt()) {
                 CMS.debug("Reached the end of the range.  Attempting to move to next range");
                 mMinSerialNo = mNextMinSerialNo;
                 mMaxSerialNo = mNextMaxSerialNo;
                 mLastSerialNo = mMinSerialNo;
-                mNextMinSerialNo  = null;
-                mNextMaxSerialNo  = null;
+                mNextMinSerialNo = null;
+                mNextMaxSerialNo = null;
                 if ((mMaxSerialNo == null) || (mMinSerialNo == null)) {
                     throw new EDBException(CMS.getUserMessage("CMS_DBS_LIMIT_REACHED",
-                        mLastSerialNo.toString()));
+                            mLastSerialNo.toString()));
                 }
 
                 // persist the changes
@@ -426,17 +421,16 @@ public abstract class Repository implements IRepository {
         BigInteger retSerial = new BigInteger(mLastSerialNo.toString());
 
         CMS.debug("Repository: getNextSerialNumber: returning retSerial " + retSerial);
-        return retSerial; 
+        return retSerial;
     }
 
     /**
-     * Checks to see if a new range is needed, or if we have reached the end of the 
+     * Checks to see if a new range is needed, or if we have reached the end of the
      * current range, or if a range conflict has occurred.
-     *      
+     * 
      * @exception EBaseException failed to check next range for conflicts
      */
-    public void checkRanges() throws EBaseException 
-    {
+    public void checkRanges() throws EBaseException {
         if (!mDB.getEnableSerialMgmt()) {
             CMS.debug("Serial Management not enabled. Returning .. ");
             return;
@@ -464,7 +458,7 @@ public abstract class Repository implements IRepository {
             CMS.debug("Serial Numbers available: " + numsAvail.toString());
         }
 
-        if ((numsAvail.compareTo(mLowWaterMarkNo) < 0) && (!CMS.isPreOpMode()) ) {
+        if ((numsAvail.compareTo(mLowWaterMarkNo) < 0) && (!CMS.isPreOpMode())) {
             CMS.debug("Low water mark reached. Requesting next range");
             mNextMinSerialNo = new BigInteger(mDB.getNextRange(mRepo), mRadix);
             if (mNextMinSerialNo == null) {
@@ -478,31 +472,30 @@ public abstract class Repository implements IRepository {
             }
         }
 
-        if (numsInRange.compareTo (mLowWaterMarkNo) < 0 )  {
+        if (numsInRange.compareTo(mLowWaterMarkNo) < 0) {
             // check for a replication error
             CMS.debug("Checking for a range conflict");
             if (mDB.hasRangeConflict(mRepo)) {
-                 CMS.debug("Range Conflict found! Removing next range.");
-                 mNextMaxSerialNo = null;
-                 mNextMinSerialNo= null;
-                 mDB.setNextMinSerialConfig(mRepo, null);
-                 mDB.setNextMaxSerialConfig(mRepo, null);
+                CMS.debug("Range Conflict found! Removing next range.");
+                mNextMaxSerialNo = null;
+                mNextMinSerialNo = null;
+                mDB.setNextMinSerialConfig(mRepo, null);
+                mDB.setNextMaxSerialConfig(mRepo, null);
             }
-        }   
+        }
     }
 
     /**
      * Sets whether serial number management is enabled for certs
-     * and requests. 
-     *
-     * @param value   true/false 
-     * @exception EBaseException failed to set 
+     * and requests.
+     * 
+     * @param value true/false
+     * @exception EBaseException failed to set
      */
-    public void setEnableSerialMgmt(boolean value) throws EBaseException
-    {
+    public void setEnableSerialMgmt(boolean value) throws EBaseException {
         mDB.setEnableSerialMgmt(value);
-    } 
+    }
 
-    public abstract BigInteger getLastSerialNumberInRange(BigInteger  serial_low_bound, BigInteger serial_upper_bound) throws
-       EBaseException;
+    public abstract BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound) throws
+            EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/RepositoryRecord.java b/pki/base/common/src/com/netscape/cmscore/dbs/RepositoryRecord.java
index 97cedac8..0a79b4b9 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/RepositoryRecord.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/RepositoryRecord.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -26,11 +25,10 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.repository.IRepositoryRecord;
 
-
 /**
  * A class represents a repository record.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/RepositorySchema.java b/pki/base/common/src/com/netscape/cmscore/dbs/RepositorySchema.java
index 67cc5c1c..4a0cf415 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/RepositorySchema.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/RepositorySchema.java
@@ -17,14 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
-
-
 /**
  * A class represents a collection of repository-specific
  * schema information.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/RevocationInfo.java b/pki/base/common/src/com/netscape/cmscore/dbs/RevocationInfo.java
index 001089fb..00ca0034 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/RevocationInfo.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/RevocationInfo.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.io.Serializable;
 import java.util.Date;
 
@@ -26,13 +25,12 @@ import netscape.security.x509.CRLReasonExtension;
 
 import com.netscape.certsrv.dbs.certdb.IRevocationInfo;
 
-
 /**
  * A class represents a certificate revocation info. This
- * object is written as an attribute of certificate record 
+ * object is written as an attribute of certificate record
  * which essentially signifies a revocation act.
  * <P>
- *
+ * 
  * @author galperin
  * @version $Revision$, $Date$
  */
@@ -52,11 +50,11 @@ public class RevocationInfo implements IRevocationInfo, Serializable {
     }
 
     /**
-     * Constructs revocation info used by revocation 
+     * Constructs revocation info used by revocation
      * request implementation.
-     *
-     * @param reason if not null contains CRL entry extension 
-     *   that specifies revocation reason
+     * 
+     * @param reason if not null contains CRL entry extension
+     *            that specifies revocation reason
      * @see CRLReasonExtension
      */
     public RevocationInfo(Date revocationDate, CRLExtensions exts) {
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/RevocationInfoMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/RevocationInfoMapper.java
index c0949f66..23f3e46c 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/RevocationInfoMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/RevocationInfoMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Date;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -37,13 +36,12 @@ import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * A class represents a mapper to serialize 
+ * A class represents a mapper to serialize
  * revocation information into database.
  * <P>
- *
- * @author  thomask
+ * 
+ * @author thomask
  * @version $Revision$, $Date$
  */
 public class RevocationInfoMapper implements IDBAttrMapper {
@@ -63,9 +61,9 @@ public class RevocationInfoMapper implements IDBAttrMapper {
         return mNames.elements();
     }
 
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name, 
-        Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name,
+            Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         try {
             // in format of <date>;<extensions>
             String value = "";
@@ -82,22 +80,22 @@ public class RevocationInfoMapper implements IDBAttrMapper {
                 Extension ext = e.nextElement();
 
                 if (ext instanceof CRLReasonExtension) {
-                    RevocationReason reason = 
-                        ((CRLReasonExtension) ext).getReason();
+                    RevocationReason reason =
+                            ((CRLReasonExtension) ext).getReason();
 
-                    value = value + ";CRLReasonExtension=" + 	
+                    value = value + ";CRLReasonExtension=" +
                             Integer.toString(reason.toInt());
                 } else if (ext instanceof InvalidityDateExtension) {
-                    Date invalidityDate = 
-                        ((InvalidityDateExtension) ext).getInvalidityDate();
+                    Date invalidityDate =
+                            ((InvalidityDateExtension) ext).getInvalidityDate();
 
-                    value = value + ";InvalidityDateExtension=" + 	
+                    value = value + ";InvalidityDateExtension=" +
                             DateMapper.dateToDB(invalidityDate);
                 } else {
                     Debug.trace("XXX skipped extension");
                 }
             }
-            attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_REVO_INFO, 
+            attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_REVO_INFO,
                     value));
         } catch (Exception e) {
             Debug.trace(e.toString());
@@ -106,8 +104,8 @@ public class RevocationInfoMapper implements IDBAttrMapper {
         }
     }
 
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         try {
             LDAPAttribute attr = attrs.getAttribute(
                     CertDBSchema.LDAP_ATTR_REVO_INFO);
@@ -148,15 +146,14 @@ public class RevocationInfoMapper implements IDBAttrMapper {
                         String invalidityDateStr = str.substring(24);
                         Date invalidityDate = DateMapper.dateFromDB(invalidityDateStr);
                         InvalidityDateExtension ext =
-                            new InvalidityDateExtension(invalidityDate);
+                                new InvalidityDateExtension(invalidityDate);
 
                         exts.set(InvalidityDateExtension.class.getSimpleName(), ext);
                     } else {
                         Debug.trace("XXX skipped extension");
                     }
-                }
-                while (i != -1);
-            }	
+                } while (i != -1);
+            }
             RevocationInfo info = new RevocationInfo(d, exts);
 
             parent.set(name, info);
@@ -168,7 +165,7 @@ public class RevocationInfoMapper implements IDBAttrMapper {
     }
 
     public String mapSearchFilter(String name, String op, String value)
-        throws EBaseException {
+            throws EBaseException {
         return CertDBSchema.LDAP_ATTR_REVO_INFO + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/StringMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/StringMapper.java
index 39fdac87..5edc7266 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/StringMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/StringMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.NoSuchElementException;
 import java.util.Vector;
@@ -29,14 +28,13 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
  * A class represents ann attribute mapper that maps
  * a Java String object into LDAP attribute,
  * and vice versa.
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class StringMapper implements IDBAttrMapper {
 
@@ -61,9 +59,9 @@ public class StringMapper implements IDBAttrMapper {
     /**
      * Maps attribute value to ldap attributes.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         attrs.add(new LDAPAttribute(mLdapName, (String) obj));
     }
 
@@ -71,9 +69,9 @@ public class StringMapper implements IDBAttrMapper {
      * Maps LDAP attributes into object, and put the object
      * into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) 	
-        throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent)
+            throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null) {
@@ -81,7 +79,7 @@ public class StringMapper implements IDBAttrMapper {
         }
         try {
             parent.set(name, (String)
-                attr.getStringValues().nextElement());
+                    attr.getStringValues().nextElement());
         } catch (NoSuchElementException e) {
             // attribute present, but without value
         }
@@ -90,8 +88,8 @@ public class StringMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/StringVectorMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/StringVectorMapper.java
index d14470a2..8fe1b74f 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/StringVectorMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/StringVectorMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -28,14 +27,13 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
  * A class represents ann attribute mapper that maps
  * a Java String object into LDAP attribute,
  * and vice versa.
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class StringVectorMapper implements IDBAttrMapper {
 
@@ -60,9 +58,9 @@ public class StringVectorMapper implements IDBAttrMapper {
     /**
      * Maps attribute value to ldap attributes.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         Vector v = (Vector) obj;
         int s = v.size();
 
@@ -81,8 +79,8 @@ public class StringVectorMapper implements IDBAttrMapper {
      * Maps LDAP attributes into object, and put the object
      * into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null)
@@ -104,8 +102,8 @@ public class StringVectorMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/X500NameMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/X500NameMapper.java
index 963c2fdc..9d4da6e0 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/X500NameMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/X500NameMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -32,15 +31,14 @@ import com.netscape.certsrv.dbs.EDBException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.logging.ILogger;
- 
 
 /**
  * A class represents ann attribute mapper that maps
  * a Java X500Name object into LDAP attribute,
  * and vice versa.
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class X500NameMapper implements IDBAttrMapper {
 
@@ -67,10 +65,10 @@ public class X500NameMapper implements IDBAttrMapper {
     /**
      * Maps attribute value to ldap attributes.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
-        attrs.add(new LDAPAttribute(mLdapName, 
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
+        attrs.add(new LDAPAttribute(mLdapName,
                 ((X500Name) obj).toString()));
     }
 
@@ -78,8 +76,8 @@ public class X500NameMapper implements IDBAttrMapper {
      * Maps LDAP attributes into object, and put the object
      * into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null) {
@@ -95,9 +93,9 @@ public class X500NameMapper implements IDBAttrMapper {
              * @phase Maps LDAP attributes into object
              * @message X500NameMapper: <exception thrown>
              */
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_DBS_X500NAME_MAPPER_ERROR",
-                    e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_DBS_X500NAME_MAPPER_ERROR",
+                            e.toString()));
             throw new EDBException(
                     CMS.getUserMessage("CMS_DBS_DESERIALIZE_FAILED", name));
         }
@@ -106,8 +104,8 @@ public class X500NameMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/X509CertImplMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/X509CertImplMapper.java
index 9acf05f2..4598f286 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/X509CertImplMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/X509CertImplMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.util.Date;
@@ -43,12 +42,11 @@ import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.dbs.certdb.ICertRecord;
 
-
 /**
- * A class represents a mapper to serialize 
+ * A class represents a mapper to serialize
  * x509 certificate into database.
- *
- * @author  thomask
+ * 
+ * @author thomask
  * @version $Revision$, $Date$
  */
 public class X509CertImplMapper implements IDBAttrMapper {
@@ -72,23 +70,23 @@ public class X509CertImplMapper implements IDBAttrMapper {
         return v.elements();
     }
 
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name, 
-        Object obj, LDAPAttributeSet attrs) throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name,
+            Object obj, LDAPAttributeSet attrs) throws EBaseException {
         try {
             X509CertImpl cert = (X509CertImpl) obj;
             // make information searchable
             Date notBefore = cert.getNotBefore();
 
             attrs.add(new LDAPAttribute(
-                    CertDBSchema.LDAP_ATTR_NOT_BEFORE, 
+                    CertDBSchema.LDAP_ATTR_NOT_BEFORE,
                     DateMapper.dateToDB(notBefore)));
             Date notAfter = cert.getNotAfter();
 
-            attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_NOT_AFTER, 
+            attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_NOT_AFTER,
                     DateMapper.dateToDB(notAfter)));
-            attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_DURATION, 
+            attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_DURATION,
                     DBSUtil.longToDB(notAfter.getTime() - notBefore.getTime())));
-            attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_SUBJECT, 
+            attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_SUBJECT,
                     cert.getSubjectDN().getName()));
             attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_PUBLIC_KEY_DATA, cert.getPublicKey().getEncoded()));
             // make extension searchable
@@ -119,7 +117,7 @@ public class X509CertImplMapper implements IDBAttrMapper {
 
             if (critSet != null) {
                 for (Iterator<String> i = critSet.iterator(); i.hasNext();) {
-                    String oid =  i.next();
+                    String oid = i.next();
 
                     if (oid.equals("2.16.840.1.113730.1.1")) {
                         String extVal = getCertTypeExtensionInfo(cert);
@@ -145,19 +143,19 @@ public class X509CertImplMapper implements IDBAttrMapper {
             // not know how to display the certificate in
             // pretty print format.
             attrs.add(new LDAPAttribute(
-                    CertDBSchema.LDAP_ATTR_SIGNED_CERT + ";binary", 
+                    CertDBSchema.LDAP_ATTR_SIGNED_CERT + ";binary",
                     cert.getEncoded()));
 
             attrs.add(new LDAPAttribute(
-                    CertDBSchema.LDAP_ATTR_VERSION, 
+                    CertDBSchema.LDAP_ATTR_VERSION,
                     Integer.toString(cert.getVersion())));
             X509Key pubKey = (X509Key) cert.getPublicKey();
 
             attrs.add(new LDAPAttribute(
-                    CertDBSchema.LDAP_ATTR_ALGORITHM, 
+                    CertDBSchema.LDAP_ATTR_ALGORITHM,
                     pubKey.getAlgorithmId().getOID().toString()));
             attrs.add(new LDAPAttribute(
-                    CertDBSchema.LDAP_ATTR_SIGNING_ALGORITHM, 
+                    CertDBSchema.LDAP_ATTR_SIGNING_ALGORITHM,
                     cert.getSigAlgOID()));
         } catch (CertificateEncodingException e) {
             throw new EDBException(
@@ -203,7 +201,7 @@ public class X509CertImplMapper implements IDBAttrMapper {
             Boolean objectSigning = (Boolean) nsExt.get(
                     NSCertTypeExtension.OBJECT_SIGNING);
 
-            result += "objectSigning=" + 
+            result += "objectSigning=" +
                     objectSigning.toString();
             return result;
         } catch (Exception e) {
@@ -240,8 +238,8 @@ public class X509CertImplMapper implements IDBAttrMapper {
         }
     }
 
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         try {
             // rebuild object quickly using binary image
             // XXX bad! when we add this attribute,
@@ -263,7 +261,7 @@ public class X509CertImplMapper implements IDBAttrMapper {
             }
             if (attr != null) {
                 byte der[] = (byte[])
-                    attr.getByteValues().nextElement();
+                        attr.getByteValues().nextElement();
                 X509CertImpl impl = new X509CertImpl(der);
 
                 parent.set(name, impl);
@@ -276,26 +274,26 @@ public class X509CertImplMapper implements IDBAttrMapper {
             //throw new EDBException(
             //	DBResources.FAILED_TO_DESERIALIZE_1, name);
             parent.set(name, null);
-			
+
         }
     }
 
     public String mapSearchFilter(String name, String op, String value)
-        throws EBaseException {
+            throws EBaseException {
         AttributeNameHelper h = new AttributeNameHelper(name);
         String suffix = h.getSuffix();
 
         if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_NOT_BEFORE)) {
             name = CertDBSchema.LDAP_ATTR_NOT_BEFORE;
             try {
-                value = DateMapper.dateToDB(new 
+                value = DateMapper.dateToDB(new
                             Date(Long.parseLong(value)));
             } catch (NumberFormatException e) {
             }
         } else if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_NOT_AFTER)) {
             name = CertDBSchema.LDAP_ATTR_NOT_AFTER;
             try {
-                value = DateMapper.dateToDB(new 
+                value = DateMapper.dateToDB(new
                             Date(Long.parseLong(value)));
             } catch (NumberFormatException e) {
             }
@@ -313,15 +311,15 @@ public class X509CertImplMapper implements IDBAttrMapper {
         } else if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_SIGNING_ALGORITHM)) {
             name = CertDBSchema.LDAP_ATTR_SIGNING_ALGORITHM;
         } else if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_SERIAL_NUMBER)) {
-            name = CertDBSchema.LDAP_ATTR_CERT_RECORD_ID; 
+            name = CertDBSchema.LDAP_ATTR_CERT_RECORD_ID;
         } else if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_EXTENSION)) {
-            name = CertDBSchema.LDAP_ATTR_EXTENSION; 
+            name = CertDBSchema.LDAP_ATTR_EXTENSION;
         } else if (suffix.equalsIgnoreCase(ICertRecord.ATTR_REVO_INFO)) {
-            name = CertDBSchema.LDAP_ATTR_REVO_INFO; 
+            name = CertDBSchema.LDAP_ATTR_REVO_INFO;
             value = "*;CRLReasonExtension=" + value + "*";
         } else if (suffix.equalsIgnoreCase("nsExtension.SSLClient")) {
             // special case for NS cert type extension
-            name = CertDBSchema.LDAP_ATTR_EXTENSION; 
+            name = CertDBSchema.LDAP_ATTR_EXTENSION;
             if (value.equals("on")) {
                 value = "2.16.840.1.113730.1.1;*SSLClient=true*";
             } else {
@@ -329,7 +327,7 @@ public class X509CertImplMapper implements IDBAttrMapper {
             }
         } else if (suffix.equalsIgnoreCase("nsExtension.SSLServer")) {
             // special case for NS cert type extension
-            name = CertDBSchema.LDAP_ATTR_EXTENSION; 
+            name = CertDBSchema.LDAP_ATTR_EXTENSION;
             if (value.equals("on")) {
                 value = "2.16.840.1.113730.1.1;*SSLServer=true*";
             } else {
@@ -337,7 +335,7 @@ public class X509CertImplMapper implements IDBAttrMapper {
             }
         } else if (suffix.equalsIgnoreCase("nsExtension.SecureEmail")) {
             // special case for NS cert type extension
-            name = CertDBSchema.LDAP_ATTR_EXTENSION; 
+            name = CertDBSchema.LDAP_ATTR_EXTENSION;
             if (value.equals("on")) {
                 value = "2.16.840.1.113730.1.1;*Email=true*";
             } else {
@@ -345,7 +343,7 @@ public class X509CertImplMapper implements IDBAttrMapper {
             }
         } else if (suffix.equalsIgnoreCase("nsExtension.SubordinateSSLCA")) {
             // special case for NS cert type extension
-            name = CertDBSchema.LDAP_ATTR_EXTENSION; 
+            name = CertDBSchema.LDAP_ATTR_EXTENSION;
             if (value.equals("on")) {
                 value = "2.16.840.1.113730.1.1;*SSLCA=true*";
             } else {
@@ -353,7 +351,7 @@ public class X509CertImplMapper implements IDBAttrMapper {
             }
         } else if (suffix.equalsIgnoreCase("nsExtension.SubordinateEmailCA")) {
             // special case for NS cert type extension
-            name = CertDBSchema.LDAP_ATTR_EXTENSION; 
+            name = CertDBSchema.LDAP_ATTR_EXTENSION;
             if (value.equals("on")) {
                 value = "2.16.840.1.113730.1.1;*EmailCA=true*";
             } else {
@@ -361,7 +359,7 @@ public class X509CertImplMapper implements IDBAttrMapper {
             }
         } else if (suffix.equalsIgnoreCase("BasicConstraints.isCA")) {
             // special case for Basic Constraints extension
-            name = CertDBSchema.LDAP_ATTR_EXTENSION; 
+            name = CertDBSchema.LDAP_ATTR_EXTENSION;
             if (value.equals("on")) {
                 value = "2.5.29.19;*isCA=true*";
             } else {
diff --git a/pki/base/common/src/com/netscape/cmscore/extensions/CMSExtensionsMap.java b/pki/base/common/src/com/netscape/cmscore/extensions/CMSExtensionsMap.java
index b0fe0432..21377288 100644
--- a/pki/base/common/src/com/netscape/cmscore/extensions/CMSExtensionsMap.java
+++ b/pki/base/common/src/com/netscape/cmscore/extensions/CMSExtensionsMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.extensions;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 
@@ -30,9 +29,8 @@ import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.extensions.EExtensionsException;
 import com.netscape.certsrv.extensions.ICMSExtension;
 
-
-/** 
- * Loads extension classes from configuration file and return 
+/**
+ * Loads extension classes from configuration file and return
  * for a given extension name or OID.
  */
 public class CMSExtensionsMap implements ISubsystem {
@@ -56,10 +54,11 @@ public class CMSExtensionsMap implements ISubsystem {
 
     /**
      * Create extensions from configuration store.
+     * 
      * @param config the configuration store.
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         mOwner = owner;
         mConfig = config;
 
@@ -82,11 +81,11 @@ public class CMSExtensionsMap implements ISubsystem {
             } catch (IllegalAccessException e) {
                 throw new EExtensionsException(
                         CMS.getUserMessage("CMS_EXTENSION_INSTANTIATE_ERROR",
-                        className, e.toString()));
+                                className, e.toString()));
             } catch (InstantiationException e) {
                 throw new EExtensionsException(
                         CMS.getUserMessage("CMS_EXTENSION_INSTANTIATE_ERROR",
-                        className, e.toString()));
+                                className, e.toString()));
             } catch (ClassCastException e) {
                 throw new EExtensionsException(
                         CMS.getUserMessage("CMS_EXTENSION_INVALID_IMPL", className));
@@ -101,7 +100,7 @@ public class CMSExtensionsMap implements ISubsystem {
         if (name == null || oid == null) {
             throw new EExtensionsException(
                     CMS.getUserMessage("CMS_EXTENSION_INCORRECT_IMPL",
-                    ext.getClass().getName()));
+                            ext.getClass().getName()));
         }
         mName2Ext.put(name, ext);
         mOID2Ext.put(oid.toString(), ext);
@@ -120,29 +119,30 @@ public class CMSExtensionsMap implements ISubsystem {
     }
 
     /**
-     * Get configuration store. 
+     * Get configuration store.
      */
     public IConfigStore getConfigStore() {
         return mConfig;
     }
 
     /**
-     * Returns subsystem ID 
+     * Returns subsystem ID
      */
     public String getId() {
         return ID;
     }
 
     /**
-     * sets subsystem ID 
+     * sets subsystem ID
      */
     public void setId(String Id) {
     }
 
     /**
      * Get the extension class by name.
+     * 
      * @param name name of the extension
-     * @return the extension class. 
+     * @return the extension class.
      */
     public ICMSExtension getByName(String name) {
         return (ICMSExtension) mName2Ext.get(name);
@@ -150,6 +150,7 @@ public class CMSExtensionsMap implements ISubsystem {
 
     /**
      * Get the extension class by its OID.
+     * 
      * @param oid - the OID of the extension.
      * @return the extension class.
      */
diff --git a/pki/base/common/src/com/netscape/cmscore/extensions/KeyUsage.java b/pki/base/common/src/com/netscape/cmscore/extensions/KeyUsage.java
index 9b8e16cf..bba95949 100644
--- a/pki/base/common/src/com/netscape/cmscore/extensions/KeyUsage.java
+++ b/pki/base/common/src/com/netscape/cmscore/extensions/KeyUsage.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.extensions;
 
-
 import java.io.IOException;
 
 import netscape.security.util.DerOutputStream;
@@ -36,7 +35,6 @@ import com.netscape.certsrv.extensions.ICMSExtension;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmscore.util.Debug;
 
-
 public class KeyUsage implements ICMSExtension {
     private final static String NAME = "KeyUsageExtension";
     private final static ObjectIdentifier OID = PKIXExtensions.KeyUsage_Id;
@@ -49,24 +47,24 @@ public class KeyUsage implements ICMSExtension {
     public KeyUsage(boolean setDefault) {
         mSetDefault = setDefault;
         mLogger = CMS.getLogger();
-    } 
+    }
 
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         // nothing to do here.
         mConfig = config;
     }
 
-    public String getName() { 
-        return NAME; 
+    public String getName() {
+        return NAME;
     }
 
-    public ObjectIdentifier getOID() { 
-        return OID; 
+    public ObjectIdentifier getOID() {
+        return OID;
     }
 
-    protected static final boolean[] DEF_BITS = 
-        new boolean[KeyUsageExtension.NBITS];
+    protected static final boolean[] DEF_BITS =
+            new boolean[KeyUsageExtension.NBITS];
 
     static {
         // set default bits used when request missing key usage info.
@@ -84,10 +82,10 @@ public class KeyUsage implements ICMSExtension {
     private static boolean getBoolean(Object value) {
         String val = (String) value;
 
-        if (val != null && 
-            (val.equalsIgnoreCase("true") || val.equalsIgnoreCase("on")))
+        if (val != null &&
+                (val.equalsIgnoreCase("true") || val.equalsIgnoreCase("on")))
             return true;
-        else 
+        else
             return false;
     }
 
@@ -120,13 +118,13 @@ public class KeyUsage implements ICMSExtension {
         int i;
 
         for (i = 0; i < KeyUsageExtension.NBITS; i++) {
-            if (values[i] != null && (values[i] instanceof String)) 
+            if (values[i] != null && (values[i] instanceof String))
                 break;
         }
         if (i == KeyUsageExtension.NBITS && mSetDefault) {
             // no key usage extension parameters are requested. set default.
             CMS.debug(
-                "No Key usage bits requested. Setting default.");
+                    "No Key usage bits requested. Setting default.");
             bits = DEF_BITS;
         } else {
             bit = KeyUsageExtension.DIGITAL_SIGNATURE_BIT;
@@ -171,15 +169,15 @@ public class KeyUsage implements ICMSExtension {
             int j = 0;
 
             for (j = 0; j < bits.length; j++) {
-                if (bits[j]) 
+                if (bits[j])
                     break;
             }
             if (j == bits.length) {
-                if (!mSetDefault) 
+                if (!mSetDefault)
                     return null;
-                else 
+                else
                     bits = DEF_BITS;
-            } 
+            }
             return new KeyUsageExtension(bits);
         } catch (IOException e) {
             throw new EExtensionsException(
@@ -188,7 +186,7 @@ public class KeyUsage implements ICMSExtension {
     }
 
     public IArgBlock getFormParams(Extension extension)
-        throws EBaseException {
+            throws EBaseException {
         KeyUsageExtension ext = null;
 
         if (!extension.getExtensionId().equals(PKIXExtensions.KeyUsage_Id)) {
@@ -210,26 +208,25 @@ public class KeyUsage implements ICMSExtension {
         IArgBlock params = CMS.createArgBlock();
         boolean[] bits = ext.getBits();
 
-        params.set(KeyUsageExtension.DIGITAL_SIGNATURE, 
-            String.valueOf(bits[KeyUsageExtension.DIGITAL_SIGNATURE_BIT]));
+        params.set(KeyUsageExtension.DIGITAL_SIGNATURE,
+                String.valueOf(bits[KeyUsageExtension.DIGITAL_SIGNATURE_BIT]));
         params.set(KeyUsageExtension.NON_REPUDIATION,
-            String.valueOf(bits[KeyUsageExtension.NON_REPUDIATION_BIT]));
+                String.valueOf(bits[KeyUsageExtension.NON_REPUDIATION_BIT]));
         params.set(KeyUsageExtension.KEY_ENCIPHERMENT,
-            String.valueOf(bits[KeyUsageExtension.KEY_ENCIPHERMENT_BIT]));
+                String.valueOf(bits[KeyUsageExtension.KEY_ENCIPHERMENT_BIT]));
         params.set(KeyUsageExtension.DATA_ENCIPHERMENT,
-            String.valueOf(bits[KeyUsageExtension.DATA_ENCIPHERMENT_BIT]));
+                String.valueOf(bits[KeyUsageExtension.DATA_ENCIPHERMENT_BIT]));
         params.set(KeyUsageExtension.KEY_AGREEMENT,
-            String.valueOf(bits[KeyUsageExtension.KEY_AGREEMENT_BIT]));
+                String.valueOf(bits[KeyUsageExtension.KEY_AGREEMENT_BIT]));
         params.set(KeyUsageExtension.KEY_CERTSIGN,
-            String.valueOf(bits[KeyUsageExtension.KEY_CERTSIGN_BIT]));
+                String.valueOf(bits[KeyUsageExtension.KEY_CERTSIGN_BIT]));
         params.set(KeyUsageExtension.CRL_SIGN,
-            String.valueOf(bits[KeyUsageExtension.CRL_SIGN_BIT]));
-        params.set(KeyUsageExtension.ENCIPHER_ONLY, 
-            String.valueOf(bits[KeyUsageExtension.ENCIPHER_ONLY_BIT]));
+                String.valueOf(bits[KeyUsageExtension.CRL_SIGN_BIT]));
+        params.set(KeyUsageExtension.ENCIPHER_ONLY,
+                String.valueOf(bits[KeyUsageExtension.ENCIPHER_ONLY_BIT]));
         params.set(KeyUsageExtension.DECIPHER_ONLY,
-            String.valueOf(bits[KeyUsageExtension.DECIPHER_ONLY_BIT]));
+                String.valueOf(bits[KeyUsageExtension.DECIPHER_ONLY_BIT]));
         return params;
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/jobs/CronItem.java b/pki/base/common/src/com/netscape/cmscore/jobs/CronItem.java
index 4b248954..6dd38f2b 100644
--- a/pki/base/common/src/com/netscape/cmscore/jobs/CronItem.java
+++ b/pki/base/common/src/com/netscape/cmscore/jobs/CronItem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.jobs;
 
-
 import java.util.StringTokenizer;
 import java.util.Vector;
 
@@ -25,15 +24,13 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * class representing one Job cron item
- * <p>here, an "item" refers to one of the 5 fields in a cron string;
- * "element" refers to any comma-deliminated element in an
- * "item"...which includes both numbers and '-' separated ranges.
+ * <p>
+ * here, an "item" refers to one of the 5 fields in a cron string; "element" refers to any comma-deliminated element in an "item"...which includes both numbers and '-' separated ranges.
  * <p>
  * for each of the 5 cron fields, it's represented as a CronItem
- *
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -49,20 +46,21 @@ public class CronItem {
     // store all elements in a field.
     // elements can either be numbers or ranges (CronRange)
     protected Vector<CronRange> mElements = new Vector<CronRange>();
-	
+
     public CronItem(int min, int max) {
         mMin = min;
         mMax = max;
     }
-	
+
     /**
      * parses and sets a string cron item
+     * 
      * @param sItem the string representing an item of a cron string.
-     * item can be potentially comma separated with ranges specified
-     * with '-'s
+     *            item can be potentially comma separated with ranges specified
+     *            with '-'s
      */
     public void set(String sItem) throws EBaseException {
-		
+
         if (sItem.equals(ALL)) {
             //			System.out.println("CronItem set(): item is ALL");
             CronRange cr = new CronRange();
@@ -90,7 +88,7 @@ public class CronItem {
                     } catch (NumberFormatException e) {
                         // throw ...
                         log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSCORE_JOBS_INVALID_TOKEN", tok, e.toString()));
+                                CMS.getLogMessage("CMSCORE_JOBS_INVALID_TOKEN", tok, e.toString()));
                         throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_JOB_CRON"));
                     }
                     String sEnd = tok.substring(r + 1, tok.length());
@@ -100,7 +98,7 @@ public class CronItem {
                     } catch (NumberFormatException e) {
                         // throw ...
                         log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSCORE_JOBS_INVALID_TOKEN", tok, e.toString()));
+                                CMS.getLogMessage("CMSCORE_JOBS_INVALID_TOKEN", tok, e.toString()));
                         throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_JOB_CRON"));
                     }
                     // got both begin and end for range
@@ -112,8 +110,8 @@ public class CronItem {
                     if (!cr.isValidRange(mMin, mMax)) {
                         // throw...
                         log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSCORE_JOBS_INVALID_RANGE",
-                                tok));
+                                CMS.getLogMessage("CMSCORE_JOBS_INVALID_RANGE",
+                                        tok));
                         throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_JOB_CRON"));
                     }
                     //					System.out.println("CronItem set(): adding a range");
@@ -130,7 +128,7 @@ public class CronItem {
                         if (!cr.isValidRange(mMin, mMax)) {
                             // throw...
                             log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSCORE_JOBS_INVALID_MIN_MAX_RANGE", Integer.toString(mMin), Integer.toString(mMax)));
+                                    CMS.getLogMessage("CMSCORE_JOBS_INVALID_MIN_MAX_RANGE", Integer.toString(mMin), Integer.toString(mMax)));
                             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_JOB_CRON"));
                         }
                         //						System.out.println("CronItem set(): adding a number");
@@ -138,7 +136,7 @@ public class CronItem {
                     } catch (NumberFormatException e) {
                         // throw...
                         log(ILogger.LL_FAILURE,
-                            "invalid item in cron: " + tok);
+                                "invalid item in cron: " + tok);
                         throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_JOB_CRON"));
                     }
                 }
@@ -148,7 +146,8 @@ public class CronItem {
 
     /**
      * get the vector stuffed with elements where each element is
-     *	 represented as CronRange
+     * represented as CronRange
+     * 
      * @return a vector of CronRanges
      */
     public Vector<CronRange> getElements() {
@@ -162,7 +161,6 @@ public class CronItem {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-            level, "jobs/CronItem: " + msg);
+                level, "jobs/CronItem: " + msg);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/jobs/CronRange.java b/pki/base/common/src/com/netscape/cmscore/jobs/CronRange.java
index 59293ee1..99696b82 100644
--- a/pki/base/common/src/com/netscape/cmscore/jobs/CronRange.java
+++ b/pki/base/common/src/com/netscape/cmscore/jobs/CronRange.java
@@ -17,27 +17,21 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.jobs;
 
-
-
-
 /**
  * class representing one Job cron element
- * <p>here, an "item" refers to one of the 5 fields in a cron string;
- * "element" refers to any comma-deliminated element in an
- * "item"...which includes both numbers and '-' separated ranges.
  * <p>
- * an Element can contain either an integer number or a range
- *	 specified as CronRange.  In case of integer numbers, begin
- *	 and end are of the same value
- *
+ * here, an "item" refers to one of the 5 fields in a cron string; "element" refers to any comma-deliminated element in an "item"...which includes both numbers and '-' separated ranges.
+ * <p>
+ * an Element can contain either an integer number or a range specified as CronRange. In case of integer numbers, begin and end are of the same value
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
 public class CronRange {
     int mBegin = 0;
     int mEnd = 0;
-		
-    public CronRange () {
+
+    public CronRange() {
     }
 
     /**
@@ -46,7 +40,7 @@ public class CronRange {
     public void setBegin(int i) {
         mBegin = i;
     }
-	
+
     /**
      * gets the lower boundary value of the range
      */
@@ -70,16 +64,17 @@ public class CronRange {
 
     /**
      * checks to see if the lower and higher boundary values are
-     *	 within the min/max.
+     * within the min/max.
+     * 
      * @param min the minimum value one can specify in this field
      * @param max the maximum value one can specify in this field
      * @return a boolean (true/false) on whether the begin/end values
-     *	 are within the min/max passed in the params
+     *         are within the min/max passed in the params
      */
     public boolean isValidRange(int min, int max) {
         if ((mEnd < mBegin) ||
-            (mBegin < min) ||
-            (mEnd > max))
+                (mBegin < min) ||
+                (mEnd > max))
             return false;
         else
             return true;
diff --git a/pki/base/common/src/com/netscape/cmscore/jobs/JobCron.java b/pki/base/common/src/com/netscape/cmscore/jobs/JobCron.java
index 8272c448..92f082a2 100644
--- a/pki/base/common/src/com/netscape/cmscore/jobs/JobCron.java
+++ b/pki/base/common/src/com/netscape/cmscore/jobs/JobCron.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.jobs;
 
-
 import java.util.Calendar;
 import java.util.Enumeration;
 import java.util.StringTokenizer;
@@ -28,24 +27,14 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.jobs.IJobCron;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * class representing one Job cron information
- * <p>here, an "item" refers to one of the 5 fields in a cron string;
- * "element" refers to any comma-deliminated element in an
- * "item"...which includes both numbers and '-' separated ranges.
- * A cron string in the configuration takes the following format:
- * <i>minute (0-59),
- * hour (0-23),
- * day of the month (1-31),
- * month of the year (1-12),
- * day of the week (0-6 with 0=Sunday)</i>
  * <p>
- * e.g. jobsScheduler.job.rnJob1.cron=30 11,23 * * 1-5
- * In this example, the job "rnJob1" will be executed from Monday
- * through Friday, at 11:30am and 11:30pm.
+ * here, an "item" refers to one of the 5 fields in a cron string; "element" refers to any comma-deliminated element in an "item"...which includes both numbers and '-' separated ranges. A cron string in the configuration takes the following format: <i>minute (0-59), hour (0-23), day of the month (1-31), month of the year (1-12), day of the week (0-6 with 0=Sunday)</i>
  * <p>
- *
+ * e.g. jobsScheduler.job.rnJob1.cron=30 11,23 * * 1-5 In this example, the job "rnJob1" will be executed from Monday through Friday, at 11:30am and 11:30pm.
+ * <p>
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -53,7 +42,7 @@ public class JobCron implements IJobCron {
 
     /**
      * CRON_MINUTE, CRON_HOUR, CRON_DAY_OF_MONTH, CRON_MONTH_OF_YEAR,
-     *	 and CRON_DAY_OF_WEEK are to be used in <b>getItem()</b> to
+     * and CRON_DAY_OF_WEEK are to be used in <b>getItem()</b> to
      * retrieve the corresponding <b>CronItem</b>
      */
     public static final String CRON_MINUTE = "minute";
@@ -72,7 +61,7 @@ public class JobCron implements IJobCron {
     CronItem cDOW = null;
 
     public JobCron(String cronString)
-        throws EBaseException {
+            throws EBaseException {
         mCronString = cronString;
 
         // create all 5 items in the cron
@@ -84,9 +73,9 @@ public class JobCron implements IJobCron {
 
         cronToVals(mCronString);
     }
-	
-    private void cronToVals(String cronString) 
-        throws EBaseException {
+
+    private void cronToVals(String cronString)
+            throws EBaseException {
         StringTokenizer st = new StringTokenizer(cronString);
 
         String sMinute = null;
@@ -101,8 +90,8 @@ public class JobCron implements IJobCron {
                 cMinute.set(sMinute);
             }
         } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_JOBS_INVALID_MIN", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_JOBS_INVALID_MIN", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_JOB_CRON"));
         }
 
@@ -142,15 +131,14 @@ public class JobCron implements IJobCron {
          * the '*' one will remain empty (no elements)
          */
         // day-of-week
-        if ((sDayOMonth!= null) && sDayOMonth.equals(CronItem.ALL) && (sDayOWeek!= null) && !sDayOWeek.equals(CronItem.ALL)) {
+        if ((sDayOMonth != null) && sDayOMonth.equals(CronItem.ALL) && (sDayOWeek != null) && !sDayOWeek.equals(CronItem.ALL)) {
             try {
                 cDOW.set(sDayOWeek);
             } catch (EBaseException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_JOBS_INVALID_DAY_OF_WEEK", e.toString()));
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_JOB_CRON"));
             }
-        } else
-        if ((sDayOMonth!= null) && !sDayOMonth.equals(CronItem.ALL) && (sDayOWeek!= null) && sDayOWeek.equals(CronItem.ALL)) {
+        } else if ((sDayOMonth != null) && !sDayOMonth.equals(CronItem.ALL) && (sDayOWeek != null) && sDayOWeek.equals(CronItem.ALL)) {
             try {
                 cDOM.set(sDayOMonth);
             } catch (EBaseException e) {
@@ -159,7 +147,7 @@ public class JobCron implements IJobCron {
             }
         } else { // if both '*', every day, if neither is '*', do both
             try {
-                if (sDayOWeek!= null) {
+                if (sDayOWeek != null) {
                     cDOW.set(sDayOWeek);
                 }
             } catch (EBaseException e) {
@@ -179,10 +167,11 @@ public class JobCron implements IJobCron {
 
     /**
      * retrieves the cron item
-     * @param item name of the item.  must be one of the <b>CRON_*</b>
-     * strings defined in this class
+     * 
+     * @param item name of the item. must be one of the <b>CRON_*</b>
+     *            strings defined in this class
      * @return an instance of the CronItem class which represents the
-     *	 requested cron item 
+     *         requested cron item
      */
     public CronItem getItem(String item) {
         if (item.equals(CRON_MINUTE)) {
@@ -204,10 +193,11 @@ public class JobCron implements IJobCron {
 
     /**
      * Does the element fit any element in the item
+     * 
      * @param element the element of "now" in cron format
      * @param item the item consists of a vector of elements
      * @return boolean (true/false) on whether the element is one of
-     *	 the elements in the item
+     *         the elements in the item
      */
     boolean isElement(int element, Vector<CronRange> item) {
         // loop through all of the elements of an item
@@ -221,7 +211,7 @@ public class JobCron implements IJobCron {
                 }
             } else { // is a range
                 if ((element >= cElement.getBegin()) &&
-                    (element <= cElement.getEnd())) {
+                        (element <= cElement.getEnd())) {
                     return true;
                 }
             }
@@ -232,10 +222,11 @@ public class JobCron implements IJobCron {
 
     /**
      * convert the day of the week representation from Calendar to
-     *	 cron
+     * cron
+     * 
      * @param time the Calendar value represents a moment of time
      * @return an integer value that represents a cron Day-Of-Week
-     *	 element
+     *         element
      */
     public int DOW_cal2cron(Calendar time) {
         int calDow = time.get(Calendar.DAY_OF_WEEK);
@@ -280,9 +271,10 @@ public class JobCron implements IJobCron {
 
     /**
      * convert the month of year representation from Calendar to cron
+     * 
      * @param time the Calendar value represents a moment of time
      * @return an integer value that represents a cron Month-Of-Year
-     *	 element
+     *         element
      */
     public int MOY_cal2cron(Calendar time) {
         int calMoy = time.get(Calendar.MONTH);
@@ -352,6 +344,6 @@ public class JobCron implements IJobCron {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-            level, msg);
+                level, msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/jobs/JobsScheduler.java b/pki/base/common/src/com/netscape/cmscore/jobs/JobsScheduler.java
index ad6cf898..38ec4a79 100644
--- a/pki/base/common/src/com/netscape/cmscore/jobs/JobsScheduler.java
+++ b/pki/base/common/src/com/netscape/cmscore/jobs/JobsScheduler.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.jobs;
 
-
 import java.util.Calendar;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -35,24 +34,15 @@ import com.netscape.certsrv.jobs.JobPlugin;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * This is a daemon thread that handles scheduled jobs like cron would
- * do with different jobs.  This daemon wakes up at a pre-configured
+ * do with different jobs. This daemon wakes up at a pre-configured
  * interval to see
  * if there is any job to be done, if so, a thread is created to execute
  * the job(s).
  * <p>
- * The interval <b>jobsScheduler.interval</b> in the configuration is
- * specified as number of minutes.  If not set, the default is 1 minute.
- * Note that the cron specification for each job CAN NOT be finer than
- * the granularity of the Scheduler daemon interval.  For example, if
- * the daemon interval is set to 5 minute, a job cron for every minute
- * at 7am on each Tuesday (e.g. * 7 * * 2) will result in the
- * execution of the job thread only once every 5 minutes during that
- * hour.  <b>The inteval value is recommended at 1 minute, setting it
- * otherwise has the potential of forever missing the beat</b>. Use
- * with caution.
+ * The interval <b>jobsScheduler.interval</b> in the configuration is specified as number of minutes. If not set, the default is 1 minute. Note that the cron specification for each job CAN NOT be finer than the granularity of the Scheduler daemon interval. For example, if the daemon interval is set to 5 minute, a job cron for every minute at 7am on each Tuesday (e.g. * 7 * * 2) will result in the execution of the job thread only once every 5 minutes during that hour. <b>The inteval value is
+ * recommended at 1 minute, setting it otherwise has the potential of forever missing the beat</b>. Use with caution.
  * 
  * @author cfu
  * @see JobCron
@@ -96,16 +86,12 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
      * read from the config file all implementations of Jobs,
      * register and initialize them
      * <p>
-     * the config params have the following formats:
-     * jobScheduler.impl.[implementation name].class=[package name]
-     * jobScheduler.job.[job name].pluginName=[implementation name]
-     * jobScheduler.job.[job name].cron=[crontab format]
-     * jobScheduler.job.[job name].[any job specific params]=[values]
+     * the config params have the following formats: jobScheduler.impl.[implementation name].class=[package name] jobScheduler.job.[job name].pluginName=[implementation name] jobScheduler.job.[job name].cron=[crontab format] jobScheduler.job.[job name].[any job specific params]=[values]
      * 
      * @param config jobsScheduler configStore
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException, EJobsException {
+            throws EBaseException, EJobsException {
         mLogger = CMS.getLogger();
 
         // read in config parameters and set variables
@@ -142,14 +128,13 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
             String jobName = (String) jobs.nextElement();
             String implName = c.getString(jobName + "." + PROP_PLUGIN);
             JobPlugin plugin =
-                (JobPlugin) mJobPlugins.get(implName);
+                    (JobPlugin) mJobPlugins.get(implName);
 
             if (plugin == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_JOBS_CLASS_NOT_FOUND",
-                        implName));
-                throw new
-                    EJobsException(CMS.getUserMessage("CMS_JOB_PLUGIN_NOT_FOUND", implName));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_JOBS_CLASS_NOT_FOUND",
+                                implName));
+                throw new EJobsException(CMS.getUserMessage("CMS_JOB_PLUGIN_NOT_FOUND", implName));
             }
             String classPath = plugin.getClassPath();
 
@@ -169,20 +154,17 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
                 String errMsg = "JobsScheduler:: init()-" + e.toString();
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_JOBS_INIT_ERROR", e.toString()));
-                throw new
-                    EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", classPath));
+                throw new EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", classPath));
             } catch (IllegalAccessException e) {
                 String errMsg = "JobsScheduler:: init()-" + e.toString();
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_JOBS_INIT_ERROR", e.toString()));
-                throw new
-                    EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", classPath));
+                throw new EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", classPath));
             } catch (InstantiationException e) {
                 String errMsg = "JobsScheduler: init()-" + e.toString();
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_JOBS_INIT_ERROR", e.toString()));
-                throw new
-                    EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", classPath));
+                throw new EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", classPath));
             } catch (EBaseException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_JOBS_INIT_ERROR", e.toString()));
                 throw e;
@@ -208,8 +190,8 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
      * when wake up:
      * . execute the scheduled job(s)
      * * if job still running from previous interval, skip it
-     * . figure out when is the next wakeup time (every interval).  If
-     *	 current wakup time runs over the interval, skip the missed interval(s)
+     * . figure out when is the next wakeup time (every interval). If
+     * current wakup time runs over the interval, skip the missed interval(s)
      * . sleep till the next wakeup time
      */
     public void run() {
@@ -230,8 +212,8 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
                 // just let it skip to next second, fine.
                 duration = (60 - second) * 1000 + 1000 - milliSec;
                 log(ILogger.LL_INFO,
-                    "adjustment for cron behavior: sleep for " +
-                    duration + " milliseconds");
+                        "adjustment for cron behavior: sleep for " +
+                                duration + " milliseconds");
             } else {
 
                 // when is the next wakeup time for the JobsScheduler?
@@ -268,14 +250,14 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
 
             // get time now
             cal = Calendar.getInstance();
-			
+
             /**
              * Get the current time outside the jobs while loop
              * to make sure that the rightful jobs are run
              * -- milliseconds from the epoch
              */
             wokeupTime = cal.getTime().getTime();
-			
+
             IJob job = null;
 
             for (Enumeration<IJob> e = mJobs.elements(); e.hasMoreElements();) {
@@ -310,14 +292,14 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
                     } else {
                         // previous thread still alive, log it
                         log(ILogger.LL_INFO, "Job " + job.getId() +
-                            " still running...skipping this round");
+                                " still running...skipping this round");
                     }
                 }
             } // for
 
         }
     }
-   
+
     public IJobCron createJobCron(String cs) throws EBaseException {
         return new JobCron(cs);
     }
@@ -338,8 +320,8 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
          * is it the right month?
          */
         Vector<CronRange> moy =
-            jcron.getItem(JobCron.CRON_MONTH_OF_YEAR).getElements();
-		
+                jcron.getItem(JobCron.CRON_MONTH_OF_YEAR).getElements();
+
         int cronMoy = jcron.MOY_cal2cron(now);
 
         if (jcron.isElement(cronMoy, moy) == false) {
@@ -361,7 +343,7 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
         int cronDow = jcron.DOW_cal2cron(now);
 
         if ((jcron.isElement(cronDow, dow) == false) &&
-            (jcron.isElement(now.get(Calendar.DAY_OF_MONTH), dom) == false)) {
+                (jcron.isElement(now.get(Calendar.DAY_OF_MONTH), dom) == false)) {
             return false;
         }
         // is the right date!
@@ -391,16 +373,18 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
 
     /**
      * Retrieves id (name) of this subsystem.
+     * 
      * @return name of the Jobs Scheduler subsystem
      */
     public String getId() {
         return (mId);
     }
-  
+
     /**
      * Sets id string to this subsystem.
      * <p>
-     * Use with caution.  Should not do it when sharing with others
+     * Use with caution. Should not do it when sharing with others
+     * 
      * @param id name to be applied to an Jobs Scheduler subsystem
      */
     public void setId(String id) throws EBaseException {
@@ -427,7 +411,7 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
     }
 
     /**
-     * shuts down Jobs one by one. 
+     * shuts down Jobs one by one.
      * <P>
      */
     public void shutdown() {
@@ -438,8 +422,8 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
 
         Enumeration<String> enums = mJobThreads.keys();
         while (enums.hasMoreElements()) {
-            String id = (String)enums.nextElement();
-            Thread currthread = (Thread)mJobThreads.get(id);
+            String id = (String) enums.nextElement();
+            Thread currthread = (Thread) mJobThreads.get(id);
             //if (currthread != null) 
             //  currthread.destroy();
         }
@@ -448,13 +432,13 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
         mJobThreads = null;
 
         //if (mScheduleThread != null) 
-              //  mScheduleThread.destroy();
+        //  mScheduleThread.destroy();
     }
 
     /**
      * Returns the root configuration storage of this system.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -462,22 +446,23 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
     }
 
     /**
-     * Gets configuration parameters for the given 
+     * Gets configuration parameters for the given
      * job plugin.
+     * 
      * @param implName Name of the job plugin.
      * @return Hashtable of required parameters.
      */
     public String[] getConfigParams(String implName)
-        throws EJobsException {
+            throws EJobsException {
         if (Debug.ON)
             Debug.trace("in getCofigParams()");
 
-            // is this a registered implname?
+        // is this a registered implname?
         JobPlugin plugin = (JobPlugin) mJobPlugins.get(implName);
 
         if (plugin == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_JOBS_CLASS_NOT_FOUND", implName));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_JOBS_CLASS_NOT_FOUND", implName));
             if (Debug.ON)
                 Debug.trace("Job plugin " + implName + " not found.");
             throw new EJobsException(CMS.getUserMessage("CMS_JOB_PLUGIN_NOT_FOUND",
@@ -500,26 +485,23 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
                 Debug.trace("class instantiated");
             return (jobInst.getConfigParams());
         } catch (InstantiationException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_JOBS_CREATE_NEW", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_JOBS_CREATE_NEW", e.toString()));
             if (Debug.ON)
                 Debug.trace("class NOT instantiated: " + e.toString());
-            throw new 
-                EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", className));
+            throw new EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", className));
         } catch (ClassNotFoundException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_JOBS_CREATE_NEW", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_JOBS_CREATE_NEW", e.toString()));
             if (Debug.ON)
                 Debug.trace("class NOT instantiated: " + e.toString());
-            throw new
-                EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", className));
+            throw new EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", className));
         } catch (IllegalAccessException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_JOBS_CREATE_NEW", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_JOBS_CREATE_NEW", e.toString()));
             if (Debug.ON)
                 Debug.trace("class NOT instantiated: " + e.toString());
-            throw new
-                EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", className));
+            throw new EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", className));
         }
     }
 
@@ -534,7 +516,7 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-            level, msg);
+                level, msg);
     }
 
     public Hashtable<String, JobPlugin> getJobPlugins() {
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapAndExpression.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapAndExpression.java
index c41f361e..3d7e7f31 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapAndExpression.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapAndExpression.java
@@ -17,32 +17,31 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import com.netscape.certsrv.base.SessionContext;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.publish.ILdapExpression;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class represents an expression of the form
  * <var1 op val1 AND var2 op va2>.
- *
+ * 
  * Expressions are used as predicates for publishing rule selection.
- *
+ * 
  * @author mzhao
  * @version $Revision$, $Date$
  */
 public class LdapAndExpression implements ILdapExpression {
     private ILdapExpression mExp1;
     private ILdapExpression mExp2;
+
     public LdapAndExpression(ILdapExpression exp1, ILdapExpression exp2) {
         mExp1 = exp1;
         mExp2 = exp2;
     }
 
     public boolean evaluate(SessionContext sc)
-        throws ELdapException {
+            throws ELdapException {
         // If an expression is missing we assume applicability.
         if (mExp1 == null && mExp2 == null)
             return true;
@@ -50,12 +49,13 @@ public class LdapAndExpression implements ILdapExpression {
             return mExp1.evaluate(sc) && mExp2.evaluate(sc);
         else if (mExp1 == null)
             return mExp2.evaluate(sc);
-        else // (if mExp2 == null)
+        else
+            // (if mExp2 == null)
             return mExp1.evaluate(sc);
     }
 
     public boolean evaluate(IRequest req)
-        throws ELdapException {
+            throws ELdapException {
         // If an expression is missing we assume applicability.
         if (mExp1 == null && mExp2 == null)
             return true;
@@ -63,7 +63,8 @@ public class LdapAndExpression implements ILdapExpression {
             return mExp1.evaluate(req) && mExp2.evaluate(req);
         else if (mExp1 == null)
             return mExp2.evaluate(req);
-        else // (if mExp2 == null)
+        else
+            // (if mExp2 == null)
             return mExp1.evaluate(req);
     }
 
@@ -71,4 +72,3 @@ public class LdapAndExpression implements ILdapExpression {
         return mExp1.toString() + " AND " + mExp2.toString();
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapConnModule.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapConnModule.java
index 7574bf1b..7dd28214 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapConnModule.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapConnModule.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import netscape.ldap.LDAPConnection;
 
 import com.netscape.certsrv.apps.CMS;
@@ -34,7 +33,6 @@ import com.netscape.cmscore.ldapconn.LdapAuthInfo;
 import com.netscape.cmscore.ldapconn.LdapBoundConnFactory;
 import com.netscape.cmscore.ldapconn.LdapConnInfo;
 
-
 public class LdapConnModule implements ILdapConnModule {
     protected IConfigStore mConfig = null;
     protected LdapBoundConnFactory mLdapConnFactory = null;
@@ -42,7 +40,7 @@ public class LdapConnModule implements ILdapConnModule {
     private boolean mInited = false;
 
     /**
-     * instantiate connection factory. 
+     * instantiate connection factory.
      */
 
     public static final String PROP_LDAP = "ldap";
@@ -58,13 +56,13 @@ public class LdapConnModule implements ILdapConnModule {
     protected ISubsystem mPubProcessor;
 
     public void init(ISubsystem p,
-        IConfigStore config)
-        throws EBaseException {
+            IConfigStore config)
+            throws EBaseException {
 
         CMS.debug("LdapConnModule: init called");
         if (mInited) {
             CMS.debug("LdapConnModule: already initialized. return.");
-             return;
+            return;
         }
         CMS.debug("LdapConnModule: init begins");
 
@@ -85,16 +83,16 @@ public class LdapConnModule implements ILdapConnModule {
         ILdapConnInfo connInfo =
                 CMS.getLdapConnInfo(ldapconn);
         LdapAuthInfo authInfo =
-            new LdapAuthInfo(authinfo, ldapconn.getString("host"),
-                ldapconn.getInteger("port"), connInfo.getSecure());
+                new LdapAuthInfo(authinfo, ldapconn.getString("host"),
+                        ldapconn.getInteger("port"), connInfo.getSecure());
 
         int minConns = mConfig.getInteger(ILdapBoundConnFactory.PROP_MINCONNS, 3);
         int maxConns = mConfig.getInteger(ILdapBoundConnFactory.PROP_MAXCONNS, 15);
         // must get authInfo from the config, don't default to internaldb!!!
 
-        CMS.debug("Creating LdapBoundConnFactory for LdapConnModule."); 
+        CMS.debug("Creating LdapBoundConnFactory for LdapConnModule.");
         mLdapConnFactory =
-             new LdapBoundConnFactory(minConns, maxConns, (LdapConnInfo)connInfo, authInfo);
+                new LdapBoundConnFactory(minConns, maxConns, (LdapConnInfo) connInfo, authInfo);
 
         mInited = true;
 
@@ -102,15 +100,15 @@ public class LdapConnModule implements ILdapConnModule {
     }
 
     /**
-     * Returns the internal ldap connection factory. 
-     * This can be useful to get a ldap connection to the 
-     * ldap publishing directory without having to get it again from the 
-     * config file. Note that this means sharing a ldap connection pool 
+     * Returns the internal ldap connection factory.
+     * This can be useful to get a ldap connection to the
+     * ldap publishing directory without having to get it again from the
+     * config file. Note that this means sharing a ldap connection pool
      * with the ldap publishing module so be sure to return connections to pool.
-     * Use ILdapConnFactory.getConn() to get a Ldap connection to the ldap 
-     * publishing directory. 
-     * Use ILdapConnFactory.returnConn() to return the connection. 
-     *
+     * Use ILdapConnFactory.getConn() to get a Ldap connection to the ldap
+     * publishing directory.
+     * Use ILdapConnFactory.returnConn() to return the connection.
+     * 
      * @see com.netscape.certsrv.ldap.ILdapBoundConnFactory
      * @see com.netscape.certsrv.ldap.ILdapConnFactory
      */
@@ -127,9 +125,8 @@ public class LdapConnModule implements ILdapConnModule {
     }
 
     public void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_LDAP, level, 
-            "LdapPublishModule: " + msg);
+        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_LDAP, level,
+                "LdapPublishModule: " + msg);
     }
-	
-}
 
+}
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapOrExpression.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapOrExpression.java
index aaf9f35d..011e3e69 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapOrExpression.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapOrExpression.java
@@ -17,51 +17,52 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import com.netscape.certsrv.base.SessionContext;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.publish.ILdapExpression;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class represents an Or expression of the form
  * (var1 op val1 OR var2 op val2).
- *
+ * 
  * Expressions are used as predicates for publishing rule selection.
- *
+ * 
  * @author mzhao
  * @version $Revision$, $Date$
  */
 public class LdapOrExpression implements ILdapExpression {
     private ILdapExpression mExp1;
     private ILdapExpression mExp2;
+
     public LdapOrExpression(ILdapExpression exp1, ILdapExpression exp2) {
         mExp1 = exp1;
         mExp2 = exp2;
     }
 
     public boolean evaluate(SessionContext sc)
-        throws ELdapException {
+            throws ELdapException {
         if (mExp1 == null && mExp2 == null)
             return true;
         else if (mExp1 != null && mExp2 != null)
             return mExp1.evaluate(sc) || mExp2.evaluate(sc);
         else if (mExp1 != null && mExp2 == null)
             return mExp1.evaluate(sc);
-        else // (mExp1 == null && mExp2 != null)
+        else
+            // (mExp1 == null && mExp2 != null)
             return mExp2.evaluate(sc);
     }
 
     public boolean evaluate(IRequest req)
-        throws ELdapException {
+            throws ELdapException {
         if (mExp1 == null && mExp2 == null)
             return true;
         else if (mExp1 != null && mExp2 != null)
             return mExp1.evaluate(req) || mExp2.evaluate(req);
         else if (mExp1 != null && mExp2 == null)
             return mExp1.evaluate(req);
-        else // (mExp1 == null && mExp2 != null)
+        else
+            // (mExp1 == null && mExp2 != null)
             return mExp2.evaluate(req);
     }
 
@@ -72,8 +73,8 @@ public class LdapOrExpression implements ILdapExpression {
             return mExp1.toString() + " OR " + mExp2.toString();
         else if (mExp1 != null && mExp2 == null)
             return mExp1.toString();
-        else // (mExp1 == null && mExp2 != null)
+        else
+            // (mExp1 == null && mExp2 != null)
             return mExp2.toString();
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapPredicateParser.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapPredicateParser.java
index 3ac8f750..57f5a76c 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapPredicateParser.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapPredicateParser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -29,19 +28,18 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.publish.ILdapExpression;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * Default implementation of predicate parser.
- *
+ * 
  * Limitations:
- *
- *	1. Currently parentheses are not suported.
- *	2. Only ==, != <, >, <= and >= operators are supported.
- *	3. The only boolean operators supported are AND and OR. AND takes precedence
- *	   over OR. Example: a AND b OR e OR c AND d
- *					is treated as (a AND b) OR e OR (c AND d)
- *	4. If this is n't adequate, roll your own.
- *
+ * 
+ * 1. Currently parentheses are not suported.
+ * 2. Only ==, != <, >, <= and >= operators are supported.
+ * 3. The only boolean operators supported are AND and OR. AND takes precedence
+ * over OR. Example: a AND b OR e OR c AND d
+ * is treated as (a AND b) OR e OR (c AND d)
+ * 4. If this is n't adequate, roll your own.
+ * 
  * @author mzhao
  * @version $Revision$, $Date$
  */
@@ -57,22 +55,22 @@ public class LdapPredicateParser {
 
     /**
      * Parse the predicate expression and return a vector of expressions.
-     *
-     * @param predicateExp	The predicate expression as read from the config file.
-     * @return expVector	The vector of expressions.
+     * 
+     * @param predicateExp The predicate expression as read from the config file.
+     * @return expVector The vector of expressions.
      */
     public static ILdapExpression parse(String predicateExpression)
-        throws ELdapException {
-        if (predicateExpression == null || 
-            predicateExpression.length() == 0)
+            throws ELdapException {
+        if (predicateExpression == null ||
+                predicateExpression.length() == 0)
             return null;
         PredicateTokenizer pt = new PredicateTokenizer(predicateExpression);
 
         if (pt == null || !pt.hasMoreTokens())
             return null;
 
-            // The first token cannot be an operator. We are not dealing with
-            // reverse-polish notation.
+        // The first token cannot be an operator. We are not dealing with
+        // reverse-polish notation.
         String token = pt.nextToken();
         boolean opANDSeen;
         boolean opORSeen;
@@ -92,7 +90,7 @@ public class LdapPredicateParser {
             int curType = getOP(token);
 
             if ((prevType != EXPRESSION && curType != EXPRESSION) ||
-                (prevType == EXPRESSION && curType == EXPRESSION)) {
+                    (prevType == EXPRESSION && curType == EXPRESSION)) {
                 malformed = true;
                 break;
             }
@@ -122,8 +120,8 @@ public class LdapPredicateParser {
             if (Debug.ON)
                 Debug.trace("Malformed expression: " + predicateExpression);
             throw new ELdapException(
-              CMS.getUserMessage("CMS_LDAP_BAD_LDAP_EXPRESSION",
-                    predicateExpression));
+                    CMS.getUserMessage("CMS_LDAP_BAD_LDAP_EXPRESSION",
+                            predicateExpression));
         }
 
         // Form an LdapOrExpression
@@ -135,7 +133,7 @@ public class LdapPredicateParser {
         if (size == 0)
             return null;
         LdapOrExpression orExp = new
-            LdapOrExpression((ILdapExpression) expSet.elementAt(0), null);
+                LdapOrExpression((ILdapExpression) expSet.elementAt(0), null);
 
         for (int i = 1; i < size; i++)
             orExp = new LdapOrExpression(orExp,
@@ -153,7 +151,7 @@ public class LdapPredicateParser {
     }
 
     private static ILdapExpression parseExpression(String input)
-        throws ELdapException {
+            throws ELdapException {
         // If the expression has multiple parts separated by commas
         // we need to construct an AND expression. Else we will return a
         // simple expression.
@@ -166,8 +164,8 @@ public class LdapPredicateParser {
 
         while (commaIndex > 0) {
             LdapSimpleExpression exp = (LdapSimpleExpression)
-                LdapSimpleExpression.parse(input.substring(currentIndex,
-                        commaIndex));
+                    LdapSimpleExpression.parse(input.substring(currentIndex,
+                            commaIndex));
 
             expVector.addElement(exp);
             currentIndex = commaIndex + 1;
@@ -175,7 +173,7 @@ public class LdapPredicateParser {
         }
         if (currentIndex < (input.length() - 1)) {
             LdapSimpleExpression exp = (LdapSimpleExpression)
-                LdapSimpleExpression.parse(input.substring(currentIndex));
+                    LdapSimpleExpression.parse(input.substring(currentIndex));
 
             expVector.addElement(exp);
         }
@@ -194,79 +192,77 @@ public class LdapPredicateParser {
     public static void main(String[] args) {
 
         /**
-         AttributeSet req = new AttributeSet();
-         try
-         {
-         req.set("ou", "people");
-         req.set("cn", "John Doe");
-         req.set("uid", "jdoes");
-         req.set("o", "airius.com");
-         req.set("certtype", "client");
-         req.set("request", "issuance");
-         req.set("id", new Integer(10));
-         req.set("dualcerts", new Boolean(true));
-
-         Vector v = new Vector();
-         v.addElement("one");
-         v.addElement("two");
-         v.addElement("three");
-         req.set("count", v);
-         }
-         catch (Exception e){e.printStackTrace();}
-         String[] array = { "ou == people AND certtype == client",
-         "ou == servergroup AND certtype == server",
-         "uid == jdoes, ou==people, o==airius.com OR ou == people AND certType == client OR certType == server AND cn == needles.mcom.com",
-         };
-         for (int i = 0; i < array.length; i++)
-         {
-         System.out.println();
-         System.out.println("String: " + array[i]);
-         ILdapExpression exp = null;
-         try
-         {
-         exp = parse(array[i]);
-         if (exp != null)
-         {
-         System.out.println("Parsed Expression: " + exp);
-         boolean result = exp.evaluate(req);
-         System.out.println("Result: " + result);
-         }
-         }
-         catch (Exception e) {e.printStackTrace(); }
-         }
-
-
-         try
-         {
-         BufferedReader rdr = new BufferedReader(
-         new FileReader(args[0]));
-         String line;
-         while((line=rdr.readLine()) != null)
-         {
-         System.out.println();
-         System.out.println("Line Read: " + line);
-         ILdapExpression exp = null;
-         try
-         {
-         exp = parse(line);
-         if (exp != null)
-         {
-         System.out.println(exp);
-         boolean result = exp.evaluate(req);
-         System.out.println("Result: " + result);
-         }
-
-         }catch (Exception e){e.printStackTrace();}
-         }
-         }
-         catch (Exception e){e.printStackTrace(); }
-
+         * AttributeSet req = new AttributeSet();
+         * try
+         * {
+         * req.set("ou", "people");
+         * req.set("cn", "John Doe");
+         * req.set("uid", "jdoes");
+         * req.set("o", "airius.com");
+         * req.set("certtype", "client");
+         * req.set("request", "issuance");
+         * req.set("id", new Integer(10));
+         * req.set("dualcerts", new Boolean(true));
+         * 
+         * Vector v = new Vector();
+         * v.addElement("one");
+         * v.addElement("two");
+         * v.addElement("three");
+         * req.set("count", v);
+         * }
+         * catch (Exception e){e.printStackTrace();}
+         * String[] array = { "ou == people AND certtype == client",
+         * "ou == servergroup AND certtype == server",
+         * "uid == jdoes, ou==people, o==airius.com OR ou == people AND certType == client OR certType == server AND cn == needles.mcom.com",
+         * };
+         * for (int i = 0; i < array.length; i++)
+         * {
+         * System.out.println();
+         * System.out.println("String: " + array[i]);
+         * ILdapExpression exp = null;
+         * try
+         * {
+         * exp = parse(array[i]);
+         * if (exp != null)
+         * {
+         * System.out.println("Parsed Expression: " + exp);
+         * boolean result = exp.evaluate(req);
+         * System.out.println("Result: " + result);
+         * }
+         * }
+         * catch (Exception e) {e.printStackTrace(); }
+         * }
+         * 
+         * 
+         * try
+         * {
+         * BufferedReader rdr = new BufferedReader(
+         * new FileReader(args[0]));
+         * String line;
+         * while((line=rdr.readLine()) != null)
+         * {
+         * System.out.println();
+         * System.out.println("Line Read: " + line);
+         * ILdapExpression exp = null;
+         * try
+         * {
+         * exp = parse(line);
+         * if (exp != null)
+         * {
+         * System.out.println(exp);
+         * boolean result = exp.evaluate(req);
+         * System.out.println("Result: " + result);
+         * }
+         * 
+         * }catch (Exception e){e.printStackTrace();}
+         * }
+         * }
+         * catch (Exception e){e.printStackTrace(); }
          **/
     }
 
 }
 
-
 class PredicateTokenizer {
     String input;
     int currentIndex;
@@ -348,30 +344,30 @@ class PredicateTokenizer {
     }
 }
 
-
 class AttributeSet implements IAttrSet {
     /**
      *
      */
     private static final long serialVersionUID = -3155846653754028803L;
     Hashtable ht = new Hashtable();
+
     public AttributeSet() {
     }
 
     public void delete(String name)
-        throws EBaseException {
+            throws EBaseException {
         Object ob = ht.get(name);
 
         ht.remove(ob);
     }
 
     public Object get(String name)
-        throws EBaseException {
+            throws EBaseException {
         return ht.get(name);
     }
 
     public void set(String name, Object ob)
-        throws EBaseException {
+            throws EBaseException {
         ht.put(name, ob);
     }
 
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapPublishModule.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapPublishModule.java
index e9839f59..325d2a0d 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapPublishModule.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapPublishModule.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.X509CRL;
@@ -56,7 +55,6 @@ import com.netscape.cmscore.dbs.CertRecord;
 import com.netscape.cmscore.ldapconn.LdapBoundConnFactory;
 import com.netscape.cmscore.util.Debug;
 
-
 public class LdapPublishModule implements ILdapPublishModule {
     protected IConfigStore mConfig = null;
     protected LdapBoundConnFactory mLdapConnFactory = null;
@@ -64,28 +62,28 @@ public class LdapPublishModule implements ILdapPublishModule {
     private boolean mInited = false;
     protected ICertAuthority mAuthority = null;
 
-    /** 
-     * hashtable of cert types to cert mappers and publishers. 
-     * cert types are client, server, ca, subca, ra, crl, etc. 
+    /**
+     * hashtable of cert types to cert mappers and publishers.
+     * cert types are client, server, ca, subca, ra, crl, etc.
      * XXX the cert types need to be consistently used.
      * for each, the mapper may be null, in which case the full subject
-     * name is used to map the cert. 
+     * name is used to map the cert.
      * for crl, if the mapper is null the ca mapper is used. if that
-     * is null, the full issuer name is used.  
+     * is null, the full issuer name is used.
      * XXX if we support crl issuing points the issuing point should be used
      * to publish the crl.
-     * When publishers are null, the certs are not published. 
+     * When publishers are null, the certs are not published.
      */
-    protected Hashtable mMappers = new Hashtable(); 
+    protected Hashtable mMappers = new Hashtable();
 
     /**
-     * handlers for request types (events) 
+     * handlers for request types (events)
      * values implement IRequestListener
      */
     protected Hashtable mEventHandlers = new Hashtable();
 
     /**
-     * instantiate connection factory. 
+     * instantiate connection factory.
      */
     public static final String ATTR_LDAPPUBLISH_STATUS = "LdapPublishStatus";
     public static final String PROP_LDAP = "ldap";
@@ -100,12 +98,10 @@ public class LdapPublishModule implements ILdapPublishModule {
     public LdapPublishModule() {
     }
 
-	public void init(ISubsystem sub, IConfigStore config) throws EBaseException 
-	{
-	}
+    public void init(ISubsystem sub, IConfigStore config) throws EBaseException {
+    }
 
-    public void set(String name, String val)
-    {
+    public void set(String name, String val) {
     }
 
     public LdapPublishModule(LdapBoundConnFactory factory) {
@@ -116,8 +112,8 @@ public class LdapPublishModule implements ILdapPublishModule {
     protected IPublisherProcessor mPubProcessor;
 
     public void init(ICertAuthority authority, IPublisherProcessor p,
-        IConfigStore config)
-        throws EBaseException {
+            IConfigStore config)
+            throws EBaseException {
         if (mInited)
             return;
 
@@ -133,9 +129,9 @@ public class LdapPublishModule implements ILdapPublishModule {
         mAuthority.registerRequestListener(this);
     }
 
-    public void init(ICertAuthority authority, IConfigStore config) 
-        throws EBaseException {
-        if (mInited)  
+    public void init(ICertAuthority authority, IConfigStore config)
+            throws EBaseException {
+        if (mInited)
             return;
 
         mAuthority = authority;
@@ -150,15 +146,15 @@ public class LdapPublishModule implements ILdapPublishModule {
     }
 
     /**
-     * Returns the internal ldap connection factory. 
-     * This can be useful to get a ldap connection to the 
-     * ldap publishing directory without having to get it again from the 
-     * config file. Note that this means sharing a ldap connection pool 
+     * Returns the internal ldap connection factory.
+     * This can be useful to get a ldap connection to the
+     * ldap publishing directory without having to get it again from the
+     * config file. Note that this means sharing a ldap connection pool
      * with the ldap publishing module so be sure to return connections to pool.
-     * Use ILdapConnFactory.getConn() to get a Ldap connection to the ldap 
-     * publishing directory. 
-     * Use ILdapConnFactory.returnConn() to return the connection. 
-     *
+     * Use ILdapConnFactory.getConn() to get a Ldap connection to the ldap
+     * publishing directory.
+     * Use ILdapConnFactory.returnConn() to return the connection.
+     * 
      * @see com.netscape.certsrv.ldap.ILdapBoundConnFactory
      * @see com.netscape.certsrv.ldap.ILdapConnFactory
      */
@@ -167,7 +163,7 @@ public class LdapPublishModule implements ILdapPublishModule {
     }
 
     /**
-     * Returns the connection factory to the publishing directory. 
+     * Returns the connection factory to the publishing directory.
      * Must return the connection once you return
      */
 
@@ -179,16 +175,16 @@ public class LdapPublishModule implements ILdapPublishModule {
         } else {
             mappers = (LdapMappers) mMappers.get(certType);
         }
-        return mappers; 
+        return mappers;
     }
 
     protected void initMappers(IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         IConfigStore types = mConfig.getSubStore(PROP_TYPE);
 
         if (types == null || types.size() <= 0) {
             // nothing configured.
-            if (Debug.ON) 
+            if (Debug.ON)
                 System.out.println("No ldap publishing configurations.");
             return;
         }
@@ -198,9 +194,9 @@ public class LdapPublishModule implements ILdapPublishModule {
             String certType = (String) substores.nextElement();
             IConfigStore current = types.getSubStore(certType);
 
-            if (current == null || current.size() <= 0) { 
+            if (current == null || current.size() <= 0) {
                 CMS.debug(
-                    "No ldap publish configuration for " + certType + " found.");
+                        "No ldap publish configuration for " + certType + " found.");
                 continue;
             }
             ILdapPlugin mapper = null, publisher = null;
@@ -212,53 +208,53 @@ public class LdapPublishModule implements ILdapPublishModule {
                 mapperClassName = mapperConf.getString(PROP_CLASS, null);
                 if (mapperClassName != null && mapperClassName.length() > 0) {
                     CMS.debug(
-                        "mapper " + mapperClassName + " for " + certType);
+                            "mapper " + mapperClassName + " for " + certType);
                     mapper = (ILdapPlugin)
                             Class.forName(mapperClassName).newInstance();
                     mapper.init(mapperConf);
                 }
                 publisherConf = current.getSubStore(PROP_PUBLISHER);
                 publisherClassName = publisherConf.getString(PROP_CLASS, null);
-                if (publisherClassName != null && 
-                    publisherClassName.length() > 0) {
+                if (publisherClassName != null &&
+                        publisherClassName.length() > 0) {
                     CMS.debug(
-                        "publisher " + publisherClassName + " for " + certType);
+                            "publisher " + publisherClassName + " for " + certType);
                     publisher = (ILdapPlugin)
                             Class.forName(publisherClassName).newInstance();
                     publisher.init(publisherConf);
                 }
                 mMappers.put(certType, new LdapMappers(mapper, publisher));
             } catch (ClassNotFoundException e) {
-                String missingClass = mapperClassName + 
-                    ((publisherClassName == null) ? "" : 
-                        (" or " + publisherClassName));
+                String missingClass = mapperClassName +
+                        ((publisherClassName == null) ? "" :
+                                (" or " + publisherClassName));
 
-                log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_FIND_CLASS", missingClass));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_FIND_CLASS", missingClass));
                 throw new ELdapException(
-                  CMS.getUserMessage("CMS_LDAP_CLASS_NOT_FOUND", missingClass));
+                        CMS.getUserMessage("CMS_LDAP_CLASS_NOT_FOUND", missingClass));
             } catch (InstantiationException e) {
-                String badInstance = mapperClassName + 
-                    ((publisherClassName == null) ? "" : 
-                        (" or " + publisherClassName));
+                String badInstance = mapperClassName +
+                        ((publisherClassName == null) ? "" :
+                                (" or " + publisherClassName));
 
-                log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_INST_CLASS", 
-                    badInstance ,certType));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_INST_CLASS",
+                                badInstance, certType));
                 throw new ELdapException(
-                  CMS.getUserMessage("CMS_LDAP_INSTANTIATING_CLASS_FAILED", badInstance));
+                        CMS.getUserMessage("CMS_LDAP_INSTANTIATING_CLASS_FAILED", badInstance));
             } catch (IllegalAccessException e) {
-                String badInstance = mapperClassName + 
-                    ((publisherClassName == null) ? "" : 
-                        (" or " + publisherClassName));
+                String badInstance = mapperClassName +
+                        ((publisherClassName == null) ? "" :
+                                (" or " + publisherClassName));
 
-                log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_INSUFFICIENT_CREDENTIALS", badInstance, certType));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_INSUFFICIENT_CREDENTIALS", badInstance, certType));
                 throw new ELdapException(
-                  CMS.getUserMessage("CMS_LDAP_INSUFFICIENT_CREDENTIALS", certType));
+                        CMS.getUserMessage("CMS_LDAP_INSUFFICIENT_CREDENTIALS", certType));
             } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_INIT_ERROR", certType, e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_INIT_ERROR", certType, e.toString()));
                 throw e;
             }
         }
@@ -266,14 +262,14 @@ public class LdapPublishModule implements ILdapPublishModule {
     }
 
     protected void initHandlers() {
-        mEventHandlers.put(IRequest.ENROLLMENT_REQUEST, 
-            new HandleEnrollment(this));
+        mEventHandlers.put(IRequest.ENROLLMENT_REQUEST,
+                new HandleEnrollment(this));
         mEventHandlers.put(IRequest.RENEWAL_REQUEST,
-            new HandleRenewal(this));
-        mEventHandlers.put(IRequest.REVOCATION_REQUEST, 
-            new HandleRevocation(this));
-        mEventHandlers.put(IRequest.UNREVOCATION_REQUEST, 
-            new HandleUnrevocation(this));
+                new HandleRenewal(this));
+        mEventHandlers.put(IRequest.REVOCATION_REQUEST,
+                new HandleRevocation(this));
+        mEventHandlers.put(IRequest.UNREVOCATION_REQUEST,
+                new HandleUnrevocation(this));
     }
 
     public void accept(IRequest r) {
@@ -284,14 +280,14 @@ public class LdapPublishModule implements ILdapPublishModule {
 
         if (handler == null) {
             CMS.debug(
-                "Nothing to publish for request type " + type);
+                    "Nothing to publish for request type " + type);
             return;
         }
         handler.accept(r);
     }
 
     public void publish(String certType, X509Certificate cert)
-        throws ELdapException {
+            throws ELdapException {
         // get mapper and publisher for cert type.
         LdapMappers mappers = getMappers(certType);
 
@@ -299,15 +295,15 @@ public class LdapPublishModule implements ILdapPublishModule {
             CMS.debug("publisher for " + certType + " is null");
             return;
         }
-        publish((ILdapMapper) mappers.mapper, 
-            (ILdapPublisher) mappers.publisher, cert);
+        publish((ILdapMapper) mappers.mapper,
+                (ILdapPublisher) mappers.publisher, cert);
 
         // set the ldap published flag.
         setPublishedFlag(cert.getSerialNumber(), true);
     }
 
     public void unpublish(String certType, X509Certificate cert)
-        throws ELdapException {
+            throws ELdapException {
         // get mapper and publisher for cert type.
         LdapMappers mappers = getMappers(certType);
 
@@ -315,19 +311,19 @@ public class LdapPublishModule implements ILdapPublishModule {
             CMS.debug("publisher for " + certType + " is null");
             return;
         }
-        unpublish((ILdapMapper) mappers.mapper, 
-            (ILdapPublisher) mappers.publisher, cert);
+        unpublish((ILdapMapper) mappers.mapper,
+                (ILdapPublisher) mappers.publisher, cert);
 
         // set the ldap published flag.
         setPublishedFlag(cert.getSerialNumber(), false);
     }
 
     /**
-     * set published flag - true when published, false when unpublished. 
-     * not exist means not published. 
+     * set published flag - true when published, false when unpublished.
+     * not exist means not published.
      */
     public void setPublishedFlag(BigInteger serialNo, boolean published) {
-        if (!(mAuthority instanceof ICertificateAuthority)) 
+        if (!(mAuthority instanceof ICertificateAuthority))
             return;
         ICertificateAuthority ca = (ICertificateAuthority) mAuthority;
 
@@ -340,18 +336,18 @@ public class LdapPublishModule implements ILdapPublishModule {
                 metaInfo = new MetaInfo();
             }
             metaInfo.set(
-                CertRecord.META_LDAPPUBLISH, String.valueOf(published));
+                    CertRecord.META_LDAPPUBLISH, String.valueOf(published));
             ModificationSet modSet = new ModificationSet();
 
-            modSet.add(ICertRecord.ATTR_META_INFO, 
-                Modification.MOD_REPLACE, metaInfo);
+            modSet.add(ICertRecord.ATTR_META_INFO,
+                    Modification.MOD_REPLACE, metaInfo);
             certdb.modifyCertificateRecord(serialNo, modSet);
         } catch (EBaseException e) {
             // not fatal. just log warning.
-            log(ILogger.LL_WARN, 
-                "Cannot mark cert 0x" + serialNo.toString(16) + " published as " + published +
-                " in the ldap directory. Cert Record not found. Error: " +
-                e.getMessage());
+            log(ILogger.LL_WARN,
+                    "Cannot mark cert 0x" + serialNo.toString(16) + " published as " + published +
+                            " in the ldap directory. Cert Record not found. Error: " +
+                            e.getMessage());
         }
     }
 
@@ -364,8 +360,8 @@ public class LdapPublishModule implements ILdapPublishModule {
     }
 
     public void publish(ILdapMapper mapper, ILdapPublisher publisher,
-        X509Certificate cert)
-        throws ELdapException {
+            X509Certificate cert)
+            throws ELdapException {
         LDAPConnection conn = null;
 
         try {
@@ -376,17 +372,17 @@ public class LdapPublishModule implements ILdapPublishModule {
             if (mapper == null) { // use the cert's subject name exactly
                 dirdn = cert.getSubjectDN().toString();
                 CMS.debug(
-                    "no mapper found. Using subject name exactly." +
-                    cert.getSubjectDN());
+                        "no mapper found. Using subject name exactly." +
+                                cert.getSubjectDN());
             } else {
                 result = mapper.map(conn, cert);
                 dirdn = result;
-                if (dirdn == null) {  
-                    log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_PUBLISH_NOT_MATCH",
-                        cert.getSerialNumber().toString(16),
-                        cert.getSubjectDN().toString()));
-                    throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", 
+                if (dirdn == null) {
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSCORE_LDAP_PUBLISH_NOT_MATCH",
+                                    cert.getSerialNumber().toString(16),
+                                    cert.getSubjectDN().toString()));
+                    throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH",
                             cert.getSubjectDN().toString()));
                 }
             }
@@ -399,8 +395,8 @@ public class LdapPublishModule implements ILdapPublishModule {
     }
 
     public void unpublish(ILdapMapper mapper, ILdapPublisher publisher,
-        X509Certificate cert) 
-        throws ELdapException {
+            X509Certificate cert)
+            throws ELdapException {
         LDAPConnection conn = null;
 
         try {
@@ -413,12 +409,12 @@ public class LdapPublishModule implements ILdapPublishModule {
             } else {
                 result = mapper.map(conn, cert);
                 dirdn = result;
-                if (dirdn == null) {  
-                    log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_PUBLISH_NOT_MATCH",
-                        cert.getSerialNumber().toString(16),
-                        cert.getSubjectDN().toString()));
-                    throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", 
+                if (dirdn == null) {
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSCORE_LDAP_PUBLISH_NOT_MATCH",
+                                    cert.getSerialNumber().toString(16),
+                                    cert.getSubjectDN().toString()));
+                    throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH",
                             cert.getSubjectDN().toString()));
                 }
             }
@@ -434,8 +430,8 @@ public class LdapPublishModule implements ILdapPublishModule {
      * publishes a crl by mapping the issuer name in the crl to an entry
      * and publishing it there. entry must be a certificate authority.
      */
-    public void publish(X509CRLImpl crl) 
-        throws ELdapException {
+    public void publish(X509CRLImpl crl)
+            throws ELdapException {
         ILdapCrlMapper mapper = null;
         ILdapPublisher publisher = null;
 
@@ -458,9 +454,9 @@ public class LdapPublishModule implements ILdapPublishModule {
             } else {
                 result = ((ILdapMapper) mappers.mapper).map(conn, crl);
                 dn = result;
-                if (dn == null) {  
+                if (dn == null) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_CRL_NOT_MATCH"));
-                    throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", 
+                    throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH",
                             crl.getIssuerDN().toString()));
                 }
             }
@@ -468,7 +464,7 @@ public class LdapPublishModule implements ILdapPublishModule {
         } catch (ELdapException e) {
             //e.printStackTrace();
             CMS.debug(
-                "Error publishing CRL to " + dn + ": " + e);
+                    "Error publishing CRL to " + dn + ": " + e);
             throw e;
         } catch (IOException e) {
             CMS.debug("Error publishing CRL to " + dn + ": " + e);
@@ -484,8 +480,8 @@ public class LdapPublishModule implements ILdapPublishModule {
      * publishes a crl by mapping the issuer name in the crl to an entry
      * and publishing it there. entry must be a certificate authority.
      */
-    public void publish(String dn, X509CRL crl) 
-        throws ELdapException {
+    public void publish(String dn, X509CRL crl)
+            throws ELdapException {
         LdapMappers mappers = getMappers(PROP_TYPE_CRL);
 
         if (mappers == null || mappers.publisher == null) {
@@ -500,7 +496,7 @@ public class LdapPublishModule implements ILdapPublishModule {
             ((ILdapPublisher) mappers.publisher).publish(conn, dn, crl);
         } catch (ELdapException e) {
             CMS.debug(
-                "Error publishing CRL to " + dn + ": " + e.toString());
+                    "Error publishing CRL to " + dn + ": " + e.toString());
             throw e;
         } finally {
             if (conn != null) {
@@ -510,23 +506,22 @@ public class LdapPublishModule implements ILdapPublishModule {
     }
 
     public void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_LDAP, level, 
-            "LdapPublishModule: " + msg);
+        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_LDAP, level,
+                "LdapPublishModule: " + msg);
     }
-	
-}
 
+}
 
 class LdapMappers {
     public LdapMappers(ILdapPlugin aMapper, ILdapPlugin aPublisher) {
         mapper = aMapper;
         publisher = aPublisher;
     }
+
     public ILdapPlugin mapper = null;
     public ILdapPlugin publisher = null;
 }
 
-
 class HandleEnrollment implements IRequestListener {
     LdapPublishModule mModule = null;
 
@@ -534,49 +529,47 @@ class HandleEnrollment implements IRequestListener {
         mModule = module;
     }
 
-    public void set(String name, String val)
-    {
+    public void set(String name, String val) {
     }
 
-    public void init(ISubsystem sub, IConfigStore config) throws EBaseException 
-	{
+    public void init(ISubsystem sub, IConfigStore config) throws EBaseException {
     }
 
     public void accept(IRequest r) {
         CMS.debug(
-            "handling publishing for enrollment request id " +
-            r.getRequestId());
+                "handling publishing for enrollment request id " +
+                        r.getRequestId());
 
         // in case it's not meant for us
         if (r.getExtDataInInteger(IRequest.RESULT) == null)
             return;
 
-            // check if request failed.
+        // check if request failed.
         if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) {
             CMS.debug("Request errored. " +
-                "Nothing to publish for enrollment request id " +
-                r.getRequestId());
+                    "Nothing to publish for enrollment request id " +
+                    r.getRequestId());
             return;
         }
         CMS.debug("Checking publishing for request " +
-            r.getRequestId());
+                r.getRequestId());
         // check if issued certs is set.
         X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
         if (certs == null || certs.length == 0 || certs[0] == null) {
             CMS.debug(
-                "No certs to publish for request id " + r.getRequestId());
+                    "No certs to publish for request id " + r.getRequestId());
             return;
         }
 
         // get mapper and publisher for client certs.
-        LdapMappers mappers = 
-            mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT);
+        LdapMappers mappers =
+                mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT);
 
         if (mappers == null || mappers.publisher == null) {
             CMS.debug(
-                "In publishing: No publisher for type " +
-                LdapPublishModule.PROP_TYPE_CLIENT);
+                    "In publishing: No publisher for type " +
+                            LdapPublishModule.PROP_TYPE_CLIENT);
             return;
         }
 
@@ -586,18 +579,18 @@ class HandleEnrollment implements IRequestListener {
 
         for (int i = 0; i < certs.length; i++) {
             try {
-                if (certs[i] == null) 
+                if (certs[i] == null)
                     continue;
-                mModule.publish((ILdapMapper) mappers.mapper, 
-                    (ILdapPublisher) mappers.publisher, certs[i]);
+                mModule.publish((ILdapMapper) mappers.mapper,
+                        (ILdapPublisher) mappers.publisher, certs[i]);
                 results[i] = IRequest.RES_SUCCESS;
                 CMS.debug(
-                    "Published cert serial no 0x" + certs[i].getSerialNumber().toString(16));
+                        "Published cert serial no 0x" + certs[i].getSerialNumber().toString(16));
                 mModule.setPublishedFlag(certs[i].getSerialNumber(), true);
             } catch (ELdapException e) {
-                mModule.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
-                    certs[i].getSerialNumber().toString(16),e.toString()));
+                mModule.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
+                                certs[i].getSerialNumber().toString(16), e.toString()));
                 results[i] = IRequest.RES_ERROR;
             }
             r.setExtData("ldapPublishStatus", results);
@@ -605,19 +598,17 @@ class HandleEnrollment implements IRequestListener {
     }
 }
 
-
 class HandleRenewal implements IRequestListener {
     private LdapPublishModule mModule = null;
+
     public HandleRenewal(LdapPublishModule module) {
         mModule = module;
     }
 
-    public void init(ISubsystem sub, IConfigStore config) throws EBaseException 
-	{
-	}
+    public void init(ISubsystem sub, IConfigStore config) throws EBaseException {
+    }
 
-    public void set(String name, String val)
-    {
+    public void set(String name, String val) {
     }
 
     public void accept(IRequest r) {
@@ -626,19 +617,19 @@ class HandleRenewal implements IRequestListener {
 
         if (certs == null || certs.length == 0) {
             CMS.debug("no certs to publish for renewal " +
-                "request " + r.getRequestId());
+                    "request " + r.getRequestId());
             return;
         }
         Integer results[] = new Integer[certs.length];
         X509CertImpl cert = null;
 
         // get mapper and publisher for cert type.
-        LdapMappers mappers = 
-            mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT);
+        LdapMappers mappers =
+                mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT);
 
         if (mappers == null || mappers.publisher == null) {
             CMS.debug(
-                "publisher for " + LdapPublishModule.PROP_TYPE_CLIENT + " is null");
+                    "publisher for " + LdapPublishModule.PROP_TYPE_CLIENT + " is null");
             return;
         }
 
@@ -646,46 +637,44 @@ class HandleRenewal implements IRequestListener {
 
         for (int i = 0; i < certs.length; i++) {
             cert = (X509CertImpl) certs[i];
-            if (cert == null) 
+            if (cert == null)
                 continue; // there was an error issuing this cert.
             try {
-                mModule.publish((ILdapMapper) mappers.mapper, 
-                    (ILdapPublisher) mappers.publisher, cert);
+                mModule.publish((ILdapMapper) mappers.mapper,
+                        (ILdapPublisher) mappers.publisher, cert);
                 results[i] = IRequest.RES_SUCCESS;
-                mModule.log(ILogger.LL_INFO, 
-                    "Published cert serial no 0x" + cert.getSerialNumber().toString(16));
+                mModule.log(ILogger.LL_INFO,
+                        "Published cert serial no 0x" + cert.getSerialNumber().toString(16));
             } catch (ELdapException e) {
                 error = true;
-                mModule.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
-                    cert.getSerialNumber().toString(16), e.getMessage()));
+                mModule.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
+                                cert.getSerialNumber().toString(16), e.getMessage()));
                 results[i] = IRequest.RES_ERROR;
             }
         }
         r.setExtData("ldapPublishStatus", results);
         r.setExtData("ldapPublishOverAllStatus",
-            (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
+                (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
     }
 }
 
-
 class HandleRevocation implements IRequestListener {
     private LdapPublishModule mModule = null;
+
     public HandleRevocation(LdapPublishModule module) {
         mModule = module;
     }
 
-    public void init(ISubsystem sub, IConfigStore config) throws EBaseException 
-	{
-	}
+    public void init(ISubsystem sub, IConfigStore config) throws EBaseException {
+    }
 
-    public void set(String name, String val)
-    {
+    public void set(String name, String val) {
     }
 
     public void accept(IRequest r) {
         CMS.debug(
-            "Handle publishing for revoke request id " + r.getRequestId());
+                "Handle publishing for revoke request id " + r.getRequestId());
 
         // get fields in request.
         X509CertImpl[] revcerts = r.getExtDataInCertArray(IRequest.OLD_CERTS);
@@ -693,18 +682,18 @@ class HandleRevocation implements IRequestListener {
         if (revcerts == null || revcerts.length == 0 || revcerts[0] == null) {
             // no certs in revoke.
             CMS.debug(
-                "Nothing to unpublish for revocation " +
-                "request " + r.getRequestId());
+                    "Nothing to unpublish for revocation " +
+                            "request " + r.getRequestId());
             return;
         }
 
         // get mapper and publisher for cert type.
-        LdapMappers mappers = 
-            mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT);
+        LdapMappers mappers =
+                mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT);
 
         if (mappers == null || mappers.publisher == null) {
             CMS.debug(
-                "publisher for " + LdapPublishModule.PROP_TYPE_CLIENT + " is null");
+                    "publisher for " + LdapPublishModule.PROP_TYPE_CLIENT + " is null");
             return;
         }
 
@@ -716,41 +705,40 @@ class HandleRevocation implements IRequestListener {
 
             results[i] = IRequest.RES_ERROR;
             try {
-                mModule.unpublish((ILdapMapper) mappers.mapper, 
-                    (ILdapPublisher) mappers.publisher, cert);
+                mModule.unpublish((ILdapMapper) mappers.mapper,
+                        (ILdapPublisher) mappers.publisher, cert);
                 results[i] = IRequest.RES_SUCCESS;
                 CMS.debug(
-                    "Unpublished cert serial no 0x" + cert.getSerialNumber().toString(16));
+                        "Unpublished cert serial no 0x" + cert.getSerialNumber().toString(16));
             } catch (ELdapException e) {
                 error = true;
-                mModule.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH",
-                    cert.getSerialNumber().toString(16), e.getMessage()));
+                mModule.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH",
+                                cert.getSerialNumber().toString(16), e.getMessage()));
             }
         }
         r.setExtData("ldapPublishStatus", results);
         r.setExtData("ldapPublishOverAllStatus",
-            (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
+                (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
     }
 }
 
-
 class HandleUnrevocation implements IRequestListener {
     private LdapPublishModule mModule = null;
+
     public HandleUnrevocation(LdapPublishModule module) {
         mModule = module;
     }
 
-    public void set(String name, String val)
-    {
+    public void set(String name, String val) {
+    }
+
+    public void init(ISubsystem sub, IConfigStore config) throws EBaseException {
     }
-    public void init(ISubsystem sub, IConfigStore config) throws EBaseException 
-	{
-	}
 
     public void accept(IRequest r) {
         CMS.debug(
-            "Handle publishing for unrevoke request id " + r.getRequestId());
+                "Handle publishing for unrevoke request id " + r.getRequestId());
 
         // get fields in request.
         X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.OLD_CERTS);
@@ -758,18 +746,18 @@ class HandleUnrevocation implements IRequestListener {
         if (certs == null || certs.length == 0 || certs[0] == null) {
             // no certs in unrevoke.
             CMS.debug(
-                "Nothing to publish for unrevocation " +
-                "request " + r.getRequestId());
+                    "Nothing to publish for unrevocation " +
+                            "request " + r.getRequestId());
             return;
         }
 
         // get mapper and publisher for cert type.
-        LdapMappers mappers = 
-            mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT);
+        LdapMappers mappers =
+                mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT);
 
         if (mappers == null || mappers.publisher == null) {
             CMS.debug(
-                "publisher for " + LdapPublishModule.PROP_TYPE_CLIENT + " is null");
+                    "publisher for " + LdapPublishModule.PROP_TYPE_CLIENT + " is null");
             return;
         }
 
@@ -779,22 +767,21 @@ class HandleUnrevocation implements IRequestListener {
         for (int i = 0; i < certs.length; i++) {
             results[i] = IRequest.RES_ERROR;
             try {
-                mModule.publish((ILdapMapper) mappers.mapper, 
-                    (ILdapPublisher) mappers.publisher, certs[i]);
+                mModule.publish((ILdapMapper) mappers.mapper,
+                        (ILdapPublisher) mappers.publisher, certs[i]);
                 results[i] = IRequest.RES_SUCCESS;
                 CMS.debug(
-                    "Unpublished cert serial no 0x" + certs[i].getSerialNumber().toString(16));
+                        "Unpublished cert serial no 0x" + certs[i].getSerialNumber().toString(16));
             } catch (ELdapException e) {
                 error = true;
-                mModule.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH",
-                    certs[i].getSerialNumber().toString(16), e.getMessage()));
+                mModule.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH",
+                                certs[i].getSerialNumber().toString(16), e.getMessage()));
             }
         }
         r.setExtData("ldapPublishStatus", results);
         r.setExtData("ldapPublishOverAllStatus",
-            (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
+                (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java
index 6c1e1e8a..3d44063d 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import java.math.BigInteger;
 import java.security.cert.Certificate;
 import java.util.Hashtable;
@@ -42,7 +41,6 @@ import com.netscape.certsrv.request.IRequestListener;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.cmscore.dbs.CertRecord;
 
-
 public class LdapRequestListener implements IRequestListener {
     private boolean mInited = false;
 
@@ -57,23 +55,23 @@ public class LdapRequestListener implements IRequestListener {
     public LdapRequestListener() {
     }
 
-	public void set(String name, String val) 
-	{ 
-	}
+    public void set(String name, String val) {
+    }
 
     public void init(ISubsystem sys, IConfigStore config) throws EBaseException {
-        if (mInited) return;
+        if (mInited)
+            return;
 
-        mPublisherProcessor = (IPublisherProcessor)sys;
+        mPublisherProcessor = (IPublisherProcessor) sys;
 
         mRequestListeners.put(IRequest.ENROLLMENT_REQUEST,
-            new LdapEnrollmentListener(mPublisherProcessor));
+                new LdapEnrollmentListener(mPublisherProcessor));
         mRequestListeners.put(IRequest.RENEWAL_REQUEST,
-            new LdapRenewalListener(mPublisherProcessor));
+                new LdapRenewalListener(mPublisherProcessor));
         mRequestListeners.put(IRequest.REVOCATION_REQUEST,
-            new LdapRevocationListener(mPublisherProcessor));
+                new LdapRevocationListener(mPublisherProcessor));
         mRequestListeners.put(IRequest.UNREVOCATION_REQUEST,
-            new LdapUnrevocationListener(mPublisherProcessor));
+                new LdapUnrevocationListener(mPublisherProcessor));
         mInited = true;
     }
 
@@ -86,22 +84,22 @@ public class LdapRequestListener implements IRequestListener {
             if (r.getExtDataInInteger(IRequest.RESULT) == null)
                 return null;
 
-                // check if request failed.
+            // check if request failed.
             if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) {
                 CMS.debug("Request errored. " +
-                    "Nothing to publish for enrollment request id " +
-                    r.getRequestId());
+                        "Nothing to publish for enrollment request id " +
+                        r.getRequestId());
                 return null;
             }
             CMS.debug("Checking publishing for request " +
-                r.getRequestId());
+                    r.getRequestId());
             // check if issued certs is set.
             X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
             if (certs == null || certs.length == 0 || certs[0] == null) {
                 CMS.debug(
-                    "No certs to publish for request id " +
-                    r.getRequestId());
+                        "No certs to publish for request id " +
+                                r.getRequestId());
                 return null;
             }
             obj.setCerts(certs);
@@ -112,7 +110,7 @@ public class LdapRequestListener implements IRequestListener {
 
             if (certs == null || certs.length == 0) {
                 CMS.debug("no certs to publish for renewal " +
-                    "request " + r.getRequestId());
+                        "request " + r.getRequestId());
                 return null;
             }
             obj.setCerts(certs);
@@ -123,8 +121,8 @@ public class LdapRequestListener implements IRequestListener {
             if (revcerts == null || revcerts.length == 0 || revcerts[0] == null) {
                 // no certs in revoke.
                 CMS.debug(
-                    "Nothing to unpublish for revocation " +
-                    "request " + r.getRequestId());
+                        "Nothing to unpublish for revocation " +
+                                "request " + r.getRequestId());
                 return null;
             }
             obj.setCerts(revcerts);
@@ -135,16 +133,16 @@ public class LdapRequestListener implements IRequestListener {
             if (certs == null || certs.length == 0 || certs[0] == null) {
                 // no certs in unrevoke.
                 CMS.debug(
-                    "Nothing to publish for unrevocation " +
-                    "request " + r.getRequestId());
+                        "Nothing to publish for unrevocation " +
+                                "request " + r.getRequestId());
                 return null;
             }
             obj.setCerts(certs);
             return obj;
         } else {
             CMS.debug("Request errored. " +
-                "Nothing to publish for request id " +
-                r.getRequestId());
+                    "Nothing to publish for request id " +
+                    r.getRequestId());
             return null;
         }
 
@@ -157,7 +155,7 @@ public class LdapRequestListener implements IRequestListener {
 
         if (handler == null) {
             CMS.debug(
-                "Nothing to publish for request type " + type);
+                    "Nothing to publish for request type " + type);
             return;
         }
         handler.accept(r);
@@ -165,7 +163,6 @@ public class LdapRequestListener implements IRequestListener {
 
 }
 
-
 class LdapEnrollmentListener implements IRequestListener {
     IPublisherProcessor mProcessor = null;
 
@@ -176,51 +173,50 @@ class LdapEnrollmentListener implements IRequestListener {
     public void init(ISubsystem sys, IConfigStore config) throws EBaseException {
     }
 
-    public void set(String name, String val)
-    {
+    public void set(String name, String val) {
     }
 
     public void accept(IRequest r) {
         CMS.debug(
-            "LdapRequestListener handling publishing for enrollment request id " +
-            r.getRequestId());
+                "LdapRequestListener handling publishing for enrollment request id " +
+                        r.getRequestId());
 
         String profileId = r.getExtDataInString("profileId");
 
         if (profileId == null) {
-          // in case it's not meant for us
-          if (r.getExtDataInInteger(IRequest.RESULT) == null)
-            return;
+            // in case it's not meant for us
+            if (r.getExtDataInInteger(IRequest.RESULT) == null)
+                return;
 
             // check if request failed.
-          if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) {
-            CMS.debug("Request errored. " +
-                "Nothing to publish for enrollment request id " +
-                r.getRequestId());
-            return;
-          }
-	}
+            if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) {
+                CMS.debug("Request errored. " +
+                        "Nothing to publish for enrollment request id " +
+                        r.getRequestId());
+                return;
+            }
+        }
         CMS.debug("Checking publishing for request " +
-            r.getRequestId());
+                r.getRequestId());
         // check if issued certs is set.
         Certificate[] certs = null;
         if (profileId == null) {
-		certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
-	} else {
-		certs = new Certificate[1];
-		certs[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
-	}
+            certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+        } else {
+            certs = new Certificate[1];
+            certs[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
+        }
 
         if (certs == null || certs.length == 0 || certs[0] == null) {
             CMS.debug(
-                "No certs to publish for request id " + r.getRequestId());
+                    "No certs to publish for request id " + r.getRequestId());
             return;
         }
-		
+
         if (certs[0] instanceof X509CertImpl)
             acceptX509(r, certs);
     }
-	
+
     public void acceptX509(IRequest r, Certificate[] certs) {
         Integer results[] = new Integer[certs.length];
         boolean error = false;
@@ -228,42 +224,41 @@ class LdapEnrollmentListener implements IRequestListener {
         for (int i = 0; i < certs.length; i++) {
             X509CertImpl xcert = (X509CertImpl) certs[i];
 
-            if (xcert == null) 
+            if (xcert == null)
                 continue;
             try {
                 mProcessor.publishCert(xcert, r);
-		
+
                 results[i] = IRequest.RES_SUCCESS;
                 CMS.debug(
-                    "acceptX509: Published cert serial no 0x" +
-                    xcert.getSerialNumber().toString(16));
+                        "acceptX509: Published cert serial no 0x" +
+                                xcert.getSerialNumber().toString(16));
                 //mProcessor.setPublishedFlag(xcert.getSerialNumber(), true);
             } catch (ELdapException e) {
-                mProcessor.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
-                    xcert.getSerialNumber().toString(16), e.toString()));
+                mProcessor.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
+                                xcert.getSerialNumber().toString(16), e.toString()));
                 results[i] = IRequest.RES_ERROR;
                 error = true;
             }
         }
         r.setExtData("ldapPublishStatus", results);
         r.setExtData("ldapPublishOverAllStatus",
-            (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
+                (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
     }
 }
 
-
 class LdapRenewalListener implements IRequestListener {
     private IPublisherProcessor mProcessor = null;
 
     public LdapRenewalListener(IPublisherProcessor processor) {
         mProcessor = processor;
     }
+
     public void init(ISubsystem sys, IConfigStore config) throws EBaseException {
     }
 
-    public void set(String name, String val)
-    {
+    public void set(String name, String val) {
     }
 
     public void accept(IRequest r) {
@@ -272,14 +267,14 @@ class LdapRenewalListener implements IRequestListener {
 
         if (certs == null || certs.length == 0) {
             CMS.debug("no certs to publish for renewal " +
-                "request " + r.getRequestId());
+                    "request " + r.getRequestId());
             return;
         }
-		
+
         if (certs[0] instanceof X509CertImpl)
             acceptX509(r, certs);
     }
-			
+
     public void acceptX509(IRequest r, Certificate[] certs) {
         X509CertImpl cert = null;
 
@@ -288,45 +283,44 @@ class LdapRenewalListener implements IRequestListener {
 
         for (int i = 0; i < certs.length; i++) {
             cert = (X509CertImpl) certs[i];
-            if (cert == null) 
+            if (cert == null)
                 continue; // there was an error issuing this cert.
             try {
                 mProcessor.publishCert(cert, r);
                 results[i] = IRequest.RES_SUCCESS;
-                mProcessor.log(ILogger.LL_INFO, 
-                    "Published cert serial no 0x" +
-                    cert.getSerialNumber().toString(16));
+                mProcessor.log(ILogger.LL_INFO,
+                        "Published cert serial no 0x" +
+                                cert.getSerialNumber().toString(16));
             } catch (ELdapException e) {
                 error = true;
-                mProcessor.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
-                    cert.getSerialNumber().toString(16), e.toString()));
+                mProcessor.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
+                                cert.getSerialNumber().toString(16), e.toString()));
                 results[i] = IRequest.RES_ERROR;
             }
         }
         r.setExtData("ldapPublishStatus", results);
         r.setExtData("ldapPublishOverAllStatus",
-            (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
+                (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
     }
 }
 
-
 class LdapRevocationListener implements IRequestListener {
     private IPublisherProcessor mProcessor = null;
 
     public LdapRevocationListener(IPublisherProcessor processor) {
         mProcessor = processor;
     }
+
     public void init(ISubsystem sys, IConfigStore config) throws EBaseException {
     }
 
-    public void set(String name, String val)
-    {
+    public void set(String name, String val) {
     }
 
     public void accept(IRequest r) {
         CMS.debug(
-            "Handle publishing for revoke request id " + r.getRequestId());
+                "Handle publishing for revoke request id " + r.getRequestId());
 
         // get fields in request.
         Certificate[] certs = r.getExtDataInCertArray(IRequest.OLD_CERTS);
@@ -334,15 +328,15 @@ class LdapRevocationListener implements IRequestListener {
         if (certs == null || certs.length == 0 || certs[0] == null) {
             // no certs in revoke.
             CMS.debug(
-                "Nothing to unpublish for revocation " +
-                "request " + r.getRequestId());
+                    "Nothing to unpublish for revocation " +
+                            "request " + r.getRequestId());
             return;
         }
-		
+
         if (certs[0] instanceof X509CertImpl)
             acceptX509(r, certs);
     }
-	
+
     public void acceptX509(IRequest r, Certificate[] revcerts) {
         boolean error = false;
         Integer results[] = new Integer[revcerts.length];
@@ -356,15 +350,15 @@ class LdapRevocationListener implements IRequestListener {
                 // We need the enrollment request to sort out predicate
                 BigInteger serial = cert.getSerialNumber();
                 ICertRecord certRecord = null;
-                IAuthority auth = (IAuthority)mProcessor.getAuthority();
+                IAuthority auth = (IAuthority) mProcessor.getAuthority();
 
                 if (auth == null ||
-                    !(auth instanceof ICertificateAuthority)) {
+                        !(auth instanceof ICertificateAuthority)) {
                     mProcessor.log(ILogger.LL_WARN,
-                        "Trying to get a certificate from non certificate authority.");
+                            "Trying to get a certificate from non certificate authority.");
                 } else {
                     ICertificateRepository certdb =
-                        (ICertificateRepository) ((ICertificateAuthority) auth).getCertificateRepository();
+                            (ICertificateRepository) ((ICertificateAuthority) auth).getCertificateRepository();
 
                     if (certdb == null) {
                         mProcessor.log(ILogger.LL_WARN, "Cert DB is null for " + auth);
@@ -373,72 +367,72 @@ class LdapRevocationListener implements IRequestListener {
                             certRecord = (ICertRecord) certdb.readCertificateRecord(serial);
                         } catch (EBaseException e) {
                             mProcessor.log(ILogger.LL_FAILURE,
-				CMS.getLogMessage("CMSCORE_LDAP_GET_CERT_RECORD",
-                                serial.toString(16), e.toString()));
+                                    CMS.getLogMessage("CMSCORE_LDAP_GET_CERT_RECORD",
+                                            serial.toString(16), e.toString()));
                         }
                     }
                 }
 
                 MetaInfo metaInfo = null;
                 String ridString = null;
-				
+
                 if (certRecord != null)
-                    metaInfo = 
+                    metaInfo =
                             (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO);
                 if (metaInfo == null) {
-                    mProcessor.log(ILogger.LL_FAILURE,					
-                        "failed getting CertRecord.ATTR_META_INFO for cert serial number 0x" +
-                        serial.toString(16));
+                    mProcessor.log(ILogger.LL_FAILURE,
+                            "failed getting CertRecord.ATTR_META_INFO for cert serial number 0x" +
+                                    serial.toString(16));
                 } else {
                     ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
                 }
-				
+
                 IRequest req = null;
 
                 if (ridString != null) {
                     RequestId rid = new RequestId(ridString);
-				
+
                     req = auth.getRequestQueue().findRequest(rid);
-                } 
+                }
                 mProcessor.unpublishCert(cert, req);
                 results[i] = IRequest.RES_SUCCESS;
                 CMS.debug(
-                    "Unpublished cert serial no 0x" +
-                    cert.getSerialNumber().toString(16));
+                        "Unpublished cert serial no 0x" +
+                                cert.getSerialNumber().toString(16));
             } catch (ELdapException e) {
                 error = true;
-                mProcessor.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH",
-                    cert.getSerialNumber().toString(16), e.toString()));
+                mProcessor.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH",
+                                cert.getSerialNumber().toString(16), e.toString()));
             } catch (EBaseException e) {
                 error = true;
-                mProcessor.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_FIND",
-                    cert.getSerialNumber().toString(16), e.toString()));
+                mProcessor.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_FIND",
+                                cert.getSerialNumber().toString(16), e.toString()));
             }
         }
         r.setExtData("ldapPublishStatus", results);
         r.setExtData("ldapPublishOverAllStatus",
-            (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
+                (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
     }
 }
 
-
 class LdapUnrevocationListener implements IRequestListener {
     private IPublisherProcessor mProcessor = null;
 
     public LdapUnrevocationListener(IPublisherProcessor processor) {
         mProcessor = processor;
     }
+
     public void init(ISubsystem sys, IConfigStore config) throws EBaseException {
     }
-    public void set(String name, String val)
-    {
+
+    public void set(String name, String val) {
     }
 
     public void accept(IRequest r) {
         CMS.debug(
-            "Handle publishing for unrevoke request id " + r.getRequestId());
+                "Handle publishing for unrevoke request id " + r.getRequestId());
 
         // get fields in request.
         Certificate[] certs = r.getExtDataInCertArray(IRequest.OLD_CERTS);
@@ -446,15 +440,15 @@ class LdapUnrevocationListener implements IRequestListener {
         if (certs == null || certs.length == 0 || certs[0] == null) {
             // no certs in unrevoke.
             CMS.debug(
-                "Nothing to publish for unrevocation " +
-                "request " + r.getRequestId());
+                    "Nothing to publish for unrevocation " +
+                            "request " + r.getRequestId());
             return;
         }
-		
+
         if (certs[0] instanceof X509CertImpl)
             acceptX509(r, certs);
     }
-	
+
     public void acceptX509(IRequest r, Certificate[] certs) {
         boolean error = false;
         Integer results[] = new Integer[certs.length];
@@ -467,15 +461,15 @@ class LdapUnrevocationListener implements IRequestListener {
                 // We need the enrollment request to sort out predicate
                 BigInteger serial = xcert.getSerialNumber();
                 ICertRecord certRecord = null;
-                IAuthority auth = (IAuthority)mProcessor.getAuthority();
+                IAuthority auth = (IAuthority) mProcessor.getAuthority();
 
                 if (auth == null ||
-                    !(auth instanceof ICertificateAuthority)) {
+                        !(auth instanceof ICertificateAuthority)) {
                     mProcessor.log(ILogger.LL_WARN,
-                        "Trying to get a certificate from non certificate authority.");
+                            "Trying to get a certificate from non certificate authority.");
                 } else {
                     ICertificateRepository certdb = (ICertificateRepository)
-                        ((ICertificateAuthority) auth).getCertificateRepository();
+                            ((ICertificateAuthority) auth).getCertificateRepository();
 
                     if (certdb == null) {
                         mProcessor.log(ILogger.LL_WARN, "Cert DB is null for " + auth);
@@ -484,52 +478,51 @@ class LdapUnrevocationListener implements IRequestListener {
                             certRecord = (ICertRecord) certdb.readCertificateRecord(serial);
                         } catch (EBaseException e) {
                             mProcessor.log(ILogger.LL_FAILURE,
-				CMS.getLogMessage("CMSCORE_LDAP_GET_CERT_RECORD",  serial.toString(16), e.toString()));
+                                    CMS.getLogMessage("CMSCORE_LDAP_GET_CERT_RECORD", serial.toString(16), e.toString()));
                         }
                     }
                 }
 
                 MetaInfo metaInfo = null;
                 String ridString = null;
-				
+
                 if (certRecord != null)
-                    metaInfo = 
+                    metaInfo =
                             (MetaInfo) certRecord.get(CertRecord.ATTR_META_INFO);
                 if (metaInfo == null) {
-                    mProcessor.log(ILogger.LL_FAILURE,					
-                        "Failed getting CertRecord.ATTR_META_INFO for cert serial number 0x" +
-                        serial.toString(16));
+                    mProcessor.log(ILogger.LL_FAILURE,
+                            "Failed getting CertRecord.ATTR_META_INFO for cert serial number 0x" +
+                                    serial.toString(16));
                 } else {
                     ridString = (String) metaInfo.get(CertRecord.META_REQUEST_ID);
                 }
-				
+
                 IRequest req = null;
 
                 if (ridString != null) {
                     RequestId rid = new RequestId(ridString);
-				
+
                     req = auth.getRequestQueue().findRequest(rid);
-                } 
+                }
                 mProcessor.publishCert(xcert, req);
                 results[i] = IRequest.RES_SUCCESS;
                 CMS.debug(
-                    "Published cert serial no 0x" +
-                    xcert.getSerialNumber().toString(16));
+                        "Published cert serial no 0x" +
+                                xcert.getSerialNumber().toString(16));
             } catch (ELdapException e) {
                 error = true;
-                mProcessor.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
-                    xcert.getSerialNumber().toString(16), e.toString()));
+                mProcessor.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
+                                xcert.getSerialNumber().toString(16), e.toString()));
             } catch (EBaseException e) {
                 error = true;
-                mProcessor.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_FIND",
-                    xcert.getSerialNumber().toString(16), e.toString()));
-            } 
+                mProcessor.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_FIND",
+                                xcert.getSerialNumber().toString(16), e.toString()));
+            }
         }
         r.setExtData("ldapPublishStatus", results);
         r.setExtData("ldapPublishOverAllStatus",
-            (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
+                (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRule.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRule.java
index 233cbf87..a65e6bb0 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRule.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRule.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -30,8 +29,7 @@ import com.netscape.certsrv.publish.ILdapRule;
 import com.netscape.certsrv.publish.IPublisherProcessor;
 import com.netscape.cmscore.util.Debug;
 
-
-/** 
+/**
  * The publishing rule that links mapper and publisher together.
  */
 public class LdapRule implements ILdapRule, IExtendedPluginInfo {
@@ -43,7 +41,7 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
 
     private IPublisherProcessor mProcessor = null;
 
-    private static String[] epi_params = null;  // extendedpluginInfo
+    private static String[] epi_params = null; // extendedpluginInfo
 
     public IConfigStore getConfigStore() {
         return mConfig;
@@ -61,7 +59,7 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
         }
         return epi_params;
     }
-	
+
     public void init(IPublisherProcessor processor, IConfigStore config) throws EBaseException {
         mConfig = config;
 
@@ -72,14 +70,14 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
         String map = NOMAPPER;
 
         for (; mappers.hasMoreElements();) {
-            String name =  mappers.nextElement();
+            String name = mappers.nextElement();
 
             map = map + "," + name;
         }
         String publish = "";
 
         for (; publishers.hasMoreElements();) {
-            String name =  publishers.nextElement();
+            String name = publishers.nextElement();
 
             publish = publish + "," + name;
         }
@@ -94,7 +92,7 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
 
         // Read the predicate expression if any associated
         // with the rule
-        String exp = config.getString(IPublisherProcessor.PROP_PREDICATE, null);		
+        String exp = config.getString(IPublisherProcessor.PROP_PREDICATE, null);
 
         if (exp != null)
             exp = exp.trim();
@@ -125,7 +123,7 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
 
         // Read the predicate expression if any associated
         // with the rule
-        String exp = config.getString(IPublisherProcessor.PROP_PREDICATE, null);		
+        String exp = config.getString(IPublisherProcessor.PROP_PREDICATE, null);
 
         if (exp != null)
             exp = exp.trim();
@@ -200,20 +198,20 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
         Vector<String> v = new Vector<String>();
 
         try {
-            v.addElement(IPublisherProcessor.PROP_TYPE + "=" + 
-                mConfig.getString(IPublisherProcessor.PROP_TYPE, ""));
-            v.addElement(IPublisherProcessor.PROP_PREDICATE + "=" + 
-                mConfig.getString(IPublisherProcessor.PROP_PREDICATE, 
-                    ""));
-            v.addElement(IPublisherProcessor.PROP_ENABLE + "=" + 
-                mConfig.getString(IPublisherProcessor.PROP_ENABLE, 
-                    ""));
-            v.addElement(IPublisherProcessor.PROP_MAPPER + "=" + 
-                mConfig.getString(IPublisherProcessor.PROP_MAPPER, 
-                    ""));
-            v.addElement(IPublisherProcessor.PROP_PUBLISHER + "=" + 
-                mConfig.getString(IPublisherProcessor.PROP_PUBLISHER, 
-                    ""));
+            v.addElement(IPublisherProcessor.PROP_TYPE + "=" +
+                    mConfig.getString(IPublisherProcessor.PROP_TYPE, ""));
+            v.addElement(IPublisherProcessor.PROP_PREDICATE + "=" +
+                    mConfig.getString(IPublisherProcessor.PROP_PREDICATE,
+                            ""));
+            v.addElement(IPublisherProcessor.PROP_ENABLE + "=" +
+                    mConfig.getString(IPublisherProcessor.PROP_ENABLE,
+                            ""));
+            v.addElement(IPublisherProcessor.PROP_MAPPER + "=" +
+                    mConfig.getString(IPublisherProcessor.PROP_MAPPER,
+                            ""));
+            v.addElement(IPublisherProcessor.PROP_PUBLISHER + "=" +
+                    mConfig.getString(IPublisherProcessor.PROP_PUBLISHER,
+                            ""));
         } catch (EBaseException e) {
         }
         return v;
@@ -222,8 +220,8 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
     /**
      * Sets a predicate expression for rule matching.
      * <P>
-     *
-     * @param exp   The predicate expression for the rule.
+     * 
+     * @param exp The predicate expression for the rule.
      */
     public void setPredicate(ILdapExpression exp) {
         mFilterExp = exp;
@@ -232,7 +230,7 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
     /**
      * Returns the predicate expression for the rule.
      * <P>
-     *
+     * 
      * @return The predicate expression for the rule.
      */
     public ILdapExpression getPredicate() {
@@ -242,7 +240,7 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
     public String getMapper() {
         try {
             String map =
-                mConfig.getString(IPublisherProcessor.PROP_MAPPER, "");
+                    mConfig.getString(IPublisherProcessor.PROP_MAPPER, "");
 
             if (map != null)
                 map = map.trim();
@@ -275,8 +273,8 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
 
     public boolean enabled() {
         try {
-            boolean enable = 
-                mConfig.getBoolean(IPublisherProcessor.PROP_ENABLE, false);
+            boolean enable =
+                    mConfig.getBoolean(IPublisherProcessor.PROP_ENABLE, false);
 
             //System.out.println(enable);
             return enable;
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapSimpleExpression.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapSimpleExpression.java
index a2a7e558..c1935caf 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapSimpleExpression.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapSimpleExpression.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -28,13 +27,12 @@ import com.netscape.certsrv.publish.ILdapExpression;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cmscore.util.AssertionException;
 
-
 /**
  * This class represents an expression of the form var = val,
  * var != val, var < val, var > val, var <= val, var >= val.
- *
+ * 
  * Expressions are used as predicates for publishing rule selection.
- *
+ * 
  * @author mzhao
  * @version $Revision$, $Date$
  */
@@ -51,7 +49,7 @@ public class LdapSimpleExpression implements ILdapExpression {
     public static LdapSimpleExpression NULL_EXPRESSION = new LdapSimpleExpression("null", OP_EQUAL, "null");
 
     public static ILdapExpression parse(String input)
-        throws ELdapException {
+            throws ELdapException {
         // Get the index of operator
         // Debug.trace("LdapSimpleExpression::input: " + input);
         String var = null;
@@ -73,7 +71,7 @@ public class LdapSimpleExpression implements ILdapExpression {
             comps = parseForLT(input);
         if (comps == null)
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_BAD_LDAP_EXPRESSION", input));
-	
+
         String pfx = null;
         String rawVar = comps.getAttr();
         int dotIdx = rawVar.indexOf('.');
@@ -119,13 +117,13 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 
     public boolean evaluate(SessionContext sc)
-        throws ELdapException {
+            throws ELdapException {
         Object givenVal;
 
         try {
             // Try exact case first.
             givenVal = (String) sc.get(mVar);
-        }catch (Exception e) {
+        } catch (Exception e) {
             givenVal = (String) null;
         }
 
@@ -135,7 +133,7 @@ public class LdapSimpleExpression implements ILdapExpression {
         if (givenVal == null) {
             try {
                 givenVal = (String) sc.get(mVar.toLowerCase());
-            }catch (Exception e) {
+            } catch (Exception e) {
                 givenVal = (String) null;
             }
         }
@@ -143,7 +141,7 @@ public class LdapSimpleExpression implements ILdapExpression {
         if (givenVal == null) {
             try {
                 givenVal = (String) sc.get(mVar.toUpperCase());
-            }catch (Exception e) {
+            } catch (Exception e) {
                 givenVal = (String) null;
             }
         }
@@ -158,7 +156,7 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 
     public boolean evaluate(IRequest req)
-        throws ELdapException {
+            throws ELdapException {
         boolean result = false;
         // mPfx and mVar are looked up case-indendently
         if (mPfx != null) {
@@ -170,7 +168,7 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 
     private boolean matchVector(Vector value)
-        throws ELdapException {
+            throws ELdapException {
         boolean result = false;
         Enumeration e = (Enumeration) value.elements();
 
@@ -183,7 +181,7 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 
     private boolean matchStringArray(String[] value)
-        throws ELdapException {
+            throws ELdapException {
         boolean result = false;
 
         for (int i = 0; i < value.length; i++) {
@@ -195,7 +193,7 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 
     private boolean matchValue(Object value)
-        throws ELdapException {
+            throws ELdapException {
         boolean result;
 
         // There is nothing to compare with!
@@ -219,7 +217,7 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 
     private boolean matchStringValue(String givenVal)
-        throws ELdapException {
+            throws ELdapException {
         boolean result;
 
         switch (mOp) {
@@ -260,7 +258,7 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 
     private boolean matchIntegerValue(Integer intVal)
-        throws ELdapException {
+            throws ELdapException {
         boolean result;
         int storedVal;
         int givenVal = intVal.intValue();
@@ -303,12 +301,11 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 
     private boolean matchBooleanValue(Boolean givenVal)
-        throws ELdapException {
+            throws ELdapException {
         boolean result;
         Boolean storedVal;
 
-        if (!(mVal.equalsIgnoreCase("true") ||
-                mVal.equalsIgnoreCase("false")))
+        if (!(mVal.equalsIgnoreCase("true") || mVal.equalsIgnoreCase("false")))
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_INVALID_ATTR_VALUE",
                     mVal));
         storedVal = new Boolean(mVal);
@@ -359,7 +356,7 @@ public class LdapSimpleExpression implements ILdapExpression {
             op = ILdapExpression.LE_STR;
             break;
         }
-        if (mPfx != null && mPfx.length() > 0) 
+        if (mPfx != null && mPfx.length() > 0)
             return mPfx + "." + mVar + " " + op + " " + mVal;
         else
             return mVar + " " + op + " " + mVal;
@@ -450,7 +447,6 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 }
 
-
 class ExpressionComps {
     String attr;
     int op;
@@ -474,4 +470,3 @@ class ExpressionComps {
         return val;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/PublishObject.java b/pki/base/common/src/com/netscape/cmscore/ldap/PublishObject.java
index fc2ace23..940330d6 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/PublishObject.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/PublishObject.java
@@ -17,11 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import netscape.security.x509.X509CRLImpl;
 import netscape.security.x509.X509CertImpl;
 
-
 /**
  * The object to publish or unpublish: a certificate or a CRL
  */
@@ -32,7 +30,7 @@ public class PublishObject {
     private String mObjectType = null;
     private X509CertImpl mCert = null;
     private X509CertImpl[] mCerts = null;
-    private X509CRLImpl mCRL = null;	
+    private X509CRLImpl mCRL = null;
     private int mIndex = 0;
 
     public PublishObject() {
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java b/pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java
index 57e39aef..7ee489ff 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import java.math.BigInteger;
 import java.security.cert.X509CRL;
 import java.security.cert.X509Certificate;
@@ -61,9 +60,8 @@ import com.netscape.certsrv.request.IRequestNotifier;
 import com.netscape.cmscore.dbs.CertRecord;
 import com.netscape.cmscore.util.Debug;
 
-
 public class PublisherProcessor implements
-		IPublisherProcessor, IXcertPublisherProcessor {
+        IPublisherProcessor, IXcertPublisherProcessor {
 
     public Hashtable<String, PublisherPlugin> mPublisherPlugins = new Hashtable<String, PublisherPlugin>();
     public Hashtable<String, PublisherProxy> mPublisherInsts = new Hashtable<String, PublisherProxy>();
@@ -73,7 +71,7 @@ public class PublisherProcessor implements
     public Hashtable<String, ILdapRule> mRuleInsts = new Hashtable<String, ILdapRule>();
 
     /**
-     protected PublishRuleSet mRuleSet = null;
+     * protected PublishRuleSet mRuleSet = null;
      **/
     protected LdapConnModule mLdapConnModule = null;
 
@@ -94,7 +92,7 @@ public class PublisherProcessor implements
     public String getId() {
         return mId;
     }
-		
+
     public void setId(String id) {
         mId = id;
     }
@@ -104,7 +102,7 @@ public class PublisherProcessor implements
     }
 
     public void init(ISubsystem authority, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
         mAuthority = (ICertAuthority) authority;
 
@@ -124,20 +122,20 @@ public class PublisherProcessor implements
         if (Debug.ON)
             Debug.trace("loaded publisher plugins");
 
-            // load publisher instances
+        // load publisher instances
         c = publisherConfig.getSubStore(PROP_INSTANCE);
         Enumeration<String> instances = c.getSubStoreNames();
 
         while (instances.hasMoreElements()) {
             String insName = (String) instances.nextElement();
-            String implName = c.getString(insName + "." + 
+            String implName = c.getString(insName + "." +
                     PROP_PLUGIN);
             PublisherPlugin plugin =
-                (PublisherPlugin) mPublisherPlugins.get(implName);
+                    (PublisherPlugin) mPublisherPlugins.get(implName);
 
-            if (plugin == null) { 
-                log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_PLUGIN_NOT_FIND", implName));
+            if (plugin == null) {
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_PLUGIN_NOT_FIND", implName));
                 throw new ELdapException(implName);
             }
             String className = plugin.getClassPath();
@@ -149,8 +147,8 @@ public class PublisherProcessor implements
             try {
                 publisherInst = (ILdapPublisher)
                         Class.forName(className).newInstance();
-                IConfigStore pConfig = 
-                    c.getSubStore(insName);
+                IConfigStore pConfig =
+                        c.getSubStore(insName);
 
                 publisherInst.init(pConfig);
                 isEnable = true;
@@ -188,8 +186,8 @@ public class PublisherProcessor implements
             }
 
             // add publisher instance to list.
-            mPublisherInsts.put(insName, new 
-                PublisherProxy(isEnable, publisherInst));
+            mPublisherInsts.put(insName, new
+                    PublisherProxy(isEnable, publisherInst));
             log(ILogger.LL_INFO, "publisher instance " + insName + " added");
             if (Debug.ON)
                 Debug.trace("loaded publisher instance " + insName + " impl " + implName);
@@ -210,19 +208,19 @@ public class PublisherProcessor implements
         if (Debug.ON)
             Debug.trace("loaded mapper plugins");
 
-            // load mapper instances
+        // load mapper instances
         c = mapperConfig.getSubStore(PROP_INSTANCE);
         instances = c.getSubStoreNames();
         while (instances.hasMoreElements()) {
             String insName = (String) instances.nextElement();
-            String implName = c.getString(insName + "." + 
+            String implName = c.getString(insName + "." +
                     PROP_PLUGIN);
             MapperPlugin plugin =
-                (MapperPlugin) mMapperPlugins.get(implName);
+                    (MapperPlugin) mMapperPlugins.get(implName);
 
-            if (plugin == null) { 
-                log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_MAPPER_NOT_FIND", implName));
+            if (plugin == null) {
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_MAPPER_NOT_FIND", implName));
                 throw new ELdapException(implName);
             }
             String className = plugin.getClassPath();
@@ -230,15 +228,15 @@ public class PublisherProcessor implements
             if (Debug.ON)
                 Debug.trace("loaded mapper className=" + className);
 
-                // Instantiate and init the mapper
+            // Instantiate and init the mapper
             boolean isEnable = false;
             ILdapMapper mapperInst = null;
 
             try {
                 mapperInst = (ILdapMapper)
                         Class.forName(className).newInstance();
-                IConfigStore mConfig = 
-                    c.getSubStore(insName);
+                IConfigStore mConfig =
+                        c.getSubStore(insName);
 
                 mapperInst.init(mConfig);
                 isEnable = true;
@@ -294,19 +292,19 @@ public class PublisherProcessor implements
         if (Debug.ON)
             Debug.trace("loaded rule plugins");
 
-            // load rule instances
+        // load rule instances
         c = ruleConfig.getSubStore(PROP_INSTANCE);
         instances = c.getSubStoreNames();
         while (instances.hasMoreElements()) {
             String insName = (String) instances.nextElement();
-            String implName = c.getString(insName + "." + 
+            String implName = c.getString(insName + "." +
                     PROP_PLUGIN);
             RulePlugin plugin =
-                (RulePlugin) mRulePlugins.get(implName);
+                    (RulePlugin) mRulePlugins.get(implName);
 
-            if (plugin == null) { 
-                log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName));
+            if (plugin == null) {
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName));
                 throw new ELdapException(implName);
             }
             String className = plugin.getClassPath();
@@ -314,7 +312,7 @@ public class PublisherProcessor implements
             if (Debug.ON)
                 Debug.trace("loaded rule className=" + className);
 
-                // Instantiate and init the rule
+            // Instantiate and init the rule
             IConfigStore mConfig = null;
 
             try {
@@ -330,8 +328,8 @@ public class PublisherProcessor implements
                 if (Debug.ON)
                     Debug.trace("ADDING RULE " + insName + "  " + ruleInst);
                 mRuleInsts.put(insName, ruleInst);
-                log(ILogger.LL_INFO, "rule instance " + 
-                    insName + " added");
+                log(ILogger.LL_INFO, "rule instance " +
+                        insName + " added");
             } catch (ClassNotFoundException e) {
                 String errMsg = "PublisherProcessor:: init()-" + e.toString();
 
@@ -351,8 +349,8 @@ public class PublisherProcessor implements
                 if (mConfig == null) {
                     throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
                 }
-                mConfig.putString(ILdapRule.PROP_ENABLE, 
-                    "false");
+                mConfig.putString(ILdapRule.PROP_ENABLE,
+                        "false");
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_SKIP_RULE", insName, e.toString()));
                 // Let the server continue if it is a
                 // mis-configuration. But the instance
@@ -372,22 +370,22 @@ public class PublisherProcessor implements
     /**
      * Retrieves LDAP connection module.
      * <P>
-     *
+     * 
      * @return LDAP connection instance
      */
     public ILdapConnModule getLdapConnModule() {
         return mLdapConnModule;
     }
-	
+
     public void setLdapConnModule(ILdapConnModule m) {
-        mLdapConnModule = (LdapConnModule)m;
+        mLdapConnModule = (LdapConnModule) m;
     }
-		
+
     /**
      * init ldap connection
      */
     private void initLdapConn(IConfigStore ldapConfig)
-        throws EBaseException {
+            throws EBaseException {
         IConfigStore c = ldapConfig;
 
         try {
@@ -397,15 +395,15 @@ public class PublisherProcessor implements
                 mLdapConnModule.init(this, c);
                 CMS.debug("LdapPublishing connection inited");
             } else {
-                log(ILogger.LL_FAILURE, 
-                    "No Ldap Module configuration found");
+                log(ILogger.LL_FAILURE,
+                        "No Ldap Module configuration found");
                 throw new ELdapException(
-                  CMS.getUserMessage("CMS_LDAP_NO_LDAP_PUBLISH_CONFIG_FOUND"));
+                        CMS.getUserMessage("CMS_LDAP_NO_LDAP_PUBLISH_CONFIG_FOUND"));
             }
 
         } catch (ELdapException e) {
-            log(ILogger.LL_FAILURE, 
-                "Ldap Publishing Module failed with " + e);
+            log(ILogger.LL_FAILURE,
+                    "Ldap Publishing Module failed with " + e);
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_INIT_LDAP_PUBLISH_MODULE_FAILED", e.toString()));
         }
     }
@@ -434,9 +432,9 @@ public class PublisherProcessor implements
                 CMS.debug("PublisherProcessor: startup: Publishing Queue Enabled: " + isPublishingQueueEnabled +
                           "  Priority Level: " + publishingQueuePriorityLevel +
                           "  Maximum Number of Threads: " + maxNumberOfPublishingThreads +
-                          "  Page Size: "+ publishingQueuePageSize);
-                IRequestNotifier reqNotifier = ((ICertificateAuthority)mAuthority).getRequestNotifier();
-                reqNotifier.setPublishingQueue (isPublishingQueueEnabled,
+                          "  Page Size: " + publishingQueuePageSize);
+                IRequestNotifier reqNotifier = ((ICertificateAuthority) mAuthority).getRequestNotifier();
+                reqNotifier.setPublishingQueue(isPublishingQueueEnabled,
                                                 publishingQueuePriorityLevel,
                                                 maxNumberOfPublishingThreads,
                                                 publishingQueuePageSize,
@@ -455,7 +453,7 @@ public class PublisherProcessor implements
                 //mLdapRequestListener.shutdown();
                 mAuthority.removeRequestListener(mLdapRequestListener);
             }
-        } catch (Exception e) { 
+        } catch (Exception e) {
             // ignore 
         }
     }
@@ -489,7 +487,7 @@ public class PublisherProcessor implements
     public Enumeration<ILdapRule> getRules(String publishingType) {
         Vector<ILdapRule> rules = new Vector<ILdapRule>();
         Enumeration<String> e = mRuleInsts.keys();
-			
+
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
 
@@ -532,7 +530,7 @@ public class PublisherProcessor implements
 
         Vector<ILdapRule> rules = new Vector<ILdapRule>();
         Enumeration<String> e = mRuleInsts.keys();
-			
+
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
 
@@ -562,17 +560,17 @@ public class PublisherProcessor implements
                 rules.addElement(rule);
                 if (Debug.ON)
                     Debug.trace("added rule " + name + " for " + publishingType +
-                        " request: " + req.getRequestId());
+                            " request: " + req.getRequestId());
             }
         }
         return rules.elements();
     }
 
     /**
-     public PublishRuleSet getPublishRuleSet()
-     {
-     return mRuleSet;
-     }
+     * public PublishRuleSet getPublishRuleSet()
+     * {
+     * return mRuleSet;
+     * }
      **/
 
     public Vector<String> getMapperDefaultParams(String implName) throws
@@ -582,13 +580,13 @@ public class PublisherProcessor implements
 
         if (plugin == null) {
             log(ILogger.LL_FAILURE,
-		CMS.getLogMessage("CMSCORE_LDAP_MAPPER_NOT_FIND", implName));
+                    CMS.getLogMessage("CMSCORE_LDAP_MAPPER_NOT_FIND", implName));
             throw new ELdapException(implName);
         }
-			
+
         // XXX can find an instance of this plugin in existing
         // mapper instances to avoid instantiation just for this.
-			
+
         // a temporary instance
         ILdapMapper mapperInst = null;
         String className = plugin.getClassPath();
@@ -632,17 +630,17 @@ public class PublisherProcessor implements
             ELdapException {
         // is this a registered implname?
         PublisherPlugin plugin = (PublisherPlugin)
-            mPublisherPlugins.get(implName);
+                mPublisherPlugins.get(implName);
 
         if (plugin == null) {
             log(ILogger.LL_FAILURE,
-		CMS.getLogMessage("CMSCORE_LDAP_PLUGIN_NOT_FIND", implName));
+                    CMS.getLogMessage("CMSCORE_LDAP_PLUGIN_NOT_FIND", implName));
             throw new ELdapException(implName);
         }
-			
+
         // XXX can find an instance of this plugin in existing
         // publisher instantces to avoid instantiation just for this.
-			
+
         // a temporary instance
         ILdapPublisher publisherInst = null;
         String className = plugin.getClassPath();
@@ -667,7 +665,7 @@ public class PublisherProcessor implements
 
     public boolean isMapperInstanceEnable(String insName) {
         MapperProxy proxy = (MapperProxy)
-            mMapperInsts.get(insName);
+                mMapperInsts.get(insName);
 
         if (proxy == null) {
             return false;
@@ -696,7 +694,7 @@ public class PublisherProcessor implements
 
     public boolean isPublisherInstanceEnable(String insName) {
         PublisherProxy proxy = (PublisherProxy)
-            mPublisherInsts.get(insName);
+                mPublisherInsts.get(insName);
 
         if (proxy == null) {
             return false;
@@ -706,20 +704,20 @@ public class PublisherProcessor implements
 
     public ILdapPublisher getActivePublisherInstance(String insName) {
         PublisherProxy proxy = (PublisherProxy)
-            mPublisherInsts.get(insName);
+                mPublisherInsts.get(insName);
 
         if (proxy == null) {
             return null;
         }
         if (proxy.isEnable())
             return proxy.getPublisher();
-        else 
+        else
             return null;
     }
 
     public ILdapPublisher getPublisherInstance(String insName) {
         PublisherProxy proxy = (PublisherProxy)
-            mPublisherInsts.get(insName);
+                mPublisherInsts.get(insName);
 
         if (proxy == null) {
             return null;
@@ -746,13 +744,13 @@ public class PublisherProcessor implements
 
         if (plugin == null) {
             log(ILogger.LL_FAILURE,
-		CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName));
+                    CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName));
             throw new ELdapException(implName);
         }
-			
+
         // XXX can find an instance of this plugin in existing
         // rule instantces to avoid instantiation just for this.
-			
+
         // a temporary instance
         ILdapRule ruleInst = null;
         String className = plugin.getClassPath();
@@ -760,7 +758,7 @@ public class PublisherProcessor implements
         try {
             ruleInst = (ILdapRule)
                     Class.forName(className).newInstance();
-			
+
             Vector<String> v = ruleInst.getDefaultParams();
 
             return v;
@@ -783,13 +781,13 @@ public class PublisherProcessor implements
 
         if (plugin == null) {
             log(ILogger.LL_FAILURE,
-		CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName));
+                    CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName));
             throw new ELdapException(implName);
         }
-		   
+
         // XXX can find an instance of this plugin in existing
         // rule instantces to avoid instantiation just for this.
-		   
+
         // a temporary instance
         ILdapRule ruleInst = null;
         String className = plugin.getClassPath();
@@ -814,11 +812,11 @@ public class PublisherProcessor implements
     }
 
     /**
-     * set published flag - true when published, false when unpublished. 
-     * not exist means not published. 
+     * set published flag - true when published, false when unpublished.
+     * not exist means not published.
      */
     public void setPublishedFlag(BigInteger serialNo, boolean published) {
-        if (!(mAuthority instanceof ICertificateAuthority)) 
+        if (!(mAuthority instanceof ICertificateAuthority))
             return;
         ICertificateAuthority ca = (ICertificateAuthority) mAuthority;
 
@@ -831,19 +829,19 @@ public class PublisherProcessor implements
                 metaInfo = new MetaInfo();
             }
             metaInfo.set(
-                CertRecord.META_LDAPPUBLISH, String.valueOf(published));
+                    CertRecord.META_LDAPPUBLISH, String.valueOf(published));
             ModificationSet modSet = new ModificationSet();
 
-            modSet.add(ICertRecord.ATTR_META_INFO, 
-                Modification.MOD_REPLACE, metaInfo);
+            modSet.add(ICertRecord.ATTR_META_INFO,
+                    Modification.MOD_REPLACE, metaInfo);
             certdb.modifyCertificateRecord(serialNo, modSet);
         } catch (EBaseException e) {
             // not fatal. just log warning.
-            log(ILogger.LL_WARN, 
-                "Cannot mark cert 0x" + serialNo.toString(16) + " published as " + published +
-                " in the ldap directory. Cert Record not found. Error: " +
-                e.toString() + 
-                " Don't be alarmed if it's a subordinate ca or clone's ca siging cert. Otherwise your internal db may be corrupted.");
+            log(ILogger.LL_WARN,
+                    "Cannot mark cert 0x" + serialNo.toString(16) + " published as " + published +
+                            " in the ldap directory. Cert Record not found. Error: " +
+                            e.toString() +
+                            " Don't be alarmed if it's a subordinate ca or clone's ca siging cert. Otherwise your internal db may be corrupted.");
         }
     }
 
@@ -851,7 +849,7 @@ public class PublisherProcessor implements
      * Publish ca cert, UpdateDir.java, jobs, request listeners
      */
     public void publishCACert(X509Certificate cert)
-        throws ELdapException {
+            throws ELdapException {
         boolean error = false;
         String errorRule = "";
 
@@ -860,7 +858,7 @@ public class PublisherProcessor implements
 
         CMS.debug("PublishProcessor::publishCACert");
 
-            // get mapper and publisher for cert type.
+        // get mapper and publisher for cert type.
         Enumeration<ILdapRule> rules = getRules(PROP_LOCAL_CA);
 
         if (rules == null || !rules.hasMoreElements()) {
@@ -877,15 +875,15 @@ public class PublisherProcessor implements
         while (rules.hasMoreElements()) {
             LdapRule rule = (LdapRule) rules.nextElement();
 
-            if( rule == null ) {
-                CMS.debug( "PublisherProcessor::publishCACert() - "
-                         + "rule is null!" );
-                throw new ELdapException( "rule is null" );
+            if (rule == null) {
+                CMS.debug("PublisherProcessor::publishCACert() - "
+                         + "rule is null!");
+                throw new ELdapException("rule is null");
             }
 
             log(ILogger.LL_INFO, "publish certificate type=" + PROP_LOCAL_CA +
-                " rule=" + rule.getInstanceName() + " publisher=" + 
-                rule.getPublisher());
+                    " rule=" + rule.getInstanceName() + " publisher=" +
+                    rule.getPublisher());
 
             try {
                 ILdapMapper mapper = null;
@@ -893,13 +891,13 @@ public class PublisherProcessor implements
                 String mapperName = rule.getMapper();
 
                 if (mapperName != null &&
-                    !mapperName.trim().equals("")) {
+                        !mapperName.trim().equals("")) {
                     mapper = getActiveMapperInstance(mapperName);
                 }
 
                 publishNow(mapper, getActivePublisherInstance(rule.getPublisher()), null/* NO REQUEsT */, cert);
-                log(ILogger.LL_INFO, "published certificate using rule=" + 
-                    rule.getInstanceName());
+                log(ILogger.LL_INFO, "published certificate using rule=" +
+                        rule.getInstanceName());
             } catch (Exception e) {
                 // continue publishing even publisher has errors
                 //log(ILogger.LL_WARN, e.toString());
@@ -913,8 +911,7 @@ public class PublisherProcessor implements
         if (!error) {
             setPublishedFlag(cert.getSerialNumber(), true);
         } else {
-            throw new
-                ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_FAILED", errorRule));
+            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_FAILED", errorRule));
         }
     }
 
@@ -923,14 +920,14 @@ public class PublisherProcessor implements
      * CA certificate.
      */
     public void unpublishCACert(X509Certificate cert)
-        throws ELdapException {
+            throws ELdapException {
         boolean error = false;
         String errorRule = "";
 
         if (!enabled())
             return;
 
-            // get mapper and publisher for cert type.
+        // get mapper and publisher for cert type.
         Enumeration<ILdapRule> rules = getRules(PROP_LOCAL_CA);
 
         if (rules == null || !rules.hasMoreElements()) {
@@ -946,29 +943,29 @@ public class PublisherProcessor implements
         while (rules.hasMoreElements()) {
             LdapRule rule = (LdapRule) rules.nextElement();
 
-            if( rule == null ) {
-                CMS.debug( "PublisherProcessor::unpublishCACert() - "
-                         + "rule is null!" );
-                throw new ELdapException( "rule is null" );
+            if (rule == null) {
+                CMS.debug("PublisherProcessor::unpublishCACert() - "
+                         + "rule is null!");
+                throw new ELdapException("rule is null");
             }
 
             try {
                 log(ILogger.LL_INFO, "unpublish certificate type=" +
-                    PROP_LOCAL_CA + " rule=" + rule.getInstanceName() + 
-                    " publisher=" + rule.getPublisher());
+                        PROP_LOCAL_CA + " rule=" + rule.getInstanceName() +
+                        " publisher=" + rule.getPublisher());
 
                 ILdapMapper mapper = null;
 
                 String mapperName = rule.getMapper();
 
                 if (mapperName != null &&
-                    !mapperName.trim().equals("")) {
+                        !mapperName.trim().equals("")) {
                     mapper = getActiveMapperInstance(mapperName);
                 }
 
                 unpublishNow(mapper, getActivePublisherInstance(rule.getPublisher()), null/* NO REQUEST */, cert);
-                log(ILogger.LL_INFO, "unpublished certificate using rule=" + 
-                    rule.getInstanceName());
+                log(ILogger.LL_INFO, "unpublished certificate using rule=" +
+                        rule.getInstanceName());
             } catch (Exception e) {
                 // continue publishing even publisher has errors
                 //log(ILogger.LL_WARN, e.toString());
@@ -989,15 +986,15 @@ public class PublisherProcessor implements
      * Publish crossCertificatePair
      */
     public void publishXCertPair(byte[] pair)
-        throws ELdapException {
+            throws ELdapException {
         boolean error = false;
         String errorRule = "";
 
         if (!enabled())
             return;
-		CMS.debug("PublisherProcessor: in publishXCertPair()");
+        CMS.debug("PublisherProcessor: in publishXCertPair()");
 
-            // get mapper and publisher for cert type.
+        // get mapper and publisher for cert type.
         Enumeration<ILdapRule> rules = getRules(PROP_XCERT);
 
         if (rules == null || !rules.hasMoreElements()) {
@@ -1012,28 +1009,28 @@ public class PublisherProcessor implements
         while (rules.hasMoreElements()) {
             LdapRule rule = (LdapRule) rules.nextElement();
 
-            if( rule == null ) {
-                CMS.debug( "PublisherProcessor::publishXCertPair() - "
-                         + "rule is null!" );
-                throw new ELdapException( "rule is null" );
+            if (rule == null) {
+                CMS.debug("PublisherProcessor::publishXCertPair() - "
+                         + "rule is null!");
+                throw new ELdapException("rule is null");
             }
 
             log(ILogger.LL_INFO, "publish certificate type=" + PROP_XCERT +
-                " rule=" + rule.getInstanceName() + " publisher=" + 
-                rule.getPublisher());
+                    " rule=" + rule.getInstanceName() + " publisher=" +
+                    rule.getPublisher());
             try {
                 ILdapMapper mapper = null;
 
                 String mapperName = rule.getMapper();
 
                 if (mapperName != null &&
-                    !mapperName.trim().equals("")) {
+                        !mapperName.trim().equals("")) {
                     mapper = getActiveMapperInstance(mapperName);
                 }
 
                 publishNow(mapper, getActivePublisherInstance(rule.getPublisher()), null/* NO REQUEsT */, pair);
-                log(ILogger.LL_INFO, "published Xcertificates using rule=" + 
-                    rule.getInstanceName());
+                log(ILogger.LL_INFO, "published Xcertificates using rule=" +
+                        rule.getInstanceName());
             } catch (Exception e) {
                 // continue publishing even publisher has errors
                 //log(ILogger.LL_WARN, e.toString());
@@ -1051,7 +1048,7 @@ public class PublisherProcessor implements
      * set in the request.
      */
     public void publishCert(X509Certificate cert, IRequest req)
-        throws ELdapException {
+            throws ELdapException {
         boolean error = false;
         String errorRule = "";
 
@@ -1059,10 +1056,10 @@ public class PublisherProcessor implements
         if (!enabled())
             return;
 
-            // get mapper and publisher for cert type.
+        // get mapper and publisher for cert type.
         Enumeration<ILdapRule> rules = getRules("certs", req);
 
-         // Bugscape  #52306  -  Remove superfluous log messages on failure
+        // Bugscape  #52306  -  Remove superfluous log messages on failure
         if (rules == null || !rules.hasMoreElements()) {
             CMS.debug("Publishing: can't find publishing rule,exiting routine.");
 
@@ -1074,10 +1071,10 @@ public class PublisherProcessor implements
             LdapRule rule = (LdapRule) rules.nextElement();
 
             try {
-                log(ILogger.LL_INFO, 
-                    "publish certificate (with request) type=" + 
-                    "certs" + " rule=" + rule.getInstanceName() + 
-                    " publisher=" + rule.getPublisher());
+                log(ILogger.LL_INFO,
+                        "publish certificate (with request) type=" +
+                                "certs" + " rule=" + rule.getInstanceName() +
+                                " publisher=" + rule.getPublisher());
                 ILdapPublisher p = getActivePublisherInstance(rule.getPublisher());
                 ILdapMapper m = null;
                 String mapperName = rule.getMapper();
@@ -1086,8 +1083,8 @@ public class PublisherProcessor implements
                     m = getActiveMapperInstance(mapperName);
                 }
                 publishNow(m, p, req, cert);
-                log(ILogger.LL_INFO, "published certificate using rule=" + 
-                    rule.getInstanceName());
+                log(ILogger.LL_INFO, "published certificate using rule=" +
+                        rule.getInstanceName());
             } catch (Exception e) {
                 // continue publishing even publisher has errors
                 //log(ILogger.LL_WARN, e.toString());
@@ -1099,24 +1096,24 @@ public class PublisherProcessor implements
         if (!error) {
             setPublishedFlag(cert.getSerialNumber(), true);
         } else {
-            CMS.debug("PublishProcessor::publishCert : " + CMS.getUserMessage("CMS_LDAP_PUBLISH_FAILED",errorRule));
+            CMS.debug("PublishProcessor::publishCert : " + CMS.getUserMessage("CMS_LDAP_PUBLISH_FAILED", errorRule));
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_FAILED", errorRule));
         }
     }
 
     /**
-     * Unpublish user certificate. This is used by 
+     * Unpublish user certificate. This is used by
      * UnpublishExpiredJob.
      */
     public void unpublishCert(X509Certificate cert, IRequest req)
-        throws ELdapException {
+            throws ELdapException {
         boolean error = false;
         String errorRule = "";
 
         if (!enabled())
             return;
 
-            // get mapper and publisher for cert type.
+        // get mapper and publisher for cert type.
         Enumeration<ILdapRule> rules = getRules("certs", req);
 
         if (rules == null || !rules.hasMoreElements()) {
@@ -1128,31 +1125,31 @@ public class PublisherProcessor implements
         while (rules.hasMoreElements()) {
             LdapRule rule = (LdapRule) rules.nextElement();
 
-            if( rule == null ) {
-                CMS.debug( "PublisherProcessor::unpublishCert() - "
-                         + "rule is null!" );
-                throw new ELdapException( "rule is null" );
+            if (rule == null) {
+                CMS.debug("PublisherProcessor::unpublishCert() - "
+                         + "rule is null!");
+                throw new ELdapException("rule is null");
             }
 
             try {
-                log(ILogger.LL_INFO, 
-                    "unpublish certificate (with request) type=" + 
-                    "certs" + " rule=" + rule.getInstanceName() + 
-                    " publisher=" + rule.getPublisher());
+                log(ILogger.LL_INFO,
+                        "unpublish certificate (with request) type=" +
+                                "certs" + " rule=" + rule.getInstanceName() +
+                                " publisher=" + rule.getPublisher());
 
                 ILdapMapper mapper = null;
 
                 String mapperName = rule.getMapper();
 
                 if (mapperName != null &&
-                    !mapperName.trim().equals("")) {
+                        !mapperName.trim().equals("")) {
                     mapper = getActiveMapperInstance(mapperName);
                 }
 
                 unpublishNow(mapper, getActivePublisherInstance(rule.getPublisher()),
-                    req, cert);
-                log(ILogger.LL_INFO, "unpublished certificate using rule=" + 
-                    rule.getInstanceName());
+                        req, cert);
+                log(ILogger.LL_INFO, "unpublished certificate using rule=" +
+                        rule.getInstanceName());
             } catch (Exception e) {
                 // continue publishing even publisher has errors
                 //log(ILogger.LL_WARN, e.toString());
@@ -1174,12 +1171,11 @@ public class PublisherProcessor implements
      * and publishing it there. entry must be a certificate authority.
      * Note that this is used by cmsgateway/cert/UpdateDir.java
      */
-    public void publishCRL(X509CRLImpl crl, String crlIssuingPointId) 
-        throws ELdapException {
+    public void publishCRL(X509CRLImpl crl, String crlIssuingPointId)
+            throws ELdapException {
         boolean error = false;
         String errorRule = "";
 
-
         if (!enabled())
             return;
         ILdapMapper mapper = null;
@@ -1207,53 +1203,53 @@ public class PublisherProcessor implements
                 String result = null;
                 LdapRule rule = (LdapRule) rules.nextElement();
 
-                log(ILogger.LL_INFO, "publish crl rule=" + 
-                    rule.getInstanceName() + " publisher=" + 
-                    rule.getPublisher());
+                log(ILogger.LL_INFO, "publish crl rule=" +
+                        rule.getInstanceName() + " publisher=" +
+                        rule.getPublisher());
                 try {
                     String mapperName = rule.getMapper();
 
                     if (mapperName != null &&
-                        !mapperName.trim().equals("")) {
+                            !mapperName.trim().equals("")) {
                         mapper = getActiveMapperInstance(mapperName);
                     }
                     if (mapper == null || mapper.getImplName().equals("NoMap")) {
                         dn = ((X500Name) crl.getIssuerDN()).toLdapDNString();
-                    }else {
-							
+                    } else {
+
                         result = ((ILdapMapper) mapper).map(conn, crl);
                         dn = result;
                         if (!mCreateOwnDNEntry) {
-                            if (dn == null) {  
+                            if (dn == null) {
                                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_MAPPER_NOT_MAP", rule.getMapper()));
-                                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", 
-                                    crl.getIssuerDN().toString()));
-                          
+                                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH",
+                                        crl.getIssuerDN().toString()));
+
                             }
                         }
                     }
                     publisher = getActivePublisherInstance(rule.getPublisher());
                     if (publisher != null) {
-                        if(publisher instanceof com.netscape.cms.publish.publishers.FileBasedPublisher)
-                        ((com.netscape.cms.publish.publishers.FileBasedPublisher)publisher).setIssuingPointId(crlIssuingPointId);
+                        if (publisher instanceof com.netscape.cms.publish.publishers.FileBasedPublisher)
+                            ((com.netscape.cms.publish.publishers.FileBasedPublisher) publisher).setIssuingPointId(crlIssuingPointId);
                         publisher.publish(conn, dn, crl);
                         log(ILogger.LL_INFO, "published crl using rule=" + rule.getInstanceName());
                     }
                     // continue publishing even publisher has errors
-                }catch (Exception e) {
+                } catch (Exception e) {
                     //e.printStackTrace();
                     CMS.debug(
-                        "Error publishing CRL to " + dn + ": " + e);
+                            "Error publishing CRL to " + dn + ": " + e);
                     error = true;
                     errorRule = errorRule + " " + rule.getInstanceName();
 
                     CMS.debug("PublisherProcessor::publishCRL: error: " + e.toString());
                 }
             }
-        }catch (ELdapException e) {
+        } catch (ELdapException e) {
             //e.printStackTrace();
             CMS.debug(
-                "Error publishing CRL to " + dn + ": " + e);
+                    "Error publishing CRL to " + dn + ": " + e);
             throw e;
         } finally {
             if (conn != null) {
@@ -1268,14 +1264,14 @@ public class PublisherProcessor implements
      * publishes a crl by mapping the issuer name in the crl to an entry
      * and publishing it there. entry must be a certificate authority.
      */
-    public void publishCRL(String dn, X509CRL crl) 
-        throws ELdapException {
+    public void publishCRL(String dn, X509CRL crl)
+            throws ELdapException {
         boolean error = false;
         String errorRule = "";
 
         if (!enabled())
             return;
-            // get mapper and publisher for cert type.
+        // get mapper and publisher for cert type.
         Enumeration<ILdapRule> rules = getRules(PROP_LOCAL_CRL);
 
         if (rules == null || !rules.hasMoreElements()) {
@@ -1295,25 +1291,25 @@ public class PublisherProcessor implements
                 LdapRule rule = (LdapRule) rules.nextElement();
 
                 log(ILogger.LL_INFO, "publish crl dn=" + dn + " rule=" +
-                    rule.getInstanceName() + " publisher=" + 
-                    rule.getPublisher());
+                        rule.getInstanceName() + " publisher=" +
+                        rule.getPublisher());
                 try {
                     publisher = getActivePublisherInstance(rule.getPublisher());
                     if (publisher != null) {
                         publisher.publish(conn, dn, crl);
                         log(ILogger.LL_INFO, "published crl using rule=" + rule.getInstanceName());
                     }
-                }catch (Exception e) {
+                } catch (Exception e) {
                     CMS.debug(
-                        "Error publishing CRL to " + dn + ": " + e.toString());
+                            "Error publishing CRL to " + dn + ": " + e.toString());
                     error = true;
                     errorRule = errorRule + " " + rule.getInstanceName();
-                    CMS.debug("PublisherProcessor::publishCRL: error: " + e.toString()); 
-                } 
+                    CMS.debug("PublisherProcessor::publishCRL: error: " + e.toString());
+                }
             }
         } catch (ELdapException e) {
             CMS.debug(
-                "Error publishing CRL to " + dn + ": " + e.toString());
+                    "Error publishing CRL to " + dn + ": " + e.toString());
             throw e;
         } finally {
             if (conn != null) {
@@ -1325,7 +1321,7 @@ public class PublisherProcessor implements
     }
 
     private void publishNow(ILdapMapper mapper, ILdapPublisher publisher,
-        IRequest r, Object obj) throws ELdapException {
+            IRequest r, Object obj) throws ELdapException {
         if (!enabled())
             return;
         CMS.debug("PublisherProcessor: in publishNow()");
@@ -1340,16 +1336,16 @@ public class PublisherProcessor implements
                 if (mLdapConnModule != null) {
                     try {
                         conn = mLdapConnModule.getConn();
-                    } catch(ELdapException e) {
+                    } catch (ELdapException e) {
                         throw e;
-                   }
+                    }
                 }
                 try {
                     if ((mapper instanceof com.netscape.cms.publish.mappers.LdapCertSubjMap) &&
-                         ((com.netscape.cms.publish.mappers.LdapCertSubjMap)mapper).useAllEntries()) {
-                        dirdn = ((com.netscape.cms.publish.mappers.LdapCertSubjMap)mapper).mapAll(conn, r, obj); 
+                            ((com.netscape.cms.publish.mappers.LdapCertSubjMap) mapper).useAllEntries()) {
+                        dirdn = ((com.netscape.cms.publish.mappers.LdapCertSubjMap) mapper).mapAll(conn, r, obj);
                     } else {
-                       dirdn = mapper.map(conn, r, obj); 
+                        dirdn = mapper.map(conn, r, obj);
                     }
                 } catch (Throwable e1) {
                     CMS.debug("Error mapping: mapper=" + mapper + " error=" + e1.toString());
@@ -1361,26 +1357,26 @@ public class PublisherProcessor implements
 
             try {
                 if (dirdn instanceof Vector) {
-                	@SuppressWarnings("unchecked")
-					Vector<String> dirdnVector = (Vector<String>)dirdn;
+                    @SuppressWarnings("unchecked")
+                    Vector<String> dirdnVector = (Vector<String>) dirdn;
                     int n = dirdnVector.size();
                     for (int i = 0; i < n; i++) {
                         publisher.publish(conn, dirdnVector.elementAt(i), cert);
                     }
-                } else if (dirdn instanceof String || 
+                } else if (dirdn instanceof String ||
                            publisher instanceof com.netscape.cms.publish.publishers.FileBasedPublisher) {
-                    publisher.publish(conn, (String)dirdn, cert);
+                    publisher.publish(conn, (String) dirdn, cert);
                 }
             } catch (Throwable e1) {
                 CMS.debug("PublisherProcessor::publishNow : publisher=" + publisher + " error=" + e1.toString());
                 throw e1;
             }
-            log(ILogger.LL_INFO, "published certificate serial number: 0x" + 
-                cert.getSerialNumber().toString(16));
+            log(ILogger.LL_INFO, "published certificate serial number: 0x" +
+                    cert.getSerialNumber().toString(16));
         } catch (ELdapException e) {
             throw e;
         } catch (Throwable e) {
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", e.toString())); 
+            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", e.toString()));
         } finally {
             if (conn != null) {
                 mLdapConnModule.returnConn(conn);
@@ -1388,16 +1384,16 @@ public class PublisherProcessor implements
         }
     }
 
-	// for crosscerts
+    // for crosscerts
     private void publishNow(ILdapMapper mapper, ILdapPublisher publisher,
-        IRequest r, byte[] bytes) throws ELdapException {
+            IRequest r, byte[] bytes) throws ELdapException {
         if (!enabled())
             return;
-		CMS.debug("PublisherProcessor: in publishNow() for xcerts");
+        CMS.debug("PublisherProcessor: in publishNow() for xcerts");
 
-		// use ca cert publishing map and rule
+        // use ca cert publishing map and rule
         ICertificateAuthority ca = (ICertificateAuthority) mAuthority;
-		X509Certificate caCert = (X509Certificate) ca.getCACert();
+        X509Certificate caCert = (X509Certificate) ca.getCACert();
 
         LDAPConnection conn = null;
 
@@ -1411,8 +1407,8 @@ public class PublisherProcessor implements
                     conn = mLdapConnModule.getConn();
                 }
                 try {
-                    dirdn = mapper.map(conn, r, (Object) caCert); 
-		CMS.debug("PublisherProcessor: dirdn="+dirdn);
+                    dirdn = mapper.map(conn, r, (Object) caCert);
+                    CMS.debug("PublisherProcessor: dirdn=" + dirdn);
 
                 } catch (Throwable e1) {
                     CMS.debug("Error mapping: mapper=" + mapper + " error=" + e1.toString());
@@ -1421,7 +1417,7 @@ public class PublisherProcessor implements
             }
 
             try {
-		CMS.debug("PublisherProcessor: publisher impl name="+publisher.getImplName());
+                CMS.debug("PublisherProcessor: publisher impl name=" + publisher.getImplName());
 
                 publisher.publish(conn, dirdn, bytes);
             } catch (Throwable e1) {
@@ -1432,7 +1428,7 @@ public class PublisherProcessor implements
         } catch (ELdapException e) {
             throw e;
         } catch (Throwable e) {
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", e.toString())); 
+            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", e.toString()));
         } finally {
             if (conn != null) {
                 mLdapConnModule.returnConn(conn);
@@ -1441,7 +1437,7 @@ public class PublisherProcessor implements
     }
 
     private void unpublishNow(ILdapMapper mapper, ILdapPublisher publisher,
-        IRequest r, Object obj) throws ELdapException {
+            IRequest r, Object obj) throws ELdapException {
         if (!enabled())
             return;
         LDAPConnection conn = null;
@@ -1455,13 +1451,13 @@ public class PublisherProcessor implements
                 if (mLdapConnModule != null) {
                     conn = mLdapConnModule.getConn();
                 }
-                dirdn = mapper.map(conn, r, obj); 
+                dirdn = mapper.map(conn, r, obj);
             }
             X509Certificate cert = (X509Certificate) obj;
 
             publisher.unpublish(conn, dirdn, cert);
-            log(ILogger.LL_INFO, "unpublished certificate serial number: 0x" + 
-                cert.getSerialNumber().toString(16));
+            log(ILogger.LL_INFO, "unpublished certificate serial number: 0x" +
+                    cert.getSerialNumber().toString(16));
         } catch (ELdapException e) {
             throw e;
         } finally {
@@ -1498,8 +1494,8 @@ public class PublisherProcessor implements
     }
 
     public boolean isClone() {
-        if ((mAuthority instanceof ICertificateAuthority) && 
-            ((ICertificateAuthority) mAuthority).isClone())
+        if ((mAuthority instanceof ICertificateAuthority) &&
+                ((ICertificateAuthority) mAuthority).isClone())
             return true;
         else
             return false;
@@ -1511,7 +1507,7 @@ public class PublisherProcessor implements
     public void log(int level, String msg) {
         if (mLogger == null)
             return;
-        mLogger.log(ILogger.EV_SYSTEM, 
-            ILogger.S_LDAP, level, "Publishing: " + msg);
+        mLogger.log(ILogger.EV_SYSTEM,
+                ILogger.S_LDAP, level, "Publishing: " + msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java
index fa400341..f7a77223 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldapconn;
 
-
 import netscape.ldap.LDAPConnection;
 import netscape.ldap.LDAPException;
 import netscape.ldap.LDAPSocketFactory;
@@ -30,9 +29,8 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
 import com.netscape.certsrv.ldap.ILdapConnFactory;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
- * Factory for getting LDAP Connections to a LDAP server 
+ * Factory for getting LDAP Connections to a LDAP server
  * each connection is a seperate thread that can be bound to a different
  * authentication dn and password.
  */
@@ -49,8 +47,8 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
 
     public static final String PROP_ERROR_IF_DOWN = "errorIfDown";
 
-    private int mNumConns = 0;      // number of available conns in array
-    private int mTotal = 0;		// total num conns 
+    private int mNumConns = 0; // number of available conns in array
+    private int mTotal = 0; // total num conns 
     private AnonConnection mConns[] = null;
 
     private boolean mInited = false;
@@ -71,13 +69,14 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
 
     /**
      * Constructor for LdapAnonConnFactory
+     * 
      * @param minConns minimum number of connections to have available
-     * @param maxConns max number of connections to have available. This is 
-     * the maximum number of clones of this connection one wants to allow.
+     * @param maxConns max number of connections to have available. This is
+     *            the maximum number of clones of this connection one wants to allow.
      * @param serverInfo server connection info - host, port, etc.
      */
-    public LdapAnonConnFactory(int minConns, int maxConns, 
-        LdapConnInfo connInfo) throws ELdapException {
+    public LdapAnonConnFactory(int minConns, int maxConns,
+            LdapConnInfo connInfo) throws ELdapException {
         init(minConns, maxConns, connInfo);
     }
 
@@ -107,8 +106,8 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
             try {
                 minConns = Integer.parseInt(minStr);
             } catch (NumberFormatException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_LDAPCONN_MIN_CONN"));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAPCONN_MIN_CONN"));
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_NUMBER_FORMAT_1", PROP_MINCONNS));
             }
         }
@@ -118,30 +117,30 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
             try {
                 maxConns = Integer.parseInt(maxStr);
             } catch (NumberFormatException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_LDAPCONN_MAX_CONN"));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAPCONN_MAX_CONN"));
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_NUMBER_FORMAT_1", PROP_MAXCONNS));
             }
         }
 
         mErrorIfDown = config.getBoolean(PROP_ERROR_IF_DOWN, mDefErrorIfDown);
 
-        init(minConns, maxConns, 
-            new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO)));
+        init(minConns, maxConns,
+                new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO)));
     }
 
     /**
      * initialize routine from parameters.
      */
     protected void init(int minConns, int maxConns, LdapConnInfo connInfo)
-        throws ELdapException {
-        if (mInited) 
-            return;		// XXX should throw exception here ? 
+            throws ELdapException {
+        if (mInited)
+            return; // XXX should throw exception here ? 
 
-        if (minConns <= 0 || maxConns <= 0 || minConns > maxConns) 
+        if (minConns <= 0 || maxConns <= 0 || minConns > maxConns)
             throw new ELdapException(
                     CMS.getUserMessage("CMS_LDAP_INVALID_NUMCONN_PARAMETERS"));
-        if (connInfo == null) 
+        if (connInfo == null)
             throw new IllegalArgumentException("connInfo is Null!");
 
         mMinConns = minConns;
@@ -150,10 +149,10 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
 
         mConns = new AnonConnection[mMaxConns];
 
-        log(ILogger.LL_INFO, 
-            "Created: min " + minConns + " max " + maxConns +
-            " host " + connInfo.getHost() + " port " + connInfo.getPort() +
-            " secure " + connInfo.getSecure());
+        log(ILogger.LL_INFO,
+                "Created: min " + minConns + " max " + maxConns +
+                        " host " + connInfo.getHost() + " port " + connInfo.getPort() +
+                        " secure " + connInfo.getSecure());
 
         // initalize minimum number of connection handles available.
         makeMinimum(mErrorIfDown);
@@ -161,7 +160,7 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
     }
 
     /**
-     * make the mininum configured connections 
+     * make the mininum configured connections
      */
     protected void makeMinimum(boolean errorIfDown) throws ELdapException {
         try {
@@ -169,16 +168,16 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
                 int increment = Math.min(mMinConns - mNumConns, mMaxConns - mTotal);
 
                 CMS.debug(
-                    "increasing minimum number of connections by " + increment);
+                        "increasing minimum number of connections by " + increment);
                 for (int i = increment - 1; i >= 0; i--) {
                     mConns[i] = new AnonConnection(mConnInfo);
                 }
                 mTotal += increment;
                 mNumConns += increment;
                 CMS.debug(
-                    "new total number of connections " + mTotal);
+                        "new total number of connections " + mTotal);
                 CMS.debug(
-                    "new total available connections " + mNumConns);
+                        "new total available connections " + mNumConns);
             }
         } catch (LDAPException e) {
             // XXX errorCodeToString() used here so users won't see message.
@@ -188,50 +187,49 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
                 // need to intercept this because message from LDAP is 
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    "Cannot connect to Ldap server. Error: " +
-                    "Ldap Server host " + mConnInfo.getHost() +
-                    " int " + mConnInfo.getPort() + " is unavailable.");
+                        "Cannot connect to Ldap server. Error: " +
+                                "Ldap Server host " + mConnInfo.getHost() +
+                                " int " + mConnInfo.getPort() + " is unavailable.");
                 if (errorIfDown) {
                     throw new ELdapServerDownException(
                             CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE",
-                                mConnInfo.getHost(), "" + mConnInfo.getPort()));
+                                    mConnInfo.getHost(), "" + mConnInfo.getPort()));
                 }
             } else {
-                log(ILogger.LL_FAILURE, 
-                    "Cannot connect to ldap server. error: " + e.toString());
+                log(ILogger.LL_FAILURE,
+                        "Cannot connect to ldap server. error: " + e.toString());
                 String errmsg = e.errorCodeToString();
 
                 if (errmsg == null)
                     errmsg = e.toString();
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED",
-                            mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), errmsg));
+                                mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), errmsg));
             }
         }
     }
 
     /**
      * Gets connection from this factory.
-     * All connections gotten from this factory must be returned. 
+     * All connections gotten from this factory must be returned.
      * If not the max number of connections may be reached prematurely.
      * The best thing to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * always gets called. For example,
+     * 
      * <pre>
-     *	  LDAPConnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (ELdapException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * LDAPConnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (ELdapException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
      */
     public LDAPConnection getConn()
-        throws ELdapException {
+            throws ELdapException {
         return getConn(true);
     }
 
@@ -239,45 +237,43 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
      * Returns a LDAP connection - a clone of the master connection.
      * All connections should be returned to the factory using returnConn()
      * to recycle connection objects.
-     * If not returned the limited max number is affected but if that 
+     * If not returned the limited max number is affected but if that
      * number is large not much harm is done.
      * Returns null if maximum number of connections reached.
-     * <p> 
-     * The best thing to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * <p>
+     * The best thing to put returnConn in a finally clause so it always gets called. For example,
+     * 
      * <pre>
-     *	  LDAPConnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (ELdapException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * LDAPConnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (ELdapException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
-     */ 
-    public synchronized LDAPConnection getConn(boolean waitForConn) 
-        throws ELdapException {
+     */
+    public synchronized LDAPConnection getConn(boolean waitForConn)
+            throws ELdapException {
         boolean waited = false;
 
         CMS.debug("LdapAnonConnFactory::getConn");
-        if (mNumConns == 0) 
+        if (mNumConns == 0)
             makeMinimum(true);
         if (mNumConns == 0) {
             if (!waitForConn)
                 return null;
             try {
                 CMS.debug("getConn(): out of ldap connections");
-                log(ILogger.LL_WARN, 
-                    "Ran out of ldap connections available " +
-                    "in ldap connection pool to " +
-                    mConnInfo.getHost() + ":" + mConnInfo.getPort() + ". " +
-                    "This could be a temporary condition or an indication of " +
-                    "something more serious that can cause the server to " +
-                    "hang.");
+                log(ILogger.LL_WARN,
+                        "Ran out of ldap connections available " +
+                                "in ldap connection pool to " +
+                                mConnInfo.getHost() + ":" + mConnInfo.getPort() + ". " +
+                                "This could be a temporary condition or an indication of " +
+                                "something more serious that can cause the server to " +
+                                "hang.");
                 waited = true;
                 while (mNumConns == 0) {
                     wait();
@@ -291,27 +287,27 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
 
         mConns[mNumConns] = null;
         if (waited) {
-            log(ILogger.LL_WARN, 
-                "Ldap connections are available again in ldap connection pool " +
-                "to " + mConnInfo.getHost() + ":" + mConnInfo.getPort());
+            log(ILogger.LL_WARN,
+                    "Ldap connections are available again in ldap connection pool " +
+                            "to " + mConnInfo.getHost() + ":" + mConnInfo.getPort());
         }
         CMS.debug("LdapAnonConnFactory.getConn(): num avail conns now " + mNumConns);
         //Beginning of fix for Bugzilla #630176 
         boolean isConnected = false;
-        if(conn != null) {
+        if (conn != null) {
             isConnected = conn.isConnected();
         }
 
-        if(!isConnected) {
+        if (!isConnected) {
             CMS.debug("LdapAnonConnFactory.getConn(): selected conn is down, try to reconnect...");
             conn = null;
             try {
-               conn =  new AnonConnection(mConnInfo);
+                conn = new AnonConnection(mConnInfo);
             } catch (LDAPException e) {
-                 CMS.debug("LdapAnonConnFactory.getConn(): error when trying to bring back a down connection.");
-                 throw new ELdapException(
+                CMS.debug("LdapAnonConnFactory.getConn(): error when trying to bring back a down connection.");
+                throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED",
-                            mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString()));
+                                mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString()));
             }
         }
         //This is the end of the fix for Bugzilla #630176
@@ -319,25 +315,23 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
         return conn;
     }
 
-    /** 
+    /**
      * Returns a connection to the factory for recycling.
-     * All connections gotten from this factory must be returned. 
+     * All connections gotten from this factory must be returned.
      * If not the max number of connections may be reached prematurely.
      * <p>
-     * The best thing to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * The best thing to put returnConn in a finally clause so it always gets called. For example,
+     * 
      * <pre>
-     *	  LDAPConnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (ELdapException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * LDAPConnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (ELdapException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
      */
     public synchronized void returnConn(LDAPConnection conn) {
@@ -352,8 +346,8 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
             log(ILogger.LL_WARN, "returnConn: unknown connection.");
 
             /* swallow this error but see who's doing it. */
-            ELdapException e = 
-                new ELdapException(CMS.getUserMessage("CMS_LDAP_UNKNOWN_RETURNED_CONN"));
+            ELdapException e =
+                    new ELdapException(CMS.getUserMessage("CMS_LDAP_UNKNOWN_RETURNED_CONN"));
         }
         // check if conn has already been returned.
         for (int i = 0; i < mNumConns; i++) {
@@ -361,10 +355,10 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
             if (mConns[i] == anon) {
 
                 /* swallow this error but see who's doing it. */
-                log(ILogger.LL_WARN, 
-                    "returnConn: previously returned connection.");
-                ELdapException e = 
-                    new ELdapException(CMS.getUserMessage("CMS_LDAP_BAD_RETURNED_CONN"));
+                log(ILogger.LL_WARN,
+                        "returnConn: previously returned connection.");
+                ELdapException e =
+                        new ELdapException(CMS.getUserMessage("CMS_LDAP_BAD_RETURNED_CONN"));
             }
         }
 
@@ -377,9 +371,9 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
             // return conn.
             CMS.debug("returnConn: mNumConns now " + mNumConns);
         } catch (LDAPException e) {
-            log(ILogger.LL_WARN, 
-                "Could not re-authenticate ldap connection to anonymous." +
-                " Error " + e);
+            log(ILogger.LL_WARN,
+                    "Could not re-authenticate ldap connection to anonymous." +
+                            " Error " + e);
         }
         // return the connection even if can't reauthentication anon.
         // most likely server was down.
@@ -389,7 +383,7 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
     }
 
     protected void finalize()
-        throws Exception {
+            throws Exception {
         reset();
     }
 
@@ -401,30 +395,30 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
     }
 
     /**
-     * resets this factory - if no connections outstanding, 
+     * resets this factory - if no connections outstanding,
      * disconnections all connections and resets everything to 0 as if
      * no connections were ever made. intended to be called just before
      * shutdown or exit to disconnection & cleanup connections.
      */
     // ok only if no connections outstanding.
-    public synchronized void reset() 
-        throws ELdapException {
+    public synchronized void reset()
+            throws ELdapException {
         if (mNumConns == mTotal) {
             for (int i = 0; i < mNumConns; i++) {
                 try {
                     CMS.debug("disconnecting connection " + i);
                     mConns[i].disconnect();
                 } catch (LDAPException e) {
-                    log(ILogger.LL_INFO, 
-                        "exception during disconnect: " + e.toString());
+                    log(ILogger.LL_INFO,
+                            "exception during disconnect: " + e.toString());
                 }
                 mConns[i] = null;
             }
             mTotal = 0;
             mNumConns = 0;
         } else {
-            log(ILogger.LL_INFO, 
-                "Cannot reset() while connections not all returned");
+            log(ILogger.LL_INFO,
+                    "Cannot reset() while connections not all returned");
             throw new ELdapException(
                     CMS.getUserMessage("CMS_LDAP_CANNOT_RESET_CONNFAC"));
         }
@@ -435,9 +429,9 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
      */
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "In Ldap (anonymous) connection pool to" +
-            " host " + mConnInfo.getHost() +
-            " port " + mConnInfo.getPort() + ", " + msg);
+                "In Ldap (anonymous) connection pool to" +
+                        " host " + mConnInfo.getHost() +
+                        " port " + mConnInfo.getPort() + ", " + msg);
     }
 
     /**
@@ -450,21 +444,21 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
         private static final long serialVersionUID = 4813780131074412404L;
 
         public AnonConnection(LdapConnInfo connInfo)
-            throws LDAPException {
+                throws LDAPException {
             super(connInfo);
         }
-			
-        public AnonConnection(String host, int port, int version, 
-            LDAPSocketFactory fac)
-            throws LDAPException {
+
+        public AnonConnection(String host, int port, int version,
+                LDAPSocketFactory fac)
+                throws LDAPException {
             super(host, port, version, fac);
         }
- 
+
         /**
          * instantiates a non-secure connection to a ldap server
          */
         public AnonConnection(String host, int port, int version)
-            throws LDAPException {
+                throws LDAPException {
             super(host, port, version);
         }
 
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java
index 1d3996dd..1dc9723a 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldapconn;
 
-
 import netscape.ldap.LDAPConnection;
 import netscape.ldap.LDAPException;
 import netscape.ldap.LDAPSocketFactory;
 import netscape.ldap.LDAPv2;
 
-
 /**
  * A LDAP connection that is bound to a server host, port and secure type.
  * Makes a LDAP connection when instantiated.
- * Cannot establish another LDAP connection after construction. 
+ * Cannot establish another LDAP connection after construction.
  * LDAPConnection connect methods are overridden to prevent this.
  */
 public class LdapAnonConnection extends LDAPConnection {
@@ -41,7 +39,7 @@ public class LdapAnonConnection extends LDAPConnection {
      * instantiates a connection to a ldap server
      */
     public LdapAnonConnection(LdapConnInfo connInfo)
-        throws LDAPException {
+            throws LDAPException {
         super(connInfo.getSecure() ? new LdapJssSSLSocketFactory() : null);
 
         // Set option to automatically follow referrals. 
@@ -50,16 +48,16 @@ public class LdapAnonConnection extends LDAPConnection {
 
         setOption(LDAPv2.REFERRALS, new Boolean(followReferrals));
 
-        super.connect(connInfo.getVersion(), 
-            connInfo.getHost(), connInfo.getPort(), null, null);
+        super.connect(connInfo.getVersion(),
+                connInfo.getHost(), connInfo.getPort(), null, null);
     }
 
     /**
      * instantiates a connection to a ldap server
      */
-    public LdapAnonConnection(String host, int port, int version, 
-        LDAPSocketFactory fac)
-        throws LDAPException {
+    public LdapAnonConnection(String host, int port, int version,
+            LDAPSocketFactory fac)
+            throws LDAPException {
         super(fac);
         super.connect(version, host, port, null, null);
     }
@@ -68,13 +66,13 @@ public class LdapAnonConnection extends LDAPConnection {
      * instantiates a non-secure connection to a ldap server
      */
     public LdapAnonConnection(String host, int port, int version)
-        throws LDAPException {
+            throws LDAPException {
         super();
         super.connect(version, host, port, null, null);
     }
 
     /**
-     * overrides superclass connect. 
+     * overrides superclass connect.
      * does not allow reconnect.
      */
     public void connect(String host, int port) throws LDAPException {
@@ -86,8 +84,8 @@ public class LdapAnonConnection extends LDAPConnection {
      * overrides superclass connect.
      * does not allow reconnect.
      */
-    public void connect(int version, String host, int port, 
-        String dn, String pw) throws LDAPException {
+    public void connect(int version, String host, int port,
+            String dn, String pw) throws LDAPException {
         throw new RuntimeException(
                 "this LdapAnonConnection already connected: connect(v,h,p)");
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java
index b499dd07..d2761e79 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldapconn;
 
-
 import java.util.Hashtable;
 
 import netscape.ldap.LDAPConnection;
@@ -29,7 +28,6 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.ldap.ILdapAuthInfo;
 import com.netscape.cmsutil.password.IPasswordStore;
 
-
 /**
  * class for reading ldap authentication info from config store
  */
@@ -60,24 +58,24 @@ public class LdapAuthInfo implements ILdapAuthInfo {
      * the password by attempting to connect to the server.
      */
     public LdapAuthInfo(IConfigStore config, String host, int port, boolean secure)
-        throws EBaseException {
+            throws EBaseException {
         init(config, host, port, secure);
     }
 
-    public String getPasswordFromStore (String prompt) {
+    public String getPasswordFromStore(String prompt) {
         String pwd = null;
         CMS.debug("LdapAuthInfo: getPasswordFromStore: try to get it from password store");
 
-// hey - should use password store interface to allow different implementations
-// but the problem is, other parts of the system just go directly to the file
-// so calling CMS.getPasswordStore() will give you an outdated one
-/*
-                IConfigStore mainConfig = CMS.getConfigStore();
-                String pwdFile = mainConfig.getString("passwordFile");
-                FileConfigStore pstore = new FileConfigStore(pwdFile);
-*/
+        // hey - should use password store interface to allow different implementations
+        // but the problem is, other parts of the system just go directly to the file
+        // so calling CMS.getPasswordStore() will give you an outdated one
+        /*
+                        IConfigStore mainConfig = CMS.getConfigStore();
+                        String pwdFile = mainConfig.getString("passwordFile");
+                        FileConfigStore pstore = new FileConfigStore(pwdFile);
+        */
         IPasswordStore pwdStore = CMS.getPasswordStore();
-        CMS.debug("LdapAuthInfo: getPasswordFromStore: about to get from passwored store: "+prompt);
+        CMS.debug("LdapAuthInfo: getPasswordFromStore: about to get from passwored store: " + prompt);
 
         // support publishing dirsrv with different pwd than internaldb
 
@@ -85,18 +83,18 @@ public class LdapAuthInfo implements ILdapAuthInfo {
         if (pwdStore != null) {
             CMS.debug("LdapAuthInfo: getPasswordFromStore: password store available");
             pwd = pwdStore.getPassword(prompt);
-//            pwd = pstore.getString(prompt);
-            if ( pwd == null) {
-              CMS.debug("LdapAuthInfo: getPasswordFromStore: password for "+prompt+
-                " not found, trying internaldb");
+            //            pwd = pstore.getString(prompt);
+            if (pwd == null) {
+                CMS.debug("LdapAuthInfo: getPasswordFromStore: password for " + prompt +
+                        " not found, trying internaldb");
 
-//               pwd = pstore.getString("internaldb");
+                //               pwd = pstore.getString("internaldb");
 
-                 pwd = pwdStore.getPassword("internaldb"); // last resort
+                pwd = pwdStore.getPassword("internaldb"); // last resort
             } else
-              CMS.debug("LdapAuthInfo: getPasswordFromStore: password found for prompt in password store");
+                CMS.debug("LdapAuthInfo: getPasswordFromStore: password found for prompt in password store");
         } else
-          CMS.debug("LdapAuthInfo: getPasswordFromStore: password store not available: pwdStore is null");
+            CMS.debug("LdapAuthInfo: getPasswordFromStore: password store not available: pwdStore is null");
 
         return pwd;
     }
@@ -110,19 +108,19 @@ public class LdapAuthInfo implements ILdapAuthInfo {
 
     /**
      * initialize this class from the config store, and verify the password.
-     *
+     * 
      * @param host The host that the directory server is running on.
-     *      This will be used to verify the password by attempting to connect.
-     *      If it is <code>null</code>, the password will not be verified.
+     *            This will be used to verify the password by attempting to connect.
+     *            If it is <code>null</code>, the password will not be verified.
      * @param port The port that the directory server is running on.
      */
     public void init(IConfigStore config, String host, int port, boolean secure)
-        throws EBaseException {
+            throws EBaseException {
 
         CMS.debug("LdapAuthInfo: init()");
-        if (mInited)  {
+        if (mInited) {
             CMS.debug("LdapAuthInfo: already initialized");
-            return;            // XXX throw exception here ?
+            return; // XXX throw exception here ?
         }
         CMS.debug("LdapAuthInfo: init begins");
 
@@ -144,30 +142,30 @@ public class LdapAuthInfo implements ILdapAuthInfo {
 
             if (prompt == null) {
                 prompt = "LDAP Authentication";
-                CMS.debug("LdapAuthInfo: init: prompt is null, change to "+prompt);
+                CMS.debug("LdapAuthInfo: init: prompt is null, change to " + prompt);
             } else
-                CMS.debug("LdapAuthInfo: init: prompt is "+prompt);
+                CMS.debug("LdapAuthInfo: init: prompt is " + prompt);
 
             if (mParms[1] == null) {
                 CMS.debug("LdapAuthInfo: init: try getting from memory cache");
                 mParms[1] = (String) passwords.get(prompt);
-if (mParms[1] != null) {
-    inMem = true;
-CMS.debug("LdapAuthInfo: init: got password from memory");
-} else
-CMS.debug("LdapAuthInfo: init: password not in memory");
+                if (mParms[1] != null) {
+                    inMem = true;
+                    CMS.debug("LdapAuthInfo: init: got password from memory");
+                } else
+                    CMS.debug("LdapAuthInfo: init: password not in memory");
             } else
-CMS.debug("LdapAuthInfo: init: found password from config");
+                CMS.debug("LdapAuthInfo: init: found password from config");
 
             if (mParms[1] == null) {
                 mParms[1] = getPasswordFromStore(prompt);
-           } else {
+            } else {
                 CMS.debug("LdapAuthInfo: init: password found for prompt.");
-           }
+            }
 
             // verify the password
-            if ((mParms[1]!= null) && (!mParms[1].equals("")) && (host == null ||
-              authInfoOK(host, port, secure, mParms[0], mParms[1]))) {
+            if ((mParms[1] != null) && (!mParms[1].equals("")) && (host == null ||
+                    authInfoOK(host, port, secure, mParms[0], mParms[1]))) {
                 // The password is OK or uncheckable
                 CMS.debug("LdapAuthInfo: password ok: store in memory cache");
                 passwords.put(prompt, mParms[1]);
@@ -176,16 +174,16 @@ CMS.debug("LdapAuthInfo: init: found password from config");
                     CMS.debug("LdapAuthInfo: password not found");
                 else {
                     CMS.debug("LdapAuthInfo: password does not work");
-/* what do you know?  Our IPasswordStore does not have a remove function.
-                pstore.remove("internaldb");
-*/
+                    /* what do you know?  Our IPasswordStore does not have a remove function.
+                                    pstore.remove("internaldb");
+                    */
                     if (inMem) {
                         // this is for the case when admin changes pwd
                         // from console
                         mParms[1] = getPasswordFromStore(prompt);
-                        if(authInfoOK(host, port, secure, mParms[0], mParms[1])) {
-                          CMS.debug("LdapAuthInfo: password ok: store in memory cache");
-                          passwords.put(prompt, mParms[1]);
+                        if (authInfoOK(host, port, secure, mParms[0], mParms[1])) {
+                            CMS.debug("LdapAuthInfo: password ok: store in memory cache");
+                            passwords.put(prompt, mParms[1]);
                         }
                     }
                 }
@@ -212,16 +210,17 @@ CMS.debug("LdapAuthInfo: init: found password from config");
 
     /**
      * Verifies the distinguished name and password by attempting to
-     * authenticate to the server.  If we connect to the server but cannot
+     * authenticate to the server. If we connect to the server but cannot
      * authenticate, we conclude that the DN or password is invalid. If
      * we cannot connect at all, we don't know, so we return true
      * (there's no sense asking for the password again since we can't verify
-     * it anyway).  If we connect and authenticate successfully, we know
+     * it anyway). If we connect and authenticate successfully, we know
      * the DN and password are correct, so we return true.
      */
     private static LDAPConnection conn = new LDAPConnection();
+
     private static boolean
-    authInfoOK(String host, int port, boolean secure, String dn, String pw) {
+            authInfoOK(String host, int port, boolean secure, String dn, String pw) {
 
         // We dont perform auth checking if we are in SSL mode.
         if (secure)
@@ -239,15 +238,15 @@ CMS.debug("LdapAuthInfo: init: found password from config");
 
         /**
          * There is a bug in LDAP SDK. VM will crash on NT if
-         * we connect and disconnect too many times. 
+         * we connect and disconnect too many times.
          **/
-        
+
         /**
-         if( connected ) {
-         try {
-         conn.disconnect();
-         } catch( LDAPException e ) { }
-         }
+         * if( connected ) {
+         * try {
+         * conn.disconnect();
+         * } catch( LDAPException e ) { }
+         * }
          **/
 
         if (connected && !authenticated) {
@@ -258,10 +257,11 @@ CMS.debug("LdapAuthInfo: init: found password from config");
     }
 
     /**
-     * get authentication type. 
+     * get authentication type.
+     * 
      * @return one of: <br>
-     *		LdapAuthInfo.LDAP_AUTHTYPE_BASICAUTH or 
-     *		LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH
+     *         LdapAuthInfo.LDAP_AUTHTYPE_BASICAUTH or
+     *         LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH
      */
     public int getAuthType() {
         return mType;
@@ -269,6 +269,7 @@ CMS.debug("LdapAuthInfo: init: found password from config");
 
     /**
      * get params for authentication
+     * 
      * @return array of parameters for this authentication.
      */
     public String[] getParms() {
@@ -281,7 +282,7 @@ CMS.debug("LdapAuthInfo: init: found password from config");
     public void addPassword(String prompt, String pw) {
         try {
             passwords.put(prompt, pw);
-        }catch (Exception e) {
+        } catch (Exception e) {
         }
     }
 
@@ -291,7 +292,7 @@ CMS.debug("LdapAuthInfo: init: found password from config");
     public void removePassword(String prompt) {
         try {
             passwords.remove(prompt);
-        }catch (Exception e) {
+        } catch (Exception e) {
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java
index a8a107ac..64f22d30 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldapconn;
 
-
 import netscape.ldap.LDAPConnection;
 import netscape.ldap.LDAPException;
 import netscape.ldap.LDAPSocketFactory;
@@ -30,12 +29,11 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
 import com.netscape.certsrv.ldap.ILdapBoundConnFactory;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * Factory for getting LDAP Connections to a LDAP server with the same
  * LDAP authentication.
- * XXX not sure how useful this is given that LDAPConnection itself can 
- * be shared by multiple threads and cloned. 
+ * XXX not sure how useful this is given that LDAPConnection itself can
+ * be shared by multiple threads and cloned.
  */
 public class LdapBoundConnFactory implements ILdapBoundConnFactory {
     protected int mMinConns = 5;
@@ -52,10 +50,10 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
 
     public static final String PROP_ERROR_IF_DOWN = "errorIfDown";
 
-    private int mNumConns = 0;      // number of available conns in array
-    private int mTotal = 0;		// total num conns 
+    private int mNumConns = 0; // number of available conns in array
+    private int mTotal = 0; // total num conns 
 
-    private boolean doCloning=true;
+    private boolean doCloning = true;
     private LdapBoundConnection mMasterConn = null; // master connection object.
     private BoundConnection mConns[];
 
@@ -94,51 +92,53 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
 
     /**
      * Constructor for LdapBoundConnFactory
+     * 
      * @param minConns minimum number of connections to have available
-     * @param maxConns max number of connections to have available. This is 
-     * the maximum number of clones of this connection or separate connections one wants to allow.
+     * @param maxConns max number of connections to have available. This is
+     *            the maximum number of clones of this connection or separate connections one wants to allow.
      * @param serverInfo server connection info - host, port, etc.
      */
-    public LdapBoundConnFactory(int minConns, int maxConns, 
-        LdapConnInfo connInfo, LdapAuthInfo authInfo) throws ELdapException {
+    public LdapBoundConnFactory(int minConns, int maxConns,
+            LdapConnInfo connInfo, LdapAuthInfo authInfo) throws ELdapException {
         init(minConns, maxConns, connInfo, authInfo);
     }
 
     /**
      * Constructor for initialize
      */
-    public void init(IConfigStore config) 
-        throws ELdapException, EBaseException {
+    public void init(IConfigStore config)
+            throws ELdapException, EBaseException {
 
         CMS.debug("LdapBoundConnFactory: init ");
         LdapConnInfo connInfo =
-            new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO));
+                new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO));
 
         mErrorIfDown = config.getBoolean(PROP_ERROR_IF_DOWN, mDefErrorIfDown);
 
-        doCloning = config.getBoolean("doCloning",true);
+        doCloning = config.getBoolean("doCloning", true);
 
         CMS.debug("LdapBoundConnFactory:doCloning " + doCloning);
         init(config.getInteger(PROP_MINCONNS, mMinConns),
-            config.getInteger(PROP_MAXCONNS, mMaxConns),
-            connInfo,
-            new LdapAuthInfo(config.getSubStore(PROP_LDAPAUTHINFO),
-                connInfo.getHost(), connInfo.getPort(), connInfo.getSecure()));
+                config.getInteger(PROP_MAXCONNS, mMaxConns),
+                connInfo,
+                new LdapAuthInfo(config.getSubStore(PROP_LDAPAUTHINFO),
+                        connInfo.getHost(), connInfo.getPort(), connInfo.getSecure()));
     }
 
     /**
-     * initialize parameters obtained from either constructor or 
+     * initialize parameters obtained from either constructor or
      * config store
+     * 
      * @param minConns minimum number of connection handls to have available.
      * @param maxConns maximum total number of connections to ever have.
      * @param connInfo ldap connection info.
      * @param authInfo ldap authentication info.
-     * @exception ELdapException if any error occurs. 
+     * @exception ELdapException if any error occurs.
      */
-    private void init(int minConns, int maxConns, 
-        LdapConnInfo connInfo, LdapAuthInfo authInfo) 
-        throws ELdapException {
-        if (minConns <= 0 || maxConns <= 0 || minConns > maxConns) 
+    private void init(int minConns, int maxConns,
+            LdapConnInfo connInfo, LdapAuthInfo authInfo)
+            throws ELdapException {
+        if (minConns <= 0 || maxConns <= 0 || minConns > maxConns)
             throw new ELdapException(
                     CMS.getUserMessage("CMS_LDAP_INVALID_NUMCONN_PARAMETERS"));
         if (connInfo == null || authInfo == null)
@@ -153,15 +153,15 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
 
         // Create connection handle and make initial connection
         CMS.debug(
-            "init: before makeConnection errorIfDown is " + mErrorIfDown);
+                "init: before makeConnection errorIfDown is " + mErrorIfDown);
         makeConnection(mErrorIfDown);
 
         CMS.debug(
-            "initializing with mininum " + mMinConns + " and maximum " + mMaxConns +
-            " connections to " +
-            "host " + mConnInfo.getHost() + " port " + mConnInfo.getPort() +
-            ", secure connection, " + mConnInfo.getSecure() + 
-            ", authentication type " + mAuthInfo.getAuthType());
+                "initializing with mininum " + mMinConns + " and maximum " + mMaxConns +
+                        " connections to " +
+                        "host " + mConnInfo.getHost() + " port " + mConnInfo.getPort() +
+                        ", secure connection, " + mConnInfo.getSecure() +
+                        ", authentication type " + mAuthInfo.getAuthType());
 
         // initalize minimum number of connection handles available.
         makeMinimum();
@@ -169,6 +169,7 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
 
     /**
      * makes the initial master connection used to clone others..
+     * 
      * @exception ELdapException if any error occurs.
      */
     protected void makeConnection(boolean errorIfDown) throws ELdapException {
@@ -179,31 +180,31 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
             if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_LDAPCONN_CONNECT_SERVER",
-                        mConnInfo.getHost(), 	
-                        Integer.toString(mConnInfo.getPort())));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAPCONN_CONNECT_SERVER",
+                                mConnInfo.getHost(),
+                                Integer.toString(mConnInfo.getPort())));
                 if (errorIfDown) {
                     throw new ELdapServerDownException(
                             CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE",
-                                mConnInfo.getHost(), "" + mConnInfo.getPort()));
+                                    mConnInfo.getHost(), "" + mConnInfo.getPort()));
                 }
             } else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", e.toString()));
                 throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", 
-                            mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString()));
+                        CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED",
+                                mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString()));
             }
         }
     }
 
-
     /**
      * makes subsequent connections if cloning is not used .
+     * 
      * @exception ELdapException if any error occurs.
      */
-    private  LdapBoundConnection makeNewConnection(boolean errorIfDown) throws ELdapException {
+    private LdapBoundConnection makeNewConnection(boolean errorIfDown) throws ELdapException {
         CMS.debug("LdapBoundConnFactory:In makeNewConnection: errorIfDown " + errorIfDown);
         LdapBoundConnection conn = null;
         try {
@@ -213,46 +214,46 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSCORE_LDAPCONN_CONNECT_SERVER",
-                        mConnInfo.getHost(),
-                        Integer.toString(mConnInfo.getPort())));
+                        CMS.getLogMessage("CMSCORE_LDAPCONN_CONNECT_SERVER",
+                                mConnInfo.getHost(),
+                                Integer.toString(mConnInfo.getPort())));
                 if (errorIfDown) {
                     throw new ELdapServerDownException(
                             CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE",
-                                mConnInfo.getHost(), "" + mConnInfo.getPort()));
+                                    mConnInfo.getHost(), "" + mConnInfo.getPort()));
                 }
             } else {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", e.toString()));
+                        CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", e.toString()));
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED",
-                            mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString()));
+                                mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString()));
             }
         }
 
         return conn;
     }
+
     /**
      * makes the minumum number of connections
      */
     private void makeMinimum() throws ELdapException {
-        if (mMasterConn == null || mMasterConn.isConnected() == false) 
+        if (mMasterConn == null || mMasterConn.isConnected() == false)
             return;
         int increment;
 
         if (mNumConns < mMinConns && mTotal <= mMaxConns) {
             increment = Math.min(mMinConns - mNumConns, mMaxConns - mTotal);
             CMS.debug(
-                "increasing minimum connections by " + increment);
+                    "increasing minimum connections by " + increment);
             for (int i = increment - 1; i >= 0; i--) {
 
-                if(doCloning == true)  {
+                if (doCloning == true) {
                     mConns[i] = (BoundConnection) mMasterConn.clone();
-                }
-                else  {
+                } else {
                     mConns[i] = (BoundConnection) makeNewConnection(true);
                 }
-             
+
             }
             mTotal += increment;
             mNumConns += increment;
@@ -262,27 +263,26 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
     }
 
     /**
-     * gets a conenction from this factory. 
-     * All connections obtained from the factory must be returned by 
+     * gets a conenction from this factory.
+     * All connections obtained from the factory must be returned by
      * returnConn() method.
      * The best thing to do is to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * always gets called. For example,
+     * 
      * <pre>
-     *	  LDAPConnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (ELdapException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * LDAPConnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (ELdapException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
      */
-    public LDAPConnection getConn() 
-        throws ELdapException {
+    public LDAPConnection getConn()
+            throws ELdapException {
         return getConn(true);
     }
 
@@ -290,70 +290,69 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
      * Returns a LDAP connection - a clone of the master connection.
      * All connections should be returned to the factory using returnConn()
      * to recycle connection objects.
-     * If not returned the limited max number is affected but if that 
+     * If not returned the limited max number is affected but if that
      * number is large not much harm is done.
      * Returns null if maximum number of connections reached.
      * The best thing to do is to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * always gets called. For example,
+     * 
      * <pre>
-     *	  LDAPConnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (ELdapException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * LDAPConnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (ELdapException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
-     */ 
-    public synchronized LDAPConnection getConn(boolean waitForConn) 
-        throws ELdapException {
+     */
+    public synchronized LDAPConnection getConn(boolean waitForConn)
+            throws ELdapException {
         boolean waited = false;
 
-        CMS.debug("In LdapBoundConnFactory::getConn()"); 
-        if(mMasterConn != null) 
+        CMS.debug("In LdapBoundConnFactory::getConn()");
+        if (mMasterConn != null)
             CMS.debug("masterConn is connected: " + mMasterConn.isConnected());
         else
             CMS.debug("masterConn is null.");
 
         if (mMasterConn == null || !mMasterConn.isConnected()) {
             try {
-                  makeConnection(true);
-            }  catch (ELdapException e) {
+                makeConnection(true);
+            } catch (ELdapException e) {
                 mMasterConn = null;
                 CMS.debug("Can't create master connection in LdapBoundConnFactory::getConn! " + e.toString());
                 throw e;
             }
         }
 
-        if (mNumConns == 0) 
+        if (mNumConns == 0)
             makeMinimum();
         if (mNumConns == 0) {
             if (!waitForConn)
                 return null;
             try {
                 CMS.debug("getConn: out of ldap connections");
-                log(ILogger.LL_WARN, 
-                    "Ran out of ldap connections available " +
-                    "in ldap connection pool to " +
-                    mConnInfo.getHost() + ":" + mConnInfo.getPort() + ". " +
-                    "This could be a temporary condition or an indication of " +
-                    "something more serious that can cause the server to " +
-                    "hang.");
+                log(ILogger.LL_WARN,
+                        "Ran out of ldap connections available " +
+                                "in ldap connection pool to " +
+                                mConnInfo.getHost() + ":" + mConnInfo.getPort() + ". " +
+                                "This could be a temporary condition or an indication of " +
+                                "something more serious that can cause the server to " +
+                                "hang.");
                 waited = true;
-                while (mNumConns == 0) 
+                while (mNumConns == 0)
                     wait();
             } catch (InterruptedException e) {
             }
-        } 
+        }
         mNumConns--;
         LDAPConnection conn = mConns[mNumConns];
 
         boolean isConnected = false;
-        if(conn != null) {
+        if (conn != null) {
             isConnected = conn.isConnected();
         }
 
@@ -362,32 +361,30 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
         //If masterConn is still alive, lets try to bring this one
         //back to life
 
-        if((isConnected == false) && (mMasterConn != null) 
-            && (mMasterConn.isConnected() == true))   {
+        if ((isConnected == false) && (mMasterConn != null)
+                && (mMasterConn.isConnected() == true)) {
             CMS.debug("Attempt to bring back down connection.");
 
-            if(doCloning == true) {
+            if (doCloning == true) {
                 mConns[mNumConns] = (BoundConnection) mMasterConn.clone();
-            }
-            else {
+            } else {
                 try {
-                   mConns[mNumConns] = (BoundConnection) makeNewConnection(true);
-                }
-                catch (ELdapException e) {
-                   mConns[mNumConns] = null;
+                    mConns[mNumConns] = (BoundConnection) makeNewConnection(true);
+                } catch (ELdapException e) {
+                    mConns[mNumConns] = null;
                 }
-           }
-           conn = mConns[mNumConns];
+            }
+            conn = mConns[mNumConns];
 
-           CMS.debug("Re-animated connection: " + conn);
-       }
+            CMS.debug("Re-animated connection: " + conn);
+        }
 
-       mConns[mNumConns] = null;
+        mConns[mNumConns] = null;
 
         if (waited) {
-            log(ILogger.LL_WARN, 
-                "Ldap connections are available again in ldap connection pool " +
-                "to " + mConnInfo.getHost() + ":" + mConnInfo.getPort());
+            log(ILogger.LL_WARN,
+                    "Ldap connections are available again in ldap connection pool " +
+                            "to " + mConnInfo.getHost() + ":" + mConnInfo.getPort());
         }
         CMS.debug("getConn: mNumConns now " + mNumConns);
 
@@ -395,22 +392,21 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
     }
 
     /**
-     * Teturn connection to the factory. 
+     * Teturn connection to the factory.
      * This is mandatory after a getConn().
      * The best thing to do is to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * always gets called. For example,
+     * 
      * <pre>
-     *	  LDAPConnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (ELdapException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * LDAPConnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (ELdapException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
      */
     public synchronized void returnConn(LDAPConnection conn) {
@@ -423,17 +419,17 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
             log(ILogger.LL_WARN, "returnConn: unknown connection.");
 
             /* swallow this exception but see who's doing it. */
-            ELdapException e = 
-                new ELdapException(CMS.getUserMessage("CMS_LDAP_UNKNOWN_RETURNED_CONN"));
+            ELdapException e =
+                    new ELdapException(CMS.getUserMessage("CMS_LDAP_UNKNOWN_RETURNED_CONN"));
         }
         for (int i = 0; i < mNumConns; i++) {
             if (mConns[i] == conn) {
                 CMS.debug(
-                    "returnConn: previously returned connection.");
+                        "returnConn: previously returned connection.");
 
-                /* swallow this exception but see who's doing it */ 
-                ELdapException e = 
-                    new ELdapException(CMS.getUserMessage("CMS_LDAP_BAD_RETURNED_CONN"));
+                /* swallow this exception but see who's doing it */
+                ELdapException e =
+                        new ELdapException(CMS.getUserMessage("CMS_LDAP_BAD_RETURNED_CONN"));
             }
         }
         mConns[mNumConns++] = boundconn;
@@ -446,13 +442,13 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
      */
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "In Ldap (bound) connection pool to" +
-            " host " + mConnInfo.getHost() + 
-            " port " + mConnInfo.getPort() + ", " + msg);
+                "In Ldap (bound) connection pool to" +
+                        " host " + mConnInfo.getHost() +
+                        " port " + mConnInfo.getPort() + ", " + msg);
     }
 
     protected void finalize()
-        throws Exception {
+            throws Exception {
         reset();
     }
 
@@ -462,8 +458,8 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
      * shutdown or process exit.
      * useful only if no connections are outstanding.
      */
-    public synchronized void reset() 
-        throws ELdapException {
+    public synchronized void reset()
+            throws ELdapException {
         if (mNumConns == mTotal) {
             for (int i = 0; i < mNumConns; i++) {
                 try {
@@ -477,9 +473,9 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
                     log(ILogger.LL_INFO, "disconnecting masterConn");
                     mMasterConn.disconnect();
                 } catch (LDAPException e) {
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSCORE_LDAPCONN_CANNOT_RESET",
-                            e.toString()));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSCORE_LDAPCONN_CANNOT_RESET",
+                                    e.toString()));
                 }
             }
             mMasterConn = null;
@@ -487,7 +483,7 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
             mNumConns = 0;
         } else {
             CMS.debug(
-                "Cannot reset factory: connections not all returned");
+                    "Cannot reset factory: connections not all returned");
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_CANNOT_RESET_CONNFAC"));
         }
 
@@ -497,7 +493,7 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
     }
 
     /**
-     * return ldap connection info 
+     * return ldap connection info
      */
     public LdapConnInfo getConnInfo() {
         return mConnInfo;
@@ -520,17 +516,17 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
         private static final long serialVersionUID = 1353616391879078337L;
 
         public BoundConnection(LdapConnInfo connInfo, LdapAuthInfo authInfo)
-            throws LDAPException {
+                throws LDAPException {
             super(connInfo, authInfo);
         }
-			
-        public BoundConnection(String host, int port, int version, 
-            LDAPSocketFactory fac,
-            String bindDN, String bindPW)
-            throws LDAPException {
+
+        public BoundConnection(String host, int port, int version,
+                LDAPSocketFactory fac,
+                String bindDN, String bindPW)
+                throws LDAPException {
             super(host, port, version, fac, bindDN, bindPW);
         }
- 
+
         /**
          * used only to identify the factory from which this came.
          */
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java
index 82e0b315..fc97ab48 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldapconn;
 
-
 import java.util.Properties;
 
 import netscape.ldap.LDAPConnection;
@@ -29,13 +28,12 @@ import netscape.ldap.LDAPv2;
 
 import com.netscape.certsrv.apps.CMS;
 
-
 /**
  * A LDAP connection that is bound to a server host, port, secure type.
  * and authentication.
  * Makes a LDAP connection and authentication when instantiated.
- * Cannot establish another LDAP connection or authentication after 
- * construction. LDAPConnection connect and authentication methods are 
+ * Cannot establish another LDAP connection or authentication after
+ * construction. LDAPConnection connect and authentication methods are
  * overridden to prevent this.
  */
 public class LdapBoundConnection extends LDAPConnection {
@@ -52,13 +50,13 @@ public class LdapBoundConnection extends LDAPConnection {
      * connection with Ldap basic bind dn & pw authentication.
      */
     public LdapBoundConnection(
-        LdapConnInfo connInfo, LdapAuthInfo authInfo)
-        throws LDAPException {
+            LdapConnInfo connInfo, LdapAuthInfo authInfo)
+            throws LDAPException {
         // this LONG line to satisfy super being the first call. (yuk)
         super(
-            authInfo.getAuthType() == LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH ?
-            new LdapJssSSLSocketFactory(authInfo.getParms()[0]) : 
-            (connInfo.getSecure() ? new LdapJssSSLSocketFactory() : null));
+                authInfo.getAuthType() == LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH ?
+                        new LdapJssSSLSocketFactory(authInfo.getParms()[0]) :
+                        (connInfo.getSecure() ? new LdapJssSSLSocketFactory() : null));
 
         // Set option to automatically follow referrals. 
         // Use the same credentials to follow referrals; this is the easiest 
@@ -69,11 +67,11 @@ public class LdapBoundConnection extends LDAPConnection {
         boolean followReferrals = connInfo.getFollowReferrals();
 
         setOption(LDAPv2.REFERRALS, new Boolean(followReferrals));
-        if (followReferrals && 
-            authInfo.getAuthType() != LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH) {
-            LDAPRebind rebindInfo = 
-                new ARebindInfo(authInfo.getParms()[0], 
-                    authInfo.getParms()[1]);
+        if (followReferrals &&
+                authInfo.getAuthType() != LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH) {
+            LDAPRebind rebindInfo =
+                    new ARebindInfo(authInfo.getParms()[0],
+                            authInfo.getParms()[1]);
 
             setOption(LDAPv2.REFERRALS_REBIND_PROC, rebindInfo);
         }
@@ -82,19 +80,19 @@ public class LdapBoundConnection extends LDAPConnection {
             // will be bound to client auth cert mapped entry.
             super.connect(connInfo.getHost(), connInfo.getPort());
             CMS.debug(
-                "Established LDAP connection with SSL client auth to " +
-                connInfo.getHost() + ":" + connInfo.getPort());
-        } else {  // basic auth
+                    "Established LDAP connection with SSL client auth to " +
+                            connInfo.getHost() + ":" + connInfo.getPort());
+        } else { // basic auth
             String binddn = authInfo.getParms()[0];
             String bindpw = authInfo.getParms()[1];
 
-            super.connect(connInfo.getVersion(), 
-                connInfo.getHost(), connInfo.getPort(), binddn, bindpw);
+            super.connect(connInfo.getVersion(),
+                    connInfo.getHost(), connInfo.getPort(), binddn, bindpw);
             CMS.debug(
-                "Established LDAP connection using basic authentication to" +
-                " host " + connInfo.getHost() +
-                " port " + connInfo.getPort() +
-                " as " + binddn);
+                    "Established LDAP connection using basic authentication to" +
+                            " host " + connInfo.getHost() +
+                            " port " + connInfo.getPort() +
+                            " as " + binddn);
         }
     }
 
@@ -102,26 +100,26 @@ public class LdapBoundConnection extends LDAPConnection {
      * Instantiates a connection to a ldap server, secure or non-secure
      * connection with Ldap basic bind dn & pw authentication.
      */
-    public LdapBoundConnection(String host, int port, int version, 
-        LDAPSocketFactory fac,
-        String bindDN, String bindPW)
-        throws LDAPException {
+    public LdapBoundConnection(String host, int port, int version,
+            LDAPSocketFactory fac,
+            String bindDN, String bindPW)
+            throws LDAPException {
         super(fac);
         if (bindDN != null) {
-            super.connect(version, host, port, bindDN, bindPW); 
+            super.connect(version, host, port, bindDN, bindPW);
             CMS.debug(
-                "Established LDAP connection using basic authentication " +
-                " as " + bindDN + " to " + host + ":" + port);
+                    "Established LDAP connection using basic authentication " +
+                            " as " + bindDN + " to " + host + ":" + port);
         } else {
             if (fac == null && bindDN == null) {
                 throw new IllegalArgumentException(
                         "Ldap bound connection must have authentication info.");
             }
             // automatically authenticated if it's ssl client auth.
-            super.connect(version, host, port, null, null);  
+            super.connect(version, host, port, null, null);
             CMS.debug(
-                "Established LDAP connection using SSL client authentication " +
-                "to " + host + ":" + port);
+                    "Established LDAP connection using SSL client authentication " +
+                            "to " + host + ":" + port);
         }
     }
 
@@ -129,13 +127,13 @@ public class LdapBoundConnection extends LDAPConnection {
      * Overrides same method in LDAPConnection to do prevent re-authentication.
      */
     public void authenticate(int version, String dn, String pw)
-        throws LDAPException {
+            throws LDAPException {
 
         /**
-         if (mAuthenticated) {
-         throw new RuntimeException(
-         "this LdapBoundConnection already authenticated: auth(v,dn,pw)");
-         }
+         * if (mAuthenticated) {
+         * throw new RuntimeException(
+         * "this LdapBoundConnection already authenticated: auth(v,dn,pw)");
+         * }
          **/
         super.authenticate(version, dn, pw);
         mAuthenticated = true;
@@ -145,13 +143,13 @@ public class LdapBoundConnection extends LDAPConnection {
      * Overrides same method in LDAPConnection to do prevent re-authentication.
      */
     public void authenticate(String dn, String pw)
-        throws LDAPException {
+            throws LDAPException {
 
         /**
-         if (mAuthenticated) {
-         throw new RuntimeException(
-         "this LdapBoundConnection already authenticated: auth(dn,pw)");
-         }	
+         * if (mAuthenticated) {
+         * throw new RuntimeException(
+         * "this LdapBoundConnection already authenticated: auth(dn,pw)");
+         * }
          **/
         super.authenticate(3, dn, pw);
         mAuthenticated = true;
@@ -160,15 +158,15 @@ public class LdapBoundConnection extends LDAPConnection {
     /**
      * Overrides same method in LDAPConnection to do prevent re-authentication.
      */
-    public void authenticate(String dn, String mech, String packageName, 
-        Properties props, Object getter)
-        throws LDAPException {
+    public void authenticate(String dn, String mech, String packageName,
+            Properties props, Object getter)
+            throws LDAPException {
 
         /**
-         if (mAuthenticated)  {
-         throw new RuntimeException(
-         "this LdapBoundConnection already authenticated: auth(mech)");
-         }
+         * if (mAuthenticated) {
+         * throw new RuntimeException(
+         * "this LdapBoundConnection already authenticated: auth(mech)");
+         * }
          **/
         super.authenticate(dn, mech, packageName, props, getter);
         mAuthenticated = true;
@@ -177,15 +175,15 @@ public class LdapBoundConnection extends LDAPConnection {
     /**
      * Overrides same method in LDAPConnection to do prevent re-authentication.
      */
-    public void authenticate(String dn, String mechs[], String packageName, 
-        Properties props, Object getter)
-        throws LDAPException {
+    public void authenticate(String dn, String mechs[], String packageName,
+            Properties props, Object getter)
+            throws LDAPException {
 
         /**
-         if (mAuthenticated) {
-         throw new RuntimeException(
-         "this LdapBoundConnection is already authenticated: auth(mechs)");
-         }
+         * if (mAuthenticated) {
+         * throw new RuntimeException(
+         * "this LdapBoundConnection is already authenticated: auth(mechs)");
+         * }
          **/
         super.authenticate(dn, mechs, packageName, props, getter);
         mAuthenticated = true;
@@ -202,14 +200,13 @@ public class LdapBoundConnection extends LDAPConnection {
     /**
      * overrides parent's connect to prevent re-connect.
      */
-    public void connect(int version, String host, int port, 
-        String dn, String pw) throws LDAPException {
+    public void connect(int version, String host, int port,
+            String dn, String pw) throws LDAPException {
         throw new RuntimeException(
                 "this LdapBoundConnection is already connected: conn(version,h,p)");
     }
 }
 
-
 class ARebindInfo implements LDAPRebind {
     private LDAPRebindAuth mRebindAuthInfo = null;
 
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java
index 70361f87..4ef7d804 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldapconn;
 
-
 import netscape.ldap.LDAPv2;
 
 import com.netscape.certsrv.apps.CMS;
@@ -27,7 +26,6 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.ldap.ILdapConnInfo;
 
-
 /**
  * class for reading ldap connection from the config store.
  * ldap connection info: host, port, secure connection
@@ -49,7 +47,7 @@ public class LdapConnInfo implements ILdapConnInfo {
 
     /**
      * initializes an instance from a config store.
-     * required parms: host, port 
+     * required parms: host, port
      * optional parms: secure connection, authentication method & info.
      */
     public void init(IConfigStore config) throws EBaseException, ELdapException {
@@ -75,13 +73,13 @@ public class LdapConnInfo implements ILdapConnInfo {
             throw new EBaseException(
                     CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY", PROP_PORT));
         }
-        mSecure = config.getBoolean(PROP_SECURE, false); 
-        mFollowReferrals = config.getBoolean(PROP_FOLLOW_REFERRALS, true); 
+        mSecure = config.getBoolean(PROP_SECURE, false);
+        mFollowReferrals = config.getBoolean(PROP_FOLLOW_REFERRALS, true);
     }
 
     public LdapConnInfo(String host, int port, boolean secure) {
-        mHost = host; 
-        mPort = port; 
+        mHost = host;
+        mPort = port;
         mSecure = secure;
         if (mHost == null || mPort <= 0) {
             // XXX log something here 
@@ -90,28 +88,28 @@ public class LdapConnInfo implements ILdapConnInfo {
     }
 
     public LdapConnInfo(String host, int port) {
-        mHost = host; 
-        mPort = port; 
+        mHost = host;
+        mPort = port;
         if (mHost == null || mPort <= 0) {
             // XXX log something here 
             throw new IllegalArgumentException("LDAP host or port is null");
         }
     }
 
-    public String getHost() { 
-        return mHost; 
+    public String getHost() {
+        return mHost;
     }
 
-    public int getPort() { 
-        return mPort; 
+    public int getPort() {
+        return mPort;
     }
 
-    public int getVersion() { 
-        return mVersion; 
+    public int getVersion() {
+        return mVersion;
     }
 
-    public boolean getSecure() { 
-        return mSecure; 
+    public boolean getSecure() {
+        return mSecure;
     }
 
     public boolean getFollowReferrals() {
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java
index 8aa59e30..4df2fe35 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldapconn;
 
-
 import java.io.IOException;
 import java.net.Socket;
 import java.net.UnknownHostException;
@@ -32,9 +31,9 @@ import org.mozilla.jss.ssl.SSLSocket;
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * Uses HCL ssl socket.
+ * 
  * @author Lily Hsiao lhsiao@netscape.com
  */
 public class LdapJssSSLSocketFactory implements LDAPSSLSocketFactoryExt {
@@ -68,14 +67,14 @@ public class LdapJssSSLSocketFactory implements LDAPSSLSocketFactoryExt {
             if (mClientAuthCertNickname != null) {
                 mClientAuth = true;
                 CMS.debug(
-                    "LdapJssSSLSocket set client auth cert nickname" +
-                    mClientAuthCertNickname);
+                        "LdapJssSSLSocket set client auth cert nickname" +
+                                mClientAuthCertNickname);
                 s.setClientCertNickname(mClientAuthCertNickname);
             }
             s.forceHandshake();
         } catch (UnknownHostException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_LDAPCONN_UNKNOWN_HOST"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_LDAPCONN_UNKNOWN_HOST"));
             throw new LDAPException(
                     "Cannot Create JSS SSL Socket - Unknown host");
         } catch (IOException e) {
@@ -102,10 +101,9 @@ public class LdapJssSSLSocketFactory implements LDAPSSLSocketFactoryExt {
         public ClientHandshakeCB(Object sc) {
             this.sc = sc;
         }
-	 
+
         public void handshakeCompleted(SSLHandshakeCompletedEvent event) {
             CMS.debug("SSL handshake happened");
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/listeners/ListenerPlugin.java b/pki/base/common/src/com/netscape/cmscore/listeners/ListenerPlugin.java
index 181ea34b..720af493 100644
--- a/pki/base/common/src/com/netscape/cmscore/listeners/ListenerPlugin.java
+++ b/pki/base/common/src/com/netscape/cmscore/listeners/ListenerPlugin.java
@@ -17,13 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.listeners;
 
-
-
-
 /**
  * This class represents a registered listener plugin.
  * <P>
- *
+ * 
  * @author stevep
  * @version $Revision$, $Date$
  */
@@ -34,6 +31,7 @@ public class ListenerPlugin {
 
     /**
      * Constructs a Listener plugin.
+     * 
      * @param id listener implementation name
      * @param classPath class path
      */
@@ -43,7 +41,7 @@ public class ListenerPlugin {
         mId = id;
         mClassPath = classPath;
     }
-		
+
     public String getId() {
         return mId;
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/logging/AuditEventFactory.java b/pki/base/common/src/com/netscape/cmscore/logging/AuditEventFactory.java
index 46b42f04..438b3abb 100644
--- a/pki/base/common/src/com/netscape/cmscore/logging/AuditEventFactory.java
+++ b/pki/base/common/src/com/netscape/cmscore/logging/AuditEventFactory.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.logging;
 
-
 import java.util.Properties;
 
 import com.netscape.certsrv.logging.AuditEvent;
@@ -26,12 +25,11 @@ import com.netscape.certsrv.logging.ILogEvent;
 import com.netscape.certsrv.logging.ILogEventFactory;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * A log event object for handling audit messages
  * <P>
- *
- * @author mikep 
+ * 
+ * @author mikep
  * @author mzhao
  * @version $Revision$, $Date$
  */
@@ -60,7 +58,7 @@ public class AuditEventFactory implements ILogEventFactory {
      * @param params the parameters in the detail log message
      */
     public ILogEvent create(int evtClass, Properties prop, int source,
-        int level, boolean multiline, String msg, Object params[]) {
+            int level, boolean multiline, String msg, Object params[]) {
         if (evtClass != ILogger.EV_AUDIT)
             return null;
         AuditEvent event = new AuditEvent(msg, params);
@@ -74,8 +72,8 @@ public class AuditEventFactory implements ILogEventFactory {
 
     /**
      * Set the resource bundle of the log event.
-     *
-     * @param prop the properties 
+     * 
+     * @param prop the properties
      * @param event the log event
      */
     protected void setProperties(Properties prop, IBundleLogEvent event) {
@@ -92,7 +90,7 @@ public class AuditEventFactory implements ILogEventFactory {
 
     /**
      * Releases an log event.
-     *
+     * 
      * @param e the log event
      */
     public void release(ILogEvent e) {
diff --git a/pki/base/common/src/com/netscape/cmscore/logging/AuditFormat.java b/pki/base/common/src/com/netscape/cmscore/logging/AuditFormat.java
index 7d7f817f..46bd1ffc 100644
--- a/pki/base/common/src/com/netscape/cmscore/logging/AuditFormat.java
+++ b/pki/base/common/src/com/netscape/cmscore/logging/AuditFormat.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.logging;
 
-
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * Define audit log message format
- *
+ * 
  * @author mzhao
  * @version $Revision$, $Date$
  */
@@ -43,18 +41,18 @@ public class AuditFormat {
     /**
      * initiative: the event is from agent
      */
-    public static final String FROMAGENT = "fromAgent";        
+    public static final String FROMAGENT = "fromAgent";
 
     /**
      * initiative: the event is from router
      */
-    public static final String FROMROUTER = "fromRouter";  
+    public static final String FROMROUTER = "fromRouter";
 
     /**
      * initiative: the event is from remote authority
      */
     public static final String FROMRA = "fromRemoteAuthority";
-      
+
     /**
      * authentication module: no Authentication manager
      */
@@ -69,42 +67,42 @@ public class AuditFormat {
      5: cert dn
      6: other info. eg cert serial number, violation policies
      */
-    public static final String FORMAT = 
-        "{0} reqID {1} {2} authenticated by {3} is {4} DN requested: {5} {6}";
-    public static final  String NODNFORMAT = 
-        "{0} reqID {1} {2} authenticated by {3} is {4}";
+    public static final String FORMAT =
+            "{0} reqID {1} {2} authenticated by {3} is {4} DN requested: {5} {6}";
+    public static final String NODNFORMAT =
+            "{0} reqID {1} {2} authenticated by {3} is {4}";
 
-    public static final String ENROLLMENTFORMAT = 
-        IRequest.ENROLLMENT_REQUEST + " reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} {5}";
-    public static final String RENEWALFORMAT = 
-        IRequest.RENEWAL_REQUEST + " reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} old serial number: 0x{5} {6}";
-    public static final String REVOCATIONFORMAT = 
-        IRequest.REVOCATION_REQUEST + " reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} serial number: 0x{5} revocation reason: {6} {7}";
+    public static final String ENROLLMENTFORMAT =
+            IRequest.ENROLLMENT_REQUEST + " reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} {5}";
+    public static final String RENEWALFORMAT =
+            IRequest.RENEWAL_REQUEST + " reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} old serial number: 0x{5} {6}";
+    public static final String REVOCATIONFORMAT =
+            IRequest.REVOCATION_REQUEST + " reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} serial number: 0x{5} revocation reason: {6} {7}";
 
     // 1: fromAgent AgentID: xxx authenticated by xxx
-    public static final String DOREVOKEFORMAT = 
-        IRequest.REVOCATION_REQUEST + " reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4} revocation reason: {5}";
+    public static final String DOREVOKEFORMAT =
+            IRequest.REVOCATION_REQUEST + " reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4} revocation reason: {5}";
     // 1: fromAgent AgentID: xxx authenticated by xxx
-    public static final String DOUNREVOKEFORMAT = 
-        IRequest.UNREVOCATION_REQUEST + " reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4}";
+    public static final String DOUNREVOKEFORMAT =
+            IRequest.UNREVOCATION_REQUEST + " reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4}";
 
     // 0:initiative
-    public static final String CRLUPDATEFORMAT = 
-        "CRLUpdate request {0} authenticated by {1} is {2}. Id: {3}\ncrl Number: {4} last update time: {5} next update time: {6} number of entries in the CRL: {7}";
+    public static final String CRLUPDATEFORMAT =
+            "CRLUpdate request {0} authenticated by {1} is {2}. Id: {3}\ncrl Number: {4} last update time: {5} next update time: {6} number of entries in the CRL: {7}";
 
     // audit user/group
     public static final String ADDUSERFORMAT =
-        "Admin UID: {0} added User UID: {1}";
+            "Admin UID: {0} added User UID: {1}";
     public static final String REMOVEUSERFORMAT =
-        "Admin UID: {0} removed User UID: {1} ";
+            "Admin UID: {0} removed User UID: {1} ";
     public static final String MODIFYUSERFORMAT =
-        "Admin UID: {0} modified User UID: {1}";
+            "Admin UID: {0} modified User UID: {1}";
     public static final String ADDUSERCERTFORMAT =
-        "Admin UID: {0} added cert for User UID: {1}. cert DN: {2} serial number: 0x{3}";
+            "Admin UID: {0} added cert for User UID: {1}. cert DN: {2} serial number: 0x{3}";
     public static final String REMOVEUSERCERTFORMAT =
-        "Admin UID: {0} removed cert of User UID: {1}. cert DN: {2} serial number: 0x{3}";
+            "Admin UID: {0} removed cert of User UID: {1}. cert DN: {2} serial number: 0x{3}";
     public static final String ADDUSERGROUPFORMAT =
-        "Admin UID: {0} added User UID: {1} to group: {2}";
+            "Admin UID: {0} added User UID: {1} to group: {2}";
     public static final String REMOVEUSERGROUPFORMAT =
-        "Admin UID: {0} removed User UID: {1} from group: {2}";
+            "Admin UID: {0} removed User UID: {1} from group: {2}";
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/logging/LogQueue.java b/pki/base/common/src/com/netscape/cmscore/logging/LogQueue.java
index faddc44d..6ed38a69 100644
--- a/pki/base/common/src/com/netscape/cmscore/logging/LogQueue.java
+++ b/pki/base/common/src/com/netscape/cmscore/logging/LogQueue.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.logging;
 
-
 import java.util.Vector;
 
 import com.netscape.certsrv.logging.ELogException;
@@ -25,9 +24,8 @@ import com.netscape.certsrv.logging.ILogEvent;
 import com.netscape.certsrv.logging.ILogEventListener;
 import com.netscape.certsrv.logging.ILogQueue;
 
-
 /**
- * A class represents a log queue. 
+ * A class represents a log queue.
  * <P>
  * 
  * @author mzhao
@@ -51,11 +49,11 @@ public class LogQueue implements ILogQueue {
     /**
      * Initializes the log queue.
      * <P>
-     *
+     * 
      */
     public void init() {
         mListeners = new Vector();
-        
+
     }
 
     /**
@@ -63,7 +61,7 @@ public class LogQueue implements ILogQueue {
      * <P>
      */
     public void shutdown() {
-        if (mListeners == null) 
+        if (mListeners == null)
             return;
         for (int i = 0; i < mListeners.size(); i++) {
             ((ILogEventListener) mListeners.elementAt(i)).shutdown();
@@ -73,7 +71,7 @@ public class LogQueue implements ILogQueue {
 
     /**
      * Adds an event listener.
-     *
+     * 
      * @param listener the log event listener
      */
     public void addLogEventListener(ILogEventListener listener) {
@@ -84,7 +82,7 @@ public class LogQueue implements ILogQueue {
 
     /**
      * Removes an event listener.
-     *
+     * 
      * @param listener the log event listener
      */
     public void removeLogEventListener(ILogEventListener listener) {
@@ -93,12 +91,12 @@ public class LogQueue implements ILogQueue {
 
     /**
      * Logs an event, and notifies logger to reuse the event.
-     *
+     * 
      * @param event the log event
      */
     public void log(ILogEvent event) {
         if (mListeners == null)
-           return;
+            return;
         for (int i = 0; i < mListeners.size(); i++) {
             try {
                 ((ILogEventListener) mListeners.elementAt(i)).log(event);
@@ -109,14 +107,13 @@ public class LogQueue implements ILogQueue {
                 //          event.getEventType(), e.toString())));
 
                 // Don't do this again.  
-                removeLogEventListener((ILogEventListener)
-                    mListeners.elementAt(i));
+                removeLogEventListener((ILogEventListener) mListeners.elementAt(i));
             }
         }
     }
 
     /**
-     *  Flushes the log buffers (if any)
+     * Flushes the log buffers (if any)
      */
     public void flush() {
         for (int i = 0; i < mListeners.size(); i++) {
@@ -124,4 +121,3 @@ public class LogQueue implements ILogQueue {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/logging/LogSubsystem.java b/pki/base/common/src/com/netscape/cmscore/logging/LogSubsystem.java
index 05e4e91f..a8bc67c0 100644
--- a/pki/base/common/src/com/netscape/cmscore/logging/LogSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/logging/LogSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.logging;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -33,7 +32,6 @@ import com.netscape.certsrv.logging.ILogSubsystem;
 import com.netscape.certsrv.logging.LogPlugin;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * A class represents a log subsystem.
  * <P>
@@ -77,12 +75,12 @@ public class LogSubsystem implements ILogSubsystem {
     /**
      * Initializes the log subsystem.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
         mLogQueue.init();
 
@@ -100,18 +98,18 @@ public class LogSubsystem implements ILogSubsystem {
         if (Debug.ON)
             Debug.trace("loaded logger plugins");
 
-            // load log instances
+        // load log instances
         c = config.getSubStore(PROP_INSTANCE);
         Enumeration<String> instances = c.getSubStoreNames();
 
         while (instances.hasMoreElements()) {
             String insName = (String) instances.nextElement();
-            String implName = c.getString(insName + "." + 
+            String implName = c.getString(insName + "." +
                     PROP_PLUGIN);
             LogPlugin plugin =
-                (LogPlugin) mLogPlugins.get(implName);
+                    (LogPlugin) mLogPlugins.get(implName);
 
-            if (plugin == null) { 
+            if (plugin == null) {
                 throw new EBaseException(implName);
             }
             String className = plugin.getClassPath();
@@ -121,8 +119,8 @@ public class LogSubsystem implements ILogSubsystem {
             try {
                 logInst = (ILogEventListener)
                         Class.forName(className).newInstance();
-                IConfigStore pConfig = 
-                    c.getSubStore(insName);
+                IConfigStore pConfig =
+                        c.getSubStore(insName);
 
                 logInst.init(this, pConfig);
                 // for view from console
@@ -165,7 +163,7 @@ public class LogSubsystem implements ILogSubsystem {
 
             Debug.trace("about to call inst=" + instName + " in LogSubsystem.startup()");
             ILogEventListener inst = (ILogEventListener)
-                mLogInsts.get(instName);
+                    mLogInsts.get(instName);
 
             inst.startup();
         }
@@ -182,7 +180,7 @@ public class LogSubsystem implements ILogSubsystem {
     /**
      * Returns the root configuration storage of this system.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -232,12 +230,12 @@ public class LogSubsystem implements ILogSubsystem {
             ELogException {
         // is this a registered implname?
         LogPlugin plugin = (LogPlugin)
-            mLogPlugins.get(implName);
+                mLogPlugins.get(implName);
 
         if (plugin == null) {
             throw new ELogException(implName);
         }
-			
+
         // a temporary instance
         ILogEventListener LogInst = null;
         String className = plugin.getClassPath();
@@ -272,4 +270,3 @@ public class LogSubsystem implements ILogSubsystem {
         return v;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/logging/Logger.java b/pki/base/common/src/com/netscape/cmscore/logging/Logger.java
index 3c97023a..9c814e70 100644
--- a/pki/base/common/src/com/netscape/cmscore/logging/Logger.java
+++ b/pki/base/common/src/com/netscape/cmscore/logging/Logger.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.logging;
 
-
 import java.util.Hashtable;
 import java.util.Properties;
 
@@ -26,13 +25,12 @@ import com.netscape.certsrv.logging.ILogEventFactory;
 import com.netscape.certsrv.logging.ILogQueue;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * A class represents certificate server logger
  * implementation.
  * <P>
- *
- * @author thomask 
+ * 
+ * @author thomask
  * @author mzhao
  * @version $Revision$, $Date$
  */
@@ -63,7 +61,7 @@ public class Logger implements ILogger {
     }
 
     /**
-     * Retrieves the associated log queue. 
+     * Retrieves the associated log queue.
      */
     public ILogQueue getLogQueue() {
         return mLogQueue;
@@ -71,6 +69,7 @@ public class Logger implements ILogger {
 
     /**
      * Registers log factory.
+     * 
      * @param evtClass the event class name: ILogger.EV_SYSTEM or ILogger.EV_AUDIT
      * @param f the event factory name
      */
@@ -81,7 +80,7 @@ public class Logger implements ILogger {
     //************** default level ****************
     /**
      * Logs an event using default log level: ILogger.LL_INFO
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param source the source of the log event
      * @param msg the one line detail message to be logged
@@ -92,7 +91,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event using default log level: ILogger.LL_INFO
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -106,7 +105,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param source the source of the log event
      * @param level the level of the log event
@@ -118,7 +117,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -133,7 +132,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -146,7 +145,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event using default log level: ILogger.LL_INFO
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -159,7 +158,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -168,7 +167,7 @@ public class Logger implements ILogger {
      * @param param the parameter in the detail message
      */
     public void log(int evtClass, Properties props, int source, int level, String msg,
-        Object param) {
+            Object param) {
         Object o[] = new Object[1];
 
         o[0] = param;
@@ -179,7 +178,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param source the source of the log event
      * @param level the level of the log event
@@ -187,14 +186,14 @@ public class Logger implements ILogger {
      * @param params the parameters in the detail message
      */
     public void log(int evtClass, int source, int level, String msg,
-        Object params[]) {
+            Object params[]) {
         log(evtClass, null, source, level, msg, params);
     }
 
     //*************** the real implementation *****************
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -203,7 +202,7 @@ public class Logger implements ILogger {
      * @param params the parameters in the detail message
      */
     public void log(int evtClass, Properties prop, int source, int level, String msg,
-        Object params[]) {
+            Object params[]) {
         mLogQueue.log(create(evtClass, prop, source, level, msg, params, ILogger.L_SINGLELINE));
     }
 
@@ -211,7 +210,7 @@ public class Logger implements ILogger {
     //************** default level ****************
     /**
      * Logs an event using default log level: ILogger.LL_INFO
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param source the source of the log event
      * @param msg the one line detail message to be logged
@@ -223,7 +222,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event using default log level: ILogger.LL_INFO
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -238,7 +237,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param source the source of the log event
      * @param level the level of the log event
@@ -251,7 +250,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -267,7 +266,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -281,7 +280,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event using default log level: ILogger.LL_INFO
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -295,7 +294,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -305,7 +304,7 @@ public class Logger implements ILogger {
      * @param multiline true if the message has more than one line, otherwise false
      */
     public void log(int evtClass, Properties props, int source, int level, String msg,
-        Object param, boolean multiline) {
+            Object param, boolean multiline) {
         Object o[] = new Object[1];
 
         o[0] = param;
@@ -316,7 +315,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param source the source of the log event
      * @param level the level of the log event
@@ -325,14 +324,14 @@ public class Logger implements ILogger {
      * @param multiline true if the message has more than one line, otherwise false
      */
     public void log(int evtClass, int source, int level, String msg,
-        Object params[], boolean multiline) {
+            Object params[], boolean multiline) {
         log(evtClass, null, source, level, msg, params, multiline);
     }
 
     //*************** the real implementation *****************
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -342,20 +341,19 @@ public class Logger implements ILogger {
      * @param multiline true if the message has more than one line, otherwise false
      */
     public void log(int evtClass, Properties prop, int source, int level, String msg,
-        Object params[], boolean multiline) {
+            Object params[], boolean multiline) {
         mLogQueue.log(create(evtClass, prop, source, level, msg, params, multiline));
     }
 
     //******************** end  multiline log *************************
 
-
     /**
      * Creates generic log event. If required, we can recycle
      * events here.
      */
     //XXXXXXXXXXX prop is out dated!!!! XXXXXXXXXXXXXXX
     public ILogEvent create(int evtClass, Properties prop, int source, int level,
-        String msg, Object params[], boolean multiline) {
+            String msg, Object params[], boolean multiline) {
         ILogEventFactory f = (ILogEventFactory) mFactories.get(
                 Integer.toString(evtClass));
 
@@ -367,6 +365,7 @@ public class Logger implements ILogger {
     /**
      * Notifies logger to reuse the event. This framework
      * opens up possibility to reuse event.
+     * 
      * @param event a log event
      */
     public void release(ILogEvent event) {
diff --git a/pki/base/common/src/com/netscape/cmscore/logging/SignedAuditEventFactory.java b/pki/base/common/src/com/netscape/cmscore/logging/SignedAuditEventFactory.java
index 970516c1..48570cad 100644
--- a/pki/base/common/src/com/netscape/cmscore/logging/SignedAuditEventFactory.java
+++ b/pki/base/common/src/com/netscape/cmscore/logging/SignedAuditEventFactory.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.logging;
 
-
 import java.util.Properties;
 
 import com.netscape.certsrv.logging.IBundleLogEvent;
@@ -27,12 +26,11 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.logging.SignedAuditEvent;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * A log event object for handling system messages
  * <P>
- *
- * @author mikep 
+ * 
+ * @author mikep
  * @author mzhao
  * @author cfu
  * @version $Revision$, $Date$
@@ -52,7 +50,7 @@ public class SignedAuditEventFactory implements ILogEventFactory {
 
     /**
      * Creates an log event.
-     *
+     * 
      * @param evtClass the event type
      * @param prop the resource bundle
      * @param source the subsystem ID who creates the log event
@@ -60,10 +58,9 @@ public class SignedAuditEventFactory implements ILogEventFactory {
      * @param multiline the log message has more than one line or not
      * @param msg the detail message of the log
      * @param params the parameters in the detail log message
-     
      */
     public ILogEvent create(int evtClass, Properties prop, int source,
-        int level, boolean multiline, String msg, Object params[]) {
+            int level, boolean multiline, String msg, Object params[]) {
         if (evtClass != ILogger.EV_SIGNED_AUDIT)
             return null;
 
@@ -101,8 +98,8 @@ public class SignedAuditEventFactory implements ILogEventFactory {
 
     /**
      * Set the resource bundle of the log event.
-     *
-     * @param prop the properties 
+     * 
+     * @param prop the properties
      * @param event the log event
      */
     protected void setProperties(Properties prop, IBundleLogEvent event) {
@@ -119,7 +116,7 @@ public class SignedAuditEventFactory implements ILogEventFactory {
 
     /**
      * Releases an log event.
-     *
+     * 
      * @param e the log event
      */
     public void release(ILogEvent e) {
diff --git a/pki/base/common/src/com/netscape/cmscore/logging/SignedAuditLogger.java b/pki/base/common/src/com/netscape/cmscore/logging/SignedAuditLogger.java
index 013447ce..acc2b866 100644
--- a/pki/base/common/src/com/netscape/cmscore/logging/SignedAuditLogger.java
+++ b/pki/base/common/src/com/netscape/cmscore/logging/SignedAuditLogger.java
@@ -17,15 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.logging;
 
-
-
-
 /**
  * A class represents certificate server logger
  * implementation.
  * <P>
- *
- * @author thomask 
+ * 
+ * @author thomask
  * @author mzhao
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/logging/SystemEventFactory.java b/pki/base/common/src/com/netscape/cmscore/logging/SystemEventFactory.java
index 7bef282b..dfe25f03 100644
--- a/pki/base/common/src/com/netscape/cmscore/logging/SystemEventFactory.java
+++ b/pki/base/common/src/com/netscape/cmscore/logging/SystemEventFactory.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.logging;
 
-
 import java.util.Properties;
 
 import com.netscape.certsrv.logging.IBundleLogEvent;
@@ -26,12 +25,11 @@ import com.netscape.certsrv.logging.ILogEventFactory;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.logging.SystemEvent;
 
-
 /**
  * A log event object for handling system messages
  * <P>
- *
- * @author mikep 
+ * 
+ * @author mikep
  * @author mzhao
  * @version $Revision$, $Date$
  */
@@ -50,7 +48,7 @@ public class SystemEventFactory implements ILogEventFactory {
 
     /**
      * Creates an log event.
-     *
+     * 
      * @param evtClass the event type
      * @param prop the resource bundle
      * @param source the subsystem ID who creates the log event
@@ -58,10 +56,9 @@ public class SystemEventFactory implements ILogEventFactory {
      * @param multiline the log message has more than one line or not
      * @param msg the detail message of the log
      * @param params the parameters in the detail log message
-     
      */
     public ILogEvent create(int evtClass, Properties prop, int source,
-        int level, boolean multiline, String msg, Object params[]) {
+            int level, boolean multiline, String msg, Object params[]) {
         if (evtClass != ILogger.EV_SYSTEM)
             return null;
         SystemEvent event = new SystemEvent(msg, params);
@@ -75,8 +72,8 @@ public class SystemEventFactory implements ILogEventFactory {
 
     /**
      * Set the resource bundle of the log event.
-     *
-     * @param prop the properties 
+     * 
+     * @param prop the properties
      * @param event the log event
      */
     protected void setProperties(Properties prop, IBundleLogEvent event) {
@@ -93,7 +90,7 @@ public class SystemEventFactory implements ILogEventFactory {
 
     /**
      * Releases an log event.
-     *
+     * 
      * @param e the log event
      */
     public void release(ILogEvent e) {
diff --git a/pki/base/common/src/com/netscape/cmscore/notification/EmailFormProcessor.java b/pki/base/common/src/com/netscape/cmscore/notification/EmailFormProcessor.java
index 770b5ba4..54a92f72 100644
--- a/pki/base/common/src/com/netscape/cmscore/notification/EmailFormProcessor.java
+++ b/pki/base/common/src/com/netscape/cmscore/notification/EmailFormProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.notification;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.StringTokenizer;
@@ -27,12 +26,12 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.notification.IEmailFormProcessor;
 
-
 /**
- * formulates the final email.  Escape character '\' is understood.
- * '$' is used preceeding a token name.  A token name should not be a
+ * formulates the final email. Escape character '\' is understood.
+ * '$' is used preceeding a token name. A token name should not be a
  * substring of any other token name
  * <p>
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -87,7 +86,7 @@ public class EmailFormProcessor implements IEmailFormProcessor {
      * @return mail content
      */
     public String getEmailContent(String form,
-        Hashtable<String, Object> tok2vals) {
+            Hashtable<String, Object> tok2vals) {
         mTok2vals = tok2vals;
 
         if (form == null) {
@@ -104,11 +103,11 @@ public class EmailFormProcessor implements IEmailFormProcessor {
          * first, take care of the escape characters '\'
          */
         StringTokenizer es = new StringTokenizer(form, TOK_ESC);
-		
+
         if (es.hasMoreTokens() && !form.startsWith(TOK_ESC)) {
             dollarProcess(es.nextToken());
         }
-		
+
         // rest of them start with '\'
         while (es.hasMoreTokens()) {
             String t = es.nextToken();
@@ -183,7 +182,7 @@ public class EmailFormProcessor implements IEmailFormProcessor {
                     matched = true;
 
                     // replaced! bail out.
-                    break; 
+                    break;
                 }
             }
 
@@ -200,7 +199,7 @@ public class EmailFormProcessor implements IEmailFormProcessor {
                     if (t.startsWith(token_keys[i])) {
                         // match,  replace it with the TOK_VALUE_UNKNOWN
                         mContent.add(TOK_VALUE_UNKNOWN);
-					
+
                         // now, put the rest of the non-token string
                         //						in mContent
                         if (t.length() != token_keys[i].length()) {
@@ -228,7 +227,7 @@ public class EmailFormProcessor implements IEmailFormProcessor {
 
         // initialize content with first element
         if (e.hasMoreElements()) {
-            content =  e.nextElement();
+            content = e.nextElement();
         }
 
         while (e.hasMoreElements()) {
@@ -247,7 +246,6 @@ public class EmailFormProcessor implements IEmailFormProcessor {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, "EmailFormProcessor: " + msg);
+                level, "EmailFormProcessor: " + msg);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/notification/EmailResolverKeys.java b/pki/base/common/src/com/netscape/cmscore/notification/EmailResolverKeys.java
index 909ec484..1cd8abd8 100644
--- a/pki/base/common/src/com/netscape/cmscore/notification/EmailResolverKeys.java
+++ b/pki/base/common/src/com/netscape/cmscore/notification/EmailResolverKeys.java
@@ -17,18 +17,16 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.notification;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.notification.IEmailResolverKeys;
 
-
 /**
  * Email resolver keys as input to email resolvers
  * <P>
- *
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -45,11 +43,12 @@ public class EmailResolverKeys implements IEmailResolverKeys {
 
     /**
      * sets a key with key name and the key
+     * 
      * @param name key name
      * @param key key
      * @exception com.netscape.certsrv.base.EBaseException NullPointerException
      */
-    public void set(String name, Object key)throws EBaseException {
+    public void set(String name, Object key) throws EBaseException {
         try {
             mKeys.put(name, key);
         } catch (NullPointerException e) {
@@ -60,7 +59,8 @@ public class EmailResolverKeys implements IEmailResolverKeys {
 
     /**
      * returns the key to which the specified name is mapped in this
-     *	 key set
+     * key set
+     * 
      * @param name key name
      * @return the named email resolver key
      */
@@ -70,8 +70,9 @@ public class EmailResolverKeys implements IEmailResolverKeys {
 
     /**
      * removes the name and its corresponding key from this
-     *	 key set.  This method does nothing if the named
-     *	 key is not in the key set.
+     * key set. This method does nothing if the named
+     * key is not in the key set.
+     * 
      * @param name key name
      */
     public void delete(String name) {
@@ -80,8 +81,9 @@ public class EmailResolverKeys implements IEmailResolverKeys {
 
     /**
      * returns an enumeration of the keys in this key
-     *	 set.  Use the Enumeration methods on the returned object to
-     *	 fetch the elements sequentially.
+     * set. Use the Enumeration methods on the returned object to
+     * fetch the elements sequentially.
+     * 
      * @return an enumeration of the values in this key set
      * @see java.util.Enumeration
      */
@@ -89,4 +91,3 @@ public class EmailResolverKeys implements IEmailResolverKeys {
         return (mKeys.elements());
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/notification/EmailTemplate.java b/pki/base/common/src/com/netscape/cmscore/notification/EmailTemplate.java
index 5c9e9ae0..0a1a05f6 100644
--- a/pki/base/common/src/com/netscape/cmscore/notification/EmailTemplate.java
+++ b/pki/base/common/src/com/netscape/cmscore/notification/EmailTemplate.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.notification;
 
-
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileNotFoundException;
@@ -28,12 +27,11 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.notification.IEmailTemplate;
 
-
 /**
  * Files to be processed and returned to the requested parties. It
  * is a template with $tokens to be used by the form/template processor.
- *
- *
+ * 
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -57,9 +55,9 @@ public class EmailTemplate implements IEmailTemplate {
 
     /**
      * Default Constructor
-     *
+     * 
      * @param templateFile File name of the template including the full path and
-     *        file extension
+     *            file extension
      */
     public EmailTemplate(String templatePath) {
         mTemplateFile = templatePath;
@@ -124,14 +122,14 @@ public class EmailTemplate implements IEmailTemplate {
         return mTemplateFile;
     }
 
-    /** 
+    /**
      * @return true if template is an html file, false otherwise
      */
     public boolean isHTML() {
         if (mTemplateFile.endsWith(".html") ||
-            mTemplateFile.endsWith(".HTML") ||
-            mTemplateFile.endsWith(".htm") ||
-            mTemplateFile.endsWith(".HTM"))
+                mTemplateFile.endsWith(".HTML") ||
+                mTemplateFile.endsWith(".htm") ||
+                mTemplateFile.endsWith(".HTM"))
             return true;
         else
             return false;
@@ -178,7 +176,7 @@ public class EmailTemplate implements IEmailTemplate {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, msg);
+                level, msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/notification/ReqCertEmailResolver.java b/pki/base/common/src/com/netscape/cmscore/notification/ReqCertEmailResolver.java
index 04dd9b5f..330621e7 100644
--- a/pki/base/common/src/com/netscape/cmscore/notification/ReqCertEmailResolver.java
+++ b/pki/base/common/src/com/netscape/cmscore/notification/ReqCertEmailResolver.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.notification;
 
-
 import java.io.IOException;
 import java.security.cert.X509Certificate;
 
@@ -31,11 +30,11 @@ import com.netscape.certsrv.notification.IEmailResolver;
 import com.netscape.certsrv.notification.IEmailResolverKeys;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * An email resolver that first checks the request email, if none,
  * then follows by checking the subjectDN of the certificate
  * <p>
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -44,6 +43,7 @@ public class ReqCertEmailResolver implements IEmailResolver {
 
     public static final String KEY_REQUEST = "request";
     public static final String KEY_CERT = "cert";
+
     // required keys for this resolver to figure out the email address
     //	protected static String[] mRequiredKeys = {KEY_REQUEST, KEY_CERT};
 
@@ -51,12 +51,13 @@ public class ReqCertEmailResolver implements IEmailResolver {
     }
 
     /**
-     * returns an email address by using the resolver keys.  The
-     *	 return value can possibly be null
+     * returns an email address by using the resolver keys. The
+     * return value can possibly be null
+     * 
      * @param keys list of keys used for resolving the email address
      */
-    public String getEmail(IEmailResolverKeys keys) 
-        throws EBaseException, ENotificationException {
+    public String getEmail(IEmailResolverKeys keys)
+            throws EBaseException, ENotificationException {
         IRequest req = (IRequest) keys.get(KEY_REQUEST);
 
         String mEmail = null;
@@ -84,14 +85,14 @@ public class ReqCertEmailResolver implements IEmailResolver {
         if (cert != null) {
             subjectDN =
                     (X500Name) cert.getSubjectDN();
-			
+
             try {
                 mEmail = subjectDN.getEmail();
             } catch (IOException e) {
                 System.out.println("X500Name getEmail failed");
-                throw new ENotificationException (
+                throw new ENotificationException(
                         CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                        subjectDN.toString()));
+                                subjectDN.toString()));
             }
         } else {
             log(ILogger.LL_INFO, "cert null in keys");
@@ -101,31 +102,31 @@ public class ReqCertEmailResolver implements IEmailResolver {
         if (mEmail == null) {
             if (cert != null) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL", subjectDN.toString()));
+                        CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL", subjectDN.toString()));
                 CMS.debug(
-                    "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for " +
-                    subjectDN.toString());
-                throw new ENotificationException (
+                        "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for " +
+                                subjectDN.toString());
+                throw new ENotificationException(
                         CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                        "subjectDN= " + subjectDN.toString()));
+                                "subjectDN= " + subjectDN.toString()));
             } else if (req != null) {
                 log(ILogger.LL_FAILURE,
-                    "no email resolved for request id =" +
-                    req.getRequestId().toString());
+                        "no email resolved for request id =" +
+                                req.getRequestId().toString());
                 CMS.debug(
-                    "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for request id =" +
-                    req.getRequestId().toString());
-                throw new ENotificationException (
+                        "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for request id =" +
+                                req.getRequestId().toString());
+                throw new ENotificationException(
                         CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                        "requestId= " + req.getRequestId().toString()));
+                                "requestId= " + req.getRequestId().toString()));
             } else {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL_REQUEST"));
+                        CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL_REQUEST"));
                 CMS.debug(
-                    "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1.  No request id or cert info found");
-                throw new ENotificationException (
+                        "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1.  No request id or cert info found");
+                throw new ENotificationException(
                         CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                        ": No request id or cert info found"));
+                                ": No request id or cert info found"));
             }
         } else {
             log(ILogger.LL_INFO, "email resolved: " + mEmail);
@@ -136,9 +137,10 @@ public class ReqCertEmailResolver implements IEmailResolver {
 
     /**
      * Returns array of required keys for this email resolver
+     * 
      * @return Array of required keys.
      */
-    
+
     /*	public String[] getRequiredKeys() {
      return mRequiredKeys;
      }*/
@@ -147,7 +149,7 @@ public class ReqCertEmailResolver implements IEmailResolver {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, "ReqCertEmailResolver: " + msg);
+                level, "ReqCertEmailResolver: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/notification/ReqCertSANameEmailResolver.java b/pki/base/common/src/com/netscape/cmscore/notification/ReqCertSANameEmailResolver.java
index 580c9e98..bc54a7d4 100644
--- a/pki/base/common/src/com/netscape/cmscore/notification/ReqCertSANameEmailResolver.java
+++ b/pki/base/common/src/com/netscape/cmscore/notification/ReqCertSANameEmailResolver.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.notification;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateParsingException;
@@ -43,12 +42,12 @@ import com.netscape.certsrv.notification.IEmailResolver;
 import com.netscape.certsrv.notification.IEmailResolverKeys;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * An email resolver that first checks the request email, if none,
  * then follows by checking the subjectDN of the certificate, if none,
  * then follows by checking the subjectalternatename extension
  * <p>
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -65,12 +64,13 @@ public class ReqCertSANameEmailResolver implements IEmailResolver {
     }
 
     /**
-     * returns an email address by using the resolver keys.  The
-     *	 return value can possibly be null
+     * returns an email address by using the resolver keys. The
+     * return value can possibly be null
+     * 
      * @param keys list of keys used for resolving the email address
      */
-    public String getEmail(IEmailResolverKeys keys) 
-        throws EBaseException, ENotificationException {
+    public String getEmail(IEmailResolverKeys keys)
+            throws EBaseException, ENotificationException {
         IRequest req = (IRequest) keys.get(KEY_REQUEST);
 
         String mEmail = null;
@@ -102,30 +102,30 @@ public class ReqCertSANameEmailResolver implements IEmailResolver {
             ICertificateRepository certDB = ca.getCertificateRepository();
 
             cert = certDB.getX509Certificate(revCert.getSerialNumber());
-        }else
+        } else
             cert = (X509Certificate) request;
-        
+
         X500Name subjectDN = null;
 
         if (cert != null) {
             subjectDN =
                     (X500Name) cert.getSubjectDN();
-			
+
             try {
                 mEmail = subjectDN.getEmail();
                 if (mEmail != null) {
                     if (!mEmail.equals("")) {
                         log(ILogger.LL_INFO, "cert subjectDN E=" +
-                            mEmail);
+                                mEmail);
                     }
                 } else {
                     log(ILogger.LL_INFO, "no E component in subjectDN ");
                 }
             } catch (IOException e) {
                 System.out.println("X500Name getEmail failed");
-                throw new ENotificationException (
+                throw new ENotificationException(
                         CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                        subjectDN.toString()));
+                                subjectDN.toString()));
             }
 
             // try subjectalternatename
@@ -136,13 +136,13 @@ public class ReqCertSANameEmailResolver implements IEmailResolver {
                 try {
                     certInfo = (X509CertInfo)
                             ((X509CertImpl) cert).get(
-                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                                    X509CertImpl.NAME + "." + X509CertImpl.INFO);
                 } catch (CertificateParsingException ex) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSCORE_NOTIFY_NO_CERTINFO"));
-                    throw new ENotificationException (
+                            CMS.getLogMessage("CMSCORE_NOTIFY_NO_CERTINFO"));
+                    throw new ENotificationException(
                             CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                            "subjectDN= " + subjectDN.toString()));
+                                    "subjectDN= " + subjectDN.toString()));
                 }
 
                 CertificateExtensions exts;
@@ -152,47 +152,46 @@ public class ReqCertSANameEmailResolver implements IEmailResolver {
                             certInfo.get(CertificateExtensions.NAME);
                 } catch (IOException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSCORE_NOTIFY_GET_EXT", e.toString()));
-                    throw new ENotificationException (
+                            CMS.getLogMessage("CMSCORE_NOTIFY_GET_EXT", e.toString()));
+                    throw new ENotificationException(
                             CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                            "subjectDN= " + subjectDN.toString()));
+                                    "subjectDN= " + subjectDN.toString()));
 
                 } catch (CertificateException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSCORE_NOTIFY_GET_EXT", e.toString()));
-                    throw new ENotificationException (
+                            CMS.getLogMessage("CMSCORE_NOTIFY_GET_EXT", e.toString()));
+                    throw new ENotificationException(
                             CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                            "subjectDN= " + subjectDN.toString()));
+                                    "subjectDN= " + subjectDN.toString()));
                 }
 
                 if (exts != null) {
                     SubjectAlternativeNameExtension ext;
 
                     try {
-                        ext = 
+                        ext =
                                 (SubjectAlternativeNameExtension)
                                 exts.get(SubjectAlternativeNameExtension.class.getSimpleName());
                     } catch (IOException e) {
                         log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSCORE_NOTIFY_GET_EXT", e.toString()));
-                        throw new ENotificationException (
+                                CMS.getLogMessage("CMSCORE_NOTIFY_GET_EXT", e.toString()));
+                        throw new ENotificationException(
                                 CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                                "subjectDN= " + subjectDN.toString()));
-						
+                                        "subjectDN= " + subjectDN.toString()));
+
                     }
 
                     try {
                         if (ext != null) {
                             GeneralNames gn =
-                                (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+                                    (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
 
                             Enumeration<GeneralNameInterface> e = gn.elements();
 
                             while (e.hasMoreElements()) {
-                                GeneralNameInterface gni =e.nextElement();
+                                GeneralNameInterface gni = e.nextElement();
 
-                                if (gni.getType() ==
-                                    GeneralNameInterface.NAME_RFC822) {
+                                if (gni.getType() == GeneralNameInterface.NAME_RFC822) {
                                     CMS.debug("got an subjectalternatename email");
 
                                     String nameString = gni.toString();
@@ -201,9 +200,9 @@ public class ReqCertSANameEmailResolver implements IEmailResolver {
                                     mEmail =
                                             nameString.substring(nameString.indexOf(' ') + 1);
                                     log(ILogger.LL_INFO,
-                                        "subjectalternatename email used:" +
-                                        mEmail);
-									
+                                            "subjectalternatename email used:" +
+                                                    mEmail);
+
                                     break;
                                 } else {
                                     CMS.debug("not an subjectalternatename email");
@@ -212,43 +211,43 @@ public class ReqCertSANameEmailResolver implements IEmailResolver {
                         }
                     } catch (IOException e) {
                         log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSCORE_NOTIFY_SUBJECTALTNAME"));
+                                CMS.getLogMessage("CMSCORE_NOTIFY_SUBJECTALTNAME"));
                     }
                 }
             }
         } else {
             log(ILogger.LL_INFO, "cert null in keys");
         }
-    
+
         // log it
         if (mEmail == null) {
             if (cert != null) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL", subjectDN.toString()));
+                        CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL", subjectDN.toString()));
                 CMS.debug(
-                    "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for " +
-                    subjectDN.toString());
-                throw new ENotificationException (
+                        "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for " +
+                                subjectDN.toString());
+                throw new ENotificationException(
                         CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                        "subjectDN= " + subjectDN.toString()));
+                                "subjectDN= " + subjectDN.toString()));
             } else if (req != null) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL_ID",
-                        req.getRequestId().toString()));
+                        CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL_ID",
+                                req.getRequestId().toString()));
                 CMS.debug(
-                    "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for request id =" +
-                    req.getRequestId().toString());
-                throw new ENotificationException (
+                        "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for request id =" +
+                                req.getRequestId().toString());
+                throw new ENotificationException(
                         CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                        "requestId= " + req.getRequestId().toString()));
+                                "requestId= " + req.getRequestId().toString()));
             } else {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL_REQUEST"));
+                        CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL_REQUEST"));
                 CMS.debug(
-                    "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1.  No request id or cert info found");
-                throw new ENotificationException (
+                        "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1.  No request id or cert info found");
+                throw new ENotificationException(
                         CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                        ": No request id or cert info found"));
+                                ": No request id or cert info found"));
             }
         } else {
             log(ILogger.LL_INFO, "email resolved: " + mEmail);
@@ -259,9 +258,10 @@ public class ReqCertSANameEmailResolver implements IEmailResolver {
 
     /**
      * Returns array of required keys for this email resolver
+     * 
      * @return Array of required keys.
      */
-    
+
     /*	public String[] getRequiredKeys() {
      return mRequiredKeys;
      }*/
@@ -270,7 +270,7 @@ public class ReqCertSANameEmailResolver implements IEmailResolver {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, "ReqCertSANameEmailResolver: " + msg);
+                level, "ReqCertSANameEmailResolver: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/AndExpression.java b/pki/base/common/src/com/netscape/cmscore/policy/AndExpression.java
index d58cfe13..7e704dfb 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/AndExpression.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/AndExpression.java
@@ -17,31 +17,30 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.policy;
 
-
 import com.netscape.certsrv.policy.EPolicyException;
 import com.netscape.certsrv.policy.IExpression;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class represents an expression of the form
  * <var1 op val1 AND var2 op va2>.
- *
+ * 
  * Expressions are used as predicates for policy selection.
- *
+ * 
  * @author kanda
  * @version $Revision$, $Date$
  */
 public class AndExpression implements IExpression {
     private IExpression mExp1;
     private IExpression mExp2;
+
     public AndExpression(IExpression exp1, IExpression exp2) {
         mExp1 = exp1;
         mExp2 = exp2;
     }
 
     public boolean evaluate(IRequest req)
-        throws EPolicyException {
+            throws EPolicyException {
         // If an expression is missing we assume applicability.
         if (mExp1 == null && mExp2 == null)
             return true;
@@ -49,7 +48,8 @@ public class AndExpression implements IExpression {
             return mExp1.evaluate(req) && mExp2.evaluate(req);
         else if (mExp1 == null)
             return mExp2.evaluate(req);
-        else // (if mExp2 == null)
+        else
+            // (if mExp2 == null)
             return mExp1.evaluate(req);
     }
 
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/GeneralNameUtil.java b/pki/base/common/src/com/netscape/cmscore/policy/GeneralNameUtil.java
index 4587bca6..8fe2863d 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/GeneralNameUtil.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/GeneralNameUtil.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.policy;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.util.Enumeration;
@@ -50,9 +49,8 @@ import com.netscape.certsrv.policy.IGeneralNamesConfig;
 import com.netscape.certsrv.policy.ISubjAltNameConfig;
 import com.netscape.cmscore.util.Debug;
 
-
-/** 
- * Class that can be used to form general names from configuration file. 
+/**
+ * Class that can be used to form general names from configuration file.
  * Used by policies and extension commands.
  */
 public class GeneralNameUtil implements IGeneralNameUtil {
@@ -64,9 +62,9 @@ public class GeneralNameUtil implements IGeneralNameUtil {
      * are NameConstraints, CertificateScopeOfUse extensions. In such
      * cases, IPAddress may contain netmask component.
      */
-    static public GeneralName 
-    form_GeneralNameAsConstraints(String generalNameChoice, String value)
-        throws EBaseException {
+    static public GeneralName
+            form_GeneralNameAsConstraints(String generalNameChoice, String value)
+                    throws EBaseException {
         try {
             if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_IPADDRESS)) {
                 StringTokenizer st = new StringTokenizer(value, ",");
@@ -87,15 +85,16 @@ public class GeneralNameUtil implements IGeneralNameUtil {
 
     /**
      * Form a General Name from a General Name choice and value.
-     * The General Name choice must be one of the General Name Choice Strings 
+     * The General Name choice must be one of the General Name Choice Strings
      * defined in this class.
-     * @param generalNameChoice General Name choice. Must be one of the General 
-     * Name choices defined in this class.
+     * 
+     * @param generalNameChoice General Name choice. Must be one of the General
+     *            Name choices defined in this class.
      * @param value String value of the general name to form.
      */
-    static public GeneralName 
-    form_GeneralName(String generalNameChoice, String value)
-        throws EBaseException {
+    static public GeneralName
+            form_GeneralName(String generalNameChoice, String value)
+                    throws EBaseException {
         GeneralNameInterface generalNameI = null;
         DerValue derVal = null;
         GeneralName generalName = null;
@@ -112,10 +111,12 @@ public class GeneralNameUtil implements IGeneralNameUtil {
             } else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DNSNAME)) {
                 generalNameI = new DNSName(value);
                 Debug.trace("dnsName formed");
-            } /** not supported -- no sun class 
-             else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_X400ADDRESS)) {
-             }
-             **/ else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DIRECTORYNAME)) {
+            }/**
+             * not supported -- no sun class
+             * else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_X400ADDRESS)) {
+             * }
+             **/
+            else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DIRECTORYNAME)) {
                 generalNameI = new X500Name(value);
                 Debug.trace("X500Name formed");
             } else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_EDIPARTYNAME)) {
@@ -135,35 +136,35 @@ public class GeneralNameUtil implements IGeneralNameUtil {
                 } catch (Exception e) {
                     throw new EBaseException(
                             CMS.getUserMessage("CMS_BASE_INVALID_VALUE_FOR_TYPE",
-                                generalNameChoice,
-                                "value must be a valid OID in the form n.n.n.n"));
+                                    generalNameChoice,
+                                    "value must be a valid OID in the form n.n.n.n"));
                 }
                 generalNameI = new OIDName(oid);
                 Debug.trace("oidname formed");
             } else {
                 throw new EBaseException(
                         CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                            new String[] { 
-                                PROP_GENNAME_CHOICE,
-                                "value must be one of: " +
-                                GENNAME_CHOICE_OTHERNAME + ", " +
-                                GENNAME_CHOICE_RFC822NAME + ", " +
-                                GENNAME_CHOICE_DNSNAME + ", " +
-                            
-                                /* GENNAME_CHOICE_X400ADDRESS +", "+ */
-                                GENNAME_CHOICE_DIRECTORYNAME + ", " +
-                                GENNAME_CHOICE_EDIPARTYNAME + ", " +
-                                GENNAME_CHOICE_URL + ", " +
-                                GENNAME_CHOICE_IPADDRESS + ", or " +
-                                GENNAME_CHOICE_REGISTEREDID + "."
+                                new String[] {
+                                        PROP_GENNAME_CHOICE,
+                                        "value must be one of: " +
+                                                GENNAME_CHOICE_OTHERNAME + ", " +
+                                                GENNAME_CHOICE_RFC822NAME + ", " +
+                                                GENNAME_CHOICE_DNSNAME + ", " +
+
+                                                /* GENNAME_CHOICE_X400ADDRESS +", "+ */
+                                                GENNAME_CHOICE_DIRECTORYNAME + ", " +
+                                                GENNAME_CHOICE_EDIPARTYNAME + ", " +
+                                                GENNAME_CHOICE_URL + ", " +
+                                                GENNAME_CHOICE_IPADDRESS + ", or " +
+                                                GENNAME_CHOICE_REGISTEREDID + "."
                             }
-                        ));
+                                ));
             }
         } catch (IOException e) {
             Debug.printStackTrace(e);
             throw new EBaseException(
                     CMS.getUserMessage("CMS_BASE_INVALID_VALUE_FOR_TYPE",
-                        generalNameChoice, e.toString()));
+                            generalNameChoice, e.toString()));
         } catch (InvalidIPAddressException e) {
             Debug.printStackTrace(e);
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_IP_ADDR", value));
@@ -187,62 +188,63 @@ public class GeneralNameUtil implements IGeneralNameUtil {
     }
 
     /**
-     * Checks if given string is a valid General Name choice and returns 
+     * Checks if given string is a valid General Name choice and returns
      * the actual string that can be passed into form_GeneralName().
+     * 
      * @param generalNameChoice a General Name choice string.
-     * @return one of General Name choices defined in this class that can be 
-     * passed into form_GeneralName().
+     * @return one of General Name choices defined in this class that can be
+     *         passed into form_GeneralName().
      */
-    static public String check_GeneralNameChoice(String generalNameChoice) 
-        throws EBaseException {
+    static public String check_GeneralNameChoice(String generalNameChoice)
+            throws EBaseException {
         String theGeneralNameChoice = null;
 
-        if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_OTHERNAME)) 
+        if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_OTHERNAME))
             theGeneralNameChoice = GENNAME_CHOICE_OTHERNAME;
-        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_RFC822NAME)) 
+        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_RFC822NAME))
             theGeneralNameChoice = GENNAME_CHOICE_RFC822NAME;
-        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DNSNAME)) 
+        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DNSNAME))
             theGeneralNameChoice = GENNAME_CHOICE_DNSNAME;
 
-            /* X400Address not supported.
-             else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_X400ADDRESS)) 
-             theGeneralNameChoice = GENNAME_CHOICE_X400ADDRESS;
-             */
-        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DIRECTORYNAME)) 
+        /* X400Address not supported.
+         else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_X400ADDRESS)) 
+         theGeneralNameChoice = GENNAME_CHOICE_X400ADDRESS;
+         */
+        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DIRECTORYNAME))
             theGeneralNameChoice = GENNAME_CHOICE_DIRECTORYNAME;
-        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_EDIPARTYNAME)) 
+        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_EDIPARTYNAME))
             theGeneralNameChoice = GENNAME_CHOICE_EDIPARTYNAME;
-        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_URL)) 
+        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_URL))
             theGeneralNameChoice = GENNAME_CHOICE_URL;
-        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_IPADDRESS)) 
+        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_IPADDRESS))
             theGeneralNameChoice = GENNAME_CHOICE_IPADDRESS;
-        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_REGISTEREDID)) 
+        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_REGISTEREDID))
             theGeneralNameChoice = GENNAME_CHOICE_REGISTEREDID;
         else {
             throw new EBaseException(
                     CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                        new String[] { 
-                            PROP_GENNAME_CHOICE + "=" + generalNameChoice,
-                            "value must be one of: " +
-                            GENNAME_CHOICE_OTHERNAME + ", " +
-                            GENNAME_CHOICE_RFC822NAME + ", " +
-                            GENNAME_CHOICE_DNSNAME + ", " +
-                        
-                            /* GENNAME_CHOICE_X400ADDRESS +", "+ */
-                            GENNAME_CHOICE_DIRECTORYNAME + ", " +
-                            GENNAME_CHOICE_EDIPARTYNAME + ", " +
-                            GENNAME_CHOICE_URL + ", " +
-                            GENNAME_CHOICE_IPADDRESS + ", " +
-                            GENNAME_CHOICE_REGISTEREDID + "."
+                            new String[] {
+                                    PROP_GENNAME_CHOICE + "=" + generalNameChoice,
+                                    "value must be one of: " +
+                                            GENNAME_CHOICE_OTHERNAME + ", " +
+                                            GENNAME_CHOICE_RFC822NAME + ", " +
+                                            GENNAME_CHOICE_DNSNAME + ", " +
+
+                                            /* GENNAME_CHOICE_X400ADDRESS +", "+ */
+                                            GENNAME_CHOICE_DIRECTORYNAME + ", " +
+                                            GENNAME_CHOICE_EDIPARTYNAME + ", " +
+                                            GENNAME_CHOICE_URL + ", " +
+                                            GENNAME_CHOICE_IPADDRESS + ", " +
+                                            GENNAME_CHOICE_REGISTEREDID + "."
                         }
-                    ));
+                            ));
         }
         return theGeneralNameChoice;
     }
 
     static public class GeneralNamesConfig implements IGeneralNamesConfig {
         public String mName = null; // substore name of config if any.
-        public GeneralNameConfig[] mGenNameConfigs = null; 
+        public GeneralNameConfig[] mGenNameConfigs = null;
         public IConfigStore mConfig = null;
         public boolean mIsValueConfigured = true;
         public boolean mIsPolicyEnabled = true;
@@ -252,17 +254,17 @@ public class GeneralNameUtil implements IGeneralNameUtil {
         private String mNameDotGeneralName = mName + DOT + PROP_GENERALNAME;
 
         public GeneralNamesConfig(
-            String name, 
-            IConfigStore config, 
-            boolean isValueConfigured,
-            boolean isPolicyEnabled)
-            throws EBaseException {
+                String name,
+                IConfigStore config,
+                boolean isValueConfigured,
+                boolean isPolicyEnabled)
+                throws EBaseException {
             mIsValueConfigured = isValueConfigured;
             mIsPolicyEnabled = isPolicyEnabled;
             mName = name;
-            if (mName != null) 
+            if (mName != null)
                 mNameDotGeneralName = mName + DOT + PROP_GENERALNAME;
-            else 
+            else
                 mNameDotGeneralName = PROP_GENERALNAME;
             mConfig = config;
 
@@ -271,19 +273,19 @@ public class GeneralNameUtil implements IGeneralNameUtil {
             if (numGNs < 0) {
                 throw new EBaseException(
                         CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                            new String[] { 
-                                PROP_NUM_GENERALNAMES + "=" + numGNs, 
-                                "value must be greater than or equal to 0."}
-                        ));
+                                new String[] {
+                                        PROP_NUM_GENERALNAMES + "=" + numGNs,
+                                        "value must be greater than or equal to 0." }
+                                ));
             }
             mGenNameConfigs = new GeneralNameConfig[numGNs];
             for (int i = 0; i < numGNs; i++) {
                 String storeName = mNameDotGeneralName + i;
 
-                mGenNameConfigs[i] = 
+                mGenNameConfigs[i] =
                         newGeneralNameConfig(
-                            storeName, mConfig.getSubStore(storeName), 
-                            mIsValueConfigured, mIsPolicyEnabled);
+                                storeName, mConfig.getSubStore(storeName),
+                                mIsValueConfigured, mIsPolicyEnabled);
             }
 
             if (mIsValueConfigured && mIsPolicyEnabled) {
@@ -299,9 +301,9 @@ public class GeneralNameUtil implements IGeneralNameUtil {
         }
 
         protected GeneralNameConfig newGeneralNameConfig(
-            String name, IConfigStore config, 
-            boolean isValueConfigured, boolean isPolicyEnabled) 
-            throws EBaseException {
+                String name, IConfigStore config,
+                boolean isValueConfigured, boolean isPolicyEnabled)
+                throws EBaseException {
             return new GeneralNameConfig(
                     name, config, isValueConfigured, isPolicyEnabled);
         }
@@ -334,20 +336,20 @@ public class GeneralNameUtil implements IGeneralNameUtil {
             return mDefNumGenNames;
         }
 
-        /** 
-         * adds params to default 
+        /**
+         * adds params to default
          */
         public static void getDefaultParams(
-            String name, boolean isValueConfigured, Vector<String> params) {
+                String name, boolean isValueConfigured, Vector<String> params) {
             String nameDot = "";
 
-            if (name != null) 
+            if (name != null)
                 nameDot = name + DOT;
             params.addElement(
-                nameDot + PROP_NUM_GENERALNAMES + '=' + DEF_NUM_GENERALNAMES);
+                    nameDot + PROP_NUM_GENERALNAMES + '=' + DEF_NUM_GENERALNAMES);
             for (int i = 0; i < DEF_NUM_GENERALNAMES; i++) {
                 GeneralNameConfig.getDefaultParams(
-                    nameDot + PROP_GENERALNAME + i, isValueConfigured, params);
+                        nameDot + PROP_GENERALNAME + i, isValueConfigured, params);
             }
         }
 
@@ -356,7 +358,7 @@ public class GeneralNameUtil implements IGeneralNameUtil {
          */
         public void getInstanceParams(Vector<String> params) {
             params.addElement(
-                PROP_NUM_GENERALNAMES + '=' + mGenNameConfigs.length);
+                    PROP_NUM_GENERALNAMES + '=' + mGenNameConfigs.length);
             for (int i = 0; i < mGenNameConfigs.length; i++) {
                 mGenNameConfigs[i].getInstanceParams(params);
             }
@@ -366,7 +368,7 @@ public class GeneralNameUtil implements IGeneralNameUtil {
          * Get extended plugin info.
          */
         public static void getExtendedPluginInfo(
-            String name, boolean isValueConfigured, Vector<String> info) {
+                String name, boolean isValueConfigured, Vector<String> info) {
             String nameDot = "";
 
             if (name != null && name.length() > 0)
@@ -374,33 +376,31 @@ public class GeneralNameUtil implements IGeneralNameUtil {
             info.addElement(PROP_NUM_GENERALNAMES + ";" + NUM_GENERALNAMES_INFO);
             for (int i = 0; i < DEF_NUM_GENERALNAMES; i++) {
                 GeneralNameConfig.getExtendedPluginInfo(
-                    nameDot + PROP_GENERALNAME + i, isValueConfigured, info);
+                        nameDot + PROP_GENERALNAME + i, isValueConfigured, info);
             }
         }
 
     }
 
-
     static public class GeneralNamesAsConstraintsConfig extends GeneralNamesConfig implements IGeneralNamesAsConstraintsConfig {
         public GeneralNamesAsConstraintsConfig(
-            String name, 
-            IConfigStore config, 
-            boolean isValueConfigured,
-            boolean isPolicyEnabled)
-            throws EBaseException {
+                String name,
+                IConfigStore config,
+                boolean isValueConfigured,
+                boolean isPolicyEnabled)
+                throws EBaseException {
             super(name, config, isValueConfigured, isPolicyEnabled);
         }
 
         protected GeneralNameConfig newGeneralNameConfig(
-            String name, IConfigStore config, 
-            boolean isValueConfigured, boolean isPolicyEnabled) 
-            throws EBaseException {
-            return new GeneralNameAsConstraintsConfig(name, config, 
+                String name, IConfigStore config,
+                boolean isValueConfigured, boolean isPolicyEnabled)
+                throws EBaseException {
+            return new GeneralNameAsConstraintsConfig(name, config,
                     isValueConfigured, isPolicyEnabled);
         }
     }
 
-
     /**
      * convenience class for policies use.
      */
@@ -418,11 +418,11 @@ public class GeneralNameUtil implements IGeneralNameUtil {
         public String mNameDotValue = null;
 
         public GeneralNameConfig(
-            String name, 
-            IConfigStore config, 
-            boolean isValueConfigured, 
-            boolean isPolicyEnabled) 
-            throws EBaseException {
+                String name,
+                IConfigStore config,
+                boolean isValueConfigured,
+                boolean isPolicyEnabled)
+                throws EBaseException {
             mIsValueConfigured = isValueConfigured;
             mIsPolicyEnabled = isPolicyEnabled;
             mName = name;
@@ -461,7 +461,7 @@ public class GeneralNameUtil implements IGeneralNameUtil {
                     mGeneralName = formGeneralName(mGenNameChoice, mValue);
                 } else {
                     mValue = mConfig.getString(PROP_GENNAME_VALUE, "");
-                    if (mValue != null && mValue.length() > 0) 
+                    if (mValue != null && mValue.length() > 0)
                         mGeneralName = formGeneralName(mGenNameChoice, mValue);
                 }
             }
@@ -470,23 +470,23 @@ public class GeneralNameUtil implements IGeneralNameUtil {
         /**
          * Form a general name from the value string.
          */
-        public GeneralName formGeneralName(String value) 
-            throws EBaseException {
+        public GeneralName formGeneralName(String value)
+                throws EBaseException {
             return formGeneralName(mGenNameChoice, value);
         }
 
-        public GeneralName formGeneralName(String choice, String value) 
-            throws EBaseException {
+        public GeneralName formGeneralName(String choice, String value)
+                throws EBaseException {
             return form_GeneralName(choice, value);
         }
 
-        /** 
-         * @return a vector of General names from a value that can be 
-         * either a Vector of strings, string array or just a string.
-         * Returned Vector can be null if value is not of expected type.
+        /**
+         * @return a vector of General names from a value that can be
+         *         either a Vector of strings, string array or just a string.
+         *         Returned Vector can be null if value is not of expected type.
          */
-        public Vector<GeneralName> formGeneralNames(Object value) 
-            throws EBaseException {
+        public Vector<GeneralName> formGeneralNames(Object value)
+                throws EBaseException {
             Vector<GeneralName> gns = new Vector<GeneralName>();
             GeneralName gn = null;
 
@@ -513,7 +513,7 @@ public class GeneralNameUtil implements IGeneralNameUtil {
                     Object val = n.nextElement();
 
                     if (val != null && (val instanceof String) &&
-                        ((String) (val = ((String) val).trim())).length() > 0) {
+                            ((String) (val = ((String) val).trim())).length() > 0) {
                         gn = formGeneralName(mGenNameChoice, (String) val);
                         gns.addElement(gn);
                     }
@@ -553,7 +553,7 @@ public class GeneralNameUtil implements IGeneralNameUtil {
          */
 
         public static void getDefaultParams(
-            String name, boolean isValueConfigured, Vector<String> params) {
+                String name, boolean isValueConfigured, Vector<String> params) {
             String nameDot = "";
 
             if (name != null)
@@ -565,14 +565,14 @@ public class GeneralNameUtil implements IGeneralNameUtil {
         }
 
         /**
-         * Get instance params 
+         * Get instance params
          */
         public void getInstanceParams(Vector<String> params) {
             String value = (mValue == null) ? "" : mValue;
             String choice = (mGenNameChoice == null) ? "" : mGenNameChoice;
 
             params.addElement(mNameDotChoice + "=" + choice);
-            if (mIsValueConfigured) 
+            if (mIsValueConfigured)
                 params.addElement(mNameDotValue + "=" + value);
         }
 
@@ -580,31 +580,30 @@ public class GeneralNameUtil implements IGeneralNameUtil {
          * Get extended plugin info
          */
         public static void getExtendedPluginInfo(
-            String name, boolean isValueConfigured, Vector<String> info) {
+                String name, boolean isValueConfigured, Vector<String> info) {
             String nameDot = "";
 
-            if (name != null && name.length() > 0) 
+            if (name != null && name.length() > 0)
                 nameDot = name + ".";
             info.addElement(
-                nameDot + PROP_GENNAME_CHOICE + ";" + GENNAME_CHOICE_INFO);
-            if (isValueConfigured) 
+                    nameDot + PROP_GENNAME_CHOICE + ";" + GENNAME_CHOICE_INFO);
+            if (isValueConfigured)
                 info.addElement(
-                    nameDot + PROP_GENNAME_VALUE + ";" + GENNAME_VALUE_INFO);
+                        nameDot + PROP_GENNAME_VALUE + ";" + GENNAME_VALUE_INFO);
         }
     }
 
-
     /**
      * convenience class for policies use.
      */
     static public class GeneralNameAsConstraintsConfig extends GeneralNameConfig implements IGeneralNameAsConstraintsConfig {
-		
+
         public GeneralNameAsConstraintsConfig(
-            String name,
-            IConfigStore config,
-            boolean isValueConfigured,
-            boolean isPolicyEnabled)
-            throws EBaseException {
+                String name,
+                IConfigStore config,
+                boolean isValueConfigured,
+                boolean isPolicyEnabled)
+                throws EBaseException {
             super(name, config, isValueConfigured, isPolicyEnabled);
         }
 
@@ -615,18 +614,17 @@ public class GeneralNameUtil implements IGeneralNameUtil {
         /**
          * Form a general name from the value string.
          */
-        public GeneralName formGeneralName(String choice, String value) 
-            throws EBaseException {
+        public GeneralName formGeneralName(String choice, String value)
+                throws EBaseException {
             return form_GeneralNameAsConstraints(choice, value);
         }
     }
 
-
     public static class SubjAltNameGN extends GeneralNameUtil.GeneralNameConfig implements ISubjAltNameConfig {
         static final String REQUEST_ATTR_INFO =
-            "string;Request attribute name. " +
-            "The value of the request attribute will be used to form a " +
-            "General Name in the Subject Alternative Name extension.";
+                "string;Request attribute name. " +
+                        "The value of the request attribute will be used to form a " +
+                        "General Name in the Subject Alternative Name extension.";
 
         static final String PROP_REQUEST_ATTR = "requestAttr";
 
@@ -635,8 +633,8 @@ public class GeneralNameUtil implements IGeneralNameUtil {
         String mAttr = null;
 
         public SubjAltNameGN(
-            String name, IConfigStore config, boolean isPolicyEnabled)
-            throws EBaseException {
+                String name, IConfigStore config, boolean isPolicyEnabled)
+                throws EBaseException {
             super(name, config, false, isPolicyEnabled);
 
             mRequestAttr = mConfig.getString(PROP_REQUEST_ATTR, null);
@@ -645,7 +643,7 @@ public class GeneralNameUtil implements IGeneralNameUtil {
                 mRequestAttr = "";
             }
             if (isPolicyEnabled && mRequestAttr.length() == 0) {
-                throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", 
+                throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
                             mConfig.getName() + "." + PROP_REQUEST_ATTR));
             }
             int x = mRequestAttr.indexOf('.');
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java b/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java
index 2b4d012c..ab85bb80 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.policy;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.StringTokenizer;
@@ -48,20 +47,19 @@ import com.netscape.cmscore.request.ARequestQueue;
 import com.netscape.cmscore.util.AssertionException;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * This is a Generic policy processor. The three main functions of
  * this class are:
- *  1. To initialize policies by reading policy configuration from the
- *     config file, and maintain 5 sets of policies - viz Enrollment,
- *      Renewal, Revocation and KeyRecovery and KeyArchival.
- *  2. To apply the configured policies on the given request.
- *  3. To enable policy listing/configuration via MCC console.
- *
+ * 1. To initialize policies by reading policy configuration from the
+ * config file, and maintain 5 sets of policies - viz Enrollment,
+ * Renewal, Revocation and KeyRecovery and KeyArchival.
+ * 2. To apply the configured policies on the given request.
+ * 3. To enable policy listing/configuration via MCC console.
+ * 
  * Since the policy processor also implements the IPolicy interface
  * the processor itself presents itself as one big policy to the
  * request processor.
- *
+ * 
  * @author kanda
  * @version $Revision$, $Date$
  */
@@ -71,12 +69,12 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     protected IAuthority mAuthority = null;
 
     // Default System Policies
-    public final static String[] DEF_POLICIES = 
-        {"com.netscape.cms.policy.constraints.ManualAuthentication"};
+    public final static String[] DEF_POLICIES =
+        { "com.netscape.cms.policy.constraints.ManualAuthentication" };
 
     // Policies that can't be deleted nor disabled.
     public final static Hashtable<String, IExpression> DEF_UNDELETABLE_POLICIES =
-        new Hashtable<String, IExpression>();
+            new Hashtable<String, IExpression>();
 
     private String mId = "Policy";
     private Vector<String> mPolicyOrder = new Vector<String>();
@@ -125,9 +123,9 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     }
 
     /**
-     * Returns  the configuration store.
+     * Returns the configuration store.
      * <P>
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -137,24 +135,24 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     /**
      * Initializes the PolicyProcessor
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration of this subsystem
      * @exception EBaseException failed to initialize this Subsystem.
      */
     public synchronized void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         // Debug.trace("GenericPolicyProcessor::init");
         CMS.debug("GenericPolicyProcessor::init begins");
         mAuthority = (IAuthority) owner;
         mConfig = config;
-        mGlobalStore = 
+        mGlobalStore =
                 SubsystemRegistry.getInstance().get("MAIN").getConfigStore();
 
         try {
             IConfigStore configStore = CMS.getConfigStore();
-            String PKI_Subsystem = configStore.getString( "subsystem.0.id",
-                                                          null );
+            String PKI_Subsystem = configStore.getString("subsystem.0.id",
+                                                          null);
 
             // CMS 6.1 began utilizing the "Certificate Profiles" framework
             // instead of the legacy "Certificate Policies" framework.
@@ -167,31 +165,31 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             // NOTE:  The "Certificate Policies" framework ONLY applied to
             //        to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems.
             //
-            if( PKI_Subsystem.trim().equalsIgnoreCase( "ca" ) ||
-                PKI_Subsystem.trim().equalsIgnoreCase( "kra" ) ) {
+            if (PKI_Subsystem.trim().equalsIgnoreCase("ca") ||
+                    PKI_Subsystem.trim().equalsIgnoreCase("kra")) {
                 String policyStatus = PKI_Subsystem.trim().toLowerCase()
                                     + "." + "Policy"
                                     + "." + IPolicyProcessor.PROP_ENABLE;
 
-                if( configStore.getBoolean( policyStatus, true ) == true ) {
+                if (configStore.getBoolean(policyStatus, true) == true) {
                     // NOTE:  If "<subsystem>.Policy.enable=<boolean>" is
                     //        missing, then the referenced instance existed
                     //        prior to this name=value pair existing in its
                     //        'CS.cfg' file, and thus we err on the
                     //        side that the user may still need to
                     //        use the policy framework.
-                    CMS.debug( "GenericPolicyProcessor::init Certificate "
+                    CMS.debug("GenericPolicyProcessor::init Certificate "
                              + "Policy Framework (deprecated) "
-                             + "is ENABLED" );
+                             + "is ENABLED");
                 } else {
                     // CS 8.1 Default:  <subsystem>.Policy.enable=false
-                    CMS.debug( "GenericPolicyProcessor::init Certificate "
+                    CMS.debug("GenericPolicyProcessor::init Certificate "
                              + "Policy Framework (deprecated) "
-                             + "is DISABLED" );
+                             + "is DISABLED");
                     return;
                 }
             }
-        } catch( EBaseException e ) {
+        } catch (EBaseException e) {
             throw e;
         }
 
@@ -225,16 +223,16 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_SYSTEM_POLICY_CONFIG_ERROR", clPath));
 
-                // Verify if the class is a valid implementation of
-                // IPolicyRule
+            // Verify if the class is a valid implementation of
+            // IPolicyRule
             try {
                 Object o = Class.forName(clPath).newInstance();
 
                 if (!(o instanceof IEnrollmentPolicy) &&
-                    !(o instanceof IRenewalPolicy) &&
-                    !(o instanceof IRevocationPolicy) &&
-                    !(o instanceof IKeyRecoveryPolicy) &&
-                    !(o instanceof IKeyArchivalPolicy))
+                        !(o instanceof IRenewalPolicy) &&
+                        !(o instanceof IRevocationPolicy) &&
+                        !(o instanceof IKeyRecoveryPolicy) &&
+                        !(o instanceof IKeyArchivalPolicy))
                     throw new EPolicyException(
                             CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_IMPL", clPath));
             } catch (EBaseException e) {
@@ -247,7 +245,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
 
             // Register the implementation.
             RegisteredPolicy regPolicy =
-                new RegisteredPolicy(id, clPath);
+                    new RegisteredPolicy(id, clPath);
 
             mImplTable.put(id, regPolicy);
         }
@@ -291,7 +289,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             String enabledStr = c.getString(PROP_ENABLE, null);
 
             if (enabledStr == null || enabledStr.trim().length() == 0 ||
-                enabledStr.trim().equalsIgnoreCase("true"))
+                    enabledStr.trim().equalsIgnoreCase("true"))
                 enabled = true;
             else
                 enabled = false;
@@ -304,15 +302,15 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
 
             // Make an instance of the specified policy.
             RegisteredPolicy regPolicy =
-                (RegisteredPolicy) mImplTable.get(implName);
+                    (RegisteredPolicy) mImplTable.get(implName);
 
             if (regPolicy == null) {
-                String[] params = {implName, instanceName};
+                String[] params = { implName, instanceName };
 
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_IMPL_NOT_FOUND", params));
             }
-            
+
             String classpath = regPolicy.getClassPath();
 
             try {
@@ -332,8 +330,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             if (rule == null)
                 continue;
 
-                // Read the predicate expression if any associated
-                // with the rule
+            // Read the predicate expression if any associated
+            // with the rule
             String exp = c.getString(GenericPolicyProcessor.PROP_PREDICATE, null);
 
             if (exp != null)
@@ -345,13 +343,13 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
 
             // Add the rule to the instance table
             mInstanceTable.put(instanceName,
-                new PolicyInstance(instanceName, implName, rule, enabled));
+                    new PolicyInstance(instanceName, implName, rule, enabled));
 
             if (!enabled)
                 continue;
 
-                // Add the rule to the policy set according to category if a
-                // rule is enabled.
+            // Add the rule to the policy set according to category if a
+            // rule is enabled.
             addRule(instanceName, rule);
         }
 
@@ -372,8 +370,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
 
     /**
      * Apply policies on the given request.
-     *
-     * @param IRequest  The given request
+     * 
+     * @param IRequest The given request
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -390,11 +388,11 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             return PolicyResult.ACCEPTED;
         }
         if (isProfileRequest(req)) {
-            Debug.trace("GenericPolicyProcessor: Profile-base Request " + 
-                req.getRequestId().toString());
+            Debug.trace("GenericPolicyProcessor: Profile-base Request " +
+                    req.getRequestId().toString());
             return PolicyResult.ACCEPTED;
         }
-        CMS.debug("GenericPolicyProcessor: apply not ProfileRequest. op="+op);
+        CMS.debug("GenericPolicyProcessor: apply not ProfileRequest. op=" + op);
 
         if (op.equalsIgnoreCase(IRequest.ENROLLMENT_REQUEST))
             rules = mEnrollmentRules;
@@ -421,11 +419,11 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             return PolicyResult.ACCEPTED;
 
             /**
-             setError(req, PolicyResources.NO_RULES_CONFIGURED, op);
-             return PolicyResult.REJECTED;
+             * setError(req, PolicyResources.NO_RULES_CONFIGURED, op);
+             * return PolicyResult.REJECTED;
              **/
         }
-        CMS.debug("GenericPolicyProcessor: apply: rules.count="+ rules.count());
+        CMS.debug("GenericPolicyProcessor: apply: rules.count=" + rules.count());
 
         // request must be up to date or can't process it.
         PolicyResult res = PolicyResult.ACCEPTED;
@@ -466,11 +464,11 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         try {
             while (enum1.hasMoreElements()) {
                 RegisteredPolicy regPolicy =
-                    (RegisteredPolicy) enum1.nextElement();
+                        (RegisteredPolicy) enum1.nextElement();
 
                 // Make an Instance of it
                 IPolicyRule ruleImpl = (IPolicyRule)
-                    Class.forName(regPolicy.getClassPath()).newInstance();
+                        Class.forName(regPolicy.getClassPath()).newInstance();
 
                 impls.addElement(ruleImpl);
             }
@@ -489,7 +487,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         try {
             while (enum1.hasMoreElements()) {
                 RegisteredPolicy regPolicy =
-                    (RegisteredPolicy) enum1.nextElement();
+                        (RegisteredPolicy) enum1.nextElement();
 
                 impls.addElement(regPolicy.getId());
 
@@ -503,7 +501,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
 
     public IPolicyRule getPolicyImpl(String id) {
         RegisteredPolicy regImpl = (RegisteredPolicy)
-            mImplTable.get(id);
+                mImplTable.get(id);
 
         if (regImpl == null)
             return null;
@@ -523,7 +521,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
 
         if (rp == null)
             return null;
-        Vector<String>  v = rp.getDefaultParams();
+        Vector<String> v = rp.getDefaultParams();
 
         if (v == null)
             v = new Vector<String>();
@@ -533,16 +531,16 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     }
 
     public void deletePolicyImpl(String id)
-        throws EBaseException {
+            throws EBaseException {
         // First check if the id is valid;
         RegisteredPolicy regPolicy =
-            (RegisteredPolicy) mImplTable.get(id);
+                (RegisteredPolicy) mImplTable.get(id);
 
         if (regPolicy == null)
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_NO_POLICY_IMPL", id));
 
-            // If any instance exists for this impl, can't delete it.
+        // If any instance exists for this impl, can't delete it.
         boolean instanceExist = false;
         Enumeration<PolicyInstance> e = mInstanceTable.elements();
 
@@ -558,12 +556,12 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_ACTIVE_POLICY_RULES_EXIST", id));
 
-            // Else delete the implementation
+        // Else delete the implementation
         mImplTable.remove(id);
-        IConfigStore policyStore = 
-            mGlobalStore.getSubStore(getPolicySubstoreId());
-        IConfigStore implStore = 
-            policyStore.getSubStore(PROP_IMPL);
+        IConfigStore policyStore =
+                mGlobalStore.getSubStore(getPolicySubstoreId());
+        IConfigStore implStore =
+                policyStore.getSubStore(PROP_IMPL);
 
         implStore.removeSubStore(id);
 
@@ -572,7 +570,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             mGlobalStore.commit(true);
         } catch (Exception ex) {
             Debug.printStackTrace(ex);
-            String[] params = {"implementation", id};
+            String[] params = { "implementation", id };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_DELETING_POLICY_ERROR", params));
@@ -580,49 +578,49 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     }
 
     public void addPolicyImpl(String id, String classPath)
-        throws EBaseException {
+            throws EBaseException {
         // See if the id is unique
         if (mImplTable.containsKey(id))
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_DUPLICATE_IMPL_ID", id));
 
-            // See if the classPath is ok
+        // See if the classPath is ok
         Object impl = null;
 
         try {
             impl = Class.forName(classPath).newInstance();
-        }catch (Exception e) {
+        } catch (Exception e) {
             throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_NO_POLICY_IMPL",
                         id));
         }
 
         // Does the class implement one of the four interfaces?
         if (!(impl instanceof IEnrollmentPolicy) &&
-            !(impl instanceof IRenewalPolicy) &&
-            !(impl instanceof IRevocationPolicy) &&
-            !(impl instanceof IKeyRecoveryPolicy) &&
-            !(impl instanceof IKeyArchivalPolicy))
+                !(impl instanceof IRenewalPolicy) &&
+                !(impl instanceof IRevocationPolicy) &&
+                !(impl instanceof IKeyRecoveryPolicy) &&
+                !(impl instanceof IKeyArchivalPolicy))
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_IMPL", classPath));
 
-            // Add the implementation to the registry
+        // Add the implementation to the registry
         RegisteredPolicy regPolicy =
-            new RegisteredPolicy(id, classPath);
+                new RegisteredPolicy(id, classPath);
 
         mImplTable.put(id, regPolicy);
 
         // Store the impl in the configuration.
-        IConfigStore policyStore = 
-            mGlobalStore.getSubStore(getPolicySubstoreId());
-        IConfigStore implStore = 
-            policyStore.getSubStore(PROP_IMPL);
+        IConfigStore policyStore =
+                mGlobalStore.getSubStore(getPolicySubstoreId());
+        IConfigStore implStore =
+                policyStore.getSubStore(PROP_IMPL);
         IConfigStore newStore = implStore.makeSubStore(id);
 
         newStore.put(PROP_CLASS, classPath);
         try {
             mGlobalStore.commit(true);
         } catch (Exception e) {
-            String[] params = {"implementation", id};
+            String[] params = { "implementation", id };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_ADDING_POLICY_ERROR", params));
@@ -637,7 +635,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         try {
             while (enum1.hasMoreElements()) {
                 PolicyInstance instance =
-                    (PolicyInstance) mInstanceTable.get((String) enum1.nextElement());
+                        (PolicyInstance) mInstanceTable.get((String) enum1.nextElement());
 
                 rules.addElement(instance.getRule());
 
@@ -669,14 +667,14 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
 
     public IPolicyRule getPolicyInstance(String id) {
         PolicyInstance policyInstance = (PolicyInstance)
-            mInstanceTable.get(id);
+                mInstanceTable.get(id);
 
         return (policyInstance == null) ? null : policyInstance.getRule();
     }
 
     public Vector<String> getPolicyInstanceConfig(String id) {
         PolicyInstance policyInstance = (PolicyInstance)
-            mInstanceTable.get(id);
+                mInstanceTable.get(id);
 
         if (policyInstance == null)
             return null;
@@ -695,24 +693,24 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     }
 
     public void deletePolicyInstance(String id)
-        throws EBaseException {
+            throws EBaseException {
         // If the rule is a persistent rule, we can't delete it.
         if (mUndeletablePolicies.containsKey(id))
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_CANT_DELETE_PERSISTENT_POLICY", id));
 
-            // First check if the instance is present.
+        // First check if the instance is present.
         PolicyInstance instance =
-            (PolicyInstance) mInstanceTable.get(id);
+                (PolicyInstance) mInstanceTable.get(id);
 
         if (instance == null)
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_INSTANCE", id));
 
         IConfigStore policyStore =
-            mGlobalStore.getSubStore(getPolicySubstoreId());
-        IConfigStore instanceStore = 
-            policyStore.getSubStore(PROP_RULE);
+                mGlobalStore.getSubStore(getPolicySubstoreId());
+        IConfigStore instanceStore =
+                policyStore.getSubStore(PROP_RULE);
 
         instanceStore.removeSubStore(id);
 
@@ -732,7 +730,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             mPolicyOrder.insertElementAt(id, index);
 
             Debug.printStackTrace(e);
-            String[] params = {"instance", id};
+            String[] params = { "instance", id };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_DELETING_POLICY_ERROR", params));
@@ -751,17 +749,17 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         if (rule instanceof IKeyArchivalPolicy)
             mKeyArchivalRules.removeRule(id);
 
-            // Delete the instance
+        // Delete the instance
         mInstanceTable.remove(id);
     }
 
     public void addPolicyInstance(String id, Hashtable<String, String> ht)
-        throws EBaseException {
+            throws EBaseException {
         // The instance id should be unique
         if (getPolicyInstance(id) != null)
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_DUPLICATE_INST_ID", id));
-            // There should be an implmentation for this rule.
+        // There should be an implmentation for this rule.
         String implName = (String) ht.get(IPolicyRule.PROP_IMPLNAME);
 
         // See if there is an implementation with this name.
@@ -771,23 +769,23 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_NO_POLICY_IMPL", implName));
 
-            // Prepare config file entries.
-        IConfigStore policyStore = 
-            mGlobalStore.getSubStore(getPolicySubstoreId());
-        IConfigStore instanceStore = 
-            policyStore.getSubStore(PROP_RULE);
+        // Prepare config file entries.
+        IConfigStore policyStore =
+                mGlobalStore.getSubStore(getPolicySubstoreId());
+        IConfigStore instanceStore =
+                policyStore.getSubStore(PROP_RULE);
         IConfigStore newStore = instanceStore.makeSubStore(id);
 
         for (Enumeration<String> keys = ht.keys(); keys.hasMoreElements();) {
             String key = keys.nextElement();
-            String val =  ht.get(key);
+            String val = ht.get(key);
 
             newStore.put(key, val);
         }
 
         // Set the order string.
         policyStore.put(PROP_ORDER,
-            getRuleOrderString(mPolicyOrder, id));
+                getRuleOrderString(mPolicyOrder, id));
 
         // Try to initialize this rule.
         rule.init(this, newStore);
@@ -797,10 +795,10 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         boolean active = false;
 
         if (enabledStr == null || enabledStr.trim().length() == 0 ||
-            enabledStr.equalsIgnoreCase("true"))
+                enabledStr.equalsIgnoreCase("true"))
             active = true;
 
-            // Set the predicate if any present on the rule.
+        // Set the predicate if any present on the rule.
         String predicate = ((String) ht.get(IPolicyRule.PROP_PREDICATE)).trim();
         IExpression exp = null;
 
@@ -812,7 +810,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         try {
             mGlobalStore.commit(true);
         } catch (Exception e) {
-            String[] params = {"instance", id};
+            String[] params = { "instance", id };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_ADDING_POLICY_ERROR", params));
@@ -835,10 +833,10 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     }
 
     public void modifyPolicyInstance(String id, Hashtable<String, String> ht)
-        throws EBaseException {
+            throws EBaseException {
         // The instance id should be there already
         PolicyInstance policyInstance = (PolicyInstance)
-            mInstanceTable.get(id);
+                mInstanceTable.get(id);
 
         if (policyInstance == null)
             throw new EPolicyException(
@@ -851,38 +849,38 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         if (!implId.equals(policyInstance.getImplId()))
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_IMPLCHANGE_ERROR", id));
-					
-            // Make a new rule instance
+
+        // Make a new rule instance
         IPolicyRule newRule = getPolicyImpl(implId);
 
         if (newRule == null) // Can't happen, but just in case..
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_IMPL", implId));
-			
-            // Try to init this rule.
-        IConfigStore policyStore = 
-            mGlobalStore.getSubStore(getPolicySubstoreId());
-        IConfigStore instanceStore = 
-            policyStore.getSubStore(PROP_RULE);
+
+        // Try to init this rule.
+        IConfigStore policyStore =
+                mGlobalStore.getSubStore(getPolicySubstoreId());
+        IConfigStore instanceStore =
+                policyStore.getSubStore(PROP_RULE);
         IConfigStore oldStore = instanceStore.getSubStore(id);
         IConfigStore newStore = new PropConfigStore(id);
-			
+
         // See if the rule is disabled.
         String enabledStr = (String) ht.get(IPolicyRule.PROP_ENABLE);
         boolean active = false;
 
         if (enabledStr == null || enabledStr.trim().length() == 0 ||
-            enabledStr.equalsIgnoreCase("true"))
+                enabledStr.equalsIgnoreCase("true"))
             active = true;
 
-            // Set the predicate expression.
+        // Set the predicate expression.
         String predicate = ((String) ht.get(IPolicyRule.PROP_PREDICATE)).trim();
         IExpression exp = null;
 
         if (predicate.trim().length() > 0)
             exp = PolicyPredicateParser.parse(predicate.trim());
 
-            // See if this a persistent rule.
+        // See if this a persistent rule.
         if (mUndeletablePolicies.containsKey(id)) {
             // A persistent rule can't be disabled.
             if (!active) {
@@ -891,24 +889,24 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             }
 
             IExpression defPred = (IExpression)
-                mUndeletablePolicies.get(id);
+                    mUndeletablePolicies.get(id);
 
             if (defPred == SimpleExpression.NULL_EXPRESSION)
                 defPred = null;
             if (exp == null && defPred != null) {
-                String[] params = {id, defPred.toString(),
+                String[] params = { id, defPred.toString(),
                         "null" };
 
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_MISCONFIG", params));
             } else if (exp != null && defPred == null) {
-                String[] params = {id, "null", exp.toString()};
+                String[] params = { id, "null", exp.toString() };
 
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_MISCONFIG", params));
             } else if (exp != null && defPred != null) {
                 if (!defPred.toString().equals(exp.toString())) {
-                    String[] params = {id, defPred.toString(),
+                    String[] params = { id, defPred.toString(),
                             exp.toString() };
 
                     throw new EPolicyException(
@@ -921,8 +919,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         ht.put(IPolicyRule.PROP_ENABLE, String.valueOf(active));
 
         // put old config store parameters first. 
-        for (Enumeration<String> oldkeys = oldStore.keys();
-            oldkeys.hasMoreElements();) {
+        for (Enumeration<String> oldkeys = oldStore.keys(); oldkeys.hasMoreElements();) {
             String k = (String) oldkeys.nextElement();
             String v = (String) oldStore.getString(k);
 
@@ -930,15 +927,14 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         }
 
         // put modified params.
-        for (Enumeration<String> newkeys = ht.keys();
-            newkeys.hasMoreElements();) {
+        for (Enumeration<String> newkeys = ht.keys(); newkeys.hasMoreElements();) {
             String k = (String) newkeys.nextElement();
             String v = (String) ht.get(k);
 
             Debug.trace("newstore key " + k + "=" + v);
             if (v != null) {
                 if (!k.equals(Constants.OP_TYPE) && !k.equals(Constants.OP_SCOPE) &&
-                    !k.equals(Constants.RS_ID) && !k.equals("RULENAME")) {
+                        !k.equals(Constants.RS_ID) && !k.equals("RULENAME")) {
                     Debug.trace("newstore.put(" + k + "=" + v + ")");
                     newStore.put(k, v);
                 }
@@ -956,10 +952,9 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
          }
          */
 
-
         // Try to initialize this rule.
         newRule.init(this, newStore);
-			
+
         // If we are successfully initialized, replace the rule 
         // instance
         policyInstance.setRule(newRule);
@@ -969,21 +964,21 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         if (exp != null)
             newRule.setPredicate(exp);
 
-            // Store the changes in the file.
+        // Store the changes in the file.
         try {
             for (Enumeration<String> e = newStore.keys(); e.hasMoreElements();) {
                 String key = (String) e.nextElement();
 
                 if (key != null) {
                     Debug.trace(
-                        "oldstore.put(" + key + "," +
-                        (String) newStore.getString(key) + ")");
+                            "oldstore.put(" + key + "," +
+                                    (String) newStore.getString(key) + ")");
                     oldStore.put(key, (String) newStore.getString(key));
                 }
             }
             mGlobalStore.commit(true);
         } catch (Exception e) {
-            String[] params = {"instance", id};
+            String[] params = { "instance", id };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_ADDING_POLICY_ERROR", params));
@@ -1018,8 +1013,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     }
 
     public synchronized void changePolicyInstanceOrdering(
-        String policyOrderStr)
-        throws EBaseException {
+            String policyOrderStr)
+            throws EBaseException {
         Vector<String> policyOrder = new Vector<String>();
         StringTokenizer tokens = new StringTokenizer(policyOrderStr, ",");
 
@@ -1053,9 +1048,9 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
                 String defRuleName = mSystemDefaults[i].substring(
                         mSystemDefaults[i].lastIndexOf('.') + 1);
                 IPolicyRule defRule = (IPolicyRule)
-                    Class.forName(mSystemDefaults[i]).newInstance();
-                IConfigStore ruleConfig = 
-                    mConfig.getSubStore(PROP_DEF_POLICIES + "." + defRuleName);
+                        Class.forName(mSystemDefaults[i]).newInstance();
+                IConfigStore ruleConfig =
+                        mConfig.getSubStore(PROP_DEF_POLICIES + "." + defRuleName);
 
                 defRule.init(this, ruleConfig);
                 if (defRule instanceof IEnrollmentPolicy)
@@ -1072,7 +1067,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             }
         } catch (Throwable e) {
             Debug.printStackTrace(e);
-            EBaseException ex = new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", 
+            EBaseException ex = new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
                         "Cannot create default policy rule. Error: " + e.getMessage()));
 
             mAuthority.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_POLICY_DEF_CREATE", e.toString()));
@@ -1080,17 +1075,16 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         }
 
         // add rules specified in the new order.
-        for (Enumeration<String> enum1 = policyOrder.elements();
-            enum1.hasMoreElements();) {
+        for (Enumeration<String> enum1 = policyOrder.elements(); enum1.hasMoreElements();) {
             String instanceName = (String) enum1.nextElement();
             PolicyInstance pInstance = (PolicyInstance)
-                mInstanceTable.get(instanceName);
-				
+                    mInstanceTable.get(instanceName);
+
             if (!pInstance.isActive())
                 continue;
 
-                // Add the rule to the policy set according to category if a
-                // rule is enabled.
+            // Add the rule to the policy set according to category if a
+            // rule is enabled.
             IPolicyRule rule = pInstance.getRule();
 
             if (rule instanceof IEnrollmentPolicy)
@@ -1114,8 +1108,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         mPolicyOrder = policyOrder;
 
         // Now change the ordering in the config file.
-        IConfigStore policyStore = 
-            mGlobalStore.getSubStore(getPolicySubstoreId());
+        IConfigStore policyStore =
+                mGlobalStore.getSubStore(getPolicySubstoreId());
 
         policyStore.put(PROP_ORDER, policyOrderStr);
 
@@ -1165,24 +1159,24 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     /**
      * Initializes the default system policies. Currently there is only
      * one policy - ManualAuthentication. More may be added later on.
-     *
+     * 
      * The default policies may be disabled - for example to over-ride
      * agent approval for testing the system by setting the following
      * property in the config file:
      * 
-     *	<subsystemId>.Policy.systemPolicies.enable=false
+     * <subsystemId>.Policy.systemPolicies.enable=false
+     * 
+     * By default the value for this property is true.
      * 
-     *  By default the value for this property is true.
-     *
-     * Users can over-ride the default system policies by listing their 
+     * Users can over-ride the default system policies by listing their
      * 'custom' system policies under the following property:
      * 
-     *	<subsystemId>.Policy.systemPolicies=<system policy1 class path>,
-     *		<system policy2 class path>
-     *
+     * <subsystemId>.Policy.systemPolicies=<system policy1 class path>,
+     * <system policy2 class path>
+     * 
      * There can only be one instance of the system policy in the system
-     * and will apply to all requests, and hence predicates are not used 
-     * for a system policy.  Due to the same reason, these properties are 
+     * and will apply to all requests, and hence predicates are not used
+     * for a system policy. Due to the same reason, these properties are
      * not configurable using the Console.
      * 
      * A System policy may read config properties from a subtree under
@@ -1190,10 +1184,10 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
      * ra.Policy.systemPolicies.ManualAuthentication.param1=value
      */
     private void initSystemPolicies(IConfigStore mConfig)
-        throws EBaseException {
+            throws EBaseException {
         // If system policies are disabled, return. No Deferral of
         // requests may be done.
-        String enable = mConfig.getString(PROP_DEF_POLICIES + "." + 
+        String enable = mConfig.getString(PROP_DEF_POLICIES + "." +
                 PROP_ENABLE, "true").trim();
 
         if (enable.equalsIgnoreCase("false")) {
@@ -1202,17 +1196,17 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         }
 
         // Load default policies that are always present.
-        String configuredDefaults = mConfig.getString(PROP_DEF_POLICIES, 
+        String configuredDefaults = mConfig.getString(PROP_DEF_POLICIES,
                 null);
 
-        if (configuredDefaults == null || 
-            configuredDefaults.trim().length() == 0)
+        if (configuredDefaults == null ||
+                configuredDefaults.trim().length() == 0)
             mSystemDefaults = DEF_POLICIES;
         else {
             Vector<String> rules = new Vector<String>();
-            StringTokenizer tokenizer = new 
-                StringTokenizer(configuredDefaults.trim(), ",");
-	
+            StringTokenizer tokenizer = new
+                    StringTokenizer(configuredDefaults.trim(), ",");
+
             while (tokenizer.hasMoreTokens()) {
                 String rule = tokenizer.nextToken().trim();
 
@@ -1221,10 +1215,10 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             if (rules.size() > 0) {
                 mSystemDefaults = new String[rules.size()];
                 rules.copyInto(mSystemDefaults);
-            } else 
+            } else
                 mSystemDefaults = DEF_POLICIES;
         }
-	
+
         // Now Initialize the rules. These defaults have only one 
         // instance and the rule name is the name of the class itself.
         // Any configuration parameters required could be read from
@@ -1239,16 +1233,16 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
                 Object o = Class.forName(mSystemDefaults[i]).newInstance();
 
                 if (!(o instanceof IEnrollmentPolicy) &&
-                    !(o instanceof IRenewalPolicy) &&
-                    !(o instanceof IRevocationPolicy) &&
-                    !(o instanceof IKeyRecoveryPolicy) &&
-                    !(o instanceof IKeyArchivalPolicy))
+                        !(o instanceof IRenewalPolicy) &&
+                        !(o instanceof IRevocationPolicy) &&
+                        !(o instanceof IKeyRecoveryPolicy) &&
+                        !(o instanceof IKeyArchivalPolicy))
                     throw new EPolicyException(
                             CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_IMPL",
-                                mSystemDefaults[i]));
-	
+                                    mSystemDefaults[i]));
+
                 IPolicyRule rule = (IPolicyRule) o;
-	
+
                 // Initialize the rule.
                 ruleName = mSystemDefaults[i].substring(
                             mSystemDefaults[i].lastIndexOf('.') + 1);
@@ -1256,14 +1250,14 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
                         PROP_DEF_POLICIES + "." + ruleName);
 
                 rule.init(this, ruleConfig);
-	
+
                 // Add the rule to the appropriate PolicySet.
                 addRule(ruleName, rule);
             } catch (EBaseException e) {
                 throw e;
             } catch (Exception e) {
                 Debug.printStackTrace(e);
-                throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_NO_POLICY_IMPL", 
+                throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_NO_POLICY_IMPL",
                             ruleName));
             }
         }
@@ -1271,101 +1265,101 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
 
     /**
      * Read list of undeletable policies if any configured in the
-     * system. 
-     *
+     * system.
+     * 
      * These are required to protect the system from being misconfigured
      * to the point that the requests wouldn't serialize or certain
-     * fields in the certificate(s) being checked will go unchecked 
+     * fields in the certificate(s) being checked will go unchecked
      * ..etc.
-     *
-     * For now the following policies are undeletable: 
-     *
-     *	DirAuthRule:	This is a default DirectoryAuthentication policy
-     *					for user certificates that interprets directory
-     *					credentials. The presence of this policy is needed
-     *					if the OOTB DirectoryAuthentication-based automatic
-     *					certificate issuance is supported.
-     *
-     *	DefaultUserNameRule: This policy verifies/sets subjectDn for user
-     *						 certificates.
-     *
-     *	DefaultServerNameRule: This policy verifies/sets subjectDn for 
-     *							server certificates.
-     *
-     *	DefaultValidityRule:	Verifies/sets validty for all certificates.
-     *
-     *	DefaultRenewalValidityRule: Verifies/sets validity for certs being
-     *							renewed.
-     *
-     *  The 'undeletables' cannot be deleted from the config file, nor
-     *	can the be disabled. If any predicates are associated with them
-     *	the predicates can't be changed either. But, other config parameters
-     *	such as maxValidity, renewalInterval ..etc can be changed to suit 
-     *	local policy requirements.
-     *
-     *  During start up the policy processor will verify if the undeletables
-     *	are present, and that they are enabled and that their predicates are
-     *	not changed.
-     *
-     *  The rules mentioned above are currently hard coded. If these need to
-     *  read from the config file, the 'undeletables' can be configured as
-     *  as follows:
-     *
-     *	<subsystemId>.Policy.undeletablePolicies=<comma separated rule names>
-     *	Example:
-     *	ra.Policy.undeletablePolicies=DirAuthRule, DefaultUserNameRule, DefaultServerNameRule, DefaultValidityRule, DefaultRenewalValidityRule
-     *
-     *  The predicates if any associated with them may be configured as
-     *  follows:
-     *		<subsystemId>.Policy.undeletablePolicies.DirAuthRule.predicate= certType == client.
-     *
-     *		where subsystemId is ra or ca.
-     *
+     * 
+     * For now the following policies are undeletable:
+     * 
+     * DirAuthRule: This is a default DirectoryAuthentication policy
+     * for user certificates that interprets directory
+     * credentials. The presence of this policy is needed
+     * if the OOTB DirectoryAuthentication-based automatic
+     * certificate issuance is supported.
+     * 
+     * DefaultUserNameRule: This policy verifies/sets subjectDn for user
+     * certificates.
+     * 
+     * DefaultServerNameRule: This policy verifies/sets subjectDn for
+     * server certificates.
+     * 
+     * DefaultValidityRule: Verifies/sets validty for all certificates.
+     * 
+     * DefaultRenewalValidityRule: Verifies/sets validity for certs being
+     * renewed.
+     * 
+     * The 'undeletables' cannot be deleted from the config file, nor
+     * can the be disabled. If any predicates are associated with them
+     * the predicates can't be changed either. But, other config parameters
+     * such as maxValidity, renewalInterval ..etc can be changed to suit
+     * local policy requirements.
+     * 
+     * During start up the policy processor will verify if the undeletables
+     * are present, and that they are enabled and that their predicates are
+     * not changed.
+     * 
+     * The rules mentioned above are currently hard coded. If these need to
+     * read from the config file, the 'undeletables' can be configured as
+     * as follows:
+     * 
+     * <subsystemId>.Policy.undeletablePolicies=<comma separated rule names>
+     * Example:
+     * ra.Policy.undeletablePolicies=DirAuthRule, DefaultUserNameRule, DefaultServerNameRule, DefaultValidityRule, DefaultRenewalValidityRule
+     * 
+     * The predicates if any associated with them may be configured as
+     * follows:
+     * <subsystemId>.Policy.undeletablePolicies.DirAuthRule.predicate= certType == client.
+     * 
+     * where subsystemId is ra or ca.
+     * 
      * If the undeletables are configured in the file,the configured entries
-     * take precedence over the hardcoded ones in this file. If you are 
-     * configuring them in the file, please remember to configure the 
+     * take precedence over the hardcoded ones in this file. If you are
+     * configuring them in the file, please remember to configure the
      * predicates if applicable.
-     *
+     * 
      * During policy configuration from MCC, the policy processor will not
-     * let you delete an 'undeletable', nor will it let you disable it. 
+     * let you delete an 'undeletable', nor will it let you disable it.
      * You will not be able to change the predicate either. Other parameters
      * can be configured as needed.
-     *
-     * If a particular rule needs to be removed from the 'undeletables', 
+     * 
+     * If a particular rule needs to be removed from the 'undeletables',
      * either remove it from the hard coded list above, or configure the
-     * rules required rules only via the config file. The former needs 
+     * rules required rules only via the config file. The former needs
      * recompilation of the source. The later is flexible to be able to
      * make any rule an 'undeletable' or nor an 'undeletable'.
-     *
-     * Example: We want to use only manual forms for enrollment. 
+     * 
+     * Example: We want to use only manual forms for enrollment.
      * We do n't need to burn in DirAuthRule. We need to configure all
      * other rules except the DirAuthRule as follows:
-     *
-     *	ra.Policy.undeletablePolicies = DefaultUserNameRule, DefaultServerNameRule, DefaultValidityRule, DefaultRenewalValidityRule
-     *
+     * 
+     * ra.Policy.undeletablePolicies = DefaultUserNameRule, DefaultServerNameRule, DefaultValidityRule, DefaultRenewalValidityRule
+     * 
      * The following predicates are necessary:
-     *
-     *	ra.Policy.undeletablePolicies.DefaultUserNameRule.predicate = certType == client
-     *	ra.Policy.undeletablePolicies.DefaultServerNameRule.predicate = certType == server
-     *
-     *	The other two rules do not have any predicates.
+     * 
+     * ra.Policy.undeletablePolicies.DefaultUserNameRule.predicate = certType == client
+     * ra.Policy.undeletablePolicies.DefaultServerNameRule.predicate = certType == server
+     * 
+     * The other two rules do not have any predicates.
      */
     private void initUndeletablePolicies(IConfigStore mConfig)
-        throws EBaseException {
+            throws EBaseException {
         // Read undeletable policies if any configured.
-        String configuredUndeletables = 
-            mConfig.getString(PROP_UNDELETABLE_POLICIES, null);
+        String configuredUndeletables =
+                mConfig.getString(PROP_UNDELETABLE_POLICIES, null);
 
-        if (configuredUndeletables == null || 
-            configuredUndeletables.trim().length() == 0) {
+        if (configuredUndeletables == null ||
+                configuredUndeletables.trim().length() == 0) {
             mUndeletablePolicies = DEF_UNDELETABLE_POLICIES;
             return;
         }
 
         Vector<String> rules = new Vector<String>();
-        StringTokenizer tokenizer = new 
-            StringTokenizer(configuredUndeletables.trim(), ",");
-	
+        StringTokenizer tokenizer = new
+                StringTokenizer(configuredUndeletables.trim(), ",");
+
         while (tokenizer.hasMoreTokens()) {
             String rule = tokenizer.nextToken().trim();
 
@@ -1382,13 +1376,13 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         mUndeletablePolicies = new Hashtable<String, IExpression>();
         for (Enumeration<String> e = rules.elements(); e.hasMoreElements();) {
             String urn = (String) e.nextElement();
-			
+
             // See if there is predicate in the file
             String pred = mConfig.getString(PROP_UNDELETABLE_POLICIES +
                     "." + urn + "." + PROP_PREDICATE, null);
-			
+
             IExpression exp = SimpleExpression.NULL_EXPRESSION;
-			
+
             if (pred != null)
                 exp = PolicyPredicateParser.parse(pred);
             mUndeletablePolicies.put(urn, exp);
@@ -1423,12 +1417,11 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     }
 
     private void verifyDefaultPolicyConfig()
-        throws EPolicyException {
+            throws EPolicyException {
         // For each policy in undeletable list make sure that
         // the policy is present, is not disabled and its predicate
         // is not tampered with.
-        for (Enumeration<String> e = mUndeletablePolicies.keys();
-            e.hasMoreElements();) {
+        for (Enumeration<String> e = mUndeletablePolicies.keys(); e.hasMoreElements();) {
             String urn = (String) e.nextElement();
 
             // See if the rule is in the instance table.
@@ -1438,14 +1431,14 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_MISSING_PERSISTENT_RULE", urn));
 
-                // See if the instance is disabled.
+            // See if the instance is disabled.
             if (!inst.isActive())
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_INACTIVE", urn));
 
-                // See if the predicated is misconfigured.
+            // See if the predicated is misconfigured.
             IExpression defPred = (IExpression)
-                mUndeletablePolicies.get(urn);
+                    mUndeletablePolicies.get(urn);
 
             // We used SimpleExpression.NULL_EXPRESSION to indicate a null.
             if (defPred == SimpleExpression.NULL_EXPRESSION)
@@ -1453,19 +1446,19 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             IExpression confPred = inst.getRule().getPredicate();
 
             if (defPred == null && confPred != null) {
-                String[] params = {urn, "null", confPred.toString()};
+                String[] params = { urn, "null", confPred.toString() };
 
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_MISCONFIG", params));
             } else if (defPred != null && confPred == null) {
-                String[] params = {urn, defPred.toString(), "null"};
+                String[] params = { urn, defPred.toString(), "null" };
 
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_MISCONFIG", params));
             } else if (defPred != null && confPred != null) {
                 if (!defPred.toString().equals(confPred.toString())) {
-                    String[] params = {urn, defPred.toString(), 
-                            confPred.toString()};
+                    String[] params = { urn, defPred.toString(),
+                            confPred.toString() };
 
                     throw new EPolicyException(
                             CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_MISCONFIG", params));
@@ -1475,31 +1468,29 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     }
 }
 
-
 /**
  * Class to keep track of various configurable implementations.
  */
 class RegisteredPolicy {
     String mId;
     String mClPath;
-    public RegisteredPolicy (String id, String clPath) {
+
+    public RegisteredPolicy(String id, String clPath) {
         if (id == null || clPath == null)
-            throw new 
-                AssertionException("Policy id or classpath can't be null");
+            throw new AssertionException("Policy id or classpath can't be null");
         mId = id;
         mClPath = clPath;
     }
-	
+
     public String getClassPath() {
         return mClPath;
     }
-	
+
     public String getId() {
         return mId;
     }
 }
 
-
 class PolicyInstance {
     String mInstanceId;
     String mImplId;
@@ -1507,7 +1498,7 @@ class PolicyInstance {
     boolean mIsEnabled;
 
     public PolicyInstance(String instanceId, String implId,
-        IPolicyRule rule, boolean isEnabled) {
+            IPolicyRule rule, boolean isEnabled) {
         mInstanceId = instanceId;
         mImplId = implId;
         mRule = rule;
@@ -1543,9 +1534,8 @@ class PolicyInstance {
     public void setActive(boolean stat) {
         mIsEnabled = stat;
     }
-	
+
     public void setRule(IPolicyRule newRule) {
         mRule = newRule;
     }
-}    
-
+}
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/JavaScriptRequestProxy.java b/pki/base/common/src/com/netscape/cmscore/policy/JavaScriptRequestProxy.java
index fde12d04..e9a7371d 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/JavaScriptRequestProxy.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/JavaScriptRequestProxy.java
@@ -17,14 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.policy;
 
-
 import com.netscape.certsrv.policy.IPolicyRule;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 
-
 public class JavaScriptRequestProxy {
     IRequest req;
+
     public JavaScriptRequestProxy(IRequest r) {
         req = r;
     }
@@ -42,4 +41,3 @@ public class JavaScriptRequestProxy {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/OrExpression.java b/pki/base/common/src/com/netscape/cmscore/policy/OrExpression.java
index f1bb6457..ec461fb9 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/OrExpression.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/OrExpression.java
@@ -17,38 +17,38 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.policy;
 
-
 import com.netscape.certsrv.policy.EPolicyException;
 import com.netscape.certsrv.policy.IExpression;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class represents an Or expression of the form
  * (var1 op val1 OR var2 op val2).
- *
+ * 
  * Expressions are used as predicates for policy selection.
- *
+ * 
  * @author kanda
  * @version $Revision$, $Date$
  */
 public class OrExpression implements IExpression {
     private IExpression mExp1;
     private IExpression mExp2;
+
     public OrExpression(IExpression exp1, IExpression exp2) {
         mExp1 = exp1;
         mExp2 = exp2;
     }
 
     public boolean evaluate(IRequest req)
-        throws EPolicyException {
+            throws EPolicyException {
         if (mExp1 == null && mExp2 == null)
             return true;
         else if (mExp1 != null && mExp2 != null)
             return mExp1.evaluate(req) || mExp2.evaluate(req);
         else if (mExp1 != null && mExp2 == null)
             return mExp1.evaluate(req);
-        else // (mExp1 == null && mExp2 != null)
+        else
+            // (mExp1 == null && mExp2 != null)
             return mExp2.evaluate(req);
     }
 
@@ -59,7 +59,8 @@ public class OrExpression implements IExpression {
             return mExp1.toString() + " OR " + mExp2.toString();
         else if (mExp1 != null && mExp2 == null)
             return mExp1.toString();
-        else // (mExp1 == null && mExp2 != null)
+        else
+            // (mExp1 == null && mExp2 != null)
             return mExp2.toString();
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/PolicyPredicateParser.java b/pki/base/common/src/com/netscape/cmscore/policy/PolicyPredicateParser.java
index 0f00e815..af69e6a8 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/PolicyPredicateParser.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/PolicyPredicateParser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.policy;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -29,19 +28,18 @@ import com.netscape.certsrv.policy.EPolicyException;
 import com.netscape.certsrv.policy.IExpression;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * Default implementation of predicate parser.
- *
+ * 
  * Limitations:
- *
- *	1. Currently parentheses are not suported.
- *	2. Only ==, != <, >, <= and >= operators are supported.
- *	3. The only boolean operators supported are AND and OR. AND takes precedence
- *	   over OR. Example: a AND b OR e OR c AND d
- *					is treated as (a AND b) OR e OR (c AND d)
- *	4. If this is n't adequate, roll your own.
- *
+ * 
+ * 1. Currently parentheses are not suported.
+ * 2. Only ==, != <, >, <= and >= operators are supported.
+ * 3. The only boolean operators supported are AND and OR. AND takes precedence
+ * over OR. Example: a AND b OR e OR c AND d
+ * is treated as (a AND b) OR e OR (c AND d)
+ * 4. If this is n't adequate, roll your own.
+ * 
  * @author kanda
  * @version $Revision$, $Date$
  */
@@ -57,22 +55,22 @@ public class PolicyPredicateParser {
 
     /**
      * Parse the predicate expression and return a vector of expressions.
-     *
-     * @param predicateExp	The predicate expression as read from the config file.
-     * @return expVector	The vector of expressions.
+     * 
+     * @param predicateExp The predicate expression as read from the config file.
+     * @return expVector The vector of expressions.
      */
     public static IExpression parse(String predicateExpression)
-        throws EPolicyException {
-        if (predicateExpression == null || 
-            predicateExpression.length() == 0)
+            throws EPolicyException {
+        if (predicateExpression == null ||
+                predicateExpression.length() == 0)
             return null;
         PredicateTokenizer pt = new PredicateTokenizer(predicateExpression);
 
         if (pt == null || !pt.hasMoreTokens())
             return null;
 
-            // The first token cannot be an operator. We are not dealing with
-            // reverse-polish notation.
+        // The first token cannot be an operator. We are not dealing with
+        // reverse-polish notation.
         String token = pt.nextToken();
         boolean opANDSeen;
         boolean opORSeen;
@@ -92,7 +90,7 @@ public class PolicyPredicateParser {
             int curType = getOP(token);
 
             if ((prevType != EXPRESSION && curType != EXPRESSION) ||
-                (prevType == EXPRESSION && curType == EXPRESSION)) {
+                    (prevType == EXPRESSION && curType == EXPRESSION)) {
                 malformed = true;
                 break;
             }
@@ -123,7 +121,7 @@ public class PolicyPredicateParser {
                 Debug.trace("Malformed expression: " + predicateExpression);
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_BAD_POLICY_EXPRESSION",
-                        predicateExpression));
+                            predicateExpression));
         }
 
         // Form an ORExpression
@@ -135,7 +133,7 @@ public class PolicyPredicateParser {
         if (size == 0)
             return null;
         OrExpression orExp = new
-            OrExpression((IExpression) expSet.elementAt(0), null);
+                OrExpression((IExpression) expSet.elementAt(0), null);
 
         for (int i = 1; i < size; i++)
             orExp = new OrExpression(orExp,
@@ -153,7 +151,7 @@ public class PolicyPredicateParser {
     }
 
     private static IExpression parseExpression(String input)
-        throws EPolicyException {
+            throws EPolicyException {
         // If the expression has multiple parts separated by commas
         // we need to construct an AND expression. Else we will return a
         // simple expression.
@@ -166,8 +164,8 @@ public class PolicyPredicateParser {
 
         while (commaIndex > 0) {
             SimpleExpression exp = (SimpleExpression)
-                SimpleExpression.parse(input.substring(currentIndex,
-                        commaIndex));
+                    SimpleExpression.parse(input.substring(currentIndex,
+                            commaIndex));
 
             expVector.addElement(exp);
             currentIndex = commaIndex + 1;
@@ -175,7 +173,7 @@ public class PolicyPredicateParser {
         }
         if (currentIndex < (input.length() - 1)) {
             SimpleExpression exp = (SimpleExpression)
-                SimpleExpression.parse(input.substring(currentIndex));
+                    SimpleExpression.parse(input.substring(currentIndex));
 
             expVector.addElement(exp);
         }
@@ -194,79 +192,77 @@ public class PolicyPredicateParser {
     public static void main(String[] args) {
 
         /*********
-         IRequest req = new IRequest();
-         try
-         {
-         req.set("ou", "people");
-         req.set("cn", "John Doe");
-         req.set("uid", "jdoes");
-         req.set("o", "airius.com");
-         req.set("certtype", "client");
-         req.set("request", "issuance");
-         req.set("id", new Integer(10));
-         req.set("dualcerts", new Boolean(true));
-
-         Vector v = new Vector();
-         v.addElement("one");
-         v.addElement("two");
-         v.addElement("three");
-         req.set("count", v);
-         }
-         catch (Exception e){e.printStackTrace();}
-         String[] array = { "ou == people AND certtype == client",
-         "ou == servergroup AND certtype == server",
-         "uid == jdoes, ou==people, o==airius.com OR ou == people AND certType == client OR certType == server AND cn == needles.mcom.com",
-         };
-         for (int i = 0; i < array.length; i++)
-         {
-         System.out.println();
-         System.out.println("String: " + array[i]);
-         IExpression exp = null;
-         try
-         {
-         exp = parse(array[i]);
-         if (exp != null)
-         {
-         System.out.println("Parsed Expression: " + exp);
-         boolean result = exp.evaluate(req);
-         System.out.println("Result: " + result);
-         }
-         }
-         catch (Exception e) {e.printStackTrace(); }
-         }
-
-
-         try
-         {
-         BufferedReader rdr = new BufferedReader(
-         new FileReader(args[0]));
-         String line;
-         while((line=rdr.readLine()) != null)
-         {
-         System.out.println();
-         System.out.println("Line Read: " + line);
-         IExpression exp = null;
-         try
-         {
-         exp = parse(line);
-         if (exp != null)
-         {
-         System.out.println(exp);
-         boolean result = exp.evaluate(req);
-         System.out.println("Result: " + result);
-         }
-
-         }catch (Exception e){e.printStackTrace();}
-         }
-         }
-         catch (Exception e){e.printStackTrace(); }
-
+         * IRequest req = new IRequest();
+         * try
+         * {
+         * req.set("ou", "people");
+         * req.set("cn", "John Doe");
+         * req.set("uid", "jdoes");
+         * req.set("o", "airius.com");
+         * req.set("certtype", "client");
+         * req.set("request", "issuance");
+         * req.set("id", new Integer(10));
+         * req.set("dualcerts", new Boolean(true));
+         * 
+         * Vector v = new Vector();
+         * v.addElement("one");
+         * v.addElement("two");
+         * v.addElement("three");
+         * req.set("count", v);
+         * }
+         * catch (Exception e){e.printStackTrace();}
+         * String[] array = { "ou == people AND certtype == client",
+         * "ou == servergroup AND certtype == server",
+         * "uid == jdoes, ou==people, o==airius.com OR ou == people AND certType == client OR certType == server AND cn == needles.mcom.com",
+         * };
+         * for (int i = 0; i < array.length; i++)
+         * {
+         * System.out.println();
+         * System.out.println("String: " + array[i]);
+         * IExpression exp = null;
+         * try
+         * {
+         * exp = parse(array[i]);
+         * if (exp != null)
+         * {
+         * System.out.println("Parsed Expression: " + exp);
+         * boolean result = exp.evaluate(req);
+         * System.out.println("Result: " + result);
+         * }
+         * }
+         * catch (Exception e) {e.printStackTrace(); }
+         * }
+         * 
+         * 
+         * try
+         * {
+         * BufferedReader rdr = new BufferedReader(
+         * new FileReader(args[0]));
+         * String line;
+         * while((line=rdr.readLine()) != null)
+         * {
+         * System.out.println();
+         * System.out.println("Line Read: " + line);
+         * IExpression exp = null;
+         * try
+         * {
+         * exp = parse(line);
+         * if (exp != null)
+         * {
+         * System.out.println(exp);
+         * boolean result = exp.evaluate(req);
+         * System.out.println("Result: " + result);
+         * }
+         * 
+         * }catch (Exception e){e.printStackTrace();}
+         * }
+         * }
+         * catch (Exception e){e.printStackTrace(); }
          *******/
     }
 
 }
 
-
 class PredicateTokenizer {
     String input;
     int currentIndex;
@@ -348,30 +344,30 @@ class PredicateTokenizer {
     }
 }
 
-
 class AttributeSet implements IAttrSet {
     /**
      *
      */
     private static final long serialVersionUID = -3985810281989018413L;
     Hashtable ht = new Hashtable();
+
     public AttributeSet() {
     }
 
     public void delete(String name)
-        throws EBaseException {
+            throws EBaseException {
         Object ob = ht.get(name);
 
         ht.remove(ob);
     }
 
     public Object get(String name)
-        throws EBaseException {
+            throws EBaseException {
         return ht.get(name);
     }
 
     public void set(String name, Object ob)
-        throws EBaseException {
+            throws EBaseException {
         ht.put(name, ob);
     }
 
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java b/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java
index 24918a33..ca629b4b 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.policy;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -30,11 +29,10 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * Implements a policy set per IPolicySet interface. This class
  * uses a vector of ordered policies to enforce priority.
- *
+ * 
  * @author kanda
  * @version $Revision$, $Date$
  */
@@ -51,7 +49,7 @@ public class PolicySet implements IPolicySet {
     /**
      * Returns the name of the rule set.
      * <P>
-     *
+     * 
      * @return The name of the rule set.
      */
     public String getName() {
@@ -61,6 +59,7 @@ public class PolicySet implements IPolicySet {
     /**
      * Returns the no of rules in a set.
      * <P>
+     * 
      * @return the no of rules.
      */
     public int count() {
@@ -70,9 +69,9 @@ public class PolicySet implements IPolicySet {
     /**
      * Add a policy rule.
      * <P>
-     *
-     * @param ruleName  The name of the rule to be added.
-     * @param rule  The rule to be added.
+     * 
+     * @param ruleName The name of the rule to be added.
+     * @param rule The rule to be added.
      */
     public void addRule(String ruleName, IPolicyRule rule) {
         if (mRuleNames.indexOf(ruleName) >= 0)
@@ -88,9 +87,9 @@ public class PolicySet implements IPolicySet {
 
     /**
      * Remplaces a policy rule identified by the given name.
-     *
-     * @param name  The name of the rule to be replaced.
-     * @param rule  The rule to be replaced.
+     * 
+     * @param name The name of the rule to be replaced.
+     * @param rule The rule to be replaced.
      */
     public void replaceRule(String ruleName, IPolicyRule rule) {
         int index = mRuleNames.indexOf(ruleName);
@@ -99,22 +98,22 @@ public class PolicySet implements IPolicySet {
             addRule(ruleName, rule);
             return;
         }
-        	
+
         mRuleNames.setElementAt(ruleName, index);
         mRules.setElementAt(rule, index);
     }
 
     /**
      * Removes a policy rule identified by the given name.
-     *
-     * @param name  The name of the rule to be removed.
+     * 
+     * @param name The name of the rule to be removed.
      */
     public void removeRule(String ruleName) {
         int index = mRuleNames.indexOf(ruleName);
 
         if (index < 0)
             return; // XXX - throw an exception.
-        	
+
         mRuleNames.removeElementAt(index);
         mRules.removeElementAt(index);
     }
@@ -122,8 +121,8 @@ public class PolicySet implements IPolicySet {
     /**
      * Returns the rule identified by a given name.
      * <P>
-     *
-     * @param name  The name of the rule to be return.
+     * 
+     * @param name The name of the rule to be return.
      * @return The rule identified by the given name or null if none exists.
      */
     public IPolicyRule getRule(String ruleName) {
@@ -137,7 +136,7 @@ public class PolicySet implements IPolicySet {
     /**
      * Returns an enumeration of rules.
      * <P>
-     *
+     * 
      * @return An enumeration of rules.
      */
     public Enumeration<IPolicyRule> getRules() {
@@ -147,8 +146,8 @@ public class PolicySet implements IPolicySet {
     /**
      * Apply policies on a given request from a rule set.
      * The rules may modify the request.
-     *
-     * @param req   The request to apply policies on.
+     * 
+     * @param req The request to apply policies on.
      * @return the PolicyResult.
      */
     public PolicyResult apply(IRequest req) {
@@ -158,11 +157,11 @@ public class PolicySet implements IPolicySet {
         if ((cnt = mRules.size()) == 0)
             return PolicyResult.ACCEPTED;
 
-            // All policies are applied before returning the result. Hence
-            // if atleast one of the policies returns a REJECTED, we need to
-            // return that status. If none of the policies REJECTED
-            // the request, but atleast one of them DEFERRED the request, we
-            // need to return DEFERRED. 
+        // All policies are applied before returning the result. Hence
+        // if atleast one of the policies returns a REJECTED, we need to
+        // return that status. If none of the policies REJECTED
+        // the request, but atleast one of them DEFERRED the request, we
+        // need to return DEFERRED. 
         boolean rejected = false;
         boolean deferred = false;
         int size = mRules.size();
@@ -182,7 +181,7 @@ public class PolicySet implements IPolicySet {
                 e.printStackTrace();
             }
 
-            if (!typeMatched(rule, req)) 
+            if (!typeMatched(rule, req))
                 continue;
 
             try {
@@ -200,16 +199,16 @@ public class PolicySet implements IPolicySet {
                     // we pass that info down the chain. For now use S_OTHER
                     // as the system id for the log entry.
                     mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                        ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSCORE_POLICY_REJECT_RESULT", req.getRequestId().toString(), name));
+                            ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSCORE_POLICY_REJECT_RESULT", req.getRequestId().toString(), name));
                     rejected = true;
                 } else if (result == PolicyResult.DEFERRED) {
                     // It is hard to find out the owner at the moment unless
                     // we pass that info down the chain. For now use S_OTHER
                     // as the system id for the log entry.
                     mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                        ILogger.LL_WARN, 
-                        CMS.getLogMessage("CMSCORE_POLICY_DEFER_RESULT", req.getRequestId().toString(), name));
+                            ILogger.LL_WARN,
+                            CMS.getLogMessage("CMSCORE_POLICY_DEFER_RESULT", req.getRequestId().toString(), name));
                     deferred = true;
                 } else if (result == PolicyResult.ACCEPTED) {
                     // It is hard to find out the owner at the moment unless
@@ -221,9 +220,9 @@ public class PolicySet implements IPolicySet {
                     // we pass that info down the chain. For now use S_OTHER
                     // as the system id for the log entry.
                     mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                        ILogger.LL_INFO, 
-                        "policy: Request " + req.getRequestId() + " - Result of applying rule: " + name + 
-                        " is: " + getPolicyResult(result));
+                            ILogger.LL_INFO,
+                            "policy: Request " + req.getRequestId() + " - Result of applying rule: " + name +
+                                    " is: " + getPolicyResult(result));
                 }
             } catch (Throwable ex) {
                 // Customer can install his own policies.
@@ -231,14 +230,14 @@ public class PolicySet implements IPolicySet {
                 // catch those problems and report
                 // them to the log
                 mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_POLICY_ERROR_RESULT", req.getRequestId().toString(), name, ex.toString()));
+                        ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_POLICY_ERROR_RESULT", req.getRequestId().toString(), name, ex.toString()));
                 // treat as rejected to prevent request from going into 
                 // a weird state. request queue doesn't handle this case.
                 rejected = true;
                 ((IPolicyRule) rule).setError(
-                    req,
-                    CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", rule.getName(), ex.toString()), null); 
+                        req,
+                        CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", rule.getName(), ex.toString()), null);
             }
         }
 
@@ -248,9 +247,9 @@ public class PolicySet implements IPolicySet {
             return PolicyResult.DEFERRED;
         } else {
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                ILogger.LL_INFO, 
-                "Request " + req.getRequestId() + 
-                " Policy result: successful");
+                    ILogger.LL_INFO,
+                    "Request " + req.getRequestId() +
+                            " Policy result: successful");
             return PolicyResult.ACCEPTED;
         }
     }
@@ -267,7 +266,7 @@ public class PolicySet implements IPolicySet {
 
             System.out.println("Rule Name: " + ruleName);
             System.out.println("Implementation: " +
-                mRules.elementAt(index).getClass().getName());
+                    mRules.elementAt(index).getClass().getName());
         }
     }
 
@@ -295,4 +294,3 @@ public class PolicySet implements IPolicySet {
         return false;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/SimpleExpression.java b/pki/base/common/src/com/netscape/cmscore/policy/SimpleExpression.java
index 5e6458be..acb2c0d6 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/SimpleExpression.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/SimpleExpression.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.policy;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -28,13 +27,12 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.cmscore.util.AssertionException;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * This class represents an expression of the form var = val,
  * var != val, var < val, var > val, var <= val, var >= val.
- *
+ * 
  * Expressions are used as predicates for policy selection.
- *
+ * 
  * @author kanda
  * @version $Revision$, $Date$
  */
@@ -51,7 +49,7 @@ public class SimpleExpression implements IExpression {
     public static SimpleExpression NULL_EXPRESSION = new SimpleExpression("null", OP_EQUAL, "null");
 
     public static IExpression parse(String input)
-        throws EPolicyException {
+            throws EPolicyException {
         // Get the index of operator
         // Debug.trace("SimpleExpression::input: " + input);
         String var = null;
@@ -118,19 +116,19 @@ public class SimpleExpression implements IExpression {
     }
 
     public boolean evaluate(IRequest req)
-        throws EPolicyException {
+            throws EPolicyException {
         // mPfx and mVar are looked up case-indendently
         String givenVal = req.getExtDataInString(mPfx, mVar);
 
         if (Debug.ON)
-            Debug.trace("mPfx: " + mPfx + " mVar: " + mVar + 
-                ",Given Value: " + givenVal + ", Value to compare with: " + mVal);
+            Debug.trace("mPfx: " + mPfx + " mVar: " + mVar +
+                    ",Given Value: " + givenVal + ", Value to compare with: " + mVal);
 
         return matchValue(givenVal);
     }
 
     private boolean matchVector(Vector value)
-        throws EPolicyException {
+            throws EPolicyException {
         boolean result = false;
         Enumeration e = (Enumeration) value.elements();
 
@@ -143,7 +141,7 @@ public class SimpleExpression implements IExpression {
     }
 
     private boolean matchStringArray(String[] value)
-        throws EPolicyException {
+            throws EPolicyException {
         boolean result = false;
 
         for (int i = 0; i < value.length; i++) {
@@ -155,23 +153,23 @@ public class SimpleExpression implements IExpression {
     }
 
     private boolean matchValue(Object value)
-        throws EPolicyException {
+            throws EPolicyException {
         boolean result;
 
         // There is nothing to compare with!
         if (value == null)
             return false;
 
-            // XXX - Kanda: We need a better way of handling this!.
+        // XXX - Kanda: We need a better way of handling this!.
         if (value instanceof String)
             result = matchStringValue((String) value);
         else if (value instanceof Integer)
             result = matchIntegerValue((Integer) value);
         else if (value instanceof Boolean)
             result = matchBooleanValue((Boolean) value);
-        else if (value instanceof Vector) 
+        else if (value instanceof Vector)
             result = matchVector((Vector) value);
-        else if (value instanceof String[]) 
+        else if (value instanceof String[])
             result = matchStringArray((String[]) value);
         else
             throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_ATTR_VALUE",
@@ -180,7 +178,7 @@ public class SimpleExpression implements IExpression {
     }
 
     private boolean matchStringValue(String givenVal)
-        throws EPolicyException {
+            throws EPolicyException {
         boolean result;
 
         switch (mOp) {
@@ -221,7 +219,7 @@ public class SimpleExpression implements IExpression {
     }
 
     private boolean matchIntegerValue(Integer intVal)
-        throws EPolicyException {
+            throws EPolicyException {
         boolean result;
         int storedVal;
         int givenVal = intVal.intValue();
@@ -264,12 +262,11 @@ public class SimpleExpression implements IExpression {
     }
 
     private boolean matchBooleanValue(Boolean givenVal)
-        throws EPolicyException {
+            throws EPolicyException {
         boolean result;
         Boolean storedVal;
 
-        if (!(mVal.equalsIgnoreCase("true") ||
-                mVal.equalsIgnoreCase("false")))
+        if (!(mVal.equalsIgnoreCase("true") || mVal.equalsIgnoreCase("false")))
             throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_ATTR_VALUE",
                         mVal));
         storedVal = new Boolean(mVal);
@@ -320,9 +317,9 @@ public class SimpleExpression implements IExpression {
             op = IExpression.LE_STR;
             break;
         }
-        if (mPfx != null && mPfx.length() > 0) 
+        if (mPfx != null && mPfx.length() > 0)
             return mPfx + "." + mVar + " " + op + " " + mVal;
-        else 
+        else
             return mVar + " " + op + " " + mVal;
     }
 
@@ -411,7 +408,6 @@ public class SimpleExpression implements IExpression {
     }
 }
 
-
 class ExpressionComps {
     String attr;
     int op;
@@ -435,4 +431,3 @@ class ExpressionComps {
         return val;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/profile/ProfileSubsystem.java b/pki/base/common/src/com/netscape/cmscore/profile/ProfileSubsystem.java
index 4f386259..b5f829f7 100644
--- a/pki/base/common/src/com/netscape/cmscore/profile/ProfileSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/profile/ProfileSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.profile;
 
-
 import java.io.File;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -34,7 +33,6 @@ import com.netscape.certsrv.profile.IProfileSubsystem;
 import com.netscape.certsrv.registry.IPluginInfo;
 import com.netscape.certsrv.registry.IPluginRegistry;
 
-
 public class ProfileSubsystem implements IProfileSubsystem {
     private static final String PROP_LIST = "list";
     private static final String PROP_CLASS_ID = "class_id";
@@ -54,7 +52,7 @@ public class ProfileSubsystem implements IProfileSubsystem {
      * Retrieves the name of this subsystem.
      */
     public String getId() {
-        return null; 
+        return null;
     }
 
     /**
@@ -67,16 +65,16 @@ public class ProfileSubsystem implements IProfileSubsystem {
      * Initializes this subsystem with the given configuration
      * store.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      * @exception EBaseException failed to initialize
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         CMS.debug("ProfileSubsystem: start init");
         IPluginRegistry registry = (IPluginRegistry)
-            CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY);
+                CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY);
 
         mConfig = config;
         mOwner = owner;
@@ -100,7 +98,7 @@ public class ProfileSubsystem implements IProfileSubsystem {
             String configPath = subStore.getString(PROP_CONFIG);
 
             CMS.debug("Start Profile Creation - " + id + " " + classid + " " + info.getClassName());
-            IProfile profile = createProfile(id, classid, info.getClassName(), 
+            IProfile profile = createProfile(id, classid, info.getClassName(),
                     configPath);
 
             CMS.debug("Done Profile Creation - " + id);
@@ -112,15 +110,15 @@ public class ProfileSubsystem implements IProfileSubsystem {
             String id = (String) ee.nextElement();
 
             CMS.debug("Registered Confirmation - " + id);
-        }	
+        }
     }
 
     /**
      * Creates a profile instance.
      */
-    public IProfile createProfile(String id, String classid, String className, 
-        String configPath)
-        throws EProfileException {
+    public IProfile createProfile(String id, String classid, String className,
+            String configPath)
+            throws EProfileException {
         IProfile profile = null;
 
         try {
@@ -143,11 +141,11 @@ public class ProfileSubsystem implements IProfileSubsystem {
     }
 
     public void deleteProfile(String id, String configPath) throws EProfileException {
-    
+
         if (isProfileEnable(id)) {
             throw new EProfileException("CMS_PROFILE_DELETE_ENABLEPROFILE");
         }
-        
+
         String ids = "";
         try {
             ids = mConfig.getString(PROP_LIST, "");
@@ -166,7 +164,7 @@ public class ProfileSubsystem implements IProfileSubsystem {
         }
         if (!list.equals(""))
             list = list.substring(0, list.length() - 1);
- 
+
         mConfig.putString(PROP_LIST, list);
         mConfig.removeSubStore(id);
         File file1 = new File(configPath);
@@ -181,13 +179,13 @@ public class ProfileSubsystem implements IProfileSubsystem {
         }
     }
 
-    public void createProfileConfig(String id, String classId, 
-        String configPath)
-        throws EProfileException {
+    public void createProfileConfig(String id, String classId,
+            String configPath)
+            throws EProfileException {
         try {
             if (mProfiles.size() > 0) {
-                mConfig.putString(PROP_LIST, 
-                    mConfig.getString(PROP_LIST) + "," + id);
+                mConfig.putString(PROP_LIST,
+                        mConfig.getString(PROP_LIST) + "," + id);
             } else {
                 mConfig.putString(PROP_LIST, id);
             }
@@ -222,7 +220,7 @@ public class ProfileSubsystem implements IProfileSubsystem {
     /**
      * Returns the root configuration storage of this system.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -233,7 +231,7 @@ public class ProfileSubsystem implements IProfileSubsystem {
      * Adds a profile.
      */
     public void addProfile(String id, IProfile profile)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     public boolean isProfileEnable(String id) {
@@ -267,7 +265,7 @@ public class ProfileSubsystem implements IProfileSubsystem {
      * Enables a profile for execution.
      */
     public void enableProfile(String id, String enableBy)
-        throws EProfileException {
+            throws EProfileException {
         IProfile profile = (IProfile) mProfiles.get(id);
 
         profile.getConfigStore().putString(PROP_ENABLE, "true");
@@ -282,7 +280,7 @@ public class ProfileSubsystem implements IProfileSubsystem {
      * Disables a profile for execution.
      */
     public void disableProfile(String id)
-        throws EProfileException {
+            throws EProfileException {
         IProfile profile = (IProfile) mProfiles.get(id);
 
         profile.getConfigStore().putString(PROP_ENABLE, "false");
@@ -296,7 +294,7 @@ public class ProfileSubsystem implements IProfileSubsystem {
      * Retrieves a profile by id.
      */
     public IProfile getProfile(String id)
-        throws EProfileException {
+            throws EProfileException {
         return (IProfile) mProfiles.get(id);
     }
 
@@ -314,15 +312,14 @@ public class ProfileSubsystem implements IProfileSubsystem {
 
     /**
      * Checks if owner id should be enforced during profile approval.
-     *
+     * 
      * @return true if approval should be checked
      */
-    public boolean checkOwner()
-    {
+    public boolean checkOwner() {
         try {
-          return mConfig.getBoolean(PROP_CHECK_OWNER, false);
+            return mConfig.getBoolean(PROP_CHECK_OWNER, false);
         } catch (EBaseException e) {
-          return false;
+            return false;
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/registry/PluginInfo.java b/pki/base/common/src/com/netscape/cmscore/registry/PluginInfo.java
index 2766bcdb..68186190 100644
--- a/pki/base/common/src/com/netscape/cmscore/registry/PluginInfo.java
+++ b/pki/base/common/src/com/netscape/cmscore/registry/PluginInfo.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.registry;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.registry.IPluginInfo;
 
-
 /**
- * The plugin information includes id, name, 
+ * The plugin information includes id, name,
  * classname, and description.
- *
+ * 
  * @author thomask
  */
 public class PluginInfo implements IPluginInfo {
diff --git a/pki/base/common/src/com/netscape/cmscore/registry/PluginRegistry.java b/pki/base/common/src/com/netscape/cmscore/registry/PluginRegistry.java
index 20c9cef0..936a466c 100644
--- a/pki/base/common/src/com/netscape/cmscore/registry/PluginRegistry.java
+++ b/pki/base/common/src/com/netscape/cmscore/registry/PluginRegistry.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.registry;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Locale;
@@ -31,7 +30,6 @@ import com.netscape.certsrv.registry.ERegistryException;
 import com.netscape.certsrv.registry.IPluginInfo;
 import com.netscape.certsrv.registry.IPluginRegistry;
 
-
 public class PluginRegistry implements IPluginRegistry {
 
     private static final String PROP_TYPES = "types";
@@ -44,7 +42,7 @@ public class PluginRegistry implements IPluginRegistry {
     private IConfigStore mConfig = null;
     private IConfigStore mFileConfig = null;
     private ISubsystem mOwner = null;
-    private Hashtable<String, Hashtable <String ,IPluginInfo>> mTypes = new Hashtable<String, Hashtable<String, IPluginInfo>>();
+    private Hashtable<String, Hashtable<String, IPluginInfo>> mTypes = new Hashtable<String, Hashtable<String, IPluginInfo>>();
 
     public PluginRegistry() {
     }
@@ -53,7 +51,7 @@ public class PluginRegistry implements IPluginRegistry {
      * Retrieves the name of this subsystem.
      */
     public String getId() {
-        return null; 
+        return null;
     }
 
     /**
@@ -66,13 +64,13 @@ public class PluginRegistry implements IPluginRegistry {
      * Initializes this subsystem with the given configuration
      * store.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      * @exception EBaseException failed to initialize
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         CMS.debug("RegistrySubsystem: start init");
         mConfig = config;
         mOwner = owner;
@@ -103,7 +101,7 @@ public class PluginRegistry implements IPluginRegistry {
      * Load plugins of the given type.
      */
     public void loadPlugins(IConfigStore config, String type)
-        throws EBaseException {
+            throws EBaseException {
         String ids_str = null;
 
         try {
@@ -122,7 +120,6 @@ public class PluginRegistry implements IPluginRegistry {
         }
     }
 
-
     public IPluginInfo createPluginInfo(String name, String desc, String classPath) {
         return new PluginInfo(name, desc, classPath);
     }
@@ -131,7 +128,7 @@ public class PluginRegistry implements IPluginRegistry {
      * Load plugins of the given type.
      */
     public void loadPlugin(IConfigStore config, String type, String id)
-        throws EBaseException {
+            throws EBaseException {
         String name = null;
 
         try {
@@ -147,7 +144,7 @@ public class PluginRegistry implements IPluginRegistry {
         String classpath = null;
 
         try {
-            classpath = mFileConfig.getString(type + "." + id + "." + PROP_CLASSPATH, 
+            classpath = mFileConfig.getString(type + "." + id + "." + PROP_CLASSPATH,
                         null);
         } catch (EBaseException e) {
         }
@@ -157,23 +154,23 @@ public class PluginRegistry implements IPluginRegistry {
     }
 
     public void removePluginInfo(String type, String id)
-        throws ERegistryException {
+            throws ERegistryException {
         Hashtable<String, IPluginInfo> plugins = mTypes.get(type);
         if (plugins == null)
-          return;
+            return;
         plugins.remove(id);
         Locale locale = Locale.getDefault();
         rebuildConfigStore(locale);
     }
 
     public void addPluginInfo(String type, String id, IPluginInfo info)
-        throws ERegistryException {
+            throws ERegistryException {
         addPluginInfo(type, id, info, 1);
     }
 
     public void addPluginInfo(String type, String id, IPluginInfo info, int saveConfig)
-        throws ERegistryException {
-        Hashtable<String, IPluginInfo> plugins =  mTypes.get(type);
+            throws ERegistryException {
+        Hashtable<String, IPluginInfo> plugins = mTypes.get(type);
 
         if (plugins == null) {
             plugins = new Hashtable<String, IPluginInfo>();
@@ -181,17 +178,18 @@ public class PluginRegistry implements IPluginRegistry {
         }
         Locale locale = Locale.getDefault();
 
-        CMS.debug("added plugin " + type + " " + id + " " + 
-            info.getName(locale) + " " + info.getDescription(locale) + " " +
-            info.getClassName());
+        CMS.debug("added plugin " + type + " " + id + " " +
+                info.getName(locale) + " " + info.getDescription(locale) + " " +
+                info.getClassName());
         plugins.put(id, info);
 
         // rebuild configuration store
-        if (saveConfig == 1) rebuildConfigStore(locale);
+        if (saveConfig == 1)
+            rebuildConfigStore(locale);
     }
 
     public void rebuildConfigStore(Locale locale)
-        throws ERegistryException {
+            throws ERegistryException {
         Enumeration<String> types = mTypes.keys();
         StringBuffer typesBuf = new StringBuffer();
 
@@ -215,20 +213,20 @@ public class PluginRegistry implements IPluginRegistry {
                 }
                 IPluginInfo plugin = (IPluginInfo) mPlugins.get(id);
 
-                mFileConfig.putString(type + "." + id + ".class", 
-                    plugin.getClassName());
-                mFileConfig.putString(type + "." + id + ".name", 
-                    plugin.getName(locale));
-                mFileConfig.putString(type + "." + id + ".desc", 
-                    plugin.getDescription(locale));
+                mFileConfig.putString(type + "." + id + ".class",
+                        plugin.getClassName());
+                mFileConfig.putString(type + "." + id + ".name",
+                        plugin.getName(locale));
+                mFileConfig.putString(type + "." + id + ".desc",
+                        plugin.getDescription(locale));
             }
             mFileConfig.putString(type + ".ids", idsBuf.toString());
         }
         mFileConfig.putString("types", typesBuf.toString());
         try {
-          mFileConfig.commit(false);
+            mFileConfig.commit(false);
         } catch (EBaseException e) {
-          CMS.debug("PluginRegistry: failed to commit registry.cfg");
+            CMS.debug("PluginRegistry: failed to commit registry.cfg");
         }
     }
 
@@ -252,7 +250,7 @@ public class PluginRegistry implements IPluginRegistry {
     /**
      * Returns the root configuration storage of this system.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -274,7 +272,7 @@ public class PluginRegistry implements IPluginRegistry {
      * Returns a list of identifiers of the given type.
      */
     public Enumeration<String> getIds(String type) {
-        Hashtable<String, IPluginInfo> plugins =  mTypes.get(type);
+        Hashtable<String, IPluginInfo> plugins = mTypes.get(type);
 
         if (plugins == null)
             return null;
@@ -285,7 +283,7 @@ public class PluginRegistry implements IPluginRegistry {
      * Retrieves the plugin information.
      */
     public IPluginInfo getPluginInfo(String type, String id) {
-        Hashtable <String ,IPluginInfo> plugins = mTypes.get(type);
+        Hashtable<String, IPluginInfo> plugins = mTypes.get(type);
 
         if (plugins == null)
             return null;
diff --git a/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java b/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java
index 47418664..32cadfbe 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.request;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -63,31 +62,25 @@ import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
 
-
 /**
  * The ARequestQueue class is an abstract class that implements
- * most portions of the IRequestQueue interface.  This includes
+ * most portions of the IRequestQueue interface. This includes
  * the state engine as defined for processing IRequest objects.
  * <p>
  * !Put state machine description here!
  * <p>
- * This class defines several abstract protected functions that
- * need to be defined by the concrete implementation.  In
- * particular, this class does not implement the operations
- * for storing requests persistantly.
+ * This class defines several abstract protected functions that need to be defined by the concrete implementation. In particular, this class does not implement the operations for storing requests persistantly.
  * <p>
- * This class also provides several accessor functions for setting
- * fields in the IRequest object.  These functions are provided
- * as an aid to saving and restoring the state in the database.
+ * This class also provides several accessor functions for setting fields in the IRequest object. These functions are provided as an aid to saving and restoring the state in the database.
  * <p>
- * This class also implements the locking operations specified by
- * the IRequestQueue interface.
+ * This class also implements the locking operations specified by the IRequestQueue interface.
  * <p>
+ * 
  * @author thayes
  * @version $Revision$ $Date$
  */
 public abstract class ARequestQueue
-    implements IRequestQueue {
+        implements IRequestQueue {
 
     /**
      * global request version for tracking request changes.
@@ -97,37 +90,33 @@ public abstract class ARequestQueue
     /**
      * Create a new (unique) RequestId. (abstract)
      * <p>
-     * This method must be implemented by the specialized class to
-     * generate a new id from data in the persistant store.  This id
-     * is used to create a new request object.
+     * This method must be implemented by the specialized class to generate a new id from data in the persistant store. This id is used to create a new request object.
      * <p>
+     * 
      * @return
-     *    a new RequestId object.
+     *         a new RequestId object.
      * @exception EBaseException
-     *    indicates that creation of the new id could not be completed.
+     *                indicates that creation of the new id could not be completed.
      * @see RequestId
      */
     protected abstract RequestId newRequestId()
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Read a request from the persistant store. (abstract)
      * <p>
-     * This function is called to create the in-memory version of
-     * a request object.
+     * This function is called to create the in-memory version of a request object.
      * <p>
-     * The implementation of this object can use the createRequest
-     * member function to create a new instance of an IRequest, and
-     * use the setRequestStatus, setCreationTime and setModificationTime
-     * functions to set those values.
+     * The implementation of this object can use the createRequest member function to create a new instance of an IRequest, and use the setRequestStatus, setCreationTime and setModificationTime functions to set those values.
      * <p>
+     * 
      * @param id
-     *    the id of the request to read.
+     *            the id of the request to read.
      * @return
-     *    a new IRequest object. null is returned if the object cannot
-     *    be located.
+     *         a new IRequest object. null is returned if the object cannot
+     *         be located.
      * @exception EBaseException
-     *    TODO: this is not implemented yet
+     *                TODO: this is not implemented yet
      * @see #createRequest
      * @see #setRequestStatus
      * @see #setModificationTime
@@ -138,28 +127,27 @@ public abstract class ARequestQueue
     /**
      * Add the request to the store. (abstract)
      * <p>
-     * This function is called when a new request immediately after
-     * creating a new request.
+     * This function is called when a new request immediately after creating a new request.
      * <p>
+     * 
      * @param request
-     *    the request to add.
+     *            the request to add.
      * @exception EBaseException
-     *    TODO: this is not implemented yet
+     *                TODO: this is not implemented yet
      */
     protected abstract void addRequest(IRequest request) throws EBaseException;
 
     /**
      * Modify the request in the store. (abstract)
      * <p>
-     * Update the persistant copy of this request with the
-     * current values in the object.
+     * Update the persistant copy of this request with the current values in the object.
      * <p>
-     * Currently there are no hints for what has changed, so
-     * the entire request should be updated.
+     * Currently there are no hints for what has changed, so the entire request should be updated.
      * <p>
+     * 
      * @param request
      * @exception EBaseException
-     *    TODO: this is not implemented yet
+     *                TODO: this is not implemented yet
      */
     protected abstract void modifyRequest(IRequest request);
 
@@ -167,27 +155,24 @@ public abstract class ARequestQueue
      * Get complete list of RequestId values found i this
      * queue.
      * <p>
-     * This method can form the basis for creating other types
-     * of search/list operations (although there are probably more
-     * efficient ways of doing this.  ARequestQueue implements
-     * default versions of some of the searching by using this
-     * method as a basis.
+     * This method can form the basis for creating other types of search/list operations (although there are probably more efficient ways of doing this. ARequestQueue implements default versions of some of the searching by using this method as a basis.
      * <p>
-     * TODO: return IRequestList -or- just use listRequests as
-     * the basic engine.
+     * TODO: return IRequestList -or- just use listRequests as the basic engine.
      * <p>
+     * 
      * @return
-     *    an Enumeration that generates RequestId objects.
+     *         an Enumeration that generates RequestId objects.
      */
     abstract protected Enumeration<RequestId> getRawList();
 
     /**
      * protected access for setting the current state of a request.
      * <p>
+     * 
      * @param request
-     *    The request to be modified.
+     *            The request to be modified.
      * @param status
-     *    The new value for the request status.
+     *            The new value for the request status.
      */
     protected final void setRequestStatus(IRequest request, RequestStatus status) {
         Request r = (Request) request;
@@ -198,10 +183,11 @@ public abstract class ARequestQueue
     /**
      * protected access for setting the modification time of a request.
      * <p>
+     * 
      * @param request
-     *    The request to be modified.
+     *            The request to be modified.
      * @param date
-     *    The new value for the time.
+     *            The new value for the time.
      */
     protected final void setModificationTime(IRequest request, Date date) {
         Request r = (Request) request;
@@ -212,10 +198,11 @@ public abstract class ARequestQueue
     /**
      * protected access for setting the creation time of a request.
      * <p>
+     * 
      * @param request
-     *    The request to be modified.
+     *            The request to be modified.
      * @param date
-     *    The new value for the time.
+     *            The new value for the time.
      */
     protected final void setCreationTime(IRequest request, Date date) {
         Request r = (Request) request;
@@ -226,11 +213,12 @@ public abstract class ARequestQueue
     /**
      * protected access for creating a new Request object
      * <p>
+     * 
      * @param id
-     *    The identifier for the new request
+     *            The identifier for the new request
      * @return
-     *    A new request object.  The caller should fill in other data
-     *    values from the datastore.
+     *         A new request object. The caller should fill in other data
+     *         values from the datastore.
      */
     protected final IRequest createRequest(RequestId id, String requestType) {
         Request r;
@@ -251,12 +239,13 @@ public abstract class ARequestQueue
     }
 
     /**
-     * Implements IRequestQueue.newRequest 
+     * Implements IRequestQueue.newRequest
      * <p>
+     * 
      * @see IRequestQueue#newRequest
      */
     public IRequest newRequest(String requestType)
-        throws EBaseException {
+            throws EBaseException {
         if (requestType == null) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_REQUEST_TYPE", "null"));
         }
@@ -288,16 +277,18 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.cloneRequest
      * <p>
+     * 
      * @see IRequestQueue#cloneRequest
      */
-    public IRequest cloneRequest(IRequest r) 
-        throws EBaseException {
+    public IRequest cloneRequest(IRequest r)
+            throws EBaseException {
         // 1. check for valid state. (Are any invalid ?) 
         RequestStatus rs = r.getRequestStatus();
 
-        if (rs == RequestStatus.BEGIN) throw new EBaseException("Invalid Status");
+        if (rs == RequestStatus.BEGIN)
+            throw new EBaseException("Invalid Status");
 
-            // 2. create new request 
+        // 2. create new request 
         String reqType = r.getRequestType();
         IRequest clone = newRequest(reqType);
 
@@ -317,10 +308,11 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.findRequest
      * <p>
+     * 
      * @see IRequestQueue#findRequest
      */
     public IRequest findRequest(RequestId id)
-        throws EBaseException {
+            throws EBaseException {
         IRequest r;
 
         // mTable.lock(id);
@@ -328,12 +320,12 @@ public abstract class ARequestQueue
         r = readRequest(id);
 
         // if (r == null) mTable.unlock(id);
-      
+
         return r;
     }
 
     private IRequestScheduler mRequestScheduler = null;
- 
+
     public void setRequestScheduler(IRequestScheduler scheduler) {
         mRequestScheduler = scheduler;
     }
@@ -345,10 +337,11 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.processRequest
      * <p>
+     * 
      * @see IRequestQueue#processRequest
      */
     public final void processRequest(IRequest r)
-        throws EBaseException {
+            throws EBaseException {
 
         // #610553 Thread Scheduler
         IRequestScheduler scheduler = getRequestScheduler();
@@ -361,7 +354,8 @@ public abstract class ARequestQueue
             // 1. Check for valid state
             RequestStatus rs = r.getRequestStatus();
 
-            if (rs != RequestStatus.BEGIN) throw new EBaseException("Invalid Status");
+            if (rs != RequestStatus.BEGIN)
+                throw new EBaseException("Invalid Status");
 
             stateEngine(r);
         } finally {
@@ -374,19 +368,21 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.markRequestPending
      * <p>
+     * 
      * @see IRequestQueue#markRequestPending
      */
     public final void markRequestPending(IRequest r)
-        throws EBaseException {
+            throws EBaseException {
         // 1. Check for valid state
         RequestStatus rs = r.getRequestStatus();
 
-        if (rs != RequestStatus.BEGIN) throw new EBaseException("Invalid Status");
+        if (rs != RequestStatus.BEGIN)
+            throw new EBaseException("Invalid Status");
 
-            // 2. Change the request state.  This method of making
-            // a request PENDING does NOT invoke the PENDING notifiers.
-            // To change this, just call stateEngine at the completion of this
-            // routine.
+        // 2. Change the request state.  This method of making
+        // a request PENDING does NOT invoke the PENDING notifiers.
+        // To change this, just call stateEngine at the completion of this
+        // routine.
         setRequestStatus(r, RequestStatus.PENDING);
 
         updateRequest(r);
@@ -396,10 +392,11 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.cloneAndMarkPending
      * <p>
+     * 
      * @see IRequestQueue#cloneAndMarkPending
      */
-    public IRequest cloneAndMarkPending(IRequest r) 
-        throws EBaseException {
+    public IRequest cloneAndMarkPending(IRequest r)
+            throws EBaseException {
         IRequest clone = cloneRequest(r);
 
         markRequestPending(clone);
@@ -409,14 +406,16 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.approveRequest
      * <p>
+     * 
      * @see IRequestQueue#approveRequest
      */
     public final void approveRequest(IRequest r)
-        throws EBaseException {
+            throws EBaseException {
         // 1. Check for valid state
         RequestStatus rs = r.getRequestStatus();
 
-        if (rs != RequestStatus.PENDING) throw new EBaseException("Invalid Status");
+        if (rs != RequestStatus.PENDING)
+            throw new EBaseException("Invalid Status");
 
         AgentApprovals aas = AgentApprovals.fromStringVector(
                 r.getExtDataInStringVector(AgentApprovals.class.getName()));
@@ -427,17 +426,18 @@ public abstract class ARequestQueue
         // Record agent who did this
         String agentName = getUserIdentity();
 
-        if (agentName == null) throw new EBaseException("Missing agent information");
+        if (agentName == null)
+            throw new EBaseException("Missing agent information");
 
         aas.addApproval(agentName);
-        r.setExtData(AgentApprovals.class.getName(), (Vector<?>)aas.toStringVector());
+        r.setExtData(AgentApprovals.class.getName(), (Vector<?>) aas.toStringVector());
 
         PolicyResult pr = mPolicy.apply(r);
 
         if (pr == PolicyResult.ACCEPTED) {
             setRequestStatus(r, RequestStatus.APPROVED);
         } else if (pr == PolicyResult.DEFERRED ||
-            pr == PolicyResult.REJECTED) {
+                pr == PolicyResult.REJECTED) {
         }
 
         // Always update. The policy code may have made changes to the
@@ -450,16 +450,18 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.rejectRequest
      * <p>
+     * 
      * @see IRequestQueue#rejectRequest
      */
     public final void rejectRequest(IRequest r)
-        throws EBaseException {
+            throws EBaseException {
         // 1. Check for valid state
         RequestStatus rs = r.getRequestStatus();
 
-        if (rs != RequestStatus.PENDING) throw new EBaseException("Invalid Status");
+        if (rs != RequestStatus.PENDING)
+            throw new EBaseException("Invalid Status");
 
-            // 2. Change state
+        // 2. Change state
         setRequestStatus(r, RequestStatus.REJECTED);
         updateRequest(r);
 
@@ -470,10 +472,11 @@ public abstract class ARequestQueue
     /**
      * Implments IRequestQueue.cancelRequest
      * <p>
+     * 
      * @see IRequestQueue#cancelRequest
      */
     public final void cancelRequest(IRequest r)
-        throws EBaseException {
+            throws EBaseException {
         setRequestStatus(r, RequestStatus.CANCELED);
         updateRequest(r);
 
@@ -489,7 +492,8 @@ public abstract class ARequestQueue
         setRequestStatus(r, RequestStatus.COMPLETE);
         updateRequest(r);
 
-        if (mNotify != null) mNotify.notify(r);
+        if (mNotify != null)
+            mNotify.notify(r);
 
         return;
     }
@@ -497,10 +501,9 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.listRequests
      * <p>
-     * Should be overridden by the specialized class if
-     * a more efficient method is available for implementing
-     * this operation.
+     * Should be overridden by the specialized class if a more efficient method is available for implementing this operation.
      * <P>
+     * 
      * @see IRequestQueue#listRequests
      */
     public IRequestList listRequests() {
@@ -510,10 +513,9 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.listRequestsByStatus
      * <p>
-     * Should be overridden by the specialized class if
-     * a more efficient method is available for implementing
-     * this operation.
+     * Should be overridden by the specialized class if a more efficient method is available for implementing this operation.
      * <P>
+     * 
      * @see IRequestQueue#listRequestsByStatus
      */
     public IRequestList listRequestsByStatus(RequestStatus s) {
@@ -523,6 +525,7 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.releaseRequest
      * <p>
+     * 
      * @see IRequestQueue#releaseRequest
      */
     public final void releaseRequest(IRequest request) {
@@ -534,17 +537,18 @@ public abstract class ARequestQueue
 
         String name = getUserIdentity();
 
-        if (name != null) r.setExtData(IRequest.UPDATED_BY, name);
+        if (name != null)
+            r.setExtData(IRequest.UPDATED_BY, name);
 
-            // TODO: use a state flag to determine whether to call
-            // addRequest or modifyRequest (see newRequest as well)
+        // TODO: use a state flag to determine whether to call
+        // addRequest or modifyRequest (see newRequest as well)
         modifyRequest(r);
     }
 
     // PRIVATE functions
 
     private final void stateEngine(IRequest r)
-        throws EBaseException {
+            throws EBaseException {
         boolean complete = false;
 
         while (!complete) {
@@ -644,14 +648,14 @@ public abstract class ARequestQueue
      */
     public void recover() {
         if (CMS.isRunningMode()) {
-        RecoverThread t = new RecoverThread(this);
+            RecoverThread t = new RecoverThread(this);
 
-        t.start();
+            t.start();
         }
     }
 
     /**
-     * recover from a crash.  Resends all requests that are in
+     * recover from a crash. Resends all requests that are in
      * the APPROVED state.
      */
     public void recoverWillBlock() {
@@ -685,7 +689,7 @@ public abstract class ARequestQueue
 
     // Constructor
     protected ARequestQueue(IPolicy policy, IService service, INotify notify,
-        INotify pendingNotify) {
+            INotify pendingNotify) {
         mPolicy = policy;
         mService = service;
         mNotify = notify;
@@ -705,7 +709,6 @@ public abstract class ARequestQueue
     protected ILogger mLogger;
 }
 
-
 //
 // Table of RequestId values that are currently in use by some thread.
 // The fact that the request is in this table constitutes a lock
@@ -736,13 +739,12 @@ public abstract class ARequestQueue
  }
  */
 
-
 //
 // Request - implementation of the IRequest interface.  This
 // version is returned by ARequestQueue (and its derivatives)
 //
 class Request
-    implements IRequest {
+        implements IRequest {
     // IRequest.getRequestId
     public RequestId getRequestId() {
         return mRequestId;
@@ -835,8 +837,8 @@ class Request
         while (e.hasMoreElements()) {
             String key = (String) e.nextElement();
             if (!key.equals(IRequest.ISSUED_CERTS) &&
-                !key.equals(IRequest.ERRORS) &&
-                !key.equals(IRequest.REMOTE_REQID)) {
+                    !key.equals(IRequest.ERRORS) &&
+                    !key.equals(IRequest.REMOTE_REQID)) {
                 if (req.isSimpleExtDataValue(key)) {
                     setExtData(key, req.getExtDataInString(key));
                 } else {
@@ -848,15 +850,15 @@ class Request
 
     /**
      * This function used to check that the keys obeyed LDAP attribute name
-     * syntax rules.  Keys are being encoded now, so it is changed to just
+     * syntax rules. Keys are being encoded now, so it is changed to just
      * filter out null and empty string keys.
-     *
-     * @param key  The key to check
-     * @return  false if invalid
+     * 
+     * @param key The key to check
+     * @return false if invalid
      */
     protected boolean isValidExtDataKey(String key) {
         return key != null &&
-               (! key.equals(""));
+                (!key.equals(""));
     }
 
     protected boolean isValidExtDataHashtableValue(Hashtable<String, Object> hash) {
@@ -866,15 +868,14 @@ class Request
         Enumeration<String> keys = hash.keys();
         while (keys.hasMoreElements()) {
             Object key = keys.nextElement();
-            if (! ((key instanceof String) &&
-                    isValidExtDataKey((String)key)) ) {
+            if (!((key instanceof String) && isValidExtDataKey((String) key))) {
                 return false;
             }
             /*
              * 	TODO  should the Value type be String?
              */
             Object value = hash.get(key);
-            if (! (value instanceof String)) {
+            if (!(value instanceof String)) {
                 return false;
             }
         }
@@ -883,7 +884,7 @@ class Request
     }
 
     public boolean setExtData(String key, String value) {
-        if (! isValidExtDataKey(key)) {
+        if (!isValidExtDataKey(key)) {
             return false;
         }
         if (value == null) {
@@ -895,8 +896,8 @@ class Request
     }
 
     @SuppressWarnings("unchecked")
-	public boolean setExtData(String key, Hashtable<String, ?> value) {
-        if ( !(isValidExtDataKey(key) && isValidExtDataHashtableValue((Hashtable<String, Object>) value)) ) {
+    public boolean setExtData(String key, Hashtable<String, ?> value) {
+        if (!(isValidExtDataKey(key) && isValidExtDataHashtableValue((Hashtable<String, Object>) value))) {
             return false;
         }
 
@@ -913,22 +914,22 @@ class Request
         if (value == null) {
             return null;
         }
-        if (! (value instanceof String)) {
+        if (!(value instanceof String)) {
             return null;
         }
-        return (String)value;
+        return (String) value;
     }
 
     @SuppressWarnings("unchecked")
-	public <V> Hashtable<String, V> getExtDataInHashtable(String key) {
+    public <V> Hashtable<String, V> getExtDataInHashtable(String key) {
         Object value = mExtData.get(key);
         if (value == null) {
             return null;
         }
-        if (! (value instanceof Hashtable)) {
+        if (!(value instanceof Hashtable)) {
             return null;
         }
-        return new ExtDataHashtable<V>((Map<? extends String, ? extends V>)value);
+        return new ExtDataHashtable<V>((Map<? extends String, ? extends V>) value);
     }
 
     public Enumeration<String> getExtDataKeys() {
@@ -940,7 +941,7 @@ class Request
     }
 
     public boolean setExtData(String key, String subkey, String value) {
-        if (! (isValidExtDataKey(key) && isValidExtDataKey(subkey)) ) {
+        if (!(isValidExtDataKey(key) && isValidExtDataKey(subkey))) {
             return false;
         }
         if (isSimpleExtDataValue(key)) {
@@ -951,7 +952,7 @@ class Request
         }
 
         @SuppressWarnings("unchecked")
-		Hashtable<String, String> existingValue = (Hashtable<String, String>)mExtData.get(key);
+        Hashtable<String, String> existingValue = (Hashtable<String, String>) mExtData.get(key);
         if (existingValue == null) {
             existingValue = new ExtDataHashtable<String>();
             mExtData.put(key, existingValue);
@@ -965,7 +966,7 @@ class Request
         if (value == null) {
             return null;
         }
-        return (String)value.get(subkey);
+        return (String) value.get(subkey);
     }
 
     public boolean setExtData(String key, Integer value) {
@@ -1229,7 +1230,7 @@ class Request
             return false;
         }
         try {
-            stringArray = (String[])stringVector.toArray(new String[0]);
+            stringArray = (String[]) stringVector.toArray(new String[0]);
         } catch (ArrayStoreException e) {
             return false;
         }
@@ -1392,7 +1393,7 @@ class Request
             listValue.set(index,
                     hashValue.get(arrayKey));
         }
-        return (String[])listValue.toArray(new String[0]);
+        return (String[]) listValue.toArray(new String[0]);
     }
 
     public IAttrSet asIAttrSet() {
@@ -1431,7 +1432,7 @@ class RequestIAttrSetWrapper implements IAttrSet {
 
     public void set(String name, Object obj) throws EBaseException {
         try {
-            mRequest.setExtData(name, (String)obj);
+            mRequest.setExtData(name, (String) obj);
         } catch (ClassCastException e) {
             throw new EBaseException(e.toString());
         }
@@ -1450,21 +1451,19 @@ class RequestIAttrSetWrapper implements IAttrSet {
     }
 }
 
-
 /**
  * Example of a specialized request class.
  */
 class EnrollmentRequest
-    extends Request
-    implements IEnrollmentRequest {
+        extends Request
+        implements IEnrollmentRequest {
     EnrollmentRequest(RequestId id) {
         super(id);
     }
 }
 
-
 class RequestListByStatus
-    implements IRequestList {
+        implements IRequestList {
     public boolean hasMoreElements() {
         return (mNext != null);
     }
@@ -1507,14 +1506,16 @@ class RequestListByStatus
         mNext = null;
 
         while (mNext == null) {
-            if (!mEnumeration.hasMoreElements()) break;
-   
-            rId =  mEnumeration.nextElement();
+            if (!mEnumeration.hasMoreElements())
+                break;
+
+            rId = mEnumeration.nextElement();
 
             try {
                 IRequest r = mQueue.findRequest(rId);
 
-                if (r.getRequestStatus() == mStatus) mNext = rId;
+                if (r.getRequestStatus() == mStatus)
+                    mNext = rId;
 
                 mQueue.releaseRequest(r);
             } catch (Exception e) {
@@ -1524,13 +1525,12 @@ class RequestListByStatus
 
     protected RequestStatus mStatus;
     protected IRequestQueue mQueue;
-    protected Enumeration<RequestId> mEnumeration; 
+    protected Enumeration<RequestId> mEnumeration;
     protected RequestId mNext;
 }
 
-
 class RequestList
-    implements IRequestList {
+        implements IRequestList {
     public boolean hasMoreElements() {
         return mEnumeration.hasMoreElements();
     }
@@ -1555,10 +1555,9 @@ class RequestList
         mEnumeration = e;
     }
 
-    protected Enumeration<RequestId> mEnumeration; 
+    protected Enumeration<RequestId> mEnumeration;
 }
 
-
 class RecoverThread extends Thread {
     private ARequestQueue mQ = null;
 
diff --git a/pki/base/common/src/com/netscape/cmscore/request/ARequestRecord.java b/pki/base/common/src/com/netscape/cmscore/request/ARequestRecord.java
index f85beca0..002ffd7b 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/ARequestRecord.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/ARequestRecord.java
@@ -17,22 +17,20 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.request;
 
-
 import java.util.Date;
 import java.util.Hashtable;
 
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
 
-
 /**
  * The low level (attributes only) version of the database
- * record object.  This exists so that RecordAttr methods can use
- * this type definition, 
+ * record object. This exists so that RecordAttr methods can use
+ * this type definition,
  * 
  * RequestRecord refers both to this class and to RecordAttr objects.
  */
-class ARequestRecord { 
+class ARequestRecord {
     RequestId mRequestId;
     RequestStatus mRequestState;
     Date mCreateTime;
diff --git a/pki/base/common/src/com/netscape/cmscore/request/CertRequestConstants.java b/pki/base/common/src/com/netscape/cmscore/request/CertRequestConstants.java
index 7494b5e4..eab41fcd 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/CertRequestConstants.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/CertRequestConstants.java
@@ -17,9 +17,8 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.request;
 
-
 /**
- * temporary location for cert request constants. 
+ * temporary location for cert request constants.
  * XXX we really need to centralize all these but for now they are here
  * as needed.
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/request/ExtDataHashtable.java b/pki/base/common/src/com/netscape/cmscore/request/ExtDataHashtable.java
index e3c1908e..86e6c053 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/ExtDataHashtable.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/ExtDataHashtable.java
@@ -6,7 +6,7 @@ import java.util.Map;
 import java.util.Set;
 
 /**
- * Subclass of Hashtable returned by IRequest.getExtDataInHashtable.  Its
+ * Subclass of Hashtable returned by IRequest.getExtDataInHashtable. Its
  * purpose is to hide the fact that LDAP doesn't preserve the case of keys.
  * It does this by lowercasing all keys used to access the Hashtable.
  */
@@ -38,7 +38,7 @@ public class ExtDataHashtable<V> extends Hashtable<String, V> {
 
     public boolean containsKey(Object o) {
         if (o instanceof String) {
-            String key = (String)o;
+            String key = (String) o;
             return super.containsKey(key.toLowerCase());
         }
         return super.containsKey(o);
@@ -46,7 +46,7 @@ public class ExtDataHashtable<V> extends Hashtable<String, V> {
 
     public V get(Object o) {
         if (o instanceof String) {
-            String key = (String)o;
+            String key = (String) o;
             return super.get(key.toLowerCase());
         }
         return super.get(o);
@@ -54,7 +54,7 @@ public class ExtDataHashtable<V> extends Hashtable<String, V> {
 
     public V put(String oKey, V val) {
         if (oKey instanceof String) {
-            String key = (String)oKey;
+            String key = (String) oKey;
             return super.put(key.toLowerCase(), val);
         }
         return super.put(oKey, val);
@@ -62,16 +62,15 @@ public class ExtDataHashtable<V> extends Hashtable<String, V> {
 
     public void putAll(Map<? extends String, ? extends V> map) {
         Set<? extends String> keys = map.keySet();
-        for (Iterator<? extends String> i = keys.iterator();
-             i.hasNext();) {
+        for (Iterator<? extends String> i = keys.iterator(); i.hasNext();) {
             Object key = i.next();
-            put((String)key, map.get(key));
+            put((String) key, map.get(key));
         }
     }
 
     public V remove(Object o) {
         if (o instanceof String) {
-            String key = (String)o;
+            String key = (String) o;
             return super.remove(key.toLowerCase());
         }
         return super.remove(o);
diff --git a/pki/base/common/src/com/netscape/cmscore/request/RequestAttr.java b/pki/base/common/src/com/netscape/cmscore/request/RequestAttr.java
index 4583a1fa..25734c91 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/RequestAttr.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/RequestAttr.java
@@ -17,28 +17,26 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.request;
 
-
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.Modification;
 import com.netscape.certsrv.dbs.ModificationSet;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.ldap.IRequestMod;
 
-
 /**
  * The RequestAttr class defines the methods used
  * to transfer data between the various representations of
- * a request.  The three forms are:
- *  1) LDAPAttributes (and Modifications)
- *  2) Database record IDBAttrSet
- *  3) IRequest (Request) object
+ * a request. The three forms are:
+ * 1) LDAPAttributes (and Modifications)
+ * 2) Database record IDBAttrSet
+ * 3) IRequest (Request) object
  */
 abstract class RequestAttr {
 
     /**
      * 
      */
-  
+
     abstract void set(ARequestRecord r, Object o);
 
     abstract Object get(ARequestRecord r);
diff --git a/pki/base/common/src/com/netscape/cmscore/request/RequestQueue.java b/pki/base/common/src/com/netscape/cmscore/request/RequestQueue.java
index b748f23b..b1b4fb04 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/RequestQueue.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/RequestQueue.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.request;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 import java.util.Enumeration;
@@ -43,13 +42,12 @@ import com.netscape.certsrv.request.ldap.IRequestMod;
 import com.netscape.cmscore.dbs.DBSubsystem;
 import com.netscape.cmscore.util.Debug;
 
-
 public class RequestQueue
-    extends ARequestQueue
-    implements IRequestMod {
+        extends ARequestQueue
+        implements IRequestMod {
     // ARequestQueue.newRequestId
     protected RequestId newRequestId()
-        throws EBaseException {
+            throws EBaseException {
         // get the next request Id
         BigInteger next = mRepository.getNextSerialNumber();
 
@@ -63,7 +61,7 @@ public class RequestQueue
 
         // String name = Schema.LDAP_ATTR_REQUEST_ID + "=" +
         String name = "cn" + "=" +
-            id + "," + mBaseDN;
+                id + "," + mBaseDN;
 
         Object obj = null;
         IDBSSession dbs = null;
@@ -71,19 +69,21 @@ public class RequestQueue
         try {
             dbs = mDB.createSession();
             obj = dbs.read(name);
-        } catch (EBaseException e) { 
-            Debug.trace("Error: " + e); 
+        } catch (EBaseException e) {
+            Debug.trace("Error: " + e);
             Debug.printStackTrace(e);
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
         }
 
         // TODO Errors!!!
-        if (obj == null || !(obj instanceof RequestRecord)) return null;
+        if (obj == null || !(obj instanceof RequestRecord))
+            return null;
 
         record = (RequestRecord) obj;
 
@@ -107,20 +107,21 @@ public class RequestQueue
         // compute the name of the object
         // String name = Schema.LDAP_ATTR_REQUEST_ID + "=" +
         String name = "cn" + "=" +
-            record.mRequestId + "," + mBaseDN;
+                record.mRequestId + "," + mBaseDN;
 
         IDBSSession dbs = null;
 
         try {
             dbs = mDB.createSession();
             dbs.add(name, record);
-        } catch (EBaseException e) { 
-            Debug.trace("Error: " + e); 
+        } catch (EBaseException e) {
+            Debug.trace("Error: " + e);
             Debug.printStackTrace(e);
             throw e;
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
@@ -170,19 +171,20 @@ public class RequestQueue
 
         // String name = Schema.LDAP_ATTR_REQUEST_ID + "=" +
         String name = "cn" + "=" +
-            r.getRequestId() + "," + mBaseDN;
+                r.getRequestId() + "," + mBaseDN;
 
         IDBSSession dbs = null;
 
         try {
             dbs = mDB.createSession();
             dbs.modify(name, mods);
-        } catch (EBaseException e) { 
-            Debug.trace("Error: " + e); 
+        } catch (EBaseException e) {
+            Debug.trace("Error: " + e);
             Debug.printStackTrace(e);
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
@@ -218,34 +220,30 @@ public class RequestQueue
     /**
      * Resets serial number.
      */
-    public void resetSerialNumber(BigInteger serial) throws EBaseException
-    {
+    public void resetSerialNumber(BigInteger serial) throws EBaseException {
         mRepository.resetSerialNumber(serial);
     }
-                                                                                
+
     /**
      * Removes all objects with this repository.
      */
-    public void removeAllObjects() throws EBaseException
-    {
+    public void removeAllObjects() throws EBaseException {
         mRepository.removeAllObjects();
     }
 
-    public BigInteger getLastRequestIdInRange(BigInteger  reqId_low_bound, BigInteger reqId_upper_bound)
-    {
+    public BigInteger getLastRequestIdInRange(BigInteger reqId_low_bound, BigInteger reqId_upper_bound) {
         CMS.debug("RequestQueue: getLastRequestId: low " + reqId_low_bound + " high " + reqId_upper_bound);
-        if(reqId_low_bound == null || reqId_upper_bound == null || reqId_low_bound.compareTo(reqId_upper_bound) >= 0)
-        {
+        if (reqId_low_bound == null || reqId_upper_bound == null || reqId_low_bound.compareTo(reqId_upper_bound) >= 0) {
             CMS.debug("RequestQueue: getLastRequestId: bad upper and lower bound range.");
             return null;
         }
 
-        String filter = "(" + "requeststate" + "=*"  + ")";
+        String filter = "(" + "requeststate" + "=*" + ")";
 
         RequestId fromId = new RequestId(reqId_upper_bound.toString(10));
 
         CMS.debug("RequestQueue: getLastRequestId: filter " + filter + " fromId " + fromId);
-        ListEnumeration recList = (ListEnumeration) getPagedRequestsByFilter(fromId,filter,5 * -1,"requestId");
+        ListEnumeration recList = (ListEnumeration) getPagedRequestsByFilter(fromId, filter, 5 * -1, "requestId");
 
         int size = recList.getSize();
 
@@ -272,33 +270,29 @@ public class RequestQueue
 
         String reqId = null;
 
-        for(int i = 0; i < 5; i++)
-        {
-             curRec = recList.getElementAt(i);
-
-             if(curRec != null) {
+        for (int i = 0; i < 5; i++) {
+            curRec = recList.getElementAt(i);
 
-                 curId = curRec.getRequestId();
+            if (curRec != null) {
 
-                 reqId = curId.toString();
+                curId = curRec.getRequestId();
 
-                 CMS.debug("RequestQueue: curReqId: " + reqId);
+                reqId = curId.toString();
 
-                 BigInteger curIdInt = new BigInteger(reqId);
+                CMS.debug("RequestQueue: curReqId: " + reqId);
 
+                BigInteger curIdInt = new BigInteger(reqId);
 
-                 if(  ((curIdInt.compareTo(reqId_low_bound) == 0) || (curIdInt.compareTo(reqId_low_bound) == 1) ) &&
-                       ((curIdInt.compareTo(reqId_upper_bound) == 0) || (curIdInt.compareTo(reqId_upper_bound) == -1) ))
-                  {
-                      CMS.debug("RequestQueue: getLastRequestId : returning value " + curIdInt);
-                      return curIdInt;
-                  }
+                if (((curIdInt.compareTo(reqId_low_bound) == 0) || (curIdInt.compareTo(reqId_low_bound) == 1)) &&
+                        ((curIdInt.compareTo(reqId_upper_bound) == 0) || (curIdInt.compareTo(reqId_upper_bound) == -1))) {
+                    CMS.debug("RequestQueue: getLastRequestId : returning value " + curIdInt);
+                    return curIdInt;
+                }
 
-             }
+            }
 
         }
 
-
         BigInteger ret = new BigInteger(reqId_low_bound.toString(10));
 
         ret = ret.add(new BigInteger("-1"));
@@ -311,12 +305,14 @@ public class RequestQueue
     /**
      * Implements IRequestQueue.findRequestBySourceId
      * <p>
+     * 
      * @see com.netscape.certsrv.request.IRequestQueue#findRequestBySourceId
      */
     public RequestId findRequestBySourceId(String id) {
         IRequestList irl = findRequestsBySourceId(id);
 
-        if (irl == null) return null;
+        if (irl == null)
+            return null;
 
         return irl.nextRequestId();
     }
@@ -324,6 +320,7 @@ public class RequestQueue
     /**
      * Implements IRequestQueue.findRequestsBySourceId
      * <p>
+     * 
      * @see com.netscape.certsrv.request.IRequestQueue#findRequestsBySourceId
      */
     public IRequestList findRequestsBySourceId(String id) {
@@ -343,13 +340,15 @@ public class RequestQueue
             Debug.printStackTrace(e);
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
         }
 
-        if (results == null || !results.hasMoreElements()) return null;
+        if (results == null || !results.hasMoreElements())
+            return null;
 
         return new SearchEnumeration(this, results);
 
@@ -363,18 +362,20 @@ public class RequestQueue
         try {
             dbs = mDB.createSession();
             results = dbs.search(mBaseDN, "(requestId=*)");
-        } catch (EBaseException e) { 
-            Debug.trace("Error: " + e); 
+        } catch (EBaseException e) {
+            Debug.trace("Error: " + e);
             Debug.printStackTrace(e);
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
         }
 
-        if (results == null) return null;
+        if (results == null)
+            return null;
 
         return new SearchEnumeration(this, results);
     }
@@ -389,18 +390,20 @@ public class RequestQueue
         try {
             dbs = mDB.createSession();
             results = dbs.search(mBaseDN, f);
-        } catch (EBaseException e) { 
-            Debug.trace("Error: " + e); 
+        } catch (EBaseException e) {
+            Debug.trace("Error: " + e);
             Debug.printStackTrace(e);
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
         }
 
-        if (results == null) return null;
+        if (results == null)
+            return null;
 
         return new SearchEnumeration(this, results);
     }
@@ -411,7 +414,7 @@ public class RequestQueue
         IDBSearchResults results = null;
         IDBSSession dbs = null;
         String attrs[] = { IRequestRecord.ATTR_REQUEST_ID };
-            
+
         try {
             dbs = mDB.createSession();
             results = dbs.search(mBaseDN, f, maxSize);
@@ -420,14 +423,16 @@ public class RequestQueue
             Debug.printStackTrace(e);
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
         }
-    
-        if (results == null) return null;
-    
+
+        if (results == null)
+            return null;
+
         return new SearchEnumeration(this, results);
     }
 
@@ -446,13 +451,15 @@ public class RequestQueue
             Debug.printStackTrace(e);
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
         }
 
-        if (results == null) return null;
+        if (results == null)
+            return null;
 
         return new SearchEnumeration(this, results);
     }
@@ -473,18 +480,20 @@ public class RequestQueue
 
             dbs = mDB.createSession();
             results = dbs.search(mBaseDN, f1);
-        } catch (EBaseException e) { 
+        } catch (EBaseException e) {
             //System.err.println("Error: "+e); 
             //e.printStackTrace();
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
         }
 
-        if (results == null) return null;
+        if (results == null)
+            return null;
 
         return new SearchEnumeration(this, results);
     }
@@ -500,19 +509,19 @@ public class RequestQueue
      * Implements IRequestQueue.getPagedRequestsByFilter
      */
     public IRequestVirtualList
-    getPagedRequestsByFilter(String filter, int pageSize, String sortKey) {
+            getPagedRequestsByFilter(String filter, int pageSize, String sortKey) {
         return getPagedRequestsByFilter(null, filter, pageSize, sortKey);
     }
 
     public IRequestVirtualList
-    getPagedRequestsByFilter(RequestId from, String filter, int pageSize, 
-        String sortKey) {
-	return getPagedRequestsByFilter(from, false, filter, pageSize, sortKey);
+            getPagedRequestsByFilter(RequestId from, String filter, int pageSize,
+                    String sortKey) {
+        return getPagedRequestsByFilter(from, false, filter, pageSize, sortKey);
     }
 
     public IRequestVirtualList
-    getPagedRequestsByFilter(RequestId from, boolean jumpToEnd, String filter, int pageSize, 
-        String sortKey) {
+            getPagedRequestsByFilter(RequestId from, boolean jumpToEnd, String filter, int pageSize,
+                    String sortKey) {
         IDBVirtualList results = null;
         IDBSSession dbs = null;
 
@@ -525,24 +534,24 @@ public class RequestQueue
         try {
 
             if (from == null) {
-                results = dbs.createVirtualList(mBaseDN, filter, (String[]) null, 
+                results = dbs.createVirtualList(mBaseDN, filter, (String[]) null,
                             sortKey, pageSize);
             } else {
                 int len = from.toString().length();
                 String internalRequestId = null;
 
                 if (jumpToEnd) {
-			internalRequestId ="99";
-		} else {
-                if (len > 9) {
-                    internalRequestId = Integer.toString(len) + from.toString();
+                    internalRequestId = "99";
                 } else {
-                    internalRequestId = "0" + Integer.toString(len) + 
-                            from.toString();
+                    if (len > 9) {
+                        internalRequestId = Integer.toString(len) + from.toString();
+                    } else {
+                        internalRequestId = "0" + Integer.toString(len) +
+                                from.toString();
+                    }
                 }
-		}
 
-                results = dbs.createVirtualList(mBaseDN, filter, (String[]) null, 
+                results = dbs.createVirtualList(mBaseDN, filter, (String[]) null,
                             internalRequestId, sortKey, pageSize);
             }
         } catch (EBaseException e) {
@@ -565,14 +574,14 @@ public class RequestQueue
     }
 
     public RequestQueue(String name, int increment, IPolicy p, IService s, INotify n,
-        INotify pendingNotify)
-        throws EBaseException {
+            INotify pendingNotify)
+            throws EBaseException {
         super(p, s, n, pendingNotify);
 
         mDB = DBSubsystem.getInstance();
         mBaseDN = "ou=" + name + ",ou=requests," + mDB.getBaseDN();
 
-        mRepository = new RequestRepository(name, increment, mDB,this);
+        mRepository = new RequestRepository(name, increment, mDB, this);
 
     }
 
@@ -592,7 +601,7 @@ public class RequestQueue
 
     /*
      * return request repository 
-     */ 
+     */
     public IRepository getRequestRepository() {
         return (IRepository) mRepository;
     }
@@ -610,15 +619,15 @@ public class RequestQueue
     protected RequestRepository mRepository;
 }
 
-
 class SearchEnumeration
-    implements IRequestList {
+        implements IRequestList {
     public RequestId nextRequestId() {
         Object obj;
 
         obj = mResults.nextElement();
 
-        if (obj == null || !(obj instanceof RequestRecord)) return null;
+        if (obj == null || !(obj instanceof RequestRecord))
+            return null;
 
         RequestRecord r = (RequestRecord) obj;
 
@@ -647,7 +656,8 @@ class SearchEnumeration
 
         obj = mResults.nextElement();
 
-        if (obj == null || !(obj instanceof RequestRecord)) return null;
+        if (obj == null || !(obj instanceof RequestRecord))
+            return null;
 
         RequestRecord r = (RequestRecord) obj;
 
@@ -655,7 +665,7 @@ class SearchEnumeration
     }
 
     public IRequest nextRequestObject() {
-        RequestRecord record = (RequestRecord)nextRequest();
+        RequestRecord record = (RequestRecord) nextRequest();
         if (record != null)
             return mQueue.makeRequest(record);
         return null;
@@ -665,13 +675,13 @@ class SearchEnumeration
     protected RequestQueue mQueue;
 }
 
-
 class ListEnumeration
-    implements IRequestVirtualList {
+        implements IRequestVirtualList {
     public IRequest getElementAt(int i) {
         RequestRecord record = (RequestRecord) mList.getElementAt(i);
 
-        if (record == null) return null;
+        if (record == null)
+            return null;
 
         return mQueue.makeRequest(record);
     }
@@ -693,6 +703,7 @@ class ListEnumeration
         return mList.getSizeAfterJumpTo();
 
     }
+
     ListEnumeration(RequestQueue queue, IDBVirtualList list) {
         mQueue = queue;
         mList = list;
diff --git a/pki/base/common/src/com/netscape/cmscore/request/RequestRecord.java b/pki/base/common/src/com/netscape/cmscore/request/RequestRecord.java
index 321e32ec..a3637758 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/RequestRecord.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/RequestRecord.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.request;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -53,15 +52,14 @@ import com.netscape.cmscore.dbs.DateMapper;
 import com.netscape.cmscore.dbs.StringMapper;
 import com.netscape.cmscore.util.Debug;
 
-
 //
 // A request record is the stored version of a request.
 // It has a set of attributes that are mapped into LDAP
 // attributes for actual directory operations.
 //
 public class RequestRecord
-    extends ARequestRecord
-    implements IRequestRecord, IDBObj {
+        extends ARequestRecord
+        implements IRequestRecord, IDBObj {
     /**
      *
      */
@@ -96,7 +94,8 @@ public class RequestRecord
         else {
             RequestAttr ra = (RequestAttr) mAttrTable.get(name);
 
-            if (ra != null) return ra.get(this);
+            if (ra != null)
+                return ra.get(this);
         }
 
         return null;
@@ -104,7 +103,7 @@ public class RequestRecord
 
     // IDBObj.set
     @SuppressWarnings("unchecked")
-	public void set(String name, Object o) {
+    public void set(String name, Object o) {
         if (name.equals(IRequestRecord.ATTR_REQUEST_ID))
             mRequestId = (RequestId) o;
         else if (name.equals(IRequestRecord.ATTR_REQUEST_STATE))
@@ -120,17 +119,18 @@ public class RequestRecord
         else if (name.equals(IRequestRecord.ATTR_REQUEST_OWNER))
             mOwner = (String) o;
         else if (name.equals(IRequestRecord.ATTR_EXT_DATA))
-            mExtData = (Hashtable)o;
+            mExtData = (Hashtable) o;
         else {
             RequestAttr ra = (RequestAttr) mAttrTable.get(name);
 
-            if (ra != null) ra.set(this, o);
+            if (ra != null)
+                ra.set(this, o);
         }
     }
 
     // IDBObj.delete
     public void delete(String name)
-        throws EBaseException {
+            throws EBaseException {
         throw new EBaseException("Invalid call to delete");
     }
 
@@ -177,19 +177,19 @@ public class RequestRecord
     static void mod(ModificationSet mods, IRequest r) throws EBaseException {
         //
         mods.add(IRequestRecord.ATTR_REQUEST_STATE,
-            Modification.MOD_REPLACE, r.getRequestStatus());
+                Modification.MOD_REPLACE, r.getRequestStatus());
 
         mods.add(IRequestRecord.ATTR_SOURCE_ID,
-            Modification.MOD_REPLACE, r.getSourceId());
+                Modification.MOD_REPLACE, r.getSourceId());
 
         mods.add(IRequestRecord.ATTR_REQUEST_OWNER,
-            Modification.MOD_REPLACE, r.getRequestOwner());
+                Modification.MOD_REPLACE, r.getRequestOwner());
 
         mods.add(IRequestRecord.ATTR_MODIFY_TIME,
-            Modification.MOD_REPLACE, r.getModificationTime());
+                Modification.MOD_REPLACE, r.getModificationTime());
 
         mods.add(IRequestRecord.ATTR_EXT_DATA,
-            Modification.MOD_REPLACE, loadExtDataFromRequest(r));
+                Modification.MOD_REPLACE, loadExtDataFromRequest(r));
 
         for (int i = 0; i < mRequestA.length; i++) {
             mRequestA[i].mod(mods, r);
@@ -197,7 +197,7 @@ public class RequestRecord
     }
 
     static void register(IDBSubsystem db)
-        throws EDBException {
+            throws EDBException {
         IDBRegistry reg = db.getRegistry();
 
         reg.registerObjectClass(RequestRecord.class.getName(), mOC);
@@ -205,13 +205,13 @@ public class RequestRecord
         reg.registerAttribute(IRequestRecord.ATTR_REQUEST_ID, new RequestIdMapper());
         reg.registerAttribute(IRequestRecord.ATTR_REQUEST_STATE, new RequestStateMapper());
         reg.registerAttribute(IRequestRecord.ATTR_CREATE_TIME,
-            new DateMapper(Schema.LDAP_ATTR_CREATE_TIME));
+                new DateMapper(Schema.LDAP_ATTR_CREATE_TIME));
         reg.registerAttribute(IRequestRecord.ATTR_MODIFY_TIME,
-            new DateMapper(Schema.LDAP_ATTR_MODIFY_TIME));
+                new DateMapper(Schema.LDAP_ATTR_MODIFY_TIME));
         reg.registerAttribute(IRequestRecord.ATTR_SOURCE_ID,
-            new StringMapper(Schema.LDAP_ATTR_SOURCE_ID));
+                new StringMapper(Schema.LDAP_ATTR_SOURCE_ID));
         reg.registerAttribute(IRequestRecord.ATTR_REQUEST_OWNER,
-            new StringMapper(Schema.LDAP_ATTR_REQUEST_OWNER));
+                new StringMapper(Schema.LDAP_ATTR_REQUEST_OWNER));
         ExtAttrDynMapper extAttrMapper = new ExtAttrDynMapper();
         reg.registerAttribute(IRequestRecord.ATTR_EXT_DATA, extAttrMapper);
         reg.registerDynamicMapper(extAttrMapper);
@@ -248,9 +248,9 @@ public class RequestRecord
             String key = (String) e.nextElement();
             Object value = mExtData.get(key);
             if (value instanceof String) {
-                r.setExtData(key, (String)value);
+                r.setExtData(key, (String) value);
             } else if (value instanceof Hashtable) {
-                r.setExtData(key, (Hashtable)value);
+                r.setExtData(key, (Hashtable) value);
             } else {
                 throw new EDBException("Illegal data value in RequestRecord: " +
                         r.toString());
@@ -273,30 +273,30 @@ public class RequestRecord
      */
     static RequestAttr mRequestA[] = {
 
-            new RequestAttr(IRequest.ATTR_REQUEST_TYPE,
+    new RequestAttr(IRequest.ATTR_REQUEST_TYPE,
                 new StringMapper(Schema.LDAP_ATTR_REQUEST_TYPE)) {
-                void set(ARequestRecord r, Object o) {
-                    r.mRequestType = (String) o;
-                }
-  
-                Object get(ARequestRecord r) {
-                    return r.mRequestType;
-                }
-  
-                void read(IRequestMod a, IRequest r, ARequestRecord rr) {
-                    r.setRequestType(rr.mRequestType);
-                }
-  
-                void add(IRequest r, ARequestRecord rr) {
-                    rr.mRequestType = r.getRequestType();
-                }
-  
-                void mod(ModificationSet mods, IRequest r) {
-                    addmod(mods, r.getRequestType());
-                }
-            }
+        void set(ARequestRecord r, Object o) {
+            r.mRequestType = (String) o;
+        }
+
+        Object get(ARequestRecord r) {
+            return r.mRequestType;
+        }
+
+        void read(IRequestMod a, IRequest r, ARequestRecord rr) {
+            r.setRequestType(rr.mRequestType);
+        }
+
+        void add(IRequest r, ARequestRecord rr) {
+            rr.mRequestType = r.getRequestType();
+        }
+
+        void mod(ModificationSet mods, IRequest r) {
+            addmod(mods, r.getRequestType());
+        }
+    }
 
-        };
+    };
     static {
         mAttrs.add(IRequestRecord.ATTR_REQUEST_ID);
         mAttrs.add(IRequestRecord.ATTR_REQUEST_STATE);
@@ -316,7 +316,6 @@ public class RequestRecord
 
 }
 
-
 //
 // A mapper between an request state object and
 // its LDAP attribute representation
@@ -326,7 +325,7 @@ public class RequestRecord
 // @version $Revision$ $Date$
 //
 class RequestStateMapper
-    implements IDBAttrMapper {
+        implements IDBAttrMapper {
     // IDBAttrMapper methods
 
     //
@@ -337,7 +336,7 @@ class RequestStateMapper
 
     //
     public void mapObjectToLDAPAttributeSet(IDBObj parent,
-        String name, Object obj, LDAPAttributeSet attrs) {
+            String name, Object obj, LDAPAttributeSet attrs) {
         RequestStatus rs = (RequestStatus) obj;
 
         attrs.add(new LDAPAttribute(Schema.LDAP_ATTR_REQUEST_STATE,
@@ -345,11 +344,12 @@ class RequestStateMapper
     }
 
     public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
-        String name, IDBObj parent)
-        throws EBaseException {
+            String name, IDBObj parent)
+            throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(Schema.LDAP_ATTR_REQUEST_STATE);
 
-        if (attr == null) throw new EBaseException("schema violation");
+        if (attr == null)
+            throw new EBaseException("schema violation");
 
         String value = (String) attr.getStringValues().nextElement();
 
@@ -367,7 +367,6 @@ class RequestStateMapper
     }
 }
 
-
 //
 // A mapper between an request id object and
 // its LDAP attribute representation
@@ -377,7 +376,7 @@ class RequestStateMapper
 // @version $Revision$ $Date$
 //
 class RequestIdMapper
-    implements IDBAttrMapper {
+        implements IDBAttrMapper {
     // IDBAttrMapper methods
 
     //
@@ -388,7 +387,7 @@ class RequestIdMapper
 
     //
     public void mapObjectToLDAPAttributeSet(IDBObj parent,
-        String name, Object obj, LDAPAttributeSet attrs) {
+            String name, Object obj, LDAPAttributeSet attrs) {
         RequestId rid = (RequestId) obj;
 
         String v = BigIntegerMapper.BigIntegerToDB(new BigInteger(rid.toString()));
@@ -397,11 +396,12 @@ class RequestIdMapper
     }
 
     public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
-        String name, IDBObj parent)
-        throws EBaseException {
+            String name, IDBObj parent)
+            throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(Schema.LDAP_ATTR_REQUEST_ID);
 
-        if (attr == null) throw new EBaseException("schema violation");
+        if (attr == null)
+            throw new EBaseException("schema violation");
 
         String value = (String) attr.getStringValues().nextElement();
 
@@ -427,19 +427,18 @@ class RequestIdMapper
     }
 }
 
-
 /**
  * A mapper between an request attr set and its LDAP attribute representation.
- *
- * The attr attribute is no longer used.  This class is kept for historical
+ * 
+ * The attr attribute is no longer used. This class is kept for historical
  * and migration purposes.
- *
+ * 
  * @author thayes
  * @version $Revision$ $Date$
  * @deprecated
  */
 class RequestAttrsMapper
-    implements IDBAttrMapper {
+        implements IDBAttrMapper {
     // IDBAttrMapper methods
 
     //
@@ -450,8 +449,8 @@ class RequestAttrsMapper
 
     //
     public void mapObjectToLDAPAttributeSet(IDBObj parent,
-        String name, Object obj, LDAPAttributeSet attrs) {
-        Hashtable ht = (Hashtable) obj;   
+            String name, Object obj, LDAPAttributeSet attrs) {
+        Hashtable ht = (Hashtable) obj;
         Enumeration e = ht.keys();
 
         try {
@@ -473,13 +472,13 @@ class RequestAttrsMapper
                 } catch (NotSerializableException x) {
                     if (Debug.ON) {
                         System.err.println("Error: attribute '" + key + "' (" +
-                            x.getMessage() + ") is not serializable");
+                                x.getMessage() + ") is not serializable");
                         x.printStackTrace();
                     }
                 } catch (Exception x) {
                     if (Debug.ON) {
                         System.err.println("Error: attribute '" + key +
-                            "' - error during serialization: " + x);
+                                "' - error during serialization: " + x);
                         x.printStackTrace();
                     }
                 }
@@ -490,9 +489,9 @@ class RequestAttrsMapper
 
             attrs.add(new LDAPAttribute(Schema.LDAP_ATTR_REQUEST_ATTRS,
                     bos.toByteArray()));
-        } catch (Exception x) { 
+        } catch (Exception x) {
             Debug.trace("Output Mapping Error in requeset ID " +
-                ((RequestRecord) parent).getRequestId().toString() + " : " + x); 
+                    ((RequestRecord) parent).getRequestId().toString() + " : " + x);
             //if (Debug.ON) {
             Debug.printStackTrace(x);
             //}
@@ -500,7 +499,7 @@ class RequestAttrsMapper
     }
 
     private byte[] encode(Object value)
-        throws NotSerializableException, IOException {
+            throws NotSerializableException, IOException {
         ByteArrayOutputStream bos = new ByteArrayOutputStream();
         ObjectOutputStream os = new ObjectOutputStream(bos);
 
@@ -511,7 +510,7 @@ class RequestAttrsMapper
     }
 
     private Object decode(byte[] data)
-        throws ObjectStreamException, IOException, ClassNotFoundException {
+            throws ObjectStreamException, IOException, ClassNotFoundException {
         ByteArrayInputStream bis = new ByteArrayInputStream(data);
         ObjectInputStream is = new ObjectInputStream(bis);
 
@@ -519,7 +518,7 @@ class RequestAttrsMapper
     }
 
     private Hashtable decodeHashtable(byte[] data)
-        throws ObjectStreamException, IOException, ClassNotFoundException {
+            throws ObjectStreamException, IOException, ClassNotFoundException {
         Hashtable ht = new Hashtable();
         ByteArrayInputStream bis = new ByteArrayInputStream(data);
         ObjectInputStream is = new ObjectInputStream(bis);
@@ -530,22 +529,23 @@ class RequestAttrsMapper
 
             while (true) {
                 key = (String) is.readObject();
-  
+
                 // end of table is marked with null
-                if (key == null) break;
+                if (key == null)
+                    break;
 
                 byte[] bytes = (byte[]) is.readObject();
 
                 ht.put(key, decode(bytes));
             }
         } catch (ObjectStreamException e) {
-            Debug.trace("Key " + key);  // would be nice to know object type.
+            Debug.trace("Key " + key); // would be nice to know object type.
             throw e;
         } catch (IOException e) {
-            Debug.trace("Key " + key);  // would be nice to know object type.
+            Debug.trace("Key " + key); // would be nice to know object type.
             throw e;
         } catch (ClassNotFoundException e) {
-            Debug.trace("Key " + key);  // would be nice to know object type.
+            Debug.trace("Key " + key); // would be nice to know object type.
             throw e;
         }
 
@@ -555,11 +555,12 @@ class RequestAttrsMapper
     /**
      * Implements IDBAttrMapper.mapLDAPAttributeSetToObject
      * <p>
+     * 
      * @see IDBAttrMapper#mapLDAPAttributeSetToObject
      */
     public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
-        String name, IDBObj parent)
-        throws EBaseException {
+            String name, IDBObj parent)
+            throws EBaseException {
         Hashtable ht = null;
 
         //
@@ -581,7 +582,7 @@ class RequestAttrsMapper
             }
         } catch (Exception x) {
             Debug.trace("Mapping error in request Id " +
-                ((RequestRecord) parent).getRequestId().toString() + " : " + x);
+                    ((RequestRecord) parent).getRequestId().toString() + " : " + x);
             Debug.trace("Attr " + attr.getName());
             //if (Debug.ON) {
             Debug.printStackTrace(x);
@@ -605,25 +606,25 @@ class RequestAttrsMapper
 /**
  * Maps dynamic data for the extData- prefix to and from the extData Hashtable
  * in RequestRecord.
- *
- * The data in RequestRecord is stored in a Hashtable.  It comes in two forms:
+ * 
+ * The data in RequestRecord is stored in a Hashtable. It comes in two forms:
  * 1. String key1 => String value1
- *    String key2 => String value2
- *    This is stored in LDAP as:
- *        extData-key1 => value1
- *        extData-key2 => value2
- *
+ * String key2 => String value2
+ * This is stored in LDAP as:
+ * extData-key1 => value1
+ * extData-key2 => value2
+ * 
  * 2. String key => Hashtable value
- *        where value stores:
- *            String key2 => String value2
- *            String key3 => String value3
- *    This is stored in LDAP as:
- *        extData-key;key2 => value2
- *        extData-key;key3 => value3
- *
+ * where value stores:
+ * String key2 => String value2
+ * String key3 => String value3
+ * This is stored in LDAP as:
+ * extData-key;key2 => value2
+ * extData-key;key3 => value3
+ * 
  * These can be mixed, but each top-level key can only be associated with
  * a String value or a Hashtable value.
- *
+ * 
  */
 class ExtAttrDynMapper implements IDBDynAttrMapper {
 
@@ -636,17 +637,16 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
         return mAttrs.elements();
     }
 
-
     /**
      * Decodes extdata encoded keys.
      * -- followed by a 4 digit hexadecimal string is decoded to the character
      * representing the hex string.
-     *
-     * The routine is written to be highly efficient.  It only allocates
+     * 
+     * The routine is written to be highly efficient. It only allocates
      * the StringBuffer if needed and copies the pieces in large chunks.
-     *
-     * @param key  The key to decode
-     * @return  The decoded key.
+     * 
+     * @param key The key to decode
+     * @return The decoded key.
      */
     public String decodeKey(String key) {
         StringBuffer output = null;
@@ -656,8 +656,8 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
         int index = 0;
         while (index < input.length) {
             if (input[index] == '-') {
-                if ( ((index + 1) < input.length) &&
-                     (input[index + 1] == '-')) {
+                if (((index + 1) < input.length) &&
+                        (input[index + 1] == '-')) {
                     if (output == null) {
                         output = new StringBuffer(input.length);
                     }
@@ -665,10 +665,10 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
                     index += 2;
                     if ((index + 3) < input.length) {
                         output.append(
-                            Character.toChars(
-                                Integer.parseInt(new String(input, index, 4),
+                                Character.toChars(
+                                        Integer.parseInt(new String(input, index, 4),
                                                 16))
-                        );
+                                );
                     }
                     index += 4;
                     startCopyIndex = index;
@@ -690,26 +690,26 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
 
     /**
      * Encoded extdata keys for storage in LDAP.
-     *
-     * The rules for encoding are trickier than decoding.  We want to allow
+     * 
+     * The rules for encoding are trickier than decoding. We want to allow
      * '-' by itself to be stored in the database (for the common case of keys
-     * like 'Foo-Bar'.  Therefore we are using '--' as the encoding character.
+     * like 'Foo-Bar'. Therefore we are using '--' as the encoding character.
      * The rules are:
      * 1) All characters [^-a-zA-Z0-9] are encoded as --XXXX where XXXX is the
-     *    hex representation of the digit.
+     * hex representation of the digit.
      * 2) [a-zA-Z0-9] are always passed through unencoded
      * 3) [-] is passed through as long as it is preceded and followed
-     *    by [a-zA-Z0-9] (or if it's at the beginning/end of the string)
+     * by [a-zA-Z0-9] (or if it's at the beginning/end of the string)
      * 4) If [-] is preceded or followed by [^a-zA-Z0-9] then
-     *    the - as well as all following [^a-zA-Z0-9] characters are encoded
-     *    as --XXXX.
-     *
+     * the - as well as all following [^a-zA-Z0-9] characters are encoded
+     * as --XXXX.
+     * 
      * This routine tries to be as efficient as possible with StringBuffer and
-     * large copies.  However, the encoding unfortunately requires several
+     * large copies. However, the encoding unfortunately requires several
      * objects to be allocated.
-     *
+     * 
      * @param key The key to encode
-     * @return  The encoded key
+     * @return The encoded key
      */
     public String encodeKey(String key) {
         StringBuffer output = null;
@@ -718,10 +718,10 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
 
         int index = 0;
         while (index < input.length) {
-            if (! isAlphaNum(input[index])) {
+            if (!isAlphaNum(input[index])) {
                 if ((input[index] == '-') &&
-                    ((index + 1) < input.length) &&
-                    (isAlphaNum(input[index + 1]))) {
+                        ((index + 1) < input.length) &&
+                        (isAlphaNum(input[index + 1]))) {
                     index += 2;
                 } else if ((input[index] == '-') &&
                            ((index + 1) == input.length)) {
@@ -731,8 +731,8 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
                         output = new StringBuffer(input.length + 5);
                     }
                     output.append(input, startCopyIndex, index - startCopyIndex);
-                    while ( (index < input.length) &&
-                            (! isAlphaNum(input[index])) ) {
+                    while ((index < input.length) &&
+                            (!isAlphaNum(input[index]))) {
                         output.append("--");
                         String hexString = Integer.toHexString(input[index]);
                         int padding = 4 - hexString.length();
@@ -782,25 +782,25 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
                 String key = (String) e.nextElement();
                 Object value = ht.get(key);
                 if (value instanceof String) {
-                    String stringValue = (String)value;
+                    String stringValue = (String) value;
                     attrs.add(new LDAPAttribute(
                             extAttrPrefix + encodeKey(key),
                             stringValue));
                 } else if (value instanceof Hashtable) {
-                    Hashtable innerHash = (Hashtable)value;
+                    Hashtable innerHash = (Hashtable) value;
                     Enumeration innerHashEnum = innerHash.keys();
-                    while (innerHashEnum.hasMoreElements()){
-                        String innerKey = (String)innerHashEnum.nextElement();
-                        String innerValue = (String)innerHash.get(innerKey);
+                    while (innerHashEnum.hasMoreElements()) {
+                        String innerKey = (String) innerHashEnum.nextElement();
+                        String innerValue = (String) innerHash.get(innerKey);
                         attrs.add(new LDAPAttribute(
-                            extAttrPrefix + encodeKey(key) + ";" + encodeKey(innerKey),
-                            innerValue));
+                                extAttrPrefix + encodeKey(key) + ";" + encodeKey(innerKey),
+                                innerValue));
                     }
                 }
             }
         } catch (Exception x) {
             Debug.trace("Output Mapping Error in requeset ID " +
-                ((IRequestRecord) parent).getRequestId().toString() + " : " + x);
+                    ((IRequestRecord) parent).getRequestId().toString() + " : " + x);
             //if (Debug.ON) {
             Debug.printStackTrace(x);
             //}
@@ -815,7 +815,7 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
 
         Enumeration attrEnum = attrs.getAttributes();
         while (attrEnum.hasMoreElements()) {
-            LDAPAttribute attr = (LDAPAttribute)attrEnum.nextElement();
+            LDAPAttribute attr = (LDAPAttribute) attrEnum.nextElement();
             String baseName = attr.getBaseName();
             if (baseName.toLowerCase().startsWith(extAttrPrefix)) {
                 String keyName = decodeKey(
@@ -824,7 +824,7 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
                 String[] values = attr.getStringValueArray();
                 if (values.length != 1) {
                     String message = "Output Mapping Error in request ID " +
-                        ((IRequestRecord) parent).getRequestId().toString() + " : " +
+                            ((IRequestRecord) parent).getRequestId().toString() + " : " +
                             "more than one value returned for " +
                             keyName;
                     Debug.trace(message);
@@ -833,22 +833,22 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
                 if ((subTypes != null) && (subTypes.length > 0)) {
                     if (subTypes.length != 1) {
                         String message = "Output Mapping Error in request ID " +
-                            ((IRequestRecord) parent).getRequestId().toString() + " : " +
+                                ((IRequestRecord) parent).getRequestId().toString() + " : " +
                                 "more than one subType returned for " +
                                 keyName;
                         Debug.trace(message);
                         throw new EBaseException(message);
                     }
                     Object value = ht.get(keyName);
-                    if ((value != null) && (! (value instanceof Hashtable))) {
+                    if ((value != null) && (!(value instanceof Hashtable))) {
                         String message = "Output Mapping Error in request ID " +
-                            ((IRequestRecord) parent).getRequestId().toString() + " : " +
+                                ((IRequestRecord) parent).getRequestId().toString() + " : " +
                                 "combined no-subtype and subtype data for key " +
                                 keyName;
                         Debug.trace(message);
                         throw new EBaseException(message);
                     }
-                    valueHashtable = (Hashtable)value;
+                    valueHashtable = (Hashtable) value;
                     if (valueHashtable == null) {
                         valueHashtable = new Hashtable();
                         ht.put(keyName, valueHashtable);
diff --git a/pki/base/common/src/com/netscape/cmscore/request/RequestRepository.java b/pki/base/common/src/com/netscape/cmscore/request/RequestRepository.java
index 1dafc2a7..92c162ca 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/RequestRepository.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/RequestRepository.java
@@ -32,30 +32,32 @@ import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.cmscore.dbs.Repository;
 import com.netscape.cmscore.dbs.RepositoryRecord;
 
-
 /**
  * TODO: what does this class provide beyond the Repository
  * base class??
  * <p>
+ * 
  * @author thayes
  * @version $Revision$ $Date$
  */
 class RequestRepository
-    extends Repository {
+        extends Repository {
+
+    IDBSubsystem mDB = null;
+    IRequestQueue mRequestQueue = null;
 
-     IDBSubsystem mDB = null;
-     IRequestQueue mRequestQueue = null;
     /**
      * Create a request repository that uses the LDAP database
      * <p>
+     * 
      * @param name
-     *    the name of the repository.  This String is used to
-     *    construct the DN for the repository's LDAP entry.
+     *            the name of the repository. This String is used to
+     *            construct the DN for the repository's LDAP entry.
      * @param db
-     *    the LDAP database system.
+     *            the LDAP database system.
      */
     public RequestRepository(String name, int increment, IDBSubsystem db)
-        throws EDBException {
+            throws EDBException {
         super(db, increment, "ou=" + name + ",ou=requests," + db.getBaseDN());
 
         CMS.debug("RequestRepository: constructor 1");
@@ -67,8 +69,8 @@ class RequestRepository
         mDB = db;
     }
 
-    public RequestRepository(String name, int increment, IDBSubsystem db,IRequestQueue requestQueue)
-        throws EDBException {
+    public RequestRepository(String name, int increment, IDBSubsystem db, IRequestQueue requestQueue)
+            throws EDBException {
         super(db, increment, "ou=" + name + ",ou=requests," + db.getBaseDN());
 
         CMS.debug("RequestRepository: constructor2.");
@@ -82,12 +84,13 @@ class RequestRepository
     }
 
     /**
-     * get the LDAP base DN for this repository.  This
+     * get the LDAP base DN for this repository. This
      * value can be used by the request queue to create the
      * name for the request records themselves.
      * <p>
+     * 
      * @return
-     *    the LDAP base DN.
+     *         the LDAP base DN.
      */
     public String getBaseDN() {
         return mBaseDN;
@@ -96,34 +99,31 @@ class RequestRepository
     /**
      * Resets serial number.
      */
-    public void resetSerialNumber(BigInteger serial) throws EBaseException
-    {
+    public void resetSerialNumber(BigInteger serial) throws EBaseException {
         setTheSerialNumber(serial);
     }
-                                                                                
+
     /**
      * Removes all objects with this repository.
      */
-    public void removeAllObjects() throws EBaseException
-    {
+    public void removeAllObjects() throws EBaseException {
         IDBSSession s = mDB.createSession();
         try {
-            Enumeration e = s.search(getBaseDN(), 
+            Enumeration e = s.search(getBaseDN(),
                                "(" + RequestRecord.ATTR_REQUEST_ID + "=*)");
             while (e.hasMoreElements()) {
-              RequestRecord r = (RequestRecord)e.nextElement();
-              String name = "cn" + "=" +
-                r.getRequestId().toString() + "," + getBaseDN();
-               s.delete(name);
-            }       
+                RequestRecord r = (RequestRecord) e.nextElement();
+                String name = "cn" + "=" +
+                        r.getRequestId().toString() + "," + getBaseDN();
+                s.delete(name);
+            }
         } finally {
             if (s != null)
                 s.close();
         }
     }
 
-    public BigInteger getLastSerialNumberInRange(BigInteger min, BigInteger max)
-    {
+    public BigInteger getLastSerialNumberInRange(BigInteger min, BigInteger max) {
 
         CMS.debug("RequestRepository: in getLastSerialNumberInRange: min " + min + " max " + max);
 
@@ -131,26 +131,26 @@ class RequestRepository
 
         BigInteger ret = null;
 
-        if(mRequestQueue == null)  {
+        if (mRequestQueue == null) {
 
             CMS.debug("RequestRepository:  mRequestQueue is null.");
 
-        }  else  {
-       
-            CMS.debug("RequestRepository: about to call mRequestQueue.getLastRequestIdInRange"); 
-            ret = mRequestQueue.getLastRequestIdInRange(min,max);
+        } else {
+
+            CMS.debug("RequestRepository: about to call mRequestQueue.getLastRequestIdInRange");
+            ret = mRequestQueue.getLastRequestIdInRange(min, max);
 
         }
 
         return ret;
 
     }
+
     /**
      * the LDAP base DN for this repository
      */
     protected String mBaseDN;
 
-
     public String getPublishingStatus() {
         RepositoryRecord record = null;
         Object obj = null;
@@ -160,8 +160,8 @@ class RequestRepository
         try {
             dbs = mDB.createSession();
             obj = dbs.read(mBaseDN);
-        } catch (Exception e) { 
-            CMS.debug("RequestRepository:  getPublishingStatus:  Error: " + e); 
+        } catch (Exception e) {
+            CMS.debug("RequestRepository:  getPublishingStatus:  Error: " + e);
             CMS.debugStackTrace();
         } finally {
             // Close session - ignoring errors (UTIL)
@@ -169,7 +169,7 @@ class RequestRepository
                 try {
                     dbs.close();
                 } catch (Exception ex) {
-                    CMS.debug("RequestRepository:  getPublishingStatus:  Error: " + ex); 
+                    CMS.debug("RequestRepository:  getPublishingStatus:  Error: " + ex);
                 }
             }
         }
@@ -181,7 +181,7 @@ class RequestRepository
             CMS.debug("RequestRepository:  obj is NOT instanceof RepositoryRecord");
         }
         CMS.debug("RequestRepository:  getPublishingStatus  mBaseDN: " + mBaseDN +
-                  "  status: " + ((status != null)?status:"null"));
+                  "  status: " + ((status != null) ? status : "null"));
 
         return status;
     }
@@ -193,14 +193,14 @@ class RequestRepository
         ModificationSet mods = new ModificationSet();
 
         if (status != null && status.length() > 0) {
-            mods.add(IRepositoryRecord.ATTR_PUB_STATUS, 
-                Modification.MOD_REPLACE, status);
+            mods.add(IRepositoryRecord.ATTR_PUB_STATUS,
+                    Modification.MOD_REPLACE, status);
 
             try {
                 dbs = mDB.createSession();
                 dbs.modify(mBaseDN, mods);
-            } catch (Exception e) { 
-                CMS.debug("RequestRepository:  setPublishingStatus:  Error: " + e); 
+            } catch (Exception e) {
+                CMS.debug("RequestRepository:  setPublishingStatus:  Error: " + e);
                 CMS.debugStackTrace();
             } finally {
                 // Close session - ignoring errors (UTIL)
@@ -208,7 +208,7 @@ class RequestRepository
                     try {
                         dbs.close();
                     } catch (Exception ex) {
-                        CMS.debug("RequestRepository:  setPublishingStatus:  Error: " + ex); 
+                        CMS.debug("RequestRepository:  setPublishingStatus:  Error: " + ex);
                     }
                 }
             }
diff --git a/pki/base/common/src/com/netscape/cmscore/request/RequestSubsystem.java b/pki/base/common/src/com/netscape/cmscore/request/RequestSubsystem.java
index 90df9924..ee625594 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/RequestSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/RequestSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.request;
 
-
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
@@ -32,24 +31,19 @@ import com.netscape.certsrv.request.IRequestSubsystem;
 import com.netscape.certsrv.request.IService;
 import com.netscape.cmscore.dbs.DBSubsystem;
 
-
 /**
  * RequestSubsystem
  * <p>
- * This class is reponsible for managing storage of request objects
- * in the local database.
+ * This class is reponsible for managing storage of request objects in the local database.
  * <p>
- * TODO: review this
- * It provides:
- *   + registration of LDAP/JAVA mapping classes with the DBSubsystem
- *   + creation of RequestQueue storage in the database
- *   + retrieval of existing RequestQueue objects from the database
+ * TODO: review this It provides: + registration of LDAP/JAVA mapping classes with the DBSubsystem + creation of RequestQueue storage in the database + retrieval of existing RequestQueue objects from the database
  * <p>
+ * 
  * @author thayes
  * @version $Revision$, $Date$
  */
 public class RequestSubsystem
-    implements IRequestSubsystem, ISubsystem {
+        implements IRequestSubsystem, ISubsystem {
 
     public final static String ID = IRequestSubsystem.SUB_ID;
 
@@ -71,7 +65,7 @@ public class RequestSubsystem
     // in the database is supplied by the caller.
     //
     public void createRequestQueue(String name)
-        throws EBaseException {
+            throws EBaseException {
 
         /*
          String dbName = makeQueueName(name);
@@ -84,15 +78,15 @@ public class RequestSubsystem
     }
 
     public IRequestQueue
-    getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n)
-        throws EBaseException {
+            getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n)
+                    throws EBaseException {
         return getRequestQueue(name, increment, p, s, n, null);
     }
 
     public IRequestQueue
-    getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n,
-        INotify pendingNotifier)
-        throws EBaseException {
+            getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n,
+                    INotify pendingNotifier)
+                    throws EBaseException {
         RequestQueue rq = new RequestQueue(name, increment, p, s, n, pendingNotifier);
 
         // can't do this here because the service depends on getting rq
@@ -110,6 +104,7 @@ public class RequestSubsystem
     /**
      * Implements ISubsystem.getId
      * <p>
+     * 
      * @see ISubsystem#getId
      */
     public String getId() {
@@ -118,7 +113,7 @@ public class RequestSubsystem
 
     // ISubsystem.setId
     public void setId(String id)
-        throws EBaseException {
+            throws EBaseException {
         mId = id;
     }
 
@@ -127,18 +122,19 @@ public class RequestSubsystem
         mParent = parent;
         mConfig = config;
     }
-   
+
     /**
      * Implements ISubsystem.startup
      * <p>
+     * 
      * @see ISubsystem#startup
      */
     public void startup()
-        throws EBaseException {
+            throws EBaseException {
         mLogger = CMS.getLogger();
 
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_REQQUEUE, ILogger.LL_INFO,
-            "Request subsystem started");
+                "Request subsystem started");
     }
 
     public void shutdown() {
@@ -146,7 +142,7 @@ public class RequestSubsystem
 
         if (mLogger != null) {
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_REQQUEUE, ILogger.LL_INFO,
-                "Request subsystem stopped");
+                    "Request subsystem stopped");
         }
     }
 
@@ -166,7 +162,7 @@ public class RequestSubsystem
     // system.
     //
     protected IDBSSession createDBSSession()
-        throws EBaseException {
+            throws EBaseException {
         return getDBSubsystem().createSession();
     }
 
@@ -186,6 +182,5 @@ public class RequestSubsystem
     private String mId = IRequestSubsystem.SUB_ID;
     private IRequestQueue mRequestQueue;
 
-    protected ILogger mLogger; 
+    protected ILogger mLogger;
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/request/Schema.java b/pki/base/common/src/com/netscape/cmscore/request/Schema.java
index 182e3470..89a7b74b 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/Schema.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/Schema.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.request;
 
-
 //
 // The Schema class contains constant string values for
 // LDAP attribute and object class names used in this package
diff --git a/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java
index 04f442a3..bba12561 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.KeyPair;
@@ -34,7 +33,6 @@ import com.netscape.certsrv.common.ConfigConstants;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.security.KeyCertData;
 
-
 /**
  * CA signing certificate.
  * 
@@ -43,8 +41,8 @@ import com.netscape.certsrv.security.KeyCertData;
  */
 public class CASigningCert extends CertificateInfo {
 
-    public static final String SUBJECT_NAME = 
-        "CN=Certificate Authority, O=Netscape Communications, C=US";
+    public static final String SUBJECT_NAME =
+            "CN=Certificate Authority, O=Netscape Communications, C=US";
 
     public CASigningCert(KeyCertData properties) {
         this(properties, null);
@@ -107,7 +105,7 @@ public class CASigningCert extends CertificateInfo {
             BigInteger P = new BigInteger(p);
             BigInteger Q = new BigInteger(q);
             BigInteger G = new BigInteger(g);
-            BigInteger pqgSeed = new BigInteger(seed); 
+            BigInteger pqgSeed = new BigInteger(seed);
             BigInteger pqgH = new BigInteger(H);
 
             return new PQGParams(P, Q, G, pqgSeed, counter, pqgH);
@@ -135,7 +133,7 @@ public class CASigningCert extends CertificateInfo {
             cmsFileTmp.putString("ca.signing.cacertnickname", nickname);
         else
             cmsFileTmp.putString("ca.signing.cacertnickname",
-                tokenname + ":" + nickname);
+                    tokenname + ":" + nickname);
         cmsFileTmp.commit(false);
     }
 
@@ -162,4 +160,3 @@ public class CASigningCert extends CertificateInfo {
         return extension;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java b/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java
index 1b0c9f2f..e28e3a51 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.InvalidKeyException;
@@ -60,7 +59,6 @@ import com.netscape.certsrv.common.ConfigConstants;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.security.KeyCertData;
 
-
 /**
  * This base class provides methods to import CA signing cert or get certificate
  * request.
@@ -118,30 +116,30 @@ public abstract class CertificateInfo {
             notBeforeDate = new Date(Long.parseLong(notBeforeStr));
             notAfterDate = new Date(Long.parseLong(notAfterStr));
         } else {
-            int beginYear = 
-                Integer.parseInt(mProperties.getBeginYear()) - 1900;
-            int afterYear = 
-                Integer.parseInt(mProperties.getAfterYear()) - 1900;
+            int beginYear =
+                    Integer.parseInt(mProperties.getBeginYear()) - 1900;
+            int afterYear =
+                    Integer.parseInt(mProperties.getAfterYear()) - 1900;
             int beginMonth =
-                Integer.parseInt(mProperties.getBeginMonth());
+                    Integer.parseInt(mProperties.getBeginMonth());
             int afterMonth =
-                Integer.parseInt(mProperties.getAfterMonth());
+                    Integer.parseInt(mProperties.getAfterMonth());
             int beginDate =
-                Integer.parseInt(mProperties.getBeginDate());
-            int afterDate = 
-                Integer.parseInt(mProperties.getAfterDate());
+                    Integer.parseInt(mProperties.getBeginDate());
+            int afterDate =
+                    Integer.parseInt(mProperties.getAfterDate());
             int beginHour =
-                Integer.parseInt(mProperties.getBeginHour());
+                    Integer.parseInt(mProperties.getBeginHour());
             int afterHour =
-                Integer.parseInt(mProperties.getAfterHour());
+                    Integer.parseInt(mProperties.getAfterHour());
             int beginMin =
-                Integer.parseInt(mProperties.getBeginMin());
+                    Integer.parseInt(mProperties.getBeginMin());
             int afterMin =
-                Integer.parseInt(mProperties.getAfterMin());
+                    Integer.parseInt(mProperties.getAfterMin());
             int beginSec =
-                Integer.parseInt(mProperties.getBeginSec());
+                    Integer.parseInt(mProperties.getBeginSec());
             int afterSec =
-                Integer.parseInt(mProperties.getAfterSec());
+                    Integer.parseInt(mProperties.getAfterSec());
 
             Calendar calendar = Calendar.getInstance();
             calendar.set(beginYear, beginMonth, beginDate,
@@ -159,11 +157,11 @@ public abstract class CertificateInfo {
 
         try {
             certInfo.set(X509CertInfo.VERSION,
-                new CertificateVersion(CertificateVersion.V3));
+                    new CertificateVersion(CertificateVersion.V3));
             BigInteger serialNumber = mProperties.getSerialNumber();
 
             certInfo.set(X509CertInfo.SERIAL_NUMBER,
-                new CertificateSerialNumber(serialNumber));
+                    new CertificateSerialNumber(serialNumber));
             certInfo.set(X509CertInfo.EXTENSIONS, getExtensions());
             certInfo.set(X509CertInfo.VALIDITY, getCertificateValidity());
             String issuerName = mProperties.getIssuerName();
@@ -172,20 +170,20 @@ public abstract class CertificateInfo {
                 issuerName = getSubjectName();
             }
 
-            certInfo.set(X509CertInfo.ISSUER, 
-                new CertificateIssuerName(new X500Name(issuerName)));
+            certInfo.set(X509CertInfo.ISSUER,
+                    new CertificateIssuerName(new X500Name(issuerName)));
             certInfo.set(X509CertInfo.SUBJECT,
-                new CertificateSubjectName(new X500Name(getSubjectName())));
-            certInfo.set(X509CertInfo.VERSION, 
-                new CertificateVersion(CertificateVersion.V3));
+                    new CertificateSubjectName(new X500Name(getSubjectName())));
+            certInfo.set(X509CertInfo.VERSION,
+                    new CertificateVersion(CertificateVersion.V3));
 
             PublicKey pubk = mKeyPair.getPublic();
             X509Key xKey = KeyCertUtil.convertPublicKeyToX509Key(pubk);
 
             certInfo.set(X509CertInfo.KEY, new CertificateX509Key(xKey));
             //SignatureAlgorithm algm = getSigningAlgorithm();
-            SignatureAlgorithm algm = 
-                (SignatureAlgorithm) mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
+            SignatureAlgorithm algm =
+                    (SignatureAlgorithm) mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
 
             if (algm == null) {
                 String hashtype = (String) mProperties.get(ConfigConstants.PR_HASH_TYPE);
@@ -197,16 +195,16 @@ public abstract class CertificateInfo {
             AlgorithmId sigAlgId = getAlgorithmId();
 
             if (sigAlgId == null) {
-                byte[]encodedOID = ASN1Util.encode(algm.toOID());
+                byte[] encodedOID = ASN1Util.encode(algm.toOID());
 
                 sigAlgId = new AlgorithmId(new ObjectIdentifier(
                                 new DerInputStream(encodedOID)));
             }
             certInfo.set(X509CertInfo.ALGORITHM_ID,
-                new CertificateAlgorithmId(sigAlgId));
+                    new CertificateAlgorithmId(sigAlgId));
         } catch (InvalidKeyException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY"));
-        } catch (CertificateException e) { 
+        } catch (CertificateException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString()));
         } catch (IOException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString()));
@@ -246,7 +244,7 @@ public abstract class CertificateInfo {
 
         if (isKeyUsageEnabled) {
             KeyCertUtil.setKeyUsageExtension(
-                exts, getKeyUsageExtension());
+                    exts, getKeyUsageExtension());
         }
         return exts;
     }
@@ -256,7 +254,7 @@ public abstract class CertificateInfo {
     }
 
     public void setAuthorityKeyIdExt(CertificateExtensions caexts, CertificateExtensions ext)
-        throws IOException, CertificateException, CertificateEncodingException,
+            throws IOException, CertificateException, CertificateEncodingException,
             CertificateParsingException {
         SubjectKeyIdentifierExtension subjKeyExt = null;
 
@@ -272,10 +270,9 @@ public abstract class CertificateInfo {
             KeyIdentifier keyId = (KeyIdentifier) subjKeyExt.get(
                     SubjectKeyIdentifierExtension.KEY_ID);
             AuthorityKeyIdentifierExtension authExt =
-                new AuthorityKeyIdentifierExtension(false, keyId, null, null);
+                    new AuthorityKeyIdentifierExtension(false, keyId, null, null);
 
             ext.set(AuthorityKeyIdentifierExtension.class.getSimpleName(), authExt);
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
index 372b966b..032fce3e 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
@@ -101,10 +100,10 @@ import com.netscape.cmscore.cert.CertUtils;
 import com.netscape.cmscore.util.Debug;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 
-
 /**
  * Subsystem for initializing JSS>
  * <P>
+ * 
  * @version $Revision$ $Date$
  */
 public final class JssSubsystem implements ICryptoSubsystem {
@@ -131,7 +130,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
     private Hashtable<String, X509Certificate[]> mNicknameMapCertsTable = new Hashtable<String, X509Certificate[]>();
     private Hashtable<String, X509Certificate[]> mNicknameMapUserCertsTable = new Hashtable<String, X509Certificate[]>();
 
-	private FileInputStream devRandomInputStream=null;
+    private FileInputStream devRandomInputStream = null;
 
     // This date format is to format the date string of the certificate in such a way as
     // May 01, 1999 01:55:55.
@@ -148,19 +147,19 @@ public final class JssSubsystem implements ICryptoSubsystem {
     private static Hashtable<String, Integer> mCipherNames = new Hashtable<String, Integer>();
 
     /* default sslv2 and sslv3 cipher suites(all), set if no prefs in config.*/
-    private static final String DEFAULT_CIPHERPREF = 
-        "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," +
-        "TLS_RSA_WITH_AES_128_CBC_SHA," +
-        "TLS_RSA_WITH_AES_256_CBC_SHA," +
-        "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," +
-        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," +
-//        "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," +
-//        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," +
-//        "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," +
-        "TLS_DHE_DSS_WITH_AES_128_CBC_SHA," +
-        "TLS_DHE_DSS_WITH_AES_256_CBC_SHA," +
-        "TLS_DHE_RSA_WITH_AES_128_CBC_SHA," +
-        "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
+    private static final String DEFAULT_CIPHERPREF =
+            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," +
+                    "TLS_RSA_WITH_AES_128_CBC_SHA," +
+                    "TLS_RSA_WITH_AES_256_CBC_SHA," +
+                    "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," +
+                    "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," +
+                    //        "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," +
+                    //        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," +
+                    //        "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," +
+                    "TLS_DHE_DSS_WITH_AES_128_CBC_SHA," +
+                    "TLS_DHE_DSS_WITH_AES_256_CBC_SHA," +
+                    "TLS_DHE_RSA_WITH_AES_128_CBC_SHA," +
+                    "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
 
     /* list of all ciphers JSS supports */
     private static final int mJSSCipherSuites[] = {
@@ -199,29 +198,29 @@ public final class JssSubsystem implements ICryptoSubsystem {
             Integer.valueOf(SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5));
         */
         mCipherNames.put(Constants.PR_SSL3_RSA_WITH_NULL_MD5,
-            Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5));
+                Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5));
         mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC4_40_MD5,
-            Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5));
+                Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5));
         mCipherNames.put(Constants.PR_SSL3_RSA_WITH_RC4_128_MD5,
-            Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5));
+                Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5));
         mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
-            Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5));
+                Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5));
         mCipherNames.put(Constants.PR_SSL3_RSA_WITH_DES_CBC_SHA,
-            Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA));
+                Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA));
         mCipherNames.put(Constants.PR_SSL3_RSA_WITH_3DES_EDE_CBC_SHA,
-            Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA));
+                Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA));
         mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
-            Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA));
+                Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA));
         mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,
-            Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA));
+                Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA));
         mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
-            Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA));
+                Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA));
         mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_DES_CBC_SHA,
-            Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA));
+                Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA));
         mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
-            Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA));
+                Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA));
         mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-            Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA));
+                Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA));
     }
 
     public static JssSubsystem getInstance() {
@@ -243,40 +242,37 @@ public final class JssSubsystem implements ICryptoSubsystem {
 
     }
 
-	// Add entropy to the 'default' RNG token
-	public void addEntropy(int bits)
-    throws org.mozilla.jss.util.NotImplementedException, 
-			IOException,
-			TokenException
-	{
-		int read=0;
-		int bytes = (7+bits)/8;
-		byte[] b = new byte[bytes];
-		if (devRandomInputStream == null) {
-			throw new IOException(CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM"));
-		}
-		do {
-			int c = devRandomInputStream.read(b,read,bytes-read);
-			read += c;
-		}
-		while (read < bytes);
-
-        CMS.debug("JssSubsystem adding "+bits+" bits ("+bytes+" bytes) of entropy to default RNG token");
-		CMS.debug(b);
-		PK11SecureRandom sr = new PK11SecureRandom();
-		sr.setSeed(b);
-	}
-  
+    // Add entropy to the 'default' RNG token
+    public void addEntropy(int bits)
+            throws org.mozilla.jss.util.NotImplementedException,
+            IOException,
+            TokenException {
+        int read = 0;
+        int bytes = (7 + bits) / 8;
+        byte[] b = new byte[bytes];
+        if (devRandomInputStream == null) {
+            throw new IOException(CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM"));
+        }
+        do {
+            int c = devRandomInputStream.read(b, read, bytes - read);
+            read += c;
+        } while (read < bytes);
+
+        CMS.debug("JssSubsystem adding " + bits + " bits (" + bytes + " bytes) of entropy to default RNG token");
+        CMS.debug(b);
+        PK11SecureRandom sr = new PK11SecureRandom();
+        sr.setSeed(b);
+    }
+
     /**
-     * Initializes the Jss security subsystem.  
+     * Initializes the Jss security subsystem.
      * <P>
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         mLogger = CMS.getLogger();
-		
-        if (mInited)
-        {
+
+        if (mInited) {
             // This used to throw an exeception (e.g. - on Solaris).
             // If JSS is already initialized simply return.
             CMS.debug("JssSubsystem already inited.. returning.");
@@ -309,9 +305,9 @@ public final class JssSubsystem implements ICryptoSubsystem {
         String certDir;
 
         certDir = config.getString(CONFIG_DIR, null);
-        
-        CryptoManager.InitializationValues vals = 
-            new CryptoManager.InitializationValues(certDir,
+
+        CryptoManager.InitializationValues vals =
+                new CryptoManager.InitializationValues(certDir,
                                                    "", "", "secmod.db");
 
         vals.removeSunProvider = false;
@@ -321,7 +317,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
         } catch (AlreadyInitializedException e) {
             // do nothing
         } catch (Exception e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
@@ -333,19 +329,19 @@ public final class JssSubsystem implements ICryptoSubsystem {
             mCryptoManager = CryptoManager.getInstance();
             initSSL();
         } catch (CryptoManager.NotInitializedException e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
             throw ex;
         }
- 
+
         mInited = true;
     }
 
     public String getCipherVersion() throws EBaseException {
-        return "cipherdomestic"; 
+        return "cipherdomestic";
     }
 
     public String getCipherPreferences() throws EBaseException {
@@ -383,13 +379,13 @@ public final class JssSubsystem implements ICryptoSubsystem {
 
         if (position == -1) {
             Debug.trace("Unable to install CMS provider");
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER"));
         }
     }
 
-    public void setCipherPreferences(String cipherPrefs) 
-        throws EBaseException {
+    public void setCipherPreferences(String cipherPrefs)
+            throws EBaseException {
         if (mSSLConfig != null) {
             if (cipherPrefs.equals(""))
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_EMPTY_CIPHERPREFS"));
@@ -418,11 +414,11 @@ public final class JssSubsystem implements ICryptoSubsystem {
         if (Debug.ON)
             Debug.trace("configured ssl cipher prefs is " + sslCiphers);
 
-            // first, disable all ciphers, since JSS defaults to all-enabled 
+        // first, disable all ciphers, since JSS defaults to all-enabled 
         for (int i = mJSSCipherSuites.length - 1; i >= 0; i--) {
             try {
                 SSLSocket.setCipherPreferenceDefault(mJSSCipherSuites[i],
-                    false);
+                        false);
             } catch (SocketException e) {
             }
         }
@@ -433,8 +429,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
             StringTokenizer ciphers = new StringTokenizer(sslCiphers, ",");
 
             if (!ciphers.hasMoreTokens()) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers));
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY", PROP_SSL_CIPHERPREF));
             }
             while (ciphers.hasMoreTokens()) {
@@ -444,13 +440,13 @@ public final class JssSubsystem implements ICryptoSubsystem {
                 if (sslcipher != null) {
                     String msg = "setting ssl cipher " + cipher;
 
-                    CMS.debug("JSSSubsystem: initSSL(): "+msg);
+                    CMS.debug("JSSSubsystem: initSSL(): " + msg);
                     log(ILogger.LL_INFO, msg);
                     if (Debug.ON)
                         Debug.trace(msg);
                     try {
                         SSLSocket.setCipherPreferenceDefault(
-                            sslcipher.intValue(), true);
+                                sslcipher.intValue(), true);
                     } catch (SocketException e) {
                     }
                 }
@@ -458,7 +454,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
         }
 
     }
-	
+
     /**
      * Retrieves a configuration store of this subsystem.
      * <P>
@@ -472,26 +468,26 @@ public final class JssSubsystem implements ICryptoSubsystem {
      */
     public void startup() throws EBaseException {
     }
-	
+
     /**
      * Shutdowns this subsystem.
      * <P>
      */
     public void shutdown() {
         try {
-          // After talking to NSS teamm, we should not call close databases
-          // which will call NSS_Shutdown. Web Server will call NSS_Shutdown
-          boolean isClosing = mConfig.getBoolean("closeDatabases", false);
-          if (isClosing) {
-            JSSDatabaseCloser closer = new JSSDatabaseCloser();
-            closer.closeDatabases();
-          }
+            // After talking to NSS teamm, we should not call close databases
+            // which will call NSS_Shutdown. Web Server will call NSS_Shutdown
+            boolean isClosing = mConfig.getBoolean("closeDatabases", false);
+            if (isClosing) {
+                JSSDatabaseCloser closer = new JSSDatabaseCloser();
+                closer.closeDatabases();
+            }
         } catch (Exception e) {
         }
     }
 
     public void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg); 
+        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg);
     }
 
     public PasswordCallback getPWCB() {
@@ -505,7 +501,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
         try {
             name = c.getName();
         } catch (TokenException e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
@@ -519,12 +515,12 @@ public final class JssSubsystem implements ICryptoSubsystem {
     public String getTokenList() throws EBaseException {
         String tokenList = "";
         @SuppressWarnings("unchecked")
-		Enumeration<CryptoToken> tokens = mCryptoManager.getExternalTokens();
+        Enumeration<CryptoToken> tokens = mCryptoManager.getExternalTokens();
         int num = 0;
 
         try {
             while (tokens.hasMoreElements()) {
-                CryptoToken c =  tokens.nextElement();
+                CryptoToken c = tokens.nextElement();
 
                 // skip builtin object token
                 if (c.getName() != null && c.getName().equals("Builtin Object Token")) {
@@ -532,12 +528,12 @@ public final class JssSubsystem implements ICryptoSubsystem {
                 }
 
                 if (num++ == 0)
-                    tokenList = tokenList + c.getName(); 
-                else 
+                    tokenList = tokenList + c.getName();
+                else
                     tokenList = tokenList + "," + c.getName();
             }
         } catch (TokenException e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
@@ -545,8 +541,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
             throw ex;
         }
 
-        if (tokenList.equals("")) 
-            return Constants.PR_INTERNAL_TOKEN; 
+        if (tokenList.equals(""))
+            return Constants.PR_INTERNAL_TOKEN;
         else
             return (tokenList + "," + Constants.PR_INTERNAL_TOKEN);
     }
@@ -585,8 +581,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
         }
     }
 
-    public String getCertSubjectName(String tokenname, String nickname) 
-        throws EBaseException {
+    public String getCertSubjectName(String tokenname, String nickname)
+            throws EBaseException {
         try {
             return KeyCertUtil.getCertSubjectName(tokenname, nickname);
         } catch (NoSuchTokenException e) {
@@ -609,7 +605,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
 
         try {
             @SuppressWarnings("unchecked")
-			Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens();
+            Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens();
 
             while (enums.hasMoreElements()) {
                 CryptoToken token = enums.nextElement();
@@ -626,7 +622,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
                 }
             }
         } catch (TokenException e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
@@ -655,7 +651,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
 
                 if (list == null)
                     return "";
-        
+
                 for (int i = 0; i < list.length; i++) {
                     String nickname = list[i].getNickname();
                     int index = nickname.indexOf(":");
@@ -672,14 +668,14 @@ public final class JssSubsystem implements ICryptoSubsystem {
                 return "";
 
         } catch (TokenException e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
             throw ex;
         } catch (NoSuchTokenException e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
@@ -706,7 +702,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
 
                 if (list == null)
                     return "";
-        
+
                 for (int i = 0; i < list.length; i++) {
                     String nickname = list[i].getNickname();
 
@@ -720,14 +716,14 @@ public final class JssSubsystem implements ICryptoSubsystem {
                 return "";
 
         } catch (TokenException e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
             throw ex;
         } catch (NoSuchTokenException e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
@@ -736,8 +732,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
         }
     }
 
-    public AlgorithmId getAlgorithmId(String algname, IConfigStore store) 
-        throws EBaseException {
+    public AlgorithmId getAlgorithmId(String algname, IConfigStore store)
+            throws EBaseException {
         try {
             if (algname.equals("DSA")) {
                 byte[] p = store.getByteArray("ca.dsaP", null);
@@ -760,8 +756,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
 
     public String getSignatureAlgorithm(String nickname) throws EBaseException {
         try {
-            X509Certificate cert = 
-                CryptoManager.getInstance().findCertByNickname(nickname);
+            X509Certificate cert =
+                    CryptoManager.getInstance().findCertByNickname(nickname);
             X509CertImpl impl = new X509CertImpl(cert.getEncoded());
 
             return impl.getSigAlgName();
@@ -777,15 +773,15 @@ public final class JssSubsystem implements ICryptoSubsystem {
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
-        } 
+        }
     }
 
     public KeyPair getKeyPair(String nickname) throws EBaseException {
         try {
-            X509Certificate cert = 
-                CryptoManager.getInstance().findCertByNickname(nickname);
-            PrivateKey priKey = 
-                CryptoManager.getInstance().findPrivKeyByCert(cert);
+            X509Certificate cert =
+                    CryptoManager.getInstance().findCertByNickname(nickname);
+            PrivateKey priKey =
+                    CryptoManager.getInstance().findPrivKeyByCert(cert);
             PublicKey publicKey = cert.getPublicKey();
 
             return new KeyPair(publicKey, priKey);
@@ -802,12 +798,12 @@ public final class JssSubsystem implements ICryptoSubsystem {
     }
 
     public KeyPair getKeyPair(String tokenName, String alg,
-        int keySize) throws EBaseException {
+            int keySize) throws EBaseException {
         return getKeyPair(tokenName, alg, keySize, null);
     }
 
     public KeyPair getKeyPair(String tokenName, String alg,
-        int keySize, PQGParams pqg) throws EBaseException {
+            int keySize, PQGParams pqg) throws EBaseException {
 
         String t = tokenName;
         if (tokenName.equals(Constants.PR_INTERNAL_TOKEN))
@@ -815,12 +811,12 @@ public final class JssSubsystem implements ICryptoSubsystem {
         CryptoToken token = null;
 
         try {
-            token = mCryptoManager.getTokenByName(t);       
+            token = mCryptoManager.getTokenByName(t);
         } catch (NoSuchTokenException e) {
             log(ILogger.LL_FAILURE, "Generate Key Pair Error " + e);
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", tokenName));
         }
-      
+
         KeyPairAlgorithm kpAlg = null;
 
         if (alg.equals("RSA"))
@@ -862,11 +858,11 @@ public final class JssSubsystem implements ICryptoSubsystem {
         }
     }
 
-    public String getCertRequest(String subjectName, KeyPair kp) 
-        throws EBaseException {
+    public String getCertRequest(String subjectName, KeyPair kp)
+            throws EBaseException {
         try {
             netscape.security.pkcs.PKCS10 pkcs =
-                KeyCertUtil.getCertRequest(subjectName, kp);
+                    KeyCertUtil.getCertRequest(subjectName, kp);
             ByteArrayOutputStream bs = new ByteArrayOutputStream();
             PrintStream ps = new PrintStream(bs);
 
@@ -893,8 +889,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
         }
     }
 
-    public void importCert(String b64E, String nickname, String certType) 
-        throws EBaseException {
+    public void importCert(String b64E, String nickname, String certType)
+            throws EBaseException {
         try {
             KeyCertUtil.importCert(b64E, nickname, certType);
         } catch (CertificateException e) {
@@ -931,7 +927,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
         String tmp = (String) properties.get(Constants.PR_TOKEN_NAME);
 
         if ((tmp != null) &&
-            (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
+                (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
             tokenname = tmp;
         tmp = (String) properties.get(Constants.PR_KEY_TYPE);
         if (tmp != null)
@@ -953,9 +949,9 @@ public final class JssSubsystem implements ICryptoSubsystem {
         KeyPair pair = null;
 
         String tmp = (String) properties.get(Constants.PR_TOKEN_NAME);
-        if (tmp != null) 
+        if (tmp != null)
             token = tmp;
-    
+
         tmp = (String) properties.get(Constants.PR_KEY_CURVENAME);
         if (tmp != null)
             keyCurve = tmp;
@@ -966,7 +962,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
 
         return pair;
     }
- 
+
     public KeyPair getECCKeyPair(String token, String keyCurve, String certType) throws EBaseException {
         KeyPair pair = null;
 
@@ -974,26 +970,26 @@ public final class JssSubsystem implements ICryptoSubsystem {
             token = Constants.PR_INTERNAL_TOKEN_NAME;
 
         if ((keyCurve == null) || (keyCurve.equals("")))
-             keyCurve = "nistp512";
+            keyCurve = "nistp512";
 
         String ectype = getECType(certType);
 
         // ECDHE needs "SIGN" but no "DERIVE"
         org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = {
-            org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
+                org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
         };
 
         // ECDH needs "DERIVE" but no any kind of "SIGN"
         org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = {
-            org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
-            org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
+                org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
+                org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
         };
 
         try {
-            if (ectype.equals("ECDHE")) 
-                pair =  CryptoUtil.generateECCKeyPair(token, keyCurve, null, usages_mask);
+            if (ectype.equals("ECDHE"))
+                pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, usages_mask);
             else
-                pair =  CryptoUtil.generateECCKeyPair(token, keyCurve, null, ECDH_usages_mask);
+                pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, ECDH_usages_mask);
         } catch (NotInitializedException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
@@ -1009,10 +1005,10 @@ public final class JssSubsystem implements ICryptoSubsystem {
         }
 
         return pair;
-    } 
+    }
 
     public void importCert(X509CertImpl signedCert, String nickname,
-        String certType) throws EBaseException {
+            String certType) throws EBaseException {
 
         try {
             KeyCertUtil.importCert(signedCert, nickname, certType);
@@ -1065,23 +1061,23 @@ public final class JssSubsystem implements ICryptoSubsystem {
     }
 
     public void deleteUserCert(String nickname, String serialno, String issuername)
-      throws EBaseException {
+            throws EBaseException {
         try {
             X509Certificate cert = getCertificate(nickname, serialno, issuername);
             if (cert instanceof TokenCertificate) {
                 TokenCertificate tcert = (TokenCertificate) cert;
                 CryptoStore store = tcert.getOwningToken().getCryptoStore();
 
-CMS.debug("*** deleting this token cert");
+                CMS.debug("*** deleting this token cert");
                 tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
-CMS.debug("*** finish deleting this token cert");
+                CMS.debug("*** finish deleting this token cert");
             } else {
-               CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
-               CryptoStore store = token.getCryptoStore();
+                CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
+                CryptoStore store = token.getCryptoStore();
 
-CMS.debug("*** deleting this interna cert");
-               store.deleteCert(cert);
-CMS.debug("*** removing this interna cert");
+                CMS.debug("*** deleting this interna cert");
+                store.deleteCert(cert);
+                CMS.debug("*** removing this interna cert");
             }
         } catch (NotInitializedException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
@@ -1095,12 +1091,12 @@ CMS.debug("*** removing this interna cert");
         }
     }
 
-    public void deleteRootCert(String nickname, String serialno, 
-      String issuername) throws EBaseException {
+    public void deleteRootCert(String nickname, String serialno,
+            String issuername) throws EBaseException {
         int index = nickname.indexOf(":");
         String tokenname = nickname.substring(0, index);
         if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
-            nickname = nickname.substring(index+1);
+            nickname = nickname.substring(index + 1);
         }
         try {
             if (mNicknameMapCertsTable != null) {
@@ -1117,24 +1113,24 @@ CMS.debug("*** removing this interna cert");
                         X509CertImpl impl = new X509CertImpl(cert.getEncoded());
                         String num = impl.getSerialNumber().toString();
                         String issuer = impl.getIssuerDN().toString();
-CMS.debug("*** num "+num);
-CMS.debug("*** issuer "+issuer);
+                        CMS.debug("*** num " + num);
+                        CMS.debug("*** issuer " + issuer);
                         if (num.equals(serialno) && issuername.equals(issuer)) {
-CMS.debug("*** removing root cert");
+                            CMS.debug("*** removing root cert");
                             if (cert instanceof TokenCertificate) {
                                 TokenCertificate tcert = (TokenCertificate) cert;
                                 CryptoStore store = tcert.getOwningToken().getCryptoStore();
-                                
-CMS.debug("*** deleting this token cert");
-                                tcert.getOwningToken().getCryptoStore().deleteCert(tcert);                           
-CMS.debug("*** finish deleting this token cert");
+
+                                CMS.debug("*** deleting this token cert");
+                                tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
+                                CMS.debug("*** finish deleting this token cert");
                             } else {
-                                CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();            
+                                CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
                                 CryptoStore store = token.getCryptoStore();
-                                
-CMS.debug("*** deleting this interna cert");
+
+                                CMS.debug("*** deleting this interna cert");
                                 store.deleteCert(cert);
-CMS.debug("*** removing this interna cert");
+                                CMS.debug("*** removing this interna cert");
                             }
                             mNicknameMapCertsTable.remove(nickname);
                             break;
@@ -1162,7 +1158,7 @@ CMS.debug("*** removing this interna cert");
         NameValuePairs nvps = new NameValuePairs();
         try {
             @SuppressWarnings("unchecked")
-			Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens();
+            Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens();
             if (mNicknameMapCertsTable != null)
                 mNicknameMapCertsTable.clear();
 
@@ -1178,21 +1174,21 @@ CMS.debug("*** removing this interna cert");
 
                 for (int i = 0; i < list.length; i++) {
                     try {
-                        PrivateKey key = 
-                          CryptoManager.getInstance().findPrivKeyByCert(list[i]);
+                        PrivateKey key =
+                                CryptoManager.getInstance().findPrivKeyByCert(list[i]);
                         Debug.trace("JssSubsystem getRootCerts: find private key "
-                          +list[i].getNickname());
+                                + list[i].getNickname());
                     } catch (ObjectNotFoundException e) {
                         String nickname = list[i].getNickname();
-                        if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { 
-                            nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname;
+                        if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
+                            nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":" + nickname;
                         }
                         X509CertImpl impl = null;
 
                         try {
                             Vector<X509Certificate> v;
                             if (vecTable.containsKey((Object) nickname) == true) {
-                                v =  vecTable.get(nickname);
+                                v = vecTable.get(nickname);
                             } else {
                                 v = new Vector<X509Certificate>();
                             }
@@ -1206,20 +1202,20 @@ CMS.debug("*** removing this interna cert");
                         }
                         String serialno = impl.getSerialNumber().toString();
                         String issuer = impl.getIssuerDN().toString();
-                        nvps.add(nickname+","+serialno, issuer);
-                        Debug.trace("getRootCerts: nickname="+nickname+", serialno="+
-                          serialno+", issuer="+issuer);
+                        nvps.add(nickname + "," + serialno, issuer);
+                        Debug.trace("getRootCerts: nickname=" + nickname + ", serialno=" +
+                                serialno + ", issuer=" + issuer);
                         continue;
                     } catch (CryptoManager.NotInitializedException e) {
                         continue;
                     }
-                }   
+                }
                 // convert hashtable of vectors to hashtable of arrays
                 Enumeration<String> elms = vecTable.keys();
 
                 while (elms.hasMoreElements()) {
                     String key = (String) elms.nextElement();
-                    Vector<X509Certificate> v =  vecTable.get((Object) key);
+                    Vector<X509Certificate> v = vecTable.get((Object) key);
                     X509Certificate[] a = new X509Certificate[v.size()];
 
                     v.copyInto((Object[]) a);
@@ -1239,7 +1235,7 @@ CMS.debug("*** removing this interna cert");
         NameValuePairs nvps = new NameValuePairs();
         try {
             @SuppressWarnings("unchecked")
-			Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens();
+            Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens();
 
             while (enums.hasMoreElements()) {
                 CryptoToken token = (CryptoToken) enums.nextElement();
@@ -1250,16 +1246,16 @@ CMS.debug("*** removing this interna cert");
 
                 for (int i = 0; i < list.length; i++) {
                     try {
-                        PrivateKey key = 
-                          CryptoManager.getInstance().findPrivKeyByCert(list[i]);
+                        PrivateKey key =
+                                CryptoManager.getInstance().findPrivKeyByCert(list[i]);
                         String nickname = list[i].getNickname();
                         if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME) ||
-                          tokenName.equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) {
-                            nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname;
+                                tokenName.equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) {
+                            nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":" + nickname;
                         }
                         X509CertImpl impl = null;
 
-                        try { 
+                        try {
                             impl = new X509CertImpl(list[i].getEncoded());
                         } catch (CertificateException e) {
                             // skip bad certificate
@@ -1268,17 +1264,17 @@ CMS.debug("*** removing this interna cert");
                         }
                         String serialno = impl.getSerialNumber().toString();
                         String issuer = impl.getIssuerDN().toString();
-                        nvps.add(nickname+","+serialno, issuer);
-                        Debug.trace("getUserCerts: nickname="+nickname+", serialno="+
-                          serialno+", issuer="+issuer);
+                        nvps.add(nickname + "," + serialno, issuer);
+                        Debug.trace("getUserCerts: nickname=" + nickname + ", serialno=" +
+                                serialno + ", issuer=" + issuer);
                     } catch (ObjectNotFoundException e) {
                         Debug.trace("JssSubsystem getUserCerts: cant find private key "
-                          +list[i].getNickname());
+                                + list[i].getNickname());
                         continue;
                     } catch (CryptoManager.NotInitializedException e) {
                         continue;
                     }
-                }   
+                }
             }
         } catch (TokenException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString()));
@@ -1306,7 +1302,7 @@ CMS.debug("*** removing this interna cert");
 
         try {
             @SuppressWarnings("unchecked")
-			Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens();
+            Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens();
 
             while (enums.hasMoreElements()) {
                 CryptoToken token = (CryptoToken) enums.nextElement();
@@ -1317,14 +1313,14 @@ CMS.debug("*** removing this interna cert");
 
                 for (int i = 0; i < list.length; i++) {
                     String nickname = list[i].getNickname();
-                    X509Certificate[] certificates = 
-                        CryptoManager.getInstance().findCertsByNickname(nickname);
+                    X509Certificate[] certificates =
+                            CryptoManager.getInstance().findCertsByNickname(nickname);
 
                     mNicknameMapUserCertsTable.put(nickname, certificates);
 
                     X509CertImpl impl = null;
 
-                    try { 
+                    try {
                         impl = new X509CertImpl(list[i].getEncoded());
                     } catch (CertificateException e) {
                         // skip bad certificate
@@ -1346,7 +1342,7 @@ CMS.debug("*** removing this interna cert");
                         if (vvalue.endsWith(",u")) {
                             pair.setValue(vvalue + ";" + certValue);
                         }
-                    } 
+                    }
 
                 }
             } /* while */
@@ -1371,22 +1367,22 @@ CMS.debug("*** removing this interna cert");
         X509Certificate[] certs;
 
         try {
-            certs = 
+            certs =
                     CryptoManager.getInstance().getCACerts();
         } catch (NotInitializedException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
         }
 
-        if( mNicknameMapCertsTable == null ) {
-            CMS.debug( "JssSubsystem::getCACerts() - "
-                     + "mNicknameMapCertsTable is null!" );
-            throw new EBaseException( "mNicknameMapCertsTable is null" );
+        if (mNicknameMapCertsTable == null) {
+            CMS.debug("JssSubsystem::getCACerts() - "
+                     + "mNicknameMapCertsTable is null!");
+            throw new EBaseException("mNicknameMapCertsTable is null");
         } else {
             mNicknameMapCertsTable.clear();
         }
 
-            // a temp hashtable with vectors
+        // a temp hashtable with vectors
         Hashtable<String, Vector<X509Certificate>> vecTable = new Hashtable<String, Vector<X509Certificate>>();
 
         for (int i = 0; i < certs.length; i++) {
@@ -1396,7 +1392,7 @@ CMS.debug("*** removing this interna cert");
             Vector<X509Certificate> v;
 
             if (vecTable.containsKey((Object) nickname) == true) {
-                v =  vecTable.get(nickname);
+                v = vecTable.get(nickname);
             } else {
                 v = new Vector<X509Certificate>();
             }
@@ -1409,19 +1405,19 @@ CMS.debug("*** removing this interna cert");
 
         while (elms.hasMoreElements()) {
             String key = (String) elms.nextElement();
-            Vector<X509Certificate> v =  vecTable.get((Object) key);
+            Vector<X509Certificate> v = vecTable.get((Object) key);
             X509Certificate[] a = new X509Certificate[v.size()];
 
             v.copyInto((Object[]) a);
             mNicknameMapCertsTable.put(key, a);
         }
 
-        Enumeration<String> keys = mNicknameMapCertsTable.keys(); 
+        Enumeration<String> keys = mNicknameMapCertsTable.keys();
 
         while (keys.hasMoreElements()) {
             String nickname = (String) keys.nextElement();
             X509Certificate[] value = (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
-			
+
             for (int i = 0; i < value.length; i++) {
                 InternalCertificate icert = null;
 
@@ -1431,14 +1427,13 @@ CMS.debug("*** removing this interna cert");
                     Debug.trace("cert is not an InternalCertificate");
                     Debug.trace("nickname: " + nickname + "  index " + i);
                     Debug.trace("cert: " + value[i]);
-                    continue;  
+                    continue;
                 }
-				
+
                 int flag = icert.getSSLTrust();
                 String trust = "U";
 
-                if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == 
-                    InternalCertificate.TRUSTED_CLIENT_CA)
+                if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA)
                     trust = "T";
                 X509CertImpl impl = null;
 
@@ -1455,7 +1450,7 @@ CMS.debug("*** removing this interna cert");
                         String vvalue = pair.getValue();
 
                         pair.setValue(vvalue + ";" + certValue);
-                    } 
+                    }
                 } catch (CertificateException e) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT_FOR", nickname, e.toString()));
                     // allow it to continue with other certs even if one blows
@@ -1489,8 +1484,8 @@ CMS.debug("*** removing this interna cert");
                             if (cert instanceof InternalCertificate) {
                                 if (trust.equals("Trust")) {
                                     int trustflag = InternalCertificate.TRUSTED_CA |
-                                        InternalCertificate.TRUSTED_CLIENT_CA | 
-                                        InternalCertificate.VALID_CA;
+                                            InternalCertificate.TRUSTED_CLIENT_CA |
+                                            InternalCertificate.VALID_CA;
 
                                     ((InternalCertificate) cert).setSSLTrust(trustflag);
                                 } else
@@ -1503,7 +1498,7 @@ CMS.debug("*** removing this interna cert");
                     }
                 }
             }
-        } catch (ParseException e) {    
+        } catch (ParseException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
         } catch (CertificateException e) {
@@ -1514,12 +1509,13 @@ CMS.debug("*** removing this interna cert");
 
     /**
      * Delete the CA certificate from the perm database.
+     * 
      * @param nickname The nickname of the CA certificate.
      * @param notAfterTime The notAfter of the certificate. It is possible to get multiple
-     *   certificates under the same nickname. If one of the certificates match the notAfterTime,
-     *   then the certificate will get deleted. The format of the notAfterTime has to be
-     *   in "MMMMM dd, yyyy HH:mm:ss" format.
-     */ 
+     *            certificates under the same nickname. If one of the certificates match the notAfterTime,
+     *            then the certificate will get deleted. The format of the notAfterTime has to be
+     *            in "MMMMM dd, yyyy HH:mm:ss" format.
+     */
     public void deleteCACert(String nickname, String notAfterTime) throws EBaseException {
         try {
             if (mNicknameMapCertsTable != null) {
@@ -1575,15 +1571,17 @@ CMS.debug("*** removing this interna cert");
 
     /**
      * Delete any certificate from the any token.
+     * 
      * @param nickname The nickname of the certificate.
      * @param notAfterTime The notAfter of the certificate. It is possible to get multiple
-     *   certificates under the same nickname. If one of the certificates match the notAfterTime,
-     *   then the certificate will get deleted. The format of the notAfterTime has to be
-     *   in "MMMMM dd, yyyy HH:mm:ss" format.
-     */ 
+     *            certificates under the same nickname. If one of the certificates match the notAfterTime,
+     *            then the certificate will get deleted. The format of the notAfterTime has to be
+     *            in "MMMMM dd, yyyy HH:mm:ss" format.
+     */
     public void deleteCert(String nickname, String notAfterTime) throws EBaseException {
         boolean isUserCert = false;
-        X509Certificate[] certs = null;;
+        X509Certificate[] certs = null;
+        ;
 
         try {
             if (mNicknameMapCertsTable != null) {
@@ -1677,15 +1675,15 @@ CMS.debug("*** removing this interna cert");
                 CryptoStore store = tcert.getOwningToken().getCryptoStore();
 
                 tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
-            } else 
+            } else
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_NOT_TOKEN_CERT"));
 
             int index = nickname.indexOf(":");
- 
+
             // the deleted certificate is on the hardware token. We should delete the same one from
             // the internal token.
             if (index > 0) {
-                CryptoToken cToken = CryptoManager.getInstance().getInternalKeyStorageToken(); 
+                CryptoToken cToken = CryptoManager.getInstance().getInternalKeyStorageToken();
                 CryptoStore store = cToken.getCryptoStore();
                 X509Certificate[] allcerts = CryptoManager.getInstance().getCACerts();
 
@@ -1721,7 +1719,7 @@ CMS.debug("*** removing this interna cert");
         } catch (CertificateEncodingException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
-        } catch (IOException e) { 
+        } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
         }
@@ -1730,7 +1728,7 @@ CMS.debug("*** removing this interna cert");
     public String getSubjectDN(String nickname) throws EBaseException {
         try {
             X509Certificate cert =
-                CryptoManager.getInstance().findCertByNickname(nickname);
+                    CryptoManager.getInstance().findCertByNickname(nickname);
             X509CertImpl impl = new X509CertImpl(cert.getEncoded());
 
             return impl.getSubjectDN().getName();
@@ -1750,14 +1748,14 @@ CMS.debug("*** removing this interna cert");
     }
 
     public void setRootCertTrust(String nickname, String serialno,
-      String issuerName, String trust) throws EBaseException {
- 
+            String issuerName, String trust) throws EBaseException {
+
         X509Certificate cert = getCertificate(nickname, serialno, issuerName);
         if (cert instanceof InternalCertificate) {
             if (trust.equals("trust")) {
                 int trustflag = InternalCertificate.TRUSTED_CA |
-                  InternalCertificate.TRUSTED_CLIENT_CA |
-                  InternalCertificate.VALID_CA;
+                        InternalCertificate.TRUSTED_CLIENT_CA |
+                        InternalCertificate.VALID_CA;
 
                 ((InternalCertificate) cert).setSSLTrust(trustflag);
             } else {
@@ -1767,31 +1765,31 @@ CMS.debug("*** removing this interna cert");
     }
 
     public X509Certificate getCertificate(String nickname, String serialno,
-      String issuerName) throws EBaseException {
+            String issuerName) throws EBaseException {
 
         int index = nickname.indexOf(":");
         String tokenname = nickname.substring(0, index);
         if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
-            nickname = nickname.substring(index+1);
+            nickname = nickname.substring(index + 1);
         }
         try {
             X509Certificate[] certs =
-                CryptoManager.getInstance().findCertsByNickname(nickname);
+                    CryptoManager.getInstance().findCertsByNickname(nickname);
 
             X509CertImpl impl = null;
-            int i=0;
+            int i = 0;
             if (certs != null && certs.length > 0) {
                 for (; i < certs.length; i++) {
                     impl = new X509CertImpl(certs[i].getEncoded());
                     if (impl.getIssuerDN().toString().equals(issuerName) &&
-                        impl.getSerialNumber().toString().equals(serialno))
+                            impl.getSerialNumber().toString().equals(serialno))
                         return certs[i];
                 }
             } else {
                 EBaseException e =
-                  new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+                        new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
                 log(ILogger.LL_FAILURE,
-                  CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+                        CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
                 throw e;
             }
         } catch (NotInitializedException e) {
@@ -1799,50 +1797,50 @@ CMS.debug("*** removing this interna cert");
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
         } catch (TokenException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));        } catch (CertificateException e) {
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+        } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
         }
-  
+
         return null;
     }
 
     public String getRootCertTrustBit(String nickname, String serialno,
-      String issuerName) throws EBaseException {
+            String issuerName) throws EBaseException {
         int index = nickname.indexOf(":");
         String tokenname = nickname.substring(0, index);
         if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
-            nickname = nickname.substring(index+1);
+            nickname = nickname.substring(index + 1);
         }
         try {
             X509Certificate[] certs =
-                CryptoManager.getInstance().findCertsByNickname(nickname);
+                    CryptoManager.getInstance().findCertsByNickname(nickname);
 
             X509CertImpl impl = null;
-            int i=0;
+            int i = 0;
             if (certs != null && certs.length > 0) {
                 for (; i < certs.length; i++) {
                     impl = new X509CertImpl(certs[i].getEncoded());
                     if (impl.getIssuerDN().toString().equals(issuerName) &&
-                        impl.getSerialNumber().toString().equals(serialno))
+                            impl.getSerialNumber().toString().equals(serialno))
                         break;
                 }
             } else {
                 EBaseException e =
-                  new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+                        new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
                 log(ILogger.LL_FAILURE,
-                  CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+                        CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
                 throw e;
             }
 
             String trust = "U";
             if (certs[i] instanceof InternalCertificate) {
-                InternalCertificate icert = (InternalCertificate)certs[i];
+                InternalCertificate icert = (InternalCertificate) certs[i];
                 int flag = icert.getSSLTrust();
-                if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) ==
-                  InternalCertificate.TRUSTED_CLIENT_CA)
+                if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA)
                     trust = "T";
-            } else 
+            } else
                 trust = "N/A";
             return trust;
         } catch (NotInitializedException e) {
@@ -1850,36 +1848,37 @@ CMS.debug("*** removing this interna cert");
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
         } catch (TokenException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));        } catch (CertificateException e) {
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+        } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
         }
     }
 
     public String getCertPrettyPrint(String nickname, String serialno,
-      String issuerName, Locale locale) throws EBaseException {
+            String issuerName, Locale locale) throws EBaseException {
         int index = nickname.indexOf(":");
         String tokenname = nickname.substring(0, index);
         if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
-            nickname = nickname.substring(index+1);
+            nickname = nickname.substring(index + 1);
         }
         try {
             X509Certificate[] certs =
-                CryptoManager.getInstance().findCertsByNickname(nickname);
+                    CryptoManager.getInstance().findCertsByNickname(nickname);
 
             X509CertImpl impl = null;
             if (certs != null && certs.length > 0) {
                 for (int i = 0; i < certs.length; i++) {
                     impl = new X509CertImpl(certs[i].getEncoded());
                     if (impl.getIssuerDN().toString().equals(issuerName) &&
-                        impl.getSerialNumber().toString().equals(serialno))
+                            impl.getSerialNumber().toString().equals(serialno))
                         break;
                 }
             } else {
-                EBaseException e = 
-                  new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
-                log(ILogger.LL_FAILURE, 
-                  CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+                EBaseException e =
+                        new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
                 throw e;
             }
             CertPrettyPrint print = null;
@@ -1904,42 +1903,42 @@ CMS.debug("*** removing this interna cert");
     }
 
     public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno,
-      String issuerName, Locale locale) throws EBaseException {
+            String issuerName, Locale locale) throws EBaseException {
         int index = nickname.indexOf(":");
         String tokenname = nickname.substring(0, index);
         if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
-            nickname = nickname.substring(index+1);
+            nickname = nickname.substring(index + 1);
         }
         try {
             X509Certificate[] certs =
-                CryptoManager.getInstance().findCertsByNickname(nickname);
+                    CryptoManager.getInstance().findCertsByNickname(nickname);
 
             X509CertImpl impl = null;
             if (certs != null && certs.length > 0) {
                 for (int i = 0; i < certs.length; i++) {
                     impl = new X509CertImpl(certs[i].getEncoded());
                     if (impl.getIssuerDN().toString().equals(issuerName) &&
-                        impl.getSerialNumber().toString().equals(serialno))
+                            impl.getSerialNumber().toString().equals(serialno))
                         break;
                 }
             } else {
-                EBaseException e = 
-                  new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
-                log(ILogger.LL_FAILURE, 
-                  CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+                EBaseException e =
+                        new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
                 throw e;
             }
             CertPrettyPrint print = null;
-			String fingerPrint = "";
+            String fingerPrint = "";
 
             if (impl != null) {
                 print = new CertPrettyPrint(impl);
-				fingerPrint = CMS.getFingerPrints(impl.getEncoded());
-			}
+                fingerPrint = CMS.getFingerPrints(impl.getEncoded());
+            }
 
             if ((print != null) && (fingerPrint != "")) {
-				String pp =  print.toString(locale) + "\n" +
-					"Certificate Fingerprints:"+ '\n' + fingerPrint;
+                String pp = print.toString(locale) + "\n" +
+                        "Certificate Fingerprints:" + '\n' + fingerPrint;
                 return pp;
             } else
                 return null;
@@ -1958,14 +1957,14 @@ CMS.debug("*** removing this interna cert");
         }
     }
 
-    public String getCertPrettyPrint(String nickname, String date, 
-        Locale locale) throws EBaseException {
+    public String getCertPrettyPrint(String nickname, String date,
+            Locale locale) throws EBaseException {
         try {
             X509Certificate[] certs =
-                CryptoManager.getInstance().findCertsByNickname(nickname);
+                    CryptoManager.getInstance().findCertsByNickname(nickname);
 
             if ((certs == null || certs.length == 0) &&
-                mNicknameMapCertsTable != null) {
+                    mNicknameMapCertsTable != null) {
                 certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
             }
             if (certs == null) {
@@ -2010,7 +2009,7 @@ CMS.debug("*** removing this interna cert");
     }
 
     public String getCertPrettyPrint(String b64E, Locale locale) throws EBaseException {
-        try { 
+        try {
             try {
                 byte[] b = KeyCertUtil.convertB64EToByteArray(b64E);
                 X509CertImpl impl = new X509CertImpl(b);
@@ -2026,7 +2025,7 @@ CMS.debug("*** removing this interna cert");
                 byte data[] = com.netscape.osutil.OSUtil.AtoB(normalized);
 
                 ContentInfo ci = (ContentInfo)
-                    ASN1Util.decode(ContentInfo.getTemplate(), data);
+                        ASN1Util.decode(ContentInfo.getTemplate(), data);
 
                 if (!ci.getContentType().equals(ContentInfo.SIGNED_DATA)) {
                     throw new CertificateException(
@@ -2053,7 +2052,7 @@ CMS.debug("*** removing this interna cert");
             }
         } catch (InvalidBERException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
                         "Failed to decode"));
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
@@ -2064,8 +2063,8 @@ CMS.debug("*** removing this interna cert");
         }
     }
 
-    public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey) 
-        throws EBaseException {
+    public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey)
+            throws EBaseException {
         CertificateInfo cert = null;
 
         if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
@@ -2087,8 +2086,8 @@ CMS.debug("*** removing this interna cert");
 
         try {
             certInfo = cert.getCertInfo();
-            SignatureAlgorithm sigAlg = 
-                (SignatureAlgorithm) data.get(Constants.PR_SIGNATURE_ALGORITHM);
+            SignatureAlgorithm sigAlg =
+                    (SignatureAlgorithm) data.get(Constants.PR_SIGNATURE_ALGORITHM);
 
             signedCert = KeyCertUtil.signCert(priKey, certInfo, sigAlg);
         } catch (NoSuchTokenException e) {
@@ -2115,15 +2114,15 @@ CMS.debug("*** removing this interna cert");
             if (certinfo == null)
                 return false;
             else {
-                CertificateExtensions exts = 
-                    (CertificateExtensions) certinfo.get(X509CertInfo.EXTENSIONS);
+                CertificateExtensions exts =
+                        (CertificateExtensions) certinfo.get(X509CertInfo.EXTENSIONS);
 
                 if (exts == null)
                     return false;
                 else {
                     try {
                         BasicConstraintsExtension ext = (BasicConstraintsExtension)
-                            exts.get(BasicConstraintsExtension.class.getSimpleName());
+                                exts.get(BasicConstraintsExtension.class.getSimpleName());
 
                         if (ext == null)
                             return false;
@@ -2155,8 +2154,8 @@ CMS.debug("*** removing this interna cert");
         }
     }
 
-    public CertificateExtensions getExtensions(String tokenname, String nickname) 
-        throws EBaseException {
+    public CertificateExtensions getExtensions(String tokenname, String nickname)
+            throws EBaseException {
         try {
             return KeyCertUtil.getExtensions(tokenname, nickname);
         } catch (NotInitializedException e) {
@@ -2190,25 +2189,24 @@ CMS.debug("*** removing this interna cert");
     }
 
     public PQGParams getCAPQG(int keysize, IConfigStore store)
-        throws EBaseException {
+            throws EBaseException {
         return KeyCertUtil.getCAPQG(keysize, store);
     }
 
     public CertificateExtensions getCertExtensions(String tokenname, String nickname)
-        throws NotInitializedException, TokenException, ObjectNotFoundException,
+            throws NotInitializedException, TokenException, ObjectNotFoundException,
 
             IOException, CertificateException {
         return KeyCertUtil.getExtensions(tokenname, nickname);
     }
 }
 
-class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser
-{
+class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser {
     public JSSDatabaseCloser() throws Exception {
-      super();
+        super();
     }
 
     public void closeDatabases() {
-      super.closeDatabases();
+        super.closeDatabases();
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java b/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java
index 35b7cdf2..79988e7d 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.IOException;
 import java.security.KeyPair;
 
@@ -29,16 +28,15 @@ import com.netscape.certsrv.common.ConfigConstants;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.security.KeyCertData;
 
-
 /**
- * KRA transport certificate 
+ * KRA transport certificate
  * 
  * @author Christine Ho
  * @version $Revision$, $Date$
  */
 public class KRATransportCert extends CertificateInfo {
-    public static final String SUBJECT_NAME = 
-        "CN=Data Recovery Manager, O=Netscape Communications, C=US";
+    public static final String SUBJECT_NAME =
+            "CN=Data Recovery Manager, O=Netscape Communications, C=US";
     private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME;
 
     public KRATransportCert(KeyCertData properties) {
@@ -49,8 +47,8 @@ public class KRATransportCert extends CertificateInfo {
         super(properties, pair);
         String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME);
 
-        if ((tmp != null) && 
-            (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))   
+        if ((tmp != null) &&
+                (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
             mTokenname = tmp;
         mProperties.put(Constants.PR_AKI, Constants.TRUE);
     }
@@ -72,8 +70,8 @@ public class KRATransportCert extends CertificateInfo {
 
     public String getNickname() {
         String name = (String) mProperties.get(Constants.PR_NICKNAME);
-        String instanceName = 
-            (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+        String instanceName =
+                (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
 
         if (name != null)
             return name;
@@ -107,4 +105,3 @@ public class KRATransportCert extends CertificateInfo {
         return extension;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
index c020fe8b..606c140f 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.FilterOutputStream;
@@ -116,7 +115,6 @@ import com.netscape.cmscore.dbs.DateMapper;
 import com.netscape.cmscore.dbs.X509CertImplMapper;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 
-
 /**
  * This class provides all the base methods to generate the key for different
  * kinds of certificates.
@@ -155,11 +153,11 @@ public class KeyCertUtil {
         }
     }
 
-    public static String getTokenNames(CryptoManager manager) 
-        throws TokenException {
+    public static String getTokenNames(CryptoManager manager)
+            throws TokenException {
         String tokenList = "";
         @SuppressWarnings("unchecked")
-		Enumeration<CryptoToken> tokens = manager.getExternalTokens();
+        Enumeration<CryptoToken> tokens = manager.getExternalTokens();
         int num = 0;
 
         while (tokens.hasMoreElements()) {
@@ -183,9 +181,9 @@ public class KeyCertUtil {
         ByteArrayOutputStream output = new ByteArrayOutputStream();
         Base64OutputStream b64 = new Base64OutputStream(new
                 PrintStream(new
-                    FilterOutputStream(output)
+                        FilterOutputStream(output)
                 )
-            );
+                );
 
         b64.write(bytes);
         b64.flush();
@@ -196,7 +194,7 @@ public class KeyCertUtil {
     }
 
     public static byte[] makeDSSParms(BigInteger P, BigInteger Q, BigInteger G)
-        throws IOException {
+            throws IOException {
 
         // Write P, Q, G to a DER stream
         DerOutputStream contents = new DerOutputStream();
@@ -213,8 +211,8 @@ public class KeyCertUtil {
         return sequence.toByteArray();
     }
 
-    public static PrivateKey getPrivateKey(String tokenname, String nickname) 
-        throws TokenException, EBaseException,
+    public static PrivateKey getPrivateKey(String tokenname, String nickname)
+            throws TokenException, EBaseException,
             NoSuchTokenException, NotInitializedException, CertificateException,
             CertificateEncodingException, EBaseException, ObjectNotFoundException {
 
@@ -223,15 +221,15 @@ public class KeyCertUtil {
          String tokenName = store.getString("ca.signing.cacertnickname");
          */
         X509Certificate cert = getCertificate(tokenname, nickname);
-            
+
         return CryptoManager.getInstance().findPrivKeyByCert(cert);
     }
 
-    public static String getCertSubjectName(String tokenname, String nickname) 
-        throws TokenException, EBaseException, NoSuchTokenException,
+    public static String getCertSubjectName(String tokenname, String nickname)
+            throws TokenException, EBaseException, NoSuchTokenException,
             NotInitializedException, CertificateException,
             CertificateEncodingException, EBaseException {
- 
+
         X509Certificate cert = getCertificate(tokenname, nickname);
         X509CertImpl impl = new X509CertImpl(cert.getEncoded());
 
@@ -239,16 +237,16 @@ public class KeyCertUtil {
     }
 
     public static X509CertImpl signCert(PrivateKey privateKey, X509CertInfo certInfo,
-        SignatureAlgorithm sigAlg) 
-        throws NoSuchTokenException, EBaseException, NotInitializedException {
+            SignatureAlgorithm sigAlg)
+            throws NoSuchTokenException, EBaseException, NotInitializedException {
         try {
             CertificateAlgorithmId sId = (CertificateAlgorithmId)
-                certInfo.get(X509CertInfo.ALGORITHM_ID);
+                    certInfo.get(X509CertInfo.ALGORITHM_ID);
             AlgorithmId sigAlgId =
-                (AlgorithmId) sId.get(CertificateAlgorithmId.ALGORITHM);
+                    (AlgorithmId) sId.get(CertificateAlgorithmId.ALGORITHM);
 
-            org.mozilla.jss.crypto.PrivateKey priKey = 
-                (org.mozilla.jss.crypto.PrivateKey) privateKey;
+            org.mozilla.jss.crypto.PrivateKey priKey =
+                    (org.mozilla.jss.crypto.PrivateKey) privateKey;
             CryptoToken token = priKey.getOwningToken();
 
             DerOutputStream tmp = new DerOutputStream();
@@ -283,7 +281,7 @@ public class KeyCertUtil {
         } catch (CertificateException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
         }
-    } 
+    }
 
     public static SignatureAlgorithm getSigningAlgorithm(String keyType) {
         SignatureAlgorithm sAlg = null;
@@ -318,9 +316,9 @@ public class KeyCertUtil {
     }
 
     public static AlgorithmId getAlgorithmId(String algname, IConfigStore store)
-        throws EBaseException {
+            throws EBaseException {
         try {
-            
+
             if (algname.equals("DSA")) {
                 byte[] p = store.getByteArray("ca.dsaP", null);
                 byte[] q = store.getByteArray("ca.dsaQ", null);
@@ -341,10 +339,10 @@ public class KeyCertUtil {
     }
 
     public static X509Certificate getCertificate(String tokenname,
-        String nickname) throws NotInitializedException, NoSuchTokenException,
+            String nickname) throws NotInitializedException, NoSuchTokenException,
             EBaseException, TokenException {
         CryptoManager manager = CryptoManager.getInstance();
-        CryptoToken token = null; 
+        CryptoToken token = null;
 
         if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
             token = manager.getInternalKeyStorageToken();
@@ -365,12 +363,12 @@ public class KeyCertUtil {
         }
     }
 
-    public static KeyPair getKeyPair(String tokenname, String nickname) 
-        throws NotInitializedException, NoSuchTokenException, TokenException,
+    public static KeyPair getKeyPair(String tokenname, String nickname)
+            throws NotInitializedException, NoSuchTokenException, TokenException,
             ObjectNotFoundException, EBaseException {
         X509Certificate cert = getCertificate(tokenname, nickname);
         PrivateKey priKey =
-            CryptoManager.getInstance().findPrivKeyByCert(cert);
+                CryptoManager.getInstance().findPrivKeyByCert(cert);
         PublicKey publicKey = cert.getPublicKey();
 
         return new KeyPair(publicKey, priKey);
@@ -384,8 +382,8 @@ public class KeyCertUtil {
         }
     }
 
-    public static PQGParams getCAPQG(int keysize, IConfigStore store) 
-        throws EBaseException {
+    public static PQGParams getCAPQG(int keysize, IConfigStore store)
+            throws EBaseException {
         if (store != null) {
             try {
                 int pqgKeySize = store.getInteger("ca.dsaPQG.keyLength", 0);
@@ -422,9 +420,9 @@ public class KeyCertUtil {
                 store.putInteger("ca.dsaCounter", pqg.getCounter());
                 store.putString("ca.dsaH", KeyCertUtil.base64Encode(
                         pqg.getH().toByteArray()));
-                store.putString("ca.DSSParms", 
-                    KeyCertUtil.base64Encode(
-                        KeyCertUtil.makeDSSParms(pqg.getP(), pqg.getQ(), pqg.getG())));
+                store.putString("ca.DSSParms",
+                        KeyCertUtil.base64Encode(
+                                KeyCertUtil.makeDSSParms(pqg.getP(), pqg.getQ(), pqg.getG())));
                 store.commit(false);
                 return pqg;
             } catch (IOException ee) {
@@ -439,12 +437,12 @@ public class KeyCertUtil {
     }
 
     public static KeyPair generateKeyPair(CryptoToken token,
-        KeyPairAlgorithm kpAlg, int keySize, PQGParams pqg) 
-        throws NoSuchAlgorithmException, TokenException, InvalidAlgorithmParameterException,
+            KeyPairAlgorithm kpAlg, int keySize, PQGParams pqg)
+            throws NoSuchAlgorithmException, TokenException, InvalidAlgorithmParameterException,
             InvalidParameterException, PQGParamGenException {
 
         KeyPairGenerator kpGen = token.getKeyPairGenerator(kpAlg);
- 
+
         if (kpAlg == KeyPairAlgorithm.DSA) {
             if (pqg == null) {
                 kpGen.initialize(keySize);
@@ -464,8 +462,7 @@ public class KeyCertUtil {
             do {
                 // 602548 NSS bug - to overcome it, we use isBadDSAKeyPair
                 kp = kpGen.genKeyPair();
-            }
-            while (isBadDSAKeyPair(kp)); 
+            } while (isBadDSAKeyPair(kp));
             return kp;
         }
     }
@@ -490,7 +487,7 @@ public class KeyCertUtil {
             byte[] bits = bs.getBits();
             ByteArrayInputStream bitstream = new ByteArrayInputStream(bs.getBits());
             ASN1Header wrapper = new ASN1Header(bitstream);
-            byte[] valBytes = new byte[ (int) wrapper.getContentLength() ];
+            byte[] valBytes = new byte[(int) wrapper.getContentLength()];
 
             ASN1Util.readFully(valBytes, bitstream);
 
@@ -504,7 +501,7 @@ public class KeyCertUtil {
     }
 
     public static KeyPair generateKeyPair(String tokenName, String alg,
-        int keySize, PQGParams pqg) throws EBaseException {
+            int keySize, PQGParams pqg) throws EBaseException {
 
         CryptoToken token = null;
 
@@ -549,8 +546,8 @@ public class KeyCertUtil {
         }
     }
 
-    public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair) 
-        throws NoSuchAlgorithmException, NoSuchProviderException, 
+    public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair)
+            throws NoSuchAlgorithmException, NoSuchProviderException,
             InvalidKeyException, IOException, CertificateException,
             SignatureException {
         PublicKey pubk = keyPair.getPublic();
@@ -565,7 +562,7 @@ public class KeyCertUtil {
             alg = "DSA";
         }
         java.security.Signature sig =
-            java.security.Signature.getInstance(alg, "Mozilla-JSS");
+                java.security.Signature.getInstance(alg, "Mozilla-JSS");
 
         sig.initSign(keyPair.getPrivate());
 
@@ -580,9 +577,9 @@ public class KeyCertUtil {
     }
 
     public static PKCS10 getCertRequest(String subjectName, KeyPair
-        keyPair, Extensions
-        exts) 
-        throws NoSuchAlgorithmException, NoSuchProviderException, 
+            keyPair, Extensions
+            exts)
+            throws NoSuchAlgorithmException, NoSuchProviderException,
             InvalidKeyException, IOException, CertificateException,
             SignatureException {
         PublicKey pubk = keyPair.getPublic();
@@ -597,7 +594,7 @@ public class KeyCertUtil {
             alg = "DSA";
         }
         java.security.Signature sig =
-            java.security.Signature.getInstance(alg, "Mozilla-JSS");
+                java.security.Signature.getInstance(alg, "Mozilla-JSS");
 
         sig.initSign(keyPair.getPrivate());
 
@@ -605,8 +602,8 @@ public class KeyCertUtil {
 
         if (exts != null) {
             PKCS10Attribute attr = new
-                PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID,
-                    (CertAttrSet) exts);
+                    PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID,
+                            (CertAttrSet) exts);
             PKCS10Attributes attrs = new PKCS10Attributes();
 
             attrs.setAttribute(attr.getAttributeValue().getName(), attr);
@@ -624,8 +621,8 @@ public class KeyCertUtil {
         return pkcs10;
     }
 
-    public static X509Key convertPublicKeyToX509Key(PublicKey pubk) 
-        throws InvalidKeyException {
+    public static X509Key convertPublicKeyToX509Key(PublicKey pubk)
+            throws InvalidKeyException {
 
         X509Key xKey;
 
@@ -654,23 +651,23 @@ public class KeyCertUtil {
     }
 
     public static X509Certificate
-    importCert(X509CertImpl signedCert, String nickname,
-        String certType) throws NotInitializedException, TokenException,
-            CertificateEncodingException, UserCertConflictException,
-            NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
-      
+            importCert(X509CertImpl signedCert, String nickname,
+                    String certType) throws NotInitializedException, TokenException,
+                    CertificateEncodingException, UserCertConflictException,
+                    NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
+
         return importCert(signedCert.getEncoded(), nickname, certType);
     }
 
     public static X509Certificate
-    importCert(String b64E, String nickname, String certType)
-        throws NotInitializedException, TokenException,
-            CertificateEncodingException, UserCertConflictException,
-            NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
- 
+            importCert(String b64E, String nickname, String certType)
+                    throws NotInitializedException, TokenException,
+                    CertificateEncodingException, UserCertConflictException,
+                    NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
+
         byte b[] = b64E.getBytes();
         X509Certificate cert = getInternalCertificate(b, nickname, certType);
- 
+
         if (cert instanceof InternalCertificate) {
             setTrust(certType, (InternalCertificate) cert);
         }
@@ -678,10 +675,10 @@ public class KeyCertUtil {
     }
 
     public static X509Certificate
-    importCert(byte[] b, String nickname, String certType) 
-        throws NotInitializedException, TokenException, 
-            CertificateEncodingException, UserCertConflictException, 
-            NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
+            importCert(byte[] b, String nickname, String certType)
+                    throws NotInitializedException, TokenException,
+                    CertificateEncodingException, UserCertConflictException,
+                    NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
 
         X509Certificate cert = getInternalCertificate(b, nickname, certType);
 
@@ -691,8 +688,8 @@ public class KeyCertUtil {
         return cert;
     }
 
-    public static X509Certificate getInternalCertificate(byte[] b, String nickname, String certType) 
-        throws NotInitializedException, TokenException, CertificateEncodingException,
+    public static X509Certificate getInternalCertificate(byte[] b, String nickname, String certType)
+            throws NotInitializedException, TokenException, CertificateEncodingException,
             UserCertConflictException, NicknameConflictException, NoSuchItemOnTokenException,
             CertificateException {
         X509Certificate cert = null;
@@ -701,12 +698,12 @@ public class KeyCertUtil {
             cert = CryptoManager.getInstance().importUserCACertPackage(b,
                         nickname);
         } else if (certType.equals(Constants.PR_RA_SIGNING_CERT) ||
-            certType.equals(Constants.PR_KRA_TRANSPORT_CERT) ||
-            certType.equals(Constants.PR_OCSP_SIGNING_CERT) ||
-            certType.equals(Constants.PR_SERVER_CERT) ||
-            certType.equals(Constants.PR_SERVER_CERT_RADM) ||
-            certType.equals(Constants.PR_OTHER_CERT) ||
-            certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
+                certType.equals(Constants.PR_KRA_TRANSPORT_CERT) ||
+                certType.equals(Constants.PR_OCSP_SIGNING_CERT) ||
+                certType.equals(Constants.PR_SERVER_CERT) ||
+                certType.equals(Constants.PR_SERVER_CERT_RADM) ||
+                certType.equals(Constants.PR_OTHER_CERT) ||
+                certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
             cert = CryptoManager.getInstance().importCertPackage(b,
                         nickname);
         } else if (certType.equals(Constants.PR_SERVER_CERT_CHAIN)) {
@@ -719,15 +716,15 @@ public class KeyCertUtil {
                 cert = certchain[certchain.length - 1];
             }
         }
-        return cert;   
+        return cert;
     }
 
     public static void setTrust(String certType, InternalCertificate inCert) {
         if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
             int flag = InternalCertificate.VALID_CA |
-                InternalCertificate.TRUSTED_CA |
-                InternalCertificate.USER |
-                InternalCertificate.TRUSTED_CLIENT_CA;
+                    InternalCertificate.TRUSTED_CA |
+                    InternalCertificate.USER |
+                    InternalCertificate.TRUSTED_CLIENT_CA;
 
             inCert.setSSLTrust(flag);
             inCert.setObjectSigningTrust(flag);
@@ -737,23 +734,23 @@ public class KeyCertUtil {
 
             inCert.setSSLTrust(flag);
             inCert.setObjectSigningTrust(flag);
-            inCert.setEmailTrust(flag); 
+            inCert.setEmailTrust(flag);
         } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
             int flag = InternalCertificate.USER | InternalCertificate.VALID_CA;
 
             inCert.setSSLTrust(flag);
             inCert.setObjectSigningTrust(flag);
-            inCert.setEmailTrust(flag); 
+            inCert.setEmailTrust(flag);
         } else if (certType.equals(Constants.PR_SERVER_CERT) ||
-          certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
+                certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
             int flag = InternalCertificate.USER | InternalCertificate.VALID_CA;
 
             inCert.setSSLTrust(flag);
             inCert.setObjectSigningTrust(flag);
-            inCert.setEmailTrust(flag); 
+            inCert.setEmailTrust(flag);
         } else if (certType.equals(Constants.PR_TRUSTED_CA_CERT)) {
             inCert.setSSLTrust(InternalCertificate.TRUSTED_CA | InternalCertificate.TRUSTED_CLIENT_CA |
-                InternalCertificate.VALID_CA);
+                    InternalCertificate.VALID_CA);
             //inCert.setEmailTrust(InternalCertificate.TRUSTED_CA);
 
             // cannot set this bit. If set, then the cert will not appear when you called getCACerts().
@@ -762,7 +759,7 @@ public class KeyCertUtil {
     }
 
     public static byte[] convertB64EToByteArray(String b64E)
-        throws CertificateException, IOException {
+            throws CertificateException, IOException {
         String str = CertUtils.stripCertBrackets(b64E);
         byte bCert[] = (byte[]) (com.netscape.osutil.OSUtil.AtoB(str));
 
@@ -776,33 +773,33 @@ public class KeyCertUtil {
 
     /**
      * ASN.1 structure:
-     *  0 30  142: SEQUENCE {
-     *  3 30   69:   SEQUENCE {
-     *  5 06    3:     OBJECT IDENTIFIER issuerAltName (2 5 29 18)
-     * 10 04   62:     OCTET STRING
-     *           :       30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A
-     *           :       06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01
-     *           :       86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74
-     *           :       73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01
-     *           :     }
-     * 74 30   69:   SEQUENCE {
-     * 76 06    3:     OBJECT IDENTIFIER subjectAltName (2 5 29 17)
-     * 81 04   62:     OCTET STRING
-     *           :       30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A
-     *           :       06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01
-     *           :       86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74
-     *           :       73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01
-     *           :     }
-     *           :   }
+     * 0 30 142: SEQUENCE {
+     * 3 30 69: SEQUENCE {
+     * 5 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18)
+     * 10 04 62: OCTET STRING
+     * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A
+     * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01
+     * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74
+     * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01
+     * : }
+     * 74 30 69: SEQUENCE {
+     * 76 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
+     * 81 04 62: OCTET STRING
+     * : 30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A
+     * : 06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01
+     * : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74
+     * : 73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01
+     * : }
+     * : }
      * Uses the following to test with configuration wizard:
      * MIGOMEUGA1UdEQQ+MDyCAWGCAWGkEDAOMQwwCgYDVQQDEwNkc2GHBAEBAQGGAWGB
      * FHRob21hc2tAbmV0c2NhcGUuY29tiAMpAQEwRQYDVR0SBD4wPIIBYYIBYaQQMA4x
      * DDAKBgNVBAMTA2RzYYcEAQEBAYYBYYEUdGhvbWFza0BuZXRzY2FwZS5jb22IAykB
-     * AQ== 
+     * AQ==
      */
     public static void setDERExtension(
-        CertificateExtensions ext, KeyCertData properties) 
-        throws IOException {
+            CertificateExtensions ext, KeyCertData properties)
+            throws IOException {
 
         String b64E = properties.getDerExtension();
 
@@ -827,8 +824,8 @@ public class KeyCertUtil {
     }
 
     public static void setBasicConstraintsExtension(
-        CertificateExtensions ext, KeyCertData properties) 
-        throws IOException {
+            CertificateExtensions ext, KeyCertData properties)
+            throws IOException {
         String isCA = properties.isCA();
         String certLen = properties.getCertLen();
 
@@ -844,12 +841,12 @@ public class KeyCertUtil {
         else
             len = Integer.parseInt(certLen);
 
-        if ((isCA == null) || (isCA.equals("")) || 
-            (isCA.equals(Constants.FALSE)))
+        if ((isCA == null) || (isCA.equals("")) ||
+                (isCA.equals(Constants.FALSE)))
             bool = false;
         else
             bool = true;
-            
+
         BasicConstraintsExtension basic = new BasicConstraintsExtension(
                 bool, len);
 
@@ -857,17 +854,17 @@ public class KeyCertUtil {
     }
 
     public static void setExtendedKeyUsageExtension(
-        CertificateExtensions ext, KeyCertData properties) throws IOException,
+            CertificateExtensions ext, KeyCertData properties) throws IOException,
             CertificateException {
         ExtendedKeyUsageExtension ns = new ExtendedKeyUsageExtension();
         boolean anyExt = false;
-        
+
         String sslClient = properties.getSSLClientBit();
-        
+
         if ((sslClient != null) && (sslClient.equals(Constants.TRUE))) {
             ns.addOID(new ObjectIdentifier("1.3.6.1.5.5.7.3.2"));
             anyExt = true;
-        }   
+        }
 
         String sslServer = properties.getSSLServerBit();
 
@@ -908,7 +905,7 @@ public class KeyCertUtil {
     }
 
     public static void setNetscapeCertificateExtension(
-        CertificateExtensions ext, KeyCertData properties) throws IOException,
+            CertificateExtensions ext, KeyCertData properties) throws IOException,
             CertificateException {
 
         NSCertTypeExtension ns = new NSCertTypeExtension();
@@ -966,37 +963,37 @@ public class KeyCertUtil {
             ext.set(NSCertTypeExtension.class.getSimpleName(), ns);
     }
 
-    public static void setOCSPNoCheck(KeyPair keypair, 
-        CertificateExtensions ext, KeyCertData properties) throws IOException,
+    public static void setOCSPNoCheck(KeyPair keypair,
+            CertificateExtensions ext, KeyCertData properties) throws IOException,
             NoSuchAlgorithmException, InvalidKeyException {
         String noCheck = properties.getOCSPNoCheck();
 
         if ((noCheck != null) && (noCheck.equals(Constants.TRUE))) {
-            OCSPNoCheckExtension noCheckExt = 
-                new OCSPNoCheckExtension();
+            OCSPNoCheckExtension noCheckExt =
+                    new OCSPNoCheckExtension();
 
             ext.set(OCSPNoCheckExtension.class.getSimpleName(), noCheckExt);
         }
     }
 
-    public static void setOCSPSigning(KeyPair keypair, 
-        CertificateExtensions ext, KeyCertData properties) throws IOException,
+    public static void setOCSPSigning(KeyPair keypair,
+            CertificateExtensions ext, KeyCertData properties) throws IOException,
             NoSuchAlgorithmException, InvalidKeyException {
         String signing = properties.getOCSPSigning();
 
-        if ((signing != null) && (signing.equals(Constants.TRUE))) { 
-            Vector<ObjectIdentifier> oidSet = new Vector<ObjectIdentifier>(); 
+        if ((signing != null) && (signing.equals(Constants.TRUE))) {
+            Vector<ObjectIdentifier> oidSet = new Vector<ObjectIdentifier>();
             oidSet.addElement(
-              ObjectIdentifier.getObjectIdentifier(
-                ExtendedKeyUsageExtension.OID_OCSPSigning));
-            ExtendedKeyUsageExtension ocspExt = 
-                new ExtendedKeyUsageExtension(false, oidSet);
+                    ObjectIdentifier.getObjectIdentifier(
+                            ExtendedKeyUsageExtension.OID_OCSPSigning));
+            ExtendedKeyUsageExtension ocspExt =
+                    new ExtendedKeyUsageExtension(false, oidSet);
             ext.set(ExtendedKeyUsageExtension.class.getSimpleName(), ocspExt);
         }
     }
 
-    public static void setAuthInfoAccess(KeyPair keypair, 
-        CertificateExtensions ext, KeyCertData properties) throws IOException,
+    public static void setAuthInfoAccess(KeyPair keypair,
+            CertificateExtensions ext, KeyCertData properties) throws IOException,
             NoSuchAlgorithmException, InvalidKeyException {
         String aia = properties.getAIA();
 
@@ -1005,7 +1002,7 @@ public class KeyCertUtil {
             String port = CMS.getEENonSSLPort();
             AuthInfoAccessExtension aiaExt = new AuthInfoAccessExtension(false);
             if (hostname != null && port != null) {
-                String location = "http://"+hostname+":"+port+"/ca/ocsp";
+                String location = "http://" + hostname + ":" + port + "/ca/ocsp";
                 GeneralName ocspName = new GeneralName(new URIName(location));
                 aiaExt.addAccessDescription(AuthInfoAccessExtension.METHOD_OCSP, ocspName);
             }
@@ -1014,42 +1011,42 @@ public class KeyCertUtil {
         }
     }
 
-    public static void setAuthorityKeyIdentifier(KeyPair keypair, 
-        CertificateExtensions ext, KeyCertData properties) throws IOException,
+    public static void setAuthorityKeyIdentifier(KeyPair keypair,
+            CertificateExtensions ext, KeyCertData properties) throws IOException,
             NoSuchAlgorithmException, InvalidKeyException {
         String aki = properties.getAKI();
 
         if ((aki != null) && (aki.equals(Constants.TRUE))) {
             KeyIdentifier id = createKeyIdentifier(keypair);
-            AuthorityKeyIdentifierExtension akiExt = 
-                new AuthorityKeyIdentifierExtension(id, null, null);
+            AuthorityKeyIdentifierExtension akiExt =
+                    new AuthorityKeyIdentifierExtension(id, null, null);
 
             ext.set(AuthorityKeyIdentifierExtension.class.getSimpleName(), akiExt);
         }
     }
 
-    public static void setSubjectKeyIdentifier(KeyPair keypair, 
-        CertificateExtensions ext,
-        KeyCertData properties) throws IOException, NoSuchAlgorithmException, 
+    public static void setSubjectKeyIdentifier(KeyPair keypair,
+            CertificateExtensions ext,
+            KeyCertData properties) throws IOException, NoSuchAlgorithmException,
             InvalidKeyException {
         String ski = properties.getSKI();
 
         if ((ski != null) && (ski.equals(Constants.TRUE))) {
             KeyIdentifier id = createKeyIdentifier(keypair);
             SubjectKeyIdentifierExtension skiExt =
-                new SubjectKeyIdentifierExtension(id.getIdentifier());
+                    new SubjectKeyIdentifierExtension(id.getIdentifier());
 
             ext.set(SubjectKeyIdentifierExtension.class.getSimpleName(), skiExt);
         }
     }
 
     public static void setKeyUsageExtension(CertificateExtensions ext,
-        KeyUsageExtension keyUsage) throws IOException {
+            KeyUsageExtension keyUsage) throws IOException {
         ext.set(KeyUsageExtension.class.getSimpleName(), keyUsage);
     }
 
-    public static KeyIdentifier createKeyIdentifier(KeyPair keypair) 
-        throws NoSuchAlgorithmException, InvalidKeyException {
+    public static KeyIdentifier createKeyIdentifier(KeyPair keypair)
+            throws NoSuchAlgorithmException, InvalidKeyException {
         MessageDigest md = MessageDigest.getInstance("SHA-1");
         X509Key subjectKeyInfo = convertPublicKeyToX509Key(
                 keypair.getPublic());
@@ -1059,8 +1056,8 @@ public class KeyCertUtil {
         return new KeyIdentifier(md.digest());
     }
 
-    public static BigInteger getSerialNumber(LDAPConnection conn, String baseDN) 
-        throws LDAPException {
+    public static BigInteger getSerialNumber(LDAPConnection conn, String baseDN)
+            throws LDAPException {
         String dn = "ou=certificateRepository,ou=ca," + baseDN;
         BigInteger serialno = null;
         LDAPEntry entry = conn.read(dn);
@@ -1080,9 +1077,9 @@ public class KeyCertUtil {
         return serialno;
     }
 
-    public static void setSerialNumber(LDAPConnection conn, 
-        String baseDN, BigInteger serial) 
-        throws LDAPException {
+    public static void setSerialNumber(LDAPConnection conn,
+            String baseDN, BigInteger serial)
+            throws LDAPException {
         String dn = "ou=certificateRepository,ou=ca," + baseDN;
         LDAPAttribute attr = new LDAPAttribute("serialno");
 
@@ -1097,19 +1094,19 @@ public class KeyCertUtil {
     }
 
     public static void addCertToDB(LDAPConnection conn, String dn, X509CertImpl cert)
-        throws LDAPException, EBaseException {
+            throws LDAPException, EBaseException {
         BigInteger serialno = cert.getSerialNumber();
         X509CertImplMapper mapper = new X509CertImplMapper();
         LDAPAttributeSet attrs = new LDAPAttributeSet();
 
         mapper.mapObjectToLDAPAttributeSet(null, null,
-            cert, attrs);
+                cert, attrs);
         attrs.add(new LDAPAttribute("objectclass", "top"));
         attrs.add(new LDAPAttribute("objectclass",
                 "certificateRecord"));
         attrs.add(new LDAPAttribute("serialno",
                 BigIntegerMapper.BigIntegerToDB(
-                    serialno)));
+                        serialno)));
         attrs.add(new LDAPAttribute("dateOfCreate",
                 DateMapper.dateToDB((CMS.getCurrentDate()))));
         attrs.add(new LDAPAttribute("dateOfModify",
@@ -1125,12 +1122,12 @@ public class KeyCertUtil {
         conn.add(entry);
     }
 
-    public static CertificateExtensions getExtensions(String tokenname, String nickname) 
-        throws NotInitializedException, TokenException, ObjectNotFoundException, 
+    public static CertificateExtensions getExtensions(String tokenname, String nickname)
+            throws NotInitializedException, TokenException, ObjectNotFoundException,
             IOException, CertificateException {
         String fullnickname = nickname;
 
-        if (!tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) 
+        if (!tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME))
             fullnickname = tokenname + ":" + nickname;
         CryptoManager manager = CryptoManager.getInstance();
         X509Certificate cert = manager.findCertByNickname(fullnickname);
diff --git a/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java
index efeade92..762db5e9 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.KeyPair;
@@ -34,7 +33,6 @@ import com.netscape.certsrv.common.ConfigConstants;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.security.KeyCertData;
 
-
 /**
  * OCSP signing certificate.
  * 
@@ -42,8 +40,8 @@ import com.netscape.certsrv.security.KeyCertData;
  * @version $Revision$, $Date$
  */
 public class OCSPSigningCert extends CertificateInfo {
-    public static final String SUBJECT_NAME = 
-        "CN=Certificate Authority, O=Netscape Communications, C=US";
+    public static final String SUBJECT_NAME =
+            "CN=Certificate Authority, O=Netscape Communications, C=US";
 
     public OCSPSigningCert(KeyCertData properties) {
         this(properties, null);
@@ -85,7 +83,7 @@ public class OCSPSigningCert extends CertificateInfo {
             BigInteger P = new BigInteger(p);
             BigInteger Q = new BigInteger(q);
             BigInteger G = new BigInteger(g);
-            BigInteger pqgSeed = new BigInteger(seed); 
+            BigInteger pqgSeed = new BigInteger(seed);
             BigInteger pqgH = new BigInteger(H);
 
             return new PQGParams(P, Q, G, pqgSeed, counter, pqgH);
@@ -113,7 +111,7 @@ public class OCSPSigningCert extends CertificateInfo {
             cmsFileTmp.putString("ca.signing.cacertnickname", nickname);
         else
             cmsFileTmp.putString("ca.signing.cacertnickname",
-                tokenname + ":" + nickname);
+                    tokenname + ":" + nickname);
         cmsFileTmp.commit(false);
     }
 
@@ -140,4 +138,3 @@ public class OCSPSigningCert extends CertificateInfo {
         return extension;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java b/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java
index 48b19f62..49c84d52 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.File;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -30,7 +29,6 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmscore.base.JDialogPasswordCallback;
 
-
 /* 
  * A class to retrieve passwords from the SDR password cache
  *
@@ -41,7 +39,7 @@ import com.netscape.cmscore.base.JDialogPasswordCallback;
 public class PWCBsdr implements PasswordCallback {
     InputStream in = null;
     OutputStream out = null;
-    String mprompt = "";  
+    String mprompt = "";
     boolean firsttime = true;
     private PasswordCallback mCB = null;
     private String mPWcachedb = null;
@@ -50,7 +48,7 @@ public class PWCBsdr implements PasswordCallback {
     public PWCBsdr() {
         this(null);
     }
-  
+
     public PWCBsdr(String prompt) {
         in = System.in;
         out = System.out;
@@ -72,7 +70,7 @@ public class PWCBsdr implements PasswordCallback {
         try {
             mPWcachedb = CMS.getConfigStore().getString("pwCache");
             CMS.debug("got pwCache from configstore: " +
-                mPWcachedb);
+                    mPWcachedb);
         } catch (NullPointerException e) {
             System.out.println("after CMS.getConfigStore got NullPointerException ... testing ok");
         } catch (Exception e) {
@@ -81,7 +79,7 @@ public class PWCBsdr implements PasswordCallback {
         }
 
         //    System.out.println("after CMS.getConfigStore");
-        if (File.separator.equals("/")) {  
+        if (File.separator.equals("/")) {
             // Unix
             mCB = new PWsdrConsolePasswordCallback(prompt);
         } else {
@@ -98,7 +96,7 @@ public class PWCBsdr implements PasswordCallback {
      */
 
     public Password getPasswordFirstAttempt(PasswordCallbackInfo info)
-        throws PasswordCallback.GiveUpException {
+            throws PasswordCallback.GiveUpException {
 
         CMS.debug("in getPasswordFirstAttempt");
 
@@ -144,7 +142,7 @@ public class PWCBsdr implements PasswordCallback {
             if (tmpPrompt == null) { /* no name, fail */
                 System.out.println("Shouldn't get here");
                 throw new PasswordCallback.GiveUpException();
-            } else {  /* get password from password cache */
+            } else { /* get password from password cache */
 
                 CMS.debug("getting tag = " + tmpPrompt);
                 PWsdrCache pwc = new PWsdrCache(mPWcachedb, mLogger);
@@ -174,7 +172,7 @@ public class PWCBsdr implements PasswordCallback {
      * the password to the cache pw cache 
      */
     public Password getPasswordAgain(PasswordCallbackInfo info)
-        throws PasswordCallback.GiveUpException {
+            throws PasswordCallback.GiveUpException {
 
         CMS.debug("in getPasswordAgain");
         try {
@@ -208,12 +206,11 @@ public class PWCBsdr implements PasswordCallback {
         if (mLogger == null) {
             System.out.println(msg);
         } else {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "PWCBsdr " + msg); 
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "PWCBsdr " + msg);
         }
     }
 }
 
-
 class PWsdrConsolePasswordCallback implements PasswordCallback {
     private String mPrompt = null;
 
@@ -226,7 +223,7 @@ class PWsdrConsolePasswordCallback implements PasswordCallback {
     }
 
     public Password getPasswordFirstAttempt(PasswordCallbackInfo info)
-        throws PasswordCallback.GiveUpException {
+            throws PasswordCallback.GiveUpException {
         if (mPrompt == null) {
             System.out.println("Get password " + info.getName());
         } else {
@@ -239,7 +236,7 @@ class PWsdrConsolePasswordCallback implements PasswordCallback {
     }
 
     public Password getPasswordAgain(PasswordCallbackInfo info)
-        throws PasswordCallback.GiveUpException {
+            throws PasswordCallback.GiveUpException {
         System.out.println("Password Incorrect.");
         if (mPrompt == null) {
             System.out.println("Get password " + info.getName());
@@ -253,7 +250,6 @@ class PWsdrConsolePasswordCallback implements PasswordCallback {
     }
 }
 
-
 class PWsdrDialogPasswordCallback extends JDialogPasswordCallback {
     private String mPrompt = null;
 
@@ -270,4 +266,3 @@ class PWsdrDialogPasswordCallback extends JDialogPasswordCallback {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java b/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java
index 3be63691..524e7a50 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java
@@ -17,23 +17,20 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.BufferedReader;
 import java.io.InputStreamReader;
 
 import org.mozilla.jss.util.Password;
 import org.mozilla.jss.util.PasswordCallback;
 
-
-public class
-PWUtil {
+public class PWUtil {
     public static Password
-    readPasswordFromStream() 
-        throws PasswordCallback.GiveUpException {
+            readPasswordFromStream()
+                    throws PasswordCallback.GiveUpException {
         BufferedReader in;
 
         in = new BufferedReader(new InputStreamReader(System.in));
-    
+
         StringBuffer buf = new StringBuffer();
         String passwordString = new String();
         int c;
@@ -49,7 +46,7 @@ PWUtil {
                     if (ch != '\r') {
                         if (ch != '\n') {
                             buf.append(ch);
-                        } else {          
+                        } else {
                             passwordString = buf.toString();
                             buf.setLength(0);
                             break;
@@ -80,4 +77,3 @@ PWUtil {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java
index 12412f59..3d57c627 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.BufferedReader;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
@@ -46,7 +45,6 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmsutil.util.Utils;
 
-
 /* 
  * A class for managing passwords in the SDR password cache
  *
@@ -86,13 +84,13 @@ public class PWsdrCache {
             try {
                 cm = CryptoManager.getInstance();
                 mTokenName = CMS.getConfigStore().getString(PROP_PWC_TOKEN_NAME);
-                log (ILogger.LL_DEBUG, "pwcTokenname specified.  Use token for SDR key. tokenname= "+mTokenName);
+                log(ILogger.LL_DEBUG, "pwcTokenname specified.  Use token for SDR key. tokenname= " + mTokenName);
                 mToken = cm.getTokenByName(mTokenName);
             } catch (NotInitializedException e) {
-                log (ILogger.LL_FAILURE, e.toString());
+                log(ILogger.LL_FAILURE, e.toString());
                 throw new EBaseException(e.toString());
             } catch (Exception e) {
-                log (ILogger.LL_DEBUG, "no pwcTokenname specified, use internal token for SDR key");
+                log(ILogger.LL_DEBUG, "no pwcTokenname specified, use internal token for SDR key");
                 mToken = cm.getInternalKeyStorageToken();
             }
         }
@@ -103,11 +101,11 @@ public class PWsdrCache {
         if (mKeyID == null) {
             try {
                 String keyID = CMS.getConfigStore().getString(PROP_PWC_KEY_ID);
-                log (ILogger.LL_DEBUG, "retrieved PWC SDR key");
+                log(ILogger.LL_DEBUG, "retrieved PWC SDR key");
                 mKeyID = base64Decode(keyID);
-                
+
             } catch (Exception e) {
-                log (ILogger.LL_DEBUG, "no pwcSDRKey specified");
+                log(ILogger.LL_DEBUG, "no pwcSDRKey specified");
                 throw new EBaseException(e.toString());
             }
         }
@@ -131,10 +129,10 @@ public class PWsdrCache {
         cm = CryptoManager.getInstance();
         if (mTokenName != null) {
             mToken = cm.getTokenByName(mTokenName);
-            mToken =  cm.getInternalKeyStorageToken();
-            debug("PWsdrCache: mToken = "+mTokenName);
+            mToken = cm.getInternalKeyStorageToken();
+            debug("PWsdrCache: mToken = " + mTokenName);
         } else {
-            mToken =  cm.getInternalKeyStorageToken();
+            mToken = cm.getInternalKeyStorageToken();
             debug("PWsdrCache: mToken = internal");
         }
     }
@@ -147,20 +145,18 @@ public class PWsdrCache {
         return mTokenName;
     }
 
-    public void deleteUniqueNamedKey( String nickName )
-        throws Exception
-    {
-        KeyManager km = new KeyManager( mToken );
-        km.deleteUniqueNamedKey( nickName );
+    public void deleteUniqueNamedKey(String nickName)
+            throws Exception {
+        KeyManager km = new KeyManager(mToken);
+        km.deleteUniqueNamedKey(nickName);
     }
 
-    public byte[] generateSDRKey () throws Exception {
-		return generateSDRKeyWithNickName(PROP_PWC_NICKNAME);
+    public byte[] generateSDRKey() throws Exception {
+        return generateSDRKeyWithNickName(PROP_PWC_NICKNAME);
     }
 
-    public byte[] generateSDRKeyWithNickName (String nickName)
-        throws Exception
-    {
+    public byte[] generateSDRKeyWithNickName(String nickName)
+            throws Exception {
         try {
 
             if (mIsTool != true) {
@@ -173,24 +169,24 @@ public class PWsdrCache {
                     //                       prior to making an attempt to
                     //                       generate it!
                     //
-                    if( !( km.uniqueNamedKeyExists( nickName ) ) ) {
-                        mKeyID = km.generateUniqueNamedKey( nickName );
+                    if (!(km.uniqueNamedKeyExists(nickName))) {
+                        mKeyID = km.generateUniqueNamedKey(nickName);
                     }
                 } catch (TokenException e) {
-                    log (0, "generateSDRKey() failed on "+e.toString());
+                    log(0, "generateSDRKey() failed on " + e.toString());
                     throw e;
                 }
             }
         } catch (Exception e) {
-            log (ILogger.LL_FAILURE, e.toString());
+            log(ILogger.LL_FAILURE, e.toString());
             throw e;
         }
         return mKeyID;
     }
 
     public byte[] base64Decode(String s) throws IOException {
-         byte[] d = com.netscape.osutil.OSUtil.AtoB(s);
-         return d;
+        byte[] d = com.netscape.osutil.OSUtil.AtoB(s);
+        return d;
     }
 
     public static String base64Encode(byte[] bytes) throws IOException {
@@ -199,9 +195,9 @@ public class PWsdrCache {
         ByteArrayOutputStream output = new ByteArrayOutputStream();
         Base64OutputStream b64 = new Base64OutputStream(new
                 PrintStream(new
-                    FilterOutputStream(output)
+                        FilterOutputStream(output)
                 )
-            );
+                );
 
         b64.write(bytes);
         b64.flush();
@@ -211,10 +207,9 @@ public class PWsdrCache {
         return output.toString("8859_1");
     }
 
-
     // for PWCBsdr
     public PWsdrCache(String pwCache, ILogger logger) throws
-        EBaseException {
+            EBaseException {
         mLogger = logger;
         mPWcachedb = pwCache;
         initToken();
@@ -236,7 +231,7 @@ public class PWsdrCache {
      * add passwd in pwcache.
      */
     public void addEntry(String tag, String pwd, Hashtable tagPwds) throws EBaseException {
-        
+
         String stringToAdd = null;
         String bufs = null;
 
@@ -249,7 +244,7 @@ public class PWsdrCache {
                 tag = (String) enum1.nextElement();
                 pwd = (String) tagPwds.get(tag);
                 debug("password tag: " + tag + " stored in " + mPWcachedb);
-                
+
                 if (stringToAdd == null) {
                     stringToAdd = tag + ":" + pwd + "\n";
                 } else {
@@ -277,7 +272,7 @@ public class PWsdrCache {
             debug("adding new tag: " + tag);
             bufs = stringToAdd;
         }
-        
+
         // write update to cache
         writePWcache(bufs);
     }
@@ -307,7 +302,7 @@ public class PWsdrCache {
             debug("password cache contains no tags");
             return;
         }
-        
+
         // write update to cache
         writePWcache(bufs);
     }
@@ -394,35 +389,35 @@ public class PWsdrCache {
             File origFile = new File(mPWcachedb);
 
             try {
-                if( Utils.isNT() ) {
+                if (Utils.isNT()) {
                     // NT is very picky on the path
-                    Utils.exec( "copy " +
-                                tmpPWcache.getAbsolutePath().replace( '/',
-                                                                      '\\' ) +
+                    Utils.exec("copy " +
+                                tmpPWcache.getAbsolutePath().replace('/',
+                                                                      '\\') +
                                 " " +
-                                origFile.getAbsolutePath().replace( '/',
-                                                                    '\\' ) );
+                                origFile.getAbsolutePath().replace('/',
+                                                                    '\\'));
                 } else {
                     // Create a copy of the original file which
                     // preserves the original file permissions.
-                    Utils.exec( "cp -p " + tmpPWcache.getAbsolutePath() + " " +
-                                origFile.getAbsolutePath() );
+                    Utils.exec("cp -p " + tmpPWcache.getAbsolutePath() + " " +
+                                origFile.getAbsolutePath());
                 }
 
                 // Remove the original file if and only if
                 // the backup copy was successful.
-                if( origFile.exists() ) {
-                    if( !Utils.isNT() ) {
+                if (origFile.exists()) {
+                    if (!Utils.isNT()) {
                         try {
-                            Utils.exec( "chmod 00660 " +
-                                        origFile.getCanonicalPath() );
-                        } catch( IOException e ) {
-                            CMS.debug( "Unable to change file permissions on "
-                                     + origFile.toString() );
+                            Utils.exec("chmod 00660 " +
+                                        origFile.getCanonicalPath());
+                        } catch (IOException e) {
+                            CMS.debug("Unable to change file permissions on "
+                                     + origFile.toString());
                         }
                     }
                     tmpPWcache.delete();
-                    debug( "operation completed for " + mPWcachedb );
+                    debug("operation completed for " + mPWcachedb);
                 }
             } catch (Exception exx) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_CACHE", exx.toString()));
@@ -447,7 +442,7 @@ public class PWsdrCache {
         while (enum1.hasMoreElements()) {
             String tag = (String) enum1.nextElement();
             String pwd = (String) ht.get(tag);
-                
+
             if (returnString == null) {
                 returnString = tag + ":" + pwd + "\n";
             } else {
@@ -566,22 +561,22 @@ public class PWsdrCache {
             if (process.exitValue() == 0) {
 
                 /**
-                 pOut = new BufferedReader(
-                 new InputStreamReader(process.getInputStream()));
-                 while ((l = pOut.readLine()) != null) {
-                 System.out.println(l);
-                 }
+                 * pOut = new BufferedReader(
+                 * new InputStreamReader(process.getInputStream()));
+                 * while ((l = pOut.readLine()) != null) {
+                 * System.out.println(l);
+                 * }
                  **/
                 return true;
             } else {
 
                 /**
-                 pOut = new BufferedReader(
-                 new InputStreamReader(process.getErrorStream()));
-                 l = null;
-                 while ((l = pOut.readLine()) != null) {
-                 System.out.println(l);
-                 }
+                 * pOut = new BufferedReader(
+                 * new InputStreamReader(process.getErrorStream()));
+                 * l = null;
+                 * while ((l = pOut.readLine()) != null) {
+                 * System.out.println(l);
+                 * }
                  **/
                 return false;
             }
@@ -599,7 +594,7 @@ public class PWsdrCache {
     public void log(int level, String msg) {
         if (mLogger != null) {
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
-                "PWsdrCache " + msg);
+                    "PWsdrCache " + msg);
         } else if (mIsTool) {
             System.out.println(msg);
         } // else it's most likely the installation wizard...no logging
@@ -636,7 +631,7 @@ public class PWsdrCache {
                             line.length());
 
                     debug(tag.trim() +
-                        " : " + passwd.trim());
+                            " : " + passwd.trim());
                 } else {
                     //invalid format...log or throw...later
                     debug("invalid format");
diff --git a/pki/base/common/src/com/netscape/cmscore/security/Provider.java b/pki/base/common/src/com/netscape/cmscore/security/Provider.java
index 0e7f8e2e..540fe220 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/Provider.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/Provider.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 public class Provider extends java.security.Provider {
 
     /**
@@ -27,7 +26,7 @@ public class Provider extends java.security.Provider {
 
     public Provider() {
         super("CMS", 1.4,
-            "Provides Signature and Message Digesting");
+                "Provides Signature and Message Digesting");
 
         /////////////////////////////////////////////////////////////
         // Signature
@@ -46,7 +45,7 @@ public class Provider extends java.security.Provider {
         put("Signature.MD5/RSA", "org.mozilla.jss.provider.MD5RSASignature");
         put("Signature.MD2/RSA", "org.mozilla.jss.provider.MD2RSASignature");
         put("Signature.SHA-1/RSA",
-            "org.mozilla.jss.provider.SHA1RSASignature");
+                "org.mozilla.jss.provider.SHA1RSASignature");
 
         put("Alg.Alias.Signature.SHA1/RSA", "SHA-1/RSA");
 
diff --git a/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java
index 1ac8f0ea..581fc886 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.IOException;
 import java.security.KeyPair;
 
@@ -29,16 +28,15 @@ import com.netscape.certsrv.common.ConfigConstants;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.security.KeyCertData;
 
-
 /**
- * RA signing certificate 
+ * RA signing certificate
  * 
  * @author Christine Ho
  * @version $Revision$, $Date$
  */
 public class RASigningCert extends CertificateInfo {
-    public static final String SUBJECT_NAME = 
-        "CN=Registration Authority, O=Netscape Communications, C=US";
+    public static final String SUBJECT_NAME =
+            "CN=Registration Authority, O=Netscape Communications, C=US";
     private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME;
 
     public RASigningCert(KeyCertData properties) {
@@ -49,8 +47,8 @@ public class RASigningCert extends CertificateInfo {
         super(properties, pair);
         String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME);
 
-        if ((tmp != null) && 
-            (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))   
+        if ((tmp != null) &&
+                (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
             mTokenname = tmp;
         try {
             if (mProperties.get(Constants.PR_AKI) == null) {
@@ -79,7 +77,7 @@ public class RASigningCert extends CertificateInfo {
     public String getNickname() {
         String name = (String) mProperties.get(Constants.PR_NICKNAME);
         String instanceName =
-            (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+                (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
 
         if (name != null)
             return name;
@@ -113,4 +111,3 @@ public class RASigningCert extends CertificateInfo {
         return extension;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java b/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java
index eab48bdf..b54f24dc 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.IOException;
 import java.security.KeyPair;
 
@@ -29,16 +28,15 @@ import com.netscape.certsrv.common.ConfigConstants;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.security.KeyCertData;
 
-
 /**
- * SSL server certificate 
+ * SSL server certificate
  * 
  * @author Christine Ho
  * @version $Revision$, $Date$
  */
 public class SSLCert extends CertificateInfo {
-    public static final String SUBJECT_NAME = 
-        "CN=SSL, O=Netscape Communications, C=US";
+    public static final String SUBJECT_NAME =
+            "CN=SSL, O=Netscape Communications, C=US";
     private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME;
 
     public SSLCert(KeyCertData properties) {
@@ -49,8 +47,8 @@ public class SSLCert extends CertificateInfo {
         super(properties, pair);
         String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME);
 
-        if ((tmp != null) && 
-            (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))   
+        if ((tmp != null) &&
+                (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
             mTokenname = tmp;
         try {
             if (mProperties.get(Constants.PR_AKI) == null) {
@@ -88,7 +86,7 @@ public class SSLCert extends CertificateInfo {
     public String getNickname() {
         String name = (String) mProperties.get(Constants.PR_NICKNAME);
         String instanceName =
-            (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+                (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
 
         if (name != null)
             return name;
@@ -125,4 +123,3 @@ public class SSLCert extends CertificateInfo {
         return extension;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java b/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java
index ac7eb2ad..1d70e7a1 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.IOException;
 import java.security.KeyPair;
 
@@ -29,16 +28,15 @@ import com.netscape.certsrv.common.ConfigConstants;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.security.KeyCertData;
 
-
 /**
- * SSL server certificate 
+ * SSL server certificate
  * 
  * @author Christine Ho
  * @version $Revision$, $Date$
  */
 public class SSLSelfSignedCert extends CertificateInfo {
-    public static final String SUBJECT_NAME = 
-        "CN=SSL, O=Netscape Communications, C=US";
+    public static final String SUBJECT_NAME =
+            "CN=SSL, O=Netscape Communications, C=US";
     private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME;
 
     public SSLSelfSignedCert(KeyCertData properties) {
@@ -49,8 +47,8 @@ public class SSLSelfSignedCert extends CertificateInfo {
         super(properties, pair);
         String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME);
 
-        if ((tmp != null) && 
-            (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))   
+        if ((tmp != null) &&
+                (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
             mTokenname = tmp;
         mProperties.remove(Constants.PR_AKI);
 
@@ -80,7 +78,7 @@ public class SSLSelfSignedCert extends CertificateInfo {
     public String getNickname() {
         String name = (String) mProperties.get(Constants.PR_NICKNAME);
         String instanceName =
-            (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+                (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
 
         if (name != null)
             return name;
@@ -119,4 +117,3 @@ public class SSLSelfSignedCert extends CertificateInfo {
         return extension;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java b/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java
index bd630de8..aede5e4d 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.IOException;
 import java.security.KeyPair;
 
@@ -29,7 +28,6 @@ import com.netscape.certsrv.common.ConfigConstants;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.security.KeyCertData;
 
-
 /**
  * Subsystem certificate.
  * 
@@ -81,4 +79,3 @@ public class SubsystemCert extends CertificateInfo {
         return extension;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/selftests/SelfTestOrderedInstance.java b/pki/base/common/src/com/netscape/cmscore/selftests/SelfTestOrderedInstance.java
index f462c2e2..2146b290 100644
--- a/pki/base/common/src/com/netscape/cmscore/selftests/SelfTestOrderedInstance.java
+++ b/pki/base/common/src/com/netscape/cmscore/selftests/SelfTestOrderedInstance.java
@@ -20,14 +20,12 @@
 
 package com.netscape.cmscore.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
 
 import java.util.StringTokenizer;
 
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -53,7 +51,7 @@ public class SelfTestOrderedInstance {
     // SelfTestOrderedInstance parameters //
     ////////////////////////////////////////
 
-    private String  mInstanceName = null;
+    private String mInstanceName = null;
     private boolean mCritical = false;
 
     /////////////////////
@@ -65,9 +63,9 @@ public class SelfTestOrderedInstance {
      * A "listElement" contains a string of the form "[instanceName]" or
      * "[instanceName]:critical".
      * <P>
-     *
+     * 
      * @param listElement a string containing the "instanceName" and
-     * information indictating whether or not the instance is "critical"
+     *            information indictating whether or not the instance is "critical"
      */
     public SelfTestOrderedInstance(String listElement) {
         // strip preceding/trailing whitespace
@@ -108,7 +106,7 @@ public class SelfTestOrderedInstance {
     /**
      * Returns the name associated with this self test; may be null.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
     public String getSelfTestName() {
@@ -118,9 +116,9 @@ public class SelfTestOrderedInstance {
     /**
      * Returns the criticality associated with this self test.
      * <P>
-     *
+     * 
      * @return true if failure of this self test is fatal when
-     * it is executed; otherwise return false
+     *         it is executed; otherwise return false
      */
     public boolean isSelfTestCritical() {
         return mCritical;
@@ -129,11 +127,10 @@ public class SelfTestOrderedInstance {
     /**
      * Sets/resets the criticality associated with this self test.
      * <P>
-     *
+     * 
      * @param criticalMode the criticality of this self test
      */
     public void setSelfTestCriticalMode(boolean criticalMode) {
         mCritical = criticalMode;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java b/pki/base/common/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java
index 8104210d..9167cbf1 100644
--- a/pki/base/common/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java
@@ -20,7 +20,6 @@
 
 package com.netscape.cmscore.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -49,7 +48,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTest;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -63,19 +61,15 @@ import com.netscape.certsrv.selftests.ISelfTestSubsystem;
  * @version $Revision$, $Date$
  */
 public class SelfTestSubsystem
-    implements ISelfTestSubsystem {
+        implements ISelfTestSubsystem {
     ////////////////////////
     // default parameters //
     ////////////////////////
 
-
-
     ///////////////////////
     // helper parameters //
     ///////////////////////
 
-
-
     //////////////////////////////////
     // SelfTestSubsystem parameters //
     //////////////////////////////////
@@ -102,24 +96,22 @@ public class SelfTestSubsystem
     private static final String CRITICAL = "critical";
 
     private static final String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION =
-        "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2";
+            "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2";
 
     /////////////////////
     // default methods //
     /////////////////////
 
-
-
     ////////////////////
     // helper methods //
     ////////////////////
 
     /**
      * Signed Audit Log
-     *
+     * 
      * This helper method is called to store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
     private void audit(String msg) {
@@ -131,10 +123,10 @@ public class SelfTestSubsystem
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     /**
@@ -142,13 +134,13 @@ public class SelfTestSubsystem
      * substore name prepended in front of the plugin/parameter name). This
      * method may return null.
      * <P>
-     *
+     * 
      * @param instancePrefix full name of configuration store
      * @param instanceName instance name of self test
      * @return fullname of this self test plugin
      */
     private String getFullName(String instancePrefix,
-        String instanceName) {
+            String instanceName) {
         String instanceFullName = null;
 
         // strip preceding/trailing whitespace
@@ -161,9 +153,9 @@ public class SelfTestSubsystem
         }
 
         if ((instancePrefix != null) &&
-            (instancePrefix != "")) {
+                (instancePrefix != "")) {
             if ((instanceName != null) &&
-                (instanceName != "")) {
+                    (instanceName != "")) {
                 instanceFullName = instancePrefix
                         + "."
                         + instanceName;
@@ -179,13 +171,13 @@ public class SelfTestSubsystem
      * This helper method checks to see if an instance name/value
      * pair exists for the corresponding ordered list element.
      * <P>
-     *
+     * 
      * @param element owner of this subsystem
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
     private void checkInstance(SelfTestOrderedInstance element)
-        throws EInvalidSelfTestException, EMissingSelfTestException {
+            throws EInvalidSelfTestException, EMissingSelfTestException {
         String instanceFullName = null;
         String instanceName = null;
         String instanceValue = null;
@@ -200,8 +192,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -211,16 +203,15 @@ public class SelfTestSubsystem
             instanceValue = instanceConfig.getString(instanceName);
 
             if ((instanceValue == null) ||
-                (instanceValue.equals(""))) {
+                    (instanceValue.equals(""))) {
                 // self test plugin instance property name exists,
                 // but it contains no value(s)
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_MISSING_VALUES",
-                        instanceFullName));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_MISSING_VALUES",
+                                instanceFullName));
 
-                throw new
-                    EMissingSelfTestException(instanceFullName,
+                throw new EMissingSelfTestException(instanceFullName,
                         instanceValue);
             } else {
                 instanceValue = instanceValue.trim();
@@ -229,18 +220,18 @@ public class SelfTestSubsystem
         } catch (EPropertyNotFound e) {
             // self test plugin instance property name is not present
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                    instanceFullName));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                            instanceFullName));
 
             throw new EMissingSelfTestException(instanceFullName);
         } catch (EBaseException e) {
             // self test plugin instance EBaseException
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
-                    instanceFullName,
-                    instanceValue));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
+                            instanceFullName,
+                            instanceValue));
 
             throw new EInvalidSelfTestException(instanceFullName,
                     instanceValue);
@@ -259,7 +250,7 @@ public class SelfTestSubsystem
      * List the instance names of all the self tests enabled to run on demand
      * (in execution order); may return null.
      * <P>
-     *
+     * 
      * @return list of self test instance names run on demand
      */
     public String[] listSelfTestsEnabledOnDemand() {
@@ -271,7 +262,7 @@ public class SelfTestSubsystem
             mList = new String[numElements];
         } else {
             return null;
-        } 
+        }
 
         // loop through all self test plugin instances
         // specified to be executed on demand
@@ -281,7 +272,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             mList[i] = instance.getSelfTestName();
             if (mList[i] != null) {
@@ -296,24 +287,24 @@ public class SelfTestSubsystem
     /**
      * Enable the specified self test to be executed on demand.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @param isCritical isCritical is either a critical failure (true) or
-     * a non-critical failure (false)
+     *            a non-critical failure (false)
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
     public void enableSelfTestOnDemand(String instanceName,
-        boolean isCritical)
-        throws EInvalidSelfTestException, EMissingSelfTestException {
+            boolean isCritical)
+            throws EInvalidSelfTestException, EMissingSelfTestException {
         // strip preceding/trailing whitespace
         // from passed-in String parameters
         if (instanceName != null) {
             instanceName = instanceName.trim();
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -324,7 +315,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             if (instanceName.equals(instance.getSelfTestName())) {
                 instance.setSelfTestCriticalMode(isCritical);
@@ -358,12 +349,12 @@ public class SelfTestSubsystem
     /**
      * Disable the specified self test from being able to be executed on demand.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public void disableSelfTestOnDemand(String instanceName)
-        throws EMissingSelfTestException {
+            throws EMissingSelfTestException {
         String instanceFullName = null;
 
         // strip preceding/trailing whitespace
@@ -374,8 +365,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -386,7 +377,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             if (instanceName.equals(instance.getSelfTestName())) {
                 mOnDemandOrder.remove(instance);
@@ -396,9 +387,9 @@ public class SelfTestSubsystem
 
         // self test plugin instance property name is not present
         log(mLogger,
-            CMS.getLogMessage(
-                "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                instanceFullName));
+                CMS.getLogMessage(
+                        "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                        instanceFullName));
 
         throw new EMissingSelfTestException(instanceFullName);
     }
@@ -406,21 +397,21 @@ public class SelfTestSubsystem
     /**
      * Determine if the specified self test is enabled to be executed on demand.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @return true if the specified self test is enabled on demand
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public boolean isSelfTestEnabledOnDemand(String instanceName)
-        throws EMissingSelfTestException {
+            throws EMissingSelfTestException {
         // strip preceding/trailing whitespace
         // from passed-in String parameters
         if (instanceName != null) {
             instanceName = instanceName.trim();
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -431,7 +422,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             if (instanceName.equals(instance.getSelfTestName())) {
                 return true;
@@ -442,17 +433,17 @@ public class SelfTestSubsystem
     }
 
     /**
-     * Determine if failure of the specified self test is fatal when 
+     * Determine if failure of the specified self test is fatal when
      * it is executed on demand.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @return true if failure of the specified self test is fatal when
-     * it is executed on demand
+     *         it is executed on demand
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public boolean isSelfTestCriticalOnDemand(String instanceName)
-        throws EMissingSelfTestException {
+            throws EMissingSelfTestException {
         String instanceFullName = null;
 
         // strip preceding/trailing whitespace
@@ -463,8 +454,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -475,7 +466,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             if (instanceName.equals(instance.getSelfTestName())) {
                 if (instance.isSelfTestCritical()) {
@@ -488,9 +479,9 @@ public class SelfTestSubsystem
 
         // self test plugin instance property name is not present
         log(mLogger,
-            CMS.getLogMessage(
-                "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                instanceFullName));
+                CMS.getLogMessage(
+                        "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                        instanceFullName));
 
         throw new EMissingSelfTestException(instanceFullName);
     }
@@ -498,15 +489,15 @@ public class SelfTestSubsystem
     /**
      * Execute all self tests specified to be run on demand.
      * <P>
-     *
+     * 
      * @exception EMissingSelfTestException subsystem has missing name
      * @exception ESelfTestException self test exception
      */
     public void runSelfTestsOnDemand()
-        throws EMissingSelfTestException, ESelfTestException {
+            throws EMissingSelfTestException, ESelfTestException {
         if (CMS.debugOn()) {
             CMS.debug("SelfTestSubsystem::runSelfTestsOnDemand():"
-                + "  ENTERING . . .");
+                    + "  ENTERING . . .");
         }
 
         // loop through all self test plugin instances
@@ -515,7 +506,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             String instanceFullName = null;
             String instanceName = instance.getSelfTestName();
@@ -526,22 +517,22 @@ public class SelfTestSubsystem
                             instanceName);
             } else {
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
                 throw new EMissingSelfTestException();
             }
 
             if (mSelfTestInstances.containsKey(instanceName)) {
                 ISelfTest test = (ISelfTest)
-                    mSelfTestInstances.get(instanceName);
+                        mSelfTestInstances.get(instanceName);
 
                 try {
                     if (CMS.debugOn()) {
                         CMS.debug("SelfTestSubsystem::runSelfTestsOnDemand():"
-                            + "    running \""
-                            + test.getSelfTestName()
-                            + "\"");
+                                + "    running \""
+                                + test.getSelfTestName()
+                                + "\"");
                     }
 
                     test.runSelfTest(mLogger);
@@ -549,9 +540,9 @@ public class SelfTestSubsystem
                     // Check to see if the self test was critical:
                     if (isSelfTestCriticalOnDemand(instanceName)) {
                         log(mLogger,
-                            CMS.getLogMessage(
-                                "CMSCORE_SELFTESTS_RUN_ON_DEMAND_FAILED",
-                                instanceFullName));
+                                CMS.getLogMessage(
+                                        "CMSCORE_SELFTESTS_RUN_ON_DEMAND_FAILED",
+                                        instanceFullName));
 
                         // shutdown the system gracefully
                         CMS.shutdown();
@@ -562,9 +553,9 @@ public class SelfTestSubsystem
             } else {
                 // self test plugin instance property name is not present
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                        instanceFullName));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                                instanceFullName));
 
                 throw new EMissingSelfTestException(instanceFullName);
             }
@@ -572,7 +563,7 @@ public class SelfTestSubsystem
 
         if (CMS.debugOn()) {
             CMS.debug("SelfTestSubsystem::runSelfTestsOnDemand():"
-                + "  EXITING.");
+                    + "  EXITING.");
         }
     }
 
@@ -584,7 +575,7 @@ public class SelfTestSubsystem
      * List the instance names of all the self tests enabled to run
      * at server startup (in execution order); may return null.
      * <P>
-     *
+     * 
      * @return list of self test instance names run at server startup
      */
     public String[] listSelfTestsEnabledAtStartup() {
@@ -596,7 +587,7 @@ public class SelfTestSubsystem
             mList = new String[numElements];
         } else {
             return null;
-        } 
+        }
 
         // loop through all self test plugin instances
         // specified to be executed at server startup
@@ -606,7 +597,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             mList[i] = instance.getSelfTestName();
             if (mList[i] != null) {
@@ -621,24 +612,24 @@ public class SelfTestSubsystem
     /**
      * Enable the specified self test at server startup.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @param isCritical isCritical is either a critical failure (true) or
-     * a non-critical failure (false)
+     *            a non-critical failure (false)
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
     public void enableSelfTestAtStartup(String instanceName,
-        boolean isCritical)
-        throws EInvalidSelfTestException, EMissingSelfTestException {
+            boolean isCritical)
+            throws EInvalidSelfTestException, EMissingSelfTestException {
         // strip preceding/trailing whitespace
         // from passed-in String parameters
         if (instanceName != null) {
             instanceName = instanceName.trim();
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -649,7 +640,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             if (instanceName.equals(instance.getSelfTestName())) {
                 instance.setSelfTestCriticalMode(isCritical);
@@ -683,12 +674,12 @@ public class SelfTestSubsystem
     /**
      * Disable the specified self test at server startup.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public void disableSelfTestAtStartup(String instanceName)
-        throws EMissingSelfTestException {
+            throws EMissingSelfTestException {
         String instanceFullName = null;
 
         // strip preceding/trailing whitespace
@@ -699,8 +690,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -711,7 +702,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             if (instanceName.equals(instance.getSelfTestName())) {
                 mStartupOrder.remove(instance);
@@ -721,9 +712,9 @@ public class SelfTestSubsystem
 
         // self test plugin instance property name is not present
         log(mLogger,
-            CMS.getLogMessage(
-                "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                instanceFullName));
+                CMS.getLogMessage(
+                        "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                        instanceFullName));
 
         throw new EMissingSelfTestException(instanceFullName);
     }
@@ -732,21 +723,21 @@ public class SelfTestSubsystem
      * Determine if the specified self test is executed automatically
      * at server startup.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @return true if the specified self test is executed at server startup
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public boolean isSelfTestEnabledAtStartup(String instanceName)
-        throws EMissingSelfTestException {
+            throws EMissingSelfTestException {
         // strip preceding/trailing whitespace
         // from passed-in String parameters
         if (instanceName != null) {
             instanceName = instanceName.trim();
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -757,7 +748,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             if (instanceName.equals(instance.getSelfTestName())) {
                 return true;
@@ -771,14 +762,14 @@ public class SelfTestSubsystem
      * Determine if failure of the specified self test is fatal to
      * server startup.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @return true if failure of the specified self test is fatal to
-     * server startup
+     *         server startup
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public boolean isSelfTestCriticalAtStartup(String instanceName)
-        throws EMissingSelfTestException {
+            throws EMissingSelfTestException {
         String instanceFullName = null;
 
         // strip preceding/trailing whitespace
@@ -789,8 +780,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -801,7 +792,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             if (instanceName.equals(instance.getSelfTestName())) {
                 if (instance.isSelfTestCritical()) {
@@ -814,9 +805,9 @@ public class SelfTestSubsystem
 
         // self test plugin instance property name is not present
         log(mLogger,
-            CMS.getLogMessage(
-                "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                instanceFullName));
+                CMS.getLogMessage(
+                        "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                        instanceFullName));
 
         throw new EMissingSelfTestException(instanceFullName);
     }
@@ -824,16 +815,16 @@ public class SelfTestSubsystem
     /**
      * Execute all self tests specified to be run at server startup.
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self
-     * tests are run at server startup
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self tests are run at server startup
      * </ul>
+     * 
      * @exception EMissingSelfTestException subsystem has missing name
      * @exception ESelfTestException self test exception
      */
     public void runSelfTestsAtStartup()
-        throws EMissingSelfTestException, ESelfTestException {
+            throws EMissingSelfTestException, ESelfTestException {
         String auditMessage = null;
 
         // ensure that any low-level exceptions are reported
@@ -841,7 +832,7 @@ public class SelfTestSubsystem
         try {
             if (CMS.debugOn()) {
                 CMS.debug("SelfTestSubsystem::runSelfTestsAtStartup():"
-                    + "  ENTERING . . .");
+                        + "  ENTERING . . .");
             }
 
             // loop through all self test plugin instances
@@ -850,7 +841,7 @@ public class SelfTestSubsystem
 
             while (instances.hasMoreElements()) {
                 SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                    instances.nextElement();
+                        instances.nextElement();
 
                 String instanceFullName = null;
                 String instanceName = instance.getSelfTestName();
@@ -861,8 +852,8 @@ public class SelfTestSubsystem
                                 instanceName);
                 } else {
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
@@ -877,14 +868,14 @@ public class SelfTestSubsystem
 
                 if (mSelfTestInstances.containsKey(instanceName)) {
                     ISelfTest test = (ISelfTest)
-                        mSelfTestInstances.get(instanceName);
+                            mSelfTestInstances.get(instanceName);
 
                     try {
                         if (CMS.debugOn()) {
                             CMS.debug("SelfTestSubsystem::runSelfTestsAtStartup():"
-                                + "    running \""
-                                + test.getSelfTestName()
-                                + "\"");
+                                    + "    running \""
+                                    + test.getSelfTestName()
+                                    + "\"");
                         }
 
                         test.runSelfTest(mLogger);
@@ -892,9 +883,9 @@ public class SelfTestSubsystem
                         // Check to see if the self test was critical:
                         if (isSelfTestCriticalAtStartup(instanceName)) {
                             log(mLogger,
-                                CMS.getLogMessage(
-                                    "CMSCORE_SELFTESTS_RUN_AT_STARTUP_FAILED",
-                                    instanceFullName));
+                                    CMS.getLogMessage(
+                                            "CMSCORE_SELFTESTS_RUN_AT_STARTUP_FAILED",
+                                            instanceFullName));
 
                             // store a message in the signed audit log file
                             auditMessage = CMS.getLogMessage(
@@ -913,9 +904,9 @@ public class SelfTestSubsystem
                 } else {
                     // self test plugin instance property name is not present
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                            instanceFullName));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                                    instanceFullName));
 
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
@@ -939,7 +930,7 @@ public class SelfTestSubsystem
 
             if (CMS.debugOn()) {
                 CMS.debug("SelfTestSubsystem::runSelfTestsAtStartup():"
-                    + "  EXITING.");
+                        + "  EXITING.");
             }
         } catch (EMissingSelfTestException eAudit1) {
             // store a message in the signed audit log file
@@ -964,9 +955,9 @@ public class SelfTestSubsystem
 
     /**
      * Retrieve an individual self test from the instances list
-     * given its instance name.  This method may return null.
+     * given its instance name. This method may return null.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @return individual self test
      */
@@ -1001,7 +992,7 @@ public class SelfTestSubsystem
      * Returns the ILogEventListener of this subsystem.
      * This method may return null.
      * <P>
-     *
+     * 
      * @return ILogEventListener of this subsystem
      */
     public ILogEventListener getSelfTestLogger() {
@@ -1011,7 +1002,7 @@ public class SelfTestSubsystem
     /**
      * This method represents the log interface for the self test subsystem.
      * <P>
-     *
+     * 
      * @param logger log event listener
      * @param msg self test log message
      */
@@ -1027,21 +1018,21 @@ public class SelfTestSubsystem
             ev.setLevel(ILogger.LL_INFO);
             try {
                 logger.log(ev);
-            } catch( ELogException le ) { 
+            } catch (ELogException le) {
                 // log the message to the "transactions" log
                 mErrorLogger.log(ILogger.EV_AUDIT,
-                    null,
-                    ILogger.S_OTHER,
-                    ILogger.LL_INFO,
-                    msg + " - " + le.toString() );
+                        null,
+                        ILogger.S_OTHER,
+                        ILogger.LL_INFO,
+                        msg + " - " + le.toString());
             }
         } else {
             // log the message to the "transactions" log
             mErrorLogger.log(ILogger.EV_AUDIT,
-                null,
-                ILogger.S_OTHER,
-                ILogger.LL_INFO,
-                msg);
+                    null,
+                    ILogger.S_OTHER,
+                    ILogger.LL_INFO,
+                    msg);
         }
     }
 
@@ -1050,19 +1041,19 @@ public class SelfTestSubsystem
      * on the "on demand" list (note that the specified self test
      * will be appended to the end of each list).
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @param isCritical isCritical is either a critical failure (true) or
-     * a non-critical failure (false)
+     *            a non-critical failure (false)
      * @param instance individual self test
      * @exception EDuplicateSelfTestException subsystem has duplicate name
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
     public void registerSelfTestOnDemand(String instanceName,
-        boolean isCritical,
-        ISelfTest instance)
-        throws EDuplicateSelfTestException,
+            boolean isCritical,
+            ISelfTest instance)
+            throws EDuplicateSelfTestException,
             EInvalidSelfTestException,
             EMissingSelfTestException {
         String instanceFullName = null;
@@ -1075,8 +1066,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -1084,9 +1075,9 @@ public class SelfTestSubsystem
         if (mSelfTestInstances.containsKey(instanceName)) {
             // self test plugin instance property name is a duplicate
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_DUPLICATE_NAME",
-                    instanceFullName));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_DUPLICATE_NAME",
+                            instanceFullName));
 
             throw new EDuplicateSelfTestException(instanceFullName);
         } else {
@@ -1103,12 +1094,12 @@ public class SelfTestSubsystem
      * on the "on demand" list (note that the specified self test
      * will be removed from each list).
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public void deregisterSelfTestOnDemand(String instanceName)
-        throws EMissingSelfTestException {
+            throws EMissingSelfTestException {
         String instanceFullName = null;
 
         // strip preceding/trailing whitespace
@@ -1119,8 +1110,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -1131,9 +1122,9 @@ public class SelfTestSubsystem
         if (test == null) {
             // self test plugin instance property name is not present
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                    instanceFullName));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                            instanceFullName));
 
             throw new EMissingSelfTestException(instanceFullName);
         } else {
@@ -1150,19 +1141,19 @@ public class SelfTestSubsystem
      * on the "startup" list (note that the specified self test
      * will be appended to the end of each list).
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @param isCritical isCritical is either a critical failure (true) or
-     * a non-critical failure (false)
+     *            a non-critical failure (false)
      * @param instance individual self test
      * @exception EDuplicateSelfTestException subsystem has duplicate name
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
     public void registerSelfTestAtStartup(String instanceName,
-        boolean isCritical,
-        ISelfTest instance)
-        throws EDuplicateSelfTestException,
+            boolean isCritical,
+            ISelfTest instance)
+            throws EDuplicateSelfTestException,
             EInvalidSelfTestException,
             EMissingSelfTestException {
         String instanceFullName = null;
@@ -1175,8 +1166,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -1184,9 +1175,9 @@ public class SelfTestSubsystem
         if (mSelfTestInstances.containsKey(instanceName)) {
             // self test plugin instance property name is a duplicate
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_DUPLICATE_NAME",
-                    instanceFullName));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_DUPLICATE_NAME",
+                            instanceFullName));
 
             throw new EDuplicateSelfTestException(instanceFullName);
         } else {
@@ -1203,12 +1194,12 @@ public class SelfTestSubsystem
      * on the "startup" list (note that the specified self test
      * will be removed from each list).
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public void deregisterSelfTestAtStartup(String instanceName)
-        throws EMissingSelfTestException {
+            throws EMissingSelfTestException {
         String instanceFullName = null;
 
         // strip preceding/trailing whitespace
@@ -1219,8 +1210,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -1231,9 +1222,9 @@ public class SelfTestSubsystem
         if (test == null) {
             // self test plugin instance property name is not present
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                    instanceFullName));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                            instanceFullName));
 
             throw new EMissingSelfTestException(instanceFullName);
         } else {
@@ -1250,10 +1241,10 @@ public class SelfTestSubsystem
     ////////////////////////
 
     /**
-     * This method retrieves the name of this subsystem.  This method
+     * This method retrieves the name of this subsystem. This method
      * may return null.
      * <P>
-     *
+     * 
      * @return identification of this subsystem
      */
     public String getId() {
@@ -1263,20 +1254,20 @@ public class SelfTestSubsystem
     /**
      * This method sets information specific to this subsystem.
      * <P>
-     *
+     * 
      * @param id identification of this subsystem
      * @exception EBaseException base CMS exception
      */
     public void setId(String id)
-        throws EBaseException {
+            throws EBaseException {
         // strip preceding/trailing whitespace
         // from passed-in String parameters
         if (id != null) {
             id = id.trim();
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EBaseException("id is null");
         }
@@ -1287,29 +1278,29 @@ public class SelfTestSubsystem
     /**
      * This method initializes this subsystem.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      * @exception EBaseException base CMS exception
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         if (CMS.debugOn()) {
             CMS.debug("SelfTestSubsystem::init():"
-                + "  ENTERING . . .");
+                    + "  ENTERING . . .");
         }
 
-        if( config == null ) {
-            CMS.debug( "SelfTestSubsystem::init() - config is null!" );
-            throw new EBaseException( "config is null" );
+        if (config == null) {
+            CMS.debug("SelfTestSubsystem::init() - config is null!");
+            throw new EBaseException("config is null");
         }
 
         mOwner = owner;
         mConfig = config;
 
         if ((mConfig != null) &&
-            (mConfig.getName() != null) &&
-            (mConfig.getName() != "")) {
+                (mConfig.getName() != null) &&
+                (mConfig.getName() != "")) {
             mRootPrefix = mConfig.getName().trim();
         }
 
@@ -1325,7 +1316,7 @@ public class SelfTestSubsystem
 
         if (CMS.debugOn()) {
             CMS.debug("SelfTestSubsystem::init():"
-                + "    loading self test logger parameters");
+                    + "    loading self test logger parameters");
         }
 
         String loggerPrefix = null;
@@ -1338,19 +1329,19 @@ public class SelfTestSubsystem
         IConfigStore loggerConfig = mConfig.getSubStore(loggerPath);
 
         if ((loggerConfig != null) &&
-            (loggerConfig.getName() != null) &&
-            (loggerConfig.getName() != "")) {
+                (loggerConfig.getName() != null) &&
+                (loggerConfig.getName() != "")) {
             loggerPrefix = loggerConfig.getName().trim();
         } else {
             // NOTE:  These messages can only be logged to the "transactions"
             //        log, since the "selftests.log" will not exist!
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
 
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -1376,12 +1367,11 @@ public class SelfTestSubsystem
                     //        "transactions" log, since the "selftests.log"
                     //        will not exist!
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_PROPERTY_MISSING_VALUES",
-                            loggerFullName));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_PROPERTY_MISSING_VALUES",
+                                    loggerFullName));
 
-                    throw new
-                        EMissingSelfTestException(loggerFullName,
+                    throw new EMissingSelfTestException(loggerFullName,
                             loggerValue);
                 }
 
@@ -1392,14 +1382,14 @@ public class SelfTestSubsystem
                     //        "transactions" log, since the "selftests.log"
                     //        will not exist!
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
 
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_PROPERTY_INVALID_INSTANCE",
-                            loggerFullName,
-                            loggerValue));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_PROPERTY_INVALID_INSTANCE",
+                                    loggerFullName,
+                                    loggerValue));
 
                     throw new EInvalidSelfTestException(loggerFullName,
                             loggerValue);
@@ -1415,14 +1405,14 @@ public class SelfTestSubsystem
                 //        "transactions" log, since the "selftests.log"
                 //        will not exist!
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
 
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
-                        loggerFullName,
-                        loggerValue));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
+                                loggerFullName,
+                                loggerValue));
 
                 throw new EInvalidSelfTestException(loggerFullName,
                         loggerValue);
@@ -1431,14 +1421,14 @@ public class SelfTestSubsystem
                 //        "transactions" log, since the "selftests.log"
                 //        will not exist!
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
 
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_THREW_EXCEPTION",
-                        loggerFullName,
-                        loggerValue));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_THREW_EXCEPTION",
+                                loggerFullName,
+                                loggerValue));
 
                 CMS.debugStackTrace();
 
@@ -1454,20 +1444,20 @@ public class SelfTestSubsystem
             //        "transactions" log, since the "selftests.log"
             //        will not exist!
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
 
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_DONT_LOAD_LOGGER_PARAMETERS"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_DONT_LOAD_LOGGER_PARAMETERS"));
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
 
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_LOAD_LOGGER_PARAMETERS"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_LOAD_LOGGER_PARAMETERS"));
         }
 
         ////////////////////////////////////////
@@ -1476,7 +1466,7 @@ public class SelfTestSubsystem
 
         if (CMS.debugOn()) {
             CMS.debug("SelfTestSubsystem::init():"
-                + "    loading self test plugins");
+                    + "    loading self test plugins");
         }
 
         // compose self test plugins instance property prefix
@@ -1484,13 +1474,13 @@ public class SelfTestSubsystem
         IConfigStore instanceConfig = mConfig.getSubStore(instancePath);
 
         if ((instanceConfig != null) &&
-            (instanceConfig.getName() != null) &&
-            (instanceConfig.getName() != "")) {
+                (instanceConfig.getName() != null) &&
+                (instanceConfig.getName() != "")) {
             mPrefix = instanceConfig.getName().trim();
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -1499,12 +1489,12 @@ public class SelfTestSubsystem
 
         if (instances.hasMoreElements()) {
             loadStatus++;
-  
+
             log(mLogger,
-                CMS.getLogMessage("CMSCORE_SELFTESTS_LOAD_PLUGINS"));
+                    CMS.getLogMessage("CMSCORE_SELFTESTS_LOAD_PLUGINS"));
         } else {
             log(mLogger,
-                CMS.getLogMessage("CMSCORE_SELFTESTS_DONT_LOAD_PLUGINS"));
+                    CMS.getLogMessage("CMSCORE_SELFTESTS_DONT_LOAD_PLUGINS"));
         }
 
         // load all self test plugin instances
@@ -1522,8 +1512,8 @@ public class SelfTestSubsystem
                             instanceName);
             } else {
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
                 throw new EMissingSelfTestException();
             }
@@ -1531,9 +1521,9 @@ public class SelfTestSubsystem
             if (mSelfTestInstances.containsKey(instanceName)) {
                 // self test plugin instance property name is a duplicate
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_DUPLICATE_NAME",
-                        instanceFullName));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_DUPLICATE_NAME",
+                                instanceFullName));
 
                 throw new EDuplicateSelfTestException(instanceFullName);
             }
@@ -1547,21 +1537,20 @@ public class SelfTestSubsystem
                     // self test plugin instance property name exists,
                     // but it contains no value(s)
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_PROPERTY_MISSING_VALUES",
-                            instanceFullName));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_PROPERTY_MISSING_VALUES",
+                                    instanceFullName));
 
-                    throw new
-                        EMissingSelfTestException(instanceFullName,
+                    throw new EMissingSelfTestException(instanceFullName,
                             instanceValue);
                 }
             } catch (EBaseException e) {
                 // self test property name EBaseException
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
-                        instanceFullName,
-                        instanceValue));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
+                                instanceFullName,
+                                instanceValue));
 
                 throw new EInvalidSelfTestException(instanceFullName,
                         instanceValue);
@@ -1575,20 +1564,20 @@ public class SelfTestSubsystem
 
                 if (!(o instanceof ISelfTest)) {
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_PROPERTY_INVALID_INSTANCE",
-                            instanceFullName,
-                            instanceValue));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_PROPERTY_INVALID_INSTANCE",
+                                    instanceFullName,
+                                    instanceValue));
 
                     throw new EInvalidSelfTestException(instanceFullName,
                             instanceValue);
                 }
             } catch (Exception e) {
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_THREW_EXCEPTION",
-                        instanceFullName,
-                        instanceValue));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_THREW_EXCEPTION",
+                                instanceFullName,
+                                instanceValue));
 
                 CMS.debugStackTrace();
 
@@ -1603,12 +1592,12 @@ public class SelfTestSubsystem
 
                     if (CMS.debugOn()) {
                         CMS.debug("SelfTestSubsystem::init():"
-                            + "    loading self test plugin parameters");
+                                + "    loading self test plugin parameters");
                     }
 
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_LOAD_PLUGIN_PARAMETERS"));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_LOAD_PLUGIN_PARAMETERS"));
                 }
 
                 ISelfTest test = (ISelfTest) o;
@@ -1619,26 +1608,26 @@ public class SelfTestSubsystem
                 mSelfTestInstances.put(instanceName, test);
             } catch (EDuplicateSelfTestException e) {
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PLUGIN_DUPLICATE_PARAMETER",
-                        instanceFullName,
-                        e.getInstanceParameter()));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PLUGIN_DUPLICATE_PARAMETER",
+                                instanceFullName,
+                                e.getInstanceParameter()));
 
                 throw e;
             } catch (EMissingSelfTestException e) {
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PLUGIN_MISSING_PARAMETER",
-                        instanceFullName,
-                        e.getInstanceParameter()));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PLUGIN_MISSING_PARAMETER",
+                                instanceFullName,
+                                e.getInstanceParameter()));
 
                 throw e;
             } catch (EInvalidSelfTestException e) {
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PLUGIN_INVALID_PARAMETER",
-                        instanceFullName,
-                        e.getInstanceParameter()));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PLUGIN_INVALID_PARAMETER",
+                                instanceFullName,
+                                e.getInstanceParameter()));
 
                 throw e;
             }
@@ -1650,13 +1639,13 @@ public class SelfTestSubsystem
 
         if (CMS.debugOn()) {
             CMS.debug("SelfTestSubsystem::init():"
-                + "    loading on demand self tests");
+                    + "    loading on demand self tests");
         }
 
         // compose self test plugins on-demand ordering property name
         String onDemandOrderName = PROP_CONTAINER + "."
-            + PROP_ORDER + "."
-            + PROP_ON_DEMAND;
+                + PROP_ORDER + "."
+                + PROP_ON_DEMAND;
         String onDemandOrderFullName = getFullName(mRootPrefix,
                 onDemandOrderName);
         String onDemandOrderValues = null;
@@ -1672,23 +1661,23 @@ public class SelfTestSubsystem
             loadStatus++;
 
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_LOAD_PLUGINS_ON_DEMAND"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_LOAD_PLUGINS_ON_DEMAND"));
 
             if ((onDemandOrderValues == null) ||
-                (onDemandOrderValues.equals(""))) {
+                    (onDemandOrderValues.equals(""))) {
                 // self test plugins on-demand ordering property name
                 // exists, but it contains no values, which means that
                 // no self tests are configured to run on-demand
-                if( ( onDemandOrderFullName != null ) &&
-                    ( !onDemandOrderFullName.equals( "" ) ) ) {
+                if ((onDemandOrderFullName != null) &&
+                        (!onDemandOrderFullName.equals(""))) {
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_MISSING_ON_DEMAND_VALUES",
-                            onDemandOrderFullName));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_MISSING_ON_DEMAND_VALUES",
+                                    onDemandOrderFullName));
                 }
-                throw new EBaseException( "onDemandOrderValues is null "
-                                        + "or empty" );
+                throw new EBaseException("onDemandOrderValues is null "
+                                        + "or empty");
             }
 
             StringTokenizer tokens = new StringTokenizer(onDemandOrderValues,
@@ -1715,17 +1704,17 @@ public class SelfTestSubsystem
 
             // presently, we merely log this fact
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_DONT_LOAD_PLUGINS_ON_DEMAND"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_DONT_LOAD_PLUGINS_ON_DEMAND"));
 
             // throw new EMissingSelfTestException( onDemandOrderFullName );
         } catch (EBaseException e) {
             // self test property name EBaseException
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
-                    onDemandOrderFullName,
-                    onDemandOrderValues));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
+                            onDemandOrderFullName,
+                            onDemandOrderValues));
 
             throw new EInvalidSelfTestException(onDemandOrderFullName,
                     onDemandOrderValues);
@@ -1737,13 +1726,13 @@ public class SelfTestSubsystem
 
         if (CMS.debugOn()) {
             CMS.debug("SelfTestSubsystem::init():"
-                + "    loading startup self tests");
+                    + "    loading startup self tests");
         }
 
         // compose self test plugins startup ordering property name
         String startupOrderName = PROP_CONTAINER + "."
-            + PROP_ORDER + "."
-            + PROP_STARTUP;
+                + PROP_ORDER + "."
+                + PROP_STARTUP;
         String startupOrderFullName = getFullName(mRootPrefix,
                 startupOrderName);
         String startupOrderValues = null;
@@ -1759,20 +1748,20 @@ public class SelfTestSubsystem
             loadStatus++;
 
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_LOAD_PLUGINS_AT_STARTUP"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_LOAD_PLUGINS_AT_STARTUP"));
 
             if ((startupOrderValues == null) ||
-                (startupOrderValues.equals(""))) {
+                    (startupOrderValues.equals(""))) {
                 // self test plugins startup ordering property name
                 // exists, but it contains no values, which means that
                 // no self tests are configured to run at server startup
-                if( ( startupOrderFullName != null ) &&
-                    ( !startupOrderFullName.equals( "" ) ) ) {
+                if ((startupOrderFullName != null) &&
+                        (!startupOrderFullName.equals(""))) {
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_MISSING_STARTUP_VALUES",
-                            startupOrderFullName));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_MISSING_STARTUP_VALUES",
+                                    startupOrderFullName));
                 }
             }
 
@@ -1800,17 +1789,17 @@ public class SelfTestSubsystem
 
             // presently, we merely log this fact
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_DONT_LOAD_PLUGINS_AT_STARTUP"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_DONT_LOAD_PLUGINS_AT_STARTUP"));
 
             // throw new EMissingSelfTestException( startupOrderFullName );
         } catch (EBaseException e) {
             // self test property name EBaseException
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
-                    startupOrderFullName,
-                    startupOrderValues));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
+                            startupOrderFullName,
+                            startupOrderValues));
 
             throw new EInvalidSelfTestException(startupOrderFullName,
                     startupOrderValues);
@@ -1819,28 +1808,28 @@ public class SelfTestSubsystem
         // notify user whether or not self test plugins have been loaded
         if (loadStatus == 0) {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PLUGINS_NONE_LOADED"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PLUGINS_NONE_LOADED"));
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PLUGINS_LOADED"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PLUGINS_LOADED"));
         }
 
         if (CMS.debugOn()) {
             CMS.debug("SelfTestSubsystem::init():"
-                + "  EXITING.");
+                    + "  EXITING.");
         }
     }
 
     /**
      * Notifies this subsystem if owner is in running mode.
      * <P>
-     *
+     * 
      * @exception EBaseException base CMS exception
      */
     public void startup()
-        throws EBaseException {
+            throws EBaseException {
         // loop through all self test plugin instances
         Enumeration<ISelfTest> instances = mSelfTestInstances.elements();
 
@@ -1857,8 +1846,8 @@ public class SelfTestSubsystem
             if (selftests.hasMoreElements()) {
                 // log that execution of startup self tests has begun
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_RUN_AT_STARTUP"));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_RUN_AT_STARTUP"));
 
                 // execute all startup self tests
                 runSelfTestsAtStartup();
@@ -1866,12 +1855,12 @@ public class SelfTestSubsystem
                 // log that execution of all "critical" startup self tests
                 // has completed "successfully"
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_RUN_AT_STARTUP_SUCCEEDED"));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_RUN_AT_STARTUP_SUCCEEDED"));
             } else {
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_NOT_RUN_AT_STARTUP"));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_NOT_RUN_AT_STARTUP"));
             }
         }
     }
@@ -1883,7 +1872,7 @@ public class SelfTestSubsystem
      */
     public void shutdown() {
         // reverse order of all self test plugin instances
-        Collection<ISelfTest>  collection = mSelfTestInstances.values();
+        Collection<ISelfTest> collection = mSelfTestInstances.values();
         Vector<ISelfTest> list = new Vector<ISelfTest>(collection);
 
         Collections.reverse(list);
@@ -1902,11 +1891,10 @@ public class SelfTestSubsystem
      * Returns the root configuration storage of this subsystem.
      * This method may return null.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
         return mConfig;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/time/SimpleTimeSource.java b/pki/base/common/src/com/netscape/cmscore/time/SimpleTimeSource.java
index 082ae4be..ab832b7c 100644
--- a/pki/base/common/src/com/netscape/cmscore/time/SimpleTimeSource.java
+++ b/pki/base/common/src/com/netscape/cmscore/time/SimpleTimeSource.java
@@ -17,12 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.time;
 
-
 import java.util.Date;
 
 import com.netscape.certsrv.base.ITimeSource;
 
-
 public class SimpleTimeSource implements ITimeSource {
 
     public Date getCurrentDate() {
diff --git a/pki/base/common/src/com/netscape/cmscore/usrgrp/CertDNCertUserLocator.java b/pki/base/common/src/com/netscape/cmscore/usrgrp/CertDNCertUserLocator.java
index 4bf348ff..8f4cd884 100644
--- a/pki/base/common/src/com/netscape/cmscore/usrgrp/CertDNCertUserLocator.java
+++ b/pki/base/common/src/com/netscape/cmscore/usrgrp/CertDNCertUserLocator.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.usrgrp;
 
-
 import java.security.cert.X509Certificate;
 
 import netscape.ldap.LDAPException;
@@ -30,13 +29,12 @@ import com.netscape.certsrv.usrgrp.ICertUserLocator;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
 
-
 /**
  * This interface defines a strategy on how to match
  * the incoming certificate(s) with the certificate(s)
- * in the scope.  It matches the "certdn" field which contains
+ * in the scope. It matches the "certdn" field which contains
  * the subject dn of the certificate
- *
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -54,9 +52,9 @@ public class CertDNCertUserLocator implements ICertUserLocator {
      * Retrieves description.
      */
     public String getDescription() {
-        return "A subject is authenticated if its first" + 
-            " certificate can be matched with one of the" +
-            " certificate in the scope";
+        return "A subject is authenticated if its first" +
+                " certificate can be matched with one of the" +
+                " certificate in the scope";
     }
 
     /**
@@ -72,7 +70,7 @@ public class CertDNCertUserLocator implements ICertUserLocator {
             return null;
 
         String filter = LDAP_ATTR_CERTDN + "=" +
-            certificates[0].getSubjectDN();
+                certificates[0].getSubjectDN();
 
         return mUG.findUsersByCert(filter);
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/usrgrp/ExactMatchCertUserLocator.java b/pki/base/common/src/com/netscape/cmscore/usrgrp/ExactMatchCertUserLocator.java
index a7aeeb1e..871a3843 100644
--- a/pki/base/common/src/com/netscape/cmscore/usrgrp/ExactMatchCertUserLocator.java
+++ b/pki/base/common/src/com/netscape/cmscore/usrgrp/ExactMatchCertUserLocator.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.usrgrp;
 
-
 import java.security.cert.X509Certificate;
 
 import netscape.ldap.LDAPException;
@@ -30,13 +29,12 @@ import com.netscape.certsrv.usrgrp.ICertUserLocator;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
 
-
 /**
  * This interface defines a strategy on how to match
  * the incoming certificate(s) with the certificate(s)
- * in the scope.  It matches the "description" field which contains a
+ * in the scope. It matches the "description" field which contains a
  * stringied certificate.
- *
+ * 
  * @author thomask
  * @author cfu
  * @version $Revision$, $Date$
@@ -54,9 +52,9 @@ public class ExactMatchCertUserLocator implements ICertUserLocator {
      * Retrieves description.
      */
     public String getDescription() {
-        return "A subject is authenticated if its first" + 
-            " certificate can be matched with one of the" +
-            " certificate in the scope";
+        return "A subject is authenticated if its first" +
+                " certificate can be matched with one of the" +
+                " certificate in the scope";
     }
 
     /**
@@ -78,7 +76,7 @@ public class ExactMatchCertUserLocator implements ICertUserLocator {
         }
 
         String filter = "description=" +
-            mUG.getCertificateString(certificates[pos]);
+                mUG.getCertificateString(certificates[pos]);
 
         return mUG.findUsersByCert(filter);
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/usrgrp/Group.java b/pki/base/common/src/com/netscape/cmscore/usrgrp/Group.java
index d91eedf9..eee2afb4 100644
--- a/pki/base/common/src/com/netscape/cmscore/usrgrp/Group.java
+++ b/pki/base/common/src/com/netscape/cmscore/usrgrp/Group.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.usrgrp;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -26,10 +25,9 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.usrgrp.IGroup;
 import com.netscape.certsrv.usrgrp.IUsrGrp;
 
-
 /**
  * A class represents a group.
- *
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -91,7 +89,7 @@ public class Group implements IGroup {
     }
 
     @SuppressWarnings("unchecked")
-	public void set(String name, Object object) throws EBaseException {
+    public void set(String name, Object object) throws EBaseException {
         if (name.equals(ATTR_NAME)) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", name));
         } else if (name.equals(ATTR_ID)) {
diff --git a/pki/base/common/src/com/netscape/cmscore/usrgrp/UGSubsystem.java b/pki/base/common/src/com/netscape/cmscore/usrgrp/UGSubsystem.java
index 6b25410e..bf560619 100644
--- a/pki/base/common/src/com/netscape/cmscore/usrgrp/UGSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/usrgrp/UGSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.usrgrp;
 
-
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
@@ -53,12 +52,11 @@ import com.netscape.certsrv.usrgrp.IUsrGrp;
 import com.netscape.cmscore.ldapconn.LdapBoundConnFactory;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * This class defines low-level LDAP usr/grp management
  * usr/grp information is located remotely on another
  * LDAP server.
- *
+ * 
  * @author thomask
  * @author cfu
  * @version $Revision$, $Date$
@@ -122,8 +120,8 @@ public final class UGSubsystem implements IUGSubsystem {
     /**
      * Connects to LDAP server.
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         mLogger = CMS.getLogger();
         mConfig = config;
 
@@ -150,7 +148,7 @@ public final class UGSubsystem implements IUGSubsystem {
         // register admin servlet
 
     }
-	
+
     /**
      * Disconnects usr/grp manager from the LDAP
      */
@@ -164,7 +162,7 @@ public final class UGSubsystem implements IUGSubsystem {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_LDAP_SHUT", e.toString()));
         }
     }
-	
+
     public IUser createUser(String id) {
         return new User(this, id);
     }
@@ -212,16 +210,16 @@ public final class UGSubsystem implements IUGSubsystem {
                 try {
                     ldapconn = getConn();
                     // read DN
-                    LDAPSearchResults res = 
-                        ldapconn.search(userid,
-                            LDAPv2.SCOPE_SUB, "(objectclass=*)", null, false);
+                    LDAPSearchResults res =
+                            ldapconn.search(userid,
+                                    LDAPv2.SCOPE_SUB, "(objectclass=*)", null, false);
                     Enumeration<IUser> e = buildUsers(res);
 
                     if (e.hasMoreElements()) {
                         return (IUser) e.nextElement();
                     }
                 } finally {
-                    if (ldapconn != null) 
+                    if (ldapconn != null)
                         returnConn(ldapconn);
                 }
             }
@@ -245,9 +243,9 @@ public final class UGSubsystem implements IUGSubsystem {
         try {
             ldapconn = getConn();
             String filter = LDAP_ATTR_USER_CERT_STRING + "=" + getCertificateString(cert);
-            LDAPSearchResults res = 
-                ldapconn.search(getUserBaseDN(),
-                    LDAPConnection.SCOPE_SUB, filter, null, false);
+            LDAPSearchResults res =
+                    ldapconn.search(getUserBaseDN(),
+                            LDAPConnection.SCOPE_SUB, filter, null, false);
             Enumeration<IUser> e = buildUsers(res);
 
             return (User) e.nextElement();
@@ -259,12 +257,12 @@ public final class UGSubsystem implements IUGSubsystem {
             }
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USER", e.toString()));
         } catch (ELdapException e) {
-            String errMsg = 
-                "find User: Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "find User: Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_INTERNAL_DB", e.toString()));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
         return null;
@@ -272,7 +270,7 @@ public final class UGSubsystem implements IUGSubsystem {
 
     /**
      * Searchs for identities that matches the certificate locater
-     *	 generated filter.
+     * generated filter.
      */
     public IUser findUsersByCert(String filter) throws
             EUsrGrpException, LDAPException {
@@ -290,8 +288,9 @@ public final class UGSubsystem implements IUGSubsystem {
 
             hasSlash = up.indexOf('\\');
             while (hasSlash != -1) {
-                stripped += up.substring(0, hasSlash) + 
-                        "\\5c";;
+                stripped += up.substring(0, hasSlash) +
+                        "\\5c";
+                ;
                 up = up.substring(hasSlash + 1);
                 hasSlash = up.indexOf('\\');
             }
@@ -303,7 +302,7 @@ public final class UGSubsystem implements IUGSubsystem {
         try {
             ldapconn = getConn();
             LDAPSearchResults res = ldapconn.search(getUserBaseDN(),
-                    LDAPv2.SCOPE_SUB, "(" + filter + ")", 
+                    LDAPv2.SCOPE_SUB, "(" + filter + ")",
                     null, false);
 
             Enumeration<IUser> e = buildUsers(res);
@@ -317,13 +316,13 @@ public final class UGSubsystem implements IUGSubsystem {
             }
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USER_BY_CERT", e.toString()));
         } catch (ELdapException e) {
-            String errMsg = 
-                "find Users By Cert: " +
-                "Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "find Users By Cert: " +
+                            "Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USER_BY_CERT", e.toString()));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
 
@@ -343,7 +342,7 @@ public final class UGSubsystem implements IUGSubsystem {
         try {
             ldapconn = getConn();
             LDAPSearchResults res = ldapconn.search(getUserBaseDN(),
-                    LDAPv2.SCOPE_SUB, "(uid=" + filter + ")", 
+                    LDAPv2.SCOPE_SUB, "(uid=" + filter + ")",
                     null, false);
 
             Enumeration<IUser> e = buildUsers(res);
@@ -357,12 +356,12 @@ public final class UGSubsystem implements IUGSubsystem {
             }
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USERS", e.toString()));
         } catch (ELdapException e) {
-            String errMsg = 
-                "find Users: Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "find Users: Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USERS", e.toString()));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
 
@@ -447,11 +446,12 @@ public final class UGSubsystem implements IUGSubsystem {
     }
 
     /**
-     * builds a User instance.  Sets only uid for user entry retrieved
-     * from LDAP server.  for listing efficiency only.
+     * builds a User instance. Sets only uid for user entry retrieved
+     * from LDAP server. for listing efficiency only.
+     * 
      * @return the User entity.
      */
-    protected IUser lbuildUser(LDAPEntry entry) throws EUsrGrpException {	
+    protected IUser lbuildUser(LDAPEntry entry) throws EUsrGrpException {
         IUser id = createUser(this, (String)
                 entry.getAttribute("uid").getStringValues().nextElement());
         LDAPAttribute cnAttr = entry.getAttribute("cn");
@@ -462,16 +462,16 @@ public final class UGSubsystem implements IUGSubsystem {
             if (cn != null) {
                 id.setFullName(cn);
             }
-            
+
         }
 
         LDAPAttribute certAttr =
-            entry.getAttribute(LDAP_ATTR_USER_CERT);
+                entry.getAttribute(LDAP_ATTR_USER_CERT);
 
         if (certAttr != null) {
             Vector<X509Certificate> certVector = new Vector<X509Certificate>();
             @SuppressWarnings("unchecked")
-			Enumeration<byte[]> e = certAttr.getByteValues();
+            Enumeration<byte[]> e = certAttr.getByteValues();
 
             try {
                 for (; e != null && e.hasMoreElements();) {
@@ -503,8 +503,9 @@ public final class UGSubsystem implements IUGSubsystem {
     }
 
     /**
-     * builds a User instance.  Set all attributes retrieved from
+     * builds a User instance. Set all attributes retrieved from
      * LDAP server and set them on User.
+     * 
      * @return the User entity.
      */
     protected IUser buildUser(LDAPEntry entry) throws EUsrGrpException {
@@ -524,9 +525,9 @@ public final class UGSubsystem implements IUGSubsystem {
 
         if (userdn != null) {
             id.setUserDN(userdn);
-        } else {  // the impossible
+        } else { // the impossible
             String errMsg = "buildUser(): user DN not found: " +
-                userdn;
+                    userdn;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_BUILD_USER"));
 
@@ -546,10 +547,10 @@ public final class UGSubsystem implements IUGSubsystem {
 
         if (mailAttr != null) {
             @SuppressWarnings("unchecked")
-			Enumeration<String> en = mailAttr.getStringValues();
+            Enumeration<String> en = mailAttr.getStringValues();
 
             if (en != null && en.hasMoreElements()) {
-                String mail =  en.nextElement();
+                String mail = en.nextElement();
 
                 if (mail != null) {
                     id.setEmail(mail);
@@ -573,7 +574,7 @@ public final class UGSubsystem implements IUGSubsystem {
 
         if (phoneAttr != null) {
             @SuppressWarnings("unchecked")
-			Enumeration<String> en = phoneAttr.getStringValues();
+            Enumeration<String> en = phoneAttr.getStringValues();
 
             if (en != null && en.hasMoreElements()) {
                 String phone = (String) en.nextElement();
@@ -589,20 +590,20 @@ public final class UGSubsystem implements IUGSubsystem {
 
         LDAPAttribute userTypeAttr = entry.getAttribute("usertype");
 
-        if (userTypeAttr == null) 
+        if (userTypeAttr == null)
             id.setUserType("");
         else {
             @SuppressWarnings("unchecked")
-			Enumeration<String> en = userTypeAttr.getStringValues();
+            Enumeration<String> en = userTypeAttr.getStringValues();
 
             if (en != null && en.hasMoreElements()) {
                 String userType = (String) en.nextElement();
 
-                if ((userType != null) && (! userType.equals("undefined")))
+                if ((userType != null) && (!userType.equals("undefined")))
                     id.setUserType(userType);
                 else
                     id.setUserType("");
- 
+
             }
         }
 
@@ -612,7 +613,7 @@ public final class UGSubsystem implements IUGSubsystem {
             id.setState("");
         else {
             @SuppressWarnings("unchecked")
-			Enumeration<String> en = userStateAttr.getStringValues();
+            Enumeration<String> en = userStateAttr.getStringValues();
 
             if (en != null && en.hasMoreElements()) {
                 String userState = (String) en.nextElement();
@@ -621,17 +622,17 @@ public final class UGSubsystem implements IUGSubsystem {
                     id.setState(userState);
                 else
                     id.setState("");
- 
+
             }
         }
 
         LDAPAttribute certAttr =
-            entry.getAttribute(LDAP_ATTR_USER_CERT);
+                entry.getAttribute(LDAP_ATTR_USER_CERT);
 
         if (certAttr != null) {
             Vector<X509Certificate> certVector = new Vector<X509Certificate>();
             @SuppressWarnings("unchecked")
-			Enumeration<byte[]> e = certAttr.getByteValues();
+            Enumeration<byte[]> e = certAttr.getByteValues();
 
             try {
                 for (; e != null && e.hasMoreElements();) {
@@ -667,24 +668,22 @@ public final class UGSubsystem implements IUGSubsystem {
     }
 
     /**
-     * Adds identity.  Certificates handled by a separate call to
-     * addUserCert() 
+     * Adds identity. Certificates handled by a separate call to
+     * addUserCert()
      */
     public void addUser(IUser identity) throws EUsrGrpException, LDAPException {
         User id = (User) identity;
 
         if (id == null) {
-            throw new
-                EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ADD_USER_FAIL"));
+            throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ADD_USER_FAIL"));
         }
 
         if (id.getUserID() == null) {
-            throw new
-                EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ADD_USER_FAIL_NO_UID"));
+            throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ADD_USER_FAIL_NO_UID"));
         }
 
         LDAPAttributeSet attrs = new LDAPAttributeSet();
-        String oc[] = {"top", "person", "organizationalPerson", 
+        String oc[] = { "top", "person", "organizationalPerson",
                 "inetOrgPerson", "cmsuser" };
 
         attrs.add(new LDAPAttribute("objectclass", oc));
@@ -695,29 +694,29 @@ public final class UGSubsystem implements IUGSubsystem {
 
         if (id.getPhone() != null) {
             // DS syntax checking requires a value for PrintableString syntax
-            if (! id.getPhone().equals("")) {
+            if (!id.getPhone().equals("")) {
                 attrs.add(new LDAPAttribute("telephonenumber", id.getPhone()));
             }
         }
 
-        attrs.add(new LDAPAttribute("userpassword", 
+        attrs.add(new LDAPAttribute("userpassword",
                 id.getPassword()));
 
         if (id.getUserType() != null) {
             // DS syntax checking requires a value for Directory String syntax
             // but usertype is a MUST attribute, so we need to add something here
             // if it is undefined.
-            
-            if (! id.getUserType().equals("")) {
-                 attrs.add(new LDAPAttribute("usertype", id.getUserType()));
+
+            if (!id.getUserType().equals("")) {
+                attrs.add(new LDAPAttribute("usertype", id.getUserType()));
             } else {
-                 attrs.add(new LDAPAttribute("usertype", "undefined"));
+                attrs.add(new LDAPAttribute("usertype", "undefined"));
             }
         }
 
         if (id.getState() != null) {
             // DS syntax checking requires a value for Directory String syntax
-            if (! id.getState().equals("")) {
+            if (!id.getState().equals("")) {
                 attrs.add(new LDAPAttribute("userstate", id.getState()));
             }
         }
@@ -729,9 +728,9 @@ public final class UGSubsystem implements IUGSubsystem {
         String adminId = (String) sessionContext.get(SessionContext.USER_ID);
 
         mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-            AuditFormat.LEVEL, AuditFormat.ADDUSERFORMAT,
-            new Object[] {adminId, id.getUserID()}
-        );
+                AuditFormat.LEVEL, AuditFormat.ADDUSERFORMAT,
+                new Object[] { adminId, id.getUserID() }
+                );
 
         LDAPConnection ldapconn = null;
 
@@ -739,12 +738,12 @@ public final class UGSubsystem implements IUGSubsystem {
             ldapconn = getConn();
             ldapconn.add(entry);
         } catch (ELdapException e) {
-            String errMsg = 
-                "add User: Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "add User: Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_ADD_USER", e.toString()));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
     }
@@ -764,15 +763,15 @@ public final class UGSubsystem implements IUGSubsystem {
         LDAPModificationSet addCert = new LDAPModificationSet();
 
         if ((cert = user.getX509Certificates()) != null) {
-            LDAPAttribute attrCertStr = new 
-                LDAPAttribute(LDAP_ATTR_USER_CERT_STRING);
+            LDAPAttribute attrCertStr = new
+                    LDAPAttribute(LDAP_ATTR_USER_CERT_STRING);
 
             /*
              LDAPAttribute attrCertDNStr = new 
              LDAPAttribute(LDAP_ATTR_CERTDN);
              */
-            LDAPAttribute attrCertBin = new 
-                LDAPAttribute(LDAP_ATTR_USER_CERT);
+            LDAPAttribute attrCertBin = new
+                    LDAPAttribute(LDAP_ATTR_USER_CERT);
 
             try {
                 attrCertBin.addValue(cert[0].getEncoded());
@@ -792,17 +791,17 @@ public final class UGSubsystem implements IUGSubsystem {
             try {
                 ldapconn = getConn();
                 ldapconn.modify("uid=" + user.getUserID() +
-                    "," + getUserBaseDN(), addCert);
+                        "," + getUserBaseDN(), addCert);
                 // for audit log
                 SessionContext sessionContext = SessionContext.getContext();
                 String adminId = (String) sessionContext.get(SessionContext.USER_ID);
 
                 mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                    AuditFormat.LEVEL, AuditFormat.ADDUSERCERTFORMAT,
-                    new Object[] {adminId, user.getUserID(),
-                        cert[0].getSubjectDN().toString(), 
-                        cert[0].getSerialNumber().toString(16)}
-                );
+                        AuditFormat.LEVEL, AuditFormat.ADDUSERCERTFORMAT,
+                        new Object[] { adminId, user.getUserID(),
+                                cert[0].getSubjectDN().toString(),
+                                cert[0].getSerialNumber().toString(16) }
+                        );
 
             } catch (LDAPException e) {
                 if (Debug.ON) {
@@ -816,13 +815,13 @@ public final class UGSubsystem implements IUGSubsystem {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_ADD_USER", e.toString()));
                 throw e;
             } catch (ELdapException e) {
-                String errMsg = 
-                    "add User Cert: " +
-                    "Could not get connection to internaldb. Error " + e;
+                String errMsg =
+                        "add User Cert: " +
+                                "Could not get connection to internaldb. Error " + e;
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_ADD_USER", e.toString()));
             } finally {
-                if (ldapconn != null) 
+                if (ldapconn != null)
                     returnConn(ldapconn);
             }
         }
@@ -832,8 +831,8 @@ public final class UGSubsystem implements IUGSubsystem {
 
     /**
      * Removes a user certificate for a user entry
-     *    given a user certificate DN (actually, a combination of version,
-     *	 serialNumber, issuerDN, and SubjectDN), and it gets removed
+     * given a user certificate DN (actually, a combination of version,
+     * serialNumber, issuerDN, and SubjectDN), and it gets removed
      */
     public void removeUserCert(IUser identity) throws EUsrGrpException {
         User user = (User) identity;
@@ -854,21 +853,19 @@ public final class UGSubsystem implements IUGSubsystem {
         X509Certificate[] certs = ldapUser.getX509Certificates();
 
         if (certs == null) {
-            throw new
-                EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND"));
+            throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND"));
         }
 
         String delCertdn = user.getCertDN();
 
         if (delCertdn == null) {
-            throw new
-                EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND"));
+            throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND"));
         }
 
         LDAPAttribute certAttr = new
-            LDAPAttribute(LDAP_ATTR_USER_CERT);
-        LDAPAttribute certAttrS = new 
-            LDAPAttribute(LDAP_ATTR_USER_CERT_STRING);
+                LDAPAttribute(LDAP_ATTR_USER_CERT);
+        LDAPAttribute certAttrS = new
+                LDAPAttribute(LDAP_ATTR_USER_CERT_STRING);
 
         //LDAPAttribute certDNAttrS = new LDAPAttribute(LDAP_ATTR_CERTDN);
 
@@ -902,60 +899,59 @@ public final class UGSubsystem implements IUGSubsystem {
                 try {
                     ldapconn = getConn();
                     ldapconn.modify("uid=" + user.getUserID() +
-                        "," + getUserBaseDN(), attrs);
+                            "," + getUserBaseDN(), attrs);
                     certCount++;
                     // for audit log
                     SessionContext sessionContext = SessionContext.getContext();
                     String adminId = (String) sessionContext.get(SessionContext.USER_ID);
 
-                    mLogger.log(ILogger.EV_AUDIT, 
-                        ILogger.S_USRGRP,
-                        AuditFormat.LEVEL, 
-                        AuditFormat.REMOVEUSERCERTFORMAT,
-                        new Object[] {adminId, user.getUserID(),
-                            certs[0].getSubjectDN().toString(), 
-                            certs[i].getSerialNumber().toString(16)}
-                    );
+                    mLogger.log(ILogger.EV_AUDIT,
+                            ILogger.S_USRGRP,
+                            AuditFormat.LEVEL,
+                            AuditFormat.REMOVEUSERCERTFORMAT,
+                            new Object[] { adminId, user.getUserID(),
+                                    certs[0].getSubjectDN().toString(),
+                                    certs[i].getSerialNumber().toString(16) }
+                            );
 
                 } catch (LDAPException e) {
                     String errMsg = "removeUserCert():" + e;
 
                     if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                        errMsg = 
+                        errMsg =
                                 "removeUserCert: " + "Internal DB is unavailable";
                     }
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER", e.toString()));
                     throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_MOD_USER_FAIL"));
                 } catch (ELdapException e) {
-                    String errMsg = 
-                        "remove User Cert: " +
-                        "Could not get connection to internaldb. Error " + e;
+                    String errMsg =
+                            "remove User Cert: " +
+                                    "Could not get connection to internaldb. Error " + e;
 
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER", e.toString()));
                 } finally {
-                    if (ldapconn != null) 
+                    if (ldapconn != null)
                         returnConn(ldapconn);
                 }
             }
         }
 
         if (certCount == 0) {
-            throw new
-                EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND"));
+            throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND"));
         }
 
         return;
     }
 
-    public void removeUserFromGroup(IGroup grp, String userid) 
-        throws EUsrGrpException {
-  
+    public void removeUserFromGroup(IGroup grp, String userid)
+            throws EUsrGrpException {
+
         LDAPConnection ldapconn = null;
 
         try {
             ldapconn = getConn();
-            String groupDN = "cn=" + grp.getGroupID() + 
-                "," + getGroupBaseDN();
+            String groupDN = "cn=" + grp.getGroupID() +
+                    "," + getGroupBaseDN();
             LDAPAttribute memberAttr = new LDAPAttribute(
                     "uniquemember", "uid=" + userid + "," + getUserBaseDN());
             LDAPModification singleChange = new LDAPModification(
@@ -972,12 +968,12 @@ public final class UGSubsystem implements IUGSubsystem {
 
             throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_REMOVE_USER_FAIL"));
         } catch (ELdapException e) {
-            String errMsg = 
-                "removeUserFromGroup: Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "removeUserFromGroup: Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER_FROM_GROUP", e.toString()));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
     }
@@ -1000,9 +996,9 @@ public final class UGSubsystem implements IUGSubsystem {
             String adminId = (String) sessionContext.get(SessionContext.USER_ID);
 
             mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                AuditFormat.LEVEL, AuditFormat.REMOVEUSERFORMAT,
-                new Object[] {adminId, userid}
-            );
+                    AuditFormat.LEVEL, AuditFormat.REMOVEUSERFORMAT,
+                    new Object[] { adminId, userid }
+                    );
 
         } catch (LDAPException e) {
             String errMsg = "removeUser()" + e.toString();
@@ -1014,25 +1010,25 @@ public final class UGSubsystem implements IUGSubsystem {
 
             throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_REMOVE_USER_FAIL"));
         } catch (ELdapException e) {
-            String errMsg = 
-                "remove User: Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "remove User: Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER", e.toString()));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
     }
 
     /**
-     * modifies user attributes.  Certs are handled separately
+     * modifies user attributes. Certs are handled separately
      */
     public void modifyUser(IUser identity) throws EUsrGrpException {
         User user = (User) identity;
         String st = null;
 
         /**
-         X509Certificate certs[] = null;
+         * X509Certificate certs[] = null;
          **/
         LDAPModificationSet attrs = new LDAPModificationSet();
 
@@ -1045,10 +1041,10 @@ public final class UGSubsystem implements IUGSubsystem {
         try {
             ldapconn = getConn();
             if ((st = user.getFullName()) != null) {
-                attrs.add(LDAPModification.REPLACE, 
-                    new LDAPAttribute("sn", st));
-                attrs.add(LDAPModification.REPLACE, 
-                    new LDAPAttribute("cn", st));
+                attrs.add(LDAPModification.REPLACE,
+                        new LDAPAttribute("sn", st));
+                attrs.add(LDAPModification.REPLACE,
+                        new LDAPAttribute("cn", st));
             }
             if ((st = user.getEmail()) != null) {
                 LDAPAttribute ld = new LDAPAttribute("mail", st);
@@ -1057,37 +1053,37 @@ public final class UGSubsystem implements IUGSubsystem {
             }
             if ((st = user.getPassword()) != null && (!st.equals(""))) {
                 attrs.add(LDAPModification.REPLACE,
-                    new LDAPAttribute("userpassword", st));
+                        new LDAPAttribute("userpassword", st));
             }
             if ((st = user.getPhone()) != null) {
-                if (! st.equals("")) {
+                if (!st.equals("")) {
                     attrs.add(LDAPModification.REPLACE,
-                        new LDAPAttribute("telephonenumber", st));
+                            new LDAPAttribute("telephonenumber", st));
                 } else {
                     try {
                         LDAPModification singleChange = new LDAPModification(
-                            LDAPModification.DELETE, new LDAPAttribute("telephonenumber"));
+                                LDAPModification.DELETE, new LDAPAttribute("telephonenumber"));
                         ldapconn.modify("uid=" + user.getUserID() +
-                            "," + getUserBaseDN(), singleChange);
+                                "," + getUserBaseDN(), singleChange);
                     } catch (LDAPException e) {
                         if (e.getLDAPResultCode() != LDAPException.NO_SUCH_ATTRIBUTE) {
                             CMS.debug("modifyUser: Error in deleting telephonenumber");
                             throw e;
                         }
                     }
-                }  
+                }
             }
 
             if ((st = user.getState()) != null) {
-                if (! st.equals("")) {
+                if (!st.equals("")) {
                     attrs.add(LDAPModification.REPLACE,
-                        new LDAPAttribute("userstate", st));
+                            new LDAPAttribute("userstate", st));
                 } else {
                     try {
                         LDAPModification singleChange = new LDAPModification(
-                            LDAPModification.DELETE, new LDAPAttribute("userstate"));
+                                LDAPModification.DELETE, new LDAPAttribute("userstate"));
                         ldapconn.modify("uid=" + user.getUserID() +
-                            "," + getUserBaseDN(), singleChange);
+                                "," + getUserBaseDN(), singleChange);
                     } catch (LDAPException e) {
                         if (e.getLDAPResultCode() != LDAPException.NO_SUCH_ATTRIBUTE) {
                             CMS.debug("modifyUser: Error in deleting userstate");
@@ -1095,45 +1091,45 @@ public final class UGSubsystem implements IUGSubsystem {
                         }
                     }
                 }
-            } 
+            }
 
             /**
-             if ((certs = user.getCertificates()) != null) {
-             LDAPAttribute attrCertStr = new 
-             LDAPAttribute("description");
-             LDAPAttribute attrCertBin = new 
-             LDAPAttribute(LDAP_ATTR_USER_CERT);
-             for (int i = 0 ; i < certs.length; i++) {
-             attrCertBin.addValue(certs[i].getEncoded());
-             attrCertStr.addValue(getCertificateString(certs[i]));
-             }
-             attrs.add(attrCertStr);
-
-             if (user.getCertOp() == OpDef.ADD) {
-             attrs.add(LDAPModification.ADD, attrCertBin);
-             } else if (user.getCertOp() == OpDef.DELETE) {
-             attrs.add(LDAPModification.DELETE, attrCertBin);
-             } else {
-             throw new EUsrGrpException(UsrGrpResources.USR_MOD_ILL_CERT_OP);
-             }
-             }
+             * if ((certs = user.getCertificates()) != null) {
+             * LDAPAttribute attrCertStr = new
+             * LDAPAttribute("description");
+             * LDAPAttribute attrCertBin = new
+             * LDAPAttribute(LDAP_ATTR_USER_CERT);
+             * for (int i = 0 ; i < certs.length; i++) {
+             * attrCertBin.addValue(certs[i].getEncoded());
+             * attrCertStr.addValue(getCertificateString(certs[i]));
+             * }
+             * attrs.add(attrCertStr);
+             * 
+             * if (user.getCertOp() == OpDef.ADD) {
+             * attrs.add(LDAPModification.ADD, attrCertBin);
+             * } else if (user.getCertOp() == OpDef.DELETE) {
+             * attrs.add(LDAPModification.DELETE, attrCertBin);
+             * } else {
+             * throw new EUsrGrpException(UsrGrpResources.USR_MOD_ILL_CERT_OP);
+             * }
+             * }
              **/
             ldapconn.modify("uid=" + user.getUserID() +
-                "," + getUserBaseDN(), attrs);
+                    "," + getUserBaseDN(), attrs);
             // for audit log
             SessionContext sessionContext = SessionContext.getContext();
             String adminId = (String) sessionContext.get(SessionContext.USER_ID);
 
             mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                AuditFormat.LEVEL, AuditFormat.MODIFYUSERFORMAT,
-                new Object[] {adminId, user.getUserID()}
-            );
+                    AuditFormat.LEVEL, AuditFormat.MODIFYUSERFORMAT,
+                    new Object[] { adminId, user.getUserID() }
+                    );
 
         } catch (Exception e) {
             //e.printStackTrace();
             throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_MOD_USER_FAIL"));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
     }
@@ -1161,15 +1157,15 @@ public final class UGSubsystem implements IUGSubsystem {
 
         try {
             ldapconn = getConn();
-            LDAPSearchResults res = 
-                ldapconn.search(getGroupBaseDN(), LDAPv2.SCOPE_SUB, 
-                    "(&(objectclass=groupofuniquenames)(cn=" + filter + "))", 
-                    null, false);
+            LDAPSearchResults res =
+                    ldapconn.search(getGroupBaseDN(), LDAPv2.SCOPE_SUB,
+                            "(&(objectclass=groupofuniquenames)(cn=" + filter + "))",
+                            null, false);
 
             return buildGroups(res);
         } catch (LDAPException e) {
-            String errMsg = 
-                "findGroups: could not find group " + filter + ". Error " + e;
+            String errMsg =
+                    "findGroups: could not find group " + filter + ". Error " + e;
 
             if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
                 errMsg = "findGroups: " + "Internal DB is unavailable";
@@ -1177,13 +1173,13 @@ public final class UGSubsystem implements IUGSubsystem {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_GROUPS", e.toString()));
             return null;
         } catch (ELdapException e) {
-            String errMsg = 
-                "find Groups: Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "find Groups: Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_GROUPS", e.toString()));
             return null;
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
     }
@@ -1197,10 +1193,10 @@ public final class UGSubsystem implements IUGSubsystem {
     }
 
     /**
-     * List groups.  more efficient than find Groups.  only retrieves
-     *	 group names and description.
+     * List groups. more efficient than find Groups. only retrieves
+     * group names and description.
      */
-    public Enumeration<IGroup>  listGroups(String filter) throws EUsrGrpException {
+    public Enumeration<IGroup> listGroups(String filter) throws EUsrGrpException {
         if (filter == null) {
             return null;
         }
@@ -1214,10 +1210,10 @@ public final class UGSubsystem implements IUGSubsystem {
             attrs[1] = "description";
 
             ldapconn = getConn();
-            LDAPSearchResults res = 
-                ldapconn.search(getGroupBaseDN(), LDAPv2.SCOPE_SUB, 
-                    "(&(objectclass=groupofuniquenames)(cn=" + filter + "))", 
-                    attrs, false);
+            LDAPSearchResults res =
+                    ldapconn.search(getGroupBaseDN(), LDAPv2.SCOPE_SUB,
+                            "(&(objectclass=groupofuniquenames)(cn=" + filter + "))",
+                            attrs, false);
 
             return buildGroups(res);
         } catch (LDAPException e) {
@@ -1228,12 +1224,12 @@ public final class UGSubsystem implements IUGSubsystem {
             }
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_LIST_GROUPS", e.toString()));
         } catch (ELdapException e) {
-            String errMsg = 
-                "list Groups: Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "list Groups: Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_LIST_GROUPS", e.toString()));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
         return null;
@@ -1243,14 +1239,14 @@ public final class UGSubsystem implements IUGSubsystem {
      * builds an instance of a Group entry
      */
     protected IGroup buildGroup(LDAPEntry entry) {
-        String groupName = (String)entry.getAttribute("cn").getStringValues().nextElement();
+        String groupName = (String) entry.getAttribute("cn").getStringValues().nextElement();
         IGroup grp = createGroup(this, groupName);
-		
+
         LDAPAttribute grpDesc = entry.getAttribute("description");
 
         if (grpDesc != null) {
             @SuppressWarnings("unchecked")
-			Enumeration<String> en = grpDesc.getStringValues();
+            Enumeration<String> en = grpDesc.getStringValues();
 
             if (en != null && en.hasMoreElements()) {
                 String desc = (String) en.nextElement();
@@ -1282,7 +1278,7 @@ public final class UGSubsystem implements IUGSubsystem {
         }
 
         @SuppressWarnings("unchecked")
-		Enumeration<String> e = attr.getStringValues();
+        Enumeration<String> e = attr.getStringValues();
 
         while (e.hasMoreElements()) {
             String v = (String) e.nextElement();
@@ -1296,12 +1292,12 @@ public final class UGSubsystem implements IUGSubsystem {
              * 2. presence and sequence of equal sign and comma
              * 3. absence of equal sign between previously found equal sign and comma
              * 4. absence of non white space characters between uid string and equal sign
-             */ 
+             */
             int i = -1;
             int j = -1;
-            if (v == null || v.length() < 3 || (!(v.substring(0,3)).equalsIgnoreCase("uid")) ||
-                ((i = v.indexOf('=')) < 0) || ((j = v.indexOf(',')) < 0) || i > j || 
-                 (v.substring(i+1, j)).indexOf('=') > -1 || ((v.substring(3, i)).trim()).length() > 0) {
+            if (v == null || v.length() < 3 || (!(v.substring(0, 3)).equalsIgnoreCase("uid")) ||
+                    ((i = v.indexOf('=')) < 0) || ((j = v.indexOf(',')) < 0) || i > j ||
+                    (v.substring(i + 1, j)).indexOf('=') > -1 || ((v.substring(3, i)).trim()).length() > 0) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_BAD_GROUP_MEMBER", groupName, v));
             } else {
                 grp.addMemberName(v.substring(v.indexOf('=') + 1, v.indexOf(',')));
@@ -1331,7 +1327,7 @@ public final class UGSubsystem implements IUGSubsystem {
         if (name == null) {
             return null;
         }
-		
+
         LDAPConnection ldapconn = null;
 
         try {
@@ -1372,7 +1368,7 @@ public final class UGSubsystem implements IUGSubsystem {
                 return false;
             }
             @SuppressWarnings("unchecked")
-			Enumeration<String> en = attr.getStringValues();
+            Enumeration<String> en = attr.getStringValues();
 
             for (; en.hasMoreElements();) {
                 String v = (String) en.nextElement();
@@ -1390,13 +1386,12 @@ public final class UGSubsystem implements IUGSubsystem {
         return false;
     }
 
-    public boolean isMemberOf(String userid, String groupname) 
-    {
+    public boolean isMemberOf(String userid, String groupname) {
         try {
-          IUser user = getUser(userid);
-     	  return isMemberOfLdapGroup(user.getUserDN(), groupname);
+            IUser user = getUser(userid);
+            return isMemberOfLdapGroup(user.getUserDN(), groupname);
         } catch (Exception e) {
-          /* do nothing */
+            /* do nothing */
         }
         return false;
     }
@@ -1406,75 +1401,70 @@ public final class UGSubsystem implements IUGSubsystem {
      * (now runs an ldap search to find the user, instead of
      * fetching the entire group entry)
      */
-    public boolean isMemberOf(IUser id, String name) { 
-        if (id == null) { 
-            log(ILogger.LL_WARN, "isMemberOf(): id is null"); 
-            return false; 
+    public boolean isMemberOf(IUser id, String name) {
+        if (id == null) {
+            log(ILogger.LL_WARN, "isMemberOf(): id is null");
+            return false;
         }
 
-        if (name == null) { 
-            log(ILogger.LL_WARN, "isMemberOf(): name is null"); 
-            return false; 
+        if (name == null) {
+            log(ILogger.LL_WARN, "isMemberOf(): name is null");
+            return false;
         }
 
-        Debug.trace("UGSubsystem.isMemberOf() using new lookup code"); 
-        return isMemberOfLdapGroup(id.getUserDN(),name);
+        Debug.trace("UGSubsystem.isMemberOf() using new lookup code");
+        return isMemberOfLdapGroup(id.getUserDN(), name);
     }
 
-
     /**
      * checks if the given user DN is in the specified group
      * by running an ldap search for the user in the group
      */
-    protected boolean isMemberOfLdapGroup(String userid,String groupname) 
-    {
-        String basedn = "cn="+groupname+",ou=groups,"+mBaseDN;
+    protected boolean isMemberOfLdapGroup(String userid, String groupname) {
+        String basedn = "cn=" + groupname + ",ou=groups," + mBaseDN;
         LDAPConnection ldapconn = null;
-                boolean founduser=false;
+        boolean founduser = false;
         try {
-                        // the group could potentially have many thousands
-                        // of members, (many values of the uniquemember
-                        // attribute). So, we don't want to fetch this
-                        // list each time. We'll just fetch the CN.
-                        String attrs[]= new String[1];
-                        attrs[0] = "cn";
+            // the group could potentially have many thousands
+            // of members, (many values of the uniquemember
+            // attribute). So, we don't want to fetch this
+            // list each time. We'll just fetch the CN.
+            String attrs[] = new String[1];
+            attrs[0] = "cn";
 
             ldapconn = getConn();
 
-
-                        String filter = "(uniquemember="+userid+")";
-                        Debug.trace("authorization search base: "+basedn);
-                        Debug.trace("authorization search filter: "+filter);
+            String filter = "(uniquemember=" + userid + ")";
+            Debug.trace("authorization search base: " + basedn);
+            Debug.trace("authorization search filter: " + filter);
             LDAPSearchResults res =
-                ldapconn.search(basedn, LDAPv2.SCOPE_BASE,
-                       filter,
-                        attrs, false);
-                       // If the result had at least one entry, we know
-                       // that the filter matched, and so the user correctly
-                       // authenticated.
-                       if (res.hasMoreElements()) {
-                               // actually read the entry
-                               LDAPEntry entry = (LDAPEntry)res.nextElement();
-                               founduser=true;
-                       }
-                       Debug.trace("authorization result: "+founduser);
-       } catch (LDAPException e) {
-           String errMsg =
-               "isMemberOfLdapGroup: could not find group "+groupname+". Error "+e;
-           if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-               errMsg = "isMemberOfLdapGroup: "+"Internal DB is unavailable";
-           }
-           Debug.trace("authorization exception: "+errMsg);
-           // too chatty in system log
-           // log(ILogger.LL_FAILURE, errMsg); 
-       }
-       catch (ELdapException e) {
-           String errMsg =
-               "isMemberOfLdapGroup: Could not get connection to internaldb. Error "+e;
-                       Debug.trace("authorization exception: "+errMsg);
+                    ldapconn.search(basedn, LDAPv2.SCOPE_BASE,
+                            filter,
+                            attrs, false);
+            // If the result had at least one entry, we know
+            // that the filter matched, and so the user correctly
+            // authenticated.
+            if (res.hasMoreElements()) {
+                // actually read the entry
+                LDAPEntry entry = (LDAPEntry) res.nextElement();
+                founduser = true;
+            }
+            Debug.trace("authorization result: " + founduser);
+        } catch (LDAPException e) {
+            String errMsg =
+                    "isMemberOfLdapGroup: could not find group " + groupname + ". Error " + e;
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
+                errMsg = "isMemberOfLdapGroup: " + "Internal DB is unavailable";
+            }
+            Debug.trace("authorization exception: " + errMsg);
+            // too chatty in system log
+            // log(ILogger.LL_FAILURE, errMsg); 
+        } catch (ELdapException e) {
+            String errMsg =
+                    "isMemberOfLdapGroup: Could not get connection to internaldb. Error " + e;
+            Debug.trace("authorization exception: " + errMsg);
             log(ILogger.LL_FAILURE, errMsg);
-        }
-        finally {
+        } finally {
             if (ldapconn != null)
                 returnConn(ldapconn);
         }
@@ -1495,7 +1485,7 @@ public final class UGSubsystem implements IUGSubsystem {
 
         try {
             LDAPAttributeSet attrs = new LDAPAttributeSet();
-            String oc[] = {"top", "groupOfUniqueNames"};
+            String oc[] = { "top", "groupOfUniqueNames" };
 
             attrs.add(new LDAPAttribute("objectclass", oc));
             attrs.add(new LDAPAttribute("cn", group.getGroupID()));
@@ -1509,8 +1499,8 @@ public final class UGSubsystem implements IUGSubsystem {
                     String name = (String) e.nextElement();
 
                     // DOES NOT SUPPORT NESTED GROUPS...
-                    attrMembers.addValue("uid=" + name + "," + 
-                        getUserBaseDN());
+                    attrMembers.addValue("uid=" + name + "," +
+                            getUserBaseDN());
                 }
                 attrs.add(attrMembers);
             }
@@ -1529,19 +1519,19 @@ public final class UGSubsystem implements IUGSubsystem {
 
             throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ADD_GROUP_FAIL"));
         } catch (ELdapException e) {
-            String errMsg = 
-                "add Group: Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "add Group: Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_ADD_GROUP", e.toString()));
             throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ADD_GROUP_FAIL"));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
     }
 
     /**
-     * Removes a group.  Can't remove SUPER_CERT_ADMINS
+     * Removes a group. Can't remove SUPER_CERT_ADMINS
      */
     public void removeGroup(String name) throws EUsrGrpException {
         if (name == null) {
@@ -1566,9 +1556,9 @@ public final class UGSubsystem implements IUGSubsystem {
 
             throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_REMOVE_GROUP_FAIL"));
         } catch (ELdapException e) {
-            String errMsg = 
-                "remove Group: Could not get connection to internaldb. " +
-                "Error " + e;
+            String errMsg =
+                    "remove Group: Could not get connection to internaldb. " +
+                            "Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_GROUP", e.toString()));
         } finally {
@@ -1594,8 +1584,8 @@ public final class UGSubsystem implements IUGSubsystem {
             String desc = grp.getDescription();
 
             if (desc != null) {
-                mod.add(LDAPModification.REPLACE, 
-                    new LDAPAttribute("description", desc));
+                mod.add(LDAPModification.REPLACE,
+                        new LDAPAttribute("description", desc));
             }
 
             Enumeration<String> e = grp.getMemberNames();
@@ -1605,8 +1595,8 @@ public final class UGSubsystem implements IUGSubsystem {
                     String name = (String) e.nextElement();
 
                     // DOES NOT SUPPORT NESTED GROUPS...
-                    attrMembers.addValue("uid=" + name + "," + 
-                        getUserBaseDN());
+                    attrMembers.addValue("uid=" + name + "," +
+                            getUserBaseDN());
                 }
                 mod.add(LDAPModification.REPLACE, attrMembers);
             } else {
@@ -1614,14 +1604,13 @@ public final class UGSubsystem implements IUGSubsystem {
                     mod.add(LDAPModification.DELETE, attrMembers);
                 } else {
                     // not allowed
-                    throw new
-                        EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ILL_GRP_MOD"));
+                    throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ILL_GRP_MOD"));
                 }
             }
 
             ldapconn = getConn();
             ldapconn.modify("cn=" + grp.getGroupID() +
-                "," + getGroupBaseDN(), mod);
+                    "," + getGroupBaseDN(), mod);
         } catch (LDAPException e) {
             String errMsg = " modifyGroup()" + e.toString();
 
@@ -1641,18 +1630,18 @@ public final class UGSubsystem implements IUGSubsystem {
     }
 
     /**
-     * Evalutes the given context with the attribute 
+     * Evalutes the given context with the attribute
      * critieria.
      */
-    public boolean evaluate(String type, IUser id, 
-        String op, String value) {
+    public boolean evaluate(String type, IUser id,
+            String op, String value) {
         if (op.equals("=")) {
             if (type.equalsIgnoreCase("user")) {
                 if (isMatched(value, id.getName()))
                     return true;
             }
             if (type.equalsIgnoreCase("group")) {
-                return isMemberOf(id, value); 
+                return isMemberOf(id, value);
             }
         }
         return false;
@@ -1682,20 +1671,20 @@ public final class UGSubsystem implements IUGSubsystem {
                 return entry.getDN();
             }
         } catch (ELdapException e) {
-            String errMsg = 
-                "convertUIDtoDN: Could not get connection to internaldb. " +
-                "Error " + e;
+            String errMsg =
+                    "convertUIDtoDN: Could not get connection to internaldb. " +
+                            "Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_CONVERT_UID", e.toString()));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
         return null;
     }
 
     /**
-     * Checks if the given DNs are the same after 
+     * Checks if the given DNs are the same after
      * normalization.
      */
     protected boolean isMatched(String dn1, String dn2) {
@@ -1723,7 +1712,7 @@ public final class UGSubsystem implements IUGSubsystem {
         }
         // note that it did not represent a certificate fully
         return "-1;" + cert.getSerialNumber().toString() +
-            ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
+                ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
     }
 
     public String getCertificateString(X509Certificate cert) {
@@ -1733,7 +1722,7 @@ public final class UGSubsystem implements IUGSubsystem {
 
         // note that it did not represent a certificate fully
         return cert.getVersion() + ";" + cert.getSerialNumber().toString() +
-            ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
+                ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
     }
 
     /**
@@ -1751,13 +1740,13 @@ public final class UGSubsystem implements IUGSubsystem {
     }
 
     protected LDAPConnection getConn() throws ELdapException {
-        if (mLdapConnFactory == null) 
+        if (mLdapConnFactory == null)
             return null;
         return mLdapConnFactory.getConn();
     }
 
     protected void returnConn(LDAPConnection conn) {
-        if (mLdapConnFactory != null) 
+        if (mLdapConnFactory != null)
             mLdapConnFactory.returnConn(conn);
     }
 
@@ -1765,7 +1754,7 @@ public final class UGSubsystem implements IUGSubsystem {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_USRGRP,
-            level, "UGSubsystem: " + msg);
+                level, "UGSubsystem: " + msg);
     }
 
     public ICertUserLocator getCertUserLocator() {
diff --git a/pki/base/common/src/com/netscape/cmscore/usrgrp/User.java b/pki/base/common/src/com/netscape/cmscore/usrgrp/User.java
index 5133eb23..e48b8fcb 100644
--- a/pki/base/common/src/com/netscape/cmscore/usrgrp/User.java
+++ b/pki/base/common/src/com/netscape/cmscore/usrgrp/User.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.usrgrp;
 
-
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -27,10 +26,9 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.usrgrp.IUser;
 import com.netscape.certsrv.usrgrp.IUsrGrp;
 
-
 /**
  * A class represents a user.
- *
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -189,7 +187,7 @@ public class User implements IUser {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", name));
         }
     }
-	
+
     public Object get(String name) throws EBaseException {
         if (name.equals(ATTR_NAME)) {
             return getName();
diff --git a/pki/base/common/src/com/netscape/cmscore/util/Assert.java b/pki/base/common/src/com/netscape/cmscore/util/Assert.java
index afc38f49..24659929 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/Assert.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/Assert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 public class Assert {
     public static final boolean ON = true;
 
diff --git a/pki/base/common/src/com/netscape/cmscore/util/AssertionException.java b/pki/base/common/src/com/netscape/cmscore/util/AssertionException.java
index 6a0d8e66..46b3f32d 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/AssertionException.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/AssertionException.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 /**
  * Assertion exceptions are thrown when assertion code is invoked
  * and fails to operate properly.
diff --git a/pki/base/common/src/com/netscape/cmscore/util/Debug.java b/pki/base/common/src/com/netscape/cmscore/util/Debug.java
index 417f3159..9d8b33d6 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/Debug.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/Debug.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.io.FileOutputStream;
 import java.io.OutputStream;
 import java.io.PrintStream;
@@ -30,29 +29,27 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.cmsutil.util.Utils;
 
-
 public class Debug
-    implements ISubsystem {
+        implements ISubsystem {
 
     private static Debug mInstance = new Debug();
     private static boolean mShowCaller = false;
 
-
-	/* This dateformatter is used to put the date on each
-	   debug line. But the DateFormatter is not thread safe,
-	   so I create a thread-local DateFormatter for each thread
-	 */
+    /* This dateformatter is used to put the date on each
+       debug line. But the DateFormatter is not thread safe,
+       so I create a thread-local DateFormatter for each thread
+     */
     private static String DATE_PATTERN = "dd/MMM/yyyy:HH:mm:ss";
     private static ThreadLocal mFormatObject = new ThreadLocal() {
-			protected synchronized Object initialValue() {
-				return new SimpleDateFormat(DATE_PATTERN);
-			}
-	}; 
+        protected synchronized Object initialValue() {
+            return new SimpleDateFormat(DATE_PATTERN);
+        }
+    };
 
-	/* the dateformatter should be accessed with this function */
-	private static SimpleDateFormat getDateFormatter() {
-		return ((SimpleDateFormat)(mFormatObject.get()));
-	}
+    /* the dateformatter should be accessed with this function */
+    private static SimpleDateFormat getDateFormatter() {
+        return ((SimpleDateFormat) (mFormatObject.get()));
+    }
 
     public static final boolean ON = false;
     public static final int OBNOXIOUS = 10;
@@ -73,7 +70,7 @@ public class Debug
     private static int mDebugLevel = VERBOSE;
 
     private static PrintStream mOut = null;
-	private static Hashtable mHK = null;
+    private static Hashtable mHK = null;
 
     static {
         if (TRACE_ON == true) {
@@ -88,98 +85,104 @@ public class Debug
     /**
      * Output a debug message at the output stream sepcified in the init()
      * method. This method is very lightweight if debugging is turned off, since
-     *   it will return immediately. However, the caller should be aware that
-     *   if the argument to Debug.trace() is an object whose toString() is
-     *   expensive, that this toString() will still be called in any case.
-     *   In such a case, it is wise to wrap the Debug.trace like this: <pre>
-     *   if (Debug.on()) { Debug.trace("obj is: "+obj); }
-     *   </pre>
+     * it will return immediately. However, the caller should be aware that
+     * if the argument to Debug.trace() is an object whose toString() is
+     * expensive, that this toString() will still be called in any case.
+     * In such a case, it is wise to wrap the Debug.trace like this:
+     * 
+     * <pre>
+     * if (Debug.on()) {
+     *     Debug.trace(&quot;obj is: &quot; + obj);
+     * }
+     * </pre>
+     * 
      * @param level the message level. If this is >= than the currently set
-     *    level (set with setLevel() ), the message is printed
+     *            level (set with setLevel() ), the message is printed
      * @param t the message to print
      * @param ignoreStack when walking the stack to determine the
-     *   location of the method that called the trace() method,
-     *   ignore any classes with this string in. Can be null
+     *            location of the method that called the trace() method,
+     *            ignore any classes with this string in. Can be null
      * @param printCaller if true, (and if static mShowCaller is true)
-     *    dump caller information in this format:
-     *    (source-file:line) methodname():
+     *            dump caller information in this format:
+     *            (source-file:line) methodname():
      */
     public static void trace(int level, String t, String ignoreStack, boolean printCaller) {
-		String callerinfo = "";
-        if (!TRACE_ON) return;
+        String callerinfo = "";
+        if (!TRACE_ON)
+            return;
         if (level >= mDebugLevel) {
             if (mShowCaller && printCaller) {
                 String method = "";
                 String fileAndLine = "";
 
                 try {
-					Throwable tr = new Throwable();
-					StackTraceElement ste[] = tr.getStackTrace();
-					int i=0;
-					while ((i < ste.length) && 
-						(ste[i].getMethodName().toLowerCase().indexOf("debug") >-1) ||
-						(ste[i].getMethodName().toLowerCase().indexOf("hashkey") >-1) ||
-						(ste[i].getClassName().toLowerCase().indexOf("propconfigstore") >-1) ||
-						(ste[i].getClassName().toLowerCase().indexOf("argblock") >-1) ||
-						(ste[i].getClassName().toLowerCase().indexOf("debug") >-1) ||
-						(ste[i].getMethodName().toLowerCase().indexOf("trace") >-1)) i++;
-
-					if (i < ste.length) {
-						fileAndLine = ste[i].getFileName()+":"+
-							ste[i].getLineNumber();
-						method = ste[i].getMethodName()+"()";
-					}
-
-					callerinfo = fileAndLine +":"+ method + " ";
+                    Throwable tr = new Throwable();
+                    StackTraceElement ste[] = tr.getStackTrace();
+                    int i = 0;
+                    while ((i < ste.length) &&
+                            (ste[i].getMethodName().toLowerCase().indexOf("debug") > -1) ||
+                            (ste[i].getMethodName().toLowerCase().indexOf("hashkey") > -1) ||
+                            (ste[i].getClassName().toLowerCase().indexOf("propconfigstore") > -1) ||
+                            (ste[i].getClassName().toLowerCase().indexOf("argblock") > -1) ||
+                            (ste[i].getClassName().toLowerCase().indexOf("debug") > -1) ||
+                            (ste[i].getMethodName().toLowerCase().indexOf("trace") > -1))
+                        i++;
+
+                    if (i < ste.length) {
+                        fileAndLine = ste[i].getFileName() + ":" +
+                                ste[i].getLineNumber();
+                        method = ste[i].getMethodName() + "()";
+                    }
+
+                    callerinfo = fileAndLine + ":" + method + " ";
                 } catch (Exception f) {
                 }
             }
-		
-			outputTraceMessage(callerinfo + t);
+
+            outputTraceMessage(callerinfo + t);
         }
     }
-	
-	private static void outputTraceMessage(String t)
-	{
-        if (!TRACE_ON) return;
-		SimpleDateFormat d = getDateFormatter();
+
+    private static void outputTraceMessage(String t) {
+        if (!TRACE_ON)
+            return;
+        SimpleDateFormat d = getDateFormatter();
         if (mOut != null && d != null) {
             mOut.println("[" + d.format(new Date()) + "][" + Thread.currentThread().getName() + "]: " + t);
             mOut.flush();
-            }
-	}
+        }
+    }
 
-	private static boolean hkdotype(String type)
-	{
-		if (mHK!= null && mHK.get(type) != null) {
-			return true;
-		} else {
-			return false;
-		}
-	}
+    private static boolean hkdotype(String type) {
+        if (mHK != null && mHK.get(type) != null) {
+            return true;
+        } else {
+            return false;
+        }
+    }
 
     public static void traceHashKey(String type, String key) {
-		if (hkdotype(type)) {
-           	trace("GET r=" + type+ ",k=" + key);
+        if (hkdotype(type)) {
+            trace("GET r=" + type + ",k=" + key);
         }
     }
 
     public static void traceHashKey(String type, String key, String val) {
-		if (hkdotype(type)) {
-            trace("GET r=" + type+ ",k=" + key + ",v=" + val);
+        if (hkdotype(type)) {
+            trace("GET r=" + type + ",k=" + key + ",v=" + val);
         }
     }
 
     public static void traceHashKey(String type, String key, String val, String def) {
-		if (hkdotype(type)) {
-            trace("GET r=" + type+ ",k=" +
-					 key + ",v=" + val +",d="+def);
+        if (hkdotype(type)) {
+            trace("GET r=" + type + ",k=" +
+                     key + ",v=" + val + ",d=" + def);
         }
-	}
+    }
 
     public static void putHashKey(String type, String key, String value) {
-		if (hkdotype(type)) {
-            outputTraceMessage("PUT r=" + type+ ",k=" + key + ",v=" + value);
+        if (hkdotype(type)) {
+            outputTraceMessage("PUT r=" + type + ",k=" + key + ",v=" + value);
         }
     }
 
@@ -188,7 +191,8 @@ public class Debug
     }
 
     public static void print(int level, String t) {
-        if (!TRACE_ON) return;
+        if (!TRACE_ON)
+            return;
         if (mOut != null) {
             if (level >= mDebugLevel)
                 mOut.print(t);
@@ -200,9 +204,12 @@ public class Debug
     }
 
     private static void printNybble(byte b) {
-        if (mOut == null) return;
-        if (b < 10) mOut.write('0' + b);
-        else mOut.write('a' + b - 10);
+        if (mOut == null)
+            return;
+        if (b < 10)
+            mOut.write('0' + b);
+        else
+            mOut.write('a' + b - 10);
     }
 
     /**
@@ -210,14 +217,17 @@ public class Debug
      * as hex, colon-seperated bytes, 16 bytes to a line
      */
     public static void print(byte[] b) {
-        if (!TRACE_ON) return;
-        if (mOut == null) return;
+        if (!TRACE_ON)
+            return;
+        if (mOut == null)
+            return;
 
         for (int i = 0; i < b.length; i++) {
             printNybble((byte) ((b[i] & 0xf0) >> 4));
             printNybble((byte) (b[i] & 0x0f));
             mOut.print(" ");
-            if (((i % 16) == 15) && i != b.length) mOut.println("");
+            if (((i % 16) == 15) && i != b.length)
+                mOut.println("");
         }
         mOut.println("");
         mOut.flush();
@@ -227,29 +237,36 @@ public class Debug
      * Print the current stack trace to the debug printstream
      */
     public static void printStackTrace() {
-        if (!TRACE_ON) return;
+        if (!TRACE_ON)
+            return;
         Exception e = new Exception("Debug");
 
         printStackTrace(e);
     }
 
     /**
-     * Print the stack trace of the named exception 
+     * Print the stack trace of the named exception
      * to the debug printstream
      */
     public static void printStackTrace(Throwable e) {
-        if (!TRACE_ON) return;
-        if (mOut == null) return;
+        if (!TRACE_ON)
+            return;
+        if (mOut == null)
+            return;
 
         e.printStackTrace(mOut);
     }
 
     /**
-     * Set the current debugging level. You can use: <pre>
+     * Set the current debugging level. You can use:
+     * 
+     * <pre>
      * OBNOXIOUS = 10
      * VERBOSE   = 5
      * INFORM    = 1
-     * </pre> Or another value
+     * </pre>
+     * 
+     * Or another value
      */
 
     public static void setLevel(int level) {
@@ -263,7 +280,7 @@ public class Debug
     /**
      * Test if debugging is on. Do NOT write to System.out in your debug code
      */
-    public static boolean on() { 
+    public static boolean on() {
         return TRACE_ON;
     }
 
@@ -271,7 +288,7 @@ public class Debug
 
     public static String ID = "debug";
     private static IConfigStore mConfig = null;
-	
+
     public String getId() {
         return ID;
     }
@@ -289,7 +306,9 @@ public class Debug
 
     /**
      * Debug subsystem initialization. This subsystem is usually
-     * given the following parameters: <pre>
+     * given the following parameters:
+     * 
+     * <pre>
      * debug.enabled   : (true|false) default false
      * debug.filename  : can be a pathname, or STDOUT
      * debug.hashkeytypes: comma-separated list of hashkey types
@@ -301,7 +320,7 @@ public class Debug
         mConfig = config;
         String filename = null;
         String hashkeytypes = null;
-		boolean append=true;
+        boolean append = true;
 
         try {
             TRACE_ON = mConfig.getBoolean(PROP_ENABLED, false);
@@ -318,27 +337,27 @@ public class Debug
                 if (filename.equals("STDOUT")) {
                     mOut = System.out;
                 } else {
-                    if( !Utils.isNT() ) {
+                    if (!Utils.isNT()) {
                         // Always insure that a physical file exists!
-                        Utils.exec( "touch " + filename );
-                        Utils.exec( "chmod 00640 " + filename );
+                        Utils.exec("touch " + filename);
+                        Utils.exec("chmod 00640 " + filename);
                     }
                     OutputStream os = new FileOutputStream(filename, append);
-                    mOut = new PrintStream(os, true);  /* true == autoflush */
+                    mOut = new PrintStream(os, true); /* true == autoflush */
                 }
                 if (hashkeytypes != null) {
-					StringTokenizer st = new StringTokenizer(hashkeytypes,
-							",", false);
-					mHK = new Hashtable();
-					while (st.hasMoreElements()) {
-						String hkr = st.nextToken();
-						mHK.put(hkr, "true");
-					}
+                    StringTokenizer st = new StringTokenizer(hashkeytypes,
+                            ",", false);
+                    mHK = new Hashtable();
+                    while (st.hasMoreElements()) {
+                        String hkr = st.nextToken();
+                        mHK.put(hkr, "true");
+                    }
                 }
             }
-			outputTraceMessage("============================================");
-			outputTraceMessage("=====  DEBUG SUBSYSTEM INITIALIZED   =======");
-			outputTraceMessage("============================================");
+            outputTraceMessage("============================================");
+            outputTraceMessage("=====  DEBUG SUBSYSTEM INITIALIZED   =======");
+            outputTraceMessage("============================================");
             int level = mConfig.getInteger(PROP_LEVEL, VERBOSE);
             setLevel(level);
         } catch (Exception e) {
@@ -364,4 +383,3 @@ public class Debug
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/util/ExceptionFormatter.java b/pki/base/common/src/com/netscape/cmscore/util/ExceptionFormatter.java
index 8479c757..88dd32a0 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/ExceptionFormatter.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/ExceptionFormatter.java
@@ -17,12 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.io.PipedInputStream;
 import java.io.PipedOutputStream;
 import java.io.PrintWriter;
 
-
 public class ExceptionFormatter {
 
     /**
@@ -39,7 +37,7 @@ public class ExceptionFormatter {
 
         try {
             PipedOutputStream po = new PipedOutputStream();
-            PipedInputStream  pi = new PipedInputStream(po);
+            PipedInputStream pi = new PipedInputStream(po);
 
             PrintWriter ps = new PrintWriter(po);
 
@@ -48,7 +46,7 @@ public class ExceptionFormatter {
 
             int avail = pi.available();
             byte[] b = new byte[avail];
-		
+
             pi.read(b, 0, avail);
             returnvalue = new String(b);
         } catch (Exception ex) {
@@ -60,7 +58,7 @@ public class ExceptionFormatter {
     /* test code below */
 
     public static void test()
-        throws TestException {
+            throws TestException {
         throw new TestException("** testexception **");
     }
 
@@ -79,7 +77,6 @@ public class ExceptionFormatter {
 
 }
 
-
 class TestException extends Exception {
 
     /**
@@ -95,4 +92,3 @@ class TestException extends Exception {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/util/FileAsString.java b/pki/base/common/src/com/netscape/cmscore/util/FileAsString.java
index c0ae1faa..27d5b6c7 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/FileAsString.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/FileAsString.java
@@ -17,21 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileReader;
 import java.io.IOException;
 
-
 public class FileAsString {
 
     protected String mFilename;
     protected long mLastRead = 0;
-	
+
     private String fileContents = null;
     private Object userObject = null;
-	
+
     /**
      * This class enables you to get treat a file as a string
      * If the file changes underneath you, it will automatically
@@ -50,7 +48,7 @@ public class FileAsString {
     }
 
     private void readFile()
-        throws IOException {
+            throws IOException {
         BufferedReader br = createBufferedReader(mFilename);
         StringBuffer buf = new StringBuffer("");
         int bytesread = 0;
@@ -63,15 +61,14 @@ public class FileAsString {
                 buf.append(cbuf, 0, bytesread);
             }
             String s = new String(buf);
-        }
-        while (bytesread != -1);
+        } while (bytesread != -1);
         br.close();
 
         fileContents = new String(buf);
     }
-		
-    private BufferedReader createBufferedReader(String filename) 
-        throws IOException {
+
+    private BufferedReader createBufferedReader(String filename)
+            throws IOException {
         Debug.trace("createBufferedReader(filename=" + filename + ")");
         BufferedReader br = null;
         FileReader fr = null;
@@ -84,13 +81,13 @@ public class FileAsString {
             br = new BufferedReader(fr);
             mFilename = filename;
         } catch (IOException e) {
-        	throw e;
+            throw e;
         }
         return br;
     }
-			
-    public String getAsString() 
-        throws IOException {
+
+    public String getAsString()
+            throws IOException {
         if (fileHasChanged()) {
             readFile();
         }
@@ -111,9 +108,9 @@ public class FileAsString {
     public void setUserObject(Object x) {
         userObject = x;
     }
-	
+
     public String getFilename() {
         return mFilename;
     }
-		
+
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/util/FileDialogFilter.java b/pki/base/common/src/com/netscape/cmscore/util/FileDialogFilter.java
index 37410533..454c3c8d 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/FileDialogFilter.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/FileDialogFilter.java
@@ -17,20 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.io.File;
 import java.io.FilenameFilter;
 
-
 /**
  * checks the filename and directory with the specified filter
  * checks with multiple "*".
  * the filter has to start with a '*' character.
  * this to keep the search the same as in the motif version
  * <P>
- * Copied verbatium from sun.awt.tiny.TinyFileDialogPeer.  Used by 
- * RollingLogFile expiration code
+ * Copied verbatium from sun.awt.tiny.TinyFileDialogPeer. Used by RollingLogFile expiration code
  * <P>
+ * 
  * @author mikep
  * @version $Revision$, $Date$
  */
@@ -50,25 +48,25 @@ public class FileDialogFilter implements FilenameFilter {
      * return true if match
      */
     public boolean accept(File dir, String fileName) {
-    	
+
         File f = new File(dir, fileName);
-	
+
         if (f.isDirectory()) {
             return true;
         } else {
             return searchPattern(fileName, filter);
         }
     }
-	
-    /** 
-     * start searching 
+
+    /**
+     * start searching
      */
     boolean searchPattern(String fileName, String filter) {
         int filterCursor = 0;
         int fileNameCursor = 0;
 
         int filterChar = filter.charAt(filterCursor);
-	    
+
         if (filterCursor == 0 && filterChar != '*') {
             return false;
         }
@@ -85,17 +83,17 @@ public class FileDialogFilter implements FilenameFilter {
         int flLen = fileName.length();
         char ftChar;
         char flChar;
-        int  ftCur = 0;
-        int  flCur = 0;
+        int ftCur = 0;
+        int flCur = 0;
         int c = 0;
-	
+
         if (ftLen == 0) {
             return true;
         }
 
         while (c < flLen) {
-            ftChar = filter.charAt(ftCur); 
-		
+            ftChar = filter.charAt(ftCur);
+
             if (ftChar == '*') {
                 String ls = filter.substring(ftCur + 1);
                 String fs = fileName.substring(flCur);
@@ -109,11 +107,11 @@ public class FileDialogFilter implements FilenameFilter {
                 continue;
             }
             flChar = fileName.charAt(flCur);
-	    
+
             if (ftChar == flChar) {
                 ftCur++;
                 flCur++;
-		
+
                 if (flCur == flLen && ftCur == ftLen) {
                     return true;
                 }
@@ -134,9 +132,9 @@ public class FileDialogFilter implements FilenameFilter {
                 }
             }
         }
-    	
+
         for (int i = ftCur; i < ftLen; i++) {
-            ftChar = filter.charAt(i); 
+            ftChar = filter.charAt(i);
             if (ftChar != '*') {
                 return false;
             }
@@ -144,4 +142,3 @@ public class FileDialogFilter implements FilenameFilter {
         return true;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/util/OsSubsystem.java b/pki/base/common/src/com/netscape/cmscore/util/OsSubsystem.java
index 05118b9e..6e5162d9 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/OsSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/OsSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.io.BufferedWriter;
 import java.io.File;
 import java.io.FileOutputStream;
@@ -36,13 +35,12 @@ import com.netscape.osutil.Signal;
 import com.netscape.osutil.SignalListener;
 import com.netscape.osutil.UserID;
 
-
 /**
- * This object contains the OS independent interfaces.  It's currently
+ * This object contains the OS independent interfaces. It's currently
  * used for Unix signal and user handling, but could eventually be extended
  * for NT interfaces.
  * <P>
- *
+ * 
  * @author mikep
  * @version $Revision$, $Date$
  */
@@ -89,13 +87,13 @@ public final class OsSubsystem implements ISubsystem {
      * Initializes this subsystem with the given configuration
      * store.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      * @exception EBaseException failed to initialize
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
 
         mOwner = owner;
         mConfig = config;
@@ -155,7 +153,7 @@ public final class OsSubsystem implements ISubsystem {
                  * @message OS: <exception thrown>
                  */
                 mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE, "OS: " + e.toString());
+                        ILogger.LL_FAILURE, "OS: " + e.toString());
             }
         }
     }
@@ -173,7 +171,7 @@ public final class OsSubsystem implements ISubsystem {
     }
 
     /**
-     * Used to change the process user id usually called after the appropriate 
+     * Used to change the process user id usually called after the appropriate
      * network ports have been opened.
      */
     public void setUserId() throws EBaseException {
@@ -194,10 +192,10 @@ public final class OsSubsystem implements ISubsystem {
              * @arg0 default user id
              */
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                ILogger.LL_FAILURE, 
-                "OS: No user id in config file.  Running as {0}", id);
+                    ILogger.LL_FAILURE,
+                    "OS: No user id in config file.  Running as {0}", id);
         } else {
-            Object[] params = {userid, id};
+            Object[] params = { userid, id };
 
             try {
                 UserID.set(userid);
@@ -209,9 +207,9 @@ public final class OsSubsystem implements ISubsystem {
                  * @arg0 supplied user id in config
                  * @arg1 default user id
                  */
-                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                    ILogger.LL_FAILURE,
-                    "OS: No such user as {0}.  Running as {1}", params);
+                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                        ILogger.LL_FAILURE,
+                        "OS: No such user as {0}.  Running as {1}", params);
             } catch (SecurityException e) {
 
                 /*LogDoc
@@ -221,9 +219,9 @@ public final class OsSubsystem implements ISubsystem {
                  * @arg1 default user id
                  */
                 mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE, 
-                    "OS: Can't change process uid to {0}. Running as {1}", 
-                    params);
+                        ILogger.LL_FAILURE,
+                        "OS: Can't change process uid to {0}. Running as {1}",
+                        params);
             }
         }
     }
@@ -232,7 +230,7 @@ public final class OsSubsystem implements ISubsystem {
     }
 
     /**
-     * Stops the watchdog.  You need to call this if you want the
+     * Stops the watchdog. You need to call this if you want the
      * server to really shutdown, otherwise the watchdog will just
      * restart us.
      * <P>
@@ -248,8 +246,8 @@ public final class OsSubsystem implements ISubsystem {
              * @phase stop watchdog
              */
             CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                ILogger.LL_INFO, 
-                "OS: stop the NT watchdog!");
+                    ILogger.LL_INFO,
+                    "OS: stop the NT watchdog!");
         }
     }
 
@@ -276,7 +274,7 @@ public final class OsSubsystem implements ISubsystem {
         //	mSignalThread.stop();
         //	mSignalThread = null;
         //}
-		
+
         /* Don't release this signals to protect the process
          Signal.release(Signal.SIGHUP); 
          Signal.release(Signal.SIGTERM);
@@ -298,18 +296,18 @@ public final class OsSubsystem implements ISubsystem {
     public void restart() {
 
         /**
-         if (isUnix()) {
-         restartUnix();
-         } else {
-         restartNT();
-         }
+         * if (isUnix()) {
+         * restartUnix();
+         * } else {
+         * restartNT();
+         * }
          **/
     }
 
     /**
      * Returns the root configuration storage of this system.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -319,8 +317,9 @@ public final class OsSubsystem implements ISubsystem {
     /**
      * A universal routine to decide if we are Unix or something else.
      * This is mostly used for signal handling and uids.
-     *
+     * 
      * <P>
+     * 
      * @return true if these OS the JavaVM is running on is some Unix varient
      */
     public static boolean isUnix() {
@@ -329,8 +328,8 @@ public final class OsSubsystem implements ISubsystem {
     }
 
     /**
-     * Unix signal thread.  Sleep for a second and then check on the
-     * signals we're interested in.  If one is set, do the right stuff
+     * Unix signal thread. Sleep for a second and then check on the
+     * signals we're interested in. If one is set, do the right stuff
      */
     final class SignalThread extends Thread {
 
@@ -360,16 +359,16 @@ public final class OsSubsystem implements ISubsystem {
 
                 // wants us to exit?
                 if (Signal.caught(Signal.SIGINT) > 0 ||
-                    Signal.caught(Signal.SIGTERM) > 0) {
+                        Signal.caught(Signal.SIGTERM) > 0) {
 
                     /*LogDoc
                      *
                      * @phase watchdog check
                      */
-                    mLogger.log(ILogger.EV_SYSTEM, 
-                        ILogger.S_OTHER, 
-                        ILogger.LL_INFO,
-                        "OS: Received shutdown signal");
+                    mLogger.log(ILogger.EV_SYSTEM,
+                            ILogger.S_OTHER,
+                            ILogger.LL_INFO,
+                            "OS: Received shutdown signal");
                     SubsystemRegistry.getInstance().get("MAIN").shutdown();
                     return;
                 }
@@ -381,10 +380,10 @@ public final class OsSubsystem implements ISubsystem {
                      *
                      * @phase watchdog check
                      */
-                    mLogger.log(ILogger.EV_SYSTEM, 
-                        ILogger.S_OTHER, 
-                        ILogger.LL_INFO,
-                        "OS: Received restart signal");
+                    mLogger.log(ILogger.EV_SYSTEM,
+                            ILogger.S_OTHER,
+                            ILogger.LL_INFO,
+                            "OS: Received restart signal");
                     restart();
                     return;
                 }
@@ -395,9 +394,9 @@ public final class OsSubsystem implements ISubsystem {
     }
 }
 
-
 class SIGTERMListener extends SignalListener {
     private OsSubsystem mOS;
+
     public SIGTERMListener(OsSubsystem os) {
         mOS = os;
     }
@@ -410,9 +409,9 @@ class SIGTERMListener extends SignalListener {
     }
 }
 
-
 class SIGINTListener extends SignalListener {
     private OsSubsystem mOS;
+
     public SIGINTListener(OsSubsystem os) {
         mOS = os;
     }
@@ -425,9 +424,9 @@ class SIGINTListener extends SignalListener {
     }
 }
 
-
 class SIGHUPListener extends SignalListener {
     private OsSubsystem mOS;
+
     public SIGHUPListener(OsSubsystem os) {
         mOS = os;
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/util/PFXUtils.java b/pki/base/common/src/com/netscape/cmscore/util/PFXUtils.java
index 7cde72cc..ed0e6d64 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/PFXUtils.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/PFXUtils.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.io.ByteArrayOutputStream;
 import java.security.MessageDigest;
 import java.security.cert.X509Certificate;
@@ -40,14 +39,13 @@ import org.mozilla.jss.pkix.primitive.PrivateKeyInfo;
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 
-
 public class PFXUtils {
 
     /**
      * Creates a PKCS12 package.
      */
-    public static byte[] createPFX(String pwd, X509Certificate x509cert, 
-        byte privateKeyInfo[]) throws EBaseException {
+    public static byte[] createPFX(String pwd, X509Certificate x509cert,
+            byte privateKeyInfo[]) throws EBaseException {
         try {
             // add certificate
             SEQUENCE encSafeContents = new SEQUENCE();
@@ -64,24 +62,24 @@ public class PFXUtils {
             encSafeContents.addElement(certBag);
 
             // add key
-            org.mozilla.jss.util.Password pass = new 
-                org.mozilla.jss.util.Password(
-                    pwd.toCharArray());
+            org.mozilla.jss.util.Password pass = new
+                    org.mozilla.jss.util.Password(
+                            pwd.toCharArray());
 
             SEQUENCE safeContents = new SEQUENCE();
-            PasswordConverter passConverter = new 
-                PasswordConverter();
+            PasswordConverter passConverter = new
+                    PasswordConverter();
 
             // XXX - should generate salt
-            byte salt[] = {0x01, 0x01, 0x01, 0x01};
+            byte salt[] = { 0x01, 0x01, 0x01, 0x01 };
             PrivateKeyInfo pki = (PrivateKeyInfo)
-                ASN1Util.decode(PrivateKeyInfo.getTemplate(),
-                    privateKeyInfo);
+                    ASN1Util.decode(PrivateKeyInfo.getTemplate(),
+                            privateKeyInfo);
             ASN1Value key = EncryptedPrivateKeyInfo.createPBE(
-                    PBEAlgorithm.PBE_SHA1_DES3_CBC, 
+                    PBEAlgorithm.PBE_SHA1_DES3_CBC,
                     pass, salt, 1, passConverter, pki);
             SET keyAttrs = createBagAttrs(
-                    x509cert.getSubjectDN().toString(), 
+                    x509cert.getSubjectDN().toString(),
                     localKeyId);
             SafeBag keyBag = new SafeBag(
                     SafeBag.PKCS8_SHROUDED_KEY_BAG, key,
@@ -90,8 +88,8 @@ public class PFXUtils {
             safeContents.addElement(keyBag);
 
             // build contents
-            AuthenticatedSafes authSafes = new 
-                AuthenticatedSafes();
+            AuthenticatedSafes authSafes = new
+                    AuthenticatedSafes();
 
             authSafes.addSafeContents(safeContents);
             authSafes.addSafeContents(encSafeContents);
@@ -103,8 +101,8 @@ public class PFXUtils {
             PFX pfx = new PFX(authSafes);
 
             pfx.computeMacData(pass, null, 5); // ??
-            ByteArrayOutputStream fos = new 
-                ByteArrayOutputStream();
+            ByteArrayOutputStream fos = new
+                    ByteArrayOutputStream();
 
             pfx.encode(fos);
             pass.clear();
@@ -113,8 +111,8 @@ public class PFXUtils {
             return fos.toByteArray();
         } catch (Exception e) {
             throw new EBaseException(
-                    CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", 
-                        "Failed to create PKCS12 - " + e.toString()));
+                    CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
+                            "Failed to create PKCS12 - " + e.toString()));
         }
     }
 
@@ -122,7 +120,7 @@ public class PFXUtils {
      * Creates local key identifier.
      */
     public static byte[] createLocalKeyId(X509Certificate cert)
-        throws EBaseException {
+            throws EBaseException {
         try {
             byte certDer[] = cert.getEncoded();
             MessageDigest md = MessageDigest.getInstance("SHA");
@@ -131,8 +129,8 @@ public class PFXUtils {
             return md.digest();
         } catch (Exception e) {
             throw new EBaseException(
-                    CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", 
-                        "Failed to create Key ID - " + e.toString()));
+                    CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
+                            "Failed to create Key ID - " + e.toString()));
         }
     }
 
@@ -140,7 +138,7 @@ public class PFXUtils {
      * Creates bag attributes.
      */
     public static SET createBagAttrs(String nickName, byte localKeyId[])
-        throws EBaseException {
+            throws EBaseException {
         try {
             SET attrs = new SET();
             SEQUENCE nickNameAttr = new SEQUENCE();
@@ -163,7 +161,7 @@ public class PFXUtils {
         } catch (Exception e) {
             throw new EBaseException(
                     CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                        "Failed to create Key Bag - " + e.toString()));
+                            "Failed to create Key Bag - " + e.toString()));
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/util/ProfileSubsystem.java b/pki/base/common/src/com/netscape/cmscore/util/ProfileSubsystem.java
index 2d8e63c9..614cc524 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/ProfileSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/ProfileSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.awt.Frame;
 import java.awt.TextArea;
 import java.awt.event.MouseAdapter;
@@ -39,7 +38,6 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
  * A class represents a internal subsystem. This subsystem
  * can be loaded into cert server kernel to perform
@@ -82,24 +80,21 @@ public class ProfileSubsystem extends Frame implements ISubsystem, Runnable {
     }
 
     /**
-     * Initializes this subsystem with the given 
+     * Initializes this subsystem with the given
      * configuration store.
      * It first initializes resident subsystems,
      * and it loads and initializes loadable
      * subsystem specified in the configuration
      * store.
      * <P>
-     * Note that individual subsystem should be
-     * initialized in a separated thread if
-     * it has dependency on the initialization
-     * of other subsystems.
+     * Note that individual subsystem should be initialized in a separated thread if it has dependency on the initialization of other subsystems.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      */
     public synchronized void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         JTabbedPane tabPane = new JTabbedPane();
 
         // general panel
@@ -152,17 +147,17 @@ public class ProfileSubsystem extends Frame implements ISubsystem, Runnable {
 
     public void updateGeneralPanel() {
         Runtime.getRuntime().gc();
-        String text = 
-            "JDK VM Information " + "\n" +
-            "Total Memory: " +  
-            Runtime.getRuntime().totalMemory() + "\n" +
-            "Used Memory: " +  
-            (Runtime.getRuntime().totalMemory() - 
-                Runtime.getRuntime().freeMemory()) + "\n" +
-            "Free Memory: " +  
-            Runtime.getRuntime().freeMemory() + "\n" +
-            "Number of threads: " +  
-            Thread.activeCount() + "\n";
+        String text =
+                "JDK VM Information " + "\n" +
+                        "Total Memory: " +
+                        Runtime.getRuntime().totalMemory() + "\n" +
+                        "Used Memory: " +
+                        (Runtime.getRuntime().totalMemory() -
+                        Runtime.getRuntime().freeMemory()) + "\n" +
+                        "Free Memory: " +
+                        Runtime.getRuntime().freeMemory() + "\n" +
+                        "Number of threads: " +
+                        Thread.activeCount() + "\n";
 
         mTextArea.setText(text);
     }
@@ -197,7 +192,7 @@ public class ProfileSubsystem extends Frame implements ISubsystem, Runnable {
         colNames.addElement("isCurrent");
         colNames.addElement("isInterrupted");
         colNames.addElement("isDaemon");
-     
+
         mThreadModel.setInfo(data, colNames);
         if (mThreadTable != null) {
             mThreadTable.setModel(mThreadModel);
@@ -219,8 +214,7 @@ public class ProfileSubsystem extends Frame implements ISubsystem, Runnable {
     }
 }
 
-
-class ThreadTableModel extends AbstractTableModel { 
+class ThreadTableModel extends AbstractTableModel {
     /**
      *
      */
@@ -236,34 +230,33 @@ class ThreadTableModel extends AbstractTableModel {
         columnNames = _columnNames;
     }
 
-    public String getColumnName(int column) { 
-        return columnNames.elementAt(column).toString(); 
-    } 
+    public String getColumnName(int column) {
+        return columnNames.elementAt(column).toString();
+    }
 
-    public int getRowCount() { 
-        return rowData.size(); 
-    } 
+    public int getRowCount() {
+        return rowData.size();
+    }
 
-    public int getColumnCount() { 
-        return columnNames.size(); 
-    } 
+    public int getColumnCount() {
+        return columnNames.size();
+    }
 
-    public Object getValueAt(int row, int column) { 
-        return ((Vector) rowData.elementAt(row)).elementAt(column); 
-    } 
+    public Object getValueAt(int row, int column) {
+        return ((Vector) rowData.elementAt(row)).elementAt(column);
+    }
 
-    public boolean isCellEditable(int row, int column) { 
-        return false; 
-    } 
+    public boolean isCellEditable(int row, int column) {
+        return false;
+    }
 
-    public void setValueAt(Object value, int row, int column) { 
-        ((Vector) rowData.elementAt(row)).setElementAt(value, column); 
-        fireTableCellUpdated(row, column); 
+    public void setValueAt(Object value, int row, int column) {
+        ((Vector) rowData.elementAt(row)).setElementAt(value, column);
+        fireTableCellUpdated(row, column);
     }
 }
 
-
-class ThreadTableEvent extends MouseAdapter { 
+class ThreadTableEvent extends MouseAdapter {
 
     private JTable mThreadTable = null;
 
@@ -271,8 +264,8 @@ class ThreadTableEvent extends MouseAdapter {
         mThreadTable = table;
     }
 
-    public void mouseClicked(MouseEvent e) { 
-        if (e.getClickCount() == 2) { 
+    public void mouseClicked(MouseEvent e) {
+        if (e.getClickCount() == 2) {
             int row = mThreadTable.getSelectedRow();
 
             if (row != -1) {
@@ -287,19 +280,19 @@ class ThreadTableEvent extends MouseAdapter {
                 Thread threads[] = new Thread[100];
                 int numThreads = Thread.enumerate(threads);
 
-                ByteArrayOutputStream outArray = new ByteArrayOutputStream(); 
+                ByteArrayOutputStream outArray = new ByteArrayOutputStream();
 
                 for (int i = 0; i < numThreads; i++) {
                     if (!threads[i].getName().equals(name))
                         continue;
-                    PrintStream err = System.err; 
+                    PrintStream err = System.err;
 
                     System.setErr(new PrintStream(outArray));
-                  //TODO remove.  This was being called on the array object
+                    //TODO remove.  This was being called on the array object
                     //But you can only dump stack on the current thread
-                    Thread.dumpStack();  
-                    
-                    System.setErr(err); 
+                    Thread.dumpStack();
+
+                    System.setErr(err);
                 }
 
                 String str = outArray.toString();
@@ -312,7 +305,7 @@ class ThreadTableEvent extends MouseAdapter {
                 dialog.setContentPane(pane);
                 dialog.show();
             }
-        } 
+        }
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/util/StatsSubsystem.java b/pki/base/common/src/com/netscape/cmscore/util/StatsSubsystem.java
index 4cc393e0..aabd8172 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/StatsSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/StatsSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.util.Date;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -38,8 +37,7 @@ import com.netscape.certsrv.util.StatsEvent;
  * @author thomask
  * @version $Revision$, $Date$
  */
-public class StatsSubsystem implements IStatsSubsystem
-{
+public class StatsSubsystem implements IStatsSubsystem {
     private String mId = null;
     private StatsEvent mAllTrans = new StatsEvent(null);
     private Date mStartTime = new Date();
@@ -64,101 +62,91 @@ public class StatsSubsystem implements IStatsSubsystem
     }
 
     /**
-     * Initializes this subsystem with the given 
+     * Initializes this subsystem with the given
      * configuration store.
      * It first initializes resident subsystems,
      * and it loads and initializes loadable
      * subsystem specified in the configuration
      * store.
      * <P>
-     * Note that individual subsystem should be
-     * initialized in a separated thread if
-     * it has dependency on the initialization
-     * of other subsystems.
+     * Note that individual subsystem should be initialized in a separated thread if it has dependency on the initialization of other subsystems.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      */
     public synchronized void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException 
-    {
-    }
-
-    public Date getStartTime()
-    {
-      return mStartTime;
-    }
-
-    public void startTiming(String id)
-    {
-      startTiming(id, false /* not the main */);
-    }
-
-    public void startTiming(String id, boolean mainAction)
-    {
-      Thread t = Thread.currentThread();
-      Vector milestones = null;
-      if (mHashtable.containsKey(t.toString())) {
-        milestones = (Vector)mHashtable.get(t.toString());
-      } else {
-        milestones = new Vector();
-        mHashtable.put(t.toString(), milestones);
-      }
-      long startTime = CMS.getCurrentDate().getTime();
-      StatsEvent currentST = null;
-      for (int i = 0; i < milestones.size(); i++) {
-        StatsMilestone se = (StatsMilestone)milestones.elementAt(i);
-        if (currentST == null) {
-          currentST = mAllTrans.getSubEvent(se.getId());
+            throws EBaseException {
+    }
+
+    public Date getStartTime() {
+        return mStartTime;
+    }
+
+    public void startTiming(String id) {
+        startTiming(id, false /* not the main */);
+    }
+
+    public void startTiming(String id, boolean mainAction) {
+        Thread t = Thread.currentThread();
+        Vector milestones = null;
+        if (mHashtable.containsKey(t.toString())) {
+            milestones = (Vector) mHashtable.get(t.toString());
         } else {
-          currentST = currentST.getSubEvent(se.getId());
+            milestones = new Vector();
+            mHashtable.put(t.toString(), milestones);
+        }
+        long startTime = CMS.getCurrentDate().getTime();
+        StatsEvent currentST = null;
+        for (int i = 0; i < milestones.size(); i++) {
+            StatsMilestone se = (StatsMilestone) milestones.elementAt(i);
+            if (currentST == null) {
+                currentST = mAllTrans.getSubEvent(se.getId());
+            } else {
+                currentST = currentST.getSubEvent(se.getId());
+            }
+        }
+        if (currentST == null) {
+            if (!mainAction) {
+                return; /* ignore none main action */
+            }
+            currentST = mAllTrans;
+        }
+        StatsEvent newST = currentST.getSubEvent(id);
+        if (newST == null) {
+            newST = new StatsEvent(currentST);
+            newST.setName(id);
+            currentST.addSubEvent(newST);
+        }
+        milestones.addElement(new StatsMilestone(id, startTime, newST));
+    }
+
+    public void endTiming(String id) {
+        long endTime = CMS.getCurrentDate().getTime();
+        Thread t = Thread.currentThread();
+        if (!mHashtable.containsKey(t.toString())) {
+            return; /* error */
+        }
+        Vector milestones = (Vector) mHashtable.get(t.toString());
+        if (milestones.size() == 0) {
+            return; /* error */
         }
-      }
-      if (currentST == null) {
-          if (!mainAction) {
-            return; /* ignore none main action */
-          }
-          currentST = mAllTrans;
-      }
-      StatsEvent newST = currentST.getSubEvent(id);
-      if (newST == null) {
-        newST = new StatsEvent(currentST);
-        newST.setName(id);
-        currentST.addSubEvent(newST);
-      }
-      milestones.addElement(new StatsMilestone(id, startTime, newST));
-    }
-
-    public void endTiming(String id)
-    {
-      long endTime = CMS.getCurrentDate().getTime();
-      Thread t = Thread.currentThread();
-      if (!mHashtable.containsKey(t.toString())) {
-        return; /* error */
-      }
-      Vector milestones = (Vector)mHashtable.get(t.toString());
-      if (milestones.size() == 0) {
-        return; /* error */
-      }
-      StatsMilestone last = (StatsMilestone)milestones.remove(milestones.size() - 1);
-      StatsEvent st = last.getStatsEvent();
-      st.incNoOfOperations(1);
-      st.incTimeTaken(endTime - last.getStartTime());
-      if (milestones.size() == 0) {
-        mHashtable.remove(t.toString());
-      }
-    }
-
-    public void resetCounters()
-    {
-      mStartTime = CMS.getCurrentDate();
-      mAllTrans.resetCounters();
-    }
-
-    public StatsEvent getMainStatsEvent()
-    {
-      return mAllTrans; 
+        StatsMilestone last = (StatsMilestone) milestones.remove(milestones.size() - 1);
+        StatsEvent st = last.getStatsEvent();
+        st.incNoOfOperations(1);
+        st.incTimeTaken(endTime - last.getStartTime());
+        if (milestones.size() == 0) {
+            mHashtable.remove(t.toString());
+        }
+    }
+
+    public void resetCounters() {
+        mStartTime = CMS.getCurrentDate();
+        mAllTrans.resetCounters();
+    }
+
+    public StatsEvent getMainStatsEvent() {
+        return mAllTrans;
     }
 
     public void startup() throws EBaseException {
@@ -181,31 +169,26 @@ public class StatsSubsystem implements IStatsSubsystem
     }
 }
 
-class StatsMilestone
-{
-  private String mId = null;
-  private long mStartTime = 0;
-  private StatsEvent mST = null;
-
-  public StatsMilestone(String id, long startTime, StatsEvent st)
-  {
-    mId = id;
-    mStartTime = startTime;
-    mST = st;
-  }
-
-  public String getId()
-  {
-    return mId;
-  }
-
-  public long getStartTime()
-  {
-    return mStartTime;
-  }
-
-  public StatsEvent getStatsEvent()
-  {
-    return mST;
-  }
+class StatsMilestone {
+    private String mId = null;
+    private long mStartTime = 0;
+    private StatsEvent mST = null;
+
+    public StatsMilestone(String id, long startTime, StatsEvent st) {
+        mId = id;
+        mStartTime = startTime;
+        mST = st;
+    }
+
+    public String getId() {
+        return mId;
+    }
+
+    public long getStartTime() {
+        return mStartTime;
+    }
+
+    public StatsEvent getStatsEvent() {
+        return mST;
+    }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/util/UtilMessage.java b/pki/base/common/src/com/netscape/cmscore/util/UtilMessage.java
index a69a976c..8002cfe1 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/UtilMessage.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/UtilMessage.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.base.MessageFormatter;
 
-
 /**
  * This object is used to easily create I18N messages for utility
  * classes and standalone programs.
- *
+ * 
  * @author mikep
  * @version $Revision$, $Date$
  * @see com.netscape.certsrv.base.MessageFormatter
@@ -46,7 +44,7 @@ public class UtilMessage {
     /**
      * Constructs a message event
      * <P>
-     *
+     * 
      * @param msgFormat the message string
      */
     public UtilMessage(String msgFormat) {
@@ -56,11 +54,12 @@ public class UtilMessage {
 
     /**
      * Constructs a message with a parameter. For example,
+     * 
      * <PRE>
-     * 		new UtilMessage("failed to load {0}", fileName);
+     * new UtilMessage(&quot;failed to load {0}&quot;, fileName);
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat details in message string format
      * @param param message string parameter
      */
@@ -74,6 +73,7 @@ public class UtilMessage {
      * Constructs a message from an exception. It can be used to carry
      * a system exception that may contain information about
      * the context. For example,
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -82,7 +82,7 @@ public class UtilMessage {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param exception system exception
      */
@@ -95,6 +95,7 @@ public class UtilMessage {
     /**
      * Constructs a message from a base exception. This will use the msgFormat
      * from the exception itself.
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -103,7 +104,7 @@ public class UtilMessage {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param exception CMS exception
      */
     public UtilMessage(Exception e) {
@@ -116,7 +117,7 @@ public class UtilMessage {
      * Constructs a message event with a list of parameters
      * that will be substituted into the message format.
      * <P>
-     *
+     * 
      * @param msgFormat message string format
      * @param params list of message format parameters
      */
@@ -128,7 +129,7 @@ public class UtilMessage {
     /**
      * Returns the current message format string.
      * <P>
-     *
+     * 
      * @return details message
      */
     public String getMessage() {
@@ -138,7 +139,7 @@ public class UtilMessage {
     /**
      * Returns a list of parameters.
      * <P>
-     *
+     * 
      * @return list of message format parameters
      */
     public Object[] getParameters() {
@@ -149,7 +150,7 @@ public class UtilMessage {
      * Returns localized message string. This method should
      * only be called if a localized string is necessary.
      * <P>
-     *
+     * 
      * @return details message
      */
     public String toString() {
@@ -159,7 +160,7 @@ public class UtilMessage {
     /**
      * Returns the string based on the given locale.
      * <P>
-     *
+     * 
      * @param locale locale
      * @return details message
      */
@@ -170,7 +171,7 @@ public class UtilMessage {
     }
 
     /**
-     * Gets the resource bundle name for this class instance.  This should
+     * Gets the resource bundle name for this class instance. This should
      * be overridden by subclasses who have their own resource bundles.
      */
     protected String getBundleName() {
diff --git a/pki/base/common/src/com/netscape/cmscore/util/UtilResources.java b/pki/base/common/src/com/netscape/cmscore/util/UtilResources.java
index 5892adc3..1324f6ca 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/UtilResources.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/UtilResources.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for miscellanous utilities
  * <P>
- *
+ * 
  * @author mikep
  * @version $Revision$, $Date$
  * @see java.util.ListResourceBundle
@@ -57,18 +55,18 @@ public class UtilResources extends ListResourceBundle {
     public final static String RESTART_SIG = "restartSignal";
 
     static final Object[][] contents = {
-            {HASH_FILE_CHECK_USAGE, "usage: HashFileCheck <filename>"},
-            {BAD_ARG_COUNT, "incorrect number of arguments"},
-            {NO_SUCH_FILE_1, "can''t find file {0}"},
-            {FILE_TRUNCATED, "Log file has been truncated."},
-            {DIGEST_MATCH_1, "Hash digest matches log file. {0} OK"},
-            {DIGEST_DONT_MATCH_1, "Hash digest does NOT match log file. {0} and/or hash file is corrupt or the password is incorrect."},
-            {EXCEPTION_1, "Caught unexpected exception {0}"},
-            {LOG_PASSWORD, "Please enter the log file hash digest password: "},
-            {NO_USERID, "No user id in config file.  Running as {0}"},
-            {NO_SUCH_USER_2, "No such user as {0}.  Running as {1}"},
-            {NO_UID_PERMISSION_2, "Can''t change process uid to {0}. Running as {1}"},
-            {SHUTDOWN_SIG, "Received shutdown signal"},
-            {RESTART_SIG, "Received restart signal"},
+            { HASH_FILE_CHECK_USAGE, "usage: HashFileCheck <filename>" },
+            { BAD_ARG_COUNT, "incorrect number of arguments" },
+            { NO_SUCH_FILE_1, "can''t find file {0}" },
+            { FILE_TRUNCATED, "Log file has been truncated." },
+            { DIGEST_MATCH_1, "Hash digest matches log file. {0} OK" },
+            { DIGEST_DONT_MATCH_1, "Hash digest does NOT match log file. {0} and/or hash file is corrupt or the password is incorrect." },
+            { EXCEPTION_1, "Caught unexpected exception {0}" },
+            { LOG_PASSWORD, "Please enter the log file hash digest password: " },
+            { NO_USERID, "No user id in config file.  Running as {0}" },
+            { NO_SUCH_USER_2, "No such user as {0}.  Running as {1}" },
+            { NO_UID_PERMISSION_2, "Can''t change process uid to {0}. Running as {1}" },
+            { SHUTDOWN_SIG, "Received shutdown signal" },
+            { RESTART_SIG, "Received restart signal" },
         };
 }
diff --git a/pki/base/common/test/com/netscape/certsrv/app/CMSEngineDefaultStub.java b/pki/base/common/test/com/netscape/certsrv/app/CMSEngineDefaultStub.java
index c01ec33e..0ac0215a 100644
--- a/pki/base/common/test/com/netscape/certsrv/app/CMSEngineDefaultStub.java
+++ b/pki/base/common/test/com/netscape/certsrv/app/CMSEngineDefaultStub.java
@@ -126,7 +126,7 @@ public class CMSEngineDefaultStub implements ICMSEngine {
         return false;
     }
 
-    public Enumeration <String> getSubsystemNames() {
+    public Enumeration<String> getSubsystemNames() {
         return null;
     }
 
@@ -261,14 +261,15 @@ public class CMSEngineDefaultStub implements ICMSEngine {
     public String getFingerPrints(Certificate cert) throws NoSuchAlgorithmException, CertificateEncodingException {
         return null;
     }/*
-    * Returns the finger print of the given certificate.
-*
-* @param certDer DER byte array of certificate
-* @return finger print of certificate
-*/
-public String getFingerPrints(byte[] certDer) throws NoSuchAlgorithmException {
-    return null;
-}
+     * Returns the finger print of the given certificate.
+     *
+     * @param certDer DER byte array of certificate
+     * @return finger print of certificate
+     */
+
+    public String getFingerPrints(byte[] certDer) throws NoSuchAlgorithmException {
+        return null;
+    }
 
     public IRepositoryRecord createRepositoryRecord() {
         return null;
@@ -459,7 +460,6 @@ public String getFingerPrints(byte[] certDer) throws NoSuchAlgorithmException {
         return null;
     }
 
-
     public IGeneralNamesConfig createGeneralNamesConfig(String name, IConfigStore config, boolean isValueConfigured, boolean isPolicyEnabled) throws EBaseException {
         return null;
     }
@@ -472,7 +472,6 @@ public String getFingerPrints(byte[] certDer) throws NoSuchAlgorithmException {
         return null;
     }
 
-
     public ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) throws EBaseException {
         return null;
     }
@@ -511,7 +510,6 @@ public String getFingerPrints(byte[] certDer) throws NoSuchAlgorithmException {
         return null;
     }
 
-
     public boolean isRevoked(X509Certificate[] certificates) {
         return false;
     }
@@ -537,89 +535,89 @@ public String getFingerPrints(byte[] certDer) throws NoSuchAlgorithmException {
         return null;
     }
 
-	@Override
-	public String getEEClientAuthSSLPort() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public boolean verifySystemCerts() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	@Override
-	public boolean verifySystemCertByTag(String tag) {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	@Override
-	public boolean verifySystemCertByNickname(String nickname,
-			String certificateUsage) {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	@Override
-	public CertificateUsage getCertificateUsage(String certusage) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public void getGeneralNameConfigDefaultParams(String name,
-			boolean isValueConfigured, Vector<String> params) {
-		// TODO Auto-generated method stub
-		
-	}
-
-	@Override
-	public void getGeneralNamesConfigDefaultParams(String name,
-			boolean isValueConfigured, Vector<String> params) {
-		// TODO Auto-generated method stub
-		
-	}
-
-	@Override
-	public void getGeneralNameConfigExtendedPluginInfo(String name,
-			boolean isValueConfigured, Vector<String> info) {
-		// TODO Auto-generated method stub
-		
-	}
-
-	@Override
-	public void getGeneralNamesConfigExtendedPluginInfo(String name,
-			boolean isValueConfigured, Vector<String> info) {
-		// TODO Auto-generated method stub
-		
-	}
-
-	@Override
-	public void getSubjAltNameConfigDefaultParams(String name,
-			Vector<String> params) {
-		// TODO Auto-generated method stub
-		
-	}
-
-	@Override
-	public void getSubjAltNameConfigExtendedPluginInfo(String name,
-			Vector<String> params) {
-		// TODO Auto-generated method stub
-		
-	}
-
-	@Override
-	public IArgBlock createArgBlock(String realm,
-			Hashtable<String, String> httpReq) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public IArgBlock createArgBlock(Hashtable<String, String> httpReq) {
-		// TODO Auto-generated method stub
-		return null;
-	}
+    @Override
+    public String getEEClientAuthSSLPort() {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public boolean verifySystemCerts() {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public boolean verifySystemCertByTag(String tag) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public boolean verifySystemCertByNickname(String nickname,
+            String certificateUsage) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public CertificateUsage getCertificateUsage(String certusage) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public void getGeneralNameConfigDefaultParams(String name,
+            boolean isValueConfigured, Vector<String> params) {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void getGeneralNamesConfigDefaultParams(String name,
+            boolean isValueConfigured, Vector<String> params) {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void getGeneralNameConfigExtendedPluginInfo(String name,
+            boolean isValueConfigured, Vector<String> info) {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void getGeneralNamesConfigExtendedPluginInfo(String name,
+            boolean isValueConfigured, Vector<String> info) {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void getSubjAltNameConfigDefaultParams(String name,
+            Vector<String> params) {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void getSubjAltNameConfigExtendedPluginInfo(String name,
+            Vector<String> params) {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public IArgBlock createArgBlock(String realm,
+            Hashtable<String, String> httpReq) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public IArgBlock createArgBlock(Hashtable<String, String> httpReq) {
+        // TODO Auto-generated method stub
+        return null;
+    }
 }
diff --git a/pki/base/common/test/com/netscape/certsrv/authentication/AuthTokenTest.java b/pki/base/common/test/com/netscape/certsrv/authentication/AuthTokenTest.java
index 3f83b3b0..c60e93d9 100644
--- a/pki/base/common/test/com/netscape/certsrv/authentication/AuthTokenTest.java
+++ b/pki/base/common/test/com/netscape/certsrv/authentication/AuthTokenTest.java
@@ -48,7 +48,7 @@ public class AuthTokenTest extends CMSBaseTestCase {
         assertEquals("value", authToken.mAttrs.get("key"));
         assertEquals("value", authToken.getInString("key"));
 
-        assertFalse(authToken.set("key", (String)null));
+        assertFalse(authToken.set("key", (String) null));
     }
 
     public void testGetSetByteArray() {
@@ -62,7 +62,7 @@ public class AuthTokenTest extends CMSBaseTestCase {
         byte[] retval = authToken.getInByteArray("key");
         assertEquals(data, retval);
 
-        assertFalse(authToken.set("key2", (byte[])null));
+        assertFalse(authToken.set("key2", (byte[]) null));
     }
 
     public void testGetSetInteger() {
@@ -75,7 +75,7 @@ public class AuthTokenTest extends CMSBaseTestCase {
         authToken.set("key2", "value");
         assertNull(authToken.getInInteger("key2"));
 
-        assertFalse(authToken.set("key3", (Integer)null));
+        assertFalse(authToken.set("key3", (Integer) null));
     }
 
     public void testGetSetBigIntegerArray() {
@@ -102,11 +102,11 @@ public class AuthTokenTest extends CMSBaseTestCase {
         assertNull(authToken.getInBigIntegerArray("key3"));
 
         // corner case test
-        authToken.set("key",",");
+        authToken.set("key", ",");
         retval = authToken.getInBigIntegerArray("key");
         assertNull(retval);
 
-        assertFalse(authToken.set("key4", (BigInteger[])null));
+        assertFalse(authToken.set("key4", (BigInteger[]) null));
     }
 
     public void testGetSetDate() {
@@ -123,7 +123,7 @@ public class AuthTokenTest extends CMSBaseTestCase {
         authToken.set("key3", "oops");
         assertNull(authToken.getInDate("key3"));
 
-        assertFalse(authToken.set("key4", (Date)null));
+        assertFalse(authToken.set("key4", (Date) null));
     }
 
     public void testGetSetStringArray() throws IOException {
@@ -145,16 +145,15 @@ public class AuthTokenTest extends CMSBaseTestCase {
         assertEquals(value[3], retval[3]);
 
         // illegal value parsing
-        authToken.set("key2", new byte[] { 1, 2, 3, 4});
+        authToken.set("key2", new byte[] { 1, 2, 3, 4 });
         assertNull(authToken.getInStringArray("key2"));
 
-        
         DerOutputStream out = new DerOutputStream();
         out.putPrintableString("testing");
         authToken.set("key3", out.toByteArray());
         assertNull(authToken.getInStringArray("key3"));
 
-        assertFalse(authToken.set("key4", (String[])null));
+        assertFalse(authToken.set("key4", (String[]) null));
     }
 
     public void testGetSetCert() throws CertificateException {
@@ -170,7 +169,7 @@ public class AuthTokenTest extends CMSBaseTestCase {
         assertNotNull(retval);
         assertEquals(cert, retval);
 
-        assertFalse(authToken.set("key2", (X509CertImpl)null));
+        assertFalse(authToken.set("key2", (X509CertImpl) null));
     }
 
     public void testGetSetCertExts() throws IOException {
@@ -191,13 +190,13 @@ public class AuthTokenTest extends CMSBaseTestCase {
         assertNotNull(retval);
         assertEquals(1, retval.size());
 
-        assertFalse(authToken.set("key3", (CertificateExtensions)null));
+        assertFalse(authToken.set("key3", (CertificateExtensions) null));
     }
 
     public void testGetSetCertificates() throws CertificateException {
         X509CertImpl cert1 = getFakeCert();
         X509CertImpl cert2 = getFakeCert();
-        X509CertImpl[] certArray = new X509CertImpl[] {cert1, cert2};
+        X509CertImpl[] certArray = new X509CertImpl[] { cert1, cert2 };
         Certificates certs = new Certificates(certArray);
 
         assertFalse(cmsStub.bToACalled);
@@ -214,14 +213,14 @@ public class AuthTokenTest extends CMSBaseTestCase {
         assertEquals(cert1, retCerts[0]);
         assertEquals(cert2, retCerts[1]);
 
-        assertFalse(authToken.set("key2", (Certificates)null));
+        assertFalse(authToken.set("key2", (Certificates) null));
     }
 
     public void testGetSetByteArrayArray() {
         byte[][] value = new byte[][] {
                 new byte[] { 1, 2, 3, 4 },
-                new byte[] {12, 13, 14},
-                new byte[] { 50, -12, 0, 100}
+                new byte[] { 12, 13, 14 },
+                new byte[] { 50, -12, 0, 100 }
         };
 
         assertFalse(cmsStub.bToACalled);
@@ -240,14 +239,14 @@ public class AuthTokenTest extends CMSBaseTestCase {
             }
         }
 
-        assertFalse(authToken.set("key2", (byte[][])null));
+        assertFalse(authToken.set("key2", (byte[][]) null));
     }
 
     /**
      * CMSMemoryStub
-     *
+     * 
      * This class is used to help test methods that rely on setting and then
-     * getting a value out.  It assumes BtoA is always called first, stores
+     * getting a value out. It assumes BtoA is always called first, stores
      * the value passed in, and then returns that value for BtoA.
      */
     class CMSMemoryStub extends CMSEngineDefaultStub {
diff --git a/pki/base/common/test/com/netscape/certsrv/logging/LoggerDefaultStub.java b/pki/base/common/test/com/netscape/certsrv/logging/LoggerDefaultStub.java
index b7772bb2..a0ffe5e0 100644
--- a/pki/base/common/test/com/netscape/certsrv/logging/LoggerDefaultStub.java
+++ b/pki/base/common/test/com/netscape/certsrv/logging/LoggerDefaultStub.java
@@ -56,7 +56,7 @@ public class LoggerDefaultStub implements ILogger {
 
     public void log(int evtClass, Properties prop, int source, int level, String msg, Object params[], boolean multiline) {
     }
-    
+
     public ILogEvent create(int evtClass, Properties prop, int source, int level, String msg, Object params[], boolean multiline) {
         return null;
     }
diff --git a/pki/base/common/test/com/netscape/certsrv/request/AgentApprovalsTest.java b/pki/base/common/test/com/netscape/certsrv/request/AgentApprovalsTest.java
index 28ea1669..0cd27840 100644
--- a/pki/base/common/test/com/netscape/certsrv/request/AgentApprovalsTest.java
+++ b/pki/base/common/test/com/netscape/certsrv/request/AgentApprovalsTest.java
@@ -48,15 +48,15 @@ public class AgentApprovalsTest extends CMSBaseTestCase {
         assertNotNull(approvals);
         assertEquals(3, approvals.mVector.size());
 
-        AgentApproval approval = (AgentApproval)approvals.mVector.get(0);
+        AgentApproval approval = (AgentApproval) approvals.mVector.get(0);
         assertEquals(approval1.getUserName(), approval.getUserName());
         assertEquals(approval1.getDate(), approval.getDate());
 
-        approval = (AgentApproval)approvals.mVector.get(1);
+        approval = (AgentApproval) approvals.mVector.get(1);
         assertEquals(approval2.getUserName(), approval.getUserName());
         assertEquals(approval2.getDate(), approval.getDate());
 
-        approval = (AgentApproval)approvals.mVector.get(2);
+        approval = (AgentApproval) approvals.mVector.get(2);
         assertEquals(approval3.getUserName(), approval.getUserName());
         assertEquals(approval3.getDate(), approval.getDate());
 
diff --git a/pki/base/common/test/com/netscape/cmscore/dbs/CertRecordListTest.java b/pki/base/common/test/com/netscape/cmscore/dbs/CertRecordListTest.java
index 3fd6a96f..699a924d 100644
--- a/pki/base/common/test/com/netscape/cmscore/dbs/CertRecordListTest.java
+++ b/pki/base/common/test/com/netscape/cmscore/dbs/CertRecordListTest.java
@@ -40,7 +40,7 @@ public class CertRecordListTest extends CMSBaseTestCase {
         return new TestSuite(CertRecordListTest.class);
     }
 
-    public void testProcessCertRecordsUsesSize()  throws EBaseException {
+    public void testProcessCertRecordsUsesSize() throws EBaseException {
         DBVirtualListStub dbList = new DBVirtualListStub();
         dbList.size = 5;
 
@@ -57,7 +57,6 @@ public class CertRecordListTest extends CMSBaseTestCase {
         assertEquals(7, dbList.lastIndexGetElementAtCalledWith);
     }
 
-
     public class DBVirtualListStub extends DBVirtualListDefaultStub {
         public int size = 0;
         public int getElementAtCallCount = 0;
diff --git a/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryDefaultStub.java b/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryDefaultStub.java
index 2095e162..9635129f 100644
--- a/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryDefaultStub.java
+++ b/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryDefaultStub.java
@@ -17,7 +17,6 @@ import com.netscape.certsrv.dbs.IFilterConverter;
  */
 public class DBRegistryDefaultStub implements IDBRegistry {
 
-
     public void registerObjectClass(String className, String ldapNames[]) throws EDBException {
     }
 
diff --git a/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryTest.java b/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryTest.java
index 7b4681e5..2f022cb9 100644
--- a/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryTest.java
+++ b/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryTest.java
@@ -40,7 +40,7 @@ public class DBRegistryTest extends CMSBaseTestCase {
         extAttrMapper = new DBDynAttrMapperStub();
         try {
             registry.registerObjectClass(requestRecordStub.getClass().getName(),
-                    new String[] {"ocvalue"} );
+                    new String[] { "ocvalue" });
             registry.registerAttribute(IRequestRecord.ATTR_EXT_DATA, extAttrMapper);
             registry.registerAttribute(IRequestRecord.ATTR_SOURCE_ID,
                     new StringMapper("sourceIdOut"));
@@ -64,7 +64,7 @@ public class DBRegistryTest extends CMSBaseTestCase {
         assertTrue(extAttrMapper.mapObjectCalled);
     }
 
-    public void testGetLDAPAttributesForExtData()  throws EBaseException {
+    public void testGetLDAPAttributesForExtData() throws EBaseException {
         String inAttrs[] = new String[] {
                 "extData-foo",
                 "extData-foo12",
@@ -79,9 +79,10 @@ public class DBRegistryTest extends CMSBaseTestCase {
         assertTrue(TestHelper.contains(outAttrs, "sourceIdOut"));
 
         try {
-            registry.getLDAPAttributes(new String[] {"badattr"});
+            registry.getLDAPAttributes(new String[] { "badattr" });
             fail("Should not be able to map badattr");
-        } catch (EBaseException e) { /* good */ }
+        } catch (EBaseException e) { /* good */
+        }
     }
 
     public void testCreateLDAPAttributeSet() throws EBaseException {
@@ -109,7 +110,6 @@ public class DBRegistryTest extends CMSBaseTestCase {
         assertTrue(extAttrMapper.mapLDAPAttrsCalled);
     }
 
-
     class DBSubsystemStub extends DBSubsystemDefaultStub {
         DBRegistry registry;
 
@@ -118,7 +118,6 @@ public class DBRegistryTest extends CMSBaseTestCase {
         }
     }
 
-
     class DBDynAttrMapperStub extends DBDynAttrMapperDefaultStub {
         boolean mapObjectCalled = false;
         Object mapObjectCalledWithObject = null;
@@ -149,7 +148,7 @@ public class DBRegistryTest extends CMSBaseTestCase {
  * DBRegistry.createObject() calls Class.newInstance() to create
  * this stub.  This fails if the class is nested.
  */
- class RequestRecordStub extends RequestRecordDefaultStub {
+class RequestRecordStub extends RequestRecordDefaultStub {
 
     /**
      *
diff --git a/pki/base/common/test/com/netscape/cmscore/dbs/DBSubsystemDefaultStub.java b/pki/base/common/test/com/netscape/cmscore/dbs/DBSubsystemDefaultStub.java
index 68f24d50..fe19159d 100644
--- a/pki/base/common/test/com/netscape/cmscore/dbs/DBSubsystemDefaultStub.java
+++ b/pki/base/common/test/com/netscape/cmscore/dbs/DBSubsystemDefaultStub.java
@@ -17,7 +17,6 @@ import com.netscape.certsrv.dbs.IDBSubsystem;
  */
 public class DBSubsystemDefaultStub implements IDBSubsystem {
 
-
     public String getBaseDN() {
         return null;
     }
@@ -83,91 +82,91 @@ public class DBSubsystemDefaultStub implements IDBSubsystem {
         return null;
     }
 
-	@Override
-	public void setMaxSerialConfig(int repo, String serial)
-			throws EBaseException {
-		// TODO Auto-generated method stub
-
-	}
-
-	@Override
-	public void setMinSerialConfig(int repo, String serial)
-			throws EBaseException {
-		// TODO Auto-generated method stub
-
-	}
-
-	@Override
-	public void setNextMaxSerialConfig(int repo, String serial)
-			throws EBaseException {
-		// TODO Auto-generated method stub
-
-	}
-
-	@Override
-	public void setNextMinSerialConfig(int repo, String serial)
-			throws EBaseException {
-		// TODO Auto-generated method stub
-
-	}
-
-	@Override
-	public String getMinSerialConfig(int repo) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public String getMaxSerialConfig(int repo) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public String getNextMaxSerialConfig(int repo) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public String getNextMinSerialConfig(int repo) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public String getLowWaterMarkConfig(int repo) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public String getIncrementConfig(int repo) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public String getNextRange(int repo) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public boolean hasRangeConflict(int repo) {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	@Override
-	public boolean getEnableSerialMgmt() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	@Override
-	public void setEnableSerialMgmt(boolean value) throws EBaseException {
-		// TODO Auto-generated method stub
-
-	}
+    @Override
+    public void setMaxSerialConfig(int repo, String serial)
+            throws EBaseException {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void setMinSerialConfig(int repo, String serial)
+            throws EBaseException {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void setNextMaxSerialConfig(int repo, String serial)
+            throws EBaseException {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void setNextMinSerialConfig(int repo, String serial)
+            throws EBaseException {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public String getMinSerialConfig(int repo) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public String getMaxSerialConfig(int repo) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public String getNextMaxSerialConfig(int repo) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public String getNextMinSerialConfig(int repo) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public String getLowWaterMarkConfig(int repo) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public String getIncrementConfig(int repo) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public String getNextRange(int repo) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public boolean hasRangeConflict(int repo) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public boolean getEnableSerialMgmt() {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public void setEnableSerialMgmt(boolean value) throws EBaseException {
+        // TODO Auto-generated method stub
+
+    }
 }
diff --git a/pki/base/common/test/com/netscape/cmscore/dbs/DBVirtualListDefaultStub.java b/pki/base/common/test/com/netscape/cmscore/dbs/DBVirtualListDefaultStub.java
index 45fda77d..a750ad50 100644
--- a/pki/base/common/test/com/netscape/cmscore/dbs/DBVirtualListDefaultStub.java
+++ b/pki/base/common/test/com/netscape/cmscore/dbs/DBVirtualListDefaultStub.java
@@ -26,7 +26,7 @@ import com.netscape.certsrv.dbs.IElementProcessor;
  * This class helps test avoid the problem of test stubs having to
  * implement a new stub method every time the interface changes.
  * It also makes the tests clearer by not cluttered them with empty methods.
- *
+ * 
  * Do not put any behaviour in this class.
  */
 public class DBVirtualListDefaultStub implements IDBVirtualList {
@@ -73,7 +73,7 @@ public class DBVirtualListDefaultStub implements IDBVirtualList {
     }
 
     public void processElements(int startidx, int endidx, IElementProcessor ep)
-        throws EBaseException {
+            throws EBaseException {
     }
 
     public int getSelectedIndex() {
diff --git a/pki/base/common/test/com/netscape/cmscore/request/ExtAttrDynMapperTest.java b/pki/base/common/test/com/netscape/cmscore/request/ExtAttrDynMapperTest.java
index f47cbe0a..a0ad0a8a 100644
--- a/pki/base/common/test/com/netscape/cmscore/request/ExtAttrDynMapperTest.java
+++ b/pki/base/common/test/com/netscape/cmscore/request/ExtAttrDynMapperTest.java
@@ -37,7 +37,7 @@ public class ExtAttrDynMapperTest extends CMSBaseTestCase {
 
     public void testSupportLDAPAttributeName() {
         assertNotNull(mapper);
-        
+
         assertTrue(mapper.supportsLDAPAttributeName("extData-green"));
         assertTrue(mapper.supportsLDAPAttributeName("EXTDATA-green"));
         assertTrue(mapper.supportsLDAPAttributeName("extData-foo;0"));
@@ -165,7 +165,6 @@ public class ExtAttrDynMapperTest extends CMSBaseTestCase {
         assertTrue(attrBim.hasSubtype("bi--003bm"));
     }
 
-
     public void testMapLDAPAttributeSetToObject() throws EBaseException {
         //
         // Test simple key-value pairs
@@ -183,7 +182,7 @@ public class ExtAttrDynMapperTest extends CMSBaseTestCase {
                 requestRecord);
 
         assertEquals(1, requestRecord.setCallCounter);
-        Hashtable<?, ?> extData = (Hashtable<?, ?>)requestRecord.extAttrData.get(
+        Hashtable<?, ?> extData = (Hashtable<?, ?>) requestRecord.extAttrData.get(
                 IRequestRecord.ATTR_EXT_DATA);
         assertNotNull(extData);
 
@@ -215,27 +214,27 @@ public class ExtAttrDynMapperTest extends CMSBaseTestCase {
                 requestRecord);
 
         assertEquals(1, requestRecord.setCallCounter);
-        extData = (Hashtable<?, ?>)requestRecord.extAttrData.get(
+        extData = (Hashtable<?, ?>) requestRecord.extAttrData.get(
                 IRequestRecord.ATTR_EXT_DATA);
         assertNotNull(extData);
 
         assertTrue(extData.containsKey("o;key1"));
-        Hashtable<?, ?> okey1Data = (Hashtable<?, ?>)extData.get("o;key1");
+        Hashtable<?, ?> okey1Data = (Hashtable<?, ?>) extData.get("o;key1");
         assertEquals(3, okey1Data.keySet().size());
         assertTrue(okey1Data.containsKey("i;key11"));
-        assertEquals("val11", (String)okey1Data.get("i;key11"));
+        assertEquals("val11", (String) okey1Data.get("i;key11"));
         assertTrue(okey1Data.containsKey("ikey12"));
-        assertEquals("val12", (String)okey1Data.get("ikey12"));
+        assertEquals("val12", (String) okey1Data.get("ikey12"));
         assertTrue(okey1Data.containsKey("ikey13"));
-        assertEquals("val13", (String)okey1Data.get("ikey13"));
+        assertEquals("val13", (String) okey1Data.get("ikey13"));
 
         assertTrue(extData.containsKey("okey2"));
-        Hashtable<?, ?> okey2Data = (Hashtable<?, ?>)extData.get("okey2");
+        Hashtable<?, ?> okey2Data = (Hashtable<?, ?>) extData.get("okey2");
         assertEquals(2, okey2Data.keySet().size());
         assertTrue(okey2Data.containsKey("ikey21"));
-        assertEquals("val21", (String)okey2Data.get("ikey21"));
+        assertEquals("val21", (String) okey2Data.get("ikey21"));
         assertTrue(okey2Data.containsKey("ikey22"));
-        assertEquals("val22", (String)okey2Data.get("ikey22"));
+        assertEquals("val22", (String) okey2Data.get("ikey22"));
 
         assertFalse(extData.containsKey("foo"));
 
@@ -260,13 +259,11 @@ public class ExtAttrDynMapperTest extends CMSBaseTestCase {
 
     }
 
-
     class RequestRecordStub extends RequestRecordDefaultStub {
         private static final long serialVersionUID = 4106967075497999274L;
         Hashtable<String, Object> extAttrData = new Hashtable<String, Object>();
         int setCallCounter = 0;
 
-
         public void set(String name, Object o) {
             setCallCounter++;
             if (IRequestRecord.ATTR_EXT_DATA.equals(name)) {
diff --git a/pki/base/common/test/com/netscape/cmscore/request/RequestDefaultStub.java b/pki/base/common/test/com/netscape/cmscore/request/RequestDefaultStub.java
index a835ba32..151f3d62 100644
--- a/pki/base/common/test/com/netscape/cmscore/request/RequestDefaultStub.java
+++ b/pki/base/common/test/com/netscape/cmscore/request/RequestDefaultStub.java
@@ -103,7 +103,7 @@ public class RequestDefaultStub implements IRequest {
         return false;
     }
 
-    public boolean setExtData(String key, Hashtable<String, ?>  value) {
+    public boolean setExtData(String key, Hashtable<String, ?> value) {
         return false;
     }
 
@@ -115,7 +115,7 @@ public class RequestDefaultStub implements IRequest {
         return null;
     }
 
-    public <V> Hashtable<String, V> getExtDataInHashtable(String key){
+    public <V> Hashtable<String, V> getExtDataInHashtable(String key) {
         return null;
     }
 
diff --git a/pki/base/common/test/com/netscape/cmscore/request/RequestQueueTest.java b/pki/base/common/test/com/netscape/cmscore/request/RequestQueueTest.java
index 4ae5be9a..d69ac6a5 100644
--- a/pki/base/common/test/com/netscape/cmscore/request/RequestQueueTest.java
+++ b/pki/base/common/test/com/netscape/cmscore/request/RequestQueueTest.java
@@ -41,7 +41,7 @@ public class RequestQueueTest extends CMSBaseTestCase {
     }
 
     class RequestStub extends RequestDefaultStub {
-        String[] keys = new String[] {"key1", "key2"};
+        String[] keys = new String[] { "key1", "key2" };
         boolean getExtDataKeysCalled = false;
 
         public Enumeration getExtDataKeys() {
diff --git a/pki/base/common/test/com/netscape/cmscore/request/RequestRecordTest.java b/pki/base/common/test/com/netscape/cmscore/request/RequestRecordTest.java
index ba3689fb..efdbfc20 100644
--- a/pki/base/common/test/com/netscape/cmscore/request/RequestRecordTest.java
+++ b/pki/base/common/test/com/netscape/cmscore/request/RequestRecordTest.java
@@ -69,7 +69,7 @@ public class RequestRecordTest extends CMSBaseTestCase {
 
         requestRecord.add(request);
 
-        assertEquals(request.mExtData,  requestRecord.mExtData);
+        assertEquals(request.mExtData, requestRecord.mExtData);
         assertNotSame(request.mExtData, requestRecord.mExtData);
     }
 
@@ -83,7 +83,6 @@ public class RequestRecordTest extends CMSBaseTestCase {
         requestRecord.set(IRequestRecord.ATTR_EXT_DATA, extData);
         requestRecord.mRequestType = "foo";
 
-
         requestRecord.read(new RequestModDefaultStub(), request);
 
         // the request stores other attributes inside its mExtData when some
@@ -114,12 +113,11 @@ public class RequestRecordTest extends CMSBaseTestCase {
         assertTrue(db.registry.registerObjectClassCalled);
         assertTrue(TestHelper.contains(db.registry.registerObjectClassLdapNames,
                                        "extensibleObject"));
-        
+
         assertTrue(db.registry.registerDynamicMapperCalled);
         assertTrue(db.registry.dynamicMapper instanceof ExtAttrDynMapper);
     }
 
-
     class ModificationSetStub extends ModificationSet {
         public boolean addCalledWithExtData = false;
         public Object addExtDataObject = null;
@@ -132,17 +130,14 @@ public class RequestRecordTest extends CMSBaseTestCase {
         }
     }
 
-
     class DBSubsystemStub extends DBSubsystemDefaultStub {
         DBRegistryStub registry = new DBRegistryStub();
 
-
         public IDBRegistry getRegistry() {
             return registry;
         }
     }
 
-
     class DBRegistryStub extends DBRegistryDefaultStub {
         boolean registerCalledWithExtAttr = false;
         IDBAttrMapper extAttrMapper = null;
diff --git a/pki/base/common/test/com/netscape/cmscore/request/RequestTest.java b/pki/base/common/test/com/netscape/cmscore/request/RequestTest.java
index dd1a1612..f6ff25b3 100644
--- a/pki/base/common/test/com/netscape/cmscore/request/RequestTest.java
+++ b/pki/base/common/test/com/netscape/cmscore/request/RequestTest.java
@@ -69,7 +69,7 @@ public class RequestTest extends CMSBaseTestCase {
 
     public void testIsSimpleExtDataValue() {
         request.mExtData.put("simple1", "foo");
-        request.mExtData.put("complex1", new Hashtable<String, Object> ());
+        request.mExtData.put("complex1", new Hashtable<String, Object>());
 
         assertTrue(request.isSimpleExtDataValue("simple1"));
         assertFalse(request.isSimpleExtDataValue("complex1"));
@@ -87,12 +87,12 @@ public class RequestTest extends CMSBaseTestCase {
 
         request.setExtData("UPPER", "CASE");
         assertEquals("CASE", request.mExtData.get("upper"));
-        
-        assertFalse(request.setExtData("key", (String)null));
+
+        assertFalse(request.setExtData("key", (String) null));
     }
 
     @SuppressWarnings({ "rawtypes", "unchecked" })
-	public void testVerifyValidExtDataHashtable() {
+    public void testVerifyValidExtDataHashtable() {
         Hashtable valueHash = new Hashtable();
 
         valueHash.put("key1", "val1");
@@ -114,7 +114,7 @@ public class RequestTest extends CMSBaseTestCase {
     }
 
     @SuppressWarnings({ "unchecked", "rawtypes" })
-	public void testSetExtHashtableData() {
+    public void testSetExtHashtableData() {
         Hashtable<String, String> valueHash = new Hashtable<String, String>();
 
         valueHash.put("key1", "val1");
@@ -133,8 +133,8 @@ public class RequestTest extends CMSBaseTestCase {
 
         valueHash.put("", "value");
         assertFalse(request.setExtData("topkey2", valueHash));
-        
-        assertFalse(request.setExtData("topkey3", (Hashtable)null));
+
+        assertFalse(request.setExtData("topkey3", (Hashtable) null));
     }
 
     public void testGetExtDataInString() {
@@ -215,9 +215,9 @@ public class RequestTest extends CMSBaseTestCase {
         assertFalse(value.containsKey(""));
 
         // Illegal values
-        assertFalse(request.setExtData((String)null, "b", "c"));
-        assertFalse(request.setExtData("a", (String)null, "c"));
-        assertFalse(request.setExtData("a", "b", (String)null));
+        assertFalse(request.setExtData((String) null, "b", "c"));
+        assertFalse(request.setExtData("a", (String) null, "c"));
+        assertFalse(request.setExtData("a", "b", (String) null));
     }
 
     public void testGetExtDataSubkeyValue() {
@@ -225,7 +225,7 @@ public class RequestTest extends CMSBaseTestCase {
         value.put("subkey", "value");
 
         request.setExtData("topkey", value);
-        
+
         assertEquals("value", request.getExtDataInString("topkey", "SUBKEY"));
         assertNull(request.getExtDataInString("badkey", "subkey"));
         assertNull(request.getExtDataInString("topkey", "badkey"));
@@ -244,7 +244,7 @@ public class RequestTest extends CMSBaseTestCase {
         assertNull(request.getExtDataInInteger("strkey"));
         assertNull(request.getExtDataInInteger("notfound"));
 
-        assertFalse(request.setExtData("key", (Integer)null));
+        assertFalse(request.setExtData("key", (Integer) null));
     }
 
     public void testGetSetExtDataIntegerArray() {
@@ -267,7 +267,7 @@ public class RequestTest extends CMSBaseTestCase {
         request.setExtData("topkey2", hashValue);
         assertNull(request.getExtDataInIntegerArray("topkey2"));
 
-        assertFalse(request.setExtData("key", (Integer[])null));
+        assertFalse(request.setExtData("key", (Integer[]) null));
     }
 
     public void testGetSetExtDataBigInteger() {
@@ -283,7 +283,7 @@ public class RequestTest extends CMSBaseTestCase {
         assertNull(request.getExtDataInBigInteger("strkey"));
         assertNull(request.getExtDataInBigInteger("notfound"));
 
-        assertFalse(request.setExtData("key", (BigInteger)null));
+        assertFalse(request.setExtData("key", (BigInteger) null));
     }
 
     public void testGetSetExtDataBigIntegerArray() {
@@ -306,7 +306,7 @@ public class RequestTest extends CMSBaseTestCase {
         request.setExtData("topkey2", hashValue);
         assertNull(request.getExtDataInBigIntegerArray("topkey2"));
 
-        assertFalse(request.setExtData("key", (BigInteger[])null));
+        assertFalse(request.setExtData("key", (BigInteger[]) null));
     }
 
     public void testSetExtDataThrowable() {
@@ -316,7 +316,7 @@ public class RequestTest extends CMSBaseTestCase {
 
         assertEquals(e.toString(), request.mExtData.get("key"));
 
-        assertFalse(request.setExtData("key", (Throwable)null));
+        assertFalse(request.setExtData("key", (Throwable) null));
     }
 
     public void testGetSetByteArray() {
@@ -332,7 +332,7 @@ public class RequestTest extends CMSBaseTestCase {
         assertTrue(cmsStub.aToBCalled);
         assertEquals(data, out);
 
-        assertFalse(request.setExtData("key", (byte[])null));
+        assertFalse(request.setExtData("key", (byte[]) null));
     }
 
     public void testGetSetCert() throws CertificateException {
@@ -347,7 +347,7 @@ public class RequestTest extends CMSBaseTestCase {
         assertTrue(cmsStub.aToBCalled);
         assertEquals(cert, retval);
 
-        assertFalse(request.setExtData("key", (X509CertImpl)null));
+        assertFalse(request.setExtData("key", (X509CertImpl) null));
     }
 
     public void testGetSetCertArray() throws CertificateException {
@@ -359,7 +359,7 @@ public class RequestTest extends CMSBaseTestCase {
         };
 
         assertTrue(request.setExtData("key", vals));
-        Hashtable<?, ?> hashVals = (Hashtable<?, ?>)request.mExtData.get("key");
+        Hashtable<?, ?> hashVals = (Hashtable<?, ?>) request.mExtData.get("key");
         assertEquals(2, hashVals.keySet().size());
 
         assertFalse(cmsStub.aToBCalled);
@@ -370,16 +370,16 @@ public class RequestTest extends CMSBaseTestCase {
         assertEquals(vals[0], retval[0]);
         assertEquals(vals[1], retval[1]);
 
-        assertFalse(request.setExtData("key", (X509CertImpl[])null));
+        assertFalse(request.setExtData("key", (X509CertImpl[]) null));
     }
 
     public void testGetSetStringArray() {
-        String[] value = new String[] {"blue", "green", "red", "orange"};
+        String[] value = new String[] { "blue", "green", "red", "orange" };
         assertTrue(request.setExtData("key", value));
 
         assertTrue(request.mExtData.containsKey("key"));
         @SuppressWarnings("unchecked")
-		Hashtable<String, String> hashValue = (Hashtable<String, String>)request.mExtData.get("key");
+        Hashtable<String, String> hashValue = (Hashtable<String, String>) request.mExtData.get("key");
         assertTrue(hashValue.containsKey("0"));
         assertTrue(hashValue.containsKey("1"));
         assertTrue(hashValue.containsKey("2"));
@@ -420,7 +420,7 @@ public class RequestTest extends CMSBaseTestCase {
         request.setExtData("cory", hashValue);
         assertNull(request.getExtDataInStringArray("cory"));
 
-        assertFalse(request.setExtData("key", (String[])null));
+        assertFalse(request.setExtData("key", (String[]) null));
 
     }
 
@@ -435,7 +435,7 @@ public class RequestTest extends CMSBaseTestCase {
 
         assertTrue(request.mExtData.containsKey("key"));
         @SuppressWarnings("unchecked")
-		Hashtable<String, String> hashValue = (Hashtable<String, String>)request.mExtData.get("key");
+        Hashtable<String, String> hashValue = (Hashtable<String, String>) request.mExtData.get("key");
         assertTrue(hashValue.containsKey("0"));
         assertTrue(hashValue.containsKey("1"));
         assertTrue(hashValue.containsKey("2"));
@@ -459,7 +459,7 @@ public class RequestTest extends CMSBaseTestCase {
         request.setExtData("cory", hashValue);
         assertNull(request.getExtDataInStringVector("cory"));
 
-        assertFalse(request.setExtData("key", (Vector<?>)null));
+        assertFalse(request.setExtData("key", (Vector<?>) null));
     }
 
     public void testGetSetCertInfo() {
@@ -476,7 +476,7 @@ public class RequestTest extends CMSBaseTestCase {
         request.getExtDataInCertInfo("key");
         assertTrue(cmsStub.aToBCalled);
 
-        assertFalse(request.setExtData("key", (X509CertInfo)null));
+        assertFalse(request.setExtData("key", (X509CertInfo) null));
     }
 
     public void testGetSetCertInfoArray() {
@@ -486,14 +486,14 @@ public class RequestTest extends CMSBaseTestCase {
         };
 
         assertTrue(request.setExtData("key", vals));
-        Hashtable<?, ?> hashVals = (Hashtable<?, ?>)request.mExtData.get("key");
+        Hashtable<?, ?> hashVals = (Hashtable<?, ?>) request.mExtData.get("key");
         assertEquals(2, hashVals.keySet().size());
 
         assertFalse(cmsStub.aToBCalled);
         request.getExtDataInCertInfoArray("key");
         assertTrue(cmsStub.aToBCalled);
 
-        assertFalse(request.setExtData("key", (X509CertInfo[])null));
+        assertFalse(request.setExtData("key", (X509CertInfo[]) null));
     }
 
     public void testGetBoolean() {
@@ -536,14 +536,14 @@ public class RequestTest extends CMSBaseTestCase {
         };
 
         assertTrue(request.setExtData("key", vals));
-        Hashtable<?, ?> hashVals = (Hashtable<?, ?>)request.mExtData.get("key");
+        Hashtable<?, ?> hashVals = (Hashtable<?, ?>) request.mExtData.get("key");
         assertEquals(2, hashVals.keySet().size());
 
         assertFalse(cmsStub.aToBCalled);
         request.getExtDataInCertInfoArray("key");
         assertTrue(cmsStub.aToBCalled);
 
-        assertFalse(request.setExtData("key", (RevokedCertImpl[])null));
+        assertFalse(request.setExtData("key", (RevokedCertImpl[]) null));
     }
 
     public void testGetSetCertExts() throws IOException {
@@ -564,7 +564,7 @@ public class RequestTest extends CMSBaseTestCase {
         assertNotNull(retval);
         assertEquals(1, retval.size());
 
-        assertFalse(request.setExtData("key", (CertificateExtensions)null));
+        assertFalse(request.setExtData("key", (CertificateExtensions) null));
     }
 
     public void testGetSetCertSubjectName() throws IOException {
@@ -576,10 +576,10 @@ public class RequestTest extends CMSBaseTestCase {
         CertificateSubjectName retval = request.getExtDataInCertSubjectName("key");
         assertNotNull(retval);
         // the 'CN=' is uppercased at some point
-        assertEquals("cn=kevin", 
+        assertEquals("cn=kevin",
                 retval.get(CertificateSubjectName.DN_NAME).toString().toLowerCase());
 
-        assertFalse(request.setExtData("key", (CertificateSubjectName)null));
+        assertFalse(request.setExtData("key", (CertificateSubjectName) null));
     }
 
     public void testGetSetAuthToken() {
@@ -597,14 +597,14 @@ public class RequestTest extends CMSBaseTestCase {
         assertEquals(token.getInString("key2"), retval.getInString("key2"));
         assertEquals(token.getInInteger("key3"), retval.getInInteger("key3"));
 
-        assertFalse(request.setExtData("key", (AuthToken)null));
+        assertFalse(request.setExtData("key", (AuthToken) null));
     }
-    
+
     /**
      * CMSMemoryStub
-     *
+     * 
      * This class is used to help test methods that rely on setting and then
-     * getting a value out.  It assumes BtoA is always called first, stores
+     * getting a value out. It assumes BtoA is always called first, stores
      * the value passed in, and then returns that value for BtoA.
      */
     class CMSMemoryStub extends CMSEngineDefaultStub {
@@ -650,7 +650,6 @@ public class RequestTest extends CMSBaseTestCase {
         private static final long serialVersionUID = -9088436260566619005L;
         boolean getEncodedCalled = false;
 
-
         public byte[] getEncoded() throws CRLException {
             getEncodedCalled = true;
             return new byte[] {};
diff --git a/pki/base/common/test/com/netscape/cmscore/test/CMSBaseTestCase.java b/pki/base/common/test/com/netscape/cmscore/test/CMSBaseTestCase.java
index 7e1978e1..d3971afd 100644
--- a/pki/base/common/test/com/netscape/cmscore/test/CMSBaseTestCase.java
+++ b/pki/base/common/test/com/netscape/cmscore/test/CMSBaseTestCase.java
@@ -18,7 +18,7 @@ import com.netscape.cmscore.dbs.DBSubsystem;
 import com.netscape.cmscore.dbs.DBSubsystemDefaultStub;
 
 /**
- * The base class for all CMS unit tests.  This sets up some basic stubs
+ * The base class for all CMS unit tests. This sets up some basic stubs
  * that allow unit tests to work without bumping into uninitialized subsystems
  * (like the CMS logging system).
  */
@@ -56,26 +56,26 @@ public abstract class CMSBaseTestCase extends TestCase {
 
     public X509CertImpl getFakeCert() throws CertificateException {
         byte[] certData = new byte[] {
-            48, -126, 1, 18, 48, -127, -67, -96, 3, 2, 1, 2, 2, 1,
-            1, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 4,
-            5, 0, 48, 18, 49, 16, 48, 14, 6, 3, 85, 4, 3, 19,
-            7, 116, 101, 115, 116, 105, 110, 103, 48, 30, 23, 13, 48, 55,
-            48, 55, 49, 50, 49, 55, 51, 56, 51, 52, 90, 23, 13, 48,
-            55, 49, 48, 49, 50, 49, 55, 51, 56, 51, 52, 90, 48, 18,
-            49, 16, 48, 14, 6, 3, 85, 4, 3, 19, 7, 116, 101, 115,
-            116, 105, 110, 103, 48, 92, 48, 13, 6, 9, 42, -122, 72, -122,
-            -9, 13, 1, 1, 1, 5, 0, 3, 75, 0, 48, 72, 2, 65,
-            0, -65, 121, -119, -59, 105, 66, -122, -78, -30, -64, 63, -47, 44,
-            -48, -104, 103, -47, -108, 42, -38, 46, -8, 32, 49, -29, -26, -112,
-            -29, -86, 71, 24, -104, 78, -31, -75, -128, 90, -92, -34, -51, -125,
-            -13, 80, 101, -78, 39, -119, -38, 117, 28, 67, -19, -71, -124, -85,
-            105, -53, -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1,
-            48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 4, 5,
-            0, 3, 65, 0, -97, -62, 79, -28, 124, -81, 98, 119, -85, -49,
-            62, -81, 46, -25, -29, 78, -40, 118, -2, 114, -128, 74, -47, -68,
-            52, 11, -14, 30, -46, -95, -26, -108, -19, 110, -63, -70, 61, -75,
-            64, 74, -33, -65, -96, 120, -109, 37, 77, -76, 38, -114, 58, -80,
-            -122, -39, -65, -31, 37, -30, -126, 126, 17, -82, 92, 64,
+                48, -126, 1, 18, 48, -127, -67, -96, 3, 2, 1, 2, 2, 1,
+                1, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 4,
+                5, 0, 48, 18, 49, 16, 48, 14, 6, 3, 85, 4, 3, 19,
+                7, 116, 101, 115, 116, 105, 110, 103, 48, 30, 23, 13, 48, 55,
+                48, 55, 49, 50, 49, 55, 51, 56, 51, 52, 90, 23, 13, 48,
+                55, 49, 48, 49, 50, 49, 55, 51, 56, 51, 52, 90, 48, 18,
+                49, 16, 48, 14, 6, 3, 85, 4, 3, 19, 7, 116, 101, 115,
+                116, 105, 110, 103, 48, 92, 48, 13, 6, 9, 42, -122, 72, -122,
+                -9, 13, 1, 1, 1, 5, 0, 3, 75, 0, 48, 72, 2, 65,
+                0, -65, 121, -119, -59, 105, 66, -122, -78, -30, -64, 63, -47, 44,
+                -48, -104, 103, -47, -108, 42, -38, 46, -8, 32, 49, -29, -26, -112,
+                -29, -86, 71, 24, -104, 78, -31, -75, -128, 90, -92, -34, -51, -125,
+                -13, 80, 101, -78, 39, -119, -38, 117, 28, 67, -19, -71, -124, -85,
+                105, -53, -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1,
+                48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 4, 5,
+                0, 3, 65, 0, -97, -62, 79, -28, 124, -81, 98, 119, -85, -49,
+                62, -81, 46, -25, -29, 78, -40, 118, -2, 114, -128, 74, -47, -68,
+                52, 11, -14, 30, -46, -95, -26, -108, -19, 110, -63, -70, 61, -75,
+                64, 74, -33, -65, -96, 120, -109, 37, 77, -76, 38, -114, 58, -80,
+                -122, -39, -65, -31, 37, -30, -126, 126, 17, -82, 92, 64,
             };
 
         return new X509CertImpl(certData);